Podcasts about dns

Tesla owners locked out of their cars, a Linux side-channel attack that enables DNS cache poisoning, why Jim doesn't use Proxmox, and accessing KVM hosts from Windows.   Plugs Jim was on Late Night Linux twice, as well as Late Night Linux Extra. Support us on patreon   News Tesla drivers left unable to start […]

About BrianI lead the Google Cloud Product and Industry Marketing team. We're focused on accelerating the growth of Google Cloud by establishing thought leadership, increasing demand and usage, enabling our sales teams and partners to tell our product stories with excellence, and helping our customers be the best advocates for us.Before joining Google, I spent over 25 years in product marketing or engineering in different forms. I started my career at Microsoft and had a very non-traditional path for 20 years. I worked in every product division except for cloud. I did marketing, product management, and engineering roles. And, early on, I was the first speech writer for Steve Ballmer and worked on Bill Gates' speeches too. My last role was building up the Microsoft Surface business from scratch and as VP of the hardware businesses. After Microsoft, I spent a year as CEO at a hardware startup called Doppler Labs, where we made a run at transforming hearing, and then two years as VP at Amazon Web Services leading product marketing, developer advocacy, and a bunch more marketing teams. I have three kids still at home, Barty, Noli, and Alder, who are all named after trees in different ways. My wife Edie and I met right at the beginning of our first year at Yale University, where I studied math, econ, and philosophy and was the captain of the Swim and Dive team my senior year. Edie has a PhD in forestry and runs a sustainability and forestry consulting firm she started, that is aptly named “Three Trees Consulting”. We love the outdoors, tennis, running, and adventures in my 1986 Volkswagen Van, which is my first and only car, that I can't bring myself to get rid of.Links: Twitter: https://twitter.com/IsForAt LinkedIn: https://www.linkedin.com/in/brhall/ Episode 10: https://www.lastweekinaws.com/podcast/screaming-in-the-cloud/episode-10-education-is-not-ready-for-teacherless/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at Redis, the company behind the incredibly popular open source database that is not the bind DNS server. If you're tired of managing open source Redis on your own, or you're using one of the vanilla cloud caching services, these folks have you covered with the go to manage Redis service for global caching and primary database capabilities; Redis Enterprise. Set up a meeting with a Redis expert during re:Invent, and you'll not only learn how you can become a Redis hero, but also have a chance to win some fun and exciting prizes. To learn more and deploy not only a cache but a single operational data platform for one Redis experience, visit redis.com/hero. Thats r-e-d-i-s.com/hero. And my thanks to my friends at Redis for sponsoring my ridiculous non-sense.  Corey: Writing ad copy to fit into a 30 second slot is hard, but if anyone can do it the folks at Quali can. Just like their Torque infrastructure automation platform can deliver complex application environments anytime, anywhere, in just seconds instead of hours, days or weeks. Visit Qtorque.io today and learn how you can spin up application environments in about the same amount of time it took you to listen to this ad.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I'm joined today by a special guest that I've been, honestly, antagonizing for years now. Once upon a time, he spent 20 years at Microsoft, then he wound up leaving—as occasionally people do, I'm told—and going to AWS, where according to an incredibly ill-considered affidavit filed in a court case, he mostly focused on working on PowerPoint slides. AWS is famously not a PowerPoint company, and apparently, you can't change culture. Now, he's the VP of Product and Industry Marketing at Google Cloud. Brian Hall, thank you for joining me.Brian: Hi, Corey. It's good to be here.Corey: I hope you're thinking that after we're done with our conversation. Now, unlike most conversations that I tend to have with folks who are, honestly, VP level at large cloud companies that I enjoy needling, we're not going to talk about that today because instead, I'd rather focus on a minor disagreement we got into on Twitter—and I mean that in the truest sense of disagreement, as opposed to the loud, angry, mutual blocking, threatening to bomb people's houses, et cetera, nonsense that appears to be what substitutes for modern discourse—about, oh, a month or so ago from the time we're recording this. Specifically, we talked about, I'm in favor of job-hopping to advance people's career, and you, as we just mentioned, spent 20 years at Microsoft and take something of the opposite position. Let's talk about that. Where do you stand on the idea?Brian: I stand in the position that people should optimize for where they are going to grow the most. And frankly, the disagreement was less about job-hopping because I'm going to explain how I job-hopped at Microsoft effectively.Corey: Excellent. That is the reason I'm asking you rather than poorly stating your position and stuffing you like some sort of Christmas turkey straw-man thing.Brian: And I would argue that for many people, changing jobs is the best thing that you can do, and I'm often an advocate for changing jobs even before sometimes people think they should do it. What I mostly disagreed with you on is simply following the money on your next job. What you said is if a—and I'm going to get it somewhat wrong—but if a company is willing to pay you $40,000 more, or some percentage more, you should take that job now.Corey: Gotcha.Brian: And I don't think that's always the case, and that's what we're talking about.Corey: This is the inherent problem with Twitter is that first, I tend to write my Twitter threads extemporaneously without a whole lot of thought being put into things—kind of like I live my entire life, but that's neither here nor there—Brian: I was going to say, that comes across quite clearly.Corey: Excellent. And 280 characters lacks nuance. And I definitely want to have this discussion; this is not just a story where you and I beat heads and not come to an agreement on this. I think it's that we fundamentally do agree on the vast majority of this, I just want to make sure that we have this conversation in a way, in a forum that doesn't lend itself to basically empowering the worst aspects of my own nature. Read as, not Twitter.Brian: Great. Let's do that.Corey: So, my position is, and I was contextualizing this from someone who had reached out who was early in their career, they had spent a couple of years at AWS and they were entertaining an offer elsewhere for significantly more money. And this person, I believe I can—I believe it's okay for me to say this: she—was very concerned that, “I don't want to look like I'm job-hopping, and I don't dislike my team. My manager is great. I feel disloyal for leaving. What should I do?”Which first, I just want to say how touched I am that someone who is early in their career and not from a wildly overrepresented demographic like you and I felt a sense of safety and security in reaching out to ask me that question. I really wish more people would take that kind of initiative. It's hard to inspire, but here we are. And my take to her was, “Oh, my God. Take the money.” That was where this thread started because when I have conversations with people about those things, it becomes top of mind, and I think, “Hmm, maybe there's a one-to-many story that becomes something that is actionable and useful.”Brian: Okay, so I'm going to give two takes on this. I'll start with my career because I was in a similar position as she was, at one point in my career. My background, I lucked into a job at Microsoft as an intern in 1995, and then did another internship in '96 and then started full time on the Internet Explorer team. And about a year-and-a-half into that job, I—we had merged with the Windows '98 team and I got the opportunity to work on Bill Gates's speech for the Windows '98 launch event. And I—after that was right when Steve Ballmer became president of Microsoft and he started doing a lot more speeches and asked to have someone to help him with speeches.And Chris Capossela, who's now the CMO at Microsoft, said, “Hey, Brian. You interested in doing this for Steve?” And my first reaction was, well, even inside Microsoft, if I move, it will be disloyal. Because my manager's manager, they've given me great opportunities, they're continuing to challenge me, I'm learning a bunch, and they advised not doing it.Corey: It seems to me like you were in a—how to put this?—not to besmirch the career you have wrought with the sweat of your brow and the toil of your back, but in many ways, you were—in a lot of ways—you were in the right place at the right time, riding a rocket ship, and built opportunities internally and talked to folks there, and built the relationships that enabled you to thrive inside of a company's ecosystem. Is that directionally correct?Brian: For sure. Yet, there's also, big companies are teams of teams, and loyalty is more often with the team and the people that you work with than the 401k plan. And in this case, you know, I was getting this pressure that says, “Hey, Brian. You're going to get all these opportunities. You're doing great doing what you're doing.”And I eventually had the luck to ask the question, “Hey, if I go there and do this role”—and by the way, nobody had done it before, and so part of their argument was, “You're young, Steve's… Steve. Like, you could be a fantastic ball of flames.” And I said, “Okay, if [laugh] let's say that happens. Can I come back? Can I come back to the job I was doing before?”And they were like, “Yeah, of course. You're good at what you do.” To me, which was, “Okay, great. Then I'm gone. I might as well go try this.” And of course, when I started at Microsoft, I was 20, 21, and I thought I'd be there for two or three years and then I'd end up going back to school or somewhere else. But inside Microsoft, what kept happening as I just kept getting new opportunities to do something else that I'd learned a bunch from, and I ultimately kind of created this mentality for how I thought about next job of, “Am I going to get more opportunities if I am able to be successful in this new job?” Really focused on optionality and the ability to do work that I want to do and have more choices to do that.Corey: You are also on a I almost want to call it a meteoric trajectory. In some ways. You effectively went from—what was your first role there? It was—Brian: The lowest level of college hire you can do at Microsoft, effectively.Corey: Yeah. All the way on up to at the end of it the Corporate VP for Microsoft Devices. It seems to me that despite the fact that you spent 20 years there, you wound up having a bunch of different jobs and an entire career trajectory internal to the organization, which is, let's be clear, markedly different from some of the folks I've interviewed at various times, in my career as an employer and as a technical interviewer at a consulting company, where they'd been somewhere for 15 years, and they had one year of experience that they repeated 15 times. And it was one of the more difficult things that I encountered is that some folks did not take ownership of their career and focus on driving it forward.Brian: Yeah, that, I had the opposite experience, and that is what kept me there that long. After I would finish a job, I would say, “Okay, what do I want to learn how to do next, and what is a challenge that would be most interesting?” And initially, I had to get really lucky, honestly, to be able to get these. And I did the work, but I had to have the opportunity, and that took luck. But after I had a track record of saying, “Hey, I can jump from being a product marketer to being a speechwriter; I can do speechwriting and then go do product management; I can move from product management into engineering management.”I can do that between different businesses and product types, you build the ability to say, “Hey, I can learn that if you give me the chance.” And it, frankly, was the unique combination of experiences I had by having tried to do these other things that gave me the opportunity to have a fast trajectory within the company.Corey: I think it's also probably fair to say that Microsoft was a company that, in its dealings with you, is operating in good faith. And that is a great thing to find when you see it, but I'm cynical; I admit that. I see a lot of stories where people give and sacrifice for the good of the company, but that sacrifice is never reciprocated. And we've all heard the story of folks who will put their nose to the grindstone to ship something on time, only to be rewarded with a layoff at the end, and stories like that resonate.And my argument has always been that you can't love a company because the company can't love you back. And when you're looking at do I make a career move or do I stay, my argument is that is the best time to be self-interested.Brian: Yeah, I don't think—companies are there for the company, and certainly having a culture that supports people that wants to create opportunity, having a manager that is there truly to make you better and to give you opportunity, that all can happen, but it's within a company and you have to do the work in order to try and get into that environment. Like, I worked hard to have managers who would support my growth, would give me the bandwidth and leash early on to not be perfect at what I'm doing, and that always helped me. But you get to go pick them in a company like that, or in the industry in general, you get—just like when a manager is hiring you, you also get to understand, hey, is this a person I want to work for?But I want to come back to the main point that I wanted to make. When I changed jobs, I did it because I wanted to learn something new and I thought that would have value for me in the medium-term and long-term, versus how do I go max cash in what I'm already good at?Corey: Yes.Brian: And that's the root of what we were disagreeing with on Twitter. I have seen many people who are good at something, and then another company says, “Hey, I want you to do that same thing in a worse environment, and we'll pay you more.”Corey: Excellence is always situational. Someone who is showered in accolades at one company gets fired at a different company. And it's not because they suddenly started sucking; it's because the tools and resources that they needed to succeed were present in one environment and not the other. And that varies from person to person; when someone doesn't work out of the company, I don't have a default assumption that there's something inherently wrong with them.Of course, I look at my own career and the sheer, staggeringly high number of times I got fired, and I'm starting to think, “Huh. The only consistent factor in all of these things is me. Nah, couldn't be my problem. I just worked for terrible places, for terrible people. That's got to be the way it works.” My own peace of mind. I get it. That is how it feels sometimes and it's easy to dismiss that in different ways. I don't want to let my own bias color this too heavily.Brian: So, here are the mistakes that I've seen made: “I'm really good at something; this other company will pay me to do just that.” You move to do it, you get paid more, but you have less impact, you don't work with as strong of people, and you don't have a next step to learn more. Was that a good decision? Maybe. If you need the money now, yes, but you're a little bit trading short-term money for medium-and long-term money where you're paid for what you know; that's the best thing in this industry. We're paid for what we know, which means as you're doing a job, you can build the ability to get paid more by knowing more, by learning more, by doing things that stretch you in ways that you don't already know.Corey: In 2006, I bluffed my way through a technical interview and got a job as a Unix systems administrator for a university that was paying $65,000 a year, and I had no idea what I was going to do with all of that money. It was more money than I could imagine at that point. My previous high watermark, working for an ethically challenged company in a sales role at a target comp of 55, and I was nowhere near it. So okay, let's go somewhere else and see what happens. And after I'd been there a month or two, my boss sits me down and said, “So”—it's our annual compensation adjustment time—“Congratulations. You now make $68,000.”And it's just, “Oh, my God. This is great. Why would I ever leave?” So, I stayed there a year and I was relatively happy, insofar as I'm ever happy in a job. And then a corporate company came calling and said, “Hey, would you consider working here?”“Well, I'm happy here and I'm reasonably well compensated. Why on earth would I do that?” And the answer was, “Well, we'll pay you $90,000 if you do.” It's like, “All right. I guess I'm going to go and see what the world holds.”And six weeks later, they let me go. And then I got another job that also paid $90,000 and I stayed there for two years. And I started the process of seeing what my engagement with the work world look like. And it was a story of getting let go periodically, of continuing to claw my way up and, credit where due, in my 20s I was in crippling credit card debt because I made a bunch of poor decisions, so I biased early on for more money at almost any cost. At some point that has to stop because there's always a bigger paycheck somewhere if you're willing to go and do something else.And I'm not begrudging anyone who pursues that, but at some point, it ceases to make a difference. Getting a raise from $68,000 to $90,000 was life-changing for me. Now, getting a $30,000 raise? Sure, it'd be nice; I'm not turning my nose up at it, don't get me wrong, but it's also not something that moves the needle on my lifestyle.Brian: Yeah. And there are a lot of those dimensions. There's the lifestyle dimension, there's the learning dimension, there's the guaranteed pay dimension, there's the potential paid dimension, there is the who I get to work with, just pure enjoyment dimension, and they all matter. And people should recognize that job moves should consider all of these.And you don't have to have the same framework over time as well. I've had times where I really just wanted to bear down and figure something out. And I did one job at Microsoft for basically six years. It changed in terms of scope of things that I was marketing, and which division I was in, and then which division I was in, and then which division I was in—because Microsoft loves a good reorg—but I basically did the same job for six years at one point, and it was very conscious. I was trying to get really good at how do I manage a team system at scale. And I didn't want to leave that until I had figured that out. I look back and I think that's one of the best career decisions I ever made, but it was for reasons that would have been really hard to explain to a lot of people.Corey: Let's also be very clear here that you and I are well-off white dudes in tech. Our failure mode is pretty much a board seat and a book deal. In fact, if—Brian: [laugh].Corey: —I'm not mistaken, you are on the board of something relatively recently. What was that?Brian: United Way of King County. It's a wonderful nonprofit in the Seattle area.Corey: Excellent. And I look forward to reading your book, whenever that winds up dropping. I'm sure it'll be only the very spiciest of takes. For folks who are earlier in their career and who also don't have the winds of privilege at their backs the way that you and I do, this also presents radically differently. And I've spoken to a number of folks who are not wildly over-represented about this topic, in the wake of that Twitter explosion.And what I heard was interesting in that having a manager who has your back counts for an awful lot and is something that is going to absolutely hold you to a particular company, even when it might make sense on paper for you to leave. And I think that there's something strong there. My counterargument is okay, so you turn down the offer, a month goes past and your manager gives notice because they're going to go somewhere else. What then? It's one of those things where you owe your employer a duty of confidentiality, you owe them a responsibility to do your best work, to conduct yourself in an ethical manner, but I don't believe you owe them loyalty in the sense of advancing their interests ahead of what's best for you and your career arc.And what's right for any given person is, of course, a nuanced and challenging thing. For some folks, yeah, going out somewhere else for more money doesn't really change anything and is not what they should optimize for. For other folks, it's everything. And I don't think either of those takes is necessarily wrong. I think it comes down to it depends on who you are, and what your situation is, and what's right for you.Brian: Yeah. I totally agree. For early in career, in particular, I have been a part of—I grew up in the early versions of the campus hiring program at Microsoft, and then hired 500-plus, probably, people into my teams who were from that.Corey: You also do the same thing at AWS if I'm not mistaken. You launched their first college hiring program that I recall seeing, or at least that's what scuttlebutt has it.Brian: Yes. You're well-connected, Corey. We started something called the Product Marketing Leadership Development Program when I was in AWS marketing. And then one year, we hired 20 people out of college into my organization. And it was not easy to do because it meant using, quote-unquote, “Tenured headcount” in order to do it. There wasn't some special dispensation because they were less paid or anything, and in a world where headcount is a unit of work, effectively.And then I'm at Google now, in the Google Cloud division, and we have a wonderful program that I think is really well done, called the Associate Product Marketing Manager Program, APMM. And what I'd say is for the people early in career, if you get the opportunity to have a manager who's super supportive, in a system that is built to try and grow you, it's a wonderful opportunity. And by ‘system built to grow you,' it really is, do you have the support to get taught what you need to get taught on the job? Are you getting new opportunities to learn new things and do new things at a rapid clip? Are you shipping things into the market such that you can see the response and learn from that response, versus just getting people's internal opinions, and then are people stretching roles in order to make them amenable for someone early in career?And if you're in a system that gives you that opportunity—like let's take your example earlier. A person who has a manager who's greatly supportive of them and they feel like they're learning a lot, that manager leaves, if that system is right, there's another manager, or there's an opportunity to put your hand up and say, “Hey, I think I need a new place,” and that will be supported.Corey: This episode is sponsored by our friends at Oracle Cloud. Counting the pennies, but still dreaming of deploying apps instead of "Hello, World" demos? Allow me to introduce you to Oracle's Always Free tier. It provides over 20 free services and infrastructure, networking, databases, observability, management, and security. And—let me be clear here—it's actually free. There's no surprise billing until you intentionally and proactively upgrade your account. This means you can provision a virtual machine instance or spin up an autonomous database that manages itself all while gaining the networking load, balancing and storage resources that somehow never quite make it into most free tiers needed to support the application that you want to build. With Always Free, you can do things like run small scale applications or do proof-of-concept testing without spending a dime. You know that I always like to put asterisks next to the word free. This is actually free, no asterisk. Start now. Visit snark.cloud/oci-free that's snark.cloud/oci-free.Corey: I have a history of mostly working in small companies, to the point where I consider a big company to be one that has more than 200 employees, so, the idea of radically transitioning and changing teams has never really been much on the table as I look at my career trajectory and my career arc. I have seen that I've gotten significant 30% raises by changing jobs. I am hard-pressed to identify almost anyone who has gotten that kind of raise in a single year by remaining at a company.Brian: One hundred percent. Like, I know of people who have, but it—Corey: It happens, but it's—Brian: —is very rare.Corey: —it's very rare.Brian: It's, it's, it's almost the, the, um, the example that proves the point. I getting that totally wrong. But yes, it's very rare, but it does happen. And I think if you get that far out of whack, yes. You should… you should go reset, especially if the other attributes are fine and you don't feel like you're just going to get mercenary pay.What I always try and advise people is, in the bigger companies, you want to be a good deal. You don't want to be a great deal or a bad deal. Where a great deal is you're getting significantly underpaid, a bad deal is, “Uh oh. We hired this person to [laugh] senior,” or, “We promoted them too early,” because then the system is not there to help you, honestly, in the grand scheme of things. A good deal means, “Hey, I feel like I'm getting better work from this person for what we are giving them than what the next clear alternative would be. Let's support them and help them grow.” Because at some level, part of your compensation is getting your company to create opportunities for you to grow. And part of the reason people go to a manager is they know they'll give them that compensation.Corey: I am learning this the interesting way, as we wind up hiring and building out our, currently, nine-person company. It's challenging for us to build those opportunities while bootstrapped, but it is incumbent upon us, you're right. That is a role of management is how do you identify growth opportunities for people, ideally, while remaining at the company, but sometimes that means that helping them land somewhere else is the right path for their next growth step.Brian: Well, that brings up a word for managers. What you pay your employees—and I'm talking big company here, not people like yourself, Corey, where you have to decide whether you reinvesting money or putting in an individual.Corey: Oh, yes—Brian: But at big companies—Corey: —a lot of things that apply when you own a company are radically departed from—Brian: Totally.Corey: —what is—Brian: Totally.Corey: —common guidance.Brian: Totally. At a big company, managers, you get zero credit for how much your employees get paid, what their raise is, whether they get promoted or not in the grand scheme of things. That is the company running their system. Yes, you helped and the like, but it's—like, when people tell me, “Hey, Brian, thank you for supporting my promotion.” My answer is always, “Thank you for having earned it. It's my job to go get credit where credit is due.” And that's not a big part of my job, and I honestly believe that.Where you do get credit with people, where you do show that you're a good manager is when you have the conversations with them that are harder for other people to have, but actually make them better; when you encourage them in the right way so that they grow faster; when you treat them fairly as a human being, and mostly when you do the thing that seems like it's against your own interest.Corey: That resonates. The moments of my career as a manager that I'm proud of stuff are the ones that I would call borderline subversive: telling a candidate to take the competing offer because they're going to have a better time somewhere else is one of those. But my philosophy ties back to the idea of job-hopping, where I'm going to know these people for longer than either of us are going to remain in our current role, on some level. I am curious what your approach is, given that you are now at the, I guess, other end for folks who are just starting out. How do you go about getting people into Cloud marketing? And, on some level, wouldn't you consider that being a form of abuse?Brian: [laugh]. It depends on whether they get to work with you or not, Corey.Corey: There is that.Brian: I won't tell you which one's abuse or not. So first, getting people into cloud marketing is getting people who do not have deeply technical backgrounds in most cases, oftentimes fantastic—people who are fantastic at understanding other people and communicating really well, and it gives them an opportunity to be in tech in one of the fastest-growing, fastest-changing spaces in the world. And so to go to a psych major, a marketing major, an American studies major, a history major, who can understand complex things and then communicate really well, and say, “Hey, I have an opportunity for you to join the fastest growing space in technology,” is often compelling.But their question kind of is, “Hey, will I be able to do it?” And the answer has to be, “Hey, we have a program that helps you learn, and we have a set of managers who know how to teach, and we create opportunities for you to learn on the job, and we're invested in you for more than a short period of time.” With that case, I've been able to hire and grow and work with, in some cases, people for over 15 years now that I worked with at Microsoft. I'm still in touch with many of the people from the Product Marketing Leadership Development Program at AWS. And we have a fantastic set of APMMs at Google, and it creates a wonderful opportunity for them.Increasingly, we're also seeing that it is one of the best ways to find people from many backgrounds. We don't just show up at the big CompSci schools. We're getting some wonderful, wonderful people from all the states in the nation, from the historically black colleges and universities, from majors that tend to represent very different groups than the traditional tech audiences. And so it's been a great source of broadening our talent pool, too.Corey: There's a lot to be said for having people who've been down this path and seeing the failure modes, reaching out to make so that the next generation—for lack of a better term—has an easier time than we did. The term I've heard for the concept is ‘send the elevator back down,' which is important. I think it's—otherwise we wind up with a whole industry that looks an awful lot like it did 20 years ago, and that's not ideal for anyone. The paths that you and I walked are closed, so sitting here telling people they should do what we did has very strong, ‘Okay, Boomer' energy to it.Brian: [laugh].Corey: There are different paths, and the world and industry are changing radically.Brian: Absolutely. And my—like, the biggest thing that I'd say here is—and again, just coming back to the one thing we disagreed on—look at the bigger picture and own your career. I would never say that isn't the case, but the bigger picture means not just what you're getting paid tomorrow, but are you learning more? What new options is it creating for you? And when I speak options, I mean, will you have more jobs that you can do that excite you after you do that job? And those things matter in addition to the pay.Corey: I would agree with that. Money is not everything, but it's also not nothing.Brian: Absolutely.Corey: I will say though you spent 20 years at Microsoft. I have no doubt that you are incredibly adept at managing your career, at managing corporate politics, at advancing your career and your objectives and your goals and your aspirations within Microsoft, but how does that translate to companies that have radically different corporate cultures? We see this all the time with founders who are ex-Google or ex-Microsoft, and suddenly it turns out that the things that empower them to thrive in the large corporate environment doesn't really work when you're a five-person startup, and you don't have an entire team devoted to that one thing that needs to get done.Brian: So, after Microsoft, I went to a company called Doppler Labs for a year. It was a pretty well-funded startup that made smart earbuds—this was before AirPods had even come out—and I was really nervous about the going from big company to startup thing, and I actually found that move pretty easy. I've always been kind of a hands-on, do-it-yourself, get down in the details manager, and that's served me well. And so getting into a startup and saying, “Hey, I get to just do stuff,” was almost more fun. And so after that—we ended up folding, but it was a wonderful ride; that's a much longer conversation—when I got to Amazon and I was in AWS—and by the way, the one division I never worked at Microsoft was Azure or its predecessor server and tools—and so part of the allure of AWS was not only was it another trillion-dollar company in my backwater hometown, but it was also cloud computing, was the space that I didn't know well.And they knew that I knew the discipline of product marketing and a bunch of other things quite well, and so I got that opportunity. But I did realize about four months in, “Oh, crap. Part of the reason that I was really successful at Microsoft is I knew how everything worked.” I knew where things have been tried and failed, I knew who to go ask about how to do things, and I knew none of that at Amazon. And it is a—a lot of what allows you to move fast, make good decisions, and frankly, be politically accepted, is understanding all that context that nobody can just tell you. So, I will say there is a cost in terms of your productivity and what you're able to get done when you move from a place that you're good at to a place that you're not good at yet.Corey: Way back in episode 10 of this podcast—as we get suspiciously close to 300 as best I can tell—I had Lynn Langit get on as a guest. And she was in the Microsoft MVP program, the AWS Hero program, and the Google Expert program. All three at once—Brian: Lynn is fantastic.Corey: It really is.Brian: Lynn is fantastic.Corey: I can only assume that you listened to that podcast and decided, huh, all three, huh? I can beat that. And decided that—Brian: [laugh].Corey: —instead of being in the volunteer to do work for enormous multinational companies group, you said, “No, no, no. I'm going to be a VP in all three of those.” And here we are. Now that you are at Google, you have checked all three boxes. What is the next mountain to climb for you?Brian: I have no clue. I have no clue. And honestly—again, I don't know how much of this is privilege versus by being forward-looking. I've honestly never known where the heck I was going to go in my career. I've just said, “Hey, let's have a journey, and let's optimize for doing something you want to do that is going to create more opportunities for you to do something you want to do.”And so even when I left Microsoft, I was in a great position. I ran the Surface business, and HoloLens, and a whole bunch of other stuff that was really fun, but I also woke up one day and realized, “Oh, my gosh. I've been at Microsoft for 20 years. If I stay here for the next job, I'm earning the right to get another job at Microsoft, more so than anything else, and there's a big world out there that I want to explore a bit.” And so I did the startup; it was fun, I then thought I'd do another startup, but I didn't want to commute to San Francisco, which I had done.And then I found most of the really, really interesting startups in Seattle were cloud-related and I had this opportunity to learn about cloud from, arguably, one of the best with AWS. And then when I left AWS, I left not knowing what I was going to do, and I kind of thought, “Okay, now I'm going to do another cloud-oriented startup.” And Google came, and I realized I had this opportunity to learn from another company. But I don't know what's next. And what I'm going to do is try and do this job as best I can, get it to the point where I feel like I've done a job, and then I'll look at what excites me looking forward.Corey: And we will, of course, hold on to this so we can use it for your performance review, whenever that day comes.Brian: [laugh].Corey: I want to thank you for taking so much time to speak with me today. If people care more about what you have to say, perhaps you're hiring, et cetera, et cetera, where can they find you?Brian: Twitter, IsForAt: I-S-F-O-R-A-T. I'm certainly on Twitter. And if you want to connect professionally, I'm happy to do that on LinkedIn.Corey: And we will, of course, put links to those things in the [show notes 00:36:03]. Thank you so much for being so generous with your time. I appreciate it. I know you have a busy week of, presumably, attempting to give terrible names to various cloud services.Brian: Thank you, Corey. Appreciate you having me.Corey: Indeed. Brian Hall, VP of Product and Industry Marketing at Google Cloud. I am Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an insulting comment in the form of a PowerPoint deck.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Just how severe is this DNS cache poisoning attack revealed this week? We'll break it down and explain why Linux is affected. Plus, the feature now removed from APT, more performance patches in the Kernel, and a big batch of project updates.

Just how severe is this DNS cache poisoning attack revealed this week? We'll break it down and explain why Linux is affected. Plus, the feature now removed from APT, more performance patches in the Kernel, and a big batch of project updates.

In this episode we discuss the 25th anniversary of the first DDoS (Distributed Denial of Service) and why this cybersecurity threat is a tricky one to solve.  00:00 to 2:00 Intro to Pankaj Gupta (@PankajOnCloud,CITRIX) Pankaj leads product and solutions marketing and go to market strategy for cloud, application delivery and security solutions at Citrix. He advises CIOs and business leaders for technology and business model transitions. In prior roles at Cisco, he led networking, cybersecurity and software solution marketing. 2:20 The 25th anniversary of the first Denial of Service attack against Panix, an Internet Service Provider (1996) (https://en.wikipedia.org/wiki/Denial-of-service_attack#Distributed_attack) 25 years later, the largest DDoS attack ever recorded targeted  Russian ISP Yandex (https://www.cpomagazine.com/cyber-security/russian-internet-giant-yandex-wards-off-the-largest-botnet-ddos-attack-in-history/). Pankaj notes how this was exactly 25 years later to the month. 3:15 What is a DDoS Attack? 1) Connection overload 2) Volumetric like ICMP flood 3) Application Layer  5:20 Coinminer as an example of Denial of Service when CPU is exhausted 6:00 Why are we still talking about DDoS 25 years later? Pankaj states that they are now easier than ever to perform.  7:00 Larry asks about the connection between ransomware and DDoS 9:00 Pankaj describes how the motivation for DDoS has shifted from hacktivism to financial motivation  9:30 Joe asks how much it costs for an attacker to operate  10:00 Pankaj explains that unskilled attackers with access to the Dark web can orchestrate attacks 11:45 Joe discusses how many attackers target healthcare despite how this hurts people 12:45 Pankaj discusses that while federal laws exist, very few are prosecuted for DDoS attacks. 13:50 Larry asks whether businesses are paying the ransom  14:15 Pankaj says paying the ransom is never recommended. Instead, Pankaj recommends investing in DDoS protection solutions 15:25 Joe asks whether tools exist to quantify costs for downtime to justify the expense of DDoS prevention solutions.  16:30 Pankaj explains how it is not just the economic impact of downtime that is to be factored into the equation but also the damage to reputation by losing customer's trust.  17:30 Pankaj describes three trends that will cause DDoS attacks to increase in the future (things will get worse rather than better). This is due to increased bandwidth for 5G, exponential growth of IoT devices, and the improved computation power.  18:30 What is IoT? (Internet of Things). This is any device that has an internet connection such as a Nanny Camera, home router, or NEST Thermostat. Bad actors exploits vulnerabilities to transform these devices into a “BOT Network” that the attackers can then use in mass quantity against a single target. This forms the source for the DDoS attacks. All of these devices combined will send packets to the victim website.  20:50 What solutions exist for DDoS? Joe explains how he has solved DDoS historically using services from CloudFlare.  22:00 Joe explains how he configured DDoS protection by configuring DNS, and the weakness when attackers discover the direct IP using OSINT 23:15 Joe asks Pankaj how does Citrix compare with competitors  23:35 Pankaj describes four key criteria when selecting a DDoS solution. 1) The solution should protect against a variety of types of DDoS attacks 2) Can the solution scale? As DDoS attacks increase in size 20% Year over Year (it's expected to be 3 terabits). 3) The advantage of a cloud-based solution is that it can auto-scale in bandwidth whereas an on-premises DDoS solution cannot guard against bandwidth saturation.  25:50 Joe asks Pankaj if Citrix uses its own data centers (does it have exposures if data centers like Google, Amazon or Microsoft). Pankaj describes the Citrix solution as having the scale to handle 12 terabits of scrubbing across multiple points of presence (pop).  29:00 Pankaj describes two types of DDoS solutions, Always-ON, or On-Demand.  If you are an e-commerce website then Always-on may make more sense even though it costs more than on-demand because every minute that you cannot sell your products will lose money.  31:00 DDoS attacks can be a diversion tactic to distract IT and SECOPS teams so that the attackers can perform other types of attacks such as financial fraud (Wire Fraud, SWIFT, etc) 32:40 Larry asks: What is the difference between a buffer overflow and DDoS? Pankaj explains that a buffer overflow could be used as a type of DDoS since it could impact the availability of the service. 34:00 Joe describes how DDoS strikes at the heart of one of the three components of the CIA Triad “Confidentiality, Integrity, and Availability.”  35:00 For businesses interested in learning more about Citrix solutions, Pankaj recommends using this contact form on the Citrix website: https://www.citrix.com/contact/form/inquiry/ 36:30 Joe asks what market is Citrix chasing: Small Business, Mid-Market or Enterprise? Pankaj responds that all businesses need DDoS protection, and how cloud-based solutions are easier to implement.   

Just how severe is this DNS cache poisoning attack revealed this week? We'll break it down and explain why Linux is affected. Plus, the feature now removed from APT, more performance patches in the Kernel, and a big batch of project updates.

Thank you for joining us for our 2nd Cabral HouseCall of the weekend! I'm looking forward to sharing with you some of our community's questions that have come in over the past few weeks… Let's get started!    Jody: Hi Dr. Cabral. I was hoping you could give me some information on sebaceous cysts...what are they, where do they come from and what happens when they get infected? I have searched your podcasts and don't believe I have heard you mention them before. I had one on my shoulder apparently for a while, where it just seemed to be a small bump. It became infected and painful and my doctor put me on antibiotics. After a few weeks to a month it was much better and has actually disappeared. I have several now on my labia where they too became very irritated and painful. My OBGYN prescribed me a cream that did not make it any better so eventually put me on antibiotics again. That helped a little but not like it did with the outcome of the one on my shoulder. I have a cluster of them on both sides of my labia and they still sometimes become irritated. My OBGYN did say I could have them cut out but that seems very painful due to the fact where they are located. I would love to hear any thoughts or advise you have regarding this. Thanks so much for your time and for all you do. I really enjoy listening to your podcasts every day. Angie: Hi Dr. Cabral. I recently overcame HPylori and am working on my digestion. I am doing your parasite protocol. started taking your DNS powder and will do the CBO protocol soon. When I took the DNS powder it resulted in pain under my right rib cage, so I lowered my dosage to half a scoop, which helped. My questions is, how do I heal a dysfunctional gallbladder so I don't have to get it removed? I also have low stomach acid and gastritis, what are your recommendations to heal those? Kirsten: I am on day 1 of the 7 day detox. Regarding days 3-7 vegan/paleo meals what are the thoughts regarding including gluten free grains like quinoa, rice and oats. Also what about raw nuts - walnuts, almonds, cashews? Lastly what about seeds? I have been going through everything and thought it said no grains and the program itself is nut free, I am presuming because the allergen potential, but i can't find specific discussion on these. Thank you Nic: Hi Dr. Cabral, I've developed a pterigium on my eye and I wonder if there is anything I can do to make it go away or stop growing? I'm terrified of the thought of surgery down the road. Also, why would I have developed it in the first place? Thank you! Nic Stacey: Hi, I have binge listened to your episodes this week. Carb cycling is a lot of interest to me. I tend to work out daily, so tend to keeps my carbs at the higher end. Is that impacting my weight loss? I'd love to know can you be doing too much. I walk 10,000 steps daily and do a 40-50 min workout each day. Thanks Ryan: Hello, I have a question regarding a friend with Klinefelter syndrome and osteopenia. If you were to take lab tests out of the equation, these 2 conditions I'm sure immediately bring to mind some interventions and practices you would like to prioritise to improve health and balance in the body. I was wondering if you had some ground level go-to advice based on the presence of these 2 conditions? Much appreciated.   Thank you for tuning into this weekend's Cabral HouseCalls and be sure to check back tomorrow for our Mindset & Motivation Monday show to get your week started off right! - - - Show Notes & Resources:  http://StephenCabral.com/2116 - - - Dr. Cabral's New Book, The Rain Barrel Effect https://amzn.to/2H0W7Ge - - - Join the Community & Get Your Questions Answered: http://CabralSupportGroup.com - - -  Dr. Cabral's Most Popular At-Home Lab Tests: > Complete Minerals & Metals Test (Test for mineral imbalances & heavy metal toxicity) - - - > Complete Candida, Metabolic & Vitamins Test (Test for 75 biomarkers including yeast & bacterial gut overgrowth, as well as vitamin levels) - - - > Complete Stress, Mood & Metabolism Test (Discover your complete thyroid, adrenal, hormone, vitamin D & insulin levels) - - - > Complete Stress, Sleep & Hormones Test (Run your adrenal & hormone levels) - - - > Complete Food Sensitivity Test (Find out your hidden food sensitivities) - - - > Complete Omega-3 & Inflammation Test (Discover your levels of inflammation related to your omega-6 to omega-3 levels)

About Guang Ming Guang Ming Whitley was elected to Mount Pleasant Town Council in 2017 and resides in Old Mount Pleasant with her husband, four children, and a dog.She earned a B.S. in Chemical Engineering from the University of Southern California and a J.D. from the University of Chicago Law School, where she was a member of Law Review and a moot court semi-finalist. After completing her law degree, Guang Ming taught at the University of Chicago and practiced intellectual property law in Los Angeles. She then retired from active practice to serve as Chief Operating Officer of the Whitley Household. In 2020, she cofounded Lattice Climbers, a company dedicated to teaching soft and life skills to young adults.Guang Ming is also President of the Girls State Alumnae Foundation and attended the American Legion Auxiliary Girls State in 1996, where she was elected governor. She has volunteered with the ALA Girls State program in a variety of capacities since 2000.Links:Lattice Climbers: https://www.latticeclimbers.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate: is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards, while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter? Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other, which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at Honeycomb.io/screaminginthecloud. Observability, it's more than just hipster monitoring.Corey: You know how git works right?Announcer: Sorta, kinda, not really Please ask someone else!Corey: Thats all of us. Git is how we build things, and Netlify is one of the best way I've found to build those things quickly for the web. Netlify's git based workflows mean you don't have to play slap and tickle with integrating arcane non-sense and web hooks, which are themselves about as well understood as git. Give them a try and see what folks ranging from my fake Twitter for pets startup, to global fortune 2000 companies are raving about. If you end up talking to them, because you don't have to, they get why self service is important—but if you do, be sure to tell them that I sent you and watch all of the blood drain from their faces instantly. You can find them in the AWS marketplace or at www.netlify.com. N-E-T-L-I-F-Y.comCorey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Sometimes people like to ask me what this show is really about and my answer has always been, “The business of cloud,” which is intentionally overbroad; really gives me an excuse to talk about anything that strikes my fancy at a given time. A recurring theme has always been, “Where does the next generation of folks working on cloud come from?”That's not strictly bounded to engineers; that goes throughout the entire ecosystem. There are a lot of jobs that are important to the functioning of businesses that don't require a whole bunch of typing into a text editor and being mad about YAML all day long. Today, my guest is Guang Ming Whitley. Guang Ming, thank you for joining me, I'll let you tell the story. Who are you exactly?Guang Ming: Oh, my goodness. That's a tough question. Well, I am someone who has lived my life in a series of segments. I started off as an engineer—a chemical engineer—then went off to law school, taught for a year—Corey: Well, let's interject as well. That is how I got looped into this whole nonsense; you were law school classmates with my spouse. And whatever you're in town, she gets very excited at the chance to see you, and we finally got to meet not that long ago, had a great conversation. It was, “Oh, my God, you need to come on the podcast.” Which is neither here nor there. Please, continue.Guang Ming: So, then I had a segment as a stay-at-home mother. I started having babies and I had a lot of them. I had one daughter, then a son, and then I had identical twin boys. And once I started having them in litters, we decided that it was time to stop. So, four kids in and about a decade as a stay-at-home mom, during which time I wrote some books.And then ran for office back in 2017. And then in 2020, was working with someone just, kind of, over coffee, just having, you know, conversation, and we came up with the idea to start a business, and Lattice Climbers was born out of that.Corey: And Lattice Climbers is what I think we're going to be talking about the most today because there's an entire episode baked into every one of those steps. Maybe not every one of them would fit on a cloud-oriented podcast, but there's a lot of interesting backstory there and it resonates with me because my entire life has been lived in phases as well. And the more I talk to people, the more I start to realize that maybe I'm not that bizarre. People go through stages and they'd love to retcon what the story was at the time and make it all look like there's a common thread and narrative running through, but when we're going through it, it feels—to me at least—like I've been careening from thing to thing to thing without ever really having an end goal in mind. But in hindsight, looking back, it just seems like it was inevitable that I would go from where I was to here. It never feels that way at the time for me.Guang Ming: Well, I think for me, where I've ended up with Lattice Climbers has felt sort of inevitable because one of the through-lines of all my segments that I've gone through is a program called Girls State, and it is one that I have volunteered with. It's sponsored by the American Legion Auxiliary and it's a government simulation program. Over the course of one week, you simulate city, county, and state government. And it's all about civic engagement and education of young women, and empowerment. So, it's such a fantastic program.And I love it, but one of the things that I've seen with this program is, as the young women come through the program, some of them have skills, and some of them don't have skills. And there's elements that are missing, and that's something that I want to try to help with, with Lattice Climbers.Corey: So, what is Lattice Climbers in a nutshell? It's still very early days, which is fine, terrific; the fact that you care enough about a problem that is clearly plaguing not just our industry, but arguably our entire society is worth exploring in-depth. And with the understanding that the narrative may very well shift as times go on what is Lattice Climbers today?Guang Ming: So, Lattice Climbers steps into the gap between formal education and the skills necessary to actually adult at life, to survive in the real world.Corey: That is an area that is of intense interest to me. For listeners who may not have listened to every single episode here, my academic background is checkered, to put it politely. On paper, I have an eighth-grade education and no one can take that away from me. I was expelled from two boarding schools in high school, I wound up getting a diploma from a homeschooling organization that years later I discovered was not accredited, then I failed out of college. But again, no one can take that eighth-grade education away from me.But also look at me. I am a white dude in tech where my failure mode is a board seat and a book deal somewhere, and there are winds of privilege at my back when I do that. What also has been a strong contributing factor is that when I was 12 years old, my dad sat me down and had a long conversation with me about how to handle a job interview, what a job interview was—because when I was 12, I had no idea—and what they're looking to gain from asking you these questions, and why they're asking you the things that they do, what answers they're looking for, and the purpose behind the meeting that you're in. And that more than almost anything else as a single moment in my childhood shaped the reason that I became moderately successful [laugh] in my career, depending on what phase of my career we're talking about. That's stuff is super important and they don't teach it formally in any program I've ever seen. How do you approach it?Guang Ming: So, what we do is we have an intake quiz that assesses your skill gaps, sort of like a self-assessment, and then it gives you a customized curriculum just meant to fill your specific skill gaps. So professionalism, where we cover things like interview skills, behavior at events, table manners, those kinds of things. Financial literacy, we have little mantras like, “Credit cards are not free money,” [laugh] which some people never learned that. And then there's different tracks, so depending on whether or not you're college-bound, or vocational school, or military-bound, you can pick a different track for that and receive two-minute lessons, sort of the gems, distilled down. And there's little animations; we try to keep it as brief and information-packed as possible.Corey: Would it be fair to categorize this as more or less micro-lessons in how to adult?Guang Ming: Exactly. That is exactly what we're trying to do.Corey: I somewhat recently read one of the best stories I've ever heard about teaching students in middle school about financial literacy. And invariably, the financial literacy courses are all sponsored by financial institutions, and that's great. So, what happened was, someone from the bank came in and spoke to the students and then took them all to the bank and had them all open a bank account and deposit $5 into it. Great. A couple of years go by and it earns interest—not much because $5—the bank was then acquired and acquired again and eventually became rolled into Wells Fargo, and had a small balance fee, which then of course wiped out all of these accounts.And I don't think that there is any better lesson in the way the financial system works—in some ways—than that. And yes, that's cynical, but that idea of, if you are sort of toward the bottom, this system is basically stacked against you in a bunch of different ways. Look, I'm not here to rail against capitalism or society as it stands, but understanding that basic concept is foundational to realizing that maybe the credit card company isn't always your friend with your very best interests in mind.Guang Ming: Mm-hm. And we tried to explain that, too, you that when you get a credit limit, that is based on what your ability to pay the minimum balance every month. They don't care if you can pay it off. They care about making that interest off of you, and I think that's something that children and young adults need to understand.Corey: It feels like it ties into the idea of thinking critically. The problem with that is the root of that entire financial literacy anecdote that I came out with just now, is that the financial literacy program was developed and promoted by financial institutions. What I like is that I checked your website very briefly, and given the significant absence of a pile of disclosures at the bottom, I don't believe you're a bank.Guang Ming: We are not a bank, and we are not sponsored by a bank. We want to provide practical real-life advice that is useful, and in digestible chunks.Corey: A while back, before I wound up starting down the path that I'm on now, I basically yelled at people for fun on the internet. I know, imagine that. I was the moderator of two particular subreddits: personal finance—which, great, I spent my 20s in crippling debt; there's no one as passionate about that stuff as someone who has been converted. Great. And the other was the legal advice subreddit, which is probably horrifying to people like you who are actual attorneys.But it turns out that an awful lot of what I was doing in both of those subreddits was giving life advice to people on how to function in society. On the legal side of it, “You can't sue a dog.” “Okay, you are not going to be able to go down to the police station and explain your way out of troubles. Get an attorney.” It's baseline-level stuff.“Oh, you've been given a contract that seems unreasonable, but they'd say that you need you to sign it.” “Yeah. How about don't do that without having someone review it?” It's not actually legal advice. It is how to function in society as an adult, but that's a less catchy subreddit title as it turns out.Guang Ming: Well, it's all about raising your awareness level. So, I have a friend and she tells this story, MBA grad and spent her first six months on the job wearing sneakers every day to work—they were cute, fashionable sneakers, but they were sneakers—and they were not part of appropriate business attire for the work environment she was in because she just was oblivious to that as being an issue. And it took someone who was more senior to finally sit her down and say, “You shouldn't do this. You need to wear appropriate shoes to work.” And she was mortified but learned from that experience.So, what if you never had to have that? What if you never had to have that sit-down conversation with someone correcting you? What if you had a little, sort of, pocket guide that gave you that level of awareness? It's like, “Take a look at your office. See what people are wearing. You can't wear what the CEO is wearing because you're not the CEO”—I mean, unless you are the CEO, then you can wear whatever you want, but if you're just an underling at the company, if you're just starting out, you need to understand what the company culture is and you need to conform to that culture. Unfortunately, that's just, like… the truth of the matter.Corey: The common wisdom is, “Oh, if you don't know how to dress or how to behave in a certain scenario, reach out to one of your mentors and ask them for advice.” Not everyone has one of those things. I get some crap sometimes through it, but one of the big reasons I have open DMs on Twitter is specifically so people can message me and ask me questions about the industry generally, life in general; I'm always willing to talk to folks who are trying to figure things out. That's important. Since a disproportionate number of the listeners to this show do work in tech and the idea of having a dress code is ridiculous, yeah, in a lot of tech culture at t-shirt and jeans is just fine, but in other cases, it's not.And, for example, I'll get on stage wearing a full bespoke three-piece suit and give a talk. And it's fun. It's hilarious. It plays with people's expectations, but it's important to understand I view that more as costuming than I do how I believe someone should necessarily dress in that environment. I am, for better or worse, a very distinctive personality in this space, and using me as a blueprint for someone who is starting out their career is going to lead to disaster.Yes, I'm mouthy and I make fun of big companies because that's my thing. I also got fired an awful lot in—Guang Ming: [laugh].Corey: —my career, and those two things are not entirely unrelated, let's be very clear here. There's a lot that we can learn through observation, but dialing it in and figuring out what the expectations, are important.Guang Ming: Well, I think a lot of young adults—one of the things we focus on, as well, is the importance of mentoring and finding good mentors. And then you being the kind of person that a mentor would want to mentor. Because I think there's a lot of formal mentoring in work environments, and those don't always work as well as the organic relationships. So, we want to be that mentor that you never knew that you needed, the mentor that you wish you always had, to give you all that baseline information so that when you do meet with your substantive mentor, they can truly help you in ways that we cannot with our scalable mentoring micro-lessons.Corey: I have to ask, what is your revenue model? Because if this turns into charging kids money to learning these things, that has a giant exploitative flashing warning sign around it.Guang Ming: So, what we're planning to do is work with school districts and with nonprofits, and do sort of like a B2B model where we pilot with the school district, we pilot with the technical college, and give them an opportunity to add 30 to 50 students, work with the program. And if they find it something valuable, they find that it's a value-add and it's helping their students land jobs and have a better career, I think that then they'll use our program for their full technical school.Corey: I'm done a fair number of mentorships in the course of my career. I helped administer and run the LOPSA 00:13:43—or League Of Professional System Administrators—mentorship program for a couple of years. The reason that I have a career at all is that people did favors for me, and you can never repay that; you can only pay it forward. So, I had a number of people assigned to me through that program and through other areas as well, and what I've learned is that the success of a mentorship is almost entirely on the person seeking guidance: how diligent are they about following up, about going and asking great questions? Because otherwise, if someone comes and says, “Hey, can you mentor me?”—they never frame it quite like that, but that's fine; the terminology is always squishy here.Like, “Hey, can you give me advice on things?” “Sure.” And then they don't ask any questions. Well, if I just butt in with unsolicited advice, that's not helping them in a mentoring capacity; that's being a dude on Twitter. So, I'm trying to figure out the way of solving for that, and I don't know if there is an answer. What's your take?Guang Ming: I think that for many young people, there is a baseline level of information that they need, that almost any mentor can give, but it takes up a lot of time to get to that point. So, for example, I had a young woman reach out to me, and she wanted to get a foot in the door in the legal world and wanted some advice. And I couldn't. It was like, pulling teeth. I couldn't get her to say a word about herself. And our conversation lasted less than five minutes because I couldn't get her to speak about herself.And I almost let it end at that. But then I circled back with her a week later, and called her and said, “You know, I'm going to connect you to someone because I want to help you in your journey. But I need you to think before you get to that conversation about who you are, what you want, where you're going, what's your story. You know, I know just from the person who connected us that you're the first in your family to go to college. Speak to that.” And just really tried to help her understand that she needed to craft a narrative around herself. And I think a lot of young adults don't know how to craft that narrative.Corey: The problem that I see when I look at this systemically is that all of this stuff seems like it's very bespoke. It's [spreading an 00:15:45] opportunity, but it is incumbent upon folks to learn about it for themselves. One of the most foundational memories of my ill-fated academic career was in public school for my first sophomore year of high school, where the US history teacher said, all right. Today, we're not doing our traditional stuff, what I'm about to do is not in the curriculum. Please feel free to complain to your parents and then have them take it to the school board.And what he did was he passed at a flyer where each one of us had different numbers on it, and it was a, “You are a family of x number of people; you made this much money last year.” And then he passed out 1040-EZ forms. And he taught us how to file a tax return in the course of that 45-minute session. And it was, instead of learning a series of whitewashed facts about American history, I was learning how to function as an adult in society. And the fact that he had to do this almost as a subversive thing as opposed to being an accepted part of the curriculum is just mind-boggling to me. I see what you're doing is important and valuable, but it also in some level kind of feels like a band-aid over a massive societal failing. Is that accurate or am I missing something?Guang Ming: No, I think that certain school districts are trying to do this, they're trying to integrate financial literacy into calculus. Some schools will even offer a course, but the course isn't an AP course; it doesn't give you special credit, and so students don't take it, or it's viewed as a less valuable course even though it's probably the most valuable course. And there's also a level of embarrassment. Like, for certain things, we cover personal hygiene. The importance of brushing your teeth every day, and taking a shower, and wearing deodorant.Which is something you wouldn't necessarily think you would need to teach someone, but wait till you're in certain work environments, and that is actually something that people need to know that they're bothering their coworkers by this lack. That can be really embarrassing.With Lattice Climbers, you can do this in the privacy of your own home, you can do it in your bedroom, you can do it wherever you are, and you can get these little lessons and not feel embarrassed. Or sometimes you are afraid to ask a question because you feel dumb asking it. When we did a pilot with 17-to 19-year-olds, the favorite video was actually making an appointment. Just giving tips on how to gather the appropriate documentation you would need to, say for example, make a doctor's appointment, and sample scripts—we have downloadables that go along with—sample scripts of how a conversation would potentially run if you were to call.Corey: The way you describe this and the problem you're solving, I have a hard time seeing this as the business opportunity that becomes a $60 billion company because to do that, you would have to do something that is abjectly terrifying. So apparently, becoming rich beyond the wildest dreams of avarice is not the reason that you're doing this. What made you decide that this was a problem you wanted to address?Guang Ming: So, I am the daughter of an immigrant and a first-generation college student. And there were so many things that my parents just didn't know to teach me. They were very focused on academics and there was no focus on anything outside of book smarts. So, when I had my first college interview, my mom took me to the Fashion for Price Boutique next to the Drug Emporium in the strip mall near our home and bought me an interview suit—we didn't have a ton of money—and the interview suit involved zebra print zippers and a very short skirt. And that is what I wore to my Harvard interview. The one [laugh] school I didn't get into.And not only that, not only was I dressed wholly inappropriately, I also was a deer in the headlights. I had never done a mock interview, I had never done anything that would help prepare me for this situation. And I look back at that 17-year-old and I think, “How can I help her? How can I help people like her who don't have the social or cultural capital to know these things, to know how to move in the world that they want to be in desperately? How do I help them overcome that obstacle?” And that is how Lattice Climbers was born.Corey: The idea of having an experience like that as being necessary to forge this is—it's moving. It's the sort of thing that you hear about other people—you [unintelligible 00:20:04] secondhand cringing from hearing that sort of story, at least I do. And I can definitely understand not wanting other folks to have to go through this. We talk about hilarious interview mistakes that we've made, that we've had candidates make, and in some cases, most of the ones that I like to talk about are the folks who are—let's [unintelligible 00:20:23] here—25 years into their career or so, where they really should know better. Because making fun of some naive kid who'd never been in an interview scenario before is just being shitty, let's be clear.At some point, though, you should learn how to comport yourself in a working environment that makes sense. But without having mentorships or guidance like that, it feels like a lot of people have stories like this. I think what makes your story different than most of them is that you're willing to talk about it in public. Most of us bury those things down the memory hole, I would think.Guang Ming: Yes. I very much own the zebra print story, and it is something that I share when I speak at Girls State. I speak at Girls State just about every year to the young women, and I talk a lot about some of these things that we go over in Lattice Climbers to just try to impart, even in a six-minute speech, some of the key nuggets that I want them to take away with them, as they move through life.Corey: Tell me a little more about Girls State. I've heard the term a couple of times, but know remarkably little about it because, for better or worse, my daughters are still at a point where—I regret this constantly—I have to know entirely too much about the Paw Patrol.Guang Ming: So, Girls Day is a program sponsored by the American Legion Auxiliary. It is a week-long civic engagement program that simulates government over the course of one week. And for California Girls State, it is one girl from each sponsored high school, with about 540 young women—and of course, we've had to be virtual for the past couple of years, but they've done it in a webinar virtual sessions—and the program is all about women empowerment and encouraging civic engagement. And one of the things that has really impacted Lattice Climbers has been my observations in Girls State as a counselor for over 20 years. Because we work with young women from all different backgrounds, whether their parents are migrant workers in Modesto or doctors in Big Sur, there are gaps that these young women have that differ based on their backgrounds.And what I'm hoping to do with Lattice Climbers is fill those gaps and help them avoid these missteps and increase their trajectory as they climb the lattice. And that is one thing that we do is we don't talk about climbing the ladder because a ladder implies that there is one pathway to the top, there's room for only one there. We approach it as you're climbing a lattice: we're all in it together and there are infinite paths to success.Corey: All of these things that you talk about are challenging at the best of times, and these are very clearly not the best of times. One of the reasons that, to date, we at The Duckbill Group have not hired junior folks is because in a full-remote environment—and to be clear, even without the pandemic The Duckbill Group has been full-remote since its inception—I don't know that's necessarily the best way to expose someone new to the workforce. It feels to me like there's not a lot of examples around there. There's a requirement to be a lot more self-directed, and it's likely, for example, that someone will get stuck and spin on something for a while rather than asking for help because they don't want to appear like they don't know what they're doing and inadvertently make things worse. Do you think that remote as we move forward is going to be an increasing burden on folks like this, or—which I'm perfectly willing to accept—am I completely wrong, and that in fact having a full-remote environment like this is in fact a terrific opportunity for folks new to the workforce?Guang Ming: No, I think full-remote is an issue. I think that it takes so much more emotional energy to connect through a video than it does to connect in person. And there's also the lack of organic interactions. There are so many mentorships that develop just from walking down the hall and running into someone over coffee, or at the wat—I mean literally at the watercooler and having the opportunity to chat with someone about something non-work-related that can then evolve into a mentoring relationship. And there is just a lack of that.All these young people entering the work environment, they can wear pajamas all day and lay in bed with their laptop on their laps and work, and they may love that, but I think that if you want to work in a professional office environment, you need to understand appropriate attire, you need to understand appropriate behavior at events. I think that, especially if you're from certain backgrounds and you've never been around an open buffet before, it can be very tempting to just pile that plate as high as you can with crab legs or, you know, shrimp cocktail. And it's not appropriate in that setting. And so we cover those—Corey: Wait. It's not?Guang Ming: [laugh]. Well, it depe—if you're the CEO of the company, Corey, you can do whatever you want.Corey: No, no. That's my business partner. I am just the chief cloud economist because it's not professional to put the word shit-poster on a business card. Or so they tell me.Guang Ming: [laugh].Corey: In my experience, the worst of all worlds, though, is not the full-remote; it's not the in-office; it's the hybrid scenario where you have some people that are in an office together working and then you have folks who are remote, and regardless of what your intentions are, it is almost impossible to avoid having a striated structure where the in-person folks collaborate in different ways and make decisions informally to which remote folks are not privy. And it's not to do with cliques or anything like that, but the watercooler discussions, or, “I'm going to go grab lunch. Do you want to come with me?” Type of engagement stories. And I can't shake the feeling that remote really needs to be all or nothing, at least within the bounds of a team, if not company-wide.Guang Ming: I think that a hybrid version could work if there was a concerted effort to include the remote individuals if there was a scheduled Zoom happy hour. So, one of the things that happened during the COVID times is there's a group that I'm a part of, and we just had a happy hour on Saturday nights. At 8 p.m. everyone just kind of logged on and hung out for a period of time. And it was really good to connect with people in that casual environment; there wasn't always pressure to speak, there wasn't always pressure to perform, it was just being together and having that togetherness. So, I think that in a work environment, you could create opportunities for that. And then also, I think, bringing people into the office for specific meetings and things that are important like that. And then potentially—I don't like assigning mentors, but I think you almost have to assign mentors when you have remote workforce.Corey: This episode is sponsored in part by something new. Cloud Academy is a training platform built on two primary goals. Having the highest quality content in tech and cloud skills, and building a good community the is rich and full of IT and engineering professionals. You wouldn't think those things go together, but sometimes they do. Its both useful for individuals and large enterprises, but here's what makes it new. I don't use that term lightly. Cloud Academy invites you to showcase just how good your AWS skills are. For the next four weeks you'll have a chance to prove yourself. Compete in four unique lab challenges, where they'll be awarding more than $2000 in cash and prizes. I'm not kidding, first place is a thousand bucks. Pre-register for the first challenge now, one that I picked out myself on Amazon SNS image resizing, by visiting cloudacademy.com/corey. C-O-R-E-Y. That's cloudacademy.com/corey. We're gonna have some fun with this one!Corey: The challenge also becomes one of, great for junior folks, that makes an awful lot of sense. Hire someone with 15 years of experience, and, “Oh, we're going to assign you a mentor here.” And they're like, “Oh, really. So, that's what condescending means. I was always looking for a perfect example.”Guang Ming: [laugh].Corey: That's a delicate balance to strike in my experience.Guang Ming: Oh, very true. Very true. I was thinking more of, like, the young adults starting out in their career because our focus is really early career, as well as young adults in high school.Corey: And that's, I guess, my question for you next is why is that the target age range that you think is best served by this? Now, having, again, spent too much time gazing into the mess that is the Paw Patrol, I understand why preschoolers are not the target market for this, but my approach has generally been targeting folks who are entering the workforce. Although let's be very clear, a large part of that is because I generally don't appreciate the optics of going and hanging out at the local high school trying to talk to kids.Guang Ming: Well, I think that high school is really where it starts. This is the age at which brains are starting to develop a little bit more; they're starting to have more social awareness. This is where beginnings of your network are important. And I think that the sooner that we can convey to young people that they're only as strong as their networks, the better. If they can understand that it's their teachers, their coaches, the parents of their friends are all the beginnings of their network.That's how you get internships, that's how you get a leg up is through these connections because if you're just a resume floating out there, your chances of getting looked at—and we all know how the world works—well, we should all know how the world works, which is it's all about your connections that helps you launch to the next thing.Corey: That's the thing that I think is understated in this is that we wind up telling students a whole bunch of things that are well-intentioned lies. The, “Oh, put your nose to the grindstone and work hard, and one day you will surely be promoted.” Now, I get flack when I say this sometimes from folks who've been at the same company for 15 years and demonstrated growth trajectory internally, but that's the exception, not the rule. Big moves generally look a lot like transitioning between companies.“Oh, you don't want to be a job hopper. It looks bad on the resume.” Yeah, you know who says that? People who don't want you to quit your job because you're unhappy because then they have to backfill you, or people who are trying to recruit you in and want to make sure that you when you show up at this new job, you stay there for a while. It's self-serving.Yeah, there's going to be some questions about it in the interview process, but you should have an answer ready to go for it. It's the interview skills piece of it and make sure that you don't inadvertently torpedo your own candidacy with conversations like that. And this is stuff that I find that is—it's not just the newer generation that we're talking about here; people well into their careers still haven't cracked a lot of these codes, mostly because, for better or worse, it turns out that people aren't nearly as cynical [laugh] about things as I am.Guang Ming: Well, and we also cover things like how to leave a job professionally. Because as we live in a world where you're not going to go work for one company for the next 30 years, or where you shouldn't go work for the same company for 30 years necessarily, but there are stories out there of people just ghosting on the job, ghosting on job interviews, and that burns bridges. And everyone you meet is a potential connection in your network as you climb the lattice, and so you need to preserve those relationships moving forward because you never know who you help out along the way, or who helps you out along the way, you never know how that connection is going to play out later on in life.Corey: That's the trick is that it's talking to people and being friendly with them. And there are ways to do networking properly in my world, and there are ways not to. And, “Oh, I should talk to you because down the road you might be useful to me,” is just cynical and terrible. I hate the pattern.Whereas, I like keeping in touch with people because I find them interesting. My default assumption has always been that I'm going to be talking to someone for longer than either one of us is going to be doing whatever it is we're currently doing, and trying to treat relationships as transactional is a mistake. But that's what networking is often interpreted as.Guang Ming: It's so true. And people can tell. They can tell when you're being fake. They can tell when you're being transactional. They can tell when you just are waiting for the ask.I think it actually is really hard to be genuine and natural for some people that comes across as transactional, and one of the ways that we talked about avoiding that is through just an ongoing relationship. So, you don't only reach out to the person when you have an ask, you reach out to the person quarterly. And you can have a spreadsheet—almost—about it, and of the people that you want to contact and maintain cont—and even if it's just a text message that says, “Hey, this is what I'm up to. Hope all is well with you.” And even if they don't respond, or just it's a one-word answer, you've at least had that touchpoint with them over the course of time.Corey: There's often a criticism levied at folks who are advocating for networking, that it is a lot harder when you're an introvert or when you are neurodivergent, in certain ways. To be clear, I've neurodivergent in ways that do not directly negatively impact my ability to socialize with folks; it just means they think I'm a jerk. But there are folks who definitely have different expressions of different divergences. And that's fine. How do you view the networking aspect for folks who do not work nearly as well interpersonally?Guang Ming: That's so hard because interpersonal skills are something that is so necessary, and I think that unfortunately, there are people who get by one hundred percent on their social skills. Like, their people skills are all they need to move forward in the world. And I think that you have to work at it, and you have to study how to behave in those situations. It's almost like—so for example, my husband is an introvert, but he was also an actor in college. And when he goes into these situations, it's almost like putting on a show.Like you talked about putting on your three-piece suit. There is the extrovert persona that he wears in these environments, and then he takes it off when he gets home. And I think that you almost have to create that persona for yourself. And you can acknowledge that you're neurodivergent, and you can acknowledge that you're an introvert, and I think that's way more acceptable these days than it used to be. And there are lots of people that are in the world that are neurodivergent and are introverts, and so I think it's completely fine to be that way.Corey: I've never had a good answer for folks who ask those questions, just because it is so different from my lived experience that I don't have an answer that's worth listening to, and I try very hard to stay in my lane. I don't ever want that to be interpreted as it's not important because it very much is.So, one last question I have for you is I love, love, love your zebra print suit story, but it's also back when you were applying to school, back in early career, which you are very clearly not now; it's decades old. Do you have any other similar stories from folks that you've been working through, either at Lattice Climbers or through Girls State, that illustrate this in a somewhat more modern era?Guang Ming: Oh, absolutely. So, there was a young woman at Girls State; we were all in a room and they were talking about colleges, the girls were talking about colleges. And this one young woman remains silent during this conversation. And so I approached her. I said, “Well, what about you? What are your plans for college?” And she shared that she wasn't going to go to college because her parents didn't go to college, they didn't have a lot of money, and she just didn't think that college was in the cards for her.And I disabused her of that notion. I told her absolutely not. You're here at Girls State, which means you're the top girl from your high school. You absolutely should go to college, and I told her that there were so many paths to college. You could go to community college and then transfer; you could go to technical college; there's so many different options.And there's so many scholarships out there, especially for low-income individuals. Well, we became friends on social media, and about three years after Girls State—because they attend the summer after their junior years—I received a message from her, sort of, out of the blue, and she let me know that that conversation that we had changed her life because she had gone to community college—she had taken my advice; she had gone to community college and had just been accepted as a transfer student to UC Berkeley. And that story just makes me tear up every time I think about it. And that one conversation had that huge impact on her life, and I'm hoping that through Lattice Climbers and our little lessons, that we can have that kind of impact on young lives, that we can help them avoid these missteps that could have huge impacts on their trajectory, and we could help them increase their trajectory on the lattice.Corey: It's similar in some respects to the folks I talk to who are building products for the cloud industry. It's, “Yes, yes, of course. You're always going to have a story about how it works for you. That's fine. Let's talk about your customers.” Like, “Find me a customer, someone else in the world who has a story like this that really demonstrates the value you provide.”And I love the fact that it is so easy for you to come up with these things off the top of your head, even when you weren't necessarily expecting the question. So, you're onto something. This is a clear problem, and it's not going away anytime soon, and it's largely underserved because there's no opportunity to invest venture capital into it and make a ridiculous return on that investment because there's not money in solving it that I can see—and apparently, most the industry can see—compared to another Twitter for Pets app.Guang Ming: [laugh]. Well, there is not that much money in them there hills because no one owns the problem, and because no one owns the problem, it's very hard to find people willing to pay to solve the problem. But that doesn't mean that the problem isn't there and that doesn't mean that it doesn't need to be solved. And I actually think that companies should have an incentive to do it because it will help with employee retention, it will help with employee performance if they do invest in their workers, and in high school students who, the sooner that they know these things, the better it will be for their long-term careers.Corey: And if nothing else, I think that's the lesson to take away from this for the young folk—the youth, as it were—that this is the single greatest thing I look at and credit my professional trajectory has been in learning to handle expectations in corporate environments. And sure, I have fun with them and I play games with them, but you have to know the rules before you can break them in this context. And there are business meetings in which I assure you, you would question whether it was the same person. And that's what it comes down to, I think, on some level is, if you know how to handle a job interview, you will always be able to find something to put food on the table. Conversely, if you're terrific at any number of different things, but absolutely cannot handle the dynamics of a job interview, you are going to struggle to find work anywhere until you find someone willing to alter their corporate process just in order to bring you aboard.It's a skill that you need to be at least conversant with. And what makes it even worse, as it's a skill that you only really get to practice when you're looking for jobs. I want to thank you for taking the time to speak with me so much about all this stuff. If people want to learn more about what you're up to and how you're approaching it, where can they find you?Guang Ming: So, we are at latticeclimbers.com. And we are currently in waitlist mode, so you can sign up on our waitlist and get more information about when we're ready to launch. We are working with some nonprofits and some school districts on some pilot programs, and we're hoping to have that going, hopefully by the end of the year.Corey: And we will, of course, put a link to that in the [show notes 00:38:07]. Thank you so much for taking the time to speak with me today. I really appreciate it.Guang Ming: Well, thank you so much for having me. I really appreciate the opportunity to share what we're doing with Lattice Climbers, and I just hope, like I said, if I can get one person to not wear zebra print to that Harvard interview, [laugh] then I will view Lattice Climbers as a success.Corey: [laugh]. Excellent. Thank you so much. Once again, Guang Ming Whitley, co-founder of Lattice Climbers. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, along with a rambling comment explaining why we're wrong and that a zebra-print suit for a college interview is in fact a best practice.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Joshua joins Rohan and Phil to give a breakdown of his smart home, including automating a safety message when someone gets home For complete show notes and more information about the topics discussed in this episode, be sure to check the notes at https://hasspodcast.io/ha098/ This episode was made possible thanks to our sponsor Home Assistant Cloud by Nabu Casa Easily connect to Google and Amazon voice assistants for a small monthly fee that also supports the Home Assistant project. Configuration is via the User Interface so no fiddling with router settings, dynamic DNS or YAML. Website: https://nabucasa.com Special thanks to todays guest Joshua Garrison Website: https://dotnetevolved.com/ Home Assistant Config: https://github.com/JoshuaGarrison27/Home-Assistant-Configuration Twitter: https://twitter.com/JoshuaGarrison7 ----- Hosts ----- Phil Hawthorne Website: https://philhawthorne.com Smart Home Products: https://kit.co/philhawthorne Twitter: https://twitter.com/philhawthorne Buy Phil a Coffee: https://buymeacoff.ee/philhawthorne Rohan Karamandi Website: https://karamandi.com Smart Home Products: https://kit.co/rkaramandi/ Twitter: https://twitter.com/rohank9 Buy Rohan a Coffee: https://buymeacoff.ee/rkaramandi

Covering a lot of (Site)Ground here on the show today with Erin Sparks and Mordy Oberstein.  Learning about the carbon emission expense of IndexNow, SiteGround sites being deindexed from a 4-day DNS outage and how machine written content may not be so bad in the future.  Bonus on this episode: see Erin lose it when Mordy calls our toll-free number for the podcast. That's conversion optimization, baby! [00:06:11] Will Google use Microsoft's new IndexNow protocol? [00:11:30] A four-day outage at SiteGround is over, but still recovering. But Google dropping indexing in that short of time? [00:18:15] So Google has talked about how machine written content is currently against Google's guidelines, but someday it might not be.  [00:23:14] Bonus: Mordy dials our toll-free number and we discover that it is taking faxes…...only faxes.  Listen to Erin lose it…..

About MatthewMatthew Prince is co-founder and CEO of Cloudflare. Cloudflare's mission is to help build a better Internet. Today the company runs one of the world's largest networks, which spans more than 200 cities in over 100 countries. Matthew is a World Economic Forum Technology Pioneer, a member of the Council on Foreign Relations, winner of the 2011 Tech Fellow Award, and serves on the Board of Advisors for the Center for Information Technology and Privacy Law. Matthew holds an MBA from Harvard Business School where he was a George F. Baker Scholar and awarded the Dubilier Prize for Entrepreneurship. He is a member of the Illinois Bar, and earned his J.D. from the University of Chicago and B.A. in English Literature and Computer Science from Trinity College. He's also the co-creator of Project Honey Pot, the largest community of webmasters tracking online fraud and abuse.Links: Cloudflare: https://www.cloudflare.com Blog post: https://blog.cloudflare.com/aws-egregious-egress/ Bandwidth Alliance: https://www.cloudflare.com/bandwidth-alliance/ Announcement of R2: https://blog.cloudflare.com/introducing-r2-object-storage/ Blog.cloudflare.com: https://blog.cloudflare.com Duckbillgroup.com: https://duckbillgroup.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Writing ad copy to fit into a 30 second slot is hard, but if anyone can do it the folks at Quali can. Just like their Torque infrastructure automation platform can deliver complex application environments anytime, anywhere, in just seconds instead of hours, days or weeks. Visit Qtorque.io today and learn how you can spin up application environments in about the same amount of time it took you to listen to this ad.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate: is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards, while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter? Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other, which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at Honeycomb.io/screaminginthecloud. Observability, it's more than just hipster monitoring.Corey: Welcome to Screaming in the Cloud, I'm Corey Quinn. Today, my guest is someone I feel a certain kinship with, if for no other reason than I spend the bulk of my time antagonizing AWS incredibly publicly. And my guest periodically descends into the gutter with me to do the same sort of things. The difference is that I'm a loudmouth with a Twitter account and Matthew Prince is the co-founder and CEO of Cloudflare, which is, of course, publicly traded. Matthew, thank you for deigning to speak with me today. I really appreciate it.Matthew: Corey, it's my pleasure, and appreciate you having me on.Corey: So, I'm mostly being facetious here, but not entirely, in that you have very publicly and repeatedly called out some of the same things I love calling out, which is AWS's frankly egregious egress pricing. In fact, that was a title of a blog post that you folks put out, and it was so well done I'm ashamed I didn't come up with it myself years ago. But it's something that is resonating with a large number of people in very specific circumstances as far as what their company does. Talk to me a little bit about that. Cloudflare is a CDN company and increasingly looking like something beyond that. Where do you stand on this? What got you on this path?Matthew: I was actually searching through really old emails to find something the other day, and I found a message from all the way back in 2009, so actually even before Michelle and I had come up with a name for Cloudflare. We were really just trying to understand the pricing on public clouds and breaking it all down. How much does the compute cost? How much does storage cost? How much does bandwidth cost?And we kept running the numbers over and over and over again, and the storage and compute costs actually seemed relatively reasonable and you could understand it, but the economics behind the bandwidth just made no sense. It was clear that as bandwidth usage grew and you got scale that your costs eventually effectively went to zero. And I think it was that insight that led to us starting Cloudflare. And the self-service plans at Cloudflare have always been unlimited bandwidth, and from the beginning, we didn't charge for bandwidth. People told us at the time we were crazy to not do that, but I think that that realization, that over time and at scale, bandwidth costs do go to zero is really core to who Cloudflare is.Cloudflare launched a little over 11 years ago now, and as we've watched the various public clouds and AWS in particular just really over that same 11 years not only not follow the natural price of bandwidth down, but really hold their costs steady. At some point, we've got a lot of mutual customers and it's a complaint that we hear from our mutual customers all the time, and we decided that we should do something about it. And so that started four years ago, when we launched the Bandwidth Alliance, and worked with almost all the major public clouds with the exception of Amazon, to say that if someone is sending traffic from a public cloud network to Cloudflare's network, we're not going to charge them for the bandwidth. It's going across a piece of fiber optic cable that yeah, there's some cost to put it in place and maybe there's some maintenance costs associated with it, but there's not—Corey: And the equipment at the end costs money, but it's not cloud cost; it just cost on a per second, every hour of your lifetime basis. It's a capital expense that is amortized across a number of years et cetera, et cetera.Matthew: And it's a fixed cost. It's not a variable cost. You put that fiber optic cable and you use a port on a router on each side. There's cost associated with that, but it's relatively de minimis. And so we said, “If it's not costing us anything and it's not costing a cloud provider anything, why are we charging customers for that?”And I think it's an argument that resonated with almost every other provider that was out there. And so Google discounts traffic when it's sent to us, Microsoft discounts traffic when it's sent to us, and we just announced that Oracle has joined this discounting their traffic, which was already some of the most cost-effective bandwidth from any cloud provider.Corey: Oh, yeah. Oracle's fantastic. As you were announced, I believe today, the fact that they're joining the Bandwidth Alliance is both fascinating and also, on some level, “Okay. It doesn't matter as much because their retail starting cost is 10% of Amazon's.” You have to start pushing an awful lot of traffic relative to what you would do AWS before it starts to show up. It's great to see.Matthew: And the fact that they're taking that down to effectively zero if you're using us is even better, right? And I think it again just illustrates how Amazon's really alone in this at being so egregious in how they do that. And it's, when we've done the math to calculate what their markups are, it's almost 80 times what reasonable assumptions on what their wholesale costs are. And so we really do believe in fighting for our customers and being customer-centric, and this seems like a place where—again, Amazon provides an incredible service and so many things, but the data transfer costs are just completely outrageous. And I'm glad that you're calling them out on it, and I'm glad we're calling them out on it and I think increasingly they look isolated and very anti-customer.Corey: What's interesting to me is that ingress to AWS at all the large public tier-one cloud providers is free. Which has led, I think, to the assumption—real or not—that bandwidth doesn't actually cost anything, whereas going outbound, all I can assume is that one day, some Amazon VP was watching a rerun of Meet the Parents and they got to the line where Ben Stiller says, “Oh, you can milk anything with nipples,” and said, “Holy crap. Our customers all have nipples; we can milk them with egress charges.” And here we are. As much as I think the cloud empowers some amazing stuff, the egress charges are very much an Achilles heel to a point where it starts to look like people won't even consider public cloud for certain workloads based upon that.People talk about how Netflix is a great representation of the ideal AWS customers. Yeah, but they don't stream a single byte to customers from AWS. They have their own CDN called Open Connect that they put all around the internet, specifically for that use case because it would bankrupt them otherwise.Matthew: If you're a small customer, bandwidth does cost something because you have to pay someone to do the work of interconnecting with all of the various networks that are out there. If you start to be, though, a large customer—like a Cloudflare, like an AWS, like an Azure—that is sending serious traffic to the internet, then it starts to actually be in the interest of ISPs to directly interconnect with you, and the costs of your bandwidth over time will approach zero. And that's the just economic reality of how bandwidth pricing works. I think that the confusion, to some extent, comes from all of us having bought our own home internet connection. And I think that the fact that you get more bandwidth up in most internet connections, and you get down, people think that there's some physics, which is associated with that.And there are; that turns out just to be the legacy of the cable system that was really designed to send pictures down to your—Corey: It wasn't really a listening post. Yeah.Matthew: Right. And so they have dedicated less capacity for up and again, in-home network connections, that makes a ton of sense, but that's not how internet connections work globally. In fact, you pay—you get a symmetric connection. And so if they can demonstrate that it's free to take the traffic in, we can't figure out any reason that's not simply about customer lock-in; why you would charge to take data out, but you wouldn't charge to put it in. Because actually cost more from writing data to a disk, it costs more than reading it from a disk.And so by all reasonable accounts, if they were actually charging based on what their costs were, they would charge for ingress but they want to charge for egress. But the approach that we've taken is to say, “For standard bandwidth, we just aren't going to charge for it.” And we do charge for if you use our premium routing services, which is something called Argo, but even then it's relatively cheap compared with what is just standard kind of internet connectivity that's out there. And as we see more of the clouds like Microsoft and Google and Oracle show that this is a place where they can be much more customer-centric and customer-friendly, over time I'm hopeful that will put pressure on Amazon and they will eliminate their egress fees.Corey: People also tend to assume that when I talk about this, that I'm somehow complaining about the level of discounting or whatnot, and they yell at me and say, “Oh, well, you should know by now, Corey, that no one at significant scale pays retail pricing.” “Thanks, professor. I appreciate that, but four years ago, or so I sat down with a startup founder who was sketching out the idea for a live video streaming service and said, ‘There's something wrong with my math because if I built this on AWS—which he knew very well, incidentally—it looks like it would cost me at our scale of where we're hoping to hit $65,000 a minute.'” And I checked and yep, sure enough, his math was not wrong, so he obviously did not build his proof of concept on top of AWS. And the last time I checked, they had raised several 100 million dollars in a bunch of different funding rounds.That is a company now that will not be on AWS because it was never an option. I want to talk as well about your announcement of R2, which is just spectacular. It is—please correct me if I get any of this wrong—it's an object store that lives in your existing distributed-points-of-presence-slash-data-centers-slash-colo-slash-a-bunch-of-computers-in-fancy-warehouse-rooms-with-the-lights-are-always-on-And-it's-always-cold-and-noisy. And people can store data there—Matthew: [crosstalk 00:10:23] aisles it's cold; in the other aisles, it's hot. But yes.Corey: Exactly. But it turns out when you lurk around to the hot aisle, that's not where all the buttons are and the things you're able to plug into, so it's freeze or sweat, and there's never a good answer. But it's an object store that costs a fair bit less than retail pricing for Amazon S3, or most other object stores out there. Which, okay, great. That's always good to see competition in the storage space, but specifically, you're not charging any data transfer costs whatsoever for doing this. First, where did this come from?Matthew: So, we needed it ourselves. I think all of the great products at Cloudflare start with an internal need. If you look at why do we build our zero-trust solutions? It's because we said we needed a security solution that was fast and reliable and secure to protect our employees as they were going out and using the internet.Why did we build Cloudflare Workers? Because we needed a very flexible compute platform where we could build systems ourselves. And that's not unique to us. I mean, why did Amazon build AWS? They built it because they needed those tools in order to continue to grow and expand as quickly as possible.And in fact, I think if you look at the products that Google makes that are really great, it ends up being the ones that Google's employees use themselves. Gmail started as Caribou once upon a time, which was their internal email system. And so we needed an object store and the sometimes belligerent CEO of Cloudflare insisted that our team couldn't use any of the public cloud object stores. And so we had to build it.That was the start of it and we've been using it internally for products over time. It powers, for example, Cloudflare Images, it powers a lot of our streaming video services, and it works great. And at some point, we said, “Can we take this and make it available to everyone?” The question that you've asked on Twitter, and I think a lot of people reasonably ask us, “What's the catch?”Corey: Well, in my defense, I think it's fair. There was an example that I gave of, “Okay, I'm going to go ahead and keep—because it's new, I don't trust new object stores. Great. I'm going to do the same experiment twice, keep one the pure AWS story and the other, I'm just going to add Cloudflare R2 to the mix so that I have to transfer out of AWS once.” For a one gigabyte file that gets shared out for a petabyte's worth of bandwidth, on AWS it costs roughly $52,000 to do that. If I go with the R2 solution, it cost me 13 cents, all of which except for a penny-and-a-half are AWS charges. And that just feels—when you're looking at that big of a gap, it's easy to look at that and think, “Okay, someone is trying to swindle me somewhere. And when you can't spot the sucker, it's probably me. What's the catch?”Matthew: I guess it's not really a catch; it's an explanation. We have been able to drive our bandwidth costs down low enough that in that particular use case, we have to store the file, and that, again, that—there's a hard disk in there and we replicate it to make sure that it's available so it's not just one hard disk, but it's multiple hard disks in various places, but that amortized over time, isn't that big a cost. And then bandwidth is effectively zero. And so if we can do that, then that's great.Maybe a different way of framing the question is like, “Why would we do that?” And I think what we see is that there is an opportunity for customers to be able to use the best of various cloud providers and hook the different parts together. So, people talk about multi-cloud all the time, and for a while, the way that I think people thought about that was you take the exact same workload and you run it in Azure and AWS. That turns out not to be—I mean, maybe some people do that, but it's super rare and it's incredibly hard.Corey: It has been a recurring theme of most things I say where, by default, that is one of the dumbest things I can imagine.Matthew: Yeah, that isn't good. But what people do want to do is they want to say, “Listen, there's some really great services that Amazon provides; we want to use those. And there's some really great services that Azure provides, and we want to use those. And Google's got some great machine learning, and so does IBM. And I want to sort of mix and match the various pieces together.”And the challenge in doing that is the egress fees. If everyone just had a detente and said there's going to be no egress fees for us to be able to hook these various [pits 00:14:48] together, then you would be able to take advantage of a lot of the different technologies and we would actually get stronger applications. And so the vision of what we're trying to build is how can we be the fabric that can stitch the various cloud providers together so that you can do that. And when we looked at that, and we said, “Okay, what's the path to getting there?” The big place where there's the just meatiest cost on egress fees is object stores.And so if you could have a centralized object store, and you can say then from that object go use whatever the best service is at Amazon, go use whatever the best service is at Google, go use whatever the best service is at Azure, that then allows, I think, actually people to take advantage of the cloud in a way which is what people really should mean when they talk about multi-cloud. Which is, there should be competition on the various features themselves, and you should be able to pick and choose the best of all of the different bits. And I think we as consumers then benefit from that. And so when we're looking at how we can strategically enable that future, building an object store was a real key part of that, and that's part of what we're doing. Now, how do we make money off of that? Well, there's a little bit off the storage, and again, even [laugh]—Corey: Well, that is the Amazonian answer there. It's like, “Your margin is my opportunity,” is a famous Bezos quote, and I figure you're sitting there saying, “Ah, it would cost $52,000 to do that in Amazon. Ah, we can make a penny-and-a-half.” That's very Amazonian, you could probably get hired over there with that philosophy.Matthew: Yeah. And this is a commodity service, just [laugh] storing data. If you look across the history of what Cloudflare has done, in 2014, we made encryption free because it's absurd to pay for math, right? I mean, it's just crazy right?Corey: Or to pay for security as a value-add. No, that should be baked into whatever you're doing, in an ideal world.Matthew: Domain registration. Like, it's writing something down in a ledger. It's a commodity; of course it should go to whatever the absolute cost is. On the other hand, there are things that we do that aren't commodities where we are able to better protect people because we see so much traffic, and we've built the machine learning models, and we've done those things, and so we charge for those things. So commodities, we think over time, go to effectively, whatever their cost is, and then the value is in the actual intelligent services that are on top of it.But an object store is a commodity and so we should be trying to drive that pricing down. And in the case of bandwidth, it's effectively free for us. And so if we can be that fabric that connects the different class together, I think that makes sense is a strategy for us and that's why R2 made a ton of sense for us to build and to launch.Corey: There seems to be a lack of ability for lots of folks, at least on the internet to imagine a use case other than theirs. I cheated by being a consultant, I get to borrow other people's use cases at a high degree of turnover. But the question I saw raised was, “Well, how many workloads really do that much egress from static objects that don't change? Doesn't sound like there'd be a whole lot of them.” And it's, “Oh, my sweet summer child. Sure, your app doesn't do a lot of that, but let me introduce it to my friends who are hosting videos on their website, for example, or large images that get accessed a whole bunch of times; things that are written once and then read forever by the internet.”Matthew: And we sit in a position where because of the role that Cloudflare plays where we sit in front of a number of these different cloud providers, we could actually look at the use cases and the data, and then build products in order to solve that. And that's why we started with Workers; that's why we then built the KV store that was on top of that; we built object-store next. And so you can see as we're sort of marching through these things, it is very much being informed by the data that we actually see from real customers. And one of the things that I really like about R2 is in exactly the example that you gave where you can keep everything in S3; you can set R2 in front of it and put it in slurp mode, and effectively it just—as those objects get pulled out, it starts storing them there. And so the migration path is super easy; you don't have to actually change anything about your application and will cut your bills substantially.And so I think that's the right thing to enable a multi-cloud world where, again, it's not you're running the exact same workload in different places, but you get to take advantage of the really great tack that all of these companies are building and use that. And then the companies will compete on building that tech well. So, it's not just about how do I get the data in and then kind of underinvest in all of the different services that I provide. It's how can we make sure that on a service-by-service basis, you actually are having real competition over time. And again, I think that's the right thing for customers, and absolutely R2 might not be the right thing for every use case that's out there, but I think that it wi—enabling more competition is going to make the cloud better for everyone.Corey: Oh, yeah. It's always fun hearing it from Amazonians. It's, “You have a service that talks to satellites in orbit. You really think that's a general-purpose thing that every company out there has to deal with?” No. Well, not yet, anyway.It also just feels to me like their transfer approach is antithetical to almost every other aspect of how they have built their cloud. Amazonians have told me repeatedly—I believe them—that their network is effectively magic. The fact that you can get near line rate between any two points without melting various [unintelligible 00:20:14], which shows that there was significant thought, work, effort, planning, technology, et cetera, put into the network. And I don't dispute that. But if I'm trying to build a workload and put it inside of AWS, I can control how it performs tied to budget; I can have a lot of RAM for things that are memory intensive, or I can have a little RAM; I can have great CPU performance or terrible CPU performance.The challenge with data transfer is it is uniformly great. “I want to get that data over there super quickly.” Yeah, awesome. I'm fine paying a premium for that. But I have this pile of data right here. I want to get it over there, ideally by Tuesday. There's no good way to do that, even with their Snowball—or Snow Family devices—when you fill them with data and send them into AWS, yeah, that's great. Then you just pay for the use of the device.Use them to send data out of AWS, they tack on an additional per-gigabyte fee for getting the data out. You're training as a lawyer, you went to the same law school that my wife did, the University of Chicago, which, oh, interesting stories down that path. But if we look at this, my argument is that the way to do an end-run around this is to sue Amazon for something, and then demand access to the data you have living in their environment during discovery. Make them give it to you for free, though, they'd probably find a way to charge it there, too. It's just a complete lack of vision and lack of awareness because it feels like they're milking a cash cow until it dies.Matthew: Yeah, they probably would charge for it and you'd also have to pay a lot of lawyers. So, I'm not sure that's the cost [crosstalk 00:21:44]—Corey: Its only works above certain volumes, I figure.Matthew: I do think that if your pricing strategy is designed to lock people in to prevent competition, then that does create other challenges. And there are certainly some University of Chicago law professors out there that have spent their careers arguing why antitrust laws don't make any sense, but I think that this is definitely one of those areas where you can see very clearly that customers are actually being harmed by the pricing strategy that's there. And the pricing strategy is not tied in any way to the underlying costs which are associated with that. And so I do think that, especially as you see other providers in the space—like Oracle—taking their bandwidth costs to effectively zero, that's the sort of thing that I think will have regulators start to scratch their heads. If tomorrow, AWS took egress costs to zero, and as a result, R2 was not as advantaged as it is today against them, you know, I think there are a lot of people who would say, “Oh, they showed Cloudflare.” I would do a happy dance because that's the best thing [thing they can do 00:22:52] for our customers.Corey: Our long-term goals, it sounds like, are relatively aligned. People think that I want to see AWS reign ascendant; people also say I want to see them burning and crashing into the sea, and neither one of those are true. What I want is, I want someone in a few years from now to be doing a startup and trying to figure out which cloud provider they should pick, and I want that to be a hard decision. Ideally, if you wind up reducing data transfer fees enough, it doesn't even have to be only one. There are stories that starts to turn into an actual realistic multi-cloud story that isn't, at its face, ridiculous. But right now, you have to pick a horse and ride it, for a variety of reasons. And I don't like that.Matthew: It's entirely egress-based. And again, I think that customers are better off if they are able to pick who is the best service at any time. And that is what encourages innovation. And over time, that's even what's good for the various cloud providers because it's what keeps them being valuable and keeps their customers thinking that they're building something which is magical and that they aren't trapped in the decision that they made, which is when we talk to a lot of the customers today, they feel that way. And it's I think part of why something like R2 and something like the Bandwidth Alliance has gotten so much attention because it really touches a nerve on what's frustrating customers today. And if tomorrow Amazon announced that they were eliminating egress fees and going head-to-head with R2, again, I think that's a wonderful outcome. And one that I think is unlikely, but I would celebrate it if it happened.Corey: This episode is sponsored by our friends at Oracle Cloud. Counting the pennies, but still dreaming of deploying apps instead of "Hello, World" demos? Allow me to introduce you to Oracle's Always Free tier. It provides over 20 free services and infrastructure, networking databases, observability, management, and security.And - let me be clear here - it's actually free. There's no surprise billing until you intentionally and proactively upgrade your account. This means you can provision a virtual machine instance or spin up an autonomous database that manages itself all while gaining the networking load, balancing and storage resources that somehow never quite make it into most free tiers needed to support the application that you want to build.With Always Free you can do things like run small scale applications, or do proof of concept testing without spending a dime. You know that I always like to put asterisks next to the word free. This is actually free. No asterisk. Start now. Visit https://snark.cloud/oci-free that's https://snark.cloud/oci-free.Corey: My favorite is people who don't do research on this stuff. They wind up saying, “Oh, yeah. Cloudflare is saying that bandwidth is a fixed cost. Of course not. They must be losing their shirt on this.”You are a publicly-traded company. Your gross margins are 76% or 77%, depending upon whether we're talking about GAAP or non-GAAP. Point being, you are clearly not selling this at a loss and hoping to make it up in volume. That's what a VC-backed company does. Is something that is real and as accurate.I want to, on some level, I guess, low-key apologize because I keep viewing Cloudflare through a lens that is increasingly inaccurate, which is as a CDN. But you've had Cloudflare Workers for a while, effectively Functions as a Service that run at the edge, which has this magic aura around it, that do various things, which is fascinating to me. You're launching R2; it feels like you are in some ways aiming at becoming a cloud provider, but instead of taking the traditional approach of building it from the region's outward, you're building it from the outward in. Is that a fair characterization?Matthew: I think that's right. I think fundamentally what Cloudflare is, is a network. And I remember early on in the pandemic, we did a series of fireside chats with people we thought we could learn from. And so was everyone from Andre Iguodala, the basketball player, to Mark Cuban, the entrepreneur, to we had a [unintelligible 00:25:56] governor and all kinds of things. And we these were just internal on off the record.And I got to do one with Eric Schmidt, the former CEO of Google. And I said, “You know, Eric, one of the things that we struggle with is describing what is Cloudflare.” And without hesitation, he said, “Oh, that's easy. You're the network I plug into and don't have to worry about anything else.” And I think that's better than I could say it, myself, and I think that's what it is that we fundamentally are: we're the network that fits together.Now, it turns out that in the process of being that network and enabling that network, we are going to build things like R2, which start to be an object store and starts to sort of step into some of the cloud provider space. And Workers is really just a way of programming that network in order to do that, but it turns out that there are a bunch of workloads that if you move them into the network itself, make sense—not going to be every workload, but a lot of workloads that makes sense there. And again, I think that you can actually be very bullish on all of the big public cloud providers and bullish on Cloudflare at the same time because what we want to do is enable the ability for people to mix and match, and change, and be the fabric that connects all of those things together. And so over time, if Amazon says, “We're going to drop egress fees,” it may be that R2 isn't a product that exists—I don't think they're going to do that, so I think it's something that is going to be successful for us and get a lot of new users to us—but fundamentally, I think that where the traditional public clouds think of themselves as the place you put data and you process data, I think we think of ourselves as the place you move data. And that's somewhat different.That then translates into it as we're building out the different pieces, where it does feel like we're building from the outside in. And it may be that over time, that put versus move distinction becomes narrower and narrower as we build more and more services like R2, and durable objects, and KV, and we're working on a database, and all those things. And it could be that we converge in a similar place.Corey: One thing I really appreciate about your vision because it is so atypical these days, is that you aren't trying to build the multifunction printer of companies. You are not trying to be all things to all people in every scenario. Which is impossible to do, but companies are still trying their level best to do it. You are staking out the bounds of where you were willing to start and where you're willing to stop, in a variety of different ways. I would be—how do I put it?—surprised if you at some point in the next five years come out with, “And this is our own database that we have built out that directly competes with the following open-source project that we basically have implemented their API and gone down that particular path.” It does not sound like it is in your core wheelhouse at that point. You don't need—to my understanding—to write your own database engine in order to do what you do.Matthew: Maybe. I mean, we actually are kind of working on a database because—Corey: Oh, no, here we go again.Matthew: [laugh]—and yeah—in a couple of different ways. So, the first way is, we want to make sure that if you're using Workers, you can connect to whatever database you want to use anywhere in the world. And that's something that's coming and we'll be there. At the same time, the challenge of distributed computing turns out not to be the computing, it turns out to be the data and figuring out how to—CAP theorem is real, right? Consistency, Availability, and Partition tolerance; you can pick any two out of the three, but you can't get all three.And so you there's always going to be some trade-off that's there. And so we don't see a lot of good examples. There's some really cool companies that are working on things in the space, but we don't see a lot of really good examples of who has built a database that can be run on a distributed workload system, like Cloudflare to it do well. And so our team internally needs that, and so we're trying to figure out how to build it for ourselves, and I would imagine that after we build it for ourselves—if it works the way we expect it will—that that will then be something that we open up.Our motivation and the way we think about products is we need to build the tools for our own team. Our team itself is customer zero, and then some of those things are very specific to us, but every once in a while, when there are functions that makes sense for others, then we'll build them as well. And that does maybe risk being the multifunction printer, but again, I think that because the customer for that starts with ourselves, that's how we think about it. And if there's someone else's making a great tool, we'll use that. But in this case, we don't see anyone that's built a multi-tenant, globally-distributed, ACID-compliant relational database.Corey: I can't let it pass on challenge. Sure they have, and you're running it yourself. DNS: the finest database in the world. You stuff whatever you want to text records, and now you have taken a finely crafted wrench and turned it into a barely acceptable hammer, which is what I love about doing that terrible approach. Yeah, relational is not going to quite work that way. But—Matthew: Yes. That's a fancy key-value store, right? So—and we've had that for a long time. As we're trying to build those things up, the good news is that, again, we've run data at scale for quite some time and proven that we can do it efficiently and reliably.Corey: There's a lot that can be said about building the things you need to deliver your product to customers. And maybe a database is a poor example here, but I don't see that your motivation in this space is to step into something completely outside your areas of expertise solely because there's money to be made over there. Well, yeah, fortune passes everywhere. The question is, which are you best positioned to wind up delivering an actual transformative solution to that space, and what parts of it are just rent-seeking where it's okay, we're going to go and wherever the money is, we're chasing that down.Matthew: Yeah, we're still a for-profit business, and we've been able to grow revenue well, but I think it is that what motivates us and what drives us comes back to our mission, which is how do you help build a better internet? And you can look at every single thing that we've done, and we try to be very long-term-oriented. So, for instance, when we in 2014 made encryption free, the number one reason at the time, when people upgraded for the free version of our service, the paid version of our service is they got encryption for that. And so it was super scary to say, “Hey, we're going to take the biggest feature and give it away for free,” but it was clearly the direction of history and we wanted to be on the right side of history. And we considered it a bug that the internet wasn't built in an encrypted way from the beginning.So, of course, that was going to head that direction. And so I think that we and then subsequently Let's Encrypt, and a bunch of others have said, it's absurd that you're charging for math. And again, I think that's a good example of how we think about products. And we want to continue to disrupt ourselves and take the things that once upon a time were reserved for our customers that spend $10 million-plus with us, and we want to keep pushing those things down because, over time, the real opportunity is if you do right by customers, there will be plenty of ways that you can earn some of their budget. And again, we think that is the long-term winning strategy.Corey: I would agree with this. You're not out there making sneakers and selling them because you see people spend a lot of money on that; you're delivering value for customers. I say this as one of your paying customers. I have zero problem paying you every month like clockwork, and it is the least cloud-like experience because I know exactly what the bill is going to be in advance, which is apparently not how things should be done in this industry, yadda, yadda, yadda. It is a refreshingly delightful experience every time.The few times I've had challenges with the service, it has almost always been a—I'll call it a documentation gap, where the way it was explained in the formal documentation was not how I conceptualize things, which, again, explaining what these complex things are to folks who are not steeped in certain areas of them is always going to be a challenge. But I cannot think back to a single customer service failure I've had with you folks. I can't look back at any point where you have failed me as a customer, which is a strange thing to say, given how incredibly efficient I am at stumbling over weird bugs.Matthew: Terrific to have you as a customer. We are hardly perfect and we make mistakes, but one of the things I think that we try to do and one of the core values of Cloudflare is transparency. If I think about, like, the original sins of tech, a lot of it is this bizarre secrecy which pervades the entire industry. When we make mistakes, we talk about them, and we explain them. When there's an error, we don't throw up a white page; we put up a page that has our logo on it because we want to own it.And that sometimes gets blowback because you're in front of it, but again, I think it's the right thing to do for customers. And it's and I think it's incredibly important. One of the things that's interesting is you mentioned that you know what your bill is going to be. If you go back and look at the history of hosting on the internet, in the early days of internet hosting, it looks a lot like AWS.Corey: Oh, 95th percentile transit billing; go for one five minutes segment over and boom, your bill explodes. Oh, I remember those days. Unkindly.Matthew: And it was super complicated. And then what happened is the hosting world switched from this incredibly complicated billing to much more simplified, predictable, unlimited bandwidth with maybe some asterisks, but largely that was in place. And then it's strange that Amazon came along and then has brought us back to the more complicated world that's out there. I would have predicted that that's a sine wave—Corey: It has to be. I mean—Matthew: —and it's going to go back and forth over time. But I would have predicted that we would be more in the direction of coming back toward simplify, everything included. And again, I think that's how we've priced our things from the beginning. I'm surprised that it has held on as long as it has, but I do think that there's going to be an opportunity for—and I don't think Amazon will be the leader here, but I think there will be an opportunity for one of the big clouds.And again, I think Oracle is probably doing this the best of any of them right now—to say, “How can we go away from that complexity? How can we make bills predictable? How can we not nickel and dime everything, but allow you to actually forecast and budget?” And it just seems like that's the natural arc of history, and we will head back toward that. And, again, I think we've done our part to push that along. And I'm excited that other cloud providers seem to be thinking about that now as well.Corey: Oh, yeah. What I do with fixing AWS bills is the same thing folks were doing in the 70s and 80s with long-distance bills for companies. We're definitely hitting that sine wave. I know that if I were at AWS in a leadership role, I would be actively embarrassed that the company that is delivering a better customer experience around financial things is Oracle of all companies, given their history of audits and surprising people and the rest. It is ridiculous to me.One last topic that I want to cover with you before we call it an episode is, back in college, you had a thesis that you have done an excellent job of effectively eliminating from the internet. And the theme of this, to my understanding, was that the internet is a fad. And I am so aligned with that because I'm someone who has said for years that emerging technologies are fads. I've said it about cloud, about virtualization, about containers. And I just skipped Kubernetes. And now I'm all-in on serverless, which means, of course it's going to fail because I'm always wrong on these things. But tell me about that.Matthew: When I was seven years old in 1980, my grandmother gave me an Apple ][+ computer for Christmas. And I took to it like a just absolute duck to water and did things that made me very popular in junior high school, like going to computer camp. And my mom used to sign up for continuing education classes at the local university in computer science, and basically sneak me in, and I'd do all the homework and all that. And I remember when I got to college, there was a small group of students that would come around and help other students set their computer up, and I had it all set up and was involved. And so, got pretty deeply involved in the computer science program at college.And then I remember there was a group of three other students—so they were four of us—and they wanted to start an online digital magazine. And at the time, this was pre-web, or right in the early days of the web; it was sort of nineteen… ninety-three. And we built it originally on old Apple technology called HyperCard. And we used to email out the old HyperCard stacks. And the HyperCard stacks kept getting bigger and bigger and bigger, and we'd send them out to the school so [laugh] that we—so we kept crashing the mail servers.But the college loved this, so they kept buying bigger and bigger mail servers. But they were—at some point, they said, “This won't scale. You got to switch technologies.” And they introduced us to two different groups. One was a printer company based out in San Francisco that had this technology called PDF. And I was a really big fan of PDF. I thought PDF was the future, it was definitely going to be how everything got published.And then the other was this group of dorky graduate students at the University of Illinois that had this thing called a browser, which was super flaky, and crashed all the time, and didn't work. And so of the four of us, I was the one who voted for PDF and the other three were like, “Actually, I think this HTML thing is going to be a hit.” And we built this. We won an award from Wired—which was only a print magazine at the time—that called us the first online-only weekly publication. And it was such a struggle to get anyone to write for it because browsers sucked and, you know, trying to get students on campus, but no one on campus cared.We would get these emails from the other side of the world, where I remember really clearly is this—in broken English—email from Japan saying, “I love the magazine. Please keep writing more for the magazine.” And I remember thinking at the time, “Why do I care if someone in Japan is reading this if the girl down the hall who I have a crush on isn't?” Which is obviously what motivates dorky college students like myself. And at that same time, you saw all of this internet explosion.I remember the moment when Netscape went public and just blew through all the expectations. And it was right around the time I was getting ready to graduate for college, and I was kind of just burned out on the entire thing. And I thought, “If I can't even get anyone to write for this dopey magazine and yet we're winning awards, like, this stuff has to all just be complete garbage.” And so wrote a thesis on—ehh, it was not a very good [laugh] thesis. It's—but one of the things I said was that largely the internet was a fad, and that if it wasn't, that it had some real risks because if you enabled everyone to connect with whatever their weird interests and hobbies were, that you would very quickly fall to the lowest common denominator. And predicted some things that haven't come true. I thought for sure that you would have both a liberal and conservative search engine. And it's a miracle to this day, I think that doesn't exist.Corey: Now, that you said it, of course, it's going to.Matthew: Well, I don't know I've… [sigh] we'll see. But it is pretty amazing that Google has been able to, again, thread that line and stay largely apolitical. I'm surprised there aren't more national search engines; the fact that it only Russia and China have national search engines and France and Germany don't is just strange to me. It seems like if you're controlling the source of truth and how people find it, that seems like something that governments would try and take over. There are some things that in retrospect, look pretty wise, but there were a lot more things that looked really, really stupid. And so I think at some level, I had to build Cloudflare to atone for that stupidity all those years ago.Corey: There's something to be said for looking back and saying, “Yeah, I had an opinion, and with the light of new information, I am changing my opinion.” For some reason, in some circles, it feels like that gets interpreted as a sign of weakness, but I couldn't disagree more, it's, “Well, I had an opinion based upon what I saw at the time. Turns out, I was wrong, and here we are.” I really wish more people were capable of doing that.Matthew: It's one of the things we test for in hiring. And I think the characteristic that describes people who can do that well is really empathy. The understanding that the experiences that you have lead you to have a unique set of insights, but they also create a unique set of blind spots. And it's rare that you find people that are able to do that. And whenever you do—whenever we do we hire them.Corey: To that end, as far as hiring and similar topics go, if people want to learn more about how you view things, and how you see the world, and what you're releasing—maybe even potentially work with you—where can they find you?Matthew: [laugh]. So, the joke, sometimes, internal at Cloudflare is that Cloudflare is a blogging company that runs this global network just to have something to write about. So, I think we're unlike most corporate blogs, which are—if our corporate blog were typical, we'd have articles on, like, “Here are the top six reasons you need a fast website,” which would just be, you know, shoot me. But instead, I think we write about the things that are going on online and our unique view into them. And we have a core value of transparency, so we talk about that. So, if you're interested in Cloudflare, I'd encourage you to—especially if you're of the sort of geekier variety—to check out blog.cloudflare.com, and I think that's a good place to learn about us. And I still write for that occasionally.Corey: You're one of the only non-AWS corporate blogs that I pay attention to, for that exact reason. It is not, “Oh, yay. More content marketing by folks who just feel the need to hit a quota as opposed to talking about something valuable and interesting.” So, it's appreciated.Matthew: The secret to it was we realized at some point that the purpose of the blog wasn't to attract customers, it was to attract potential employees. And it turns out, if you sort of change that focus, then you talk to people like their peers, and it turns out then that the content that you create is much more authentic. And that turns out to be a great way to attract customers as well.Corey: I want to thank you for taking so much time out of your day to speak with me. I really appreciate it.Matthew: Thanks for all you're doing. And we're very aligned, and keep fighting the good fight. And someday, again, we'll eliminate cloud egress fees, and we can share a beer when we do.Corey: I will absolutely be there for it. Matthew, Prince, CEO, and co-founder of Cloudflare. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with a rambling comment explaining that while data packets into a cloud provider are cheap and crappy, the ones being sent to the internet are beautiful, bespoke, unicorn snowflakes, so of course they cost money.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Is Your Firewall Actually Protecting You? What Should You Be Doing? New stats are out this week. So what's the number one vector of attack against us? Our Firewalls. And they're failing. So, what's going on. And what can you do about it? [Automated transcript follows] [00:00:16] And of course, I'm always talking about cyber security, because if you ask me that is one of the biggest problems we have in business. [00:00:27] Today. Well, yeah, you got to find employees. In fact, uh, it's almost impossible to find them in the cyber security space as well. And it's been hard for years. So I try to keep you up-to-date here. We've got boot camps that are coming up and you are really going to like them. We've been working on some supplemental materials for it. [00:00:47] And of course these boot camps are always free, so you can join it. You can have your friends come and learn the. Basics. It's not one of these high sell things. Right. I, I got a little letter in the mail this week saying, Hey, you can come and get a free steak dinner. And of course it's kind of like a timeshare, right? [00:01:09] Jay, you have to listen to the pitch. Yes. Stay over. On us. And you are going to be sitting there for four hours listening to this crazy pitch that's going on. That's not what my bootcamps are. Anybody that's been to. One of them will tell you we work on it. I explain it. You know what you have to do, how you have to do it, the wise, the winds, the wherefores. [00:01:35] So if you would like to learn more for yourself, Make sure you sign up Craig peterson.com sign up for my newsletter. And when a bootcamp is coming up, I will be sure to tell you about it in the newsletter so that you can attend. And it's important to, to understand that this is yeah. Aimed at business, the, these boot camps, but almost everything businesses have to do or shouldn't be doing the same thing applies to you in your. [00:02:08] So, if you are a small business person, if you're someone who has some it experience, and you've been assigned to worry about cyber security, this is for you. If you are a very small business and you're kind of the Jack of all trades, and you've got to worry about cybersecurity, this is for you. And I just got. [00:02:31] This week from someone on my email list who is retired and she was talking about her husband and her, they don't have any kids, no errors. They're trying to protect their financial investments. And of course I responded saying, Hey, I'm not a financial investment advisor, but I can certainly give you some cyber security input, which I did. [00:02:53] And you can ask your questions as well. I'm more than glad to hear them. And you probably, if you've sent them in, you know, I always answer them now. My big man, a few days might take me a week, but I will get around to it. And I try and respond to the emails. Sometimes I answered here on the radio show or on my podcast, but usually it's via email me. [00:03:17] At Craig peterson.com. And of course, that's also on my website, Craig peterson.com. And that's also my name Craig Peters on.com. So let's get into the firewall thing. When you have a network, you are connecting that network to your computers, maybe. To your security cameras, to your printers that you have, maybe there's a lock system. [00:03:44] Maybe there's more, all of this stuff is interconnected and it's all rather well and good. You can have a whole lot of fun with it, but it is not as particularly good if you can't get out to the internet. So what do we do? We hook our network, whether it's home or if it's business to the internet. Now, you know, all of this stuff so far, right? [00:04:06] You're following me. The internet is actually inter connected networks. In case you didn't know, there are now millions of networks that are connected on the internet. There are core networks out there. We were my company like number 10,000. I think it was, uh, a S an R a S number autonomous system. So we were fairly early on. [00:04:32] And of course, as you know, I've been on the internet in various forums since the early 1980s and helping to develop the protocols, but it is important to remember it is an interconnected network of networks. You might ask why? Well, the bottom line is you aren't connecting your network with other networks that have malicious software on them. [00:04:58] Maybe they're just poorly configured. Maybe they're causing a denial of service attack effectively because there's so badly configured. But whatever the case may be, you are still exposed. If you look at the traffic that's coming to your router. So your router is sitting at the edge of your network connected to your internet service provider. [00:05:19] So it might be Comcast or Verizon or a whole slew of others. But your network is connected via a router. Then the router knows how do I get my data from the input to the output or from the output to the input, if you will upstream and downstream data, that's what the router is for. And if you look at the data on your router and most of us can't, but if you were able to, what you will see is hundreds of thousands of internet packets coming to, and from your. [00:05:55] Router your endpoint every day. Usually these are bad guys doing what are called scans. They do port scans. They're primarily looking for services. So what do you, do you have a firewall now in many cases, you'll get a device from your Janette service provider that has a router built in and has a firewall built in, and it has wifi. [00:06:19] All of this stuff, all built in together makes life all nice and warm and fuzzy and Catalina, doesn't it. But in reality, it's not necessarily a good thing to have it all in one, because you're definitely not going to get the best of breed and router or firewall or wifi, but that's a different story. What is that firewall for that router? [00:06:41] Of course, it's getting all this internet traffic and anything that's on the internet that is. I'm trying to get to you is going to go through the. And anything that you are trying to send up to the internet, like for instance, to try and get a web page or something is also going to go up through that router. [00:07:02] So how do you protect yourself time? Was that there wasn't really much of a way to protect yourself. And frankly, there weren't a lot of reasons. To try and protect yourself. And the internet was just this wonderful open thing, lots of fun and played around a lot. Back in the early nineties, it was, it was just a joy in the late eighties to, to be connected up to the internet and then bad guys started doing bad things. [00:07:30] We took the concept of what you have in an automobile and applied it to the. If you're driving your car, your in the passenger compartment and that passenger compartment is hopefully warm in the winter and cool in the summertime. And you are protected from that big mean nasty engine that's in front of you, or if you're driving an electric car from those mean nasty batteries that are probably below you in that car and what's between you and the. [00:08:04] Of course a firewall. And the idea is to keep the nastiness of that engine, all of the heat, the oil, the grime, the wind, everything else is associated with that engine. Keep that away from you so that you can now drive that car just comfortably in that controlled climate of the passenger compartment, that concept was then applied to the inter. [00:08:30] And in fact, I designed and implemented one of the first firewalls ever made way back when and the firewall in the internet Partland is very similar to the car in the car. You have some protrusions through that fire. Don't you, you you've got a steering wheel. How does that get up to the front of the car? [00:08:53] Well, it goes through the firewall and around that steering wheel, of course there's some EBDM, some rubber type stuff that helps stop anything from coming through right next to that steering column. Same, thing's true with the brake pedal and the gas pedal. At least it used to be. Nowadays, it's so much of this as drive by wire, that the only thing going through the firewall is a wire and there's no mechanical linkage. [00:09:24] Unlike my car, which is a 1980 Mercedes-Benz diesel. Where yes, indeed. Direct linkages to everything. So the firewall in the cars protecting you from the nastiness in the engine compartment and the firewall, when it comes to your internet is doing something very similar. Think about your house for a minute, you have a house with doors and windows. [00:09:53] I would hope. And a chimney and maybe a couple of other protrusions that are going outside of the house. Well, you have some similar problems and when it comes to the internet and when it comes to the firewall, With your house, sir. Sure. You could post a guard out front, a whole series of them. You've got a dozen guards out front and they are all guarding that front door. [00:10:19] But if no, one's watching the back door, if no one's paying attention to the windows, there's still ways for the bad guys to get in. And that's what we're going to talk about. How does the internet firewall tie into this analogy of cars and the analogy of your home? Because it's a very important point when you get right down to it. [00:10:44] We need to understand this because the number one tactic reported this week by MITRE and Cisco is exploitation of public facing application. So I'm going to explain what that is. What's your firewall can do for you and what you should do for your firewall. A stick around. We've got a lot more coming up. [00:11:09] I want to invite you to go. Of course, right now, online to Craig peterson.com. Once you're there, just sign up for mind's newsletter. Simple Craig peterson.com. [00:11:25] This week, we found out what the top five tactics are that are most frequently being used by bad guys to attack us. This is done by MITRE and Cisco systems. Number one, public facing applications. What does that mean? [00:11:42] We've been talking about this report, but really what we've been delving into is how data flows on your network, whether it's a home network or maybe it's a business network, how does this whole mess work? [00:11:58] And when miters talks about the biggest problem here, 91% of the time being what's called an exploit of a public facing application, what does that mean? We went through the basics of a firewall and a router. So all of the data coming from the internet, coming into the router, then handed to the firewall. [00:12:24] Any data going out, goes into the firewall. And then the. So that's the pretty simplistic version. And of course the firewall on your network does a similar thing to the firewall in your car. It stops the bad stuff, at least it's supposed to, but your home and your car both have different ways of getting. [00:12:48] Past the firewall in the house. It's your doors and your windows in the car. Of course, it's where the steering column goes through where the brake pedal and the gas pedal go through the clutch, all of that stuff that perch, um, permeates, it goes through. That firewall. And of course, you've probably, if you're been around for awhile, you've had leaks coming through your firewall and, uh, you know, how poorest they can be sometimes. [00:13:18] Well, we have the same type of thing on our internet firewalls. Every home has doors and what we call the doors in on the internet is similar to what they call them. On the, in the Navy, on the water, the reports. So think about a porthole in a boat, or think about a, a door, a port, which is the French word for door. [00:13:45] What happens on the internet? For instance, if you're trying to connect to Craig peterson.com, you are going to connect to a specific port on my server. So the address typically, uh, is going to be resolved by DNS. And then once it gets to the server, you can connect to port 4 43. You might try and connect to port 80, but I'll do a redirect, but that's neither here nor there. [00:14:12] So you're going to connect to that port four 40. So my firewall has to say, Hey, if somebody is coming in and wants to get to port 4 43, which is called a well-known port, that's the port that all web server. Listen on. So if someone's trying to get to my port, my web server on port 4 43, let them in. But if someone's trying to get to another port, don't let them in. [00:14:48] Now there's multiple ways to respond or not respond. I can talk about that right now. That'd be for deep dive workshop, but the idea is. Each application that you are connecting to, or that your providing has. Part of the problem that we've been seen. And this is a very big problem is that people are not changing the administrative passwords on their machines. [00:15:20] So administrative passwords mean things like admin for the username and admin for the password on your firewall. So. Your firewall, if you have what's called when admin enabled, what that means is someone on the wide area network. In other words, The internet, someone on the internet or on the, when can connect to your firewall and control it. [00:15:51] This is, as you can imagine, a very big thing, and it is something that we cover in one of our workshops, explained it all and all of the details and what to do, but most businesses and most people have not properly configured their firewalls. When we're talking about number one, problem, 91% of the time being an exploit against public facing applications. [00:16:18] What that means is they could very well just be trying to connect to the administrative interface on your firewall. Unfortunately, they will often offer. Change the software on your firewall. So they won't just reconfigure. They'll just change it entirely. And they'll do all kinds of evil things. Again, we're not going to get into all of that and what to look for and what can happen. [00:16:44] But number one thing everybody's got to do, and I saw some stats this week as well, that made me want to bring the. Most people and most businesses about two thirds have not changed the default passwords on the hardware that they have. Now it can understand sometimes the kids confusing. No question about. [00:17:07] But if you don't change the password on something that's public facing, in other words, something that can be reached from the internet or again, the wide area network. I know there's a lot of terms for this, but something that someone else can get at from outside your network. And it's the default password like admin admin, you could be in a whole lot of. [00:17:35] So check that right now, please double check that triple check that because even if you have a router from a big internet service provider, again, like the Comcast Verizon's, et cetera of the world, they will almost always have it set up. So you can change that administrative password and Jewish. Now I, again, for clients, I have some different advice than I have for, for just regular users, but make sure you change that. [00:18:09] And here's the second part of the problem. What happens if you have a business and let's say you're not hosting your own website, like I've been doing for a couple of decades and how three 30 years, I guess now. Um, and so you've got your website hosted at some. Web height site, hosting place, you know, Gator or one eye and one eye and one or GoDaddy or whatever. [00:18:35] Okay. So, okay. That's fine. So let's not inside our network. Uh, w we don't worry about the security because that's the vendor's problem. Now we're talking about, okay, what happens. My users who need to work from home. This gets to be a very big problem for so many people, because work from home is important. [00:19:00] So what are you going to do? Well, basically in most cases, unfortunately, businesses are just exposing an application to the internet. So they might, they might. Terribly configured networks, where there is a direct connection that goes right to the files. So you connect to a port on their firewall and it immediately redirects it internally. [00:19:30] Remaps it to the file server. And some people are really, really clever. Alright. Or so they think, because what they'll do is they'll say, okay, well, you know, that, that normal port number. Okay. So I'm going to move. Port number. So you're going to connect to port 17, 17 on my firewall, and it's going to connect you to the file share on my file server so that people from home can just connect to port 17, 17, and ta-da, there are all the files and yeah, we're, we're using passwords, so it'll be okay. [00:20:06] It'll be fine. Um, but, uh, guess what it isn't for a few. Different reasons are we're going to be talking about those here in just a minute. Yeah, I want to encourage you right now. Take a minute. Go online. Craig peterson.com. You'll find lots of information there. I've got 3,500 articles, all searchable, Craig peterson.com. [00:20:32] But more importantly, make sure you sign up for my newsletter. Craig peterson.com/subscribe. So that you can keep up to date on everything that is important in all of our lives. [00:20:51] We're talking about firewalls at home at the office, what it means to have public facing services, really applications, people working from home. How can you make it easy for them and hard for the bad guy? [00:21:15] Many businesses had to quickly change the way their computers were set up because of course the lockdown and people working from home. [00:21:26] And, um, unfortunately. Many mistakes were made. And some of this, in fact, I'm going to talk a lot of this problem up to these managed services providers break, fix shops. My, my fellow information technology contractors, if you will, because they didn't know any. Most of these people have been computer people, their whole lives, right. [00:21:55] They played with PCs when they were young and they might've taken a course or two and wow. MCSC certified. Believe me, this is not something that a straight up MCSC or. And frankly, most of the it certifications can really understand or really handle the cybersecurity can be done, but there's so many things they overlook just like what I was just talking about, exposing a file server directly to the internet. [00:22:29] I mentioned, okay. While they thought it was going to be safe because there's a username and password, but there's a couple of huge problems here. Problem. Number one. When you're exposing a service to the internet, like for instance, the files server, you are exposing software that may have exploitable, but. [00:22:54] And again, going back to those stats from earlier this week, more than half of all of the systems that are out there are not patched to date. It's so bad that president Biden just ordered the federal government agencies to apply patches some as old as three years. So what happens now? Well, the bad guy scan, and guess what they found. [00:23:23] Port that you thought was just so clever because it wasn't the standard port number for that service. Maybe it's SMB or CIFS or something else. And, uh, they found it because they scan, they look, they see what the response is that tells them what type of a server sitting there. And then they try, well, let me see. [00:23:45] There's the zero day exploits, but why bother with those? Let's just start with the good old standard ones. And unfortunately, because so many machines are not patched up at all, let alone properly patched up. You, they end up getting into the machine. It's really that simple, just because it's not patched up. [00:24:08] How does that sound? Huh? Yeah, it's just plain, not patched up. It's not available for anyone to be able to use anybody to be able to access. Right. It there it's not restricted. So the passwords don't matter if you haven't patched your systems. And then the second problem is that. Are brute force attacks against so many servers out there. [00:24:36] And most of the time, what we're talking about is Microsoft, but, you know, there's the share of bugs kind of goes around, but Microsoft and really, they get nailed a lot more than most beet, mainly because they're probably the number one out there that's in use today, not in the server community, certainly, but certainly also in the. [00:24:59] It's been, you know, small businesses, that's all they know. So they just run a Microsoft server and more and more, you kind of have to run it because I, I get it. You know, there's so many apps that depend on the various functions that are provided by the active directory server at Microsoft and stuff. So we, we do that for our customers as well. [00:25:19] So are you starting to see why the brute force against a server will often get them in and the smarter guys figure out what the business is? And then they go to the dark web and they look up those business emails. Addresses that they have that have been stolen along with the passwords that were used. [00:25:43] That's why we keep saying, use a different password on every site because that stolen password now. Is going to be tried against your service, your, your file server. That might be there. You might be trying to have a VPN service that the people are VPN in from home. You might have remote desktop, which has been. [00:26:08] Abject failure when it comes to cybersecurity, it's just been absolutely terrible. So you might have any of those types of things. And if they've got your email address and they've got the passwords you've used on other sites, which they've stolen and they try them, are they going to work? Odds are yes, because most people, I got another set of stats this week. [00:26:36] Most people use the same password for every site out there or every type of site. So they might get a second, most common is they use one password for all of their social media sites. They use another one for all of their banking sites. So we cover this in some depth in our bootcamp so that you understand how to do the whole password thing. [00:27:03] And what I recommend is a piece of software called one password. I don't recommend that you just use one password for everything. I was misunderstood by someone the other day. You mean just w w I use one password for everything. Yeah, you do. And then I talked to them a little bit more because I thought that was an odd question. [00:27:24] And it turned out, he was thinking, you just have the one password, like, like, you know, P at sign SSW, zero RD. Right? You use that everywhere. No, there's a piece of software go to one password.com. That's what I recommend as a password manager. And I show you how to use that and how to use it effectively in my bootcamp. [00:27:48] Absolutely free. Just like the radio is free. I'm trying to get the information out to as many people as possible, but you gotta be on my list. Craig peterson.com. Make sure you go there. So I've explained the basics here of what happens. We have a door open or windows, open ports on our servers, on our firewalls at home. [00:28:15] And at work. So the thing to do, particularly if you're a business, but even if your home user is check that firewall configuration. And let me tell you something that probably won't come as a surprise. Most of these internet server. The providers are in the business to make as much money as possible. And cybersecurity is very much secondary. [00:28:40] They know they talk about it and they talk about software defined networks and things that sound really cool. But in reality, what they give you is. Configured very well and is going to expose you. So make sure you go in, they will set it up. For instance, if they're providing you with television services, they'll set it up so that they can just bypass your firewall and get into the cable box that they installed in your house. [00:29:09] Yeah. Obviously that's not something they should be doing because now they are opening you up to attack. What happens when there's a cybersecurity problem with the cable box? We've seen this problem too, with television vendors where they poke a hole out through your firewall so that they can then gather statistics and do firmer updates and everything else. [00:29:34] It's insane. It really is. These vendors are not thinking about you. They're not thinking about the consequences. It is a very, very sad situation, but now you know what to do and how to do it. Okay. I explained today, firewalls. I explained router. I explained ports, which should be open, which should not be open. [00:29:58] And the reasons why I even mentioned passwords, I get into that in a lot of detail in my bootcamp, Craig peterson.com to get on that waiting list. Craig peterson.com, just subscribe and you'll be kept up to date. [00:30:14] There has been a whole lot of discussion lately about Metta. You might've heard. In fact, you probably did that. Facebook changed its name to Metta and they're aiming for something called the metaverse. So what is it exactly and what's it going to do for or to you? [00:30:32] The metaverse oh my gosh. I had a great discussion this week about the metaverse this came out in, um, and originally anyways, in this novel called the what was it now? [00:30:47] A snow crash. That's what it was 1992, Neil. Stevenson or Steffenson. I'm not sure how he pronounces it, but in this book, which was a cyberpunk model and I've, I've always thought cyber punk was cool. Uh, is the metal versus an imaginary place that's made available to the public over the world wide fiber optics network. [00:31:13] And it's projected onto virtual reality goggles sound familiar yet. And in the. You can build a buildings park signs as well as things that do not exist. In reality, such as vast hovering overhead light show, special neighborhoods were three where the rules of three-dimensional spacetime are ignored and free combat zones where people can go hunt and kill each other. [00:31:42] Great article about this in ARS Technica this week. And, uh, that was a little quote from the book and from the article. Phenomenal idea. Well, if you have read or seen the movie ready player one, and I have seen the movie, but a friend of mine this week said the book is so much better. So I'm going to have to read that book, ready player one. [00:32:06] But in it, you have these people living in. Dystopian future where everything is badly worn down, the mega cities, people building on top of each other and they get their entertainment and relaxation and even make money in. Prison time by being inside this virtual world, they can go anywhere, do anything and play games, or just have fun. [00:32:39] One of the vendors that we work with at my company mainstream has this kind of a virtual reality thing for. I kind of a summit, so people can go and watch this presentation and I think it's stupid, but they, you walk in. And it's, uh, this is just on a screen. They're not using like those Oculus 3d graph glasses, but you walk into an auditorium. [00:33:13] So you've got to make your little avatar walked on. Dun dun, dun dun, dun, dun, dun, dun, dun, and then go to an empty seat. And then you have to make your avatar sit down. Right? I, I have never played a game like this. I never played second life. Never any of that sort of thing. It was kind of crazy to me. And then I was doing a presentation, so I had to go Dundon then, then, then the, up onto the rostrum there and stand behind the podium and, and then put my slides up on this virtual screen. [00:33:49] It was ridiculous. I have a full television production studio here in my, in my lab. Right. And that's, this is where I do the radio show. This is where I do my television appearances. This is where I do pretty much everything. Right. And so what I can do is I can split screen with my face, with the desktop. [00:34:12] You can see my desktop, I can draw on it, circle things, highlight things or whatever I want to do. Right. But no, no, no, no. I was in their virtual reality. And so all I could do is. I have the slides come up. In fact, I had prepared beforehand, pre-taped it? A, the whole presentation, but I couldn't play that video. [00:34:37] No, no, no. I had to show a slide deck, you know, death by PowerPoint. I'm sure you've been there before. It's very, very frustrating in case you can tell for me, well, we've seen this type of thing. I mentioned some of the things like that. I'm in second life. I'm sure you've heard of that before. Sims is another one you've probably heard of before. [00:35:01] These types of semi metaverses have been around a very long time. And, and in fact, all the way on back to the nineties is Habbo hotel. G I don't know if you ever heard of that thing, but it was non-line gaming and social space. I helped to develop one for a client of mine back in the early nineties. [00:35:23] Didn't really go very far. I think it was ahead of its time. It's it's interesting right now, enter. Mark Zuckerberg. Do you remember a few years ago, mark Zuckerberg had a presentation. He was going to make this huge announcement, right? They bought Oculus. What was it? It was like crazy amount of money. And then he came in the back of the hall. [00:35:50] And nobody noticed he walked all the way up to the front and nobody even saw him because they were all wearing these 3d glasses. And of course, today they are huge. They are awkward and they don't look that great, the pictures inside, but the idea is you can move your head around and the figures move as your head moves, almost like you're in the real world. [00:36:13] And that's kind of cool and people thought it was kind of cool and they didn't see Zuckerberg because they all had these things on. And the inside was playing a little presentation about what Facebook was going to do with Oculus. Well, they just killed off the Oculus name anyways here a couple of weeks ago, over at Facebook about the same time that got rid of the Facebook name and went to meta. [00:36:39] The Facebook product is so-called Facebook and it appears what they are going to be doing is taking the concept of a metaverse much, much further than anyone has ever taken it before. They're planning on there's speculation here. Okay. So, you know, don't obviously I don't get invested. I don't give investment advice, investment advice. [00:37:10] Um, but I do talk about technology and, uh, I've been usually five to 10 years. I had so take that as well. They as the grain of salt, but I think what they're planning on doing is Facebook wants to become the foundation for Mehta versus think about things like world of Warcraft, where you've got the. Gain that people are playing. [00:37:39] And it's a virtual reality, basically, right? It might be two D, but some of it's moving into the three-dimensional world. Other games like Minecraft and roadblocks, they have some pretty simple building blocks that people can use network effects and play your creativity to make your little world and the ability. [00:38:04] To exchange and or sell your virtual property. That's where I think Mr. Zuckerberg is getting really interested now because if they can build the platform that everybody else the wants to have a virtual world builds their virtual world on top of. Man, do they have a moneymaker? Now? People like me, we're going to look at this and just poo poo it. [00:38:35] I I'm sure I'm absolutely sure, because it will be another 20 years before you really think it's. You know, some of these scifi shows have talked about it. You know, you can feel someone touching you, et cetera, et cetera. Yeah. That's going to be very crude for a very long time. And now CGI is pretty good. [00:38:57] Yeah. You watch the movies. CGI is great, but that takes weeks worth of rendering time on huge farms, clusters of servers. So it's going to take quite a while. Looking at the normal advancement of technology before this really becomes real. Now there have also been us court cases over who owns what in bad happened with Eve online. [00:39:28] Second life where disagreements over player ownership of the virtual land created by the publisher, which was Linden labs. When. And I've also mentioned in the past how our friends over at the IRS have tried to tax some of the land that you own inside these virtual worlds. So ownership, do you really own it? [00:39:55] Does it really exist? What would non fungible tokens maybe it does. And these non fungible tokens are. Basically just a check, some verification, I'm really oversimplifying of some sort of a digital something rather lately. And initially it was mostly pictures. And so you had a picture of something and you owned that and you could prove it because of the blockchain behind it. [00:40:27] But I think this is where he's really interested because if he can build the base platform. Let the developers come up with the rules of what's it called it a game and come up with what the properties look like and how people can trade them and sell them and what kind of upgrades they can get. Right. [00:40:48] So let's nothing Zuckerberg has to worry about. Uh, Metta or Zuckerberg then worries about, okay. So how do we collect money for these? How do we check with the transactions? Uh, somebody wants to buy those sort of Damocles. How does that transaction work and how do we Facebook Metta? How do we get a slice of the act? [00:41:16] You got to believe that that's where things are going. And if they have the ability to make this base platform and be able to take characters from one part of a developer to another part of the developer, you could have worlds where Gandalf might be fighting bugs bunny. Right? Interesting. Interesting and Warner brothers, all these movie companies would probably be coming out with complete virtual reality. [00:41:49] So when you're watching James Bond, you're not just watching James Bond, you can look around, you can see what's happening. People sneaking up behind. And ultimately you could be James Bond, but that's decades away. I think a good 20 years. All right, everybody. Thanks for sticking around here. Make sure you go online. [00:42:11] Craig peterson.com/subscribe. Get my weekly newsletter. Find out about these free boot camps and other things that I have. So we can keep you up to date and keep you safe. [00:42:25] We already talked about Metta and their name, change the metaverse, but there's something else. Facebook did this last week that surprised a lot of users, something they started in 2010, but has been controversial ever since. [00:42:41] We had a pretty big announcement, frankly, this last week from our friends over at Facebook, not the one where they change their name and the. [00:42:51] Basically trying to create a metaverse platform. That's going to be the one platform that rules the world. Although those are my words by the way. But Facebook has announced plans now to shut down a decade old. Facial recognition system this month. We'll see what they do with this. If they follow through entirely, but they're planning on deleting over 1 billion faces that they have already gone through and analyzed. [00:43:26] You might remember. In 2010, Facebook had a brand new feature. It started announcing, Hey, did you know that so-and-so just posted your picture? Is this you? Is this your friend, is this sewn? So do you remember all of those questions? If you're a Facebook user back in the day? Well, they were automatically identifying people who appeared in digital photos and suggested that users or users tagged them with a click we're going to get to and admitted here. [00:43:57] Uh, and of course that then linked the Facebook account for. The picture that you tagged to the images and let that person know. And of course Facebook's ultimate goal is to get you to stay on long, as long online, as long as possible. Because if you're online, you are going to be looking at ads that are aimed primarily at. [00:44:18] Well, facial recognition has been a problem. We've seen it a worldwide. I just read through a restatement from the electronic frontier foundation, talking about facial recognition and the problems with it, how some people have been arrested based on facial recognition and held for over a day. We'll have cases where the police use to kind of a crummy photograph of them from a surveillance video sometimes also from a police car, in some areas, the police cars are continually taking video and uploading it to the internet, looking for things like license plates, to see if a car. [00:45:00] Parking ticket that hasn't been paid or it hasn't paid us registration all the way through looking at faces, who is this person? And some in law enforcement have kind of thought it would be great to have kind of like Robocop. You remember Robocop, not the ed 2 0 9. There was also in that movie. That's also very scary, but when they look at someone who's on a street at autonomous. [00:45:24] Pops up in their glasses, who it is, any criminal record, if there any sort of a threat to et cetera. And I can understand that from the policemen standpoint. And I interviewed out at the consumer electronic show, a manufacturer of. That technology, it was kind of big and bulky at the time. This was probably about six or eight years ago, but nowadays you're talking about something that's kind of Google glass size, although that's kind of gone by the wayside too. [00:45:54] There are others that are out there that you. Facial recognition. Technology has really advanced in its ability to identify people, but you still get false positives and false negatives. And that's where part of the problem becomes from they have been taking and they been private companies primarily, but also some government agencies they've been taking pictures from. [00:46:21] They can find them. We've talked about Clearview AI before this is a company that literally stole pitchers, that it could get off the internet. They scan through Facebook, Instagram, everywhere. They could find faces and they tied it all back in. They did facial recognition. On all of those photos that they had taken and then sold the data to law enforcement agencies. [00:46:49] There's an app you can get from Clearview AI. That runs on your smartphone and you can take a picture of someone in the street, clear view. AI will run that face through their database and we'll tell you who it is, what their, what their background is, where their LinkedIn page is their Facebook page, wherever it found them online. [00:47:13] Basically what they've been doing. Now Clearview had a problem here this last couple of weeks because the Australian government ordered them to delete all facial recognition, data belonging, to anyone that lives. In Australia. Now that's going to be a bit of a problem for clear view, because it's hard to identify exactly where people live just based on a photograph. [00:47:40] And the United Kingdom is also considering doing this exact same thing. Now, clear views have been sued. They violated the terms of service from Facebook and some of these other sites that I mentioned, but they did it anyway. And clear view was. To destroy all the facial images and facial templates they had retrieved about any Australian. [00:48:08] I think that's probably a pretty good idea. I don't like the idea of this data being out there. Well, if your password is stolen and we're going to be talking about that in our bootcamp, coming up here in a couple of weeks about how to determine if your username or your password is stolen. But, uh, and of course, if you want to get that. [00:48:29] Bootcamp and go to that. There's no charge for it, but you have to know about it. And the only way is to sign up. You have to make sure you're on my email list@craigpeterson.com. But what happens when your email address is stolen or your password, or both are stolen from a web. Oh, typically they end up on the dark web. [00:48:50] They sell personal identification for very little money. In some cases it's only a few dollars per thousand people's identities. It is absolutely crazy. So the bad guys are looking for that information, but you can change your password. You can change your email address, but if your facial information is stolen, Can't change your face. [00:49:18] If your eye print is stolen, you can't change your eye. I have a friend who's pretty excited because he got to go right through the security at the airport ever so quickly. Cause all they had to do was scan his eyeball. Well, that data is valuable data because it cannot be changed. And it can, in some cases be replicated. [00:49:41] In fact, the department of Homeland security and the transportation safety administration had the database of face print stolen from them in 2019. To about 200,000 people's identities were stolen, the face sprints. It's just absolutely crazy. And this was some, a vendor of us customs and border protection. [00:50:05] And it, it, you can't write down to it. I read the detailed report on it just now. And the report that came out of the federal government said, well, it went to a contractor who. Took the data, all of the face prints off site over to their own site. And it wasn't encrypted when they took it over there. But it does mention that it was taken from an un-encrypted system at customs and border protection. [00:50:34] So wait a minute. Now you're blaming the contractor that you hired because it wasn't encrypted and yet you didn't encrypt it yourself either. I, you know, I guess that kind of goes around, but they want to. They want your biometric information just as much as they want anything else. Think about your phones. [00:50:53] Nowadays, apple has done a very good job with the biometrics and the fingerprints and making sure that that information is only ever stored on the phone. It never goes to apple, never leaves the phone it's in what apple calls, the secure long term. And if you mess with it at all, it destroys itself, which is part of the problem with replacing a cracked screen yourself on an iPhone, because you're going to disturb that secure enclave and the phone will no longer work. [00:51:24] That is not true when it comes to many other devices, including most of your Android phones that are out there. It is. So if the bad guys have. Your face print, they, and they can create 3d models that can and do in fact, go ahead and fool it into letting you in that that's information they want. So why are we allowing these companies to like clear view AI? [00:51:52] And others to buy our driver's license photos to the federal government, to also by the way, by our driver's license photos, by them from other sites and also our passport information. It's getting kind of scary, especially when you look into. China has a social credit system. And the Biden administration has made rumblings about the same here in the U S but in China, what they're doing is they have cameras all over the place and your faces. [00:52:27] And they can identify you. So if you jaywalk, they take so many points off of your social credit. If you don't do something that they want you to do or be somewhere, they want you to be, you lose credits again, and you can gain them as well by doing various things that the government wants you to do. And. [00:52:49] And ultimately, if you don't have enough social credit, you can't even get on a train to get to work. But the real bad part are the users. This is a minority in China and China's authorities are using. Us facial recognition, technology and artificial intelligence technology. Hey, thanks Google for moving your artificial intelligence lab to China in order to control and track the users. [00:53:19] Absolutely amazing in the United States law enforcement is using this type of software to aid policing, and we've already seen problems of overreach and mistaken IRS. So Facebook to you're leading a billion of these frameworks. If you will, of people's faces biometrics. Good for them. Hopefully this will continue a tread elsewhere. [00:53:46] Well, we've talked a little bit today about firewalls, what they do, how your network is set up. If you miss that, make sure you catch up online. My podcast@craigpeterson.com, but there's a whole new term out there that is changing security. [00:54:03] It's difficult to set up a secure network. [00:54:07] Let's just say mostly secure because if there's a power plug going into it, there's probably a security issue, but it's difficult to do that. And historically, what we've done is we've segmented the networks. So we have various devices that. Maybe be a little more harmful and on one network, other devices at a different level of security and many businesses that we've worked with, we have five different networks each with its own level of secure. [00:54:38] And in order to get from one part of the network, for instance, let's say you're an accounting and you want to get to the accounting file server. We make sure your machine is allowed access at the network level. And then obviously on top of that, you've got usernames and passwords. Maybe you've got multifactor authentication or something else. [00:54:59] I'll make sense, doesn't it? Well, the new move today is to kind of move away from that somewhat. And instead of having a machine or a network have firewall rules to get to a different network or different machine within an organization. There's something called zero trust. So again, think of it. You've, you've got a network that just has salespeople on it. [00:55:25] You have another network that might have just your accounting people. Another network has your administrative people and other network has your software developers, et cetera. So all of these networks are separate from each other and they're all firewalled from each other. So that only for instance, at county people can get to the accounting server. [00:55:44] Okay, et cetera. Right? The sales guys can enter the sales data and the programmers can get at their programs. And maybe the servers that are running their virtual machines are doing testing on what was zero trust. It is substantially different. What they're doing with zero trust is assuming that you always have to be authentic. [00:56:11] So instead of traditional security, where, where you're coming from helps to determine your level of access, you are assuming that basically no units of trust. So I don't care where you're coming from. If you are on a machine in the accounting department, We want to verify a lot of other information before we grant you access. [00:56:38] So that information probably does include what network you're on. Probably does include the machine you're on, but it's going to all. You as a user. So you're going to have a username. You're going to have an ID. You're going to have a multi-factor authentication. And then we're going to know specifically what your job is and what you need to have specific access. [00:57:04] Because this follows the overall principle of least privilege to get your job done. Now you might've thought in the past that, oh my gosh, these firewalls, they're just so annoying. It's just so difficult to be able to do anything right. Well, zero trust is really going to get your attention. If that's what you've been saying. [00:57:23] But here's an example of the traditional security approach. If you're in the office, you get access to the full network. Cause that's pretty common, right? That's not what we've been doing, but that's pretty common where we have been kind of working in the middle between zero trust and this traditional you're in the office. [00:57:41] So you can potentially get it. Everything that's on the off. And if you're at home while all you have to do is access a specific portal, or as I've explained before, well, you are just connecting to an IP address in a hidden port, which won't remain hidden for. So maybe in a traditional security approach, the bouncer checks your ID. [00:58:08] You can go anywhere inside this club and it's multi floor, right. But in a zero trust approach, getting into the club, having that bouncer look at your ID is only the first check, the bartender or the waiter. They also have to check your ID before you could be served. No matter where you are in the club and that's kind of how they do it right now, though, they'll make a mark on your hand or they'll stamp it. [00:58:35] And now they know, okay, this person cannot get a drink for instance. So think of it that way, where every resource that's available inside the business independently checks whether or not you should have access to. This is the next level of security. It's something that most businesses are starting to move towards. [00:58:57] I'm talking about the bigger guys, the guys that have had to deal with cybersecurity for awhile, not just the people who have a small business, most small businesses have that flat network that. Again about right. The traditional security approach of all you're in the office. So yeah, you can get at anything. [00:59:15] It doesn't matter. And then you, you have the sales guys walking out with your client list and who knows what else is going on? Think of Ferris, Bueller, where he was updating his grades and miss days at high school, from his home computer. And you've got an idea of why you might want to secure. You are network internally because of, again, those internal threats. [00:59:40] So keep an eye out for it. If you're looking to replace your network, obviously this is something that we've had a lot of experience with. Cisco is probably the best one out there for this, but there are a few other vendors that are pretty good. If you want to drop me an email, I'll put together a list of some of the top tier zero. [01:00:02] Providers so that you can look at those. I don't have one right now, but I'd be glad to just email me M e@craigpeterson.com. We can point you in the right direction, but if you have an it person or department, or whether you outsource it to an MSP, a managed services provider, make sure you have the discussion with them about zero. [01:00:28] Now, when I'm looking at security, I'm concerned about a bunch of things. So let me tell you something that Karen and I have been working on the last, oh man, few weeks. I mentioned the boot camp earlier in the show today. And one of the things that we're going to do for those people that attend the bootcamp is I think incredible. [01:00:49] This has taken Karen so much time to dig up. Once she's done is she's worked with me to figure out what are the things that you need to keep tabs on. Now, again, this is aimed primarily at businesses, but let me tell you, this is going to be great for home users as well. And we've put together this list of what you should be doing. [01:01:15] About cybersecurity every week. And in fact, a couple of things that are daily, but every week, every month, every quarter, every six months and every year, it's a full checklist. So you can take this and sit down with it and, you know, okay. So I have to do these things this week and this isn't. Response to anything in particular, it does meet most requirements, but frankly, it's something that every business should be doing when it comes to the cybersecurity. [01:01:53] It includes things like passwords. Are they being done? Right? Did you do some training with your employees on fishing or a few other topics all the way on down to make sure you got some canned air and blew out the fan? In your workstations, you'd be amazed at how dirty they get. And he is the enemy of computers that makes them just fail much, much faster than, than 82, same thing with server. [01:02:22] So it is everything. It is a lot of pages and it is just check she'd made it nice and big. Right. So even I can read it. But it's little check marks that you can mark on doing while you're going through it. So we're doing some more work on that. She's got the first couple of iterations done. We're going to do a couple more, make sure it is completely what you would need in order to help keep your cyber security in. [01:02:50] But the only way you're going to get it is if you are in the BR the bootcamp absolutely free. So it was this list, or of course you won't find out unless you are on my email list. Craig Peterson.com/subscribe. [01:03:06] One of the questions I get asked pretty frequently has to do with artificial intelligence and robots. Where are we going? What are we going to see first? What is the technology that's first going to get into our businesses and our homes. [01:03:22] Artificial intelligence is something that isn't even very well-defined there's machine learning and there's artificial intelligence. [01:03:33] Some people put machine learning as a subset of artificial intelligence. Other people kind of mess around with it and do it the other way. I tend to think that artificial intelligence is kind of the top of the heap, if you will. And that machine learning is a little bit further down because machines can be programmed to learn. [01:03:54] For instance, look at your robot, your eye robot cleans the floor, cleans the carpet. It moves around. It has sensors and it learned, Hey, I have to turn here. Now. I robot is actually pretty much randomly drew. But there are some other little vacuum robots that, that do learn the makeup of your house. The reason for the randomization is while chairs move people, move things, move. [01:04:22] So trying to count on the house, being exactly the same every time isn't isn't exactly right. Uh, by the way, a lot of those little vacuums that are running around are also sending data about your house, up to the manufacturer in the. So they often will know how big the house is. They know where it's located because you're using the app for their robot. [01:04:47] And that, of course it has access to GPS, et cetera, et cetera. Right. But where are we going? Obviously, the little by robot, the little vacuum does not need much intelligence to do what it's doing, but one of the pursuits that we've had for. Really since the late nineties for 20, 25 years are what are called follower robots. [01:05:13] And that's when I think we're going to start seeing much more frequently, it's going to be kind of the first, um, I called it machine learning. They call it artificial intelligence who you really could argue either one of them, but there's a little device called a Piaggio fast forward. And it is really kind of cool. [01:05:34] Think of it almost like R2D2 or BB eight from star wars following you around. It's frankly, a little hard to do. And I want to point out right now, a robot that came out, I think it was last year from Amazon is called the Astro robot. And you might remember Astro from the Jetsons and. This little robot was available in limited quantities. [01:06:01] I'm looking at a picture of it right now. It, frankly, Astro is quite cute. It's got two front wheels, one little toggle wheel in the back. It's got cameras. It has a display that kind of makes it look like kids are face, has got two eyeballs on them. And the main idea behind this robot is that it will. [01:06:23] Provide some protection for your home. So it has a telescoping camera and sensor that goes up out of its head up fairly high, probably about three or four feet up looking at this picture. And it walks around your one rolls around your home, scanning for things that are out of the normal listening for things like windows breaking there, there's all kinds of security. [01:06:50] That's rolled into some of these. But it is a robot and it is kind of cool, but it's not great. It's not absolutely fantastic. Amazon's dubbing the technology it's using for Astro intelligent motion. So it's using location and mapping data to make sure that Astro. Gets around without crashing into things. [01:07:18] Unlike that little vacuum cleaner that you have, because if someone loves something on the floor that wasn't there before, they don't want to run over it, they don't want to cause harm. They don't want to run into your cats and dogs. And oh my maybe lions and bears too. But, uh, they're also using this computer vision technology called visual ID and that is used. [01:07:41] With facial recognition, drum roll, please, to recognize specific members of the family. So it's kind of like the dog right in the house. It's sitting there barking until it recognizes who you are, but Astro, in this case, Recognizes you and then provide you with messages and reminders can even bring you the remote or something else and you just drop it in the bin and off it goes. [01:08:08] But what I am looking at now with this Piaggio fast forward, you might want to look it up online, cause it's really. Cool is it does the following, like we've talked about here following you around and doing things, but it is really designed to change how people and goods are moving around. So there's a couple of cool technologies along this line as well. [01:08:35] That it's not, aren't just these little small things. You might've seen. Robots delivery robots. The Domino's for instance, has been working on there's another real cool one out there called a bird. And this is an autonomous driving power. Basically. It's a kind of a four wheel ATV and it's designed to move between the rows of fruit orchards in California or other places. [01:09:01] So what you do to train this borough robot is you press a follow button on it. You start walking around the field or wherever you want it to go. It's using, uh, some basic technology to follow you, cameras and computer vision, and it's recording it with GPS and it memorizes the route at that point. Now it can ferry all of your goods. [01:09:29] Around that path and communicate the path by the way to other burrow robots. So if you're out doing harvesting or whether it's apples out in the east coast, or maybe as I said out in California, you've got it. Helping you with some of the fruit orchards. It's amazing. So this is going to be something that is going to save a lot of time and money, these things, by the way, way up to 500 pounds and it can carry as much as a half a ton. [01:09:58] You might've seen some of the devices also from a company down in Boston, and I have thought that they were kind of creepy when, when you look at it, but the company's called Boston dynamics and. They were just bought, I think it was Hondai the bought them trying to remember. And, uh, anyway, These are kind of, they have robots that kind of look like a dog and they have other robots that kind of look like a human and they can do a lot of different chores. [01:10:33] The military has used them as have others to haul stuff. This one, this is like the little dog, it has four legs. So unlike a lot of these other robots that are on wheels, this thing can go over very, very. Terrain it can self write, et cetera. And they're also using them for things like loading trucks and moving things around, um, kind of think of Ripley again, another science fiction tie, uh, where she's loading the cargo in the bay of that spaceship. [01:11:05] And she is inside a machine. That's actually doing all of that heavy lifting now. Today, the technology, we have a can do all of that for us. So it is cool. Uh, I get kind of concerned when I see some of these things. Military robots are my favorite, especially when we're talking about artificial intelligence, but expect the first thing for these to be doing is to be almost like a companion, helping us carry things around, go fetch things for us and in the business space. [01:11:40] Go ahead and load up those trucks and haul that heavy stuff. So people aren't hurting their backs. Pretty darn cool. Hey, I want to remind you if you would like to get some of the free training or you want some help with something the best place to start is Craig peterson.com. And if you want professional help, well, not the shrink type, but with cyber security. [01:12:06] email me M E at Craig peterson.com. [01:12:10] Just in time for the holidays, we have another scam out there and this one is really rather clever and is fooling a lot of people and is costing them, frankly, a whole lot of money. [01:12:26] This is a very big cyber problem because it has been very effective. And although there have been efforts in place to try and stop it, they've still been able to kind of get ahead of it. There's a great article on vice that's in this week's newsletter. In my show notes up on the website and it is talking about a call that came in to one of the writers, Lorenzo, B cherry, um, probably completely messy and that name up, but the call came in from. [01:13:03] Supposedly right. Paid pals, uh, fraud prevention system. Someone apparently had tried to use his PayPal account to spend $58 and 82 cents. According to the automated voice on the line, PayPal needed to verify my identity to block the transfer. And here's a quote from the call, uh, in order to secure your account, please enter the code we have sent to your mobile device. [01:13:32] Now the voice said PayPal, sometimes texts, users, a code in order to protect their account. You know, I've said many times don't use SMS, right? Text messages for multi-factor authentication. There are much better ways to do it. Uh, after entering a string of six digits, the voice said, thank you. Your account has been secured and this request has been blocked. [01:13:57] Quote, again, don't worry. If any payment has been charged your account, we will refund it within 24 to 48 hours. Your reference ID is 1 5 4 9 9 2 6. You may now hang up, but this call was actually. Hacker they're using a type of bot is what they're called. These are these automated robotic response systems that just dramatically streamlined the process for the hackers to gain access into your account. [01:14:31] Particularly when you have multi-factor authentication codes where you're using. An SMS messages, but it also works for other types of one-time passwords. For instance, I suggest to everybody and we use these with our clients that they should use something called one password.com. That's really you'll find them online. [01:14:54] And one password.com allows you to use and create one time password, same thing with Google authenticator, same thing with Microsoft authenticator, they all have one-time password. So if a bad guy has found your email address and has found your password online in one of these hacks, how can they possibly get into your PayPal account or Amazon or Coinbase or apple pay or. [01:15:26] Because you've got a one time password set up or SMS, right? Multifactor authentication of some sort. Well they're full and people and absolute victims. Here's what's happening. Th this bot by the way, is great for bad guys that don't have social engineering skills, social engineering skills, or when someone calls up and says, hi, I'm from it. [01:15:51] And there's a problem. And we're going to be doing an upgrade on your Microsoft word account this weekend because of a bug or a security vulnerability. So what, what I need from you is I need to know what username you're normally using so that I can upgrade the right. So we don't, it doesn't cost us a whole bunch by upgrading accounts that aren't being used. [01:16:15] So once the account name that you use on the computer and what's the password, so we can get in and test it afterwards, that's a social engineering type attack. That's where someone calls on the phone, those tend to be pretty effective. But how about if you don't speak English very well? At all frankly, or if you're not good at tricking people by talking to them, well, this one is really great. [01:16:44] Cause these bots only cost a few hundred bucks and anybody can get started using these bots to get around multi-factor authentication. See, here's how it works. In order to break into someone's account, they need your username, email address and password. Right? Well, I already said. Much many of those have been stolen. [01:17:07] And in our boot camp coming up in a few weeks, we're going to go through how you can find out if your username has been stolen and has been posted on the dark web and same thing for your password. Right? So that's going to be part of the. Coming up that I'll announce in the newsletter. Once we finished getting everything already for you guys, they also go ahead and buy what are called bank logs, which are login details from spammers who have already tricked you into giving away some of this information. [01:17:41] But what if you have multi-factor authentication enabled something I'm always talking about, always telling you to do. Well, these bots work with platforms like Twilio, for instance, uh, and they are using other things as well, like slack, et cetera. And all the bad guy has to do with that point is going. [01:18:07] And, uh, say, they're trying to break into your account right now. So they're going to, let's get really, really specific TD bank. That's where my daughter works. So let's say you have a TD bank account. And the hacker has a good idea that you have a TD bank account knows it because they entered in your username and password and TD bank was letting them in. [01:18:32] But TD bank sent you a text message with that six character code, right? It's usually digits. It's usually a number. So what happens then? So the bad guys says, okay, so it's asking me for this six digit SMS

The DNS Abuse Institute is a community effort to develop solutions to DNS-related problems including malware, botnets, phishing, pharming, and spam. On today's show we speak with its Director, Graeme Bunton, about the institute and its work, and the challenges of dealing with malicious actors that exploit DNS and domain names. The post Heavy Networking 606: Dealing With DNS And Domain Name Abuse appeared first on Packet Pushers.

The DNS Abuse Institute is a community effort to develop solutions to DNS-related problems including malware, botnets, phishing, pharming, and spam. On today's show we speak with its Director, Graeme Bunton, about the institute and its work, and the challenges of dealing with malicious actors that exploit DNS and domain names. The post Heavy Networking 606: Dealing With DNS And Domain Name Abuse appeared first on Packet Pushers.

The DNS Abuse Institute is a community effort to develop solutions to DNS-related problems including malware, botnets, phishing, pharming, and spam. On today's show we speak with its Director, Graeme Bunton, about the institute and its work, and the challenges of dealing with malicious actors that exploit DNS and domain names. The post Heavy Networking 606: Dealing With DNS And Domain Name Abuse appeared first on Packet Pushers.

How do you automate DNS changes? And why would you? Carl and Richard talk to Enrique Comba, the DNSimple Ambassador, about programming against the DNSimple API. Enrique talks about automating migration from other DNS services - in fact, there are community-created products for migrating from various 'popular' DNS providers to DNSimple. The conversation also ranges over other tasks that are difficult to do manually, like certificate generation and renewal. If you're creating multi-tenant applications, configuration of DNS is a normal part of the job, and it should be automated - there are lots of reasons to dive into the API!

For grått og for smått, sier SV - Usosialt, svarer Høyre, I dag la Finansminister Trygve Slagsvold Vedum frem sitt første statsbudsjett Regjeringen sier det er vanlige folks tur - ifølge DNs kommentator er det villa-eiere med basseng sin tur. Særlig for dem som bor nord for Dovre. Er det egentlig lov å være kritisk til Greta Thunberg? Debatten går om hun er en engasjert aktivist eller en som skaper politikerforakt. SV vil forby butikkenes egenproduserte merkevarer, som "firstprice" og "xtra". - Helt absurd, svarer FrP. - Velkommen til Dagsnytt 18 denne budsjettmandagen, jeg heter Anne Katrine Førli

If you follow my newsletter, you probably saw what I had in the signature line the last few weeks: how to make a fake identity. Well, we're going to take it a little bit differently today and talk about how to stop spam with a fake email. [Automated transcript follows] [00:00:16] Email is something that we've had for a long time. [00:00:19] I think I've told you before I had email way back in the early eighties, late seventies, actually. So, yeah, it's been a while and I get tens of thousands of email every day, uh, sent to my domain, you know, mainstream.net. That's my company. I've had that same domain name for 30 years and, and it just kinda got out of control. [00:00:46] And so we have. Big Cisco server, that exclusively filters email for us and our clients. And so it cuts down the tens of thousands to a very manageable couple of hundred a day. If you think that's manageable and it gets sort of almost all of the fishing and a lot of the spam and other things that are coming. [00:01:09] But, you know, there's an easier way to do this. Maybe not quite as effective, but allowing you to track this whole email problem and the spam, I'm going over this in some detail in. Coming bootcamp. So make sure we keep an eye on your emails. So you know about this thing again, it's free, right? I do a lot of the stuff just to help you guys understand it. [00:01:34] I'm not trying to, you know, just be June to submission to buy something. This is a boot camp. My workshops, my boot camps, my emails, they are all about informing you. I try to make them the most valuable piece of email. During the week. So we're going to go into this in some detail in this upcoming bootcamp. [00:01:55] But what we're looking at now is a number of different vendors that have gotten together in order to help prevent some of the spam that you might've been in. Uh, I think that's a very cool idea to have these, these sometimes temporary, sometimes fake email addresses that you can use. There's a company out there called fast to mail. [00:02:20] You might want to check them out. There's another company called apple. And you might might want to check them out. I'll be talking about their solution here as well. But the idea is why not just have one email address? And if you're an apple user, even if you don't have the hardware, you can sign up for an apple account. [00:02:42] And then once you have that account, you can use a new feature. I saw. Oh, in, in fact, in Firefox, if you use Firefox at all, when there's a form and it asks for an email address, Firefox volunteers to help you make a fake ish email address. Now I say fake ish, because it's a real email address that forwards to your normal regular. [00:03:10] Email address. And as part of the bootcamp, I'm also going to be explaining the eight email addresses, minimum eight, that you have to have what they are, how to get them, how to use them. But for now you can just go online to Google and this will get you started and do a search for Apple's new hide. My email feature. [00:03:30] This lets you create random email addresses and those email addresses. And up in your regular, uh, icloud.com or me.com, whatever you might have for your email address, address that apple has set up for you. Isn't that cool. And you can do that by going into your iCloud settings. And it's part of their service that are offering for this iCloud plus thing. [00:03:57] And they've got three different fi privacy focused services, right? So in order to get this from apple, so you can create these unlimited number of rather random looking emails, for instance, a blue one to six underscore cat I cloud.com that doesn't tell anybody. Who you are, and you can put a label in there. [00:04:21] What's the name of the website that, that, or the, the, a URL of the website, the two created this email for, and then a note so that you can look at it later on to try new member and that way. Site that you just created it for in this case, this is an article from CNET. They had an account@jamwirebeats.com. [00:04:45] This is a weekly music magazine subscription that they had. And apple generated this fake email address, blue one to 600 score Canada, cobb.com. Now I can hear you right now. Why would you bother doing that? It sounds like a lot of work. Well, first of all, it's not a whole lot of work, but the main reason to do that, If you get an email address to blue cat, one, two6@icloud.com and it's supposedly from bank of America, you instantly know that is spam. [00:05:23] That is a phishing email because it's not using the email address you gave to TD bank. No it's using the email address that it was created for one website jam wire beats.com. This is an important feature. And that's what I've been doing for decades. Email allows you to have a plus sign. In the email address and Microsoft even supports it. [00:05:53] Now you have to turn it on. So I will use, for instance, Craig, plus a Libsyn as an example@craigpeterson.com and now emails that Libson wants to send me. I'll go to Craig. Libsyn@craigpeterson.com. Right? So the, the trick here is now if I get an email from someone other than libs, and I know, wait a minute, this isn't Libsyn, and that now flags, it has a phishing attack, right. [00:06:28] Or at the very least as some form of spam. So you've got to keep an eye out for that. So you got to have my called plus, and if. Pay for the premium upgrade, which ranges from a dollar to $10. Uh, you you've got it. Okay. If you already have an iCloud account, your account automatically gets upgraded to iCloud plus as part of iOS 15, that just came out. [00:06:55] All right. So that's one way you can do it. If you're not an apple fan. I already mentioned that Firefox, which is a browser has a similar feature. Uh, Firefox has just been crazy about trying to protect your privacy. Good for them, frankly. Right? So they've been doing a whole lot of stuff to protect your privacy. [00:07:17] However, there you are. They have a couple of features that get around some of the corporate security and good corporate security people have those features block because it makes it impossible for them to monitor bad guys that might hack your account. So that's another thing you can look at is Firefox. [00:07:37] Have a look@fastmail.com. And as I said, we're going to go into this in some detail in the bootcamp, but fast mail lets you have these multiple email accounts. No, they restricted. It's not like apple where it's an infinite number, but depending on how much you pay fast mail is going to help you out there. [00:07:57] And then if you're interested, by the way, just send an email to me, me. Craig peterson.com. Please use that email address emmy@craigpeterson.com because that one is the one that's monitored most closely. And just ask for my report on email and I've got a bunch of them, uh, that I'll be glad to send you the gets into some detail here, but proton mail. [00:08:22] Is a mail service that's located in Switzerland? No, I know of in fact, a couple of a high ranking military people. I mean really high ranking military people that are supposedly using proton mail. I have a proton mail account. I don't use it that much because I have so much else going on, but the advantage. [00:08:45] Proton mail is it is in Switzerland. And as a general rule, they do not let people know what your identity is. So it's kind of untraceable. Hence these people high up in the department of defense, right. That are using proton mail. However, it is not completely untraceable. There is a court case that a proton man. [00:09:12] I don't know if you'd say they lost, but proton mail was ordered about a month ago to start logging access and provide it for certain accounts so they can do it. They are doing it. They don't use it in most cases, but proton mail is quite good. They have a little free level. Paid levels. And you can do all kinds of cool stuff with proton mail. [00:09:35] And many of you guys have already switched, uh, particularly people who asked for my special report on email, because I go into some reasons why you want to use different things. Now there's one more I want to bring up. And that is Tempa mail it's temp-mail.org. Don't send anything. That is confidential on this. [00:09:57] Don't include any credit card numbers, nothing. Okay. But temp-mail.org will generate a temporary email address. Part of the problem with this, these temporary email address. Is, they are blocked at some sites that really, really, really want to know what your really mail address is. Okay. But it's quite cool. [00:10:22] It's quite simple. So I'm right there right now. temp-mail.org. And I said, okay, give me email address. So gave me one. five04@datacop.com. Is this temporary email, so you can copy that address. Then you can come back into again, temp-mail.org and read your email for a certain period of time. So it is free. [00:10:48] It's disposable email. It's not particularly private. They have some other things, but I wouldn't use them because I don't know them for some of these other features and services. Stop pesky email stop. Some of these successful phishing attempt by having a unique, not just password, but a unique email for all those accounts. [00:11:12] And as I mentioned, upcoming bootcamp, and I'll announce it in my weekly email, we're going to cover this in some detail. Craig peterson.com. Make sure you subscribe to my newsletter. [00:11:25] Well, you've all heard is up. So what does that mean? Well, okay. It's up 33% since the last two years, really. But what does that amount to, we're going to talk about that. And what do you do after you've been ransomed? [00:11:42] Ransomware is terrible. It's crazy. Much of it comes in via email. [00:11:49] These malicious emails, they are up 600% due to COVID-19. 37% of organizations were affected by ransomware attacks in the last year. That's according to Sofos. 37% more than the third. Isn't that something in 2021, the largest ransomware payout, according to business insider was made by an insurance company at $40 million setting a world record. [00:12:21] The average ransom fee requested increased from 5,020 18 to around 200,000 in 2020. Isn't that something. So in the course of three years, it went from $5,000 to 200,000. That's according to the national security Institute, experts estimate that a ransomware attack will occur every 11 seconds for the rest of the year. [00:12:50] Uh, it's just crazy. Absolutely. Crazy all of these steps. So what does it mean? Or, you know, okay. It's up this much is up that much. Okay. Businesses are paying millions of dollars to get their data back. How about you as an individual? Well, as an individual right now, the average ransom is $11,605. So are you willing to pay more than $11,000 to get your pictures back off of your home computer in order to get your. [00:13:27] Work documents or whatever you have on your home computer. Hopefully you don't have any work information on your home computer over $11,000. Now, by the way, most of the time, these ransoms are actually unaffiliate affair. In other words, there is a company. That is doing the ransom work and they are pain and affiliate who are the, the affiliate in this case. [00:13:55] So the people who infected you and the affiliates are making up to 80% from all of these rents. Payments it's crazy. Right? So you can see why it's up. You can just go ahead and try and fool somebody into clicking on a link. Maybe it's a friend of yours. You don't productively like some friend, right. And you can go ahead and send them an email with a link in it. [00:14:20] And they click the link and it installs ransomware and you get 80% of them. Well, it is happening. It's happening a lot. So what do you do? This is a great little article over on dark reading and you'll see it on the website. The Craig peterson.com. But this article goes through. What are some of the steps it's by Daniel Clayton? [00:14:48] It's actually quite a good little article. He's the VP of global security services and support over at bit defender bit defender is. Great, uh, software that you've got versions of it for the Mac. You've got versions four of it for window. You might want to check it out, but he's got a nice little list here of things that you want to do. [00:15:13] So number one, Don't panic, right? Scott Adams don't panic. So we're worried because we think we're going to lose our job June. Do you know what? By the way is in the top drawer of the majority of chief information, security officers, two things. Uh, w one is their resignation letter and the second one is their resume because if they are attacked and it's very common and if they get in trouble, they are leaving. [00:15:47] And that's pretty common too. Although I have heard of some companies that understand, Hey, listen, you can't be 100% effective. You got to prioritize your money and play. It really is kind of like going to Vegas and betting on red or black, right? 50, 50 chance. Now, if you're a higher level organization, like our customers that have to meet these highest compliance standards, these federal government regulations and some of the European regulations, even state regulations, well, then we've got to keep you better than 99% safe and knock on wood over the course of 30 years. [00:16:27] That's a long I've been doing. 30 years. We have never had a single customer get a S uh, and. Type of malware, whether it is ransomware or anything else, including one custom company, that's a multinational. We were taking care of one of their divisions and the whole company got infected with ransomware. [00:16:50] They had to shut down globally for. Two weeks while they tried to recover everything, our little corner of the woods, the offices that we were protecting for that division, however, didn't get hit at all. So it is possible, right? I don't want you guys to think, man. There was nothing I can do. So I'm not going to do anything. [00:17:14] One of the ladies in one of my mastermind groups basically said that, right? Cause I was explaining another member of my mastermind group. Got. And I got hit for, I think it turned out to be $35,000 and, you know, that's a bad thing. Plus you feel just so exposed. I've been robbed before, uh, and it's just a terrible, terrible feeling. [00:17:37] So he was just kind of freaking out for good. But I explained, okay, so here's what you do. And she walked away from it thinking, well, there's nothing I can do. Well, there are things you can do. It is not terribly difficult. And listening here, getting my newsletter, going to my bootcamps and the workshops, which are more involved, you can do it. [00:18:03] Okay. It can be done. So I don't want. Panic. I don't want you to think that there's zero. You can do so that's number one. If you do get ransomware, number two, you got to figure out where did this come from? What happened? I would change this order. So I would say don't panic. And then number two is turn off the system that got rants. [00:18:29] Turn it off one or more systems. I might've gotten ransomware. And remember that the ransomware notification does not come up right. When it starts encrypting your data. It doesn't come up once they've stolen your data. It comes up after they have spread through your organization. So smart money would say shut off every computer, every. [00:18:56] Not just pull the plug. I w I'm talking about the ethernet cable, right? Don't just disconnect from wifi. Turn it off. Immediately. Shut it off. Pull the plug. It might be okay. In some cases, the next thing that has to happen is each one of those machines needs to have its disc drive probably removed and examined to see if it has. [00:19:18] Any of that ransomware on it. And if it does have the ransomware, it needs to get cleaned up or replaced. And in most cases we recommend, Hey, good time. Replace all the machines, upgrade everything. Okay. So that's the bottom line. So that's my mind. Number two. Okay. Um, he has isolated and save, which makes sense. [00:19:40] You're trying to minimize the blast radius. So he wants you to isolate him. I want you to turn them off because you do not want. Any ransomware that's on a machine in the process of encrypting your files. You don't want it to keep continuing to encrypting. Okay. So hopefully you've done the right thing. [00:20:00] You are following my 3, 2, 1 backup schedule that I taught last year, too, for free. For anybody that attended, hopefully you've already figured out if you're going to pay. Pay. I got to say some big companies have driven up the price of Bitcoin because they've been buying it as kind of a hedge against getting ransomware so they can just pay it right away. [00:20:25] But you got to figure that out. There's no one size fits all for all of this. At over $11,000 for an individual ransom, uh, this requires some preparation and some thought stick around, got a lot more coming up. Visit me online, Craig Peterson.com and get my newsletter along with all of the free trainings. [00:20:52] Well, the bad guys have done it again. There is yet another way that they are sneaking in some of this ransomware and it has to do with Q R codes. This is actually kind of clever. [00:21:08] By now you must've seen if not used QR codes. [00:21:12] These are these codes that they're generally in a square and the shape of a square and inside there's these various lines and in a QR code, you can encode almost anything. Usually what it is, is a URL. So it's just like typing in a web address into your phone, into your web browser, whatever you might be using. [00:21:35] And they have been very, very handy. I've used them. I've noticed them even showing up now on television ad down in the corner, you can just scan the QR code in order to apply right away to get your gin Sioux knives. Actually, I haven't seen it on that commercial, but, uh, it's a different one. And we talked last week about some of these stores that are putting QR codes in their windows. [00:22:02] So people who are walking by, we even when the store is closed, can order stuff, can get stuff. It's really rather cool. Very nice technology. Uh, so. There is a new technique to get past the email filters. You know, I provide email filters, these big boxes, I mean, huge machines running Cisco software that are tied into, uh, literally billion end points, plus monitoring tens of hundreds of millions of emails a day. [00:22:39] It's just huge. I don't even. I can ha can't get my head around some of those numbers, but it's looking at all those emails. It is cleaning them up. It's looking at every URL that's embedded in an email says, well, is this a bad guy? It'll even go out and check the URL. It will look at the domain. Say how long has this domain been registered? [00:23:01] What is the spam score overall on the domain? As well as the email, it just does a whole lot of stuff. Well, how can it get around a really great tight filter like that? That's a very good question. How can you and the bottom line answer is, uh, how about, uh, using the QR code? So that's what bad guys are doing right now. [00:23:26] They are using a QR code in side email. Yeah. So the emails that have been caught so far by a company called abnormal security have been saying that, uh, you have a missed voicemail, and if you want to pick it up, then scan this QR. It looks pretty legitimate, obviously designed to bypass enterprise, email gateway scans that are really set up to detect malicious links and attachments. [00:24:01] Right? So all of these QR codes that abnormal detected were created the same day they were sent. So it's unlikely that the QR codes, even that they'd been detected would have been previously. Poured it included in any security blacklist. One of the good things for these bad guys about the QR codes is they can easily change the look of the QR code. [00:24:26] So even if the mail gateway software is scanning for pictures and looking for a specific QR codes, basically, they're still getting. So the good news is the use of the QR codes in these types of phishing emails is still quite rare. We're not seeing a lot of them yet. We are just starting to see them, uh, hyperlinks to phishing sites, a really common with some of these QR codes. [00:24:58] But this is the first time we've seen an actor embed, a functional QR code into an email is not. Now the better business bureau warned of a recent uptick, ticking complaints from consumers about scams involving QR codes, not just an email here, but because these codes can't really be read by the human eye at all. [00:25:21] The attackers are using them to disguise malicious links so that you know, that vendor that I talked about, that retail establishment that's using the QR codes and hoping people walking by will scan it in order to get some of that information. Well, People are going to be more and more wary of scanning QR codes, right? [00:25:43] Isn't that just make a lot of sense, which is why, again, one of the items in our protection stack that we use filters URLs. Now you can get a free. The filter and I cover this in my workshop, how to do it, but if you go to open DNS, check them out, open DNS, they have a free version. If you're a business, they want you to pay, but we have some business related ones to let you have your own site to. [00:26:15] Based on categories and all that sort of stuff, but the free stuff is pretty generalized. They usually have two types, one for family, which blocks the stuff you might think would be blocked. Uh, and other so that if you scan one of these QR codes and you are using open DNS umbrella, one of these others, you're going to be much, much. [00:26:39] Because it will, most of the time be blocked because again, the umbrella is more up-to-date than open DNS is, but they are constantly monitoring these sites and blocking them as they need to a mobile iron, another security company. I conducted a survey of more than 4,400 people last year. And they found that 84% have used a QR code. [00:27:05] So that's a little better than I thought it was. Twenty-five percent of them said that they had run into situations where a QR code did something they did not expect including taking them to a malicious website. And I don't know, are they like scanning QR codes in the, in the men's room or something in this doll? [00:27:24] I don't know. I've never come across a QR code. That was a malicious that I tried to scan, but maybe I'm a little more cautious. 37% were. Saying that they could spot a malicious QR code. Yeah. Yeah. They can read these things while 70% said they'd be able to spot a URL to a phishing or other malicious website that I can believe. [00:27:50] But part of the problem is when you scan a QR code, it usually comes up and it says, Hey, do you want to open this? And most of that link has invisible is, is not visible because it is on your smartphone and it's not a very big screen. So we'll just show you the very first part of it. And the first part of it, it's going to look pretty darn legit. [00:28:14] So again, that's why you need to make sure you're using open DNS or umbrella. Ideally, you've got it installed right at your edge at your router at whoever's handling DHCP for your organization. Uh, in the phishing campaign at normal had detected with using this QR code, uh, code they're saying the attackers had previously compromised, some outlook, email accounts, belonging to some legitimate organizations. [00:28:43] To send the emails with malicious QR codes. And we've talked about that before they use password stuffing, et cetera. And we're covering all of this stuff in the bootcamp and also, well, some of it in the bootcamp and all of this really in the workshops that are coming up. So keep an eye out for that stuff. [00:29:03] Okay. Soup to nuts here. Uh, it's a, uh, it's a real. Every week, I send out an email and I have been including my show notes in those emails, but I found that most people don't do anything with the show notes. So I'm changing, I'm changing things this week. How some of you have gotten the show notes, some of you haven't gotten the show notes, but what I'm going to be doing is I've got my show notes on my website@craigpeterson.com. [00:29:35] So you'll find them right. And you can get the links for everything I talk about right here on this. I also now have training in every one of my weekly emails. It's usually a little list that we've started calling listicles and it is training on things you can do. It is. And anybody can do this is not high level stuff for people that are in the cybersecurity business, right. [00:30:07] Home users, small businesses, but you got to get the email first, Craig peterson.com and signup. [00:30:14] California is really in trouble with these new environmental laws. And yet, somehow they found a major exception. They're letting the mine lithium in the great salt and sea out in California. We'll tell you why. [00:30:31] There's an Article in the New York times. And this is fantastic. It's just a incredible it talking about the lithium gold rush. [00:30:43] You already know, I'm sure that China has been playing games with some of these minerals. Some of the ones that we really, really need exotic minerals that are used to make. Batteries that are used to power our cars. And now California is banning all small gasoline engine sales. So the, what is it? 55,000 companies out in California that do lawn maintenance are going down. [00:31:13] To drive those big lawnmowers around running on batteries. They're estimating it'll take 30 packs battery packs a day. Now, remember California is one of these places that is having rolling blackouts because they don't have. Power, right. It's not just China. It's not just Europe where they are literally freezing people. [00:31:37] They did it last winter. They expect to do it more. This winter, since we stopped shipping natural gas and oil, they're freezing people middle of winter, turning off electronics. California, at least they're not too likely to freeze unless they're up in the mountains in California. So they don't have enough power to begin with. [00:31:57] And what are they doing there? They're making it mandatory. I think it was by 2035 that every car sold has to be electric. And now they have just gotten rid of all of the small gasoline engines they've already got. Rolling blackouts, come on. People smarten up. So they said, okay, well here's what we're going to do. [00:32:20] We need lithium in order to make these batteries. Right. You've heard of lithium-ion batteries. They're in everything. Now, have you noticed with lithium batteries, you're supposed to take them to a recycling center and I'm sure all of you do. When your battery's dead in your phone, you take it to a recycling center. [00:32:39] Or if you have a battery that you've been using in your Energizer bunny, and it's a lithium battery, of course you take it to the appropriate authorities to be properly disposed of because it's toxic people. It is toxic. So we have to be careful with this. Well, now we're trying to produce lithium in the United States. [00:33:06] There are different projects in different parts of the country, all the way from Maine through of course, California, in order to try and pull the lithium out of the ground and all. Let me tell you, this is not very green at all. So novel. Peppa Northern Nevada. They've started here blasting and digging out a giant pit in this dormant volcano. [00:33:38] That's going to serve as the first large scale, lithium mine in the United States and more than a decade. Well, that's good. Cause we need it. And do you know about the supply chain problems? Right. You've probably heard about that sort of thing, but that's good. This mine is on least federal lands. What does that mean? [00:33:59] Well, that means if Bernie Sanders becomes president with the flick of a pen, just like Joe Biden did on his first day, he could close those leads to federal lands. Yeah. And, uh, we're back in trouble again, because we have a heavy reliance on foreign sources of lithium, right. So this project's known as lithium Americas. [00:34:25] There are some native American tribes, first nation as they're called in Canada. Uh, ranchers environmental groups that are really worried, because guess what? In order to mine, the lithium, and to do the basic processing onsite that needs to be done, they will be using. Billions of gallons of groundwater. [00:34:48] Now think of Nevada. Think of California. Uh, you don't normally think of massive lakes of fresh water to. No. Uh, how about those people that are opposed to fracking? Most of them are opposed to fracking because we're pumping the water and something, various chemicals into the ground in order to crack the rock, to get the gas out. [00:35:11] Right. That's what we're doing. They don't like that. But yet, somehow. Contaminating the water for 300 years and leaving behind a giant mound of waste. Isn't a problem for these so-called Greenies. Yeah. A blowing up visit quote here from max Wilbert. This is a guy who has been living in a tent on this proposed mine site. [00:35:38] He's got a. Lawsuits that are going, trying to block the project. He says blowing up a mountain. Isn't green, no matter how much marketing spend people put on it, what have I been saying forever? We're crazy. We are insane. I love electric cars. If they are coolest. Heck I would drive one. If I had one, no problem. [00:35:57] I'm not going to bother to go out and buy one, but, uh, yeah, it's very cool, but it is anything but green. Electric cars and renewable energy are not green, renewable energy. The solar and the wind do not stop the need for nuclear plants or oil or gas burners, or cold burners, et cetera. Because when the sun isn't shining, we still need electricity. [00:36:29] Where are we getting to get it? When the wind isn't blowing or when the windmills are broken, which happens quite frequently. Where are we going to get our power? We have to get it from the same way we always have from maybe some, uh, some old hydro dams. Right. But really we got to start paying a lot more attention to nuclear. [00:36:53] I saw a couple of more nuclear licenses were issued for these six gen nuclear plants that are green people. They are green, but back to our lithium mine. They're producing cobalt and nickel as well as the lithium. And they are ruined this to land, water, wildlife, and. Yeah. Yeah, absolutely. Uh, we have had wars over gold and oil before and now we're looking at minerals. [00:37:27] In fact, there's a race underway between the United States, China, Europe, Russia, and others, looking for economic and technological dominance for decades to come by grabbing many of these precious minerals. So let's get into this a little bit further here. Okay. So they're trying to do good, but really they're not green. [00:37:53] They're they're not doing good. And this is causing friction. Okay. Um, first three months of this year, us lithium miners raise nearly three and a half billion dollars from wall street, seven times the amount raised in the last six months or 36 months. Yeah, huge. Money's going into it. Okay. They're going after lithium from California's largest leak, the Salton sea. [00:38:23] Yeah. Yeah. So they're going to use specially coded beads to extract lithium salt from the hot liquid pumped up from an aquifer more than 4,000 feet below the surface. Hmm. Sounds like drilling aren't they anti drilling to the self-contained systems connected to geothermal power plants generating emission free electricity. [00:38:44] Oh, that's right. They don't have a problem with the ring of fire in California with earthquakes and things. Right. Ah, yeah. Drilling on that and using the, the, uh, It's not going to be a problem. Uh, so, um, yeah, so that you're hoping to generate revenue needed to restore the lake fouled by toxic runoff from area farms for decades. [00:39:08] So they're looking to do more here. Lithium brine, Arkansas, Nevada, North Dakota, as I mentioned already, Maine. Uh, they're using it in every car that's out there, smartphones, et cetera. Uh, the us has some of the world's largest reserves, which is, I guess, a very good thing. Right? A silver peak mine in Nevada is producing 5,000 tons a year, which is less than 2% of the world's supply. [00:39:40] Uh, this is just absolutely amazing going through this. Okay. Um, I know bomb administration official, Ben Steinberg said right now, China decided to cut off the U S for a variety of reasons. We're in trouble. Yeah. You think. Uh, the another thing here in the New York times article is from this rancher and it's a bit of a problem. [00:40:06] He's got 500 cows and calves. Roaming is 50,000 acres and Nevada's high desert is going to have to start buying feed for. This local, mine's going to reach about 370 feet. Uh, here's another kind of interesting thing. This mine one mine is going to consume 3,200 gallons of water. Per minute. Yeah. In, in Baron Nevada, I I'm looking at a picture of this and it is just dead sagebrush. [00:40:37] Oh my gosh. So they're expecting the water table will drop at least 12 feet. They're going to be producing 66,000 tons of battery grade, lithium carbonate a year. But, uh, here we go. They're digging out this mountain side and they're using 5,800 tons of so FERC acid per day. Yeah. They're mixing clay dug out from the ma from the Mount side with 5,800 tons of clay of sulfuric acid. [00:41:10] I should say every day, they're also consuming 354 million cubic yards. Of mining waste. I'm not consuming creating 354 million cubic yards of mining waste loaded with, uh, discharged from this sulfuric acid treatment and may contain. Modest amounts of radioactive uranium. That's according to the permit documents, they're expecting it'll degrade quote unquote 5,000 acres of winter range used by the antelope herd, the habitat of the Sage groves nesting areas for Eagles. [00:41:48] It just goes on and on. It is not. BLM is not, of course stumbled the bureau of land management, but I guess both PLMs are not, and this is a real problem and the tribes are trying to stop it. The farmers are trying to stop it, but Hey, California needs more lithium batteries for their electric cars. [00:42:10] They're electric lawn mowers, leaf blowers, et cetera. So we've got to get that lithium. We've got to get it right away, uh, in order for their green appetite in. Hey get some sanity. Craig peterson.com. Sign up for my newsletter right now. [00:42:28] Doing a little training here on how to spot fake log-in pages. We just covered fishing and some real world examples of it, of some free quiz stuff that you can use to help with it. And now we're moving on to the next. [00:42:44] The next thing to look for when it comes to the emails and these fake log-in pages is a spelling mistake or grammatical errors. [00:42:56] Most of the time, these emails that we get that are faking emails are, have really poor grammar in them. Many times, of course the, the commas are in the wrong place, et cetera, et cetera. But most of us weren't English majors. So we're not going to pick that up myself included. Right. That's why I use Grammarly. [00:43:17] If you have to ever write anything or which includes anything from an email or a document, uh, you, you probably want to get Grammarly. There's a few out there, but that's the one I liked the best for making sure my grammar. So a tip, I guess, to the hackers out there, but the hackers will often use a URL that is very close to. [00:43:41] Where are you want to go? So they might put a zero in place of an O in the domain, or they might make up some other domain. So it might be a amazon-aws.com or a TD bank dash. Um, account.com, something like that. Sometimes the registrars they'll catch that sort of thing and kill it. Sometimes the business that they are trying to fake will catch it and let them know as well. [00:44:16] There's companies out there that watch for that sort of thing. But many times it takes a while and it's only fixed once enough people have reported it. So look at the URL. Uh, make sure it's legitimate. I always advise that instead of clicking on the link in the email, try and go directly to the website. [00:44:38] It's like the old days you got a phone call and somebody saying, yo, I'm from the bank and I need your name and social security number. So I can validate the someone broke into your account. No, no, no, no, no, they don't. They don't just call you up like that nowadays. They'll send you a message in their app. [00:44:55] That's on your smart. But they're not going to call you. And the advice I've always given is look up their phone now. And by the way, do it in the phone book, they remember those and then call them back. That's the safest way to do that sort of thing. And that's true for emails as well. If it's supposedly your bank and it's reporting something like someone has broken into your account, which is a pretty common technique for these fissures, these hackers that are out there, just type in the bank URL as you know, it not what's in the email and. [00:45:32] There will be a message there for you if it's legitimate, always. Okay. So before you click on any website, Email links, just try and go directly to the website. Now, if it's one of these deep links where it's taking new Jew, something specific within the site, the next trick you can play is to just mouse over the link. [00:45:57] So bring your mouse down to where the link is. And typically what'll happen is at the bottom left of your. Your screen or of the window. It'll give you the actual link. Now, if you look at some of them, for instance, the emails that I send out, I don't like to bother people. So if you have an open one of my emails in a while, I'll just automatically say, Hey, I have not opened them in a while. [00:46:25] And then I will drop you off the list. Plus if you hit reply to one of my newsletters, my show notes, newsletters. That's just fine, but it's not going to go to me@craigpeterson.com and some people you listeners being the best and brightest have noticed that what happens is it comes up and it's some really weird URL that's so I can track who responded to. [00:46:53] And that way I can just sit down and say, okay, now let me go through who has responded? And I've got a, kind of a customer relationship management system that lets me keep track of all of that stuff so that I know that you responded. I know you're interacting, so I know I'm not bothering you. Right. And I know I need to respond to. [00:47:13] Well much the same thing is true with some of these links. When I have a link in my newsletter and I say, Hey, I'm linking to MIT's article. It is not going to be an MIT. Because again, I want to know what are you guys interested in? So anytime you click on a link, I'll know, and I need to know that, so I know why, Hey, wait a minute. [00:47:37] Now, 50% of all of the people that opened the emails are interested in identifying fake login pages. So what do I do? I do something like I'm doing right now. I go into depth on fake login. Pages. I wouldn't have known that if I wasn't able to track it. So just because the link doesn't absolutely look legit doesn't mean it isn't legit, but then again, if it's a bank of it involves financial transactions or some of these other things be more cautious. [00:48:13] So double-check for misspellings or grammatical errors. Next thing to do is to check the certificate, the security certificate on the site. You're on this gets a little bit confusing. If you go to a website, you might notice up in the URL bar, the bar that has the universal resource locator, that's part of the internet. [00:48:40] You might've noticed. There's a. And people might've told you do check for the lock. Well, that lock does not mean that you are saying. All it means is there is a secure VPN from your computer to the computer on the other side. So if it's a hacker on the other side, you're sending your data securely to the hacker, right? [00:49:07] That's not really going to do you a whole lot of good. This is probably one of the least understood things in the whole computer security side, that connect. Maybe secure, but is this really who you think it is? So what you need to do is click on their certificate and the certificate will tell you more detail. [00:49:32] So double-check their certificate and make sure it is for the site. You really. To go to, so when it's a bank site, it's going to say, you know, the bank is going to have the bank information on it. That makes sense. But if you go for instance on now, I'm going to throw a monkey wrench into this whole thing. [00:49:51] If you go to Craig peterson.com, for instance, it's going to say. Connection is secure. The certificate is valid, but if you look at their certificate and the trust in the details, it's going to be issued by some company, but it's going to just say Craig peterson.com. It's not going to give a business name like it would probably do for a bank. [00:50:17] So you know, a little bit of a twist to it, but that's an important thing. Don't just count on the lock, make sure that the certificate is for the place you want to contact. Last, but not least is multi-factor authentication. I can't say this enough. If the bad guys have your username or email address and your password for a site, if you're using multifactor authentication, they cannot get. [00:50:56] So it's going to prevent credential stuffing tactics, or they'll use your email and password combinations that have already been stolen for mothers sites to try and hack in to your online profile. So very important to set up and I advise against using two factor authentication with your, just a cell phone, as in a text message SMS, it is not secure and it's being hacked all of the time. [00:51:26] Get an authorization. App like one password for instance, and you shouldn't be using one password anyways, for all of your password. And then Google has a free one called Google authenticator. Use those instead of your phone number for authentication. [00:51:43] I've been warning about biometric databases. And I, I sat down with a friend of mine who is an attorney, and he's using this clear thing at the airport. I don't know if you've seen it, but it's a biometric database. What are the real world risks? [00:52:00] Well, this " Clear"company uses biometrics. It's using your eye. Brent, if you will, it's using your Iris. [00:52:08] Every one of us has a pretty darn unique Iris, and they're counting on that and they're using it to let you through TSA very quickly. And this attorney, friend of mine thinks it's the best thing since sliced bread, because he can just. Right on through, but the problem here is that we're talking about biometrics. [00:52:30] If your password gets stolen, you can change it. If your email account gets hacked, I have another friend who his account got hacked. You can get a new email account. If your Iris scan that's in this biometric database gets stolen. You cannot replace your eyes unless of course you're Tom cruise and you remember that movie, right. [00:53:00] And it's impossible to replace your fingerprints. It's possible to replace your face print. Well, I guess you could, to a degree or another, right. Some fat injections or other things. Could it be done to change your face sprint, but these Iris scans fingerprints and facial images are something I try not to provide any. [00:53:27] Apple has done a very good job with the security of their face print, as well as their fingerprint, because they do not send any of that information out directly to themselves, or do any database at all. They are stored only on the device itself. And they're in this wonderful little piece of electronics that cannot be physically compromised. [00:53:56] And to date has not been electronically compromised either. They've done a very, very good. Other vendors on other operating systems like Android, again, not so much, but there are also databases that are being kept out there by the federal government. I mentioned this clear database, which isn't the federal government, it's a private company, but the federal government obviously has its fingers into that thing. [00:54:27] The office of personnel. Uh, for the federal government, they had their entire database, at least pretty much the entire database. I think it was 50 million people stolen by the red, Chinese about six years ago. So the communists. Uh, copies of all of the information that the officer personnel management had about people, including background checks and things. [00:54:55] You've probably heard me talk about that before. So having that information in a database is dangerous because it attracts the hackers. It attracts the cybercriminals. They want to get their hands on it. They'll do all kinds of things to try and get their hands. We now have completely quit Afghanistan. [00:55:19] We left in a hurry. We did some incredibly stupid things. I just, I can't believe a president of the United States would do what was done here. And now it's been coming out that president Biden completely ignored. The advice that he was getting from various military intelligence and other agencies out there and just said, no, we're going to be out of there. [00:55:46] You have to limit your troops to this. And that's what causes them to close the airbase bog that we had had for so many years. Apparently the Chinese are talking about taking it over now. Yeah. Isn't that nice. And whereas this wasn't an eternal war, right? We hadn't had anybody die in a year and a half. [00:56:05] Uh, it's crazy. We have troops in south Vietnam. We have troops in Germany. We have troops in countries all over the world, Japan, you name it so that we have a local forest that can keep things calm. And we were keeping things calm. It's just mind blowing. But anyhow, politics aside, we left behind a massive database of biometric database. [00:56:40] Of Afghanis that had been helping us over in Afghanistan, as well as a database that was built using us contractors of everyone in the Afghan military, and basically third genealogy. Who their parents were the grandparents blood type weight, height. I'm looking at it right now. All of the records in here, the sex ID nationality. [00:57:13] Uh, date of exploration, hair color, favorite fruit, favorite vegetables, place of birth, uncle's name marker signature approval. Signature date, place of birth. Date of birth address, permanent address national ID number, place of ISS. Date of ISS native language salary. Date of salary, group of salary, police of salary education. [00:57:38] Father's named graduation date kind of weapon. And service number. These were all in place in Afghanistan. We put them in place because we were worried about ghost soldiers. A gold soldier was someone who we were paying the salary of taxpayers. The United States were paying the salaries of the Afghan military for quite some time. [00:58:06] And we were thinking that about half of the. Payroll checks. We were funding. We're actually not going to people who were in the military, but we're going to people who were high up within the Afghan government and military. So we put this in place to get rid of the ghost soldiers. Everybody had to have all of this stuff. [00:58:33] In the database, 36 pieces of information, just for police recruitment. Now this information we left behind and apparently this database is completely in the hand of the Taliban. Absolutely. So we were talking about Americans who helped construct Afghanistan and the military and the Teleman, the looking for the networks of their Poland supporters. [00:59:07] This is just absolutely amazing. So all of the data doesn't have clear use, like who cares about the favorite fruit or vegetable, but the rest of it does the genealogy. Does they now know who was in the police department, who was in the military, who their family is, what their permanent address is. Okay. [00:59:31] You see the problem here and the biometrics as well in the biometrics are part of this us system that we were using called hide H I D E. And this whole hide thing was a biometric reader. Well, the military could keep with them. There were tens of thousands of these things out in the field. And when they had an encounter with someone, they would look up their biometrics, see if they were already in the database and in the database, it would say, yeah, you know, they're friendly, they're an informant. [01:00:08] Or we found them in this area or w you know, we're watching them. We have concerned about them, et cetera, et cetera. Right. All of their actions were in. Well turns out that this database, which covered about 80% of all Afghans and these devices are now in the hands of the Taliban. Now, the good news with this is that that a lot of this information cannot be easily extracted. [01:00:40] So you're not going to get some regular run of the mill Taliban guide to pick one of these up and start using. But, uh, the what's happening here is that we can really predict that one of these surrounding companies like Pakistan that has been very cooperative with the Taliban. In fact, they gave refuge to Saddam, not Saddam Hussein, but to bin Ladin and also Iran and China and Russia. [01:01:13] Any of those countries should be able to get into that database. Okay. So I think that's really important to remember now, a defense department spokesperson quote here, Eric Faye on says the U S has taken prudent actions to ensure that sensitive data does not fall into the Tolo bonds. And this data is not at risk of misuse. [01:01:38] Misuse that's unfortunately about all I can say, but Thomas Johnson, a research professor at the Naval postgraduate school in Monterey, California says, uh, not so fast. The Taliban may have used biometric information in the Coon dues attack. So instead of taking the data straight from the high devices, he told MIT technology review that it is possible that Tolo bond sympathizers in Kabul provided them. [01:02:11] With databases as a military personnel against which they could verify prints. In other words, even back in 2016, it may have been the databases rather than these high devices themselves pose the greatest risk. This is very concerning big article here in MIT technology review. I'm quoting from it a little bit here, but there are a number of databases. [01:02:39] They are biometric. Many of these, they have geological information. They have information that can be used to round up and track down people. I'm not going to mention world war two, and I'm not going to mention what happened with the government before Hitler took over, because to do that means you lose that government had registered firearms, that government had registered the civilians and the people and Afghanistan. [01:03:13] The government was also as part of our identification papers, registering your religion. If you're Christian, they're hunting you down. If you were working for the military, they're hunting new day. And this is scary. That's part of the reason I do not want biometric information and databases to be kept here in the U S Hey, make sure you get my show notes every week on time, along with free training, I try to help you guys out. [01:03:50] Craig peterson.com. Craig peterson.com. Here I am. Cybersecurity strategist and available to you.

[00:00:32] Andrew tells us they shipped a new project at work this week they've been working on for a few months, and although it went pretty smoothly, he explains some bumps they had along the way and dealing with crunch time. Chris shares an issue and why he's been postponing the launch of the new Hatchbox. [00:04:13] We hear more about propagating the DNS and how long it took.[00:08:28] Andrew mentions using the Proxyman app and what it does. [00:09:15] Chris tells us about his new Mac, and he can't believe how fast it is![00:13:56] Andrew talks about some issues with installing Ruby 2.6.3 and building things in Docker on a new M1 Mac that a developer on his team just got.[00:17:24] Chris explains his upgrading issues on an older app he was working on this week and realized it was a Sass change he made. Ironically, Andrew ran into something very similar with Sass as well. [00:20:57] We hear about the Ember CLI Rails gem and Chris brings up that there is no solution on how to take an abandoned project like this and just keep maintaining it and he wishes there was a better solution.  [00:25:43] Andrew mentions every time you add a gem, you need to be aware of the amount of code debt you will have, and he shares what happened to him when he was a beginning developer. Chris explains why he would rather build it from scratch in the app to tailor it to exactly what they need. [00:29:48] Chris announces a new GoRails Screencast coming up with Kasper and what they'll be talking about.[00:35:25] Find out more about the awesome and very thorough tutorial on “Deploying a Rails application to Kubernetes” that you should check out! [00:39:25] Chris and Andrew chat about the importance of being Rails Developers and not working on DevOps stuff. Panelists:Chris OliverAndrew MasonSponsor:HoneybadgerLinks:Ruby Radar NewsletterRuby Radar TwitterProxymanGlassWireGoRailsGoRails-YouTube SassDeploying a Rails application to Kubernetes-By Marco ColliEmber CLI Rails-GitHubRubyConf 2021

Cory is missing, and we are not sure why. We are concerned for his well being... But, we power through the concern and talk about E-Rate 486 and 470 timelines, DNS issues, listener emails, and we read a few Google Classroom reviews. This show's lifeblood is feedback from listeners like you! Please email us or tweet us with your feedback - we love it! If you contact one of our sponsors, PLEASE let them know you heard about them on our podcast! Link to the INVZBL cart Chris talked about - https://invzbl.com/index#products Tweet us we want to hear from you! @k12techtalkpod Email us at k12techtalk@gmail.com, especially if you are a potential sponsor. Lets work something out. BUY A SHIRT AND/OR HOODIE! https://tinyurl.com/k12techtalkGOTSHIRTS Visit our sponsors at: INVZBL somethingcool.com provisionds.com arubanetworks.com

On The Cloud Pod this week, half the team misses Rob and Ben. Also, AWS Gaudi Accelerators speed up deep learning, GCP announces that its Tau VMs are an independently verified delight, and Azure gets the chance to be Number One for once (with industrial IoT platforms.) A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. JumpCloud, which offers a complete platform for identity, access, and device management — no matter where your users and devices are located.  This week's highlights

Cervical cancer is preventable and that's something to celebrate. We still have work to do though as some communities - especially people of color and rural residents - tend to be diagnosed with cervical cancer more frequently (and often with a more advanced stage). In this episode with chat with Denise Linton, DNS, APRN, FNP-BC to explore ways to make medical care more accessible and welcoming for everyone. Dr. Linton also offers insights on the value of clinical trials in developing new therapies and how we can do a better job of making them far more inclusive.

Rohan and Phil take a look at the 2021.11 release. Phil discusses his use of Heimdall, which is similar to the new feature Home Assistant just released. For complete show notes and more information about the topics discussed in this episode, be sure to check the notes at https://hasspodcast.io/ha097/ This episode was made possible thanks to our sponsor Home Assistant Cloud by Nabu Casa Easily connect to Google and Amazon voice assistants for a small monthly fee that also supports the Home Assistant project. Configuration is via the User Interface so no fiddling with router settings, dynamic DNS or YAML. Website: https://nabucasa.com ----- Hosts ----- Phil Hawthorne Website: https://philhawthorne.com Smart Home Products: https://kit.co/philhawthorne Twitter: https://twitter.com/philhawthorne Buy Phil a Coffee: https://buymeacoff.ee/philhawthorne Rohan Karamandi Website: https://karamandi.com Smart Home Products: https://kit.co/rkaramandi/ Twitter: https://twitter.com/rohank9 Buy Rohan a Coffee: https://buymeacoff.ee/rkaramandi

About EdEd Boyajian, President and CEO of EDB, drives the development and execution of EDB's strategic vision and growth strategy in the database industry, steering the company through 47 consecutive quarters of recurring revenue growth. He also led EDB's acquisition of 2ndQuadrant, a deal that brought together the world's top PostgreSQL experts and positioned EDB as the largest dedicated provider of PostgreSQL products and solutions worldwide. A 15+ year veteran of the open source software movement, Ed is a seasoned enterprise software executive who emphasizes that EDB must be a technology-first business in order to lead the open source data management ecosystem. Ed joined EDB in 2008 after serving at Red Hat, where he rose to Vice President and General Manager of North America. While there, he played a central leadership role in the development of the modern business model for bringing open source to enterprises.Links:EDB: https://enterprisedb.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate: is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards, while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter? Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other, which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at Honeycomb.io/screaminginthecloud. Observability, it's more than just hipster monitoring. Corey: This episode is sponsored in part by our friends at Jellyfish. So, you're sitting in front of your office chair, bleary eyed, parked in front of a powerpoint and—oh my sweet feathery Jesus its the night before the board meeting, because of course it is! As you slot that crappy screenshot of traffic light colored excel tables into your deck, or sift through endless spreadsheets looking for just the right data set, have you ever wondered, why is it that sales and marketing get all this shiny, awesome analytics and inside tools? Whereas, engineering basically gets left with the dregs. Well, the founders of Jellyfish certainly did. That's why they created the Jellyfish Engineering Management Platform, but don't you dare call it JEMP! Designed to make it simple to analyze your engineering organization, Jellyfish ingests signals from your tech stack. Including JIRA, Git, and collaborative tools. Yes, depressing to think of those things as your tech stack but this is 2021. They use that to create a model that accurately reflects just how the breakdown of engineering work aligns with your wider business objectives. In other words, it translates from code into spreadsheet. When you have to explain what you're doing from an engineering perspective to people whose primary IDE is Microsoft Powerpoint, consider Jellyfish. Thats Jellyfish.co and tell them Corey sent you! Watch for the wince, thats my favorite part. Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Today's promoted episode is a treasure and a delight. Longtime listeners of this show know that it's not really a database—unless of course, it's Route 53—and of course, I don't solve pronunciation problems with answers that make absolutely everyone hate me. Longtime listeners of the show know that if there's one thing I adore when it comes to databases—you know, other than Route 53—it is solving pronunciation holy wars in such a way that absolutely everyone is furious with me as a result, and today is no exception. My guest is Ed Boyajian, the CEO of EDB, a company that effectively is the driving force behind the Postgres-squeal database. Ed, thank you for joining me.Ed: Hey, Corey.Corey: So, I know that other people pronounce it ‘post-gree,' ‘Postgresql,' ‘Postgres-Q-L,' all kinds of other things. We know it's decidedly not ‘Postgres-squeal,' which is how I go for it. How do you pronounce it?Ed: We say ‘Postgres,' and this is one of the great branding challenges this fantastic open-source project has endured over many years.Corey: So, I want to start at the very beginning because when I say that you folks are the driving force behind Postgres—or Postgres-squeal—I mean it. I've encountered folks from EDB—formerly EnterpriseDB—in the wild in consulting engagements before, and it's great because whenever we found an intractable database problem, back at my hands-on keyboard engineering implementation days, very quickly after you folks got involved, it stopped being a problem, which is kind of the entire point. A lot of companies will get up there and say, “Oh, it's an open-source project,” with an asterisk next to it and 15 other things that follow from it, or, “Now, we're changing our license so the big companies can't compete with us.” Your company's not named after Postgres-squeal and you're also—when you say you have people working on it, we're not talking just one or two folks; your fingerprints are all over the codebase. How do you engage with an open-source project in that sense?Ed: First and foremost, Postgres itself is, as you know, an independent open-source project, a lot like Linux. And that means it's not controlled by a company. I think that's inherently one of Postgres's greatest strengths and assets. With that in mind, it means that a company like EDB—and this started when I came to the company; I came from Red Hat, so I've been in open-source for 20 years—when I came to the company back in 2008, it starts with a commitment and investment in bringing technology leaders in and around Postgres into a business like EDB, to help enterprises and customers. And that dynamic intersection between building the core database in the community and addressing customer needs in a business, at that intersection is where the magic happens. And we've been doing that since I joined EDB in 2008; it was really an explicit focus for the company.Corey: I'd like to explore a little bit, well first and foremost, this story of is there a future for running databases in cloud environments yourself? And I have my own angry, loud opinion on this that I'm sure we'll get to momentarily, but I want to start with yours. Who is writing their own databases in the Year of our Lord 2021, rather than just using whatever managed thing is their cloud provider of choice today is offering for them?Ed: Well, let me give you context, Corey, because I think it matters. We've been bringing enterprise Postgres solutions to companies now, since the inception of the company, which dates back to 2004, and over that trajectory, we've been helping companies as they've done really two things: migrate away, in particular from Oracle, and land on Postgres, and then write new apps. Probably the first ten of the last 13 years since I've been in the company, the focus was in traditional on-prem database transformations that companies were going through. In the last three years, we've really seen an acceleration of that intersection of their traditional deployments and their cloud deployments. Our customers now, who are represented mostly in the Fortune 500 and Global 2000, 40% of our customers report they're deploying EDB's Postgres in the cloud, not in a managed context, but in a traditional EC2 or GCP self-managed cloud deployment.Corey: And that aligns with what I've seen, a fair bit. Years ago, I wound up getting the AWS Cloud Practitioner Certification—did a whole blog post on it—not because it was opening any doors for me, but because it let me get into the certified lounge at re:Invent, and ideally charge a battery and have some mostly crappy coffee. The one question I got wrong was I was honest when I answered, “How long does it take to restore an RDS database from snapshot backup?” Rather than giving the by-the-book answer, which is way shorter than I found in practice a fair bit of the time. And that's the problem I always ran into is that when you're starting out and building something that needs a database, and it needs a relational database that runs in that model so all the no SQL options are not viable for whatever reason, great, RDS is great for getting you started, but there's only so much that you can tune and tweak before you start to run into issues were, for particular workloads as they scale-out, it's no longer a fit for a variety of reasons.And most of the large companies that I work with that are heavily relational-database-driven have either started off or migrated to the idea of, “Oh, we're going to run our own databases on top of EC2 instances,” for a variety of reasons that, again, the cloud providers will say, “Oh, that's not accurate, and they're doing the wrong thing.” But, you know, it takes a certain courage to tell a large-scale customer, “You're doing it wrong.” “Well, why is that?” “Because I have things to sell you,” is kind of a terrible answer. How do you see it? Let's not pick on RDS, necessarily, because all of the cloud providers offered managed database offerings. Where do those make sense and where do they fall down?Ed: Yeah, I think many of our customers who made their first step into cloud picked a single vendor to do it, and we often hear AWS is been that early, early—Corey: Yeah, a five-year head start makes a pretty compelling story.Ed: That's right. And let's remember what these vendors are mostly. They are mostly infrastructure companies, they build massive data centers and set those up, and they do that beautifully well. And they lean on software, but they're not software companies themselves. And I think the early implementation of many of our customers in cloud relied on what I'll call relatively lightweight software offerings from their cloud vendor, including database.They traded convenience, ease of use, an easy on-ramp, and they traded some capability in some depth for that. And it was a good trade, in fact. And for a large number of workloads it may still be a good trade. But our more sophisticated customers, enterprise customers who are running Postgres or databases at scale in their traditional environments have long depended on a very intimate relationship with their database technology vendor. And that relationship is the intersection of their evolving and emerging needs and the actual development of the database capabilities in support of that.And that's the heart of who we are at EDB and what we do with Postgres and the many people we have committed to doing that. And we don't see our customers changing that appetite. So, I think for those customers, they've emerged more aware of the need to have a primary relationship with a database vendor and still be in cloud. And so I think that's how this evolves to see two different kinds of services side-by-side, what they really want is a Database as a Service from the database vendor, which is what we just announced here at Microsoft Ignite event.Corey: So, talk to me a little bit more about that, where it's interesting in 2021 to see a company launching a managed service offering, especially in the database space, when there's been so much pushback in different ways against the large cloud providers—[cough] Amazon—who tend to effectively lose sleep at night over the haunting fear that someone who isn't them is making money, somehow. And they will take whatever is available to them and turn it into a managed service offering. That's always been the fear, so people play games with licenses and the rest. Well, they've been running Postgres offerings for a long time. It is an independent open-source project.I don't think you can wind up forcing a license change through that says everyone except big companies can run this themselves and don't do a managed service with it because that cat is very much out of the bag. How is it that you're taking something to market now and expecting that to fare competitively?Ed: So, I think there's a few things that our customers are clearly telling us they want, and I think this is the most important thing: they want control of their data. And if you step back, Corey, look at it historically, they made a huge trade to big proprietary database companies, companies like Oracle, and they made that trade actually for convenience. They traded data to that database vendor. And we all know the successes Oracle's had, and the sheer extraordinary expense of those technologies. So, it felt like a walled garden.And that's where EDB and Postgres entered to really change that equation. What's interesting is the re-platforming that happened and the transformation to cloud actually had the same, kind of, binding effect; we now moved all that data over to the public cloud vendors, arguably in an even stickier context, and now I think customers are realizing that's created a dimension of inflexibility. It's also created some—as you rightly pointed out—some deficiencies in technical depth, in database, and in software. So, our customers have sorted that out and are kind of coming back to middle. And what they're saying is, “Well, we want all the advantages of an open-source database like a Postgres, but we want control of the data.”And so what control looks like is more the ability to take one version of that software—in our case, we're worrying about Postgres—and deploy the same thing everywhere they go. And that opens the door up for EDB to be their partner as a traditional on-prem partner, in the cloud where they run our Postgres and they manage it themselves, and as their managed service, Postgres Database as a Service Provider, which is what we're doing.Corey: I've been something of a bear on the idea of, “I'm going to build a workload to run everywhere in every cloud provider,” which I get. I think that's generally foolish, and people chasing that, with remarkably few exceptions, are often going after the wrong thing. That said, I'm also a fan of having a path to strategic Exodus, where Google's Cloud Spanner is fascinating, DynamoDB is revelatory, Cosmos DB is a security nightmare, which is neither here nor there, but the idea that I can take a provider's offering that even if it solves a bunch of problems for me, well, if I ever need to move this somewhere else for any reason, I'm re-architecting, my data model and re-architecting the built-in assumptions around how the database acts and behaves, and that is a very heavy lift. We have proof of that from Amazon, who got up on stage and told a story about how much they hate Oracle, and they're migrating everything off of Oracle to Aurora, which they had to build in order to get off of Oracle, and it took them three years to migrate things. And Oracle loves telling that story, too.And it's, you realize you both sound terrible when you tell that story? It's, “This is a massive undertaking that even we struggle with, so you should probably not attempt it.” Well, what I hear from that is good God, don't wind up getting locked into a particular database that is only available from one source. So, if you're all-in on a cloud provider, which I'm a fan of, personally—I don't care which one but pick a cloud provider—having a database that is not only going to work in that environment is just a reasonable step as far as how I view things. Trading up that optionality has got to pay serious dividends, and in many database use cases, I've just don't see it.Ed: Yeah, I think you're bringing up a really important point. So, let's unpack it for a minute.Corey: Please.Ed: Because I think you brought up some really prominent specialty database technologies, and I'm not sure there's ever a way out of that intersection and commitment to a single vendor if you pick their specialty database. But underneath this is exactly one of the things that we've worried about here at EDB, which is to make Postgres a more capable, robust database in its entirety. A Postgres superpower is its ability to run a vast array of workloads. Guess what, it's not sexy. It's not sexy not to be that specialty database, but it's incredibly powerful in the hands of an enterprise who can do more.And that really creates an opportunity, so we're trying to make Postgres apply to a much broader set of workloads, from traditional systems of record, like your ERP systems; systems of analysis, where people are doing lightweight analytic workloads or reporting, you can think in the world of data warehouse; and then systems of engagement, where customers are interacting with a website and have a database on the backend. All areas Postgres has done incredibly well in and we have customer experience with. So, when you separate out that core capability and then you look at it on a broader scale like Postgres, you realize that customers who want to make Postgres strategic, by definition need to be able to deploy it wherever they want to deploy it, and not be gated or bound by one cloud vendor. And all the cloud vendors picked up Postgres offerings, and that's been great for Postgres and great for enterprises. But that corresponding lock-in is what people want to get away from, at this point.Corey: There's something to be said for acknowledging that there is a form of lock-in as far as technology selection goes. If you have a team of folks who are terrific at one database engine and suddenly you're switching over to an entirely different database, well, folks who spent their entire career working on one particular database that's still in widespread use are probably not super thrilled to stick around for that. Having something that can migrate from environment to environment is valuable and important. When you say you're launching this as a database as a service offering, how does that actually work? Is that going to be running in your own cloud environment somewhere and people just make queries across the wire through standard connections to the database like they would something locally? Are you running inside of their account or environment? Is it something else?Ed: So, this is a fully-managed database as a service, just like you'd get from any cloud vendor or DBAAS vendor that you've worked with in the past, just being managed and run by EDB. And with that, you get lot of the goodies that we bring, including our compatibility, and all our deep Postgres expertise, but I think one of the other important attributes is we're going to run that service in our clients' account, which gives them a level of isolation and a level of independence that we think is really important. And as different as that is, it's not heroic; it's exactly what our customers told us they wanted.Corey: There's something to be said for building the thing that your customers have said that they want and make sense for you to build as opposed to, “We're going to build this ridiculous thing and we're sure folks are going to love it.” It's nice to see that shaping up in the proper order. And I've fallen victim to that myself; I think most technologists have to some extent. How big is EDB these days?Ed: So, we have over 650 employees. Now, around the world, we have 6000 customers. And of the 650 employees, about 300 of those are focused on Postgres. A subset of that are 30-odd core team members in the Postgres community, committers in the Postgres community, major contributors, and contributors in the Postgres community. So, we have a density of technical depth that is really unparalleled in Postgres.Corey: You're not, for lack of a better term, pulling an Amazon, insofar as you're, “Well, we have three people working on open-source projects, so we're going to go ahead and claim we're an open-source company,” in other words. Conversely, you're also not going down the path of this is a project that you folks have launched, and it claims to be open-source because we love it when people volunteer for for-profit entities, but we exercise total control over the project. You have a lot of contributors, but you're also still a minority, I think the largest minority, but still a minority of people contributing to Postgres.Ed: That's right. And, look, we're all-in on Postgres, and it's been that way since I got here. As I mentioned earlier, I came from Red Hat where I was—I was at Red Hat for a little over six years, so I've been an open-source now for 20 years. So, my orientation is towards really powerful, independent open-source projects. And I think we'll see Postgres really be the most transformative open-source technology since Linux.I think we'll see that as we look forward. And you're right, though, I think what's powerful about Postgres is it's an independent project, which means it's supported by thousands of contributors who aren't tied to single companies, around the world. And it just makes the software—we develop innovation faster, and I think it makes the software better. Now, EDB plays a big part in there. Roughly, a little less than a third of the last res—actually, the 13 release—were contributions that came from contributors who came from EDB.So, that's not a majority, and that's healthy. But it's a big part of what helps move Postgres along and there aren't—you know, the next set of companies are much, much—next set of combined contributors add up to quite small numbers. But the cloud vendors are virtually non-existent in that contribution.Corey: This episode is sponsored in part by something new. Cloud Academy is a training platform built on two primary goals. Having the highest quality content in tech and cloud skills, and building a good community the is rich and full of IT and engineering professionals. You wouldn't think those things go together, but sometimes they do. Its both useful for individuals and large enterprises, but here's what makes it new. I don't use that term lightly. Cloud Academy invites you to showcase just how good your AWS skills are. For the next four weeks you'll have a chance to prove yourself. Compete in four unique lab challenges, where they'll be awarding more than $2000 in cash and prizes. I'm not kidding, first place is a thousand bucks. Pre-register for the first challenge now, one that I picked out myself on Amazon SNS image resizing, by visiting cloudacademy.com/corey. C-O-R-E-Y. That's cloudacademy.com/corey. We're gonna have some fun with this one!Corey: Something else that does strike me as, I guess, strange, just because I've seen so many companies try to navigate this in different ways with varying levels of success. I always encountered EDB—even back when it was EnterpriseDB, which was, given their love of acronyms, I'm still somewhat partial to. I get it; branding, it's a thing—but the folks that I engaged with were always there in a consulting service's capacity, and they were great at this. Is EDB a services company or a product company?Ed: Yeah, we are unashamedly a product technology company. Our business is over 90% of our revenue is annually recurring subscription revenue that comes from technical products, database server, mostly, but then various adjacent capabilities in replication and other areas that we add around the database server itself. So no, we're a database technology company selling a subscription. Now, we help our customers, so we do have a really talented team of consultants who help our customers with their business strategy for Postgres, but also with migrations and all the things they need to do to get Postgres up and running.Corey: And the screaming, “Help, help, help, fix it, fix it, fix it now,” emergencies as well.Ed: I think we have the best Postgres support operation in the world. It is a global 24/7 organization, and I think a lot of what you likely experienced, Corey, came out of our support organization. So, our support guys, these guys aren't just handling lightweight issues. I mean, they wade into the gnarly questions and challenges that customers face. But that's a support business for us. So, that's part and parcel. You get that, it's included with the subscription.Corey: I would not be remembering this for 11 years later, if it hadn't been an absolutely stellar experience—or a horrible experience, for that matter; one or the other. You remember the superlatives, not the middle of the road ones—and if it hadn't been important. And it was. It also noteworthy; with many vendors that are product-focused, their services may have an asterisk next to it because it's either a, “Buy our product and then we'll support it,” or it's, “Ohh, we're going to sell you a whole thing just to get us on the phone.” And as I recall, there wasn't a single aspect of upsell involved in this.It was, “Let's get you back up and running and solve the problem.” Sure, later in time, there were other conversations, as all good businesses will have, but there was no point during those crisis moments where it felt like, “Oh, if you had gone ahead and bought this thing that we sell, this wouldn't happen,” or, “You need to buy this or we won't help you.” I guess that's why I've contextualized you folks as a services company, first and foremost.Ed: Well, I'm glad you have that [laugh] experience because that's our goal. And I think—look, this is an interesting point where customers want us to bring that capability to their managed DBAAS world. Step back again, go back to what I said about the big cloud vendors; they are, at their core, infrastructure companies. I mean, they're really good at that. They're not particularly well-positioned to take your Postgres call, and I don't think they want that call.We're the other guys; we want to help you run your Postgres, at scale, on-prem, in the cloud, fully managed in the cloud, by EDB, and solve those problems at the same time. And I think that's missing in the market today. And we can step back and look at this overall cloud evolution, and I think some might think, “Gee, we're into the mature phase of cloud adoption.” I would tell you, since the Red Sox have done well this year, I think in a nine-inning baseball game—for those of your listeners who follow American baseball—we're in, like, the top of the second inning, maybe. Maybe the bottom of the second inning. So, we've been able to listen and learn from the experiences our customers have had. I think that's an incredible advantage as we now firmly plant ourselves in the cloud DBAAS market alongside our robust Postgres capabilities that you experienced.Corey: The world isn't generating less data, and it's important that we're able to access that in a bunch of different ways. And the last time I really was playing with relational databases, you can view my understanding of it as Excel with a weirder interface, and you're mostly there. One thing that really struck me since the last time I went deep into database-land over in the Postgres-squeal world has been just the sheer variety of native data types that it winds up supporting. The idea of, “Here's some JSON. Take this and store it that way,” or it's GIS data that it can represent, or the idea of having data types that are beyond just string or var or whatever other somewhat limited boolean values or whatnot. Without having just that traditional list, which is of course all there as well. It also seems to have extensively improved its coverage that just can only hint to my small mind about these things and what sort of use cases people are really putting these things into.Ed: Yeah, I think this is one of Postgres' superpowers. And it started with Mike Stonebraker's original development of Postgres as an object-relational database. Mike is an adviser to EDB, which has been incredibly helpful as we've continued to evolve our thinking about what's possible in Postgres. But I think because of that core technology, or that core—because of that core technical capability within Postgres, we have been able to build a whole host of data types. And so now you see Postgres being used not just as the context of a traditional relational database, but we see it used as a time-series database. You pointed out a geospatial database, more and more is a document-oriented database with JSON and JSONB.These are all the things that make Postgres have much more universal appeal, universal appeal to developers—which is worth talking about in the recent StackOverflow developer survey, but we can come back to that—and I think universal applicability for new applications. This is what's bringing Postgres forward faster, unlike many of the specialty database companies that you mentioned earlier.Corey: Now, this is something that you can use for your traditional CRUD app, the my first hello world app that returns something from a database, yeah, that stuff works. But it also, for example, has [cyter 00:25:09] data types, where you can say, give me the results where the IP range contains this address, and it'll do that. Before that, you're trying to solve a whole bunch of very messy things in application logic that's generally awful. The database now does that for you automatically, and there's something—well, it would if I were smart and used it instead of storing it as strings because I make terrible life choices, but for sensible people, it solves a lot of those problems super well. And it's taken the idea of where logic should live in application versus database, and sort of turn a lot of those assumptions I was starting my career with on their head.Ed: Yeah, I think if you look now at the appeal of Postgres to developers, which we've paid a lot of attention to—one of our stated strategies at EDB is to make Postgres easier. That's been true for many years, so a drive for engineering and development here has been that call to action. And if you measure that, over time, we've been contributing—not alone, but contributing to making Postgres more approachable, easier to use, easier to engage with. Some of those things we do just through edb.com, and the way we handle EDB docs is a great example of that, and our developer advocacy and outreach into adjacent communities that care about Postgres. But here's where that's landed us. If you looked at the last Stack Overflow developer survey—the 2021 Stack Overflow developer survey, which I love because I think it's very independent-oriented—and they surveyed, I think this past year was 80,000 developers.Corey: Oh yeah, if Stack Overflow is captured by any particular constituency, it's got to be ‘Big Copy and Paste' that is really behind them. But yeah, other than the cabal of keyboard manufacturers for those copy-and-paste stories, yeah, they're fairly objective when it comes to stuff like this.Ed: And if you look at that survey, Corey, if you just took and summed it because it's helpful to sum it, most used, most loved, and most wanted database: Postgres wins. And I find it fascinating that if you—having been here, in this company for 13 years and watch the evolution from—you know, 13 years ago, Postgres needed help, both in terms of its awareness in the market and some technical capabilities it just lacked, we've come so far. For that to be the new standard for developers, I think, is a remarkable achievement. And I think it's a representation of why Postgres is doing so well in the market that we've long served, in the cloud market that we are now serving, and I think it speaks to what's ahead as a transformational database for the future.Corey: There really is something to be said for a technology as—please don't take this term the wrong way—old. As a relational database, Postgres has been around for a very long time, but it's also not your grandparents' Postgres. It is continuing to evolve. It continues to be there in a bunch of really interesting ways for developers in a variety of different capacities, and it's not the sort of thing that you're only using in, “Legacy environments,” quote-unquote. Instead, it's something that you'll see all over the place. It is rare that I see an environment that doesn't have Postgres in it somewhere these days.Ed: Yeah, I think quite the contrary to the old-school database, which I love that; I love that shade because when you step away from it, you realize, the Postgres community represents the very best of what's possible with open-source. And that's why Postgres continues to accelerate and move forward at the rate that it does. And obviously, we're proud to be a contributor to that, so we don't just watch that outcome happen; we're actually part of creating it. But I also think that when you see all that Postgres has become and where it's going, you really start to understand why the market is adopting open-source.Corey: It's one of those areas where even if some company comes out with something that is amazing and transformatively better, and you should jump into it with both feet and never look back, yeah, it turns out that it takes a long time to move databases, even when they're terrible. And you can lobby an awful lot of accusations at Postgres—or Postgres-squeal—but you can't call it terrible. It's used in enough interesting applications by enough large-scale companies out there—and small as well—that it's very hard to find a reason not to explore it. It's my default relational database when Route 53 loses steam. It just makes sense in a bunch of ways that other things really didn't for me before.Ed: Yeah, and I think we'll continue to see that. And we're just going to keep making Postgres better. And it gets better because of that intersection, as I mentioned, that intimate intersection between enterprise users, and the project, and the community, and the bridge that a company like EDB provides for that. That's why it'll get better faster; the breadth of use of Postgres will keep it accelerating. And I think it's different than many of the specialty databases.Look, I've been in open-source now for 20 years and it's intriguing to me how many new specialty open-source databases have come to market. We tend to forget the amount of roadkill we've had over the course of the past ten years of some of those open-source projects and companies. We certainly are tuned into some of the more prolific ones, even today. And I think again, here again, this is where Postgres shines, and where I think Postgres is a better call for a long-term. Just like Linux was.Corey: I want to thank you for taking so much time out of your day to talk to me about databases, which given my proclivities, is probably like pulling teeth for you. If people want to learn more, where can they find you?Ed: So, come to enterprisedb.com. You still get EnterpriseDB, Corey. Just come to enterprise—Corey: There we go. It's hidden in the URL, right in plain sight.Ed: Come to enterprisedb.com. You can learn all the things you need about the technology, and certainly more that we can do to help you.Corey: And we will, of course, put links to that in the [show notes 00:31:10]. Thank you once again for your time. I really do appreciate it.Ed: Thanks, Corey. My pleasure.Corey: Ed Boyajian, CEO of EDB. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with a long angry comment because you are one of the two Amazonian developers working on open-source databases.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

How the second largest retail registrar handles abuse. Last month, I spoke with Tucows CEO Elliot Noss about DNS abuse in episode 359. Today, Namecheap COO Hillan Klein comes on the show to talk about his company's approach to the challenge. Klein shocked me by saying that Namecheap employs over 120 people to tackle abuse. […] Post link: How Namecheap tackles abuse – DNW Podcast #361 © DomainNameWire.com 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) domainnamewire.com. Latest domain news at DNW.com: Domain Name Wire.

Zales web-site leaking customer data,  FBI Raids POS giant PAX Tech that might be used in Cyber Attacks, Squidgame e-mails offering fake season 2, SK Internet suing Netflix over Squidgame data usage, windows DNS cache needs to flushed, Someone is trying to log-in my Amazon account, How should I backup my data?, My browsing is slow, pictures not displaying, Can I use GOVT provided internet to stream TV? See omnystudio.com/listener for privacy information.

Welcome back to our weekend Cabral HouseCall shows! This is where we answer our community's wellness, weight loss, and anti-aging questions to help people get back on track! Check out today's questions:  Anonymous: I have HSV-1 (genital) and used to have a flare up once a year, then when I developed a Candida problem it has been 3-4 times a year. After getting the covid vaccine, I am now having outbreaks every 2-4 weeks. For the last 6 months I have completely changed my diet to mostly meat and veggies to keep the right ratio of lysine/arginine in my body. I drink acv with gse and cayenne daily. I run three times a week, get enough sleep, take a multivitamin, etc. I cannot figure out what else this increase in outbreaks is from without linking it to when I got vaccinated. I have a stressful job but have had that stress for years so that is not something recent. I feel like I am starting to become depressed with how often I am going through these outbreaks. Do you have any other recommendations or have you heard of the vaccine being linked to more frequent outbreaks at all? I love your podcast and appreciate any advice you have. Shelly: Hi Doc! Thrilled to have this resource to guide my health. Thank you for your selflessness. I am hoping you can help me with the supplements I am taking. I feel I am double-dipping and not taking them at correct times but it's easiest to take them after I break my fast with a smoothie. I am a 44-yr-old female, 5'5”, 130 lbs, very healthy lifestyle. I strength train 3 days/week, HIIT 2 days, rest 2 days. My workouts are 30 min/day. I start my day with a smoothie: almond milk, DNS & lots of fruits and veggies. I am almost 100% DF and GF. I get 7½-9 ½ hrs sleep/night and fall asleep within 2 min. I fast from 7:30pm-11:30am most days & do one 24-hour fast/mo. I was diagnosed with RA 3 years ago and changed my nutrition immediately. I found out 2 yrs ago that I have a hole in my heart that I was probably born with. 14 years ago I began getting 1 ocular migraine every 2 years. Weird. I haven't had one in 2-3 years now. I take Pure Curcumin 500 with Biopterin & Vitamin D3 5,000, Nordic Omega 330 EPA/220 HHA, St. Joseph's Aspirin 81m, Magnesium Oxide 500 mg Zinc 15+by Kal, Equilife mushroom pills. What are your thoughts on my situation? Am I taking too much or not enough of something? Thank you so much. Deanna: hi Dr. Cabral, I had some recent blood work done and it came back with low ferritin and low white blood count. My herbalist said to get a covid antibody test which may account for the low white blood cells. That test was negative. I am wondering what other causes might be? In addition, I also have had a lot of random bruising which seems to have mysteriously started since my partner received his vaccine. I have not taken it myself. On a side note, you have answered my question about fever blisters in the past. I have determined that I would get them any time I was in the vicinity of a cell tower. I started researching EMF sensitivity and found that glutathione and NAC are both helpful for mitigating the effects of EMFs. I have not had one fever blister since taking these two supplements. Coincidence? thank you for you podcast! Deanna Ryan: I've been suffering from severe toenail fungus for well over a year. I've done OAT + mycotoxin combo testing and both showed perfect results. Low/normal yeast, fungal, and mold levels. I've been following a healthy diet & lifestyle for years, have done the CBO protocol in full, and continued to follow the diet template in that protocol for the past 1 year since completing it. I've tried foot soaks, topical creams, ointments, essential oils, and literally dozens of proposed toenail fungus remedies and can't beat this thing. I've done extensive ozone (rectal + topical), h202 therapy, IV vitamin C, nail fungus laser removal, and more. Nothing has worked to eliminate the toenail fungus. I don't have any other symptoms or fungal issues anywhere in/on my body (that I know of). I am at the point of trying oral itraconazole or terbinafine. I have been reluctant up until this point due to potential side effects, but I feel I have exhausted virtually all-natural health options and they do have a high success rate. I'm not looking for any medical advice, simply your personal opinion on oral anti-fungal drugs and what you would do in this situation (hypothetically speaking of course). Lily: Hi Dr.Cabral, Do you have any advice regarding back acne in male adults? My husband has been experiencing a lot of acne all over his back, shoulders, and chest. Some are very deep, and some are blackheads. We have tried soaps for sensitive skins and also acne body washes and spray that contains salicylic acid. Could it be something in his diet? I tried to search your podcast but could not find anything on this specific subject. Thank you so much for your time and your wonderful podcast! Chelsea: Hi Dr. Cabral! Fellow Bostonian living down under in Australia. Sharing your podcast far and wide down here! Thanks for all you do - you're truly amazing at what you do, and so generous to share such in-depth knowledge with the community! I just started the limited yeast protocol after reviewing my labs with your team. Leading up to now I've often used a high quality flavourless collagen protein/beef gelatin powder made of bovine hides (see below for link) as I'm mostly plant based but struggle to digest plant proteins. Would this disrupt the CBO/limited yeast protocol or hinder my results? I often put in smoothies as I like that it's tasteless which I like, but don't want to compromise my results. I take the daily nutritional support separately in a little shake with water as I like the fresh unflavoured taste of fresh fruit and veg in a smoothie. Also just curious why things like nuts, seeds, red meat, and bone broth aren't allowed during limited yeast protocol as I wouldn't have associated them with high yeast! Thanks again for all you do and for the time you spend sharing with the community! Thank you for tuning into today's Cabral HouseCall and be sure to check back tomorrow where we answer more of our community's questions!  - - - Show Notes & Resources: http://StephenCabral.com/2094 - - - Get Your Question Answered: http://StephenCabral.com/askcabral   - - - Dr. Cabral's New Book, The Rain Barrel Effect https://amzn.to/2H0W7Ge - - - Join the Community & Get Your Questions Answered: http://CabralSupportGroup.com - - -  Dr. Cabral's Most Popular At-Home Lab Tests: > Complete Minerals & Metals Test (Test for mineral imbalances & heavy metal toxicity) - - - > Complete Candida, Metabolic & Vitamins Test (Test for 75 biomarkers including yeast & bacterial gut overgrowth, as well as vitamin levels) - - - > Complete Stress, Mood & Metabolism Test (Discover your complete thyroid, adrenal, hormone, vitamin D & insulin levels) - - - > Complete Stress, Sleep & Hormones Test (Run your adrenal & hormone levels) - - - > Complete Food Sensitivity Test (Find out your hidden food sensitivities) - - - > Complete Omega-3 & Inflammation Test (Discover your levels of inflammation related to your omega-6 to omega-3 levels) - - - > View all Functional Medicine lab tests (View all Functional Medicine lab tests you can do right at home for you and your family)

How Ransomware, Trojanware, and Adware Hurt You. And Why ExpressVPN Isn't Safe to Use. Ransomware, Trojanware Adware. What's the difference between these different types of malware.? And when it comes down to our computers, which should we worry about the most and which should we worry about the most? [Automated Transcript Follows] [00:00:17] There are a lot of different types of malware that are out there and they're circulating and scaring us. [00:00:23] And I think for good reason, in many cases, ransomware of course, is the big one and it is up, up, up. It has become just so common. Now that pretty much everybody is going to be facing a serious ransomware attack within the next 12 months. The numbers are staggering. And what are they doing while now they're getting you with the double whammy. [00:00:50] The first whammy is they encrypt your data. Your computers are encrypted, everything on them. So you can't use them anymore. Bottom line. Yeah, they'll boot they'll run enough in order to be able for you to pay that ransom. But any document that you might care about, any PDF, any word doc, and the spreadsheet is going to be encrypted. [00:01:14] And the idea behind that is. You have to pay in order to get that decryption key about 50% of the time. Yeah. About half of the time. Even if you pay the ransom, you'll get your data back the rest of the time. No, you you'll never see it again. So what do you do about that type of ransomware? Well, obviously most people just pay the rent. [00:01:39] But that's gone up as well. We've seen over a hundred percent increase in the amount of ransom people happy. So what's the best thing to do. What's the easiest thing to do in order to help you with this type of ransomware while it's obviously to have good backups. Now I'm going to be doing a bootcamp. [00:02:00] We're going to talk about this and a workshop. I really want to get going with these one week long workshops. So we'll do a, at least a couple of times a month in these boot camps that we'll do pretty much every week here, but they're coming up fairly soon. You'll only know about them. If you are on my email list, that is Craig peterson.com and the number one thing that you can do to. [00:02:27] You when you're hit with this type of rent somewhere, because if you're not taking all of the other precautions, you should be digging under really good that you're going to get hit the better than 50%. And once you do is have a good backup, and I want to warn everybody because I've seen this again and against people just keep making this mistake, probably because they don't get it. [00:02:51] They don't understand why and where and how, when it comes to ransom. The mistake is they do a backup to a local desk. Now, many times the backup is on a thumb drive or USB drive. So you just go to the big box store. You go to Amazon, you order an external drive. You're just amazed how cheap they are. [00:03:16] Nowadays. Once you've got that drive, you plug it in. You turn on some backup software. Maybe it's something you've used for some years, maybe. If you have a Mac, you're just using the built-in backup software. Even the windows operating system now comes with some built-in backup and you think you're off and running because every so often it back. [00:03:40] If we're using a Mac is smart enough to not only back up your whole machine, but as you're editing files, it's going to go ahead and make a backup of that file as you're editing it. So if there is a crash or something else, you're not going to lose much. I just love the way apple does that. Huge problem. [00:03:59] Because if the disc is attached to your machine, or let's say that disc is on a file server, cause you're smart, right? You set up some network attached storage of some sort and your machine has access to it. And so you're sending it off of your machine to a central. Well, you still got a problem because if your machine can read or more particularly right to a location on your network or locally, that ransomware is going to also encrypt everything, it can find there. [00:04:37] So, if you are sharing a network drive and you get ransomware, when you remember the odds are better than 50%, you're gonna get it. Then what happens? What would this type of ransomware it not only encrypts the files on your computer, but encrypts them on the backup as well. And it also encrypts them on any of the. [00:04:58] File servers or network attached storage the, to have on your network. So now everything's encrypted. You wonder why someone and people pay the ransom? Oh, that's a large part of the reason right there. And I keep saying this type of ransomware because there isn't another type of ransomware and they usually go hand in hand. [00:05:21] The bad guys were not making enough money off of holding your files. Rants. So the next thing the bad guys have done is they've gone to a different type of extortion. This one is, Hey, if you don't pay us, we are going to release your files to the world. Now they might do it on a dark website. They might do it on a publicly available site, which is what many of them are starting to do now. [00:05:51] And you're going to either be embarrassed or subject to a lot of fines or both, because now if your files have. Confidential information. Let's say it's your intellectual property. Now, anybody who bothers to search online can find your intellectual property out there. If you have anything that's personally identifiable information. [00:06:18] And it gets out. Now you are subject to major fines. In fact, in some states like California and Massachusetts, you are subject to fines. Even if the bad guys don't post it online. So that's the second type of ransomware and it's a bad type. And usually what'll happen is the bad guys, get their software on your machine and they can do it in a number of different ways. [00:06:45] One of the popular ways to do it now is to just break in because. Our businesses, we've, we've set up something called remote desktop, and we're using remote desktop for our users to get in. And maybe we're using some form of a VPN to do it with, or maybe we've made the mistake of using express VPN. And, uh, we have that now connected up to our homes and we think that that's keeping us safe. [00:07:13] And I got a few things to say about that as well. These VPN services. What happens now while Microsoft remote desktop has been under major attack and there are some major flaws. Some of these were patched more than a year ago now, but according to recent studies, 60%, almost two thirds of businesses have not applied the patches. [00:07:42] You know, th this is basic stuff. And I understand how hard it can be and it can be confusing and you can break your systems, but you have to weigh that against well, what's going to happen if our systems are broken into, because we didn't apply the patch. So that's the second type of ransomware and that's what most people are afraid of and for good reason. [00:08:07] And one of the things we do for businesses and we do ransomware audits, we have a look at your systems, your firewalls, et cetera, and make recommendations to. Man. I got to talk about this too, cause it really upset me this week. I signed up for a webinar just to see what was going on. There's a company out there that sells these marketing systems to managed services providers. [00:08:33] And I, I, I had to turn it off like instantly because it was just such. Garbage that they were telling managed services providers MSPs to do. I couldn't believe it. So this guy was talking about how, again, I turned it back on and I said, Hey, I've got to watch us anyways, because I need to know what's going on. [00:08:54] And this guy was telling these managed services providers, how they can double their clothes. I couldn't believe this guy. Cause he was saying that what they do is they offer to do a ransomware audit for businesses and they say, normally we charge $6,000 to do a ransomware audit, but I tell you what we'll do it for you for. [00:09:20] Now, this is a guy that he had an MSP managed services provider. Apparently he had started it and he was bringing in more than $1 million per month in revenue. Can you imagine that monthly recurring revenue over a million dollars? And so he's telling people businesses, Hey, I have a $6,000 audit that we'll do. [00:09:47] For free, Hey people, how long have we said, if you're not paying for something your, the product remember Facebook, right? Google, Instagram, all of those guys, Twitter, you don't pay for it, but your information is the product. So what's this guy doing well, guess what? His audit, it's going to show his audit. [00:10:10] It's going to show that you need him. And he's sucked in hundreds of businesses and he didn't even know what he was doing when it came to the audits or protecting them. It is insane. What's going on out there. I am ashamed of my industry, absolutely ashamed of it. You know, I've got my first attack, successful attack against my company back in 91 92. [00:10:42] And I learned this stuff because I had to, and I help you guys because I don't want you to get stuck. Like I was so important, important word of advice. If you want to nod it, go to someone that charges you for the audit. That's going to do a real one. It's going to give you real advice that you can really need and use rather than, Hey, you knew do use me. [00:11:11] Because my free audit tells you so, so many scams. [00:11:15] What is ad where in what is crypto, where these are two types of real, kind of bad things. Won't gray areas, things that are hurting us, our mobile devices, our businesses. And our homes. [00:11:32] Adware is also a type of malware that's been around a long time. But it does live in a gray area. [00:11:42] And that gray area is between basically marketing and, uh, well outright fraud. And I don't even want to call it just marketing because it's very aggressive market. What they will do with add where is they? They will have some JavaScript code or something else that's embedded on a webpage, and that's usually how you get it. [00:12:09] And then once it's in, in your browser, it sits there and it pops up things. So it'll pop up an ad for this, pop up an ad for that, even if it's. Uh, part of the site that you're on right now, and it can live for months or years on your computer. We've known for a long time about ad where on the windows environment and how it has just been just terribly annoying at the very least Microsoft and genetic Explorer. [00:12:40] One of the worst web browsers ever. Perpetrated on humankind was well-known for this. And of course, Microsoft got rid of internet Explorer, and then they came up with her own symposer browser, the edge browser that was also openly scorned. And so Microsoft got rid of their edge browser and switched over to basically Google Chrome chromium, and then changed his name to the edge browser. [00:13:11] And so you think you're running edge, but you're kind of not, you kind of are. So they did all of that in order to help with compatibility and also to help with some of these problems that people have had using that Microsoft browser online, very, very big problems. So what can you do about it and what does it do to you and where can be very. [00:13:37] You might've had it before words always popping up again and again and again on your browser, just so crazy knowing it it's insane, but it can also be used to spy on where you're going online and potentially to, to infect you with something even worse. Sometimes some of this ad where we'll purposely click on ads, that the people who gave you the ad were, are using as kind of like a clickbait type thing. [00:14:09] So you go to a website and it was. Automatically click certain ads and click on unbeknownst to you, right? It's as though you went there so that people have to pay for that ad. And sometimes aids are very, very complicated. Sometimes they'll use. In order to drive a competitor out of business or out of the market, because the ads are so expensive because so many people are supposedly clicking on the ads. [00:14:40] But in reality, you didn't click on the ad. You're not going to see that page that you supposedly clicked on, and it's going to cost that advertiser money, whole bunch of money. You might not care. Right. But it is. Ad ware over on the Mac, however, is the only real malware menace at all I had to where is something that choosed fairly frequently on the Mac? [00:15:09] It is pretty darn easy to get rid of. And as a general rule, it doesn't work very well on the Mac. Although I have seen some cases where it got very, very sticky. Where someone ended up installing it, it wasn't just running in the browser, but they installed it on their Mac, which is something you should never do. [00:15:29] But apple has some things in place to help stop any of this from happening. And it's gotten a lot better. I haven't seen this problem in a couple of years, but apple is using the signature based blocking technology called export. They also have at apple, this developer based notarization of apps. And so the run of the mill malware, which includes most of this Al where really can't find a foothold. [00:15:57] But I want to remind everybody that if they can get Al add where onto your computer, they might be able to get something worse. So you really got to keep an eye out for no two ways about it. There are some companies out there, for instance, there's this one. Parrot, which is a program linked to this Israeli marketing firm that gains persistence on your browser and potentially could gain root access to the Mac system. [00:16:30] So careful, careful on all fronts now. Anti-malware stuff that we use for our clients is called amp, which is an advanced malware protection system. That's been developed by our friends over at Cisco it's amp is very, very good. Unfortunately, you cannot get it unless you buy it from somebody like us and you have to buy so many seats for some of this stuff, it gets gets expensive quickly. [00:17:00] Um, if you can't do that much, a lot of people like Malwarebytes, there are some very good things about it, but be careful because in order for this to work, this is Railey parrot software to work. It has a fake install. So again, it's just be careful if you know how apple installed software, you know that unless you have instigated it, it's not going to be installed. [00:17:30] You're not just going to see an installer. And say, Hey, we're apple install us. Right? Apple just does it in the background when it comes to updates patches. But they're very sneaky here trying to install things like the Adobe floor. Player, which has been deprecated. Deprecated is completely now gone from Mac systems and from windows systems, you should not be using flash at all anymore. [00:18:02] It was very, very bad. So up becomes you, you go to wound stole the leaders flash player, or, and I'm sure they're going to change this or something else, right? It won't be flashed in a future. It'll be a Adobe. Would you also don't need on a Mac. So anyhow, that's what you got to be careful of ad were still a big problem in windows. [00:18:25] Not much as much as it used to be. Uh, thanks to the change to Google Chrome, which Microsoft has rebranded as of course its own edge browser. Much of a problem at all on Macs, but be very, very careful in either platform about installing software that you did not start installing. Now earlier this year, there's a security firm called red Canary that found something that's been named silver Sparrow. [00:18:58] That was on a. 30,000 Mac computers. And apparently the developers for this malware had already adapted it to apples and one chip architecture and have distributed this binary, this program as a universal binary. Now in the macro, the member doesn't just use Intel. It used to use power PCs and then it used Intel. [00:19:21] And now it's using its own architecture for the chips themselves. So a universal binary is something that will run on Mac Intel based and Mac architecture base. But, uh, the bottom line is that this proof of concept. Malware, if you will had no payload. So we know it's out there, we seen it now on almost 30,000 Mac computers, but at this point it's not really doing much, much at all. [00:19:53] So. These are malicious search engine results and they're directing victims to download these PKGs, which are Mac packaged format installers based on network connections from your browser shortly before download. So just be very careful about all of that. It can be something as annoying as malware or something as a malicious. [00:20:17] Well, potentially as ransomware. Particularly if you're running windows, Hey, if you want to find out more about this, if you want to get into some of my free courses here, we got free boot camps coming up. Make sure you go to Craig peterson.com/subscribe. More than glad to send you my show notes, a little bit of training, and of course, let you attend these free bootcamps that are now to sell you stuff, but solve problems for you. [00:20:49] Hey, if you use VPNs to try and keep yourself safe, particularly if you use express VPN. Wow. What just came out is incredible. It is anything but safe and secure. [00:21:06] Express VPN was purchased by a company called Cape K A P E. Cape is a company that had changed its name because oh, things were bad. [00:21:19] Right. It was originally founded under the name of cross writer. And you might've seen notices from your anti-malware software over the years for everything from Malwarebytes on saying that, oh, it blew up. To this cross writer piece of malware, most of the time it's ad ware, but it is really interesting to see because this company was founded by a person who was part of the Israeli secret service. Right? So it wasn't of course not. It's not called the secret service over there in Israel. And it, frankly, it compares to our NSA, you know, no such agency. Yeah. It's part of unit 8,200 in the Israeli intelligence military. And it's been dubbed, of course, Israel's NSA. Teddy Saggy, which was one of these investors also was mentioned in the Panama papers. [00:22:24] Remember those? We talked about those back in 2016, those were leaked and that showed these law firm, this one particular law firm in panel. And that we're sheltering assets for people all over the world. And so now that express VPN is owned by this company that is, this company built entirely by intelligence agents for almost a billion. [00:22:55] Dollars in cash and stock purchases. That's a much, they sold express VPN for almost a billion dollars, which is kind of crazy when you think of it as a VPN service, but makes a lot of sense. If you're going to want to monitor what people are doing, where they're going, maybe even break into their systems or better choice than a VPN provider and the. [00:23:20] The company has been buying up VPN providers and is now the proud owner of express VPN. If you attended my VPN workshop that I had, oh, it's probably been a year and I'm going to start doing these again. I promise, I promise. I promise, but you know how much I just like VPNs. In fact, one of you guys, I'm sorry, I forgot your name. [00:23:46] Send me. A couple of weeks ago now about VPNs and saying, I know how much you disliked VPN look at this article. And it was talking about this whole thing with express VPN. So they just now all over the place, the discussions online about what. Been to hear who the founder was, the CEO, the CTO, this growing portfolio that they have in Sunbrella of ownerships, that now is centralized in a multiple VPNs. [00:24:15] Now, Cape technology only started acquiring VPN companies about four years ago. And they've been in business now for over a decade. And what were they doing before? They started buying VPN companies? While they own VPN companies. Oh, they were a major manufacturer and distributor of. Malware of varying types. [00:24:40] Now the first part of the show today, of course, I was explaining some of the differences, like ad words, et cetera, so that you could understand this story. Right? Ghulja that? So you can understand this. That's what these guys have been doing. It's absolutely crazy. So the F the co-founder of Cape technology and former CEO started his career in information technologies while serving in the Israeli defense forces. [00:25:08] As I mentioned, Israeli intelligence Corps under unit 8,200 it's that unit is responsible for. Dean what's called signal intelligence and data decryption. Now we have signal intelligence here as well, and that's basically intercepting signals, figuring out what's being said, what's going on? Where they are, the size of the forces, et cetera. [00:25:32] I have a friend of mine, a young lady who is in signal intelligence in, I think it's the Navy, but every part of our military has it is. However, our military doesn't directly control VPM services like express VPN that can be used in a very big spike capacity. That's what I'm really concerned about. Now. I also, I found an interesting article on zero hedge about this, uh, you know, this company express, VPN being acquired. [00:26:06] But they're also pointing out that companies that were founded by former operatives of unit 8,200. That again, the Israeli version of the NSA included. Ways Elbit systems, which is right in my hometown of Merrimack, New Hampshire and slews of other startups now ways. Right. I, I used ways I recommended people to use it and of course, Google bought it a few years back and that's when I stopped using it, but it was really nice. [00:26:39] It worked really well. And I had no idea the information was likely going to. The Israeli defense Corps. Oh my goodness. There's spy agencies, uh, and a bunch of other startups, by the way. It's estimated that there have been over 1000 stack tech startups that came out of the people working at unit 8,208. [00:27:07] Again, they're CIA NSA, uh, guys, their spine on everybody. You can, you believe that? And they've been bought by a mentioned Google, but other companies like Kodak, PayPal, Facebook, Microsoft have bought them. So in addition to the thousands of companies, according to zero. Uh, unit 8,200 has also fostered close working relationship with the U S government, which you would expect, right? [00:27:33] Edward Snowden. You remember him? He disclosed leaked documents. He obtained, which included an agreement between the NSA and the Israeli defense force. The agreement showed that the U S intelligence. Agency would share information. It collected under domestic surveillance operations with it. Israeli counterpart. [00:27:53] You remember we talked before about the five eyes, seven eyes searching eyes. It's up in the twenties. Now these countries that spy on each other citizens. For the other countries, right? Yeah. Your information might not be collected by the U S government, but the U S government gets it by buying it from private contractors, which it says it can do because we're only barred from collecting it ourselves. [00:28:17] We can use private contractors that collected on you. And also by going in partnership with foreign government. Because again, we can't collect that information, but we can certainly have the Israelis or, or the Brits or the Australians or Canada. They could collect it from. Can you believe this, how they're just stretching these rules to fit in what they want to fit. [00:28:39] Okay. Completely ignoring not only the constitution, but the laws of the United States. It's, it's just absolutely incredible. So critics of this unit, Eddy 200 attested that the Israeli intelligence outfit routinely uses the data received from the NSA by providing it to. Politicians Israeli politicians for the basics of blackmailing. [00:29:06] Yes. Blackmailing others. Yes. Indeed. Other whistle blowers have revealed any two hundreds operations have been able to disrupt Syrian air defense systems, hack Russia. Cap Kaspersky labs. You remember I told you guys don't use Kaspersky antivirus and has outfitted several Israeli embassies with Glendale, seen surveillance systems, cleanse Stein. [00:29:31] However you want to pronounce it. By the time Cape technologies acquired his first VPN company. Uh, the CE original CEO had left and he went on to found cup pie before leaving as it CEO in 2019, it goes on and on, uh, bottom line gas, SWAT express VPN, which is advertised by so many conservatives. Now looks like it is actually part of a spy operation. [00:30:01] So sign up now. Craig peterson.com. Craig peterson.com/subscribe. You're going to want to attend my free VPN webinar. Hey, I don't have anything to sell you when it comes to VPNs. I just want you to know the truth. [00:30:17] Labor shortages are making businesses turn direction. And now that we're laying off people or firing them because they didn't take the jab, what are businesses going to do? Well, I have news for you that reduced workforce, well, guess what?. [00:30:34] U.S. Businesses are really seriously moving to automation. [00:30:39] Now they've been doing this since the start of this whole lockdown. They were doing it even before then. I tell the story of when I was in France, a boom went four or five years ago now, and I stayed off the beaten path. I was not in the touristy areas. I speak French. So I went just where the. I decided to go, my wife and I, so we rented a car and we spent a month just kind of driving around where do we want to go next to, or do we want to go next? [00:31:08] It was a whole lot of fun. And while we were there on a Sunday, I came to realize that these small French towns have no restaurants open on Sunday, nothing at all, talking about a bit of a culture shock. That's not true. There was one restaurant opened in the town and that restaurant was, and McDonald's. [00:31:30] So when I go to McDonald's here a few years ago in France, central France. And when I walk in, there's nobody at the counter, but they're all. Oh, half a dozen kiosks out front. So you go and you order your hamburger, whatever might be, or your drinks, et cetera, right there in the kiosk, you pay for them riding the kiosk. [00:31:53] And there's some people working out back that are then making the hamburgers or the milkshakes or coffee, whatever you ordered and bringing it up to the front. And then they just put her right there for you to grab that simple. And this was of course, pre. Down days, I assume that it has gone even more automated. [00:32:14] Uh, they're in France, but hard to say. And I've seen the same thing here in the us. I was out in Vermont just about a month ago and I was riding with a buddy of mine, motorcycle riding, couple of buddies, actually. And we stopped in this small. Town. And we went to this little breasts, breakfast restaurant and the breakfast restaurant had maybe four or five tables inside. [00:32:42] And you just sat at the table. No waitress came up, but there's little sign with the QR code. So it said a scan, the QR code to get started. So you scanned it, it knew based on the QR code, which table you were at, and it showed you the menu that was in effect right then and there. So the lunch menu or the breakfast or the all day, you got to pick it and then you selected what you wanted. [00:33:08] It used whatever payment you wanted. I used apple pay. And in order to pay for my breakfast and my buddy ordered what he wanted. And then out came a waitress who delivered the food. Once it was already in the drinks, it was very automated. It allowed them to cut back on some people and others, this small restaurant, they probably had one last waitress, but when you kind of had in the shifts. [00:33:33] Days and vacation days is probably two waitresses. So they're saving some serious money because a system like this that you just scan a QR code and do the order and it prints up in the kitchen is cheap compared to hiring. Well, of course, it's hard to hire people, especially in the restaurant industry nowadays heck and in my business where we go in and we do analysis of computer networks and systems, it's almost impossible to find people that are really well qualified that understand the regulations that apply to these different businesses. [00:34:10] So it's like, forget about it. There's more than a million of these jobs open right now. And just in this cybersecurity. Well, September mark, the end of the real lockdown induced unemployment benefits workers. Didn't just flood the labor market as we kind of expected. And we have now few, we have more people now. [00:34:38] Who are out of the workforce. Who've decided not to look for a job than we did in 2008. So that's telling you something 2008 during the great recession. Interesting things are about to happen, but there's a great little article that I found in. Times this week, and it's talking about this quality local products company out of Chicago, the prince logos on merchandise, like t-shirts water bottles, you know, the little stress balls, all of that sort of stuff. [00:35:10] And he said prior to the pandemic, we had over 120 employees. That's the co-founder talk in there. And he said, Primary focus was on growth. We simply plugged any holes or any efficiencies that we could along the way with human capital, bringing people in. But once the lockdown happened, of course, all of a sudden now you don't have the access to employees you had before. [00:35:36] So they had a huge decrease also in business. So those two went hand in hand. They let a lot of people go and they use the opportunity to program many of the previous manual and human controlled activities into computers. So now 18 months later, yeah, two weeks to flatten the curve. Right? 18 months later, the company employees, 83 workers. [00:36:03] And as managing a workload, that's pretty much the same as pre lockdown. So they went from over 120 employees down to 83. So basically they cut 40 employees from the workforce. That's a whole lot of quarter of the workforce gone. They don't need them anymore. So that's going to help produce more profits for them. [00:36:27] A lot more profits. Cause usually automating. Yeah, it can be painful, but it usually has major paybacks and that's exactly what it had for them. And they're saying that they anticipate that they can reduce employees even more by the end of this year and get their head count below. 50 now 50 is a magic number. [00:36:48] So it was a hundred when it comes to employees. Well, one is like the biggest magic number because when, once you have one employee, you all of a sudden have to comply with all kinds of rules, regulations, state, local, federal. But if you hit 50 employees, you have the next step of major new regulations that are gonna affect your business. [00:37:09] And then when you hit a hundred employees, Even more, so many people try and keep their businesses below 50 employees because it's just not worth it to have all of those regulations, additional regulation, taxes, and everything else. Another company, this is a California based property management. The managing more than 90,000 commercial and residential properties. [00:37:33] And what they've done is they added a chat feature to the website, the company's called sea breeze. And he says, even though we have the live chat, you can still reach us outside of business hours. Well, You are using the chat or you can call us either way, but they're saying people like the simple form and someone gets back to them as soon as they can. [00:37:57] So they're avoiding now having staff available 24 7 to respond to chat messages and to respond to the voicemails and phone calls that come in. So it's pretty good all the way around, frankly, new shopping models are in place. I'm looking at a picture of a business and it has. Of course, a window up front and in the window they have jewelry. [00:38:21] This is a jewelry store and they've got QR codes in front of each of these pieces of jewelry right on the inside of the window. So if you're interested in finding out more about that piece of jewelry, Just scan the QR code. It'll take you to the right page on their website and we'll even let you buy the jewelry and they will mail it to you again. [00:38:46] How's that for? Great. If you have a business in a tourist jury area and you don't want to be open until 11:00 PM at night, your story can keep selling for you. Even when you're close. This is window shopping, taken to an extreme, very simple. To do as well. This company is called full me waiter. Obviously they've got a bit of a sea theme here. [00:39:10] So once someone orders the jewelry and the other merchandise sent right to them, or they can have it set for pickup in the store, when they next open it's phenomenal. They're calling. Alfresco shopping space, right from the sidewalk. So businesses again are returning to pre pandemic levels and he, this guy is available in the store by appointment only he's loving it. [00:39:37] And he says that customers have been so satisfied with this QR code window shopping contract. That he wrote a guidebook. You can get it@scantshopsolution.com or excuse me, scan, just shop solution.com. I misread that. So any retailers who want to use this method, if you don't know what QR codes are, or you don't know how to code it into a website, et cetera, she's got webinars she's taught on it and she's got the guide book. [00:40:05] I think this is great. Right? So she's now making some money on. Explain to other people, how she did this. It's phenomenal across industries. Epic times is saying the staffing shortages could be temporary, but as firms are further embracing, embracing automation and all of its benefits, some of these jobs that people just don't want anymore may actually be going away. [00:40:33] And I think this is ultimately a problem. We had, uh, you know, again, I'm older generation, right? Us baby boomers. We had opportunities when we were younger. I had newspaper routes. I had the biggest drought in the area. I can't remember. It was like 120 homes. It was huge. It took me hours to do, but I made money. [00:40:56] I learned how to interact with people. I knew, I learned how to do bill collection, how important it was not to let customers get too far behind on their bills. Although I have been slack on that one, I'm afraid, but it helped me out a lot. So, what are kids going to do that need to learn a work ethic that need to be able to have a job, make the mistakes, maybe get fired a once or twice or, or three times maybe learn how to interact with customers. [00:41:27] Everyone, I think can benefit from some retail experience. Get that when you're young and if these jobs don't exist, then. Or the younger generations here, are they just going to be trying to find jobs they can do with Instagram? Right? They're all I know. A few kids who have said, well, I'm a social media influencer and you look them up and okay. [00:41:50] So they got a thousand people following them. I have far more than that, but you know, it, that's not a job. It's not going to last. Your looks are only going to last so long. Right now you start having a family and you start working hard outdoors, et cetera. There's a lot of things that make that all go away. [00:42:09] So I think many businesses now we're going to continue to accelerate our plans program out and. A lot of weld pain positions, as well as these entry-level positions in the next five or 10 years. Really? I don't even know if it's going to be 10 years retool retrain our workforce, or everyone's going to be in for a world of hurt. [00:42:33] Hey, make sure you subscribe. So you're not in a world of hurt. Get my latest in news, especially tech news and cybersecurity. Craig peterson.com. [00:42:46] In this day and age, if you don't have a burner identity, you are really risking things from having your identities stolen through these business, email compromises. It's really crazy. That's what we're going to talk about. [00:43:03] An important part of keeping ourselves safe in this day and age really is con to confuse the hackers. The hackers are out there. They're trying to do some things. For instance, like business, email compromise. It is one of the biggest crimes out there today. You know, you hear about ransomware and. It hits the news legitimately. [00:43:26] It's very scary. It can really destroy your business and it can hurt you badly. If you're an individual you don't want ransomware. Well, how about those emails that come in? I just got an email in fact, from a listener this week and they got a phone call. His wife answered and it was Amazon on the phone and Amazon said, Hey, listen, your account's been hacked. [00:43:54] We need to clear it up so that your identity doesn't get stolen. And there's a fee for this. It's a $500 fee. And what you have to do is just go to amazon.com. Buy a gift card and we'll then take that gift card number from you. And we'll use that as the fee to help recover your stolen information. So she went ahead and did it. [00:44:20] She went ahead and did all of the things that the hackers wanted and now they had a gift card. Thank you very much. We'll follow up on this and. Now she told her husband, and of course this isn't a sex specific thing, right. It could have happened to either one. My dad fell for one of these scams as well. [00:44:44] So she told her husband or her husband looked at what had happened and said, oh my gosh, I don't think this is right. Let me tell you, first of all, Amazon, your bank, various credit card companies are not going to call you on the phone. They'll send you a message right. From their app, which is usually how I get notified about something. [00:45:10] Or they will send an email to the registered to email that. Uh, that you set up on that account. So that email address then is used by them to contact you right. Pretty simple. Or they might send you a text message. If you've registered a phone for notifications, that's how they contact you. It's like the IRS. [00:45:35] I was at a trade show and I was on the floor. We were exhausted. And I got no less than six phone calls from a lady claiming to be from the IRS and I needed to pay right away. And if I didn't pay right away, they were going to seize everything. And so all I had to do. Buy a gift card, a visa gift card, give her the number and she would use that to pay the taxes it and this lady had a, an American accent to one that you would recognize. [00:46:10] I'm sure. And it's not something that they do now. They do send emails, as I said. So the part of the problem with sending emails is, is it really them? Are they sending a legitimate email to a legitimate email address? Always a good question. Well, here's the answer. Yeah, they'll do that. But how do you know that it isn't a hacker sending you the email? [00:46:42] It can get pretty complicated. Looking into the email headers, trying to track. Where did this come from? Which email servers did it go through? Was it authenticated? Did we accept? Did the, uh, the provider use proper records in their DNS, the SPIF, et cetera, to make sure that it's legitimate. Right? How do you follow up on that? [00:47:07] That's what we do for our clients. And it gets pretty complicated looking at DKMS and everything else to verify that it was legitimate, making sure that the email came from a registered MX server from the, the real center. There is a way around this. And this has to do with the identities, having these fake burner identities. [00:47:33] I've been doing this for decades myself, but now it's easy enough for anybody to be able to do. There are some services out there. And one of the more recommended ones. And this is even the New York times, they have an article about this. They prefer something called simple log-in. You can find them online. [00:47:57] You can go to simple login dot I O. To get started now it's pretty darn cool. Cause they're using, what's called open source software it's software. Anybody can examine to figure out is this legitimate or not? And of course it is legitimate, but, uh, they it's, it's all out there for the whole world to see. [00:48:17] And that means it's less likely in some ways to be hacked. There are people who argue that having open source software means even more. In some ways you are, but most ways you're not, anyways, it doesn't matter. Simple login.io. Now, why would you consider doing this? Uh, something like simple login? Well, simple login is nice because it allows you to create dozens and dozens of different email address. [00:48:51] And the idea is with simple log-in it will forward the email to you at your real email address. So let's say you're doing some online shopping. You can go ahead and set up an email address for, you know, whatever it is, shopping company.com, uh, that you're going to use a shopping company.com. So you'd go there. [00:49:13] You put in two simple log-in, uh, I want to create a new identity and you tag what it's for, and then you then go to some, um, you know, shopping company.com and use the email address that was generated for you by simple login. Now you're a simple login again. Is it going to be tied into your real email account, wherever that might be if using proton mail, which is a very secure email system, or if using outlook or heaven forbid Gmail or one of these others, the email will be forwarded to you. [00:49:52] You will be able to see that indeed that email was sent to your. Shopping company.com email address or your bank of America, email address, et cetera, et cetera, that makes it much easier for you to be able to tell, was this a legitimate email? In other words, if your bank's really trying to get ahold of you, and they're going to send you an email, they're going to send you an email to an address that you use exclusive. [00:50:22] For bank of America. In reality, you only have the one email box that is over there on wherever proton, mail, outlook, Gmail, your business. You only have that one box you have to look at, but the email is sent to simple login. Does that make sense? You guys, so you can create a, these alias email boxes. It will go ahead and forward. [00:50:49] Any emails sent to them, to you, and you'll be able to tell if this was indeed from the company, because that's the only place that you use that email address. That makes it simple, but you don't have to maintain dozens or hundreds of email accounts. You only have the one email account. And by the way, you can respond to the email using that special aliased email address that you created for the shopping company or bank of America or TD or whomever. [00:51:22] It might be, you can send from that address as well. So check it out online, simple log-in dot IO. I really liked this idea. It has been used by a lot of people over, out there. Now here's one other thing that it does for you, and this is important as well. Not using the same email address. Everywhere means that when the hackers get your email address from shopping company.com or wherever, right. [00:51:56] pets.com, you name it. They can not take that and put it together with other information and use that for business, email compromise. Does that make sense? It's it makes it pretty simple, pretty straightforward. Don't get caught in the whole business email compromise thing. It can really, really hurt you. [00:52:19] And it has, it's one of the worst things out there right now, dollar for dollar it's right up there. It, by the way is one of the ways they get ransomware into your systems. So be very careful about that. Always use a different email address for every. Website you sign up for. Oh, and they do have paid plans like a $30 a year plan over at simple IO will get you unlimited aliases, unlimited mailboxes, even your own domain name. [00:52:50] So it makes it pretty simple, pretty handy. There's other things you might want to do for instance, use virtual credit cards. And we'll talk about those a little bit. As well, because I, I think this is very important. Hey, I want to remind everybody that I have started putting together some trainings. [00:53:12] You're going to get a little training at least once a week, and we're going to put all of that into. We have been calling our newsletter. I think we might change the name of it a little bit, but you'll be getting those every week. And the only way to get those is to be on that email list. Go to Craig peterson.com/subscribe. [00:53:35] Please do that right. I am not going to harass you. I'm not going to be one of those. And I've never been one of those internet. Marketers is sending you multiple dozens of emails a day, but I do want to keep you up to date. So stick around, we will be back here in just a couple of minutes. And of course you're listening to Craig Peterson. [00:53:59] And again, the website, Craig peterson.com stick around because we'll be right back. [00:54:05] One of the best ways to preserve your security on line is by using what we're calling burner identities, something that I've been doing for more than 30 years. We're going to talk more about how to do that right. [00:54:20] We've talked about email and how important that is. I want to talk now about fake identities. Now, a lot of people get worried about it. It sounds like it's something that might be kind of sketchy, but it is not to use fake identities in order to confuse the hackers in order to make it. So they really can't do the things that they. [00:54:46] To do they can't send you fishing ear emails, particularly spear phishing emails. That'll catch you off guard because you're using a fake. How do you do that? Well, I mentioned to you before that I have a thousands of fake identities that I created using census data. And I'm going to tell you how you can do it as well. [00:55:13] Right? There's a website out there called fake name a generator. You'll find it online@fakenamegenerator.com. I'm on that page right now. And I'm looking at a randomly generated identity. It has the option right on this page to specify the sex. And it says random by default, the name set, I chose American the country United States. [00:55:44] So it is applying both American and Hispanic names to this creative. And now remember it's doing the creation based on census data and some other public data, but it is not giving you one identity of any real. I think that's important to remember, and you're not going to use these identities for illegal purposes. [00:56:11] And that includes, obviously when you set up a bank account, you have to use your real name. However, you don't have to use your. If you will real email address, you can use things like simple login that will forward the email to you, but we'll let you know who was sent to. And if you only use that one email address for the bank, then you know that it came from the bank or the email address was stolen from the bank. [00:56:40] Right. All of that stuff. We've talked about that already. So in this case, The name has come up with for me is Maurice D St. George in Jacksonville, Florida even gives an address, uh, in this case it's 36 54 Willis avenue in Jacksonville, Florida. So if I go right now, Uh, two, I'm going to do use Google maps and I am going to put in that address. [00:57:11] Here we go. Jacksonville willows avenue, all the guests. What there is a Willis avenue in Jacksonville, and it's showing hoes from Google street view. Let me pull that up even bigger. And there it is. So ta-da, it looks like it gave me. Fairly real address. Now the address it gave me was 36 54, which does not exist. [00:57:40] There is a 365, but anyways, so it is a fake street address. So that's good to know some, if I were to use this, then I'm going to get my. Uh, my mail saying why about I pass? So, uh, Maurissa tells you what Maurice means, which is kind of neat. It'll give you a mother's maiden name. Gremillion is what a gave me here, a social security number. [00:58:06] So it creates one that passes what's called a check sum test. So that if you put it into a computer system, it's going to do a real quick check and say, yeah, it looks. To me. So it's was not just the right number of digits. It also passes the check, some tasks. Well-known how to do a check sum on their social security numbers. [00:58:27] So again, it's no big deal. And remember, you're not going to use this to defraud anyone. You're going to use this for websites that don't really need to know, kind of give me a break. Why do you need all this information? It gives me a phone number with the right area code. Uh, and so I'm going to go ahead and look up this phone number right now. [00:58:50] Remember, use duck, duck go. Some people will use Google search and it says the phone number gave me is a robo call. As I slide down, there's some complaints on that. Uh, so there you go. So they giving us a phone number that is not a real person's phone number, country code, of course one, cause I said United state birth date. [00:59:13] Oh, I was born October 7th, year, 2000. I'm 20 years old. And that means I'm a Libra. Hey, look at all this stuff. So it's giving me an email address, which is a real email address that you can click to activate or right there. Again, I mentioned the simple login.io earlier, but you can do a right here and it's got a username and created for me a password, which is actually a pretty deep. [00:59:41] The password. It's a random one, a website for me, my browser user agent, a MasterCard, a fake MasterCard number with an expiration and a CVC to code all of this stuff. My height is five six on kind of short for. Uh, my weight is 186 pounds own negative blood type ups tracking number Western union number MoneyGram number. [01:00:11] My favorite color is blue and I drive a 2004 Kia Sorento and it also has a unique ID. And, uh, you can use that wherever you want. So the reason I brought this up again, it's called fake name generator.com is when you are going to a website where there is no legal responsibility for you to tell them the true. [01:00:39] You can use this. And so I've, I've used it all over the place. For instance, get hub where you have, uh, it's a site that allows you to have software projects as you're developing software. So you can put stuff in, get hub. Well, they don't know to know, need to know who I really am. Now they have a credit card number for me. [01:01:01] Because I'm on a paid plan. I pay every month, but guess what? It isn't my real credit card number. It isn't the number that I got from fake name generator. My credit card company allows me to generate either a single use credit card numbers, or in this case, a credit card. Number four, get hub doc. So just as an example, that's how I use it. [01:01:24] So if get hub gets hacked, the hackers have an email address and a name that tipped me off right away, where this is coming from. And if the email didn't come from GitHub by no, they either sold my information to a marketing company, or this is a hacker. Trying to manipulate me through some form of his fishing scheme. [01:01:47] So I know you guys are the breasts and best and brightest. A lot of you understand what I'm talking about and I'm talking about how you can create a burner identity. And let me tell you, it is more important today to create a burner identity. Then it has ever been at any point in the past because frankly burner identities are one of the ways that you can really mess up some of the marketing firms out there that are trying to put the information together, these data aggregator companies, and also the hackers. [01:02:24] And it's really the hackers that were off up against here. And we're trying to prevent them from. Getting all of this information. So when we come back, I want to talk about the next step, which is which credit cards can you get? These single use card numbers from? Should you consider using PayPal when my Google voice be a really good alternative for you? [01:02:52] So we're going to get into all of that stuff. Stick around in the meantime, make sure you go to Craig peterson.com/subscribe. Get my newsletter. All of this. Is in there. It makes it simple. It's a simple thing to do. Craig peterson.com. And if you have any questions, just email me M e@craigpeterson.com. [01:03:20] Having your credit card stolen can be a real problem for any one of us. It gives the bad guys, a lot of options to spend a lot of money very quickly. We're going to talk right now about virtual credit cards. What are they, what does it mean? [01:03:37] Virtual credit cards come in two basic forms. [01:03:41] One is a single use credit card, which was quite popular back when these things first came out and another one is a virtual credit card that has either a specific life. In other words, it's only good for 30 days or that can be used until you cancel it. If you have a credit card, a visa, MasterCard, American express discover all of the major card issuers will give you the ability to reverse any charges that might come onto your cards. [01:04:19] If your card is stolen or missing. Now that makes it quite easy. Doesn't it? I want to point out that if you're using a debit card, as opposed to a credit card, there's not much challenging you can do with the credit card. You can say, I am not going to make my pain. And, uh, because of this, that, and the other thing, this was stolen, et cetera, they can file it as a disputed charge. [01:04:46] They can do an investigation find out. Yeah. I'm you probably were not at a bus terminal down in Mexico city, which happened to me. 'cause I was up here in New Hampshire, quite a ways down to Mexico city. And so they just reversed it out. That money never came out of my bank account because it was on a credit card. [01:05:08] If I were using a debit card. That money would have come right out of my account. Now, mind you, a bus ticket in Mexico city is not very expensive, but many people have had charges of many thousands of dollars. And if you need that money in your checking account, and you're using a debit card, you got a problem because your check for, well, if you ever have to pay rent again, red check is going. [01:05:38] Bound because they just empty it out to your bank account. So now you have to fight with the bank, get the money back. They will, they will eventually refund it, but it could make some of you. Transactions that you might've written a check or something, it'll make them bounce. And that could be a real problem. [01:05:57] These, it could make them bounce. So using a credit card is typically less of a hassle online. So why would you want to use a virtual card or also known as a master credit card? Masked and may S K E D? Well, the main reason behind this is to allow you. Control payment. I've used them. In fact, I use them exclusively on every website online. [01:06:29] And I'm going to tell you the names of some of them here in just a couple of minutes, but I use them all of the time. And part of the reason is let's say, I want to camp. Uh, service. Have you ever tried to cancel a service before and you have to call them many times, right. And so you're, you're arguing with somebody overseas somewhere who doesn't want you to close the account. [01:06:53] And of course the. Bump you up to the next level person who also doesn't want you to close the account. And so you have to fuss fuss, fuss, fuss. Have you ever had that experience and I'm sure you have. It just happens all the time. So with using the virtual credit card, Well, the advantage to me is, Hey, if you are going to try and fight with me, I don't care because I'm just going to cancel that credit card number. [01:07:24] So I don't have to cancel my credit card. I don't have to have the company reissue credit card for me. I don't have to do any of this sort of thing that makes my life pretty easy. Doesn't it? And so, because of that, I am now I think in a much better. Place, because it just, I don't have to fight with people anymore. [01:07:43] So that's one of the reasons I used it. The other big reason is if it gets stolen, they can cause less harm. Some of these credit card it's virtual credit cards are set up in such a way that you can limit the amount that's charged on them. Do you like that? So if you are using it on a site that maybe is charging you $50 a month, no problem. [01:08:09] $50 a month comes off of the credit card. And if someone tries to charge more bounces and then hopefully you find out, wait a minute, it just bounced on me right now. Then next step up is okay. It bounced and. Uh, I am just going to cancel the card and then you issue a new credit card number for that website. [01:08:32] So an example. In my case has get hub.com. We keep software up there and they charge me every month if get hub were to get hacked and that credit card number stolen I'm I really don't care because there's almost nothing that can happen. And if good hub doesn't properly cancel. My account, I can just cancel the credit card and, you know, let them come after me. [01:08:57] Right. This isn't going to happen. So then it's also called a master credit card number because it's a little safer than using your real credit card details. I also want to point out something about debit card. I went for years with no credit cards at all. Nowadays, many of my vendors will take a credit card for payment. [01:09:20] And in fact, give me a bit of a better deal. And then with the credit card, I can get 2% cash back, which I use to pay down the credit card. Right. It couldn't get any better than that, but when you're using a debit card, what I always. Is I had two accounts that I could transfer money between at the bank. [01:09:42] So I had one checking account. That was my main operating, if you will account. And then I had another checking account where I would be. Just moving money out of it. Or you could even do it with a savings account, but some banks, they only let you do so many transactions a month on a savings account. So the idea is I know that I have this much in credit card obligate while debit card obligations for this month, that money is going to be coming out. [01:10:11] So I make sure that. In the debit card account to cover the legitimate transactions I know are coming up and then I keep everything else in the other account. And then I manually transferred over every month. So that's how I dealt with the whole debit card thing. And it worked really well for me. Bottom line. [01:10:30] I think it's a really great. So there you go, who are the companies that you can use to do this? I've used some of these before all of them have worked really well. If you have a capital one credit card, they have something called Eno, E N O, and it's available to all capital one card. You know, even has an extension for your web browsers. [01:10:59] So if it notices you're on a webpage, it's asking for credit card number, it'll pop up and say, do you want me to create a credit card number or a virtual one for this websites you can make your payment. Does it get much easier than that? Citibank has something they call a virtual credit cards available to all Citibank card holders, master pass by MasterCard. [01:11:23] That's available to any MasterCard visa, American express discover Diner's club card holders, credit, debit, and prepaid cards by their way. So you might want to check that one out. Uh, yeah, so that's the only one I see on my list here. That will do it for debit cards, Masterpass by MasterCard American express checkouts, available to all American express card holders. [01:11:51] Chase pay available to all chase card holders, Wells Fargo, wallet, uh, visa checkouts, available to all visa, MasterCard, and American express and discover color card holders, credit and debit cards. Plus. Prepaid cards. Okay. So it does do the debit cards as well. Final that's all owned by Goldman Sachs and is not accepting any new applicants and entro pay. [01:12:19] Also not accepting new applicants. There's a couple online. You might also want to check out our Pyne. Premium Al buying. I'm buying a, B I N E blur premium. You might want to check that out as well. All right, everybody make sure you check me out. Craig peterson.com/subscribe. [01:12:43] We're going to wrap up how you should be using these burner identities of few more tips and tricks that are going to help keep you safe from the hackers that are out there. So here we go. [01:12:58] There are a lot of hackers out there. [01:13:01] The numbers are just astounding. The cost of these hackers coming in and stealing our information is just unbelievable. And it goes all the way from big corporations, from things like the colonial pipeline, the U S government all the way on down through you and me. I want to tell you a little story about a friend of mine. [01:13:28] He is about 75 years old and he supplements his income by driving for Uber eats and one other company. And so what he'll do is someone puts in an order for food somewhere. He'll go pick it up and then he'll drive it to where whoever wanted wanted, whoever ordered it. Now, there are. Pricing number of scams with this. [01:13:55] So he's very careful about some of that orders, a cookie, for instance, because it's usually a bit of a scam anyways, we won't get into those, but I'll tell you what happened to him. His information was stolen online as it was probably yours. Mine I know was as well. So it's all stolen. What do you do? While in his case, what ended up happening is they managed to get into his email account. [01:14:27] Once they're in his email account, they now had access to the emails he was getting from one of these companies. Now it wasn't the Uber eats guy. He was, there was another company. So let's just explain this a little bit. Uber eats sends him a request for him to go ahead and do a double. So, you know, go to the restaurant, pick it up and take it to this client's house. [01:14:54] And in order for him to register, he had to register an email address. Now, of course, he uses the same email address for everything, all of the. Now, personally, that drives me a little bit insane, but that's what he does. And he has just a few passwords. Now. He writes them down a little book and heaven forbid he ever lose the book so that he can remember them. [01:15:24] He just wants to keep his life simple. Right. He's 75. He's not technophobic, but you know, he's not up on all of this stuff. What he found was a paycheck didn't show. And it was an $800 paycheck. We're talking about real money that he should have had in his. It didn't show up. So he calls up the company and says what happened to my paycheck and their record show? [01:15:53] Yes, indeed. It had been paid. We paid you, we deposited right into your account. Just like you asked. Yeah. You know, ACH into the account. Great. Wonderful. What had happened is bad guys had gone, gained control of his email address and use that now. Because they figured, well, I see some emails in his account from this food delivery service, so, well, let's try and see if this email address that we're looking at right now. [01:16:26] All of his emails let's look and see. Okay. Yeah. Same. Email address and same password as a used ad at this email address. Yeah, it worked. Okay. Great. So now we have access to this guys food delivery account. So they changed. The bank account number now, easy enough to confirm, right. They change it and send you an email. [01:16:54] Hey, I want to make sure that it was you until the bad guys, the hackers click out, yada yada. Yeah, it was me and then delete the email. So he doesn't see it. And now his $800 paycheck. In fact, I think there were a couple of different checks is deposited directly into the bad guy's bank account and. The money of course is transferred out pretty quickly. [01:17:18] Now the, that guys, these hackers are using what are called mules. You might be familiar with that in the drug trade. They'll have a third party deliver the drugs just to mule. They don't know what all is going on. They probably know the delivering drugs in this case, most of the meals are useful idiots of which there are many in this country. [01:17:43] Unfortunate. Uh, political and otherwise. And these people are convinced that all they need to do is transfer the money into this account so that the hackers can then pull it out. And you know, now they're going to take care of their grandmother who is stuck in the hospital and they have no way to pay for it. [01:18:07] And they can't transfer the money out of the country during. That's one of the stories they use for people. And in many cases, these meals know what they're doing. The FBI earlier this year arrested a whole group of mules out in California that were purposefully transferring the money. They knew what they were doing. [01:18:28] So his money was now out of the country. No way to get it. And this food delivery company was not about to pay him. So it, isn't just the big guys it's you and me as well. So what I want to talk about right now is multi-factor authentication. Now. You guys are the best and brightest. I hope you understand this. [01:18:54] If you have questions, please reach out to me. I am more than

Hands on with the new AirPods 3rd generation; Amazon's new Omni series TV's; Instagram lets anyone post external web links; adding a verified vaccine card to Apple Wallet; new Wyze products; Cloudflare unveils family DNS for easy filtering; Lucid delivers its first electric cars; Tesla pushes a software update that turns its cars into streaming security cameras.Listeners ask how to erase personal information from CLEAR's database, if Apple will make a new iPod Touch; how to manage 60,000 photos on a phone, how to schedule a text message on iPhone, whether to wait until Black Friday to buy a new iMac and if Apple will make a 27-inch M1 iMac computer.LinksFollow Rich on social media!Hands on AirPods 3Amazon Omni TVsInstagram Stories web linksVaccine card Apple WalletRegistry of Verified SMART Health Card Issuers for VaccinationsNew Wyze productsCloudflare for familiesCircle parental controlsLucid first deliveriesTesla software updateMacRumors Buyer's GuideApple Education StoreSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Wondered how to migrate a 24/7 product to a serverless platform? We chat about initial user research, developing DevOps skills and the benefits of GDS's approach to this type of tech project.   --------- The transcript of the episode follows: Vanessa Schneider: Hello and welcome to the Government Digital Service podcast. My name is Vanessa Schneider and I am Senior Channels and Community Manager at GDS. Today, I am joined by Jonathan Harden, Senior Site Reliability Engineer, and Kat Stevens, Senior Developer and co-Tech Lead on GOV.UK Pay.   GDS has many products that rely on our expert site reliability engineers and their colleagues to maintain and improve their functionality. Such as GOV.UK Pay - one of GDS's common platforms that is used by more than 200 organisations across the UK public sector to take and process online payments from service users. Jonathan and Kat recently completed a crucial reliability engineering project to ensure that GOV.UK Pay continues to operate at the highest standards and provide a reliable service for public sector users and their service users.    We'll hear more about that in a moment, but to start off, can you please introduce yourself to our listeners? Kat, would you mind starting?   Kat Stevens:  Hi I'm Kat Stevens, I'm a Senior Developer on GOV.UK Pay. I've been working at GDS since 2017. And before that, I was a developer at start-ups and small companies.   As a co-Tech Lead on the migration team then, I'm kind of jointly responsible for making sure that our platform is running as it should be. That our team is working well together, that we're working on the right things and that we're, what we're working on is of a high quality, and is delivering value for our users. So it's like balancing that up with software engineering, making sure that you know, that we're being compliant. It's very important for Pay.  Software [laughs] engineering is so broad: there's like security, reliability, performance, all of those things. So yeah, it's kind of thinking about everything and---at a high level.   Vanessa Schneider:  I'm glad somebody's got a high level overview. Thanks, Kat. Jonathan, would you mind introducing yourself too?   Jonathan Harden:  Hi, I'm Jonathan Harden, and I am Senior Site Reliability Engineer on GOV.UK Pay. I've previously worked for a major UK mobile network operator, in the movie industry and for one of the UK's highest rated ISPs.   So all of GOV.UK Pay's services run, have to run somewhere. Being a Site Reliability Engineer means that I'm helping to build the infrastructure on which it runs, ensure that it is operating correctly and that we keep users' cardholder data safe and help the developers ease their development lifecycle into getting updates and changes out into the world.   Vanessa Schneider:  Hmm..exciting work. So you both worked on a site reliability project for GOV.UK Pay. Can you please, for the uninitiated, introduce our listeners to the project that you carried out?   Kat Stevens:  Yeah so recently, we finished migrating GOV.UK Pay to run on AWS Fargate. So previously Pay was running its applications on ECS EC2 instances on AWS. That's a lot of acronyms. But it basically means we were maintaining long-lived EC2 instances that were running our applications. And that incurred quite a high maintenance burden for the developers on our team. And we decided that we wanted to move to a serverless platform to kind of reduce that maintenance burden. And after researching a few options, we decided that Fargate was a good fit for Pay, and we spent a few months carefully moving our apps across to the Fargate platform whilst not having any downtime for our users, which is obviously quite important. Like Pay is a 24/7 service, so we wanted to make sure that our end users had no idea that this was happening.   Vanessa Schneider:  Jonathan, how did you contribute to this migration?   Jonathan Harden:  So obviously, I've only been here for three months, so and the project has been going on quite a lot longer than that. But this is the kind of task I've been involved with, uh, several times now in the last few years at different companies. And so when I joined GDS, it was suggested that I join this project on Pay because I'd be able to contribute really quickly and, and help with the kind of the, the long tail of this migration.   So a-anybody else that's been in an SR- that works in SRE capacity will know that when you do these kind of projects, you have like the bulk of the migration where you move your applications, like your frontend services that users actually see when they go to the website and the backend services that processes transactions. But then you also have a lot of supporting services around that. So you have services like: things that provide monitoring and alerting, infrastructure that provides where, where do these applications get stored when they're not in use and like where do you launch them from. And there was, there was still quite a bit of that to tie up at the end. And the team, it's quite a small team. As a lot of SRE and infrastructure teams do tend to be. And so when I started, I joined that team and I've been helping with the, the, these long tail parts of the migration. Like in a lot of software engineering, the bulk of the work is done very quickly and the long tail takes quite a bit of time. So, so that's the kind of work that I've been helping with in the last few months.   Vanessa Schneider:  Great. Kat, as co-Tech Lead, what was your involvement in the migration?   Kat Stevens:  Let's see where to start. So when I joined the Pay Team, which was around October  2020, we were in the early stages of the, of the project, so we'd made the decision that we needed to migrate and that involved things like analysing, like co-cost benefit things. I-It doesn't sound that exciting, but it was actually quite cool looking at all the different options. So, for example, it meant that we could keep some of our existing infrastructure. We wouldn't have to move our RDS instances for, for example. We could keep our existing security group, subnets - all that kind of glue that holds all the application, like infrastructure together.    Then there was quite a lot of planning of how we would actually do this, how we would roll out the migration application by application. We've got around a dozen microservices that we were going to move one by one. And figuring out what good looked like. How would we know that the migration is successful. How do we know whether to roll back a particular app.   So for the actual rollout of migrating sort of one application from EC2 to Fargate: we basically did DNS weighting. So we could have both run--versions of the app running alongside each other, and then you can have 5% of the traffic going to new apps, 95% to the old app. And you can gradually switch over that weighting and monitor whether there are any errors, whether like the traffic suddenly dips and things aren't getting through. So that was all part of the plannings. Like what, what stages would we reach to say like, that yes, we're confident that this change has been positive. And like having a whole, like overview view of what's happening when. Estimating things as well - that's alway, always pretty, [laughs] pretty difficult. But we, as the more apps we did, the quicker we went and we sped up on that. So that was good.   And yeah, there's a whole bunch of other things we, we had to get involved with over the last few months as well. So that's things like performance-testing the whole environment to, you know, we wanted to have confidence that the new platform would be able to handle like the high levels of traffic that we see on GOV.UK Pay. Also we wanted to look at how we would actually deploy these apps. Having more confidence in our deployments, moving to continuous deployment where possible. So while those things weren't like directly impacted by Fargate, doing this migration like gave us the opportunity to explore some of those other improvements that we could make. And yeah, I think we've really benefited.   Vanessa Schneider:  That makes sense, it's always nice to not just keep things ticking over, but making big improvements, that feels really rewarding, I think. Can you give us an impression of what the situation was before the migration maybe?   Kat Stevens:  On our previous infrastructure, we were running ECS tasks on EC2 launch types - so those are sort of, relatively long-lived instances that we had to provision, patch, maintain. And the developers on the, on the rest of the team, and I--we're not necessarily infrastructure specialists, but when developers on our support rota would end up spending sort of like maybe 5, 6, 7 hours a week just maintaining our EC2 instances, we kind of realised that something had to change [laughs]. And use it, moving to a serverless infrastructure, it's just completely removes that burden of having to provision and make, roll our AMIs, our machine images. We, that just doesn't happen anymore. And we've freed up our developers to work on features. And yeah, the, the infrastructure burden on Pay is just so much less.   Vanessa Schneider:  Oh, that sounds really helpful. I'm not sure if migrations are an every-day kind of job for site reliability engineers or software developers, so I was wondering if there's anything that stood out about this process, like an opportunity to use new tools, or a different way of working?   Jonathan Harden:  So yeah, it's fun to work with new tools. But there, there, you get to--part of working here, and something I've seen in the time I've been here already, is that we don't rush into those decisions. So it's perfectly possible to see the, the new hot thing in the industry and rush straight for that without a good understanding of what are the trade-offs here. Everything has some trade-offs. And here at GDS, what I've found personally is that we put a lot of effort into understanding what, what's involved in the change; what will the experience be like for - I mean, the customer experience, the user experience, people actually paying for services, that needs to remain rock solid the whole time - but what's the, what's the experience like for developers? So developers have a cycle. They, you know, they write code, they want to test that code somewhere, they want to get it approved and push it to production. And, and so right now, we're undergoing a process of replacing some of our deployment pipelines. And as part of that, we're, we're in the early stages of this, but we're doing real research into how will our change of that be for the developers. And there's something really, really, really rewarding about looking at the different options available, seeing what is the new, the newest cool things, are they where to go? Do you want to go to something a bit, a bit older and a bit more stable? Is there a happy medium? What will the experience for developers be like there? What will the maintenance burden be like?   And one of the things for me here is that I'm seeing that e-even down in the teams, it's, these decisions aren't being taken by somebody higher up saying: 'we're going to move to this thing, make it happen'. And instead we've, we're doing research down in the teams that are going to do the work, speaking to the developer-- we're going to be speaking to the developers and surveying all the developers about what do you want from not just the change to stay the same, but change to make an improvement. And it's really, it's exciting to work with the new tools and the new possibilities, and it's also exciting to be involved in making those decisions.   It marks quite, it was quite stark for me when I first started and I was told this, this major project is going on and it's likely to be 3 to 6 months before we start work, start work on doing it because we're doing the research up front and it's happening in the teams. People are spiking on cool things. Which means even if it's technology that you don't get to use eventually, or that you choose - not don't get to, but choose not to use eventually, you know, the teams are helping to make this choice. You get to try out a bunch of different technologies. And one of the great things with that GDS is there are different parts of GDS, and different parts of GDS are using the tooling that is suitable for their area, that makes their area best, work best. And that does mean that there's scope for if you decide I want to work on this other cool thing and this other team are working on it, you can move into one of the other teams and work on that new cool technology.   Kat Stevens:  I mean, I-I-I agree totally. I mean, one of the reasons I wanted to move to Pay was to get more experience working on the infrastructure side of things. On a previous teams it was more sort of stuff like cool software engineering. And on Pay, I've learnt more Terraform than I [laughs] ever thought was possible to know. And loads of other skills like: I've got so familiar with like all the, the intricacies of it as well. And kind of like sort of pushing it to its limits almost, and trying to get the best out of the tools for our, for our team and for our projects. And yeah, it's, it's, it's been really exciting. I mean, one of the new shiny tools that we've been looking at was cloud watch, and we use it for running our smoke tests now. And that was part of the, we kind of like rolled that into the, the Fargate migration project because it seems like a good way of us, like checking that our deployments were working correctly. It took a little bit of wrangling for it to get, fit that into our deployment pipeline. But, but it is really cool sort of like seeing the new thing just falling into place. And now it looks like some of the other teams are following us and using that, that tool as well. So it feels, it feels [laughs] quite nice to be a trailblazer.   Vanessa Schneider:  No pressure to get it right then [laughs]. What were some of the things on your mind when you were making those selections then?   Kat Stevens:  We wanted to make sure that we'd made the right decision. So we did spend a fair amount of time actually analysing all the options. In the end, we, we went with Fargate, purely because it meant that we could reuse some of our existing infrastructure.   Overall we kind of prioritised what was going to be the lowest risk in terms of how we were going to do the migration. Like would any sort of mi--you know, would we need any downtime; would this impact like our, our paying users; would it impact on like our service teams, the actual sort of government departments who use Pay; would it im-impact other developers who were actually trying to build new features. And if they've got a platform that's shifting underneath them, that's always going to be difficult. So we were really trying to go for an option that met our needs and like achieved our goals of reducing maintenance burden, saving costs as well, obviously. And yeah, [laughs] just making it, making like Pay an easy, you know, simpler and easier to be a developer on. And weighing that up with, you know, what, what's this like you know, new and shiny thing, like what's all this. Like you know, because there's so many tools out there. But if it's going to take us like a huge amount of effort to actually migrate to them, then I--is that benefit actually going to pay for itself or not? So we, we actually did quite a lot of the investigation analysis, a big spreadsheet [laughs] trying to calculate how much like developer time like in hours per week of what's being spent on infrastructure maintenance and kind of trying to estimate what-- how that would change when we moved.   Vanessa Schneider:  Cool, that sounds like the bigger picture view the co-Tech Lead would have of course. Jonathan, any, any benefits that stood out to you perhaps?   Jonathan Harden:  The, the process of trying these things is really interesting. One of the things that we do at GDS that is not something I've ever experienced elsewhere, I know it does happen elsewhere in the industry, but is, we have what I call firebreaks. So they're a gap between quarters. Now when I say quarters, we're not like planning so these 12 things will happen in the quarter. We are, like our team is running a full Kanban approach because we're an infrastructure team that do some support. And one of the things with those firebreaks is they're a week long. So I've worked lots of places where you do hack days and hack days are great but one day isn't really very much time to truly try something deeply. On the firebreak, you get the opportunity to work, to try something that might-- you know something's coming up. You know you're going to do this migration. You've got some thoughts about, 'ooh, there's this technology. I've heard it's great. I can give it a real try and I can prove to other people that this is something we should seriously consider, especially if it's really exciting for you'. Or you might use the opportunity as well to, to scratch an itch that's been bugging you.   So like I-I- just to give you an example of what: we've just had a firebreak. And during that firebreak, we saw several different versions of Terraform. For people that know Terraform, some of them were the versions that use the older version of the language - so HTL1 - and some of them with the version that used HTL2, and it means they're not very compatible. So I used that firebreak as an opportunity to upgrade all of our Terraform to get everything up to the very latest. And like that's really scratched an itch for me. And that's not necessarily super exciting for everybody, but for people that have to work on this day to day, it is very, very, very [laughs] exciting. And, but other people did spikes on trying out a whole deploy-- new type of deployment, which is part of what we're doing going forward. And I'm seeing across the other teams, the developer teams, people trying spikes from potential product features, it's very exciting to see those things happening in other teams and people really trying out, and not just a quick hack, but like really trying: 'can we get somewhere with this, and what's the opportunity for using this in the future?' And it's what people wanted to work on. And that's really, really, that was really exciting for me as, as a part of the research, like the ongoing research, the fact that they happen every quarter. It's very exciting.   Vanessa Schneider:  Kat, firebreaks - what's your opinion, are you a fan?   Kat Stevens: Obviously at GDS like our quarters like, you know, we do carry over work between quarters, but it is nice to have that, that week or so where you can just like think about something else. You can, it's, you can recharge, you can reset little bit, you can try something new. And having like the, like the support from senior management to do that as well and have that space to experiment and try out new things to fail as well, I think that's so important. And even if your product like, never makes it outside a firebreak, you can, it will stick in your memory. And so when 6 months later they say, 'oh, maybe we should try this' and you can actually say: 'that might be a disaster. I remember it from my firebreak' [laughs]. Or you've got that background knowledge to just give context on a wider discussion, perhaps. I think it's so useful.    And also it kind of gives you an opportunity to potentially collaborate with people who y-you don't normally work with or with people in different roles as well. So rather than just us working within the migration team or the feature teams, we can kind of chop and change. You can work with like User Researchers or Content Designers and do just the things you wouldn't normally do. And or even if you just need a little bit of time to do some housekeeping or tidy ups and stuff that's, like Jonathan said, is just scratching that itch. So I love, I love a firebreak.   Vanessa Schneider:  It sounds like the firebreaks have been really productive then - are there any other wins you can share from the migration as well perhaps?   Jonathan Harden:  One of the interesting things, for me one of the interesting things about working in Pay specifically in GDS, is that we have to maintain PCI compliance because we're taking payments. Now that's not something I'd ever done before coming into Pay. So the, the first thing I did in Pay was learn about PCI and spend some time learning about what it, what it means to be compliant. But part of that is called protective monitoring. So you have active scanning going on looking for 'is anything nefarious happening over here, has anything goes wrong over there'. And that means that you, people have to spend time responding to those reports. And those reports, you occasionally get a false positive. But spending all that time dealing with those reports and investigating them like that's, that's all been freed up now.   But that means we can focus on future improvements more. So we've, our, we have a new environment to test performance of the application in. W e're going through a process at the moment of making it so that that environment can appear when it needs to appear and go away when it doesn't need to be there. And that, of course means saving money, which you know, we work in the Civil Service, this is taxpayer money. This isn't like venture capital, it's the money that all of us pay in tax. And so it's like even more important to make sure that we're spending the right money. It's not to not spend money, it's to spend the right money and only the money that you need to spend. And so we're able to spend time making sure that we can have that environment scale itself down and scale itself back up and use that learning of scaling up and down those environments to start working on potentially auto-scaling the other environments so that they respond to meet demand instead of needing to be at the capacity for peak demand all the time.   This is, the-these are quite exciting things in themselves, but like we wouldn't have, we wouldn't necessarily have the time to do these smaller improvements that, you know, that will save money. They'll make a big difference in how much we spend.   Vanessa Schneider: What about you Kat, any thoughts?   Kat Stevens:  Yeah, so previously while the majority of our apps were running as tasks on EC2 instances, we did have a couple of Fargate apps running. And people were a bit nervous about updating them and deploying them. But now we are deploying to Fargate everywhere, suddenly, it doesn't seem so much of a big deal anymore. And so we've been able to kind of demystify some of those extra auxiliary apps. We've had really good feedback from the developer team saying like: 'this is great. We don't even have to, you know have like a, mental energy spent on worrying about this app anymore'. And that's kind of like the same for our other sort of, the, the bits and pieces that go under the radar. So this is something we're kind of looking at now is: how do we make sure our NginX proxies are patched and up to date and get deployed quickly, and it's not going to be a, a huge mental effort even [laughs] to kind of even think about how do we do this: 'we don't do this very often. Am I going to have to look this up again?' We can automate more of these processes and just have a more stable and reliable platform.   Vanessa Schneider:  It can be intimidating when you don't do a process frequently, just wanting to make sure you get everything exactly right, I think a lot of people can relate to that, but it's so good [laughs] everyone's confident now!   Kat Stevens:  Big factor but yes.   Vanessa Schneider:  So, obviously, Kat, you aren't a Site Reliability Engineer, but working on this project has given you the opportunity to upskill in the area. Is that right? Is that a common practise? Is it, is it normal for Software Developers to sort of take on a project like this to learn these things?    Kat Stevens:  It's interesting. I think the role of a Software Developer at GDS, it can be so broad. And there's so many different types of things you can work on. I was working on Python projects for a couple of years. And I've sort of like, dipping my toes into a bit of Ruby and bit of JavaScript. And...but, but the previous team I was working on, the infrastructure was very stable and there, there wasn't really any, a huge need to like revamp it or do any major bits of work on it. So while there was a couple of bits and pieces ad-hoc here and there, it kind of felt like the, the infrastructure side of the whole software engineering ecosystem, [laughs] for want of a better word, the, the, the infrastructure side of it was, was a gap in my knowledge. And so it's been really good to be able to move to Pay and like roll up my sleeves and get stuck in and you know like, figure out all these IAM permissions, what, what needs to be done where and actually sort of like get, getting that experience in like lifting the hood and seeing what's powering the, the actual software underneath. And almost like going down through the layers and yeah, [laughs] it's been, it's been really eye-opening actually. Like...previously, I would have never described myself as doing any sort of DevOps side of things, and I was actually quite like scared of Bash scripts. And now they are, yeah, well, I wouldn't say second nature, but they're not so scary anymore [laughs].   Vanessa Schneider:  That's a great outcome in my books. Jonathan, is it common practise to have somebody come in like that for you? I mean, obviously you've not been at GDS for a long time, but I was just wondering how this compares to the private sector.   Jonathan Harden:  So lots of people want to be a Site Reliability Engineer, it's a very kind of hot field. It's a very cool area to work in. And I don't just mean across the industry. I mean, I think that's a, I really, really like this role. I've put on many hats over my career and this is the one I'm enjoying the most by a long way. But, so in a previous company, I was like leading a team of infras-- there we were calling ourselves Infrastructure Engineers, but we were hiring Site Reliability Engineers. And actually, we found that it, it was, in some ways it was better to have a more diverse team in previous role as well. I mean, like, I always believe it's better to have a diverse team anyway in all aspects. But having people from a software engineering background and people from a systems administration background, like a traditional SysAdmin background, bringing those people together, especially if you've got one or two experienced Site Reliability Engineers already, works really, really well. People want to upskill into this area. Upskill isn't even necessarily the right word. People want to move into this area. It's not that it's an upskill, it's, it's, it's sideways. It's a different kind of role. And it means that they're very enthusiastic and they really want to learn these things and they want to demystify the scary things like Kat was talking about. So me personally, I've been, she mentioned Bash, I've been using Bash for many, many, many years [laughs] since about 2001, I think something like that. So that's not scary for me, but for people who haven't worked with it, I can help them with, like you know, I can help people and I can mentor them and I can show them good practises are.   Vanessa Schneider:  I don't think I've heard a better recommendation for folks to become site reliability engineers - keep an eye out on our vacancies as there are continuously opportunities at GDS to work on exciting projects like this migration, or broaden your skill sets. But just to recap, would you say there's anything you're particularly proud of as a result of this migration?   Kat Stevens:  The--like the actual how we did the rollout itself like with zero downtime. I thought that was pretty cool. But also maybe kind of like in the ways that we actually worked as a team around it as well because it was quite a long running project. And I think there's some interesting parts about how we like re-reassured ourselves that we were doing the right thing. Like, you know, regular retrospectives, firebreaks like we've mentioned, like how we dealt with unexpected work coming along because [laughs] as well as being like the migration team, we are also kind of the infrastructure team. So any kind of unexpected bits and pieces that came up, it would be our team that, we would have to like temporarily pause the migration work and pick up you know, whatever it was. So how we responded to that and you know how we communicated with each other, I-I think that's kind of a whole, a whole other podcast in itself almost.   Vanessa Schneider:  It sounds like there is an amazing community that you can tap into to keep up to date, make sure that work isn't being duplicated. And clearly there's a lot to be proud of regarding the product performance.    Jonathan Harden:  Yeah, so something that I found a little different here from other places I've worked, even larger organisations, that actually really helps with the sharing of information: so we, we have various like show and tell type catch-up meetings but for a wider than just your small area of the, of the business. So we have a catch up every week amongst all the infrastructure people. And there we all talk about what are we working on right now; like what things are we looking at in the future; are there challenges that you faced; how is the business as usual stuff going in your area. And conversations often come out of that into: 'oh, you're trying out this new technology?' Or you might, because we have it every week, you might mention like: 'oh we're starting to look at this thing' and you'll hear other people's opinions on either the thing you're trying or what you're aiming at or what they've done.   So we, I was mentioning we're doing this tuning our deployment pipelines, so we have a-a few peo-teams are all doing that as well. And so we have a channel where we're talking about that. And as people are trying things, they're putting in that channel like what they're trying, how it's going, like what the challenges they faced are and, you know, asking for help as well: have other people tried this; what, did you manage to solve this issue or that issue. And I really feel like the collaboration across parts of GDS and the wider Cabinet Office is, is really, really good. within the infrastructure side, it's really good. There's definitely like beyond the infrastructure I do attend, we do have show and tells where people get to show like the thing they're working on that's not just infrastructure related, and that's been, that's really good as well for just understanding like the wider landscape of what's happening across Cabinet Office. And that's that's really, they're really helpful to communicate those things and to work out: 'are we working on the same thing'; 'are you about to start working on the thing that I'm working on'; 'have you already done this and can you give me some pointers'. And that's really good.   Vanessa Schneider:  Yeah, it's nice that you've had the opportunity to share your learnings with the community. Do you have any, maybe, more personal reflections on this work perhaps?   Jonathan Harden:  Yeah. So working at the Cabinet Office, it's the first time I've worked for the Civil Service and I'm very aware it's, it's different than the other roles that I've had because I'm like, I feel like I'm kind of helping wider society. We all have to pay the government for all sorts of things. And Pay supports many different services, including - on a previous version of the GDS podcast, you talk to some of the product people from Pay, and I listened to that before I joined Pay, before I joined GDS, and it was really interesting to hear the esoteric services that we have - but of course we have some, we have some bigger services as well and other government departments coming online all the time. And knowing that the infrastructure we're working on supports the ability for the public to pay things that they need to pay to the government or they want to pay, you know, they, like you said, they might be buying a fishing licence or something like that. And that's, knowing that we make it easier for people to do that and that it's done in a way that focuses on the accessibility of the service so any member of the public can try and pay through us and will have, not reach barriers like their screen reader software can't work with the service.    These are, knowing that I'm giving this back as part of my role, it makes a big difference to me as an Engineer. It's, it's, it's kind of the first, one of the first times where I've not have some kind of crisis around like, 'oh, am I giving back to society, wider society?'. And now I really feel like I am. And that's a real big part of what's making me so happy here among working on a fantastic team and a great org, and on cool technology, of course.   Vanessa Schneider:  That's so lovely to hear, Jonathan, [laughs] thank you for sharing. If you are similarly minded and want to try and help wider society, do keep an eye on our careers page. That's: GDS careers dot gov dot uk [gdscareer.gov.uk] for openings. It could be in site reliability engineering, it could be general software developer, it could be very different, but we're always looking for new folks to join us and bring their perspective into the organisation.    Thank you to Jonathan and Kat for joining me on the episode. If you like it, you can listen to all other episodes of the Government Digital Service Podcast, like Jonathan has, on Spotify, Apple Podcasts and all other major podcast platforms, and the transcripts are also available on PodBean.    Goodbye.   Jonathan Harden:  Toodelo.   Kat Stevens:  Goodbye!

About MarkMark loves to teach and code.He is an award winning university instructor and engineer. He comes with a passion for creating meaningful learning experiences. With over a decade of developing solutions across the tech stack, speaking at conferences and mentoring developers he is excited to continue to make an impact in tech. Lately, Mark has been spending time as a Developer Relations Engineer on the Angular Team.Links:Twitter: https://twitter.com/marktechson TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at Vultr. Spelled V-U-L-T-R because they're all about helping save money, including on things like, you know, vowels. So, what they do is they are a cloud provider that provides surprisingly high performance cloud compute at a price that—while sure they claim its better than AWS pricing—and when they say that they mean it is less money. Sure, I don't dispute that but what I find interesting is that it's predictable. They tell you in advance on a monthly basis what it's going to going to cost. They have a bunch of advanced networking features. They have nineteen global locations and scale things elastically. Not to be confused with openly, because apparently elastic and open can mean the same thing sometimes. They have had over a million users. Deployments take less that sixty seconds across twelve pre-selected operating systems. Or, if you're one of those nutters like me, you can bring your own ISO and install basically any operating system you want. Starting with pricing as low as $2.50 a month for Vultr cloud compute they have plans for developers and businesses of all sizes, except maybe Amazon, who stubbornly insists on having something to scale all on their own. Try Vultr today for free by visiting: vultr.com/screaming, and you'll receive a $100 in credit. Thats v-u-l-t-r.com slash screaming.Corey: This episode is sponsored in part by something new. Cloud Academy is a training platform built on two primary goals. Having the highest quality content in tech and cloud skills, and building a good community the is rich and full of IT and engineering professionals. You wouldn't think those things go together, but sometimes they do. Its both useful for individuals and large enterprises, but here's what makes it new. I don't use that term lightly. Cloud Academy invites you to showcase just how good your AWS skills are. For the next four weeks you'll have a chance to prove yourself. Compete in four unique lab challenges, where they'll be awarding more than $2000 in cash and prizes. I'm not kidding, first place is a thousand bucks. Pre-register for the first challenge now, one that I picked out myself on Amazon SNS image resizing, by visiting cloudacademy.com/corey. C-O-R-E-Y. That's cloudacademy.com/corey. We're gonna have some fun with this one!Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Anyone who has the misfortune to follow me on Twitter is fairly well aware that I am many things: I'm loud, obnoxious, but snarky is most commonly the term applied to me. I've often wondered, what does the exact opposite of someone who is unrelentingly negative about things in cloud look like? I'm here to answer that question is lightness and happiness and friendliness on Twitter, personified. His Twitter name is @marktechson. My guest today is Mark Thompson, developer relations engineer at Google. Mark, thank you for joining me.Mark: Oh, I'm so happy to be here. I really appreciate you inviting me. Thanks.Corey: Oh, by all means. I'm glad we're doing these recordings remotely because I strongly suspect, just based upon the joy and the happiness and the uplifting aspects of what it is that you espouse online that if we ever shook hands, we'd explode as we mutually annihilate each other like matter and antimatter combining.Mark: Feels right. [laugh].Corey: So, let's start with the day job; seems like the easy direction to go in. You're a developer relations engineer. Now, I've heard of developer advocates, I've heard of the DevRel term, a lot of them get very upset when I refer to them as ‘devrelopers', but that's the game that we play with language. What is the developer relations engineer?Mark: So, I describe my job this way: I like to help external communities with our products. I work on the Angular team, so I like to help our external communities but then I also like to work with our internal team to help improve our product. So, I see it as helping as a platform, as a developer relations engineer. But the engineer part is, I think, is important here because, at Google, we still do coding and we still write things; I'm going to contribute to the Angular platform itself versus just only giving talks or only writing blog posts to creating content, they still want us to do things like solve problems with the platform as well.Corey: So, this is where my complete and abject lack of understanding of the JavaScript ecosystem enters the conversation. Let's be clear here, first let me check my assumptions. Angular is a JavaScript framework, correct?Mark: Technically a TypeScript framework, but you could say JavaScript.Corey: Cool. Okay, again, this is not me setting you up for a joke or anything like that. I try to keep my snark to Twitter, not podcast because that tends to turn an awful lot into me berating people, which I try to reserve for those who really have earned it; they generally have the word chief somewhere in their job title. So, I'm familiar with sort of an evolution of the startups that I worked at where Backbone was all the rage, followed by, “Oh, you should never use Backbone. You should be using Angular instead.”And then I sort of—like, that was the big argument the last time I worked in an environment like that. And then I see things like View and React and several other things. At some point, it seems like, pick a random name out of the air; if it's not going to be a framework, it's going to be a Pokemon. What is the distinguishing characteristic or characteristics of Angular?Mark: I like to describe Angular to people is that the value-add is going to be some really incredible developer ergonomics. And when I say that I'm thinking about the tooling. So, we put a lot of work into making sure that the tooling is really strong for developers, where you can jump in, you can get started and be productive. Then I think about scale, and how your application runs at scale, and how it works at scale for your teams. So, scale becomes a big part of the story that I tell, as well, for Angular.Corey: You spend an awful lot of time telling stories about Angular. I'm assuming most of them are true because people don't usually knowingly last very long in this industry when they just get up on stage and tell lies, other than, “This is how we do it in our company,” which is the aspirational conference-ware that we all wish we ran. You're also, according to your bio, which of course, is always in the [show notes 00:04:16], you're an award-winning university instructor. Now, award-winning—great. For someone who struggled mightily in academia, I don't know much about that world. What is it that you teach? How does being a university instructor work? I imagine it's not like most other jobs where you wind up showing up, solving algorithms on a whiteboard, and they say, “Great, can you start tomorrow?”Mark: Sure. So, when I was teaching at university, what I was teaching was mostly coding bootcamps. So, some universities have coding bootcamps that they run themselves. And so I was a part of some instructional teams that work in the university. And that's how I won the Teaching Excellence Award. So, the award that I won actually was the Distinguished Teaching Excellence Award, based on my performance at work when I was teaching at university.Corey: I want to be clear here, it's almost enough to make someone question whether you really were involved there because the first university, according to your background that you worked on was Northwestern, but then it was through the Harvard Extension School, and I was under the impression that doing anything involving Harvard was the exact opposite of an NDA, where you're contractually bound to mention that, “Oh, I was involved with Harvard in the following way,” at least three times at any given conversation. Can you tell I spent a lot of time dealing with Harvard grads?Mark: [laugh]. Yeah, Harvard is weird like that, where people who've worked there or gone there, it comes up as a first thing. But I'll tell the story about it if someone asks me, but I just like to talk about univer—that's why I say ‘university,' right? I don't say, “Oh, I won an award at Northwestern.” I just say, “University award-winning instructor.”The reason I say even the ‘award-winning', that part is important for credibility, specifically. It's like, hey, if I said I'm going to teach you something, I want you to know that you're in really good hands, and that I'm really going to do my best to help you. That's why I mention that a lot.Corey: I'll take that even one step further, and please don't take this as in any way me casting aspersions on some of your colleagues, but very often working at Google has felt an awful lot like that in some respects. I've never seen you do it. You've never had to establish your bona fides in a conversation that I've seen by saying, “Well, at Google this is how we do it.” Because that's a logical fallacy of appeal to authority in many respects. Yeah, I'm sure you do a lot of things at Google at a multinational trillion-dollar company that if I'm founding a four-person startup called Twitter for Pets might not necessarily be the same constraints that I'm faced with.I'm keenly appreciative folks who recognize that distinction and don't try and turn it into something else. We see it with founders, too, “Oh, we're a small scrappy startup and our founders used to work at Google.” And it's, “Hmm, I'm wondering if the corporate culture at a small startup might be slightly different these days.” I get it. It does resonate and it carries weight. I just wonder if that's one of those unexamined things that maybe it's time to dive into a bit more.Mark: Hmm. So, what's funny about that is—so people will ask me, what do I do? And it really depends on context. And I'll usually say, “Oh, I work for a company on the West Coast,” or, “For a tech company on the West Coast.” I'll just say that first.Because what I really want to do is turn the conversation back to the person I'm talking to, so here's where that unrelenting positivity kind of comes in because I'm looking at ways, how can I help boost you up? So first, I want to hear more about you. So, I'll kind of like—I won't shrink myself, but I'll just be kind of vague about things so I could hear more about you so we're not focused on me. In this case, I guess we are because I'm the guest, but in a normal conversation, that's what I would try to do.Corey: So, we've talked about JavaScript a little bit. We've talked about university a smidgen. Now, let me complete the trifecta of things that I know absolutely nothing about, specifically positivity on Twitter. You have been described to me as the mayor of wholesome Twitter. What is that about?Mark: All right, so let me be really upfront about this. This is not about toxic positivity. We got to get that out in the open first, before I say anything else because I think that people can hear that and start to immediately think, “Oh, this guy is just, you know, toxic positivity where no matter what's happening, he's going to be happy.” That is not the same thing. That is not the same thing at all.So, here's what I think is really interesting. Online, and as you know, as a person on Twitter, there's so many people out there doing damage and saying hurtful things. And I'm not talking about responding to someone who's being hurtful by being hurtful. I mean the people who are constantly harassing women online, or our non-binary friends, people who are constantly calling into question somebody's credibility because of, oh, they went to a coding bootcamp or they came from self-taught. All these types of ways to be really just harmful on Twitter.I wanted to start adding some other perspective of the positivity side of just being focused on value-add in our interactions. Can I craft this narrative, this world, where when we meet, we're both better off because of it, right? You feel good, I feel good, and we had a really good time. If we meet and you're having a bad time, at least you know that I care about you. I didn't fix you. I didn't, like, remove the issue, but you know that somebody cares about you. So, that's what I think wholesome positivity comes into play is because I want to be that force online. Because we already have plenty of the other side.Corey: It's easy for folks who are casual observers of my Twitter nonsense to figure, “Oh, he's snarky and he's being clever and witty and making fun of big companies”—which I do–And they tend to shorthand that sometimes to, “Oh, great. He's going to start dunking on people, too.” And I try mightily to avoid that it's punch up, never down.Mark: Mm-hm.Corey: I understand there's a school of thought that you should never be punching at all, which I get. I'm broken in many ways that apparently are entertaining, so we're going to roll with that. But the thing that incenses me the most—on Twitter in my case—is when I'll have something that I'll put out there that's ideally funny or engaging and people like it and it spreads beyond my circle, and then you just have the worst people on the internet see that and figure, “Oh, that's snarky and incisive. Ah, I'm like that too. This is my people.”I assure you, I am not your people when that is your approach to life. Get out of here. And curating the people who follow and engage with you on Twitter can be a full-time job. But oh man, if I wind up retweeting someone, and that act brings someone who's basically a jackwagon into the conversation, it's no. No-no-no.I'm not on Twitter to actively make things worse unless you're in charge of cloud pricing, in which case yes, I am very much there to make your day worse. But it's, “Be the change you want to see in the world,” and lifting people up is always more interesting to me than tearing people down.Mark: A thousand percent. So, here's what I want to say about that is, I think, punching up is fine. I don't like to moderate other people's behavior either, though. So, if you'd like punching up, I think it'd be funny. I laugh at jokes that people make.Now, is it what I'll do? Probably not because I haven't figured out a good way for me to do it that still goes along my core values. But I will call out stuff. Like if there's a big company that's doing something that's pretty messed up, I feel comfortable calling things out. Or when drama happens and people are attacking someone, I have no problem with just be like, “Listen, this person is a stand-up person.”Putting myself kind of like… just kind of on the front line with that other person. Hey, look, this person is being attacked right now. That person is stand-up, so if you got a problem them, you got a problem with me. That's not the same thing as being negative, though. That's not the same thing as punching down or harming people.And I think that's where—like I say, people kind of get that part confused when they think that being kind to people is a sign of weakness, which is—it takes more strength for me to be kind to people who may or may not deserve it, by societal standards. That I'll try to understand you, even though you've been a jerk right now.Corey: Twitter excels at fomenting outrage, and it does it by distancing us from being able to easily remember there's a person on the other side of these things. It is ways you're going to yell at someone, even my business partner in a text message. Whenever we start having conversations that get a little heated—which it happens; business partnership is like a marriage—it's oh, I should pick up the phone and call him rather than sending things that stick around forever, that don't reflect the context of the time, and five years later when I see it, I feel ashamed." I'm not here to advocate for other people doing things on Twitter the way that I do because what I do is clever, but the failure mode of clever in my case is being a complete jerk, and I've made that mistake a lot when I was learning to do it when my audience was much smaller, and I hurt people. And whenever I discovered that that is what happened, I went out of my way, and still do, to apologize profusely.I've gotten relatively good at having to do less of those apologies on an ongoing basis, but very often people see what I'm doing and try to imitate what they're seeing; it just comes off as mean. And that's not acceptable. That's not something that I want to see more of in the world. So, those are my failure modes. I have to imagine the only real failure mode that you would encounter with positivity is inadvertently lifting someone up who turns out to be a trash goblin.Mark: [laugh]. That and I think coming off as insincere. Because if someone is always positive or a majority of the time, positive, if I say something to you, and you don't know me that actually mean it, sincerity is incredibly hard to get over text. So, if I congratulate you on your job, you might be like, “Oh, he's just saying that for attention for himself because now he's being the nice guy again.” But sincerity is really, really hard to convey, so that's one of the failure modes is like I said, being sincere.And then lifting up people who don't deserve to be lifted up, yeah, that's happened before where I've engaged with people or shared some of their stuff in an effort to boost them, and find out, like you said, legit trash goblin, like, their home address is under a bridge because they're a troll. Like, real bad stuff. And then you have back off of that endorsement that you didn't know. And people will DM you, like, “Hey, I see that you follow this person. That person is a really bad person. Look at what they're saying right now.” I'm like, “Well, damn, I didn't know it was bad like that.”Corey: I've had that on the podcast, too, where I'll have a conversation with someone and then a year or so later, they'll wind up doing something horrifying, or something comes to light and the rest, and occasionally people will ask, “So, why did you have that person on this show?” It's yeah, it turns out that when we're having a conversation, that somehow didn't come up because as I'm getting background on people and understanding who they are and what they're about in the intake questionnaire, there is not a separate field for, “Are you terrible to women?” Maybe there should be, but that's something that it's—you don't see it. And that makes it easy to think that it's not there until you start listening more than you speak, and start hearing other people's stories about it. This is the challenge.As much as I aspire at times to be more positive and lift folks up, this is the challenge of social media as it stands now. I had a tweet the other day about a service that AWS had released with the comment that this is fantastic and the team that built it should be proud. And yeah, that got a bit of engagement. People liked it. I'm sure it was passed around internally, “Yay, the jerk liked something.” Fine.A month ago, they launched a different service, and my comment was just distilled down to, “This is molten garbage.” And that went around the tech internet three times. When you're positive, it's one of those, “Oh, great. Yeah, that's awesome.” Whereas when I savage things, it's, “Hey, he's doing it again. Come and look at the bodies.” Effectively the rubbernecking thing. “There's been a terrible accident, let's go gawk at it.”Mark: Right.Corey: And I don't quite know what to do with that because it leads to the mistaken and lopsided impression that I only ever hate things and I don't think that a lot of stuff is done well. And that's very much not the case. It doesn't restrict itself to AWS either. I'm increasingly impressed by a lot of what I'm seeing out of Google Cloud. You want to talk about objectivity, I feel the same way about Oracle Cloud.Dunking on Oracle was a sport for me for a long time, but a lot of what they're doing on a technical and on a customer-approach basis in the cloud group is notable. I like it. I've been saying that for a couple of years. And I'm gratified the response from the audience seems to at least be that no one's calling me a shill. They're saying, “Oh, if you say it, it's got to be true.” It's, “Yes. Finally, I have a reputation for authenticity.” Which is great, but that's the reason I do a lot of the stuff that I do.Mark: That is a tough place to be in. So, Twitter itself is an anomaly in terms of what's going to get engagement and what isn't. Sometimes I'll tweet something that at least I think is super clever, and I'm like, “Oh, yeah. This is meaningful, sincere, clever, positive. This is about to go bananas.” And then it'll go nowhere.And then I'll tweet that I was feeling a depression coming on and that'll get a lot of engagement. Now, I'm not saying that's a bad thing. It's just, it's never what I think. I thought that the depression tweet was not going to go anywhere. I thought that one was going to be like, kind of fade into the ether, and then that is the one that gets all the engagement.And then the one about something great that I want to share, or lifting somebody else up, or celebrating somebody that doesn't go anywhere. So, it's just really hard to predict what people are going to really engage with and what's going to ring true for them.Corey: Oh, I never have any idea of how jokes are going to land on Twitter. And in the before times, I had the same type of challenge with jokes in conference talks, where there's a joke that I'll put in there that I think is going to go super well, and the audience just sits there and stares. That's okay. My jokes are for me, but after the third time trying it with different audiences and no one laughs, okay, I should keep it to myself, then. Other times just a random throwaway comment, and I find it quoted in the newspaper almost. And it's, “Oh, okay.”Mark: [laugh].Corey: You can never tell what's going to hit and what isn't.Mark: Can we talk about that though? Like—Corey: Oh, sure.Mark: Conference talking?Corey: Oh, my God, no.Mark: Conference speaking, and just how, like—I remember one time I was keynoting—well I was emceeing and I had the opening monologue. And so [crosstalk 00:17:45]—Corey: We call that a keynote. It's fine. It is—I absolutely upgrade it because people know what you're talking about when you say, “I keynoted the thing.” Do it. Own it.Mark: Yeah.Corey: It's yours.Corey: So, I was emcee and then I did the keynote. And so during the keynote rehearsals—and this is for all the academia, right, so all these different university deans, et cetera. So, in the practice, I'm telling this joke, and it is landing, everybody's laughing, blah, blah, blah. And then I get in there, and it was crickets. And in that moment, you want to panic because you're like, “Holy crap, what do I do because I was expecting to be able to ride the wave of the laughter into my next segment,” and now it's dead silent. And then just that ability to have to be quick on your feet and not let it slow you down is just really hard.Corey: This episode is sponsored by our friends at Oracle HeatWave is a new high-performance accelerator for the Oracle MySQL Database Service. Although I insist on calling it “my squirrel.” While MySQL has long been the worlds most popular open source database, shifting from transacting to analytics required way too much overhead and, ya know, work. With HeatWave you can run your OLTP and OLAP, don't ask me to ever say those acronyms again, workloads directly from your MySQL database and eliminate the time consuming data movement and integration work, while also performing 1100X faster than Amazon Aurora, and 2.5X faster than Amazon Redshift, at a third of the cost. My thanks again to Oracle Cloud for sponsoring this ridiculous nonsense.Corey: It's a challenge. It turns out that there are a number of skills that are aligned but are not the same when it comes to conference talks, and I think that is something that is not super well understood. There's the idea of, “I can get on stage in front of a bunch of people with a few loose talking points, and just riff,” that sort of an improv approach. There's the idea of, “Oh, I can get on stage with prepared slides and have presenter notes and have a whole direction and theme of what I'm doing,” that's something else entirely. But now we're doing video and the energy is completely different.I've presented live on video, I've done pre-recorded video, but in either case, you're effectively talking to the camera and there is no crowd feedback. So, especially if you'd lean on jokes like I tend to, you can't do a cheesy laugh track as an insert, other than maybe once as its own joke. You have to make sure that you can resonate and engage with folks, but there are no subtle cues from the audience like half the front row getting up and walking out. You have to figure out what it is that resonates, what it is that doesn't, why people should care. And of course, distinguishing and differentiating between this video that you're watching now and the last five Zoom meetings that you've been on that look an awful lot the same; why should you care about this talk?Mark: The hardest thing to do. I think speaking remotely became such a big challenge. So, over time it became a little easier because I found some of the value in it, but it was still much harder because of all the things that you said. What became easier was that I didn't have to go to a place. That was easier.So, I could take three different conference talks in a day for three different organizations. So, that was easier. But what was harder, just like you said, not being able to have that energy of the crowd to know when you're on point because you look for that person in the audience who's nodding in agreement, or the person who's shaking their head furiously, like, “Oh, this is all wrong.” So, you might need to clarify or slow down or—you lose all your cues, and that's just really, really hard. And I really don't like doing video pre-recorded talks because those take more energy for me than they do the even live virtual because I have to edit it and I have to make sure that take was right because I can't say, “Oh, excuse me. Well, I meant to say this.”And I guess I could leave that in there, but I'm too much of a—I love public speaking, so I put so much pressure on myself to be the best version of myself at every opportunity when I'm doing public speaking. And I think that's what makes it hard.Corey: Oh, yeah. Then you add podcasts into the mix, like this one, and it changes the entire approach. If I stumble over my words in the middle of a sentence that I've done a couple of times already, on this very show, I will stop and repeat myself because it's easier to just cut that out in post, and it sounds much more natural. They'll take out ums, ahs, stutters, and the rest. Live, you have to respond to that very differently, but pre-recorded video has something of the same problem because, okay, the audio you can cut super easily.With video, you have to sort of a smear, and it's obvious when people know what they're looking at. And, “Wait, what was that? That was odd. They blew a take.” You can cheat, which is what I tend to do, and oh, I wind up doing a bunch of slides in some of my talks because every slide transition is an excuse to cut because suddenly for a split second I'm not on the camera and we can do all kinds of fun things.But it's all these little things, and part of the problem, too, with the pandemic was, we suddenly had to learn how to be A/V folks when previously we had the good fortune slash good sense to work with people who are specialist experts in this space. Now it's, “Well, I guess I am the best boy grip today,” whate—I'm learning what that means [laugh] as we—Mark: That's right.Corey: —continue onward. Ugh. I never signed up for this, but it's the thing that happens to you instead of what you plan on. I think that's called life.Mark: Feels right. Feels right, yeah. It's just one of those things. And I'm looking forward to the time after this, when we do get back to in-person talks, and we do get to do some things. So, I have a lot of hot takes around speaking. So, I came up in Toastmasters. Are you familiar with Toastmasters at all?Corey: I very much am.Mark: Oh, yeah. Okay, so I came up in Toastmasters, and for people at home who don't know, it's kind of like a meetup where you go and you actually practice public speaking, based on these props, et cetera. For me, I learned to do things like not say ‘um' and ‘ah' on stage because there's someone in the room counting every time you do it, and then when you get that review at the end when they give you your feedback, they'll call that out. Or when you say ‘like you know,' or too many ‘and so', all these little—I think the word is disfluencies that you use that people say make you sound more natural, those are things that were coached out with me for public speaking. I just don't do those things anymore, and I feel like there are ways for you not to do it.And I tweeted that before, that you shouldn't say ‘um' and ‘ah' and have someone tell me, “Oh, no, they're a natural part of language.” And then, “It's not natural and it could freak people out.” And I was like, “Okay. I mean, you have your opinion about that.” Like, that's fine, but it's just a hot take that I had about speaking.I think that you should do lots of things when you speak. The rate that you walk back and forth, or should you be static? How much should be on your slides? People put a lot of stuff on slides, I'm like, “I don't want to read your slides. I'd rather listen to you use your slides.” I mean, I can go on and on. We should have another podcast called, “Hey, Mark talks about public speaking,” because that is one of my jams. That and supporting people who come from different paths. Those two things, I can go on for hours about.Corey: And they're aligned in a lot of respects. I agree with you on the public speaking. Focusing on the things that make you a better speaker are not that hard in most cases, but it's being aware of what you're doing. I thought I was a pretty good speaker when I had a coach for a little while, and she would stand there, “Give just the first minute of your talk.” And she's there and writing down notes; I get a minute in and it's like, “Okay, I can't wait to see what she doesn't like once I get started.” She's like, “Nope. I have plenty. That will cover us for the next six weeks.” Like, “O…kay? I guess she doesn't know what she's doing.”Spoiler she did, in fact, know what she was doing and was very good at it and my talks are better for it as a result. But it comes down to practicing. I didn't have a thing like Toastmasters when I was learning to speak to other folks. I just did it by getting it wrong a lot of times. I would speak to small groups repeatedly, and I'd get better at it in time.And I would put time-bound on it because people would sit there and listen to me talk and then the elevator would arrive at our floor and they could escape and okay, they don't listen to me publicly speaking anymore, but you find time to practice in front of other folks. I am kidding, to be clear. Don't harass strangers with public speaking talks. That was in fact a joke. I know there's at least one person in the audience who's going to hear that and take notes and think, “Ah, I'm going to do that because he said it's a good idea.” This is the challenge with being a quote-unquote, “Role model” sometimes. My role model approach is to give people guidance by providing a horrible warning of what not to do.Mark: [laugh].Corey: You've gone the other direction and that's kind of awesome. So, one of the recurring themes of this show has been, where does the next generation come from? Where do we find the next generation of engineer, of person working in cloud in various ways? Because the paths that a lot of us walked who've been in this space for a decade or more have been closed. And standing here, it sounds an awful lot like, “Oh, go in and apply for jobs with a firm handshake and a printed copy of your resume and ask to see the manager and you'll have a job before dark.”Yeah, what worked for us doesn't work for people entering the workforce today, and there have to be different paths. Bootcamps are often the subject of, I think, a deserved level of scrutiny because quality differs wildly, and from the outside if you don't know the space, a well-respected bootcamp that knows exactly what it's doing and has established long-term relationships with a number of admirable hiring entities in the space and grifter who threw together a website look identical. It's a hard problem to solve. How do you view teaching the next generation and getting them into this space, assuming that that isn't something that is morally reprehensible? And some days, I wonder if exposing this industry to folks who are new to it isn't a problem.Mark: No, good question. So, I think in general—so I am pro bootcamp. I am pro self-taught. I was not always. And that's because of personal insecurity. Let's dive into that a little bit.So, I've been writing code since I was probably around 14 because I was lucky enough to go to a high school to had a computer science program on the south side of Chicago, one school. And then when I say I was lucky, I was really lucky because the school that I went to wasn't a high resource school; I didn't go to a private school. I went to a public school that just happened that one of the professors from IIT, also worked on staff a few days a week at my school, and we could take programming classes with this guy. Total luck. And so I get into computer science that way, take AP Computer Science in high school—which is, like, the pre-college level—then I go into undergrad, then I go into grad school for computer science.So, like, as traditional of a path that you can get. So, in my mind, it was all about my sweat equity that I had put in that disqualified everybody else. So, Corey, if you come from a bootcamp, you haven't spent the time that I spent learning to code; you haven't sweat, you haven't had to bleed, you haven't tried to write a two's complement algorithm on top of your other five classes for that semester. You haven't done it, definitely you don't deserve to be here. So, that was so much of my attitude, until—until—I got the opportunity to have my mind completely blown when I got asked to teach.Because when I got to asked to teach, I thought, “Yeah, I'm going to have my way of going in there and I'm going to show them how to do it right. This is my chance to correct these coding bootcampers and show them how it goes.” And then I find these people who were born for this life. So, some of us are natural talents, some of us are people who can just acquire the talent later. And both are totally valid.But I met this one student. She was a math teacher for years in Chicago Public Schools. She's like, “I want a career change.” Comes to the program that I taught at Northwestern, does so freaking well that she ends up getting a job at Airbnb. Now, if you have to make her go back four years at university, is that window still open for her? Maybe not.Then I meet this other woman, she was a paralegal for ten years. Ten years as a paralegal was the best engineer in the program when I taught, she was the best developer we had. Before the bootcamp was over, she had already gotten the job offer. She was meant for this. You see what I'm saying?So, that's why I'm so excited because it's like, I have all these stories of people who are meant for this. I taught, and I met people that changed the way I even saw the rest of the world. I had some non-binary trans students; I didn't even know what pronouns were. I had no idea that people didn't go by he/him, she/her. And then I had to learn about they and them and still teach you code without misgendering you at the same time, right because you're in a classroom and you're rapid-fire, all right, you—you know, how about this person? How about that person? And so you have to like, it's hard to take—Corey: Yeah, I can understand async, await, and JavaScript, but somehow understanding that not everyone has the pronouns that you are accustomed to using for people who look certain ways is a bridge too far for you to wrap your head around. Right. We can always improve, we can always change. It's just—at least when I screw up async, await, I don't make people feel less than. I just make—Mark: Totally.Corey: —users feel that, “Wow, this guy has no idea how to code.” You're right, I don't.Mark: Yeah, so as I'm on my soapbox, I'll just say this. I think coding bootcamps and self-taught programs where you can go online, I think this is where the door is the widest open for people to enter the industry because there is no requirement of a degree behind this. I just think that has just really opened the door for a lot of people to do things that is life-changing. So, when you meet somebody who's only making—because we're all engineers and we do all this stuff, we make a lot of money. And we're all comfortable. When you meet somebody where they go from 40,000 to 80,000, that is not the same story for—as it is for us.Corey: Exactly. And there's an entire school of thought out there that, “Oh, you should do this for the love because it is who you are, it is who you were meant to be.” And for some people, that's right, and I celebrate and cherish those folks. And there are other folks for whom, “I got into tech because of the money.” And you know what?I celebrate and cherish those folks because that is not inherently wrong. It says nothing negative about you whatsoever to want to improve your quality of life and wanting to support your family in varying ways. I have zero shade to throw at either one of those people. And when it comes to which of those two people do I want to hire, I have no preference in either direction because both are valid and both have directions that they can think in that the other one may not necessarily see for a variety of reasons. It's fine.Mark: I wanted to be an engineering manager. You know why? Not because I loved leadership; because I wanted more money.Corey: Yes.Mark: So, I've been in the industry for quite a long time. I'm a little bit on the older side of the story, right? I'm a little bit older. You know, for me, before we got ‘staff' and ‘principal' and all this kind of stuff, it was senior software engineer and then you topped out in terms of your earning potential. But if you wanted more, you became a manager, director, et cetera.So, that's why I wanted to be a manager for a while; I wanted more money, so why is my choice to be a manager more valuable than those people who want to make more money by coming into engineering or software development? I don't think it is.Corey: So, we've talked about positivity, we've talked about dealing with unpleasant people, we've talked about technology, and then, of course, we've talked about getting up on soapboxes. Let's tie all of that together for one last topic. What is your position on open-source in cloud?Mark: I think open-source software allows us to do a lot of incredible things. And I know that's a very light, fluffy, politically correct answer, but it is true, right? So, we get to take advantage of the brains of so many different people, all the ideas and contributions of so many different people so that we can do incredible things. And I think cloud really makes the world more accessible in general because—so when I used to do websites, I had to have a physical server that I would have to, like, try to talk to my ISP to be able to host things. And so, there was a lot of barriers to entry to do things that way.Now, with cloud and open-source, I could literally pick up a tool and deploy some software to the cloud. And the tool could you open-source so I can actually see what's happening and I could pick up other tools to help build out my vision for whatever I'm creating. So, I think open-source just gives a lot of opportunity.Corey: Oh, my stars, yes. It's even far more so than when I entered the field, and even back then there were challenges. One of the most democratizing aspects of cloud is that you can work with the same technologies that giant companies are using. When I entered the workforce, it's, “Wow, you're really good with Apache, but it seems like you don't really know a whole lot about the world of enterprise storage. What's going on with that?”And the honest answer was, “Well, it turns out that on my laptop, I can compile Apache super easily, but I'm finding it hard, given that I'm new to the workforce, to afford a $300,000 SAN in my garage, so maybe we can wind up figuring out that there are other ways to do it.” That doesn't happen today. Now, you can spin something up in the cloud, use it for a little bit. You're done, turn it off, and then never again have to worry about it except over in AWS land where you get charged 22 cents a month in perpetuity for some godforsaken reason you can't be bothered to track down and certainly no one can understand because, you know, cloud billing.Mark: [laugh].Corey: But if that's the tax versus the SAN tax, I'll take it.Mark: So, what I think is really interesting what cloud does, I like the word democratization because I think about going back to—just as a lateral reference to the bootcamp thing—I couldn't get my parents to see my software when I was in college when I made stuff because it was on my laptop. But when I was teaching these bootcamp students, they all deployed to Heroku. So, in their first couple of months, the cloud was allowing them to do something super cool that was not possible in the early days when I was coming up, learning how to code. And so they could deploy to Heroku, they could use GitHub Pages, you know like, open-source still coming into play. They can use all these tools and it's available to them, and I still think to me that is mind-blowing that I would have to bring my physical laptop or desktop home and say, “Mom, look at this terminal window that's doing this algorithm that I just did,” versus what these new people can do with the cloud. It's like, “Oh, yeah, I want to build a website. I want to publish it today. Publish right now.” Like, during our conversation, we both could have probably spent up a Hello World in the cloud with very little.Corey: Well, you could have. I could have done it in some horrifying way by using my favorite database: DNS. But that's a separate problem.Mark: [laugh]. Yeah, but I go to Firebase deploy and create a quick app real quick; Firebase deploy. Boom, I'm in the cloud. And I just think that the power behind that is just outstanding.Corey: If I had to pick a single cloud provider for someone new to the field to work with, it would be Google Cloud, and it's not particularly close. Just because the developer experience for someone who has not spent ten years marinating in cloud is worlds apart from what you're going to see in almost every other provider. I take it back, it is close. Neck-and-neck in different ways is also DigitalOcean, just because it explains things; their documentation is amazing and it lets people get started. My challenge with DigitalOcean is that it's not thought of, commonly, as a tier-one cloud provider in a lot of different directions, so the utility of learning how that platform works for someone who's planning to be in the industry for a while might potentially not get them as far.But again, there's no wrong answer. Whatever interests you, whenever you have to work on, do it. The obvious question of, “What technology should I learn,” it's, “Well, the ones that the companies you know are working with,” [laugh] so you can, ideally, turn it into something that throws off money, rather than doing it in your spare time for the love of it and not reaping any rewards from it.Mark: Yeah. If people ask me what should they use it to build something? And I think about what they want to do. And I also will say, “What will get you to ship the fastest? How can you ship?”Because that's what's really important for most people because people don't finish things. You know, as an engineer, how many side projects you probably have in the closet that never saw the light of day because you never shipped. I always say to people, “Well, what's going to get you to ship?” If it's View, use View and pair that with DigitalOcean, if that's going to get you to ship, right? Or use Angular plus Google Cloud Platform if that's going to get you to ship.Use what's going to get you to ship because—if it's just your project you're trying to run on. Now, if it's a company asking me, that's a consulting question which is a different answer. We do a much more in-detail analysis.Corey: I want to thank you so much for taking the time to speak with me about, honestly, a very wide-ranging group of topics. If people want to learn more about who you are, how you think, what you're up to, where can they find you?Mark: You can always find me spreading the love, being positive, hanging out. Look, if you want to feel better about yourself, come find me on Twitter at @marktechson—M-A-R-K-T-E-C-H-S-O-N. I'm out there waiting for you, so just come on and have a good time.Corey: And we will, of course, throw links to that in the [show notes 00:36:45]. Thank you so much for your time today.Mark: Oh, it's been a pleasure. Thanks for having me.Corey: Mark Thompson, developer relations engineer at Google. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry, deranged comment that you spent several weeks rehearsing in the elevator.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

For episode 400, Scott and Wes talk about web dev horror stories - 2021 edition! LogRocket - Sponsor LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It's an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax. Mux - Sponsor Mux Video is an API-first platform that makes it easy for any developer to build beautiful video. Powered by data and designed by video experts, your video will work perfectly on every device, every time. Mux Video handles storage, encoding, and delivery so you can focus on building your product. Live streaming is just as easy and Mux will scale with you as you grow, whether you're serving a few dozen streams or a few million. Visit mux.com/syntax. Linode - Sponsor Whether you're working on a personal project or managing enterprise infrastructure, you deserve simple, affordable, and accessible cloud computing solutions that allow you to take your project to the next level. Simplify your cloud infrastructure with Linode's Linux virtual machines and develop, deploy, and scale your modern applications faster and easier. Get started on Linode today with a $100 in free credit for listeners of Syntax. You can find all the details at linode.com/syntax. Linode has 11 global data centers and provides 24/7/365 human support with no tiers or hand-offs regardless of your plan size. In addition to shared and dedicated compute instances, you can use your $100 in credit on S3-compatible object storage, Managed Kubernetes, and more. Visit linode.com/syntax and click on the “Create Free Account” button to get started. Show Notes 02:54 - Hi guys, love the show. I wanted to share with you something that happened just the other day (Oct 4th), I was starting my new job today at a large tech company. They use React for everything (even DNS!, don't ask me how, it's complicated). I figured I'd celebrate my first day and push some code to prod, (how hard could useEffect be right?) Next thing you know, they ended up bringing in a guy with an angle grinder to get access to the server cage. 04:15 - No one from Denver can buy 06:38 - Bug accidentally gives $90 million to users https://www.cnbc.com/2021/10/01/defi-protocol-compound-mistakenly-gives-away-millions-to-users.html 08:34 - Share Pointy Knives Hi! I'm a developer at a consulting firm in Sweden, writing C# on the backend and using React with either JavaScript or TypeScript and hosting things in Azure 99% of the time (and 1% in SharePoint). I was in my last week at my last job before I was due to start my new job. Worked 12 h/day to keep up with all the handovers etc. to colleagues so they would have a chance to continue working on the solutions I have taken care of. One project was a process tool hosted in SharePoint Online. The guy who would oversee it had -1% experience with SharePoint (which I pointed out to my bosses). But to make things a bit easier, I wrote a deploy script to ease things a bit. Starts the terminal and runs the script towards the acceptance environment. Umpteen million errors appear… Which is strange, because there would only be about 20 commands (which can cause errors like these). I log into the environment to double check if I now accidentally entered the wrong values in the script (which looked okay according to me). But I get a 404 error when I try to reach the environment… I log into the admin interface; I discover that the site is gone… Also checking the trash can, there are no things there. Very strange. I find that I'm in a different folder than the one where I saved my script… In that folder there is an old deploy script that was used when the project was started a thousand years ago (which was not used after the project was “finished”). The first thing the script does is force delete the site and then try to create a new empty site… The site is gone with lists and everything (lists are a SharePoint thing, think of it as sql-lite), there are no backups of the acceptance environment (although it is very important). I just feel a little panicked about how I'm going to solve this. However, I remember testing a tool six months ago to copy entire environments. Where the first attempt was made on the acceptance environment. Finds the cloned environment and can use the same tool to clone it back. It took only 8-12 hours of work to create all the new things done in the environment in the last 6 months instead of X number of hours to build everything from scratch. Once I updated a feature that saves accessories on orders (same solution). However, I failed to add all the new fields to the production environment. Which meant that accessories were not saved at all… Which was discovered after a week… I fixed the error in 5 minutes and the sellers had to contact x number of customers to double check what kind of accessories they would have for their orders… 11:22 - External HD One time I needed to format a server. It was an outdated Windows server. I selected all the files and copied and pasted to an external hard drive. My drive was pretty fast and it took like a minute. I was like: “Wow! That's a great external hd”. Formatted the server and, as soon as I realized it didn't copy 10% of the files, I had that face. We all know that face. Anyways. Tried to restore the files using some HD recovery tools but they were all corrupted, not by the formatting itself but for the installation of the new OS. My boss was pissed! I was very young so I blame it on the server. I'm not proud of it. But why the heck they would ask a developer to format a server in the first place? By the way, my birthday is on Halloween. Spoooky. 13:07 - Hey Loser I was testing new code to automate mass-mailings to our customers. Who knows what demon drove me but I wrote the “test” mailings like ransom notes: “Dear loser! Fork over all your $$$ or else!” Well, all was looking great and I wa s feeling pretty pleased with myself. Progress bars were sliding and counters were spinning. But I could hear a rising commotion from the marketing guys behind me. Phones ringing, voices raised. Turns out I had moronically wired myself to the production database! Even worse for me, I'd only been at the company a month or two. I thought my goose was cooked and the Big Boss was plenty mad, but I owned up right away and apologized. We put out a cover story that we'd been hacked and all was forgiven. 15:01 - HE HATE ME I was part of the developer team that accidentally leaked the 8 cities the XFL, an alternate football league, a week before their press conference. ewrestling.com/article/wwe-ac… We were using Contentful and Gatsby. A junior dev entered the information into the prod space instead of the UAT space and when we released some bug fixes, it picked up the contact us content update. I found out after seeing stories pop up in Google News when I was about to go to sleep. Was taking the content down when we started getting calls from the CIO of the WWE. The league went bust because of COVID. 19:23 - I Don't Have Memory of This I had two pretty bad code changes that only showed their problems when they went live in production. Around 6 years ago, I was running into a large performance issue with some of our queries running slowly against this giant DB. We were using JPA/Hibernate and we had a bunch of joins that were done lazily. I switched a few of them to eager so that they would create a single SQL statement instead of a bunch (or thousands). The change worked fine on my dev environment, QA, and staging. Staging was supposed to be representative of production. So we went live and within minutes the entire system went down because of out of memory errors. We quickly switched back to the lazy joins. We found out that staging had more memory and fewer DB records than production though they were supposed to be exactly the same. 21:05 - Your Performance is Slowing us down Back when VMWare was becoming a thing, like 2010 or so. I was working at an ecomm site and we were seeing slow performance between the app server and some data services. I decided to build a little multithreaded logger that could track when a query to Oracle Financials was running too slow and generate a warning. Oracle Financials was doing the credit card transactions, orders, and all the rest of the sites DB work. The code had no impact on my dev, QA, and staging environments. We were hitting well over our minimum number of concurrent users. We deployed it to production and then the system got slower and slower, but never crashed. Again, production and staging were set up differently. Staging was a bare-metal server. Production was running on an ESXi server on a host that was split 4 ways. The multi-threaded code meant to detect performance degradations was slowing the whole system down when it tried to synchronize data across threads. I was pretty embarrassed by both these two issues. It went to show that production is its own special thing and that you really don't know if your server-side code is really going to work until it starts running there. 23:15 - Dead Button Way back when mainframes were king, a guy I worked with pushed a button in, that if released, would immediately take down the entire company. He stood there for 4 hours, holding the button in, until we could let it crash after business hours. We gave him a chair after 2 hours. 25:12 - No Deploys on Fridays I was a junior dev working on our company's website. They were HTML + nunjucks templates that were later being integrated with the backend using some Python witchcraft. There was also a metric ton of JS libraries added (like Babra for page transitions, threejs for a cool interactive animation on the landing page etc.). Didn't really get much of all this package.json stuff at that seniority level. So after running yarn or npm or whatever, and seeing some warnings about a couple packages being outdated, I decided to update some of them. It ran great locally, but I didn't build the prod version, as I didn't know there could be any differences. I was working on some minor feature (or maybe even some minor bug) and the PM decided there's no time for code review. So I pushed it to the repo, the backend guy did his integration, and launched it on prod. As it turned out, there were some breaking changes in one of the libraries I decided to update. It crashed the entire site. On Friday. At 4:30PM. And that, kids, is why you don't deploy on Fridays. 27:33 - Stupid Selfie Horror story for you Wes. I work for one of the biggest retailers in the UK and we were working on an app that would go on a ‘media wall' in their flagship store in London. Basically a giant 200-inch screen in the middle of the store that social content can go on. Turns out that I left my local Dev version connected to the production API when I uploaded a couple of stupid selfies of my big head in the office. Get a call the next day to ask why my face is on the medial wall. 28:37 - Soda I was a computer operator back in the late 1960's, operating a Honeywell mainframe. The consoles were huge, about the size of a dishwashing machine, with the console typewriter and printer inset in the middle, on top. I had a soft drink on the console, next to the typewriter mechanism. We were told never to bring a drink into the room but we all did it, especially on third shift. Long story short, someone called my name, I turned around and knocked the glass of soda into the console. Had to be completely replaced – machine was down for two days. My boss was not happy. 31:22 - Oof A bigger horror story. I had my own software company in the 90's and was in Singapore, customizing my software package for Johnson & Higgins Insurance Brokers – I had their Asian contract for my Insurance Broker/Accounting package. I spent a good 40 hours on Saturday and Sunday, making all the changes they asked for, getting ready for a demo on Monday morning. I finished up about 4am on Monday morning and was cleaning up my files. All this work was done on a Novell server. Print files had an extension of .prt and I had a ton of them in the main directory from all of the testing I had done. I was cleaning out old files, getting ready to back everything up and I thought I would delete all of the print files. I mistakenly keyed in erase *.prg, instead of erase *.prt (or whatever the delete command was – can't remember it now). Programming files have a .prg extension – I had deleted all of my updated files from the weekend. In desperation I called Novell in Utah, hoping they could help me recover the files, but no-go. The demo Monday morning was not fun. 33:24 - Young Dev I was a young dev right out of college. My first job was at a child support company where we had desktop apps that would handle case information more efficiently than using Excel. My first project was to write a POC that would later be implemented into a new, bigger app that consolidated all the “POCs” for various parts of the child support process. For some odd reason, I still don't know why to this day, my boss wanted me to write this “new” app on top of an old app with a bunch of legacy code. I never understood why but as a young dev fresh out of school, you tend to just do what you're told. In school, I mainly used PHP/HTML/CSS for learning how to work with a database; this job however used C#/.NET for their desktop apps so I was doing a lot of learning as I went. I remember finally learning how to connect to the database and run some SQL after fighting with this old pile of legacy code. In early versions, I chose to handle creates/updates for these records in the same function. My young, dumb self wrote a try catch statement that would attempt to create the record and if it failed, it would try to update the record. Before the first production release, I updated the flow to handle creates/updates in separate functions - but never removed the update in the catch block of the original function now used for creates only. Somehow I, or any PM/QA, never failed on a create and hit this catch block while testing. Fast-forward probably 9-12 months later, I got a ticket to investigate why every case's data looked the same in Production. I login to the app, search a few case numbers and sure enough, every case's data is the same. I began freaking out as I had no clue how this could've happened. I mean it had never happened in all the dev work, testing, and months of live Production use. After I investigated with a senior dev, we realized the try block had failed and the update query in the catch block ran for that record - we also realized that I left off the where clause in the related SQL query to specify which record needs updating - so ALL records got updated with this data. Thankfully, we kept regular back-ups and were able to restore the data to a recent timeframe without users losing a ton of work. We commented out that database update call and redeployed the code ASAP. Also the senior dev was cool about it and was like “hey, it happens to all of us at some point”. Let's just say I've learned a ton since then and definitely steer clear from writing code like that. You live and you learn I suppose. 38:40 - Where Wolf Here's my development tale of terror: One night I was burning the midnight oil trying to get caught up on a never-ending workload. At the time I was working for an online travel booking site. It was after 11, and the last thing I had to do for the night was to rename one of the hotels in our production database. So I wrote my query: UPDATE hotels SET name=‘Some Hotel Chain'; One problem, I FORGOT THE WHERE CLAUSE. Suddenly, over 5,000 hotels in our production database all had the same name. This was around 2003, so well before the time of point-in-time restores, and we were only backing up the database every week at that point. I was panicking. Fortunately, I had a dump of the production database that I had created only a couple of hours earlier sitting on my local hard drive. So thankfully, I was able to restore almost all of the hotel names, save for a couple that signed up after that data dump, and my boss was none the wiser. That's when I learned that working late hours is not worth it, because at some point you are so tired that you can no longer make good decisions. 41:19 - I Want Your Job When I first started out I worked for a consultancy and they trained us in sales meetings to help managers get promoted because we were coming in to make them “look good”. This was okay b/c obviously, we were coming in as a contractor; however, after being laid off due to 9/11 (yes, this was about 20 years ago), I was looking for a new job and during an interview when asked where I'd like to be in X years, I mentioned to the hiring manager that I wanted to eventually do what he was doing. Well, I guess he didn't take it that I wanted to make him get promoted to then take his spot. Safe to say I didn't get hired.

About ChrisChris Williams is a Enterprise Architect for World Wide Technology — a technology solution and service provider. There he helps customers design the next generation of public, private, and hybrid cloud solutions, specializing in AWS and VMware. His first computer was a Commodore 64, and he's been playing video games ever since.Chris blogs about virtualization, technology, and design at Mistwire. He is an active community leader, co-organizing the AWS Portsmouth User Group, and both hosts and presents on vBrownBag. He is also an active mentor, helping students at the University of New Hampshire through Diversify Thinking—an initiative focused on empowering girls and women to pursue education and careers in STEM.Chris is a certified AWS Hero as well as a VMware vExpert. Fun fact that Chris doesn't want you to know: he has a degree in psychology so you can totally talk to him about your feelings.Links: WWT: https://www.wwt.com/ Twitter: https://twitter.com/mistwire Personal site: https://mistwire.com vBrownBag: https://vbrownbag.com/team/chris-williams/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate: is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards, while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter? Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other, which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at Honeycomb.io/screaminginthecloud. Observability, it's more than just hipster monitoring.Corey: This episode is sponsored in part by our friends at Vultr. Spelled V-U-L-T-R because they're all about helping save money, including on things like, you know, vowels. So, what they do is they are a cloud provider that provides surprisingly high performance cloud compute at a price that—while sure they claim its better than AWS pricing—and when they say that they mean it is less money. Sure, I don't dispute that but what I find interesting is that it's predictable. They tell you in advance on a monthly basis what it's going to going to cost. They have a bunch of advanced networking features. They have nineteen global locations and scale things elastically. Not to be confused with openly, because apparently elastic and open can mean the same thing sometimes. They have had over a million users. Deployments take less that sixty seconds across twelve pre-selected operating systems. Or, if you're one of those nutters like me, you can bring your own ISO and install basically any operating system you want. Starting with pricing as low as $2.50 a month for Vultr cloud compute they have plans for developers and businesses of all sizes, except maybe Amazon, who stubbornly insists on having something to scale all on their own. Try Vultr today for free by visiting: vultr.com/screaming, and you'll receive a $100 in credit. Thats v-u-l-t-r.com slash screaming.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. One of the things I miss the most from the pre-pandemic times is meeting people at conferences or at various business meetings, not because I like people—far from it—but because we go through a ritual that I am a huge fan of, which is the exchange of business cards. Now, it's not because I'm a collector or anything here, but because I like seeing what people's actual titles are instead of diving into the morass of what we call ourselves on Twitter and whatnot. Today, I have just one of those folks with me. My guest is Chris Williams, who works at WWT, and his business card title is Enterprise Architect, comma AWS Cloud. Chris, welcome.Chris: Hi. Thanks for having me on the show, Corey.Corey: No, thank you for taking the time to speak with me. I have to imagine that the next line in your business card is, “No, I don't work for AWS,” because you know a company has succeeded when they get their name into people's job titles who don't work there.Chris: So, I have a running joke where the next line should actually be cloud therapist. And my degree is actually in psychology, so I was striving to get cloud therapist in there, but they still don't want to let me have it.Corey: Former guest Bobby Allen is now a cloud therapist over at Google Cloud, which is just phenomenal. I don't know what they're doing in a marketing context over there; I just know that they're just blasting them out of the park on a consistent, ongoing basis. It's really nice to see. It's forcing me to up my game a little bit. So, one of the challenges I've always had is, I don't like putting other companies' names into the title.Now, I run the Last Week in AWS newsletter, so yeah, okay, great, there's a little bit of ‘do as I say, not as I do' going on here. Because it feels, on some level, like doing unpaid volunteer work for a $2 trillion company. Speaking of, you are an AWS Community Hero, where you do volunteer work for a $2 trillion company. How'd that come about? What did you do that made you rise to their notice?Chris: That was a brilliant segue. Um—[laugh]—Corey: I do my best.Chris: So I, actually prior to becoming an AWS Community Hero, I do a lot of community work. So, I have run and helped to run four different community-led organizations: the Virtualization Technology User Group of New England; the AWS Portsmouth User Group, now the AWS Boston User Group; I'm a co-host and presenter for vBrownBag; I also do the New England AWS Community Day, which is a conglomeration of all the different user groups in one setting; and various and sundry other things, as well, along the way. Having done all of that, and having had a lot of the SAs and team members come and do speaking presentations for these various and sundry things, I was nominated internally by AWS to become one of their Community Heroes. Like you said, it's basically unpaid volunteer work where I go out and tout the services. I love talking about nerd stuff, so when I started working on AWS technologies, I really enjoyed it, and I just, kind of like, glommed on with other people that did it as well. I'm also a VMware vExpert, which basically use the exact same accolade for VMware. I have not been doing as much VMware stuff in the recent past, but that's kind of how I got into this gig.Corey: One of the things that strikes me as being the right move with respect to these, effectively, community voice accolades is Microsoft got something very right—they've been doing this a long time—they have their MVP program, but they have to re-invite people who have to requalify for it by whatever criteria they are, every year. AWS does not do this with their Heroes program. If you look at their Heroes page, there's a number of folks up there who have been doing interesting things in the cloud years ago, but then fell off the radar for a variety of reasons. In fact, the only way that I'm aware that you can lose Hero status is via getting a job at AWS or one of AWS competitors.Now, the hard part, of course, is well, who is Amazon's competitors? Basically everyone, but it mostly distills down to Microsoft, Google, and Oracle, as best I can tell, for Hero status. How does VMware fall on that spectrum? To be more specific, how does VMware fall on the spectrum of their community engagement program and having to renew, not, “Are they AWS's competitor?” To which the answer is, “Of course.”Chris: So, the renewal process for the VMware vExpert program is an annual re-up process where you fill out the form, list your contribution of the year, what you've done over the previous year, and then put it in for submission to the board of VMware vExperts who then give you the thumbs up or thumbs down. Much like Nero, you know, pass or fail, live or die. And I've been fortunate enough, so my vBrownBag contributions are every week; we have a show that happens every week. It can be either VMware stuff, or cloud in general stuff, or developer-related stuff. We cover the gamut; you know, people that want to come on and talk about whatever they want to talk about, they come on. And by virtue of that, we've had a lot of VMware speakers, we've had a lot of AWS speakers, we've had a lot of Azure speakers. So, I've been fortunate enough to be able to qualify each year with those contributions.Corey: I think that's the right way to go, from my perspective at least. But I want to get into this a little bit because you are an enterprise architect, which is always one of those terms that is super easy to make fun of in a variety of different ways. Your IDE is probably a whiteboard, and at some point when you have to write code, I thought you had a team of people who would be able to do that all for you because your job is to cogitate, and your artifacts are documentation, and the entire value of what you do can only be measured in the grand sweep of time, et cetera, et cetera, et cetera.Chris: [laugh].Corey: But you don't generally get to be a Community Hero for stuff like that, and you don't usually get to be a vExpert on the VMware side, by not having at least technical chops that make people take a second look. What is it you'd say it is you do hear for, lack of a better term?Chris: “What would you say ya, do you here, Bob?” So, I'm not being facetious when I say cloud therapist. There is a lot of working at the eighth layer of the OSI model, the political layer. There's a lot of taking the requirements from the customer and sending them to the engineer. I'm a people person.The easy answer is to say, I do all the things from the TOGAF certification manual: the requirements, risks, assumptions, and constraints; the logical, conceptual, and physical diagrams; the harder answer is the soft skill side of that, is actually being able to communicate with the various levels of the industry, figuring out what the business really wants to do and how to technically solution that and figure out how to talk to the engineers to make that happen. You're right EAs get made fun of all the time, almost as much as consultants get made fun of. And it's a very squishy layer that, you know, depending upon your personality and the personality of the customer that you're dealing with, it can work wonderfully well or it can crash and burn immediately. I know from personal experience that I don't mesh well with financials, but I'm really, really good with, like, medical industry stuff, just the way that the brain works. But ironically, right now I'm working with a financial and we're getting along like a house on fire.Corey: Oh, yeah. I've been saying for a while now that when it comes to cloud, cost and architecture are the same things, and I think that ties back to a lot of different areas. But I want to be very clear here that we talk about, I'm not super deep into the financials, that does not mean you're bad at architecture because working on finance means different things to different folks. I don't think that it is possibly a good architect in the cloud environment and not have a conception of, “Huh, that thing seems really expensive if I do it that way.” That is very different than having the skill of reading a profit and loss statement or understanding various implications of the time value of money calculation that a company uses, or how things get amortized.There are nuances piled on top of nuances in finance, and it's easy to sit here and think that oh, I'm not great at finance means I don't know how money works. That is very rarely true. If you really don't know how money works, you'll go start a cryptocurrency startup.Chris: [laugh]. So, I plugged back to you; I was listening to one of your old shows and I cribbed one of your ideas and totally went with it. So, I just said that there's the logical, conceptual, and physical diagrams of an environment; on one of your shows, you had mentioned a financial diagram for an environment, and I was like, “That's brilliant.” So, now when I go into a customer, I actually do that, too. I take my physical diagram, I strip out all of the IP addresses, and our names, and everything like that, and I plot down how much it's going to cost, like, “This is the value of the EC2 instance,” or, “This is how much this pipe is going to cost if you run this over it.” And they go bananas over it. So, thanks for providing that idea that I mercilessly stole.Corey: Kind of fun on a lot of levels. Part of the challenge is as things get cloudier and it moves away from EC2 instances, ideally the lie we would like to tell ourselves that everything's in an auto-scaling group. Great—Chris: Right.Corey: —stepping beyond that when you start getting into something that's even more intricately tied to a specific user, we're talking about effectively trying to get unit economic measures of every user, every thousand users is going to cost me X dollars to service them on average, on top of a baseline of steady-state spend that is going to increase differently. At that point, talking to finance about predictive models turn into, “Well, this comes down to a question of business modeling.” But conversely, for engineering minds that is exactly what finance is used to figuring out. The problem they have is, “Well, every time we hire a new engineer, we wind up seeing our AWS bill increase.” Funny how that works. Yeah, how do you map that to something that the business understands? That is part of what they do. But it does, I admit, make it much more challenging from a financial map of an environment.Chris: Yeah, especially when the customer or the company is—you know, they've been around for a while, and they're used to just like that large bolus of money at the very beginning of a data center, and they buy the switches, and they buy the servers, and they virtualize them, and they have that set cost that they knew that they had to plunk down at the beginning. And it's a mindset shift. And they're coming around to it, some faster than others. Oddly enough, the startups nowadays are catching on very quickly. I don't deal with a lot of startups, so it takes some finesse.Corey: An interesting inflection that I've seen is that there's an awful lot of enterprises out there that say, “Oh, we're like a startup.” Great. You mean with weird cultural inflections that often distill down to cult of personality, the constant worry about whether you're going to wind up running out of runway before finding product-market fit? And the rooms filled with—Chris: The eighty-hour work weeks? The—[laugh]—Corey: And they're like, “No, no, no, it's like the good parts.” “Oh, so you mean out the upside.” But you don't hear it the other way around where you have a startup that you're interviewing with, “Ha-ha, we're like an enterprise. We have a six-month interview process that takes 18 different stages,” and so on and so forth. However, we do see startups having to mature rapidly, and move up the compliance path as they're dealing with regulated entities and the rest, and wanting to deal with serious customers who have no sense of humor about, “Yeah, we'll figure that part out later as part of an audit document.”So, what we also see, though, is that enterprises are doing things that look a lot more startup-y. If I take a look at the common development environments and tools and techniques that big enterprises use, it looks an awful lot like how startups were doing it five or ten years ago. That is the slow and steady evolution of time. And what startups are doing today becomes enterprise tomorrow, and I can't shake the feeling that there's a sea of vendors out there who, in the event that winds up happening are eventually going to find themselves without a market at all. My model has been that if I go and found a Twitter for Pets style startup tomorrow and in ten years, it has grown to become an S&P 500 component—which is still easier to take seriously than most of what Tesla says—great.During that journey, at what point do I become a given company's customer because if there is no onboarding story for me to become your customer, you're in a long-tail decline phase. That's been my philosophy, but you are a—trademarked term—Enterprise Architect, so please feel free to tell me if I'm missing any of the nuances there, which I'm sure I am because let's face it, nuance is hard; sweeping statements are easy.Chris: As an architect, [laugh] it would be a disservice to not say my favorite catchphrase, it depends. There are so many dependencies to those kinds of sweeping statements. I mean, there's a lot of enterprises that have good process; there are a lot of enterprises that have bad process. And going back to your previous statement of the startup inside the enterprise, I'm hearing a lot of companies nowadays saying, “Oh, well, we've now got this brand new incubator system that we're currently running our little startup inside of. It's got the best of both worlds.”And I'm not going to go through the litany of bad things that you just said about startups, but they'll try to encapsulate that shift that you're talking about where the cheese is moving so quickly now that it's very hard for these companies to know the customer well enough to continue to stay salient and continue to be able to look into that crystal ball to stay relevant in the future. My job as an EA is to try to capture that point in time where what are the requirements today and what are the known detriments that you're going to see in your future that you need to protect against? So, that's kind of my job—other than being a cloud therapist—in a nutshell.Corey: I love the approach. My line has been that I do a lot of marriage counseling between engineering and finance, which is a fun term that also just so happens to be completely accurate.Chris: Absolutely. [laugh]. I'm currently being a marriage counselor right now.Corey: It's an interesting time. So, you had a viral tweet recently that honestly, I'm a bit jealous about. I have had a lot of tweets that have done reasonably well, but I haven't ever had anything go super-viral, where it was just a screenshot of a conversation you had with an AWS recruiter. Now, before we go into this, I want to make a couple of disclaimers here. Before I entered tech myself, I was a technical recruiter, and I can say that these people have hard jobs.There is a constant pressure to perform, it is a sales job that is unlike most others. If you sell someone a pen, great, you can wrap your head around what that's like. But you don't have to worry about the pen deciding it doesn't want to go home with the buyer. So, it becomes a double sale in a lot of weird ways, and there's a constant race to the bottom and there's a lot of competition in the space. It's a numbers game and a lot of folks get in and wash out who have terrible behaviors and terrible patterns, so the whole industry gets tainted—in some respects—like that. A great example of someone who historically has been a terrific example of recruiting done right has been Jill Wohlner. And she's one of the shining beacons of the industry as far as how to do these things in the right way—Chris: Yes.Corey: —but the fact that she is as exceptional as she is is in no small part because there's a lot of random folks coming by. All which is to say that our conversation going forward is not and should not be aimed at smacking around individual recruiters or recruiting as a whole because that is unfair. Now, that disclaimer has been given. Great, what happened?Chris: So, first off, shout out to Jill; she actually used to be a host on vBrownBag. So, hey girl. [laugh]. What happened was—and I have the utmost empathy and sympathy for recruiting; I actually used to have a side gig where I would go around to the local recruiting places around my area here and teach them how to read a cloud resume and how to read a req and try to separate the wheat from the chaff, and to actually have good conversations. This was back when cloud wasn't—this was, like, three or four years ago.And I would go in there and say, “This is how you recruit a cloud person nowadays.” So, I love good recruiters. This one was a weird experience in that—so when a recruiter reaches out to me, what I do is I take an assessment of my current situation: “Am I happy where I'm at right now?” The answer is, “Yes.” And if they ping me, I'll say, “Hey, I'm happy right now, but if you have something that is, you know, a million dollars an hour, taste-testing margaritas on St. John island in the sand, I'm all ears. I'm listening. Conversely, I also am a Community Hero, so I know a ton of people out in the industry. Maybe I can help you out with landing that next person.”Corey: I just want to say for the record, that is absolutely the right answer. And something like that is exactly what I would give, historically. I can't do it now because let's be clear here. I have a number of employees and, “Hey, Corey's out there doing job interviews,” sends a message that isn't good when it comes to how is that company doing anyway. I miss it because I enjoyed the process and I enjoyed the fun, but even when I was perfectly happy, it's, “Well, I'm not actively on the market, but I am interested to have a conversation if you've got something interesting.”Because let's face it, I want to hear what's going on in the market, and if I'm starting to hear a lot of questions about a technology I have been dismissive of, okay, maybe it's time to pay more attention. I have repeatedly been able to hire the people interviewing me in some cases, and sometimes I've gone on interviews just to keep my interview skills sharp and then wound up accepting the job because it turned out they did have something interesting that was compelling to me even though I was reasonably happy at the time. I will always take the meeting; I will always at least have a chat about what they're doing, and I think that doing otherwise is doing yourself a disservice in the long arc of your career.Chris: Right. And that's basically the approach that I take, too. I want to hear what's out there. I am very happy at World Wide right now, so I'm not interested, interested. But again, if they come up with an amazing opportunity, things could happen. So, I implied that in my response to him.I said, “I'm happy right now, thanks for asking, but let's set up the meeting and we can have a chat.” The response was unexpected. [laugh]. The response was basically, “If you're not ready to leave right now, it makes no sense for me to talk to you.” And it was a funny… interaction.I was like, “Huh. That's funny.” I'm going to tweet about that because I thought it was funny—I'm not a jerk, so I'm going to block out all of the names and all of the identifying information and everything—and I threw it up. And the commiseration was so impressive. Not impressive in a good way; impressive in a bad way.Every person that responded was like, “Yes. This has happened to me. Yes, this is”—and honestly, I got a lot of directors from AWS reaching out to me trying to figure out who that person was, apologizing saying that's not our way. And I responded to each and every single one of them. And I was like, “Somebody has already found that person; somebody has already spoken to that person. That being said, look at all of the responses in the timeline. When you tell me personally, that's not the way you do things, I believe that you believe that.”Corey: Yeah, I believe you're being sincere when you say this, however the reality of what the data shows and people's lived experience in the form of anecdotes are worlds apart.Chris: Yeah. And I'm an AWS Hero. [laugh]. That's how I got treated. Not to blow my own horn or anything like that, but if that's happening to me, either A, he didn't look me up and just cold-called me—which is probably the case—and b, if he treats me like that, imagine how he's treating everybody else?Corey: This episode is sponsored in part by something new. Cloud Academy is a training platform built on two primary goals. Having the highest quality content in tech and cloud skills, and building a good community the is rich and full of IT and engineering professionals. You wouldn't think those things go together, but sometimes they do. Its both useful for individuals and large enterprises, but here's what makes it new. I don't use that term lightly. Cloud Academy invites you to showcase just how good your AWS skills are. For the next four weeks you'll have a chance to prove yourself. Compete in four unique lab challenges, where they'll be awarding more than $2000 in cash and prizes. I'm not kidding, first place is a thousand bucks. Pre-register for the first challenge now, one that I picked out myself on Amazon SNS image resizing, by visiting cloudacademy.com/corey. C-O-R-E-Y. That's cloudacademy.com/corey. We're gonna have some fun with this one!Corey: Every once in a while I get some of their sourcers doing outreach to see folks who are somewhat aligned on them via LinkedIn or other things, and, “Oh, okay, yeah; if you look at the things I talked about in various places, I can understand how I might look like a potentially interesting hire.” And they send outreach emails to me, they're always formulaic, and once in a while, I'll tweet a screenshot of them where I redact the person's name, and it was—and there's a comment, like, “Should I tell them?” Because it's fun; it's hilarious. But I want to be clear because that often gets misconstrued; they have done absolutely nothing wrong. You've got to cast a wide net to find talent.I'm surprised I get as few incidents of recruiter outreach as I do. I am not hireable and that's okay, but I don't begrudge people reaching out. I either respond with a, “No thanks,” if it's a particularly good email, or I just hit the archive button and never think about it again. And that's fine, too. But I don't make people feel like a jerk for asking, and that is an engineering behavioral pattern that drives me up a wall.It's, “So, I'm thinking about a job here and I'm wondering if you might be a fit,” and your response is just to set them on fire? Well, guess what an awful lot of those people sending out those emails in the sourcing phase of recruiting are early career, and guess what, they tend to get promoted in the fullness of time. Sometimes they're no longer recruiting at all; sometimes they wind up being hiring managers in different ways or trying to figure out what offer they're going to extend to someone. And if you don't think that people in those roles remember when they're treated poorly as a response to their outreach, I have news for you. Don't do it. Your reputation lingers long after you no longer work there.Chris: Just exactly so. And I feel really bad for that guy.Corey: I do hope that he was not reprimanded because he should not be. It is clearly a systemic problem, and the fact that one person happened to do this in a situation where it went viral does not mean that they are any worse than other folks doing it. It is a teachable opportunity. It is, “I know that you have incredible numbers of roles to hire for, all made all the more urgent by the fact that you're having some significant numbers of departures—clearly—in the industry right now.” So, I get it; you have a hard job. I'm not going to waste your time because I don't even respond to them just because, at AWS particularly, they have hard work to do, and just jawboning with me is not going to be useful for them.Chris: [laugh].Corey: I get it.Chris: And you're trying to hire the same talent too. So.Corey: Exactly. One of the most egregious things I've seen in the course of my career was when that whole multiple accounts opened for Wells Fargo's customers and they wound up firing 3500 people. Yeah, that's not individual tellers doing something unethical. That is a systemic problem, and you clean house at the top because you're not going to convince me that you're hiring that many people who are unethical and setting out to do these things as a matter of course. It means that the incentives are wrong, it means that the way you're measuring things are wrong, and people tend to do things out of fear or because there's now a culture of it. And if you fire individuals for that, you're wrong.Chris: And that was the message that I conveyed to the people that reached out to me and spoke to me. I was like, there is a misaligned KPI, or OKR, or whatever acronym you want to use, that is forcing them to do this churn-and-burn mentality instead of active, compassionate recruiting. I don't know what that term is; I'm very far removed from the recruiting world. But that person isn't doing that because they're a jerk. They're doing that because they have numbers to hit and they've got to grind out as many as humanly possible. And you're going to get bad employees when you do that. That's not a long-term sustainable path. So, that was the conversation that I had with them. Hopefully, it resonated and hits home.Corey: I still remember from ten years ago—and I don't always tell the story, but I absolutely will now—I went up to San Francisco when I lived in Los Angeles; I interviewed with Yammer. I went through the entire process—this was not too long before they got acquired by Microsoft so that gives you some time basis—and I got a job offer. And it was a not ridiculous offer. I was going to think about it, and I [unintelligible 00:24:19], “Great. Thank you. Let me sleep on this for a day or two and I'll get back to you definitely before the end of the week.”Within an hour, I got a response rescinding the offer claiming it had been sent by mistake. Now, I believe that that is true and that they are being sincere with this. I don't know that if it was the wrong person; I don't know if that suddenly they didn't have the req or they had another candidate that suddenly liked better that said no and then came back and said yes, but it's been over a decade now and every time I talk to someone who's considering something in that group, I tell this story. That's the sort of thing that leaves a mark because I have a certain philosophy of I don't ever resign from a job before I wind up making sure everything is solid—things are signed, good to go, the background check clears, et cetera—because I don't want to find myself suddenly without income or employment, especially in that era. And that was fine, but a lot of people don't do that.As soon as the offer comes in, they're like, “I'm going to go take a crap on my boss's desk,” which, let's be clear, I don't recommend. You should write a polite and formulaic resignation letter and then you should email it to your boss, you should not carve it into their door. Do this in a responsible way, and remember that you're going to encounter these people again throughout your career. But if I had done that, I would have had serious problems. And so that points to something systemically awful at a company.I have never in my career as a hiring manager extended an offer and then rescinded it for anything other than we can't come to an agreement on this. To be clear, this is also something I wonder about in the space, when people tell stories about how they get a job offer, they attempt to negotiate the offer, and then it gets withdrawn. There are two ways that goes. One is, “Well if you're not happy with this offer, get out of here.” Yeah, that is a crappy company, but there's also the story of people who don't know how to negotiate effectively, and in turn, they come back with indications that you do not know how to write a business email, you do not know how negotiations work, and suddenly, you're giving them a last-minute opportunity to get out before they hire someone who is going to be something of a wrecking ball in the company, and, “Whew, dodged a bullet on that.”I haven't encountered that scenario myself, but I've seen it from other folks and emails that have been passed around in various channels. So, my position on this is everyone should negotiate offers, but visit fearlesssalarynegotiation.com, it's run by my friend, Josh; he has a whole bunch of free content on his site. Look at it. Read it. It is how to handle this stuff effectively and why things are the way that they are. Follow his advice, and you won't go too far wrong. Again, I have no financial relationship, I just like what he's done a lot and I've been talking to him for years.Chris: Nice. I'll definitely check that out. [laugh].Corey: Another example is developher—that's develop H-E-R dot com. Someone else I've been speaking to who's great at this takes a different perspective on it, and that's fine. There's a lot of advice out there. Just make sure that whoever it is you're talking to about this is in a position to know what they're talking about because there's crap advice that's free. Yeah. How do you figure out the good advice and the bad advice? I'm worried someone out there is actually running Route 53 is a database for God's sake.Chris: That's crazy talk. Who would do that? That's madness.Corey: I can't imagine it.Chris: We're actually in the process of trying to figure out how to do a panel chat on exactly that, like, do a vBrownBag on salary negotiations, get some really good people in the room that can have a conversation around some of the tough questions that come around salary negotiation, what's too much to ask for? What kind of attitude should you go into it with? What kind of process should you have mentally? Is it scrawling in crayon, “No. More money,” and then hitting send? Or is it something a little bit more advanced?Corey: I also want to be clear that as you're building panels and stuff like that—because I got this wrong early on in my public speaking career, to be clear—I built talks aligned with this based on what worked for me—make sure that there are folks on the panel who are not painfully over-represented as you and I are because what works for us and we're considered oh, savvy business people who are great negotiators comes across as entitled, or demanding, or ooh, maybe we shouldn't hire her—and yes, I'm talking about her in a lot of these scenarios—make sure you have a diverse group of folks who can share lived experience and strategies that work because what works for you and me is not universal, I promise.Chris: So, the only requirement to set this panel is that you have to be a not-white guy; not-old-white guy. That's literally the one rule. [laugh].Corey: I like the approach. It's a good way to do it. I don't do manels.Chris: Yes. And it's tough because I'm not going to get into it, but the mental space that you have to be in to be a woman in tech, it's a delicate balance because when I'm approaching somebody, I don't want to slide into their DMs. It's like this, “Hey, I know this other person and they recommended you and I am not a weirdo.” [laugh]. As an old white guy, I have to be very not a weirdo when I'm talking to folks that I'm desperate to get on the show.Because I love having that diverse aspect, just different people from different backgrounds. Which is why we did the entire career series on vBrownBag. We did data science with Ayodele; we did how to get into cybersecurity with Christoph. It was a fantastic series of how to get into IT. This was at the beginning of the pandemic.We wanted to do a series on, okay, there's a lot of people out there that are furloughed right now. How do we get some people on the show that can talk to how to get into a part of IT that they're passionate about? We did a triple series on how to get into game development with Dennis Diack, the founder of Apocalypse Studios. We had a bunch of the other AWS Heroes from serverless, and Lambda, and AI on the show to talk, and it was really fantastic and I think it resonated well with the community.Corey: It takes work to have a group of guests on things like podcasts like this. You've been running vBrownBag for longer than I've been running this, and—Chris: 13 years now.Corey: Yeah. This is I think, coming up on what, four years-ish, maybe three, in that range? The passing of time, especially in a pandemic era, is challenging. And there's always a difference. If I invite a white dude to come on the podcast, the answer is yes before I get the word podcast fully out of my mouth, whereas folks who are not over-represented, they're a little more cautious. First, there's the question of, “Am I a trash bag?” And the answer is, “No.” Well, no, not in the way that you're concerned about other ways—Chris: [laugh]. That you're aware of. [laugh].Corey: Oh, God, yes, but—yeah. And then—and that's part of it, and then very often, there's a second one of, “Well, I don't think I have anything, really, to talk about,” is often a common objection here. And it's, yeah, if I'm inviting you on this show, I promise that's not true. Don't worry about that piece of it. And then it's the standard stuff that just comes with being me, of, “Yeah, I've read your Twitter feed; you got to insult me here?” It's, “No, no, not really the same tone. But great question; throw the”—it goes down to process. But it takes constant work, you can't just put an open call out for guest nominations, and expect that to wind up being representative of our industry. It is representative of our biases, in many respects.Chris: It's a tough needle to thread. Because the show has been around for a long time, it's easier for me now, because the show has been around for 13 years. We actually just recorded our two thousandth and sixtieth episode the other night. And even with that, getting that kind of outreach, [#techtwitter 00:31:32] is wonderful for making new recommendations of people. So, that's been really fun. The rest of Twitter is a hot trash fire, but that's beside the point. So yeah, I don't have a good solution for it. There's no easy answer for it other than to just be empathic, and communicative, and reach people on their level, and have a good show.Corey: And sometimes that's all it takes. The idea behind doing a podcast—despite my constant jokes—it's not out of a love affair of the sound of my own voice. It's about for better or worse, for reasons I don't fully understand, I have a platform. People listen to the show and they care what people have to say. So, my question is, how can I wind up using that platform to tell stories that lift up narratives that are helpful for folks that they can use as inspiration—in my case, as critical warnings of what to avoid—and effectively showcasing some of the best our industry has to offer, in many respects.So, if the guest has a good time and the audience can learn something, and I'm not accidentally perpetuating horrifying things, that's really more than I have any right to ask from a show like this. The fact that it's succeeded is due in no small part to not just an amazing audience, but also guests like you. So, thank you.Chris: Oh no, Thank you. And it is. It's… these kinds of shows are super fun. If it wasn't fun, I wouldn't have done it for as long as I have. I still enjoy chatting with folks and getting new voices.I love that first-time presenter who was, like, super nervous and I spend 15 minutes with them ahead of the show, I say, “Okay, relax. It's just going to be me and you facing each other. We're going to have a good time. You're going to talk about something that you love talking about, and we're going to be nerds and do nerd stuff. This is me and you in front of a water cooler with a whiteboard just being geeks and talking about cool stuff. We're also going to record it and some amount of people is going to see it afterwards.” [laugh].And yeah, that's the part that I love. And then watching somebody like that turn into the keynote speaker at a conference ten years down the road. And I get to say, “Oh, I knew that person when.”Corey: I just want to be remembered by folks who look back fondly at some of the things that we talk about here. I don't even need credit, just yeah. People who see that they've learned things and carry them forward and spread to others, there's so many favors that people have done for us that we can only ever pay forward.Chris: Yeah, exactly. So—and that's actually how I got into vBrownBag. I came to them saying, “Hey, I love the things that you guys have done. I actually passed my VCIX because of watching vBrownBags. What can I do to help contribute back to the community?” And Alistair said, “Funny you should mention that.” [laugh]. And here we are seven years later.Corey: Well, to that end, if people are inspired by what you're saying and they want to hear more about what you have to say or, heaven forbid, follow in your footsteps, where can they find you?Chris: So, you can find me on Twitter; I am at mistwire.com—M-I-S-T-W-I-R-E; if you Google ‘mistwire,' I am the first three pages of hits; so I have a blog; you can find me on vBrownBag. I'm hard to miss on Twitter [laugh] I discourage you from following me there. But yeah, you can hit me up on all of the formats. And if you want to present, I'd love to get you on the show. If you want to learn more about what it takes to become an AWS Hero or if you want to get into that line of work, I highly discourage it. It's a long slog but it's a—yeah, I'd love to talk to you.Corey: And we of course put links to that in the [show notes 00:35:01]. Thank you so much for taking the time to speak with me, Chris. I really appreciate it.Chris: Thank you, Corey. Thanks for having me on.Corey: Chris Williams, Enterprise Architect, comma AWS Cloud at WWT. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with a comment telling me that while you didn't actively enjoy this episode, you are at least open to enjoying future episodes if I have one that might potentially be exciting.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Brought to you by TogetherLetters! In this episode: Tesla officially launches its insurance using ‘real-time driving behavior,' starting in Texas Governor Wants to Prosecute Journalist Who Clicked ‘View Source' on Government Site US govt reveals three more ransomware attacks on water treatment plants this year Facebook is planning to rebrand the company with a new name Spotify Adds Virtual Merch Tables for Music Artists in Pact With Shopify Microsoft now lets you test Android apps on Windows 11 PayPal Is Exploring a Purchase of Pinterest AD BREAK Continuous scrolling comes to Search on mobile The Pixel 6 and 6 Pro can make calling customer service less nightmarish Valve bans blockchain games and NFTs on Steam, Epic will try to make it work Bitcoin Hits All-Time High Above $66K on Strength of ProShares ETF Debut Silicon Valley entrepreneur Sam Altman wants to scan your eyes in exchange for free cryptocurrency Weird and Wacky: DIY Airless Bicycle Tires https://duckduckgo.com/tty/ Woman Realizes AirTag Has Been Tracking Her For Hours — But Police Say They Can't Do Anything Until Stalker Shows Up How the Search for Extraterrestrial Life Helped Make Your Smartphone's Screen Possible Tech Rec: Sanjay - Hemingway App Adam - Cloudflare family DNS protection --- Send in a voice message: https://anchor.fm/techtalkyall/message

Thank you for joining us for our 2nd Cabral HouseCall of the weekend! I'm looking forward to sharing with you some of our community's questions that have come in over the past few weeks… Let's get started!    Darren: Good day Dr Cabral. Hope all is well with you and family. I read James Nestor's Breathing book on your recommendation and after hearing him on your show. What are your thoughts on "mewing" as recommended in the book. If it's something you believe has benefits (or drawbacks) is it possible for you to discuss it further? Thank you Anonymous: Hi dr cabral, thank you infinitely for all you do and your passion for sharing your knowledge with us.. i love listening to the podcast. My question is for my daughter who is 18. She is in college and is busy. She enjoys exercising and is on the cheer team so lots of tumbling and is active but she suffers from anxiety. Some days worse than others, especially these days. I too have it. I take the adrenal soothe. Would that be something that she could take as well ? Any other suggestions ? Thanks so much again - take care Nicole: Hi Dr Cabral! First off, thank you for all of the time and effort you put in…it is GREATLY appreciated! I have been struggling with severe cramping, bloating and back pain about 7 days before my period starts. I've also had lab work done over the years and it has shown that my progesterone typically peaks within a high range during first half of luteal phase but then drops off “earlier than desired” (a quote from my RE). My question is, could my low progesterone be solely due to high cortisol (which I already know is one of my issues) or could it be caused by insufficient egg quality/premature ovarian failure? Is there any way to know for sure? Can the two be related? Any other advice on how to increase egg quality would be greatly appreciated! Carrie-Ann: Thank you a million times over for all that you do for this world. 12 months ago I did the big 5 labs and in the last 12 months I have done the 21 detox, CBO protocol with finisher and citrocidal drops, intestinal cleanse, heavy metal detox, 7 day detox, another 3 weeks of citrocidal drops (as symptoms hadn't cleared) and I continue to take your DNS, DFVB, magnesium, zinc, probiotic, vitamin C and D, fish and fish oil daily. I am IHP level 2 certified and also I have been a chiropractor for the last 20 years. I've lived a natural healthy lifestyle for the last 15-20 years. After having my first baby 10 years ago I developed psoriasis and now also have high grade cervical dysplasia. Since starting your protocols I've had some great things change. My two fungal toenails are almost all grown out normal and I've had 2 plantar warts on the soles of my feet for years and they are both gone. I'm thrilled about both these changes as it really lets me know things are improving internally. Although I have seen no change in my psoriasis and I still have high grade cervical dysplasia (confirmed 2 weeks ago with biopsy and colposcopy). So finally to my question, what more can I do? I have no other symptoms. Digestion is great, I sleep well, my stress levels are low and I love my life. Lilly:  Hi doctor Cabral, After you talked about your experience with a CGM, I started wearing one and am learning so much about my diet. Thank you for that great tip! I've noticed that my sugar drops extremely low a few times a night and I usually wake up when that happens. I think I know what's causing it: I eat a very early dinner and fast until breakfast. And I know that in order to prevent the nighttime dips, it would be good to eat something before sleep, but I really don't want to break my (clean) fast. Is there anything you could recommend to prevent the nighttime hypoglycemia, without using food? Thanks so much! Lilly Richard: Hello Dr. Cabral, First off I want to say thank you for all that you do. Your passion for helping people is truly remarkable and it is much appreciated! My question is regarding the use of iodine with autoimmune diseases, particularly Hashimotos. I have done a lot of research on this and listened to some of the top autoimmune specialists and most of them seem to agree that taking iodine, whether from foods or supplements, can do more harm than good. Their argument is that an autoimmune condition is basically and overactive immune system and Iodine can also increase the activity of the immune system, which in turn increases the autoimmunity. They claim there are numerous research papers in scientific literature that shows when Hashimotos patients are given iodine, their autoimmune condition can flare up. I would love to hear you thoughts on this and whether or not you recommend iodine for your patients that have Hashimotos. Thank you so much!! Thank you for tuning into this weekend's Cabral HouseCalls and be sure to check back tomorrow for our Mindset & Motivation Monday show to get your week started off right!  - - - Show Notes & Resources: http://StephenCabral.com/2088 - - - Get Your Question Answered: http://StephenCabral.com/askcabral   - - - Dr. Cabral's New Book, The Rain Barrel Effect https://amzn.to/2H0W7Ge - - - Join the Community & Get Your Questions Answered: http://CabralSupportGroup.com - - -  Dr. Cabral's Most Popular At-Home Lab Tests: > Complete Minerals & Metals Test (Test for mineral imbalances & heavy metal toxicity) - - - > Complete Candida, Metabolic & Vitamins Test (Test for 75 biomarkers including yeast & bacterial gut overgrowth, as well as vitamin levels) - - - > Complete Stress, Mood & Metabolism Test (Discover your complete thyroid, adrenal, hormone, vitamin D & insulin levels) - - - > Complete Stress, Sleep & Hormones Test (Run your adrenal & hormone levels) - - - > Complete Food Sensitivity Test (Find out your hidden food sensitivities) - - - > Complete Omega-3 & Inflammation Test (Discover your levels of inflammation related to your omega-6 to omega-3 levels) - - - > View all Functional Medicine lab tests (View all Functional Medicine lab tests you can do right at home for you and your family)

join Scotty, Holly, Eddie Pedroza and Rachel Barnsess for Ten Junk Miles in which they discuss the Chicago Marathon (and everyone's virtual marathons)The Girl With The Dragon Tattoo, DNS'ing and singing up for races during other races, Bonk Calls, Goodfellas, New UCANN Flavor, Hennepin, and much much more!!! Also brought to you by Goodr ....the best darn glasses you can buy in America for under $30 today!!  Shop from here: https://goodr.com/pages/tjm  This episode brought to you by our friends at UCAN!.  Try the new Gell flavor!!!  Get 20% off with the Code "Tenjunkmiles" here: www.ucan.co Website: http://www.tenjunkmiles.com/ Patreon: https://www.patreon.com/tenjunkmiles Twitter: https://twitter.com/tenjunkmiles Instagram: https://www.instagram.com/tenjunkmiles/ Facebook: https://www.facebook.com/TenJunkMiles/

Kyle Robidoux was ready to run the Boston Marathon this year, with Tina as his guide, until fate intervened in the form of a stress fracture.  Any runner would be gutted to have to DNS, and Kyle is no exception.  However, he's well versed in overcoming adversity and tough situations. When he was eleven, he was diagnosed with retinitis pigmentosa (RP), a degenerative eye disease that can lead to blindness, and he was declared legally blind at nineteen.  Today he shares the story of his journey, how he ensures that he isn't defined by the boundaries that others place on him, and a few beer recommendations. “I had high cholesterol, high blood pressure in my early 30s and I knew I needed a lifestyle change.”  In 2010 Kyle found that he got tired playing with his two year old daughter; he got tired bending over to tie his shoelaces, for that matter.  He was overweight, his biomarkers were bad, and he knew he had to improve his health. He started walking, then running, gradually increasing the time he ran.  He didn't have a goal in mind, other than trying to run a few minutes longer every week.   “When I hit two hours I said, ‘wow, when am I ever going to be able to run two hours again? I should sign up for a race.'  And that was when I signed up for my first half marathon.”  One day, his intended 90 minute run extended to an hour and 45 minutes. He felt great, so he kept going, and when he hit two hours, he realized he was ready for a half marathon. Since then, he's  completed over 25 marathons and ultras, including five 100 milers and the grueling six-day, 120 mile Transrockies Run. Getting to that point wasn't easy, not only in the sense of the physical training, but coming to terms with the progressive loss of his eyesight. “I felt angry because all these things were being taken away from me, and what I realized at the end was I was giving up on all those things that I loved and I just needed to adapt and change things up a little bit in order to continue doing them.” When Kyle was diagnosed with RP, doctors said that he would be totally blind by college.  He and his parents talked about some aspects of the prognosis, but didn't address the emotional impact of vision loss.  And for a time, they didn't have to.  Kyle was declared legally blind at 19, but it wasn't until his late twenties, he says, that “it really started taking things away from me that I loved, like skiing independently and playing recreational baseball and pick up leagues for baseball and softball. And I was just becoming really bitter and angry.”   At the urging of his then girlfriend, now his wife, he started seeing a therapist.  It was hard for him at first, but ultimately it helped him work through the loss and anger, and gave him tools to cope with his diminishing eyesight.  Now he encourages anyone struggling emotionally to at least give therapy a try.  As he says, “you don't have to commit 100%, but  if folks go once or twice, I feel like you start to see the benefits really quickly, even if it's just once a week for an hour.  I think there's tremendous value in that and I certainly feel like if I would have started it earlier, it would have been much more beneficial to my overall well being, and quite possibly my physiological and physical health, in addition to my mental health.”  “And then I asked, I'm like, ‘well, you know because I am an idiot and have an ego sometimes, what happens if I do run Boston?” The coping mechanisms that he's learned through therapy are helping Kyle now, as he processes not being able to run the Boston Marathon.  He's run it the past eight or nine years, and was ready to continue that streak this year, with Tina as his guide.  But shortly before race day he was diagnosed with a stress fracture in his foot, and reluctantly accepted that it would be best not to run.  He could have done it, albeit painfully, but it would have resulted in having to take up to four months off from running, rather than 3 - 8 weeks.  The tradeoff, he concluded, wasn't worth it. Since he's usually running Boston, he's only spectated there once, so this year, he says, “I'm gearing myself up to get really excited to cheer.”  Oh, and also to get together with friends to have a few beers and possibly fill squirt guns with Fireball to shoot at people as they walk by.  Basically, he says, “I'm hoping to truly embrace the spectator side of what is so special about the Boston marathon.” “I would just say that anyone and everyone can be a guide.” Kyle runs accompanied by a guide.  Guides are needed for runners of all abilities, and there's training and support available for anyone who would like to be one.  United in Stride can help you locate runners who are visually impaired in your community and connect with them.  Achilles International has a list of their chapters around the country.  Kyle strongly believes that “with a little bit of training and support and strong communication everyone can be a sighted guide.” “I tell folks also that part of being a sighted guide, it's great because you're volunteering while doing something you'd already be doing if you're an active runner, right?” Resources: Kyle's website Kyle's Instagram Kyle's Twitter United in Stride Running for Real podcast with Rich Hunter, founder of United in Stride Achilles International Thank you to goodr, Athletic Greens, and Beam for sponsoring this episode. I have been a fan of goodr for YEARS and I literally have their sunglasses all over my house. I recently had an episode with co-founder Stephen Lease where he tells the story behind his company and I appreciate him being honest with me about it. The design behind these sunglasses really takes into consideration look and comfort. They are 100% carbon neutral and a part of 1% for the Planet.   Go here and use the code TINA15 for 15% off your order. Athletic Greens is a simple and easy way to get 75 vitamins, minerals, and whole food source ingredients to help strengthen your immune system. It's simple to make and it tastes good! Go here to get a FREE year's supply of Vitamin D and five FREE travel packs with your subscription. A new product that I've been trying out is Beam; they help athletes with balance, performance, and recovery. I've used “elevate energy” and “elevate balance” and the flavors were great. I felt that the hydrating electrolyte energy powder, formulated with beetroot, green coffee bean, and citrulline, really helped me and I know it will help you too. Go here and use code TINA for 15 % off your order or 20% off a subscription. Thanks for listening! We know there are so many podcasts you could be listening to, and we are honored you have chosen Running For Real.  If you appreciate the work that we do, here are a few things you can do to support us: Take a screenshot of the episode, and share it with your friends, family, and community on social media, especially if you feel that the topic will resonate with them.  Be sure to tag us on Twitter, Facebook, Instagram If you are struggling through something a guest mentions, chances are others are too, and you will help them feel less alone.  Leave an honest review on iTunes or your favorite podcast player. Your ratings and reviews will really help us grow and reach new people. Not sure how to leave a review or subscribe?  You can find out here. "Thank you" to Kyle.  We look forward to hearing your thoughts on the show.

About ChloeChloe is a Bay Area based Cloud Advocate for Microsoft. Previously, she worked at Sentry.io where she created the award winning Sentry Scouts program (a camp themed meet-up ft. patches, s'mores, giant squirrel costumes, and hot chocolate), and was featured in the Grace Hopper Conference 2018 gallery featuring 15 influential women in STEM by AnitaB.org. Her projects and work with Azure have ranged from fake boyfriend alerts to Mario Kart 'astrology', and have been featured in VICE, The New York Times, as well as SmashMouth's Twitter account. Chloe holds a BA in Drama from San Francisco State University and is a graduate of Hackbright Academy. She prides herself on being a non-traditional background engineer, and is likely one of the only engineers who has played an ogre, crayon, and the back-end of a cow on a professional stage. She hopes to bring more artists into tech, and more engineers into the arts.Links: Twitter: https://twitter.com/ChloeCondon Instagram: https://www.instagram.com/gitforked/ YouTube: https://www.youtube.com/c/ChloeCondonVideos TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at Vultr. Spelled V-U-L-T-R because they're all about helping save money, including on things like, you know, vowels. So, what they do is they are a cloud provider that provides surprisingly high performance cloud compute at a price that—while sure they claim its better than AWS pricing—and when they say that they mean it is less money. Sure, I don't dispute that but what I find interesting is that it's predictable. They tell you in advance on a monthly basis what it's going to going to cost. They have a bunch of advanced networking features. They have nineteen global locations and scale things elastically. Not to be confused with openly, because apparently elastic and open can mean the same thing sometimes. They have had over a million users. Deployments take less that sixty seconds across twelve pre-selected operating systems. Or, if you're one of those nutters like me, you can bring your own ISO and install basically any operating system you want. Starting with pricing as low as $2.50 a month for Vultr cloud compute they have plans for developers and businesses of all sizes, except maybe Amazon, who stubbornly insists on having something to scale all on their own. Try Vultr today for free by visiting: vultr.com/screaming, and you'll receive a $100 in credit. Thats v-u-l-t-r.com slash screaming.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate: is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards, while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter? Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other, which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at Honeycomb.io/screaminginthecloud. Observability, it's more than just hipster monitoring.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Somehow in the years this show has been running, I've only had Chloe Condon on once. In that time, she's over for dinner at my house way more frequently than that, but somehow the stars never align to get us together in front of microphones and have a conversation. First, welcome back to the show, Chloe. You're a senior cloud advocate at Microsoft on the Next Generation Experiences Team. It is great to have you here.Chloe: I'm back, baby. I'm so excited. This is one of my favorite shows to listen to, and it feels great to be a repeat guest, a friend of the pod. [laugh].Corey: Oh, yes indeed. So, something-something cloud, something-something Microsoft, something-something Azure, I don't particularly care, in light of what it is you have going on that you have just clued me in on, and we're going to talk about that to start. You're launching something new called Master Creep Theatre and I have a whole bunch of questions. First and foremost, is it theater or theatre? How is that spelled? Which—the E and the R, what direction does that go in?Chloe: Ohh, I feel like it's going to be the R-E because that makes it very fancy and almost British, you know?Corey: Oh, yes. And the Harlequin mask direction it goes in, that entire aesthetic, I love it. Please tell me what it is. I want to know the story of how it came to be, the sheer joy I get from playing games with language alone guarantee I'm going to listen to whatever this is, but please tell me more.Chloe: Oh, my goodness. Okay, so this is one of those creative projects that's been on my back burner forever where I'm like, someday when I have time, I'm going to put all my time [laugh] and energy into this. So, this originally stemmed from—if you don't follow me on Twitter, oftentimes when I'm not tweeting about '90s nostalgia, or Clippy puns, or Microsoft silly throwback things to Windows 95, I get a lot of weird DMs. On every app, not just Twitter. On Instagram, Twitter, LinkedIn, oh my gosh, what else is there?Corey: And I don't want to be clear here just to make this absolutely crystal clear, “Hey, Chloe, do you want to come back on Screaming in the Cloud again?” Is not one of those weird DMs to which you're referring?Chloe: No, that is a good DM. So, people always ask me, “Why don't you just close your DMs?” Because a lot of high profile people on the internet just won't even have their DMs open.Corey: Oh, I understand that, but I'm the same boat. I would have a lot less nonsense, but at the same time, I want—at least in my case—I want people to be able to reach out to me because the only reason I am what I am is that a bunch of people who had no reason to do it did favors for me—Chloe: Yes.Corey: —and I can't ever repay it, I can only ever pay it forward and that is the cost of doing favors. If I can help someone, I will, and that's hard to do with, “My DMs are closed so hunt down my email address and send me an email,” and I'm bad at email.Chloe: Right. I'm terrible at email as well, and I'm also terrible at DMs [laugh]. So, I think a lot of folks don't understand the volume at which I get messages, which if you're a good friend of mine, if you're someone like Corey or a dear friend like Emily, I will tell you, “Hey, if you actually need to get ahold of me, text me.” And text me a couple times because I probably see it and then I have ADHD, so I won't immediately respond. I think I respond in my head but I don't.But I get anywhere from, I would say, ohh, like, 30 on a low day to 100 on a day where I have a viral tweet about getting into tech with a non-traditional background or something like that. And these DMs that I get are really lovely messages like, “Thank you for the work you do,” or, “I decided to do a cute manicure because the [laugh] manicure you posted,” too, “How do I get into tech? How do I get a job at Microsoft?” All kinds of things. It runs the gamut between, “Where's your shirt from?” Where—[laugh]—“What's your mother's maiden name?”But a lot of the messages that I get—and if you're a woman on the internet with any sort of presence, you know how there's that, like—what's it called in Twitter—the Other Messages feature that's like, “Here's the people you know. Here's the people”—the message requests. For the longest time were just, “Hey,” “Hi,” “Hey dear,” “Hi pretty,” “Hi ma'am,” “Hello,” “Love you,” just really weird stuff. And of course, everyone gets these; these are bots or scammers or whatever they may be—or just creeps, like weird—and always the bio—not always but I [laugh] would say, like, these accounts range from either obviously a bot where it's a million different numbers, an account that says, “Father, husband, lover of Jesus Christ and God.” Which is so [laugh] ironic… I'm like, “Why are you in my DMs?”Corey: A man of God, which is why I'm in your DMs being creepy.Chloe: Exactly. Or—Corey: Just like Christ might have.Chloe: And you would be shocked, Corey, at how many. The thing that I love to say is Twitter is not a dating site. Neither is LinkedIn. Neither is Instagram. I post about my boyfriend all the time, who you've met, and we adore Ty Smith, but I've never received any unsolicited images, knock on wood, but I'm always getting these very bait-y messages like, “Hey, beautiful. I want to take you out.” And you would be shocked at how many of these people are doing it from their professional business account. [laugh]. Like, works at AWS, works at Google; it's like, oh my God. [laugh].Corey: You get this under your name, right? It ties back to it. Meanwhile—again, this is one of those invisible areas of privilege that folks who look like me don't have to deal with. My DM graveyard is usually things like random bot accounts, always starting with, “Hi,” or, “Hey.” If you want to guarantee I never respond to you, that is what you say. I just delete those out of hand because I don't notice or care. It is either a bot, or a scam, or someone who can't articulate what they're actually trying to get from me—Chloe: Exactly.Corey: —and I don't have the time for it. Make your request upfront. Don't ask to ask; just ask.Chloe: I think it's important to note, also, that I get a lot of… different kinds of these messages and they try to respond to everyone. I cannot. If I responded to everybody's messages that I got, I just wouldn't have any time to do my job. But the thing that I always say to people—you know, and managers have told me in the past, my boyfriend has encouraged me to do this, is when people say things like, “Close your DMs,” or, “Just ignore them,” I want to have the same experience that everybody else has on the internet. Now, it's going to be a little different, of course, because I look and act and sound like I do, and of course, podcasts are historically a visual medium, so I'm a five-foot-two, white, bright orange-haired girl; I'm a very quirky individual.Corey: Yes, if you look up ‘quirky,' you're right there under the dictionary definition. And every time—like, when we were first hanging out and you mentioned, “Oh yeah, I used to be in theater.” And it's like, “You know, you didn't even have to tell me that, on some level.” Which is not intended to be an insult. It's just theater folks are a bit of a type, and you are more or less the archetype of what a theatre person is, at least to my frame of reference.Chloe: And not only that, but I did musicals, so you can't see the jazz hands now, but–yeah, my degree is in drama. I come from that space and I just, you know, whenever people say, “Just ignore it,” or, “Close your DMs,” I'm like, I want people to be able to reach out to me; I want to be able to message one-on-one with Corey and whoever, when—as needed, and—Corey: Why should I close my DMs?Chloe: Yeah.Corey: They're the ones who suck. Yeah.Chloe: [laugh]. But over the years, to give people a little bit of context, I've been working in tech a long time—I've been working professionally in the DevRel space for about five or six years now—but I've worked in tech a long time, I worked as a recruiter, an office admin, executive assistant, like, I did all of the other areas of tech, but it wasn't until I got a presence on Twitter—which I've only been on Twitter for I think five years; I haven't been on there that long, actively. And to give some context on that, Twitter is not a social media platform used in the theater space. We just use Instagram and Facebook, really, back in the day, I'm not on Facebook at all these days. So, when I discovered Twitter was cool—and I should also mention my boyfriend, Ty, was working at Twitter at the time and I was like, “Twitter's stupid. Who would go on this—[laugh] who uses this app?”Fast-forward to now, I'm like—Ty's like, “Can you please get off Twitter?” But yeah, I think I've just been saving these screenshots over the last five or so years from everything from my LinkedIn, from all the crazy stuff that I dealt with when people thought I was a Bitcoin influencer to people being creepy. One of the highlights that I recently found when I was going back and trying to find these for this series that I'm doing is there was a guy from Australia, DMed me something like, “Hey, beautiful,” or, “Hey, sexy,” something like that. And I called him out. And I started doing this thing where I would post it on Twitter.I would usually hide their image with a clown emoji or something to make it anonymous, or not to call them out, but in this one I didn't, and this guy was defending himself in the comments, and to me in my DM's saying, “Oh, actually, this was a social experiment and I have all the screenshots of this,” right? So, imagine if you will—so I have conversations ranging from things like that where it's like, “Actually I messaged a bunch of people about that because I'm doing a social experiment on how people respond to, ‘Hey beautiful. I'd love to take you out some time in Silicon Valley.'” just the weirdest stuff right? So, me being the professional performer that I am, was like, these are hilarious.And I kept thinking to myself, anytime I would get these messages, I was like, “Does this work?” If you just go up to someone and say, “Hey”—do people meet this way? And of course, you get people on Twitter who when you tweet something like that, they're like, “Actually, I met my boyfriend in Twitter DMs,” or like, “I met my boyfriend because he slid into my DMs on Instagram,” or whatever. But that's not me. I have a boyfriend. I'm not interested. This is not the time or the place.So, it's been one of those things on the back burner for three or four years that I've just always been saving these images to a folder, thinking, “Okay, when I have the time when I have the space, the creative energy and the bandwidth to do this,” and thankfully for everyone I do now, I'm going to do dramatic readings of these DMs with other people in tech, and show—not even just to make fun of these people, but just to show, like, how would this work? What do you expect the [laugh] outcome to be? So Corey, for example, if you were to come on, like, here's a great example. A year ago—this is 2018; we're in 2021 right now—this guy messaged me in December of 2018, and was like, “Hey,” and then was like, “I would love to be your friend.” And I was like, “Nope,” and I responded, “Nope, nope, nope, nope.” There's a thread of this on Twitter. And then randomly, three weeks ago, just sent me this video to the tune of Enrique Iglesias' “Rhythm Divine” of just images of himself. [laugh]. So like, this comedy [crosstalk 00:10:45]—Corey: Was at least wearing pants?Chloe: He is wearing pants. It's very confusing. It's a picture—a lot of group photos, so I didn't know who he was. But in my mind because, you know, I'm an engineer, I'm trying to think through the end-user experience. I'm like, “What was your plan here?”With all these people I'm like, “So, your plan is just to slide into my DMs and woo me with ‘Hey'?” [laugh]. So, I think it'll be really fun to not only just show and call out this behavior but also take submissions from other people in the industry, even beyond tech, really, because I know anytime I tweet an example of this, I get 20 different women going, “Oh, my gosh, you get these weird messages, too?” And I really want to show, like, A, to men how often this happens because like you said, I think a lot of men say, “Just ignore it.” Or, “I don't get anything like that. You must be asking for it.”And I'm like, “No. This comes to me. These people find us and me and whoever else out there gets these messages,” and I'm just really ready to have a laugh at their expense because I've been laughing for years. [laugh].Corey: Back when I was a teenager, I was working in some fast food style job, and one of my co-workers saw customer, walked over to her, and said, “You're beautiful.” And she smiled and blushed. He leaned in and kissed her.Chloe: Ugh.Corey: And I'm sitting there going what on earth? And my other co-worker leaned over and is like, “You do know that's his girlfriend, right?” And I have to feel like, on some level, that is what happened to an awful lot of these broken men out on the internet, only they didn't have a co-worker to lean over and say, “Yeah, they actually know each other.” Which is why we see all this [unintelligible 00:12:16] behavior of yelling at people on the street as they walk past, or from a passing car. Because they saw someone do a stunt like that once and thought, “If it worked for them, it could work for me. It only has to work once.”And they're trying to turn this into a one day telling the grandkids how they met their grandmother. And, “Yeah, I yelled at her from a construction site, and it was love at first ‘Hey, baby.'” That is what I feel is what's going on. I have never understood it. I look back at my dating history in my early 20s, I look back now I'm like, “Ohh, I was not a great person,” but compared to these stories, I was a goddamn prince.Chloe: Yeah.Corey: It's awful.Chloe: It's really wild. And actually, I have a very vivid memory, this was right bef—uh, not right before the pandemic, but probably in 2019. I was speaking on a lot of conferences and events, and I was at this event in San Jose, and there were not a lot of women there. And somehow this other lovely woman—I can't remember her name right now—found me afterwards, and we were talking and she said, “Oh, my God. I had—this is such a weird event, right?”And I was like, “Yeah, it is kind of a weird vibe here.” And she said, “Ugh, so the weirdest thing happened to me. This guy”—it was her first tech conference ever, first of all, so you know—or I think it was her first tech conference in the Bay Area—and she was like, “Yeah, this guy came to my booth. I've been working this booth over here for this startup that I work at, and he told me he wanted to talk business. And then I ended up meeting him, stupidly, in my hotel lobby bar, and it's a date. Like, this guy is taking me out on a date all of a sudden,” and she was like, “And it took me about two minutes to just to be like, you know what? This is inappropriate. I thought this is going to be a business meeting. I want to go.”And then she shows me her hands, Corey, and she has a wedding ring. And she goes, “I'm not married. I have bought five or six different types of rings on Wish App”—or wish.com, which if you've never purchased from Wish before, it's very, kind of, low priced jewelry and toys and stuff of that nature. And she said, “I have a different wedding ring for every occasion. I've got my beach fake wedding ring. I've got my, we-got-married-with-a-bunch-of-mason-jars-in-the-woods fake wedding ring.”And she said she started wearing these because when she did, she got less creepy guys coming up to her at these events. And I think it's important to note, also, I'm not putting it out there at all that I'm interested in men. If anything, you know, I've been [laugh] with my boyfriend for six years never putting out these signals, and time and time again, when I would travel, I was very, very careful about sharing my location because oftentimes I would be on stage giving a keynote and getting messages while I delivered a technical keynote saying, “I'd love to take you out to dinner later. How long are you in town?” Just really weird, yucky, nasty stuff that—you know, and everyone's like, “You should be flattered.”And I'm like, “No. You don't have to deal with this. It's not like a bunch of women are wolf-whistling you during your keynote and asking what your boob size is.” But that's happening to me, and that's an extra layer that a lot of folks in this industry don't talk about but is happening and it adds up. And as my boyfriend loves to remind me, he's like, “I mean, you could stop tweeting at any time,” which I'm not going to do. But the more followers you get, the more inbound you get. So—Corey: Right. And the hell of it is, it's not a great answer because it's closing off paths of opportunity. Twitter has—Chloe: Absolutely.Corey: —introduced me to clients, introduced me to friends, introduced me to certainly an awful lot of podcast guests, and it informs and shapes a lot of the opinions that I hold on these things. And this is an example of what people mean when they talk about privilege. Where, yeah, “Look at Corey”—I've heard someone say once, and, “Nothing was handed to him.” And you're right, to be clear, I did not—like, no one handed me a microphone and said, “We're going to give you a podcast, now.” I had to build this myself.But let's be clear, I had no headwinds of working against me while I did it. There's the, you still have to do things, but you don't have an entire cacophony of shit heels telling you that you're not good enough in a variety of different ways, to subtly reinforcing your only value is the way that you look. There isn't this whole, whenever you get something wrong and it's a, “Oh, well, that's okay. We all get things wrong.” It's not the, “Girls suck at computers,” trope that we see so often.There's a litany of things that are either supportive that work in my favor, or are absent working against me that is privilege that is invisible until you start looking around and seeing it, and then it becomes impossible not to. I know I've talked about this before on the show, but no one listens to everything and I just want to subtly reinforce that if you're one of those folks who will say things like, “Oh, privilege isn't real,” or, “You can have bigotry against white people, too.” I want to be clear, we are not the same. You are not on my side on any of this, and to be very direct, I don't really care what you have to say.Chloe: Yeah. And I mean, this even comes into play in office culture and dynamics as well because I am always the squeaky wheel in the room on these kind of things, but a great example that I'll give is I know several women in this industry who have had issues when they used to travel for conferences of being stalked, people showing up at their hotel rooms, just really inappropriate stuff, and for that reason, a lot of folks—including myself—wouldn't pick the conference event—like, typically they'll be like, “This is the hotel everyone's staying at.” I would very intentionally stay at a different hotel because I didn't want people knowing where I was staying. But I started to notice once a friend of mine, who had an issue with this [unintelligible 00:17:26], I really like to be private about where I'm staying, and sometimes if you're working at a startup or larger company, they'll say, “Hey, everyone put in this Excel spreadsheet or this Google Doc where everyone's staying and how to contact them, and all this stuff.” And I think it's really important to be mindful of these things.I always say to my friends—I'm not going out too much these days because it's a pandemic—and I've done Twitter threads on this before where I never post my location; you will never see me. I got rid of Swarm a couple [laugh] years ago because people started showing up where I was. I posted photos before, you know, “Hey, at the lake right now.” And people have shown up. Dinners, people have recognized me when I've been out.So, I have an espresso machine right over here that my lovely boyfriend got me for my birthday, and someone commented, “Oh, we're just going to act like we don't see someone's reflection in the”—like, people Zoom in on images. I've read stories from cosplayers online who, they look into the reflection of a woman's glasses and can figure out where they are. So, I think there's this whole level. I'm constantly on alert, especially as a woman in tech. And I have friends here in the Bay Area, who have tweeted a photo at a barbecue, and then someone was like, “Hey, I live in the neighborhood, and I recognize the tree.”First of all, don't do that. Don't ever do that. Even if you think you're a nice, unassuming guy or girl or whatever, don't ever [laugh] do that. But I very intentionally—people get really confused, my friends specifically. They're like, “Wait a second, you're in Hawaii right now? I thought you were in Hawaii three weeks ago.” And I'm like, “I was. I don't want anyone even knowing what island or continent I'm on.”And that's something that I think about a lot. When I post photo—I never post any photos from my window. I don't want people knowing what my view is. People have figured out what neighborhood I live in based on, like, “I know where that graffiti is.” I'm very strategic about all this stuff, and I think there's a lot of stuff that I want to share that I don't share because of privacy issues and concerns about my safety. And also want to say and this is in my thread on online safety as well is, don't call out people's locations if you do recognize the image because then you're doxxing them to everyone like, “Oh”—Corey: I've had a few people do that in response to pictures I've posted before on a house, like, “Oh, I can look at this and see this other thing and then intuit where you are.” And first, I don't have that sense of heightened awareness on this because I still have this perception of myself as no one cares enough to bother, and on the other side, by calling that out in public. It's like, you do not present yourself well at all. In fact, you make yourself look an awful lot like the people that we're warned about. And I just don't get that.I have some of these concerns, especially as my audience has grown, and let's be very clear here, I antagonize trillion-dollar companies for a living. So, first if someone's going to have me killed, they can find where I am. That's pretty easy. It turns out that having me whacked is not even a rounding error on most of these companies' budgets, unfortunately. But also I don't have that level of, I guess, deranged superfan. Yet.But it happens in the fullness of time, as people's audiences continue to grow. It just seems an awful lot like it happens at much lower audience scale for folks who don't look like me. I want to be clear, this is not a request for anyone listening to this, to try and become that person for me, you will get hosed, at minimum. And yes, we press charges here.Chloe: AWSfan89, sliding into your DMs right after this. Yeah, it's also just like—I mean, I don't want to necessarily call out what company this was at, but personally, I've been in situations where I've thrown an event, like a meetup, and I'm like, “Hey, everyone. I'm going to be doing ‘Intro to blah, blah, blah' at this time, at this place.” And three or four guys would show up, none of them with computers. It was a freaking workshop on how to do or deploy something, or work with an API.And when I said, “Great, so why'd you guys come to this session today?” And maybe two have iPads, one just has a notepad, they're like, “Oh, I just wanted to meet you from Twitter.” And it's like, okay, that's a little disrespectful to me because I am taking time out to do this workshop on a very technical thing that I thought people were coming here to learn. And this isn't the Q&A. This is not your meet-and-greet opportunity to meet Chloe Condon, and I don't know why you would, like, I put so much of my life online [laugh] anyway.But yeah, it's very unsettling, and it's happened to me enough. Guys have shown up to my events and given me gifts. I mean, I'm always down for a free shirt or something, but it's one of those things that I'm constantly aware of and I hate that I have to be constantly aware of, but at the end of the day, my safety is the number one priority, and I don't want to get murdered. And I've tweeted this out before, our friend Emily, who's similarly a lady on the internet, who works with my boyfriend Ty over at Uber, we have this joke that's not a joke, where we say, “Hey if I'm murdered, this is who it was.” And we'll just send each other screenshots of creepy things that people either tag us in, or give us feedback on, or people asking what size shirt we are. Just, wiki feed stuff, just really some of the yucky of the yuck out there.And I do think that unless you have a partner, or a family member, or someone close enough to you to let you know about these things—because I don't talk about these things a lot other than my close friends, and maybe calling out a weirdo here and there in public, but I don't share the really yucky stuff. I don't share the people who are asking what neighborhood I live in. I'm not sharing the people who are tagging me, like, [unintelligible 00:22:33], really tagging me in some nasty TikToks, along with some other women out there. There are some really bad actors in this community and it is to the point where Emily and I will be like, “Hey, when you inevitably have to solve my murder, here's the [laugh] five prime suspects.” And that sucks. That's [unintelligible 00:22:48] joke; that isn't a joke, right? I suspect I will either die in an elevator accident or one of my stalkers will find me. [laugh].Corey: It's easy for folks to think, oh, well, this is a Chloe problem because she's loud, she's visible, she's quirky, she's different than most folks, and she brings it all on herself, and this is provably not true. Because if you talk to, effectively, any woman in the world in-depth about this, they all have stories that look awfully similar to this. And let me forestall some of the awful responses I know I'm going to get. And, “Well, none of the women I know have had experiences like this,” let me be very clear, they absolutely have, but for one reason or another, they either don't see the need, or don't see the value, or don't feel safe talking to you about it.Chloe: Yeah, absolutely. And I feel a lot of privilege, I'm very lucky that my boyfriend is a staff engineer at Uber, and I have lots of friends in high places at some of these companies like Reddit that work with safety and security and stuff, but oftentimes, a lot of the stories or insights or even just anecdotes that I will give people on their products are invaluable insights to a lot of these security and safety teams. Like, who amongst us, you know, [laugh] has used a feature and been like, “Wait a second. This is really, really bad, and I don't want to tweet about this because I don't want people to know that they can abuse this feature to stalk or harass or whatever that may be,” but I think a lot about the people who don't have the platform that I have because I have 50k-something followers on Twitter, I have a pretty big online following in general, and I have the platform that I do working at Microsoft, and I can tweet and scream and be loud as I can about this. But I think about the folks who don't have my audience, the people who are constantly getting harassed and bombarded, and I get these DMs all the time from women who say, “Thank you so much for doing a thread on this,” or, “Thank you for talking about this,” because people don't believe them.They're just like, “Oh, just ignore it,” or just, “Oh, it's just one weirdo in his basement, like, in his mom's basement.” And I'm like, “Yeah, but imagine that but times 40 in a week, and think about how that would make you rethink your place and your position in tech and even outside of tech.” Let's think of the people who don't know how this technology works. If you're on Instagram at all, you may notice that literally not only every post, but every Instagram story that has the word COVID in it, has the word vaccine, has anything, and they must be using some sort of cognitive scanning type thing or scanning the images themselves because this is a feature that basically says, hey, this post mentioned COVID in some way. I think if you even use the word mask, it alerts this.And while this is a great feature because we all want accurate information coming out about the pandemic, I'm like, “Wait a minute. So, you're telling me this whole time you could have been doing this for all the weird things that I get into my DMs, and people post?” And, like, it just shows you, yes, this is a global pandemic. Yes, this is something that affects everyone. Yes, it's important we get information out about this, but we can be using these features in much [laugh] more impactful ways that protects people's safety, that protects people's ability to feel safe on a platform.And I think the biggest one for me, and I make a lot of bots; I make a lot of Twitter bots and chatbots, and I've done entire series on this about ethical bot creation, but it's so easy—and I know this firsthand—to make a Twitter account. You can have more than one number, you can do with different emails. And with Instagram, they have this really lovely new feature that if you block someone, it instantly says, “You just blocked so and so. Would you like to block any other future accounts they make?” I mean, seems simple enough, right?Like, anything related—maybe they're doing it by email, or phone number, or maybe it's by IP, but like, that's not being done on a lot of these platforms, and it should be. I think someone mentioned in one of my threads on safety recently that Peloton doesn't have a block user feature. [laugh]. They're probably like, “Well, who's going to harass someone on Peloton?” It would happen to me. If I had a Peloton, [laugh] I assure you someone would find a way to harass me on there.So, I always tell people, if you're working at a company and you're not thinking about safety and harassment tools, you probably don't have anybody LGBTQ+ women, non-binary on your team, first of all, and you need to be thinking about these things, and you need to be making them a priority because if users can interact in some way, they will stalk, harass, they will find some way to misuse it. It seems like one of those weird edge cases where it's like, “Oh, we don't need to put a test in for that feature because no one's ever going to submit, like, just 25 emojis.” But it's the same thing with safety. You're like, who would harass someone on an app about bubblegum? One of my followers were. [laugh].Corey: This episode is sponsored by our friends at Oracle HeatWave is a new high-performance accelerator for the Oracle MySQL Database Service. Although I insist on calling it “my squirrel.” While MySQL has long been the worlds most popular open source database, shifting from transacting to analytics required way too much overhead and, ya know, work. With HeatWave you can run your OLTP and OLAP, don't ask me to ever say those acronyms again, workloads directly from your MySQL database and eliminate the time consuming data movement and integration work, while also performing 1100X faster than Amazon Aurora, and 2.5X faster than Amazon Redshift, at a third of the cost. My thanks again to Oracle Cloud for sponsoring this ridiculous nonsense.Corey: The biggest question that doesn't get asked that needs to be in almost every case is, “Okay. We're building a thing, and it's awesome. And I know it's hard to think like this, but pivot around. Theoretically, what could a jerk do with it?”Chloe: Yes.Corey: When you're designing it, it's all right, how do you account for people that are complete jerks?Chloe: Absolutely.Corey: Even the cloud providers, all of them, when the whole Parler thing hit, everyone's like, “Oh, Amazon is censoring people for freedom of speech.” No, they're actually not. What they're doing is enforcing their terms of service, the same terms of service that every provider that is not trash has. It is not a problem that one company decided they didn't want hate speech on their platform. It was all the companies decided that, except for some very fringe elements. And that's the sort of thing you have to figure out is, it's easy in theory to figure out, oh, anything goes; freedom of speech. Great, well, some forms of speech violate federal law.Chloe: Right.Corey: So, what do you do then? Where do you draw the line? And it's always nuanced and it's always tricky, and the worst people are the folks that love to rules-lawyer around these things. It gets worse than that where these are the same people that will then sit there and make bad faith arguments all the time. And lawyers have a saying that hard cases make bad law.When you have these very nuanced thing, and, “Well, we can't just do it off the cuff. We have to build a policy around this.” This is the problem with most corporate policies across the board. It's like, you don't need a policy that says you're not allowed to harass your colleagues with a stick. What you need to do is fire the jackwagon that made you think you might need a policy that said that.But at scale, that becomes a super-hard thing to do when every enforcement action appears to be bespoke. Because there are elements on the gray areas and the margins where reasonable people can disagree. And that is what sets the policy and that's where the precedent hits, and then you have these giant loopholes where people can basically be given free rein to be the worst humanity has to offer to some of the most vulnerable members of our society.Chloe: And I used to give this talk, I gave it at DockerCon one year and I gave it a couple other places, that was literally called “Diversity is not Equal to Stock Images of Hands.” And the reason I say this is if you Google image search ‘diversity' it's like all of those clip arts of, like, Rainbow hands, things that you would see at Kaiser Permanente where it's like, “We're all in this together,” like, the pandemic, it's all just hands on hands, hands as a Earth, hands as trees, hands as different colors. And people get really annoyed with people like me who are like, “Let's shut up about diversity. Let's just hire who's best for the role.” Here's the thing.My favorite example of this—RIP—is Fleets—remember Fleets? [laugh]—on Twitter, so if they had one gay man in the room for that marketing, engineering—anything—decision, one of them I know would have piped up and said, “Hey, did you know ‘fleets' is a commonly used term for douching enima in the gay community?” Now, I know that because I watch a lot of Ru Paul's Drag Race, and I have worked with the gay community quite a bit in my time in theater. But this is what I mean about making sure. My friend Becca who works in security at safety and things, as well as Andy Tuba over at Reddit, I have a lot of conversations with my friend Becca Rosenthal about this, and that, not to quote Hamilton, but if I must, “We need people in the room where it happens.”So, if you don't have these people in the room if you're a white man being like, “How will our products be abused?” Your guesses may be a little bit accurate but it was probably best to, at minimum, get some test case people in there from different genders, races, backgrounds, like, oh my goodness, get people in that room because what I tend to see is building safety tools, building even product features, or naming things, or designing things that could either be offensive, misused, whatever. So, when people have these arguments about like, “Diversity doesn't matter. We're hiring the best people.” I'm like, “Yeah, but your product's going to be better, and more inclusive, and represent the people who use it at the end of the day because not everybody is you.”And great examples of this include so many apps out there that exists that have one work location, one home location. How many people in the world have more than one job? That's such a privileged view for us, as people in tech, that we can afford to just have one job. Or divorced parents or whatever that may be, for home location, and thinking through these edge cases and thinking through ways that your product can support everyone, if anything, by making your staff or the people that you work with more diverse, you're going to be opening up your product to a much bigger marketable audience. So, I think people will look at me and be like, “Oh, Chloe's a social justice warrior, she's this feminist whatever,” but truly, I'm here saying, “You're missing out on money, dude.” It would behoove you to do this at the end of the day because your users aren't just a copy-paste of some dude in a Patagonia jacket with big headphones on. [laugh]. There are people beyond one demographic using your products and applications.Corey: A consistent drag against Clubhouse since its inception was that it's not an accessible app for a variety of reasons that were—Chloe: It's not an Android. [laugh].Corey: Well, even ignoring the platform stuff, which I get—technical reasons, et cetera, yadda, yadda, great—there is no captioning option. And a lot of their abuse stuff in the early days was horrific, where you would get notifications that a lot of people had this person blocked, but… that's not a helpful dynamic. “Did you talk to anyone? No, of course not. You Hacker News'ed it from first principles and thought this might be a good direction to go in.” This stuff is hard.People specialize in this stuff, and I've always been an advocate of when you're not sure what to do in an area, pay an expert for advice. All these stories about how people reach out to, “Their black friend”—and yes, it's a singular person in many cases—and their black friend gets very tired of doing all the unpaid emotional labor of all of this stuff. Suddenly, it's not that at all if you reach out to someone who is an expert in this and pay them for their expertise. I don't sit here complaining that my clients pay me to solve AWS billing problems. In fact, I actively encourage that behavior. Same model.There are businesses that specialize in this, they know the area, they know the risks, they know the ins and outs of this, and consults with these folks are not break the bank expensive compared to building the damn thing in the first place.Chloe: And here's a great example that literally drove me bananas a couple weeks ago. So, I don't know if you've participated in Twitter Spaces before, but I've done a couple of my first ones recently. Have you done one yet—Corey: Oh yes—Chloe: —Corey?Corey: —extensively. I love that. And again, that's a better answer for me than Clubhouse because I already have the Twitter audience. I don't have to build one from scratch on another platform.Chloe: So, I learned something really fascinating through my boyfriend. And remember, I mentioned earlier, my boyfriend is a staff engineer at Uber. He's been coding since he's been out of the womb, much more experienced than me. And I like to think a lot about, this is accessible to me but how is this accessible to a non-technical person? So, Ty finished up the Twitter Space that he did and he wanted to export the file.Now currently, as the time of this podcast is being recorded, the process to export a Twitter Spaces audio file is a nightmare. And remember, staff engineer at Uber. He had to export his entire Twitter profile, navigate through a file structure that wasn't clearly marked, find the recording out of the multiple Spaces that he had hosted—and I don't think you get these for ones that you've participated in, only ones that you've hosted—download the file, but the file was not a normal WAV file or anything; he had to download an open-source converter to play the file. And in total, it took him about an hour to just get that file for the purposes of having that recording. Now, where my mind goes to is what about some woman who runs a nonprofit in the middle of, you know, Sacramento, and she does a community Twitter Spaces about her flower shop and she wants a recording of that.What's she going to do, hire some third-party? And she wouldn't even know where to go; before I was in tech, I certainly would have just given up and been like, “Well, this is a nightmare. What do I do with this GitHub repo of information?” But these are the kinds of problems that you need to think about. And I think a lot of us and folks who listen to this show probably build APIs or developer tools, but a lot of us do work on products that muggles, non-technical people, work on.And I see these issues happen constantly. I come from this space of being an admin, being someone who wasn't quote-unquote, “A techie,” and a lot of products are just not being thought through from the perspective—like, there would be so much value gained if just one person came in and tested your product who wasn't you. So yeah, there's all of these things that I think we have a very privileged view of, as technical folks, that we don't realize are huge. Not even just barrier to entry; you should just be able to download—and maybe this is a feature that's coming down the pipeline soon, who knows, but the fact that in order for someone to get a recording of their Twitter Spaces is like a multi-hour process for a very, very senior engineer, that's the problem. I'm not really sure how we solve this.I think we just call it out when we see it and try to help different companies make change, which of course, myself and my boyfriend did. We reached out to people at Twitter, and we're like, “This is really difficult and it shouldn't be.” But I have that privilege. I know people at these companies; most people do not.Corey: And in some cases, even when you do, it doesn't move the needle as much as you might wish that it would.Chloe: If it did, I wouldn't be getting DMs anymore from creeps right? [laugh].Corey: Right. Chloe, thank you so much for coming back and talk to me about your latest project. If people want to pay attention to it and see what you're up to. Where can they go? Where can they find you? Where can they learn more? And where can they pointedly not audition to be featured on one of the episodes of Master Creep Theatre?Chloe: [laugh]. So, that's the one caveat, right? I have to kind of close submissions of my own DMs now because now people are just going to be trolling me and sending me weird stuff. You can find me on Twitter—my name—at @chloecondon, C-H-L-O-E-C-O-N-D-O-N. I am on Instagram as @getforked, G-I-T-F-O-R-K-E-D. That's a Good Placepun if you're non-technical; it is an engineering pun if you are. And yeah, I've been doing a lot of fun series with Microsoft Reactor, lots of how to get a career in tech stuff for students, building a lot of really fun AI/ML stuff on there. So, come say hi on one of my many platforms. YouTube, too. That's probably where—Master Creep Theatre is going to be, on YouTube, so definitely follow me on YouTube. And yeah.Corey: And we will, of course, put links to that in the [show notes 00:37:57]. Chloe, thank you so much for taking the time to speak with me. I really appreciate it, as always.Chloe: Thank you. I'll be back for episode three soon, I'm sure. [laugh].Corey: Let's not make it another couple of years until then. Chloe Condon, senior cloud advocate at Microsoft on the Next Generation Experiences Team, also chlo-host of the Master Creep Theatre podcast. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with a comment saying simply, “Hey.”Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Links: Entirely optional for attackers: https://osamaelnaggar.com/blog/aws_waf_dangerous_defaults/ Worst Case: https://www.tbray.org/ongoing/When/202x/2021/10/08/The-WOrst-Case Are looking to change that: https://www.theregister.com/2021/10/11/cyan_zero_day_legislative_project/ Introducing Security at the Edge: https://aws.amazon.com/blogs/security/introducing-the-security-at-the-edge-core-principles-whitepaper/ Password reuse: https://www.hypr.com/password-reuse/ TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it's nobody in particular's job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate. Is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter. Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other; which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at honeycomb.io/screaminginthecloud observability; it's more than just hipster monitoring.Corey: I must confess, I didn't expect to see an unpatched AWS vulnerability being fodder for this podcast so early in the security lifespan here, but okay. Yes, yes, before I get letters, it's not a vulnerability as AWS would define it, but it's a pretty crappy default that charges customers money while giving them a false sense of security.Past that, it's going to be a short podcast this week, and that's just fine by me because the point of it is, “The things you should know as someone who has to care about security.” On slow news weeks like last week that means I'm not here to give you pointless filler. Onward.Now, AWS WAF is expensive and apparently, as configured by default, entirely optional for attackers. Only the first 8KB of a request are inspected by default. That means that any malicious payload that starts after the 8KB limit in a POST request will completely bypass AWS WAF unless you've explicitly added a rule to block any POST request greater than 8KB in size, which you almost assuredly have not done. Even their managed rule that addresses size limits only kicks in at 10KB. This is—as the kids say—less than ideal.I had a tweet recently that talked about the horror of us-east-1 being globally unavailable for ages. Tim Bray took this and ran with the horrifying concept in a post he called, “Worst Case.” It's really worth considering things like this when it comes to disaster and continuity planning. How resilient are our apps and infrastructure really when all is said and done? What dependencies do we take on third parties who in turn rely on the same infrastructure that we're trying to guard against failure from?An unfortunate reality is that many cybersecurity researchers don't have much in the way of legal protections; some folks are looking to change that through legislation. Here's some good advice: if a security researcher reports a vulnerability to you or your company in good faith, perhaps not acting like a raging jackhole is an option that's on the table. Bug bounties are hilariously small; they could make many times as much money by selling vulnerabilities to the highest bidder. Instead they're reporting bugs to you in good faith. Word spreads. If you're a hassle to deal with, other researchers won't report things to you in the future. “Be a nice person,” is surprisingly undervalued when it comes to keeping yourself and your company out of trouble.Now, only one interesting thing came out of the mouth of AWS horse last week in a security context, and it's a Core Principles whitepaper: “Introducing Security at the Edge.” Setting aside entirely the fact that neither contributor to this has the job title of “EdgeLord,” I like it. Rather than focusing on specific services—although of course there's some of that because vendors are going to vendor—it emphasizes how to think about the various considerations of edge locations that aren't deep within hardened data centers. “How should I think about this problem,” is the kind of question that really deserves to be asked a lot more than it is.and lastly, let's end up with a tip of the week. If you have a multi-cloud anything, ensure that credentials are not shared between two cloud providers. I'm talking about passwords, keys, et cetera. This is a step beyond the standard password reuse warning of not using the same password for multiple accounts. Think it through; if one of your providers happens to be Azure, and they Azure up the security yet again, you really don't want that to grant an attacker or other random Azure customers access to your AWS account as well, do you? I thought not.Corey: This episode is sponsored in part by Liquibase. If you're anything like me, you've screwed up the database part of a deployment so severely that you've been banned from ever touching anything that remotely sounds like SQL at least three different companies. We've mostly got code deployment solved for, but when it comes to databases, we basically rely on desperate hope, with a rollback plan of keeping our resumes up to date. It doesn't have to be that way. Meet Liquibase. It's both an open-source project and a commercial offering. Liquibase lets you track, modify, and automate database schema changes across almost any database, with guardrails that ensure you'll still have a company left after you deploy the change. No matter where your database lives, Liquibase can help you solve your database deployment issues. Check them out today at liquibase.com. Offer does not apply to Route 53.Corey: And that is what happened last week in AWS security. I have been your host, Corey Quinn, and if you remember nothing else, it's that when you don't get what you want, you get experience instead. Let my experience guide you with the things you need to know in the AWS security world, so you can get back to doing your actual job. Thank you for listening to the AWS Morning Brief: Security Edition with the latest in AWS security that actually matters. Please follow AWS Morning Brief on Apple Podcast, Spotify, Overcast—or wherever the hell it is you find the dulcet tones of my voice—and be sure to sign up for the Last Week in AWS newsletter at lastweekinaws.com.Announcer: This has been a HumblePod production. Stay humble.

Rohan and Phil chat with Dan from the USA to learn about MySensors and how they can be used with Home Assistant For complete show notes and more information about the topics discussed in this episode, be sure to check the notes at https://hasspodcast.io/ha096/ This episode was made possible thanks to our sponsor Home Assistant Cloud by Nabu Casa Easily connect to Google and Amazon voice assistants for a small monthly fee that also supports the Home Assistant project. Configuration is via the User Interface so no fiddling with router settings, dynamic DNS or YAML. Website: https://nabucasa.com Special thanks to todays guest Dan Carter ----- Hosts ----- Phil Hawthorne Website: https://philhawthorne.com Smart Home Products: https://kit.co/philhawthorne Twitter: https://twitter.com/philhawthorne Buy Phil a Coffee: https://buymeacoff.ee/philhawthorne Rohan Karamandi Website: https://karamandi.com Smart Home Products: https://kit.co/rkaramandi/ Twitter: https://twitter.com/rohank9 Buy Rohan a Coffee: https://buymeacoff.ee/rkaramandi

About NickNick Heudecker leads market strategy and competitive intelligence at Cribl, the observability pipeline company. Prior to Cribl, Nick spent eight years as an industry analyst at Gartner, covering data and analytics. Before that, he led engineering and product teams at multiple startups, with a bias towards open source software and adoption, and served as a cryptologist in the US Navy. Join Corey and Nick as they discuss the differences between observability and monitoring, why organizations struggle to get value from observability data, why observability requires new data management approaches, how observability pipelines are creating opportunities for SRE and SecOps teams, the balance between budgets and insight, why goats are the world's best mammal, and more.Links: Cribl: https://cribl.io/ Cribl Community: https://cribl.io/community Twitter: https://twitter.com/nheudecker Try Cribl hosted solution: https://cribl.cloud TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It's an awesome approach. I've used something similar for years. Check them out. But wait, there's more. They also have an enterprise option that you should be very much aware of canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It's awesome. If you don't do something like this, you're likely to find out that you've gotten breached, the hard way. Take a look at this. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That's canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I'm a big fan of this. More from them in the coming weeks.Corey: This episode is sponsored in part by our friends at Jellyfish. So, you're sitting in front of your office chair, bleary eyed, parked in front of a powerpoint and—oh my sweet feathery Jesus its the night before the board meeting, because of course it is! As you slot that crappy screenshot of traffic light colored excel tables into your deck, or sift through endless spreadsheets looking for just the right data set, have you ever wondered, why is it that sales and marketing get all this shiny, awesome analytics and inside tools? Whereas, engineering basically gets left with the dregs. Well, the founders of Jellyfish certainly did. That's why they created the Jellyfish Engineering Management Platform, but don't you dare call it JEMP! Designed to make it simple to analyze your engineering organization, Jellyfish ingests signals from your tech stack. Including JIRA, Git, and collaborative tools. Yes, depressing to think of those things as your tech stack but this is 2021. They use that to create a model that accurately reflects just how the breakdown of engineering work aligns with your wider business objectives. In other words, it translates from code into spreadsheet. When you have to explain what you're doing from an engineering perspective to people whose primary IDE is Microsoft Powerpoint, consider Jellyfish. Thats Jellyfish.co and tell them Corey sent you! Watch for the wince, thats my favorite part.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted episode is a bit fun because I'm joined by someone that I have a fair bit in common with. Sure, I moonlight sometimes as an analyst because I don't really seem to know what that means, and he spent significant amounts of time as a VP analyst at Gartner. But more importantly than that, a lot of the reason that I am the way that I am is that I spent almost a decade growing up in Maine, and in Maine, there's not a lot to do other than sit inside for the nine months of winter every year and develop personality problems.You've already seen what that looks like with me. Please welcome Nick Heudecker, who presumably will disprove that, but maybe not. He is currently a senior director of market strategy and competitive intelligence at Cribl. Nick, thanks for joining me.Nick: Thanks for having me. Excited to be here.Corey: So, let's start at the very beginning. I like playing with people's titles, and you certainly have a lofty one. ‘competitive intelligence' feels an awful lot like jeopardy. What am I missing?Nick: Well, I'm basically an internal analyst at the company. So, I spend a lot of time looking at the broader market, seeing what trends are happening out there; looking at what kind of thought leadership content that I can create to help people discover Cribl, get interested in the products and services that we offer. So, I'm mostly—you mentioned my time in Maine. I was a cryptologist in the Navy and I spent almost all of my time focused on what the bad guys do. And in this job, I focus on what our potential competitors do in the market. So, I'm very externally focused. Does that help? Does that explain it?Corey: No, it absolutely does. I mean, you folks have been sponsoring our nonsense for which we thank you, but the biggest problem that I have with telling the story of Cribl was that originally—initially it was, from my perspective, “What is this hokey nonsense?” And then I learned and got an answer and then finish the sentence with, “And where can I buy it?” Because it seems that the big competitive threat that you have is something crappy that some rando sysadmin has cobbled together. And I say that as the rando sysadmin, who has cobbled a lot of things like that together. And it's awful. I wasn't aware you folks had direct competitors.Nick: Today we don't. There's a couple that it might be emerging a little bit, but in general, no, it's mostly us, and that's what I analyze every day. Are there other emerging companies in the space? Are there open-source projects? But you're right, most of the things that we compete against are DIY today. Absolutely.Corey: In your previous role, which you were at for a very long time in tech terms—which in a lot of other cases is, “Okay, that doesn't seem that long,” but seven and a half years is a respectable stint at a company. And you were at Gartner doing a number of analyst-like activities. Let's start at the beginning because I assure you, I'm asking this purely for the audience and not because I don't know the answer myself, but what exactly is the purpose of an analyst firm, of which Gartner is the most broadly known and, follow up, why do companies care what Gartner thinks?Nick: Yeah. It's a good question, one that I answer a lot. So, what is the purpose of an analyst firm? The purpose of an analyst firm is to get impartial information about something, whether that is supply chain technology, big data tech, human resource management technologies. And it's often difficult if you're an end-user and you're interested in say, acquiring a new piece of technology, what really works well, what doesn't.And so the analyst firm because in the course of a given year, I would talk to nearly a thousand companies and both end-users and vendors as well as investors about what they're doing, what challenges they're having, and I would distill that down into 30-minute conversations with everyone else. And so we provided impartial information in aggregate to people who just wanted to help. And that's the purpose of an analyst firm. Your second question, why do people care? Well, I didn't get paid by vendors.I got paid by the company that I worked for, and so I got to be Tron; I fought for the users. And because I talk to so many different companies in different geographies, in different industries, and I share that information with my colleagues, they shared with me, we had a very robust understanding of what's actually happening in any technology market. And that's uncommon kind of insight to really have in any kind of industry. So, that's the purpose and that's why people care.Corey: It's easy from the engineering perspective that I used to inhabit to make fun of it. It's oh, it's purely justification when you're making a big decision, so if it goes sideways—because find me a technology project that doesn't eventually go sideways—I want to be able to make sure that I'm not the one that catches heat for it because Gartner said it was good. They have an amazing credibility story going on there, and I used to have that very dismissive perspective. But the more I started talking to folks who are Gartner customers themselves and some of the analyst-style things that I do with a variety of different companies, it's turned into, “No, no. They're after insight.”Because it turns out, from my perspective at least, the more that you are focused on building a product that solves a problem, you sort of lose touch with the broader market because the only people you're really talking to are either in your space or have already acknowledged and been right there and become your customer and have been jaded to see things from your point of view. Getting a more objective viewpoint from an impartial third party does have value.Nick: Absolutely. And I want you to succeed, I want you to be successful, I want to carry on a relationship with all the clients that I would speak with, and so one of the fun things I would always ask is, “Why are you asking me this question now?” Sometimes it would come in, they'd be very innocuous;, “Compare these databases,” or, “Compare these cloud services.” “Well, why are you asking?” And that's when you get to, kind of like, the psychology of it.“Oh, we just hired a new CIO and he or she hates vendor X, so we have to get rid of it.” “Well, all right. Let's figure out how we solve this problem for you.” And so it wasn't always just technology comparisons. Technology is easy, you write a check and you hope for the best.But when you're dealing with large teams and maybe a globally distributed company, it really comes down to culture, and personality, and all the harder factors. And so it was always—those were always the most fun and certainly the most challenging conversations to have.Corey: One challenge that I find in this space is—in my narrow niche of the world where I focus on AWS bills, where things are extraordinarily yes or no, black or white, binary choices—that I talked to companies, like during the pandemic, and they were super happy that, “Oh, yeah. Our infrastructure has auto-scaling and it works super well.” And I look at the bill and the spend graph over time is so flat you could basically play a game of pool on top of it. And I don't believe that I'm talking to people who are lying to me. I truly don't believe that people make that decision, but what they believe versus what is evidenced in reality are not necessarily congruent. How do you disambiguate from the stories that people want to tell about themselves? And what they're actually doing?Nick: You have to unpack it. I think you have to ask a series of questions to figure out what their motivation is. Who else is on the call, as well? I would sometimes drop into a phone call and there would be a dozen people on the line. Those inquiry calls would go the worst because everyone wants to stake a claim, everyone wants to be heard, no one's going to be honest with you or with anyone else on the call.So, you typically need to have a pretty personal conversation about what does this person want to accomplish, what does the company want to accomplish, and what are the factors that are pushing against what those things are? It's like a novel, right? You have a character, the character wants to achieve something, and there are multiple obstacles in that person's way. And so by act five, ideally everything wraps up and it's perfect. And so my job is to get the character out of the tree that is on fire and onto the beach where the person can relax.So, you have to unpack a lot of different questions and answers to figure out, well, are they telling me what their boss wants to hear or are they really looking for help? Sometimes you're successful, sometimes you're not. Not everyone does want to be open and honest. In other cases, you would have a team show up to a call with maybe a junior engineer and they really just want you to tell them that the junior engineer's architecture is not a good idea. And so you do a lot of couples therapy as well. I don't know if this is really answering the question for you, but there are no easy answers. And people are defensive, they have biases, companies overall are risk-averse. I think you know this.Corey: Oh, yeah.Nick: And so it can be difficult to get to the bottom of what their real motivation is.Corey: My approach has always been that if you want serious data, you go talk to Gartner. If you want [anec-data 00:09:48] and some understanding, well, maybe we can have that conversation, but they're empowering different decisions at different levels, and that's fine. To be clear, I do not consider Gartner to be a competitor to what I do in any respect. It turns out that I am not very good at drawing charts in varying shades of blue and positioning things just so with repeatable methodology, and they're not particularly good at having cartoon animals as their mascot that they put into ridiculous situations. We each have our portion of the universe, and that's working out reasonably well.Nick: Well, and there's also something to unpack there as well because I would say that people look at Gartner and they think they have a lot of data. To a certain degree they do, but a lot of it is not quantifiable data. If you look at a firm like IDC, they specialize in—like, they are a data house; that is what they do. And so their view of the world and how they advise their clients is different. So, even within analyst firms, there is differentiation in what approach they take, how consultative they might be with their clients, one versus another. So, there certainly are differences that you could find the more exposure you get into the industry.Corey: For a while, I've been making a recurring joke that Route 53—Amazon's managed DNS service—is in fact a database. And then at some point, I saw a post on Reddit where someone said, “Yeah, I see the joke and it's great, but why should I actually not do this?” At which point I had to jump in and say, “Okay, look. Jokes are all well and good, but as soon as people start taking me seriously, it's very much time to come clean.” Because I think that's the only ethical and responsible thing to do in this ecosystem.Similarly, there was another great joke once upon a time. It was an April Fool's Day prank, and Google put out a paper about this thing they called MapReduce. Hilarious prank that Yahoo fell for hook, line, and sinker, and wound up building Hadoop out of it and we're still paying the price for that, years later. You have a bit of a reputation from your time at Gartner as being—and I quote—“The man who killed Hadoop.” What happened there? What's the story? And I appreciate your finally making clear to the rest of us that it was, in fact, a joke. What happened there?Nick: Well, one of the pieces of research that Gartner puts out every year is this thing called a Hype Cycle. And we've all seen it, it looks like a roller coaster in profile; big mountain goes up really high and then comes down steeply, drops into a valley, and then—Corey: ‘the trough of disillusionment,' as I recall.Nick: Yes, my favorite. And then plateaus out. And one of the profiles on that curve was Hadoop distributions. And after years of taking inquiry calls, and writing documents, and speaking with everybody about what they were doing, we realized that this really isn't taking off like everyone thinks it is. Cluster sizes weren't getting bigger, people were having a lot of challenges with the complexity, people couldn't find skills to run it themselves if they wanted to.And then the cloud providers came in and said, “Well, we'll make a lot of this really simple for you, and we'll get rid of HDFS,” which is—was a good idea, but it didn't really scale well. I think that the challenge of having to acquire computers with compute storage and memory again, and again, and again, and again, just was not sustainable for the majority of enterprises. And so we flagged it as this will be obsolete before plateau. And at that point, we got a lot of hate mail, but it just seemed like the right decision to make, right? Once again, we're Tron; we fight for the users.And that seemed like the right advice and direction to provide to the end-users. And so didn't make a lot of friends, but I think I was long-term right about what happened in the Hadoop space. Certainly, some fragments of it are left over and we're still seeing—you know, Spark is going strong, there's a lot of Hive still around, but Hadoop as this amalgamation of open-source projects, I think is effectively dead.Corey: I sure hope you're right. I think it has a long tail like most things that are there. Legacy is the condescending engineering term for ‘it makes money.' You were at Gartner for almost eight years and then you left to go work at Cribl. What triggered that? What was it that made you decide, “This is great. I've been here a long time. I've obviously made it work for me. I'm going to go work at a startup that apparently, even though it recently raised a $200 million funding round”—congratulations on that, by the way—“It still apparently can't afford to buy a vowel in its name.” That's C-R-I-B-L because, of course, it is. Maybe another consonant, while you're shopping. But okay, great. It's oddly spelled, it is hard to explain in some cases, to folks who are not already feeling pain in that space. What was it that made you decide to sit up and, “All right, this is where I want to be?”Nick: Well, I met the co-founders when I was an analyst. They were working at Splunk and oddly enough—this is going to be an interesting transition compared to the previous thing we talked about—they were working on Hunk, which was, let's use HDFS to store Splunk data. Made a lot of sense, right? It could be much more cost-effective than high-cost infrastructure for Splunk. And so they told me about this; I was interested.And so I met the co-founders and then I reconnected with them after they left and formed Cribl. And I thought the story was really cool because where they're sitting is between sources and destinations of observability data. And they were solving a problem that all of my customers had, but they couldn't resolve. They would try and build it themselves. They would look at—Kafka was a popular choice, but that had some challenges for observability data—works fantastically well for application data.And they were just—had a very pragmatic view of the world that they were inhabiting and the problem that they were looking to solve. And it looked kind of like a no-brainer of a problem to solve. But when you double-click on it, when you really look down and say, “All right, what are the challenges with doing this?” They're really insurmountable for a lot of organizations. So, even though they may try and take a DIY approach, they often run into trouble after just a few weeks because of all the protocols you have to support, all the different data formats, and all the destinations, and role-based access control, and everything else that goes along with it.And so I really liked the team. I thought the product inhabited a unique space in the market—we've already talked about the lack of competitors in the space—and I just felt like the company was on a rocket ship—or is a rocket ship—that basically had unbounded success potential. And so when the opportunity arose to join the team and do a lot of the things I like doing as an analyst—examining the market, talking to people looking at competitive aspects—I jumped at it.Corey: It's nice when you see those opportunities that show up in front of you, and the stars sort of align. It's like, this is not just something that I'm excited about and enthused about, but hey, they can use me. I can add something to where they're going and help them get there better, faster, sooner, et cetera, et cetera.Nick: When you're an analyst, you look at dozens of companies a month and I'd never seen an opportunity that looked like that. Everything kind of looked the same. There's a bunch of data integration companies, there's a bunch of companies with Spark and things like that, but this company was unique; the product was unique, and no one was really recognizing the opportunity. So, it was just a great set of things that all happen at the same time.Corey: It's always fun to see stars align like that. So—Nick: Yeah.Corey: —help me understand in a way that can be articulated to folks who don't have 15 years of grumpy sysadmin experience under their belts, what does Cribl do?Nick: So, Cribl does a couple of things. Our flagship product is called LogStream, and the easiest way to describe that is as an abstraction between sources and destinations of data. And that doesn't sound very interesting, but if you, from your sysadmin background, you're always dealing with events, logs, now there's traces, metrics are also hanging around—Corey: Oh, and of course, the time is never synchronized with anything either, so it's sort of a giant whodunit, mystery, where half the eyewitnesses lie.Nick: Well, there's that. There's a lot of data silos. If you got an agent deployed on a system, it's only going to talk to one destination platform. And you repeat this, maybe a dozen times per server, and you might have 100,000 or 200,000 servers, with all of these different agents running on it, each one locked into one destination. So, you might want to be able to mix and match that data; you can't. You're locked in.One of the things LogStream does is it lets you do that exact mixing and matching. Another thing that this product does, that LogStream does, is it gives you ability to manage that data. And then what I mean by that is, you may want to reduce how much stuff you're sending into a given platform because maybe that platform charges you by your daily ingest rates or some other kind of event-based charges. And so not all that data is valuable, so why pay to store it if it's not going to be valuable? Just dump it or reduce the amount of volume that you've got in that payload, like a Windows XML log.And so that's another aspect that it allows you to do, better management of that stuff. You can redact sensitive fields, you can enrich the data with maybe, say, GeoIPs so you know what kind of data privacy laws you fall under and so on. And so, the story has always been, land the data in your destination platform first, then do all those things. Well, of course, because that's how they charge you; they charge you based on daily ingest. And so now the story is, make those decisions upfront in one place without having to spread this logic all over, and then send the data where you want it to go.So, that's really, that's the core product today, LogStream. We call ourselves an observability pipeline for observability data. The other thing we've got going on is this project called AppScope, and I think this is pretty cool. AppScope is a black box instrumentation tool that basically resides between the application runtime and the kernel and any shared libraries. And so it provides—without you having to go back and instrument code—it instruments the application for you based on every call that it makes and then can send that data through something like LogStream or to another destination.So, you don't have to go back and say, “Well, I'm going to try and find the source code for this 30-year old c++ application.” I can simply run AppScope against the process, and find out exactly what that application is doing for me, and then relay that information to some other destination.Corey: This episode is sponsored in part by Liquibase. If you're anything like me, you've screwed up the database part of a deployment so severely that you've been banned from touching every anything that remotely sounds like SQL, at at least three different companies. We've mostly got code deployments solved for, but when it comes to databases we basically rely on desperate hope, with a roll back plan of keeping our resumes up to date. It doesn't have to be that way. Meet Liquibase. It is both an open source project and a commercial offering. Liquibase lets you track, modify, and automate database schema changes across almost any database, with guardrails to ensure you'll still have a company left after you deploy the change. No matter where your database lives, Liquibase can help you solve your database deployment issues. Check them out today at liquibase.com. Offer does not apply to Route 53.Corey: I have to ask because I love what you're doing, don't get me wrong. The counterargument that always comes up in this type of conversation is, “Who in their right mind looks at the state of the industry today and says, ‘You know what we need? That's right; another observability tool.'” what differentiates what you folks are building from a lot of the existing names in the space? And to be clear, a lot of the existing names in the space are treating observability simply as hipster monitoring. I'm not entirely sure they're wrong, but that's a different fight for a different time.Nick: Yeah. I'm happy to come back and talk about that aspect of it, too. What's different about what we're doing is we don't care where the data goes. We don't have a dog in that fight. We want you to have better control over where it goes and what kind of shape it's in when it gets there.And so I'll give an example. One of our customers wanted to deploy a new SIEM—Security Information Event Management—tool. But they didn't want to have to deploy a couple hundred-thousand new agents to go along with it. They already had the data coming in from another agent, they just couldn't get the data to it. So, they use LogStream to send that data to their new desired platform.Worked great. They were able to go from zero to a brand new platform in just a couple days, versus fighting with rolling out agents and having to update them. Did they conflict with existing agents? How much performance did it impact on the servers, and so on? So, we don't care about the destination. We like everybody. We're agnostic when it comes to where that data goes. And—Corey: Oh, it's not about the destination. It's about the journey. Everyone's been saying it, but you've turned it into a product.Nick: It's very spiritual. So, we [laugh] send, we send your observability data on a spiritual [laugh] journey to its destination, and we can do quite a bit with it on the way.Corey: So, you said you offered to go back as well and visit the, “Oh, it's monitoring, but we're going to call it observability because otherwise we get yelled out on Twitter by Charity Majors.” How do you view that?Nick: Monitoring is the things you already know. Right? You know what questions you want to ask, you get an alert if something goes out of bounds or something goes from green to red. Think about monitoring as a data warehouse. You shape your data, you get it all in just the right condition so you can ask the same question over and over again, over different time domains.That's how I think about monitoring. It's prepackaged, you know exactly what you want to do with it. Observability is more like a data lake. I have no idea what I'm going to do with this stuff. I think there's going to be some signals in here that I can use, and I'm going to go explore that data.So, if monitoring is your known knowns, observability is your unknown unknowns. So, an ideal observability solution gives you an opportunity to discover what those are. Once you discover them. Great. Now, you can talk about how to get them into your monitoring system. So, for me, it's kind of a process of discovery.Corey: Which makes an awful lot of sense. The problem I've always had with the monitoring approach is it falls into this terrible pattern of enumerate the badness. In other words, “Imagine all the ways that this system can fail,” and then build an alerting that lets you know when any of those things happen. And what happens next is inevitable to anyone who's ever dealt with the tricksy devils known as computers, and what happens, of course, is that they find new ways to fail and you generally get to add to the list of things to check for, usually at two o'clock in the morning.Nick: On a Sunday.Corey: Oh, absolutely. It almost doesn't matter when. The real problem is when these things happen, it's, “What day, actually, is it?” And you have to check the calendar to figure out because your third time that week being woken up in the dead of night. It's like an infant but less than endearing.So, that has been the old school approach, and there's unfortunately still an awful lot of, we'll just call it nonsense, in the industry that still does exactly the same thing, except now they call it observability because—hearkening back to earlier in our conversation—there's a certain point in the Gartner Hype Cycle that we are all existing within. What's the deal with that?Nick: Well, I think that there are a lot of entrenched interests in the monitoring space. And so I think you always see this when a new term comes around. Vendors will say, “All right, well, there's a lot of confusion about this. Let me back-fit my product into this term so that I can continue to look like I'm on the leading edge and I'm not going to put any of my revenues in jeopardy.” I know, that's a cynical view, but I've seen it over and over again.And I think that's unfortunate because there's a real opportunity to have a better understanding of your systems, to better understand what's happening in all the containers you're deploying and not tearing down the way that you should, to better understand what's happening in distributed systems. And it's going to be a real missed opportunity if that is what happens. If we just call this ‘Monitoring 2.0' it's going to leave a lot of unrealized potential in the market.Corey: The big problem that I've seen in a lot of different areas is—I'll be direct—consolidation where you have a company that starts to do a thing—and that's great—and then they start doing other things that are tied to it. And in turn, they start, I guess, gathering everything in the ecosystem. If you break down observability into various constituent parts, I—know, I know, the pillars thing is going to upset people; ignore that for now—and if you have an offering that's weak in a particular area, okay, instead of building it organically into the product, or saying, “Yeah, that's not what we do,” there's an instinct to acquire a company or build that functionality out. And it turns out that we're building what feels the lot to me like the SaaS equivalent of multifunction printers: they can print, they can scan, they can fax, and none of those three very well, so it winds up with something that dissatisfies everyone, rather than a best-of-breed solution that has a very clear and narrow starting and stopping point. How do you view that?Nick: Well, what you've described is a compromise, right? A compromise is everyone can work and no one's happy. And I think that's the advantage of where LogStream comes in. The reality is best-of-breed. Most enterprises today have 30 or more different monitoring tools—call them observability tools if you want to—and you will never pry those tools from the dead hands of those sysadmins, DevOps engineers, SREs, et cetera.They all integrate those tools into how they work and their processes. So, we're living in a best-of-breed world. It's like that in data and analytics—my former beat—and it's like that in monitoring and observability. People really gravitate towards the tools they like, they gravitate towards the tools their friends are using. And so you need a way to be able to mix and match that stuff.And just because I want to stay [laugh] on message, that's really where the LogStream story kind of blends in because we do that; we allow you to mix and match all those different pieces.Corey: Joke's on you. I use Nagios and I have no friends. I'm not convinced those two things are entirely unrelated, but here we are. So here's, I guess, the big burning question that a lot of folks—certainly not me, but other undefined folks, ‘lots of people are saying'—so you built something interesting that actually works. I want to be clear on this.I have spoken to customers of yours. They swear by it instead of swearing at it, which happens with other companies. Awesome. You have traction, you're moving forward, things are going great. Here's $200 million is the next part of that story, and on some level, my immediate reaction—which does need updating, let's be clear here—is like, all right.I'm trying to build a product. I can see how I could spend a few million bucks. “Well, what can you do with I don't know, 100 times that?” My easy answer is, “Something monstrous.” I don't believe that is the case here. What is the growth plan? What are you doing that makes having that kind of a war chest a useful and valuable thing to have?Nick: Well, if you speak with the co-founders—and they've been open about this—we view ourselves as a generational company. We're not just building one product. We've been thinking about, how do we deliver on observability as this idea of discovery? What does that take? And it doesn't mean that we're going to be less agnostic to other destinations, we still think there's an incredible amount of value there and that's not going away, but we think there's maybe an interim step that we build out, potentially this idea of an observability data lake where you can explore these environments.Certainly, there's other types of options in the space today. Most of them are SQL-based, which is interesting because the audience that uses monitoring and observability tools couldn't care less about SQL right? They want search, they want regex, and so you've got to have the right tool for that audience. And so we're thinking about what that looks like going forward. We're doubling down on people.Surprisingly, this is a very—like anything else in software, it is people-intensive. And so certainly those are other aspects that we're exploring with the recent investment, but definitely, multiproduct company is our future and continued expansion.Corey: Expansion is always a fun one. It's the idea of, great, are you looking at going deeper into the areas you're already active within, or is it more of a, “Ah, so we've solved the, effectively, log routing problem. That's great. Let's solve other problems, too.” Or is it more of a, I guess, a doubling down and focusing on what's working? And again, that probably sounds judgmental in a way I don't intend it to at all. I just have a hard time contextualizing that level of scale coming from a small company perspective the way that I do.Nick: Yeah. Our plan is to focus more intently on the areas that we're in. We have a huge basis of experience there. We don't want to be all things to all people; that dilutes the message down to nothing, so we want to be very specific in the audiences we talk to, the problems we're trying to solve, and how we try to solve them.Corey: The problem I've always found with a lot of the acquisition, growth thrashing of—let me call it what I think it is: companies in decline trying to strain relevancy, it feels almost like a, “We don't see a growth strategy. So, we're going to try and acquire everything that hold still long enough, at some level, trying to add more revenue to the pile, but also thrashing in the sense of, okay. They're going to teach us how to do things in creative, awesome ways,” but it never works out that way. When you have a 50,000 person company acquiring a 200 person company, invariably the bigger culture is going to dominate. And I don't understand why that mistake seems to continually happen again, and again, and again.And people think I'm effectively alluding to—or whenever the spoken word version of subtweeting is—a particular company or a particular acquisition. I'm absolutely not, there are probably 50 different companies listening right now who thinks, “Oh, God. He's talking about us.” It's the common repeating trend. What is that?Nick: It's hard to say. In some cases, these acquisitions might just be talent. “We need to know how to do X. They know how to do X. Let's do it.” They may have very unique niche technology or software that another company thinks they can more broadly apply.Also, some of these big companies, these may not be board-level or CEO-level decisions. A business unit might decide, “Oh, I like what that company is doing. I'm going to go acquire it.” And so it looks like MegaCorp bought TinyCorp, but it's really, this tiny business unit within MegaCorp bought tiny company. The reality is often different from what it looks like on the outside.So, that's one way. Another is, you know, if they're going to teach us to be more effective with tech or something like that, you're never going to beat culture. You're never going to be the existing culture. If it's 50,000, against 200, obviously we know who wins there. And so I don't know if that's realistic.I don't know if the big companies are genuine when they say that, but it could just be the messaging that they use to make people happy and hopefully retain as many of those new employees for as long as they can. Does that make sense?Corey: No, it makes perfect sense. It's the right answer. It does articulate what is happening there, and I think I keep falling prey to the same failure. And it's hard. It's pernicious, but companies are not monolithic entities.There's no one person at all of these companies each who is making these giant unilateral decisions. It's always some product manager or some particular person who has a vision and a strategy in the department. It is not something that the company board is agreeing on every little decision that gets made. They're distributed entities in many respects.Nick: Absolutely. And that's only getting more pervasive as companies get larger [laugh] through acquisition. So, you're going to see more and more of that, and so it's going to look like we're going to put one label on it, one brand. Often, I think internally, that's the exact opposite of what actually happened, how that decision got made.Corey: Nick, I want to thank you for taking so much time to speak with me about what you're up to over there, how your path has shaped, how you view the world, and also what Cribl does these days. If people want to learn more about what you're up to, how you think about the world, or even possibly going to work at Cribl which, having spoken to a number of people over there, I would endorse it. How do they find you?Nick: Best place to find us is by joining our community: cribl.io/community, and Cribl is spelled C-R-I-B-L. You can certainly reach out there, we've got about 2300 people in our community Slack, so it's a great group. You can also reach out to me on Twitter, I'm @nheudecker, N-H-E-U-D-E-C-K-E-R. Tell me what you thought of the episode; love to hear it. And then beyond that, you can also sign up for our free cloud tier at cribl.cloud. It's a pretty generous one terabyte a day processing, so you can start to send data in and send it wherever you'd like to be.Corey: To be clear, this free as in beer, not free as an AWS free tier?Nick: This is free as in beer.Corey: Excellent. Excellent.Nick: I think I'm getting that right. I think it's free as in beer. And the other thing you can try is our hosted solution on AWS, fully managed cloud at cribl.cloud, we offer a free one terabyte per day processing, so you can start to send data into that environment and send it wherever you'd like to go, in whatever shape that data needs to be in when it gets there.Corey: And we will, of course, put links to that in the [show notes 00:35:21]. Thank you so much for your time today. I really appreciate it.Nick: No, thank you for having me. This was a lot of fun.Corey: Nick Heudecker, senior director, market strategy and competitive intelligence at Cribl. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with a comment explaining that the only real reason a startup should raise a $200 million funding round is to pay that month's AWS bill.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

About AbbyWith over twenty years in the tech world, Abby Kearns is a true veteran of the technology industry. Her lengthy career has spanned product marketing, product management and consulting across Fortune 500 companies and startups alike. At Puppet, she leads the vision and direction of the current and future enterprise product portfolio. Prior to joining Puppet, Abby was the CEO of the Cloud Foundry Foundation where she focused on driving the vision for the Foundation as well as  growing the open source project and ecosystem. Her background also includes product management at companies such as Pivotal and Verizon, as well as infrastructure operations spanning companies such as Totality, EDS, and Sabre.Links: Cloud Foundry Foundation: https://www.cloudfoundry.org Puppet: https://puppet.com Twitter: https://twitter.com/ab415 TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Liquibase. If you're anything like me, you've screwed up the database part of a deployment so severely that you've been banned from touching every anything that remotely sounds like SQL, at at least three different companies. We've mostly got code deployments solved for, but when it comes to databases we basically rely on desperate hope, with a roll back plan of keeping our resumes up to date. It doesn't have to be that way. Meet Liquibase. It is both an open source project and a commercial offering. Liquibase lets you track, modify, and automate database schema changes across almost any database, with guardrails to ensure you'll still have a company left after you deploy the change. No matter where your database lives, Liquibase can help you solve your database deployment issues. Check them out today at liquibase.com. Offer does not apply to Route 53.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate: is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards, while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter? Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other, which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at Honeycomb.io/screaminginthecloud. Observability, it's more than just hipster monitoring.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Once upon a time, I was deep into the weeds of configuration management, which explains a lot, such as why it seems I don't know happiness in any meaningful sense. Then I wound up progressing into other areas of exploration, like the cloud, and now we know for a fact why happiness isn't a thing for me. My guest today is the former CEO of the Cloud Foundry Foundation and today is the CTO over at a company called Puppet, which we've talked about here from time to time. Abby Kearns, thank you for joining me. I appreciate your taking the time out of your day to suffer my slings and arrows.Abby: Thank you for having me. I have been looking forward to this for weeks.Corey: My stars, it seems like things are slow over there, and I kind of envy you for that. So, help me understand something; you went from this world of cloud-native everything, which is the joy of working with Cloud Foundry, to now working with configuration management. How is that not effectively Benjamin Button-ing your career. It feels like the opposite direction that most quote-unquote, “Digital transformations” like to play with. But I have a sneaking suspicion, there's more to it than I might guess from just looking at the label on the tin.Abby: Beyond I just love enterprise infrastructure? I mean, come on, who doesn't?Corey: Oh, yeah. Everyone loves to talk about digital transformation, reading about books like a Head in the Cloud to my children used to be a fun nightly activity before it was formally classified as child abuse. So yeah, I hear you, but it turns out the rest of the world doesn't necessarily agree with us.Abby: I do not understand it. I have been in enterprise infrastructure my entire career, which has been a really, really long time, back when Unix and Sun machines were still a thing. And I'll be a little biased here; I think that enterprise infrastructure is actually the most fascinating part of technology right now. And why is that? Well, we're in the process of actively rewritten everything that got us here.And we talk about infrastructure and everyone's like, “Yeah, sure, whatever,” but at the end of the day, it's the foundation that everything that you think is cool about technology is built on. And for those of us that really enjoy this space, having a front-row seat at that evolution and the innovation that's happening is really, really exciting and it creates a lot of interesting conversation, debate, evolution of technologies, and innovation. And are they all going to be on the money five, ten years from now? Maybe not, but they're creating an interesting space and discussion and just the work ahead for all of us across the board. And I'm kind of bucketing this pretty broadly, intentionally so because I think at the end of the day, all of us play a role in a bigger piece of pie, and it's so interesting to see how these things start to fit together.Corey: One of the things that I've noticed is that the things that get attention on the keynote stage of, “This is this far future, serverless, machine-learning Kubernetes, dingus nonsense,” great is—Abby: You forgot blockchain. [laugh].Corey: Oh, yeah. Oh, yeah blockchain as well. Like, what other things can we wind up putting into the buzzword thing to wind up guaranteeing that your seed round is at least $200 million? Great. There's that.But when you look at the actual AWS bill—my specialty, of course—and seeing where the money is actually going, it doesn't really look that different, as far as percentages go—even though the numbers are higher—than it did ten years ago, at least in the enterprise world. You're still buying a bunch of EC2 instances, you're still potentially modernizing to some of the managed services like RDS—which is Amazon's reimagining of what a database could be if you still had to manage the finicky bits, but had no control over when and how they worked—and of course, data transfer and disk. These are the basic building blocks of everything in cloud. And despite how much we talk about the super neat stuff, what we're doing is not reflected on the conference stage. So, I tend to view the idea of aspirational architecture as its own little world.There are still seasoned companies out there that are migrating from where they are today into this idea of, well, virtualization, we've just finally got our heads around that. Now, let's talk about this cloud thing; seems like a fad—in 2021. And people take longer to get to where they think they're going or where they intend to go than they plan for, and they get stuck somewhere and instead of a cloud migration, they're now hybrid because they can redefine things and declare victory when they plant that flag, and here we are. I'm not here to make fun of these companies because they're doing important work and these are super hard problems. But increasingly, it seems that the technology is not the thing that's holding them back or even responsible for their outcome so much as it is people.The more I work with tech, the more I realized that everything that's hard becomes people issues. Curious to get your take on that, given your somewhat privileged perspective as having a foot standing very deeply in each world.Abby: Yeah, and that's a super great point. And I also realized I didn't fully answer the first question either. So, I'll tie those two things together.Corey: That's okay, we're going to keep circling around until you get there. It's fine.Abby: It's been a long week, and it's only Wednesday.Corey: All day long, as it turns out.Abby: I have a whole soapbox that I drag around behind me about people and process, and how that's your biggest problem, not technology, and if you don't solve for the people in the process, I don't care what technology you choose to use, isn't going to fix your problem. On the other hand, if you get your people and process right, you can borderline use crayons and paper and get [laugh] really close to what you need to solve for.Corey: I have it on good authority that's known as IBM Cloud. Please continue.Abby: [laugh]. And so I think people and process are at the heart of everything. They're our biggest accelerators with technology and they're our biggest limitation. And you can cloud-native serverless your way into it, but if you do not actually do continuous delivery, if you did not actually automate your responses, if you do not actually set up the cross-functional teams—or sometimes fondly referred to as two-pizza teams—if you don't have those things set up, there isn't any technology that's going to make you deliver software better, faster, cheaper. And so I think I care a lot about the focus on that because I do think it is so important, but it's also—the reason a lot of people don't like to talk about it and deal with it because it's also the hardest.People, culture change, digital transformation, whatever you want to call it, is hard work. There's a reason so many books are written around DevOps. And you mentioned Gene Kim earlier, there's a reason he wrote The Phoenix Project; it's the people-process part is the hardest. And I do think technology should be an enabler and an accelerator, but it really has to pair up nicely with the people part. And you asked your earlier question about my move to Puppet.One of the things that I've learned a lot in running the Cloud Foundry Foundation, running an open-source software foundation, is you could a real good crash course in how teams can collaborate effectively, how teams work together, how decisions get made, the need for that process and that practice. And there was a lot of great context because I had access to so much interesting information. I got to see what all of these large enterprises were doing across the board. And I got to have a literal seat at the table for how a lot of the decisions are getting made around not only the open-source technologies that are going into building the future of our enterprise infrastructure but how a lot of these companies are using and leveraging those technologies. And having that visibility was amazing and transformational for myself.It gave me so much richness and context, which is why I have firmly believed that the people and process part were so crucial for many years. And I decided to go to a company that sold products. [laugh]. You're like, “What? What is she talking about now? Where is this going?”And I say that because running an open-source software foundation is great and it gives you so much information and so much context, but you have no access to customers and no access to products. You have no influence over that. And so when I thought about what I wanted to do next, it's like, I really want to be close to customers, I really want to be close to product, and I really want to be part of something that's solving what I look at over the next five to ten years, our biggest problem area, which is that tweener phase that we're going to be in for many years, which we were just talking about, which is, “I have some stuff on-prem and I have some stuff in a cloud—usually more than one cloud—and I got to figure out how to manage all of that.” And that is a really, really, really hard problem. And so when I looked at what Puppet was trying to do, and the opportunity that existed with a lot of the fantastic work that Puppet has done over the last 12 years around Desired State Configuration management, I'm like, “Okay, there's something here.”Because clearly, that problem doesn't go away because I'm running some stuff in the cloud. So, how do we start to think about this more broadly and expansively across the hybrid estate that is all of these different environments? And who is the most well-positioned to actually drive an innovative product that addresses that? So, that's my long way of addressing both of those things.Corey: No, it's a fair question. Friend of the show, Matt Stratton, is famous for saying that, “You cannot buy DevOps, but I sure would like to sell it to you,” and if you're looking at it from that perspective, Puppet is not far from what that product store look like in some ways. My first encounter with Puppet was back around 2009, 2010 or so, and I was using it in an environment I was working within and thought, “Okay, this is terrible, and it's crap, and obviously, I know what I'm doing far better than this, and the problem is the Puppet's a bad product.” So, I was one of the early developers behind SaltStack, which was a terrific, great way of approaching the problem from a novel perspective, and it wasn't crap; it was awesome. Right up until I saw the first time a customer deployed it and looked at their environment, and it wasn't crap, it was worse because it turns out that you can build a super finely crafted precision instrument that makes a fairly bad hammer, but that's how customers are going to use it anyway.Abby: Well, I mean, [sigh] look, you actually hit something that I think we don't actually talk about, which is how hard all of this shit really is. Automation is hard. Automation for distributed systems at scale is super duper hard. There isn't an easy way to solve that problem. And I feel like I learned a lot working with Cloud Foundry.Cloud Foundry is a Platform as a Service and it sits a layer up, but it had the same challenges in that solving the ability to run cloud-native applications and cloud-native workloads at scale and have that ephemerality to it and that resilience to it, and the things everyone wants but don't recognize how difficult it is, actually, to do that well. And I think the same—you know, that really set me up for the way that I think about the problem, even the layer down which is, running and managing desired state, which at the end of the day is a really fancy way of saying, “Does your environment look like the way you think it should? And if it doesn't, what are you going to do about it?” And it seems like, in this year of—what year are we again? 2021, maybe? I don't know. It feels like the last two years of, sort of, munged together?Corey: Yeah, the passing of time is something it's very hard for me to wrap my head around.Abby: But it feels like, I know some people, particularly those of us that have been in tech a long time are probably like, “Why are we still talking about that? Why is that a thing?” But that is still an incredibly hard problem for most organizations, large and small. So, I tend to spend a lot of time thinking about large enterprises, but in the day, you've got more than 20 servers, you're probably sitting around thinking, “Does my environment actually look the way I think it does? There's a new CVE that just came out. Am I able to address that?”And I think at the end of the day, figuring out how you can solve for that on-prem has been one of the things that Puppet has worked for, and done really, really well the last 12 years. Now, I think the next challenge is okay, how do you extend that out across your now bananas complex estate that is—I got a huge data estate, maybe one or two data centers, I got some stuff in AWS, I got some stuff in GCP, oh yeah, got a little thing over here and Azure, and oh, some guy spun up something on OCI. So, we got a little bit of everything. And oh, my God, the SolarWinds breach happened. Are we impacted? I don't know. What does that mean? [laugh].And I think you start to unravel the little pieces of that and it gets more and more complex. And so I think the problems that I was solving in the early aughts with servers seems trite now because you're like, I can see all of my servers; there's eight of them. Things seem fine. To now, you've got hundreds of thousands of applications and workloads, and some of them are serverless, and they're all over the place. And who has what, and where does it sit?And does it look like the way that I think it needs to so that I can run my business effectively? And I think that's really the power of it, but it's also one of those things that I don't feel like a lot of people like to acknowledge the complexity and the hardness of that because it's not just the technology problem—going back to your other question, how do we work? How do we communicate? What are our processes around dealing with this? And I think there's so much wrapped up in that it becomes almost like, how do you eat an elephant story, right? Yes, one bite at a time, but when you first look at the elephant, you're like, “Holy shit. This is big. What do I need to do?” And that I think is not something we all collectively spend enough time talking about is how hard this stuff is.Corey: One of the biggest challenges I see across the board is this idea of conference-ware style architecture; the greatest lie you ever see is someone talking about their infrastructure in public because peel it back a little bit and everything's messy, everything's disastrous, and everything's a tire fire. And we have this cult in tech—Abby: [laugh].Corey: —it's almost a cult where we have this idea that anything that isn't rewritten completely within the last six months based upon whatever is the hot framework now that is designed to run only in Google Chrome running on the latest generation MacBook Pro on a gigabit internet connection is somehow less than. It's like, “So, what does that piece of crap do?” And the answer is, “Well, a few $100 million a quarter in revenue, so how about you watch your mouth?” Moving those things is delicate; moving those things is fraught, and there are a lot of different stakeholders to the point where one of the lessons I keep learning is, people love to ask me, “What is Amazon's opinion of you?” Turns out that there's no Ted Amazon who works over there who forms a single entity's opinion. It's a bunch of small teams. Some of them like me, some of them can't stand me, far and away the majority don't know who I am. And that is okay. In theory; in practice, I find it completely unforgivable because how dare you? But I understand it's—Abby: You write a memo, right now. [laugh].Corey: Exactly. Companies are people and people are messy, and for better or worse, it is impossible to patch them. So, you have to almost route around them. And that was something that I found that Puppet did very well, coming from the olden days of sysadmin work where we spend time doing management [bump 00:15:53] the systems by hand. Like, oh, I'm going to do a for loop. Once I learned how to script. Before that, I use Cluster SSH and inadvertently blew away a University's entire config file what starts up on boot across their entire FreeBSD server fleet.Abby: You only did it once, so it's fine.Corey: Oh, yeah. I'm never going to screw up again. Well, not like that. In other ways. Absolutely, but at least my errors will be novel.Abby: Yeah. It's learning. We all learn. If you haven't taken something down in production in real-time, you have not lived. And also you [laugh] haven't done tech. [laugh].Corey: Oh, yeah, you either haven't been allowed close enough to anything that's important enough to be able to take down, you're lying to me, or thirdly—and this is possible, too—you're not yet at a point in your career where you're allowed to have access to the breaky parts. And that's fine. I mean, my argument has always been about why I'd be a terrible employee at Google, for example, is if I went in maliciously on day one, I would be hard-pressed to take down google.com for one hour. If I can't have that much impact intentionally going in as a bad actor, it feels like there'd be how much possible upside, positive impact can I have what everyone's ostensibly aligned around the same thing?It's the challenge of big companies. It's gaining buy-in, it's gaining investment in the idea and the direction you're going in. Things always take longer, you have to wind up getting multiple stakeholders on board. My consulting practice is entirely around helping save money on the AWS bill. You'd think it would be the easiest thing in the world to sell, but talking to big companies means a series of different sales conversations with different folks, getting them all on the same page. What we do functionally isn't so much look at the computer parts as it is marriage counseling between engineering and finance. Different languages, different ways of thinking about things, ostensibly the same goals.Abby: I mean, I don't think that's a big company problem. I think that's an every company problem if you have more than, like, five people in your company.Corey: The first few years here, it was just me and I had none of those problems. I had very different problems, but you know—and then we started bringing other people in, it's like, “Oh, yeah, things were great until we hired people. Ugh, mistake. Never do that.” And yeah, it turns out that's not particularly sustainable.Abby: Stakeholder management is hard. And you mentioned something about routing around. Well, you can't actually route around people, unfortunately. You have to get people to buy in, you have to bring people along on the journey. And not everybody is at the same place in the way they think about the work you're doing.And that's true at any company, big or small. I think it just gets harder and more complex as the company gets bigger because it's harder to make the changes you need to make fast enough, but I'd say even at a company the size of Puppet, we have the exact same challenges. You know, are the teams aligned? Are we aligned on the right things? Are we focusing on the right things?Or, do we have the right priorities in our backlog? How are we doing the work that we do? And if you're trying to drive innovation, how fast are we innovating? Are we innovating fast enough? How tight are our feedback loops?It's one of those things where the conversations that you and I have had externally with customers are the same conversations I have internally all the time, too. Let's talk about innovators' dilemma. [laugh]. Let's talk about feedback loop. Let's talk about what does it mean to get tighter feedback loops from customers and the field?And how do you align those things to the priorities in your backlog? And it's one of those never-ending challenges that's messy and complicated. And technology can enable it, but the technology is also messy and hard. And I do love going to conferences and seeing how pretty and easy things could look, and it's definitely a great aspiration for us to all shoot for, but at the end of the day, I think we all have to recognize there's a ton of messiness that goes on behind to make that a reality and to make that really a product and a technology that we can sell and get behind, but also one that we buy in, too, and are able to use. So, I think we as a technology industry, and particularly those of us in the Bay Area, we do a disservice by talking about how easy things are and why—you know, I remember a conversation I had in 2014 where someone asked me if Docker was already passe because everybody was doing containerized applications, and I was like, “Are they? Really? Is that an everyone thing? Or is that just an ‘us' thing?” [laugh].Corey: Well, they talk about it on the conference stages an awful lot, but yeah. New problems that continue to arise. I mean, I look back at my early formative years as someone who could theoretically be brought out in public and it was through a consulting project, where I was a traveling trainer for Puppet back in 2014, 2015, and teaching people who hadn't had exposure before what Puppet was about. And there was a definite experience in some of the people attending class where they were very opposed to the idea. And dig down a little bit, it's not that they had a problem with the software, it's not that they had a problem with any of the technical bits.It's that they made the mistake that so many technologists made—I know I have, repeatedly—of identifying themselves with the technology that they work on. And well, in some cases, yeah, the answer was that they ran a particular script a bunch of times and if you can automate that through something like Puppet or something else, well, what does that mean for them? We see it much larger-scale now with people who are, okay, I'm in the data center working on the storage arrays. When that becomes just an API call or—let's be serious, despite what we see in conference stages—when it becomes clicking buttons in the AWS console, then what does that mean for the future of their career? The tide is rising.And I can't blame them too much for this; you've been doing this for 25 years, you don't necessarily want to throw all that away and start over with a whole new set of concepts and the rest because unlike what Twitter believes, there are a bunch of legitimate paths in this industry that do treat it as a job rather than an all-consuming passion. And I have no negative judgment toward folks who walk down that direction.Abby: Most people do. And I think we have to be realistic. It's not just some. A lot of people do. A lot of people, “This is my nine-to-five job, Monday through Friday, and I'm going to go home and I'm going to spend time with my family.”Or I'm going to dare I say—quietly—have a life outside of technology. You know, but this is my job. And I think we have done a disservice to a lot of those individuals who for better or for worse, they just want to go in and do a job. They want to get their job done to the best of their abilities, and don't necessarily have the time—or if you're a single parent, have the flexibility in your day to go home and spend another five, six hours learning the latest technology, the latest programming language, set up your own demo environment at home, play around with AWS, all of these things that you may not have the opportunity to do. And I think we as an industry have done a disservice to both those individuals, as well in putting up really imaginary gates on who can actually be a technologist, too.Corey: This episode is sponsored by our friends at Oracle Cloud. Counting the pennies, but still dreaming of deploying apps instead of "Hello, World" demos? Allow me to introduce you to Oracle's Always Free tier. It provides over 20 free services and infrastructure, networking databases, observability, management, and security.And - let me be clear here - it's actually free. There's no surprise billing until you intentionally and proactively upgrade your account. This means you can provision a virtual machine instance or spin up an autonomous database that manages itself all while gaining the networking load, balancing and storage resources that somehow never quite make it into most free tiers needed to support the application that you want to build.With Always Free you can do things like run small scale applications, or do proof of concept testing without spending a dime. You know that I always like to put asterisks next to the word free. This is actually free. No asterisk. Start now. Visit https://snark.cloud/oci-free that's https://snark.cloud/oci-free.Corey: Gatekeeping, on some level, is just—it's a horrible thing. Something I found relatively early on is that I didn't enjoy communities where that was a thing in a big way. In minor ways, sure, absolutely. I wound up gravitating toward Ubuntu rather than Debian because it turned out that being actively insulted when I asked how to do something wasn't exactly the most welcoming, constructive experience, where they, “Read the manual.” “Yeah, I did that and it was incomplete and contradictory, and that's why I'm here asking you that question, but please continue to be a condescending jackwagon. I appreciate that. It really just reminds me that I'm making good choices with my life.”Abby: Hashtag-RTFM. [laugh].Corey: Exactly. In my case, fine, its water off a duck's back. I can certainly take it given the way that I dish it out, but by the same token, not everyone has a quote-unquote, thick skin, and I further posit that not everyone should have to have one. You should not get used to personal attacks as a prerequisite for working in this space. And I'm very sensitive to the idea that people who are just now exploring the cloud somehow feel that they've missed out on their career, and that so there's somehow not appropriate for this field, or that it's not for them.And no, are you kidding me? You know that overwhelming sense of confusion you get when you look at the AWS console and try and understand what all those services do? Yeah, I had the same impression the first time I saw it and there were 12 services; there's over 200 now. Guess what? I've still got it.And if I am overwhelmed by it, I promise there's no shame in anyone else being overwhelmed by it, too. We're long since past the point where I can talk incredibly convincingly about AWS services that don't exist to AWS employees and not get called out on it because who in the world has that entire Rolodex of services shoved into their heads who isn't me?Abby: I'd say you should put out… a call for anyone that does because I certainly do not memorize the services that are available. I don't know that anyone does. And I think even more broadly, is, remember when the landscape diagram came out from the CNCF a couple of years ago, which it's now, like… it's like a NASCAR logo of every logo known to man—Corey: Oh today, there's over 400 icons on it the last time I saw—I saw that thing come out and I realized, “Wow, I thought I was going to shit-posting,” but no, this thing is incredible. It's, “This is great.” My personal favorite was zooming all the way in finding a couple of logos on in the same box three times, which is just… spot on. I was told later, it's like, “Oh, those represent different projects.” I'm like, “Oh, yeah, must have missed that in the legend somewhere.” [laugh]. It's this monstrous, overdone thing.Abby: But the whole point of it was just, if I am running an IT department, and I'm like, “Here you go. Here's a menu of things to choose,” you're just like, “What do I do with this information? Do I choose one of each? All the above? Where do I go? And then, frankly, how do I make them all work together in my environment?” Because they all serve very different problems and they're tackling different aspects of that problem.And I think I get really annoyed with myself as an industry—like, ourselves as an industry because it's like, “What are we doing here?” We're trying to make it harder for people, not only to use the technology, to be part of it. And I think any efforts we can make to make it easier and more simple or clear, we owe it to ourselves to be able to tell that story. Which now the flip side of that is describing cloud-native in the cloud, and infrastructure and automation is really, really hard to do [laugh] in a way that doesn't use any of those words. And I'm just as guilty of this, of describing things we do and using the same language, and all of a sudden you're looking at it this says the same thing is 7500 other websites. [laugh]. So.Corey: Yep. I joke at RSA's Expo Hall is basically about twelve companies selling different things. Sure, each one has a whole bunch of booths with different logos and different marketing copy, but it's the same fundamental product. Same challenge here. And this is, to me, the future of cloud, this is where it's going, where I want something that will—in my case, I built a custom URL shortener out of DynamoDB, API Gateway, Lambda, et cetera, and I built this thing largely as a proof of concept because I wanted to have experience playing with these tools.And that was great, not but if I'm doing something like that in production, I'm going with Bitly or one of the other services that provide this where someone is going to maintain it full time. Unless it is the core of what I'm doing, I don't want to build it myself from popsicle sticks. And moving up the stack to a world of folks who are trying to solve a business problem and they don't want to deal with the ten prerequisite services to understand the cloud, and then a whole bunch of other things tied together, and the billing, and the flow becomes incredibly problematic to understand—not to mention insecure: because we don't understand it, you don't know what your risk exposure is—people don't want that. They—Abby: Or to manage it.Corey: Yeah.Abby: Just the day-to-day management. Care and feeding, beyond security. [laugh].Corey: People's time is free. So, yeah. For example, do I write my own payroll system? Absolutely not. I have the good sense to pay a turnkey company to handle that for me because mistakes will show.I started my career running email systems. I pay for Google workspaces—or GSuite, or Gmail, or whatever the hell they're calling it this week—because it's not core and central to my business. I want a thing that winds up solving a business problem, and I will pay commensurately to the value that thing delivers, not the individual constituent costs of the components that build it together. Because until you're significantly scaled out and it is the core of what you do, you're spending more on people to run the monstrous thing than you are for the thing itself. That's always the way it works.So, put your innovation where it matters for your business. I posit the for an awful lot of the things we're building, in order to achieve those outcomes, this isn't it.Abby: Agreed. And I am a big believer in if I can use off-the-shelf software, I will because I don't believe in reinventing everything. Now, having said that, and coming off my soapbox for just a hot minute, I will say that a lot of what's happening, and going back to where I started around the enterprise infrastructure, we're reinventing so many things that there is a lot of new things coming up. We've talked about containers, we've talked about Kubernetes, around container scheduling, container orchestration, we haven't even mentioned service mesh, and sidecars, and all of the new ways we're approaching solving some of these older problems. So, there is the need for a broad proliferation of technology until the contraction phase, where it all starts to fundamentally clicks together.And that's really where the interesting parts happen, but it's also where the confusion happens because, “Okay, what do I use? How do I use it? How do these pieces fit together? What happens when this changes? What does this mean?”And by the way, if I'm an enterprise company, I'm a payroll company, what's the one thing I care about? My payroll software. [laugh]. And that's the problem I'm solving for. So, I take a little umbrage sometimes with the frame that every company is a software company because every company is not a software company.Every company can use technology in ways to further their business and more and more frequently, that is delivering their business value through software, but if I'm a payroll company, I care about delivering that payroll capabilities to my customer, and I want to do it as quickly as possible, and I want to leverage technology to help me do that. But my endgame is not that technology; my endgame is delivering value to my customers in real and meaningful ways. And I worry, sometimes, that those two things get conflated together. And one is an enabler of the other; the technology is not the outcome.Corey: And that is borderline heresy for an awful lot of folks out there in the space, I wish that people would wake up a little bit more and realize that you have to build a thing that solves customer pain, ideally, an expensive customer pain, and then they will basically rush to hurl money at you. Now, there are challenges and inflections as you go, and there's a whole bunch of nuances that can span entire fields of endeavor that I am hand-waving over here, and that's fine, but this is the direction I think we're going and this is the dawning awareness that I hope and trust we'll see start to take root in this industry.Abby: I mean, I hope so. I do take comfort in the fact that a lot of the industry leaders I'm starting to see, kind of, equate those two things more closely in the top [track 00:31:20]. Because it's a good forcing function for those of us that are technologists. At the end of the day, what am I doing? I am a product company, I am selling software to someone.So clearly, obviously, I have a vested interest in building the best software out there, but at the end of the day, for me, it's, “Okay, how do I make that truly impactful for customers, and how do I help them solve a problem?” And for me, I'm hyper-focused on automation because I honestly feel like that is the biggest challenge for most companies; it's the hardest thing to solve. It's like getting into your auto-driving car for the first time and letting go the steering wheel and praying to the software gods that that software is actually going to work. But it's the same thing with automation; it's like, “Okay, I have to trust that this is going to manage my environment and manage my infrastructure in a factual way and not put me on CNN because I just shut down entire customer environment,” or if I'm an airline and I've just had a really bad week because I've had technology problems. [laugh]. And so I think we have to really take into consideration that there are real customer problems on the other end of that we have to help solve for.Corey: My biggest problem is the failure mode of this is not when people watch the conference-ware presentations is that they're not going to sit there and think, “Oh, yeah, they're just talking about a nuanced thing that doesn't apply to our constraints, and they're hand-waving over a lot of stuff,” it's that, “Wow, we suck.” And that's not the takeaway anyone should ever have. Even Netflix doesn't operate the way that Netflix says that they do in their conference talks. It's always fun sitting next to someone from the company that's currently presenting and saying something to them, like, “Wow, I wish we did things that way.” And they said, “Yeah, I wish we did, too.”And it's always the case because it's very hard to get on stage and talk for 45 minutes about here's what we completely screwed up on, especially at the large publicly traded companies where it's, “Wait, why did our stock price just dive five perce—oh, my God, what did you say on stage?” People care [laugh] about those things, and I get it; there's a risk factor that I don't have to deal with here.Abby: I wish people would though. It would be so refreshing to hear someone like, “You know what? Ohh, we really messed this up, and let me walk you through what we did.” [laugh]. I think that would be nice.Corey: On some level, giving that talk in enough detail becomes indistinguishable from rage-quitting in public.Abby: [laugh].Corey: I mean, I'm there for it. Don't get me wrong. But I would love to see it.Abby: I don't think it has to be rage-quitting. One of the things that I talk to my team a lot about is the safety to fail. You can't take risk if you're too afraid to fail, right? And I think you can frame failure in a way of, “Hey, this didn't work, but let me walk you through all the amazing things we learned from this. And here's how we used that to take this and make this thing better.”And I think there's a positive way to frame it that's not rage-quitting, but I do think we as an industry gloss over those learnings that you absolutely have to do. You fail; everything does not work the first time perfectly. It is not brilliant out the gate. If you've done an MVP and it's perfect and every customer loves it, well then, you sat on that for way too long. [laugh]. And I think it's just really getting comfortable with this didn't work the first time or the fourth, but look, at time seven, this is where we got and this is what we've learned.Corey: I want to thank you for taking so much time out of your day to wind up speaking to me about things that in many cases are challenging to talk about because it's the things people don't talk about in the real world. If people want to learn more about what you're up to, who you are, et cetera, where can they find you?Abby: They can find me on the Twitters at @ab415. I think that's the best way to start, although I will say that I am not as prolific as you are on Twitter.Corey: That's a good thing.Abby: I'm a half-assed Tweeter. [laugh]. I will own it.Corey: Oh, I put my full ass into it every time, in every way.Abby: [laugh]. I do skim it a lot. I get a lot of my tech news from there. Like, “What are people mad about today?” And—Corey: The daily outrage. Oh, yeah.Abby: The daily outrage. “What's Corey ranting about today? Let's see.” [laugh].Corey: We will, of course, put a link to your Twitter profile in the [show notes 00:35:39]. Thank you so much for taking the time to speak with me. I appreciate it.Abby: Hey, it was my pleasure.Corey: Abby Kearns, CTO at Puppet. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with a comment telling me about the amazing podcast content you create, start to finish, at Netflix.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Show notes:Links:Hook RelaySSL Server TestSecond brand marketing tips Twitter thread XhtmlchopHook Relay Twitter announcementHook Relay blog announcementDerrick Reimer & Corey Haines Product Hunt launch Startup Director List Indie Hackers launch repeatedly Not very accurate auto-generated transcript:Ben - you know, last week I recorded a quick little message talking about why we weren't recording our podcast. That was in the middle of the let's encrypt ssl certificate fiasco that swept across the internet and you know, at the time it really didn't feel like a huge problem. Uh like from our perspective there wasn't much of an impact, but there was some impact, but then later on that day and the next day I was reading some articles and like apparently it was a pretty big deal for a lot of people. So uh yeah, wasn't wasn't just us, it's one Josh - of those things like I could just kept seeing it more and more like just pop up in random places though to like, not, not necessarily in our world, but it was just like affected all kinds of different things. Ben - Yeah, yeah, so shout out to ssL labs for their ssl testing tool to put a link to that in the show notes. Whenever you have a question about your ssl you should check that first because it does tell you when, when things are bad. Josh - Yeah, I hadn't used that tool before and it was very very helpful on customer support. Especially like sending to people and we needed to like prove that we were, we were not at fault like you know, it gave us like a smoking gun that we could. Yeah. Yeah. Really great. Starr - That's always a weird thing to do in customer services and it's like um it's like no, actually like I found the line in the library you mentioned. That's actually the problem. It does everything to do with this. Yeah. Yeah. And then um and then facebook goes down so I'm thinking I'm thinking we are like, like spooky Tober is starting up like things are starting to get witchy. Josh - I kind of like I I was like checked out the day facebook went down so I like missed most of like the fun on whatever online and I guess on what the other social networks that didn't go down, twitter mostly. But yeah, that's kind of wild. The story that I at least what I picked up. Yeah, I'm not on facebook. So Starr - my favorite part is how they house since everything was tied together, they couldn't get access to the building. They have the servers to do the like you know, manual physical reset then you had to do Josh - because of that security. Starr - Yeah. Like that's like I don't know that. It seems like it's out of some sort of movie or something. Yeah. It's just like a comedy. Josh - They like accidentally deleted their private keys to the building or something. Starr - Yeah. Or maybe like in oceans  type movie where um like they like the crew does that like the cruise like well if we mess with their DNS records and they'll be locked out of the hotel for six hours, let's give us time to like airlift the loot out. Josh - Yeah. Or what about like just like mission impossible. But with nerds. Uh huh. You know like trying to break into the building. Starr - I mean that's what we are here at found requests aren't right. Mission impossible with. Starr - Okay. Um So in addition to all that um just terrible stuff happening, there was um some good stuff happened. We had our, you know we have the hook relay, we did a little launch to our user base or honey badger user base. Um Do you wanna talk about that a little bit? Ben - Yeah that was that was the day before the ssl problem. So Josh - that was it. Yeah that's maybe that's why I was like the details. I was like trying to like remember what I did last week or whatever and I was like I could and then I remembered I'm like how did I forget about the hook really launch. But yeah, maybe that's I spent the next day, like on support. Ben - Yeah, yeah. Unfortunately, who really was impacted by the ssl thing. And so like, the day after our launch day, we had to deal with the on fire kind of situation. But you know, props to kevin very quickly finding that issue and fixing it. And uh, it's nice to have, you know, the service, uh, deployment that we have, pushing it out was quick. That was that was nice. But yeah, we, we were able Josh - to help some people on twitter because we, uh, we did some crowd sourced troubleshooting and yeah, we're able to share our fix with a few friends. So that was heroes. Hopefully we Starr - were, hopefully we think people like you for everyone. Ben - Yeah, but I think think the launch went well. We had an email out to our, to leveling up mailing list and got a pretty good response right on that. We had put a banner up and on the, on the website and put a banner up on the app. And those had some pretty good click throughs as well. I'm just looking at the stats from Fathom this morning and yeah, it's a good good share of traffic from those sources. So it's nice to see that people care enough to click through and zero working on that was pretty cool. Josh - Yeah, because I think, I think like the, uh, it was, I felt pretty encouraged by just the, you know, the level of engagement that we got from, from everything, like it seems like, I mean the worst that could happen is like you put out the, you know, you put out everything that's just crickets, like, you know, and so yeah, I mean people signed up, we got some sign ups and we started, I mean like we've our support and feature request throughput has increased for sure on like from almost zero to something. So, you know, we got, we got some feature requests coming in, that's that's all good. Starr - Alright. I suppose we should mention what hook really is and why people should be interested in it. Um since, yeah, that's some people might want to know, Ben - are you gonna tell the star what it is? Oh, I, I mean, I'm trying to find out Starr - your, well, uh, I'm on the edge of my Ben - seat over here. Starr - There you go. I don't know. Hook relay is an enterprise level Blockchain analysis tool. It's not love it, look really uh, lets you have um, web hooks that are, you know, as high quality of stripes. Web looks like very high quality, very fully featured and just like a couple of minutes without much code or work. And um yeah, and honey badger. We have a lot of, you know, web hooks that go out and stuff and we use that for all of ours, I think right now for some of them at least. And yeah, so so that's what it is. Ben - Yeah, great for debugging and in the past week I've been doing a little side project that has inbound web books and so uh since I don't have it's launched yet, it's been handling my inbound web books for me and just storing them so I can go back and you play the we play the payloads against my uh my test instance. And uh there's a there's a button in hickory. They that I think I think kevin added, which I'm totally in love with now it's the copy as curl button. And so I can just click that button and dropping my terminal and boom, now I have a curl payload that I can send to my my dove, you know, server great. Starr - So you can be so so the the thing you're working on the like you can just like go do other things and will collect your inbound web hooks like just like your Jeffrey Bezos or something like you could be on the beach um doing whatever you want and then just um yeah, then just copy the curl Ben - you got it. Yeah. And then and then even better once I do launch, I would just add my production U. R. L. As the hook relay in point and then we'll actually start delivering them. So I want to change anything with that web provider that's sitting in the stuff right? Josh - Doesn't have as replay to right, Like if you if you have a bunch, can we do we do that add or? Yeah there Ben - is a re send button so you can okay you can send it again. Josh - So like for local development you could also like pointed out like an end rock like to your local host or something and replacing my books or something if you wanted to do if you wanted to do it in real time. Right? Yeah, Starr - that's cool. Yeah, pretty heavy. Josh - Maybe we should make like a like a hook relay native End Rock. They just like, you know, you can spin up your hook directly to your local host or something. That would be kind of cool. Ben - I had the same thought this morning. Yeah like stripe provides you a cli tool that will listen to their web hooks and then relate it to your local instance while you're developing. I'm like oh yeah, we should have the same thing really. So they can just listen to your endpoint and suck it down and replay it for you with it on the feature list. Josh - Yeah I do. Starr - I mean what's there? There is a danger here though that like if you make it too easy for people like they might not feel like they're being productive or like they really bring much value. Like if you make it also turnkey for developers and so easy. Like the developer just might be like what what am I even here for What's my job? Josh - You wouldn't feel like a hacker anymore. Starr - No, no, like that's something we've got to watch out for as we move forward boldly. Josh - Well how do you like write some like assembly code for a capture or something? Mhm. Josh - So yeah, we got a lot of the ideas for the uh hook relay uh launched a honey badger customers through a tweet that I had sent out a few weeks before just asking like like what's the best way to um launch for, you know, for what company with one product to launch another product and let their existing customers. No, and ah asking twitter is always, I mean it's usually helpful at least in our indie hacker space, everyone's always got ideas so we got a lot of good ideas from people there um including I think one of, one of the ideas was like depending how far along we are, like, you know, do you make a separate brand or like how do you like, like how does it change the, like the parent company, you know, if you're moving from, Josh - You know, a one product company to multiple products. That's all, that's all interesting. We opted just, you know, we're kind of like honey badger is the company and then it's hook relay by honey badger, I think it's kind of our our approach there but there's a lot of different ways you can do it. Ben - Yeah the one the one snag on that has been the other day. I was poking around in stripe and I was looking at the email setting options. They have, you can, you know, have stripes and emails when a payment fails for example and then it points them back to a payment collection page. I was like, yeah, we should have that, it's like click the button to turn it on and I preview the email and the, it's based on the business name. So uh it says oh honey badger industries LLC, you know, payment page or whatever. And I was like, well people who are hungry customers aren't really going to recognize that name necessarily. Uh so I Ben - can't have that. And so I went dug around the stripe settings and it's like, well you can't really do anything but the actual business name on that particular page, even though on the end of stripe settings you can set the credit card like, you know, that shows up on the actual payment thing, you can change that and uh so that's set in our case to hook dot gov but you can't change the the email header from to be something di