Podcasts about docker

Alexey Palazhchenko joins Natalie to discuss the implications of GitHub's Copilot on code generation. Go's design lends itself nicely to computer generated authoring: thanks to go fmt, there's already only one Go style. This means AI-generated code will be consistent and seamless. Its focus on simplicity & readability make it tailor made for this new approach to software creation. Where might this take us?

We make some last-minute changes to our server setup and catch up on a bunch of thought-provoking feedback. Special Guests: Martin Wimpress and Neal Gompa.

Alex got some new devices for Christmas, and we set off to figure out how to integrate them into his network. And Brent's tale of giving the gift of Jellyfin. Special Guest: Brent Gervais.

Our final installment from GopherCon 2021 is an awesome panel conversation led by Natalie & Angelica with guests Linus Lee, Daniela Patruzalek, and Sebastian Spank. All three of these gophers are using Go in cool and interesting ways outside of traditional work projects.

About MattMatt is an AWS DevTools Hero, Serverless Architect, Author and conference speaker. He is focused on creating the right environment for empowered teams to rapidly deliver business value in a well-architected, sustainable and serverless-first way.You can usually find him sharing reusable, well architected, serverless patterns over at cdkpatterns.com or behind the scenes bringing CDK Day to life.Links: AWS CDK Patterns: https://cdkpatterns.com The CDK Book: https://thecdkbook.com CDK Day: https://www.cdkday.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: It seems like there is a new security breach every day. Are you confident that an old SSH key, or a shared admin account, isn't going to come back and bite you? If not, check out Teleport. Teleport is the easiest, most secure way to access all of your infrastructure. The open source Teleport Access Plane consolidates everything you need for secure access to your Linux and Windows servers—and I assure you there is no third option there. Kubernetes clusters, databases, and internal applications like AWS Management Console, Yankins, GitLab, Grafana, Jupyter Notebooks, and more. Teleport's unique approach is not only more secure, it also improves developer productivity. To learn more visit: goteleport.com. And not, that is not me telling you to go away, it is: goteleport.com.Corey: This episode is sponsored in part by our friends at Rising Cloud, which I hadn't heard of before, but they're doing something vaguely interesting here. They are using AI, which is usually where my eyes glaze over and I lose attention, but they're using it to help developers be more efficient by reducing repetitive tasks. So, the idea being that you can run stateless things without having to worry about scaling, placement, et cetera, and the rest. They claim significant cost savings, and they're able to wind up taking what you're running as it is in AWS with no changes, and run it inside of their data centers that span multiple regions. I'm somewhat skeptical, but their customers seem to really like them, so that's one of those areas where I really have a hard time being too snarky about it because when you solve a customer's problem and they get out there in public and say, “We're solving a problem,” it's very hard to snark about that. Multus Medical, Construx.ai and Stax have seen significant results by using them. And it's worth exploring. So, if you're looking for a smarter, faster, cheaper alternative to EC2, Lambda, or batch, consider checking them out. Visit risingcloud.com/benefits. That's risingcloud.com/benefits, and be sure to tell them that I said you because watching people wince when you mention my name is one of the guilty pleasures of listening to this podcast.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I'm joined today by Matt Coulter, who is a Technical Architect at Liberty Mutual. You may have had the privilege of seeing him on the keynote stage at re:Invent last year—in Las Vegas or remotely—that last year of course being 2021. But if you make better choices than the two of us did, and found yourself not there, take the chance to go and watch that keynote. It's really worth seeing.Matt, first, thank you for joining me. I'm sorry, I don't have 20,000 people here in the audience to clap this time. They're here, but they're all remote as opposed to sitting in the room behind me because you know, social distancing.Matt: And this left earphone, I just have some applause going, just permanently, just to keep me going. [laugh].Corey: That's sort of my own internal laugh track going on. It's basically whatever I say is hilarious, to that. So yeah, doesn't really matter what I say, how I say it, my jokes are all for me. It's fine. So, what was it like being on stage in front of that many people? It's always been a wild experience to watch and for folks who haven't spent time on the speaking circuit, I don't think that there's any real conception of what that's like. Is this like giving a talk at work, where I just walk on stage randomly, whatever I happened to be wearing? And, oh, here's a microphone, I'm going to say words. What is the process there?Matt: It's completely different. For context for everyone, before the pandemic, I would have pretty regularly talked in front of, I don't know, maybe one, two hundred people in Liberty, in Belfast. So, I used to be able to just, sort of, walk in front of them, and lean against the pillar, and use my clicker, and click through, but the process for actually presenting something as big as a keynote and re:Invent is so different. For starters, you think that when you walk onto the stage, you'll actually be able to see the audience, but the way the lights are set up, you can pretty much see about one row of people, and they're not the front row, so anybody I knew, I couldn't actually see.And yeah, you can only see, sort of like, the from the void, and then you have your screens, so you've six sets of screens that tell you your notes as well as what slides you're on, you know, so you can pivot. But other than that, I mean, it feels like you're just talking to yourself outside of whenever people, thankfully, applause. It's such a long process to get there.Corey: I've always said that there are a few different transition stages as the audience size increases, but for me, the final stage is more or less anything above 750 people. Because as you say, you aren't able to see that many beyond that point, and it doesn't really change anything meaningfully. The most common example that you see in the wild is jokes that work super well with a small group of people fall completely flat to large audiences. It's why so much corporate numerous cheesy because yeah, everyone in the rehearsals is sitting there laughing and the joke kills, but now you've got 5000 people sitting in a room and that joke just sounds strained and forced because there's no longer a conversation, and no one has the shared context that—the humor has to change. So, in some cases when you're telling a story about what you're going to say on stage, during a rehearsal, they're going to say, “Well, that joke sounds really corny and lame.” It's, “Yeah, wait until you see it in front of an audience. It will land very differently.” And I'm usually right on that.I would also advise, you know, doing what you do and having something important and useful to say, as opposed to just going up there to tell jokes the whole time. I wanted to talk about that because you talked about how you're using various CDK and other serverless style patterns in your work at Liberty Mutual.Matt: Yeah. So, we've been using CDK pretty extensively since it was, sort of, Q3 2019. At that point, it was new. Like, it had just gone GA at the time, just came out of dev preview. And we've been using CDK from the perspective of we want to be building serverless-first, well-architected apps, and ideally we want to be building them on AWS.Now, the thing is, we have 5000 people in our IT organization, so there's sort of a couple of ways you can take to try and get those people onto the cloud: You can either go the route of being, like, there is one true path to architecture, this is our architecture and everything you want to build can fit into that square box; or you can go the other approach and try and have the golden path where you say this is the paved road that is really easy to do, but if you want to differentiate from that route, that's okay. But what you need to do is feed back into the golden path if that works. Then everybody can improve. And that's where we've started been using CDK. So, what you heard me talk about was the software accelerator, and it's sort of a different approach.It's where anybody can build a pattern and then share it so that everybody else can rapidly, you know, just reuse it. And what that means is effectively you can, instead of having to have hundreds of people on a central team, you can actually just crowdsource, and sort of decentralize the function. And if things are good, then a small team can actually come in and audit them, so to speak, and check that it's well-architected, and doesn't have flaws, and drive things that way.Corey: I have to confess that I view the CDK as sort of a third stage automation approach, and it's one that I haven't done much work with myself. The first stage is clicking around in the console; the second is using CloudFormation or Terraform; the third stage is what we're talking about here is CDK or Pulumi, or something like that. And then you ascend to the final fourth stage, which is what I use, which is clicking around in the AWS console, but then you lie to people about it. ClickOps is poised to take over the world. But that's okay. You haven't gotten that far yet. Instead, you're on the CDK side. What advantages does CDK offer that effectively CloudFormation or something like it doesn't?Matt: So, first off, for ClickOps in Liberty, we actually have the AWS console as read-only in all of our accounts, except for sandbox. So, you can ClickOps in sandbox to learn, but if you want to do something real, unfortunately, it's going to fail you. So.—Corey: I love that pattern. I think I might steal that.Matt: [laugh]. So, originally, we went heavy on CloudFormation, which is why CDK worked well for us. And because we've actually—it's been a long journey. I mean, we've been deploying—2014, I think it was, we first started deploying to AWS, and we've used everything from Terraform, to you name it. We've built our own tools, believe it or not, that are basically CDK.And the thing about CloudFormation is, it's brilliant, but it's also incredibly verbose and long because you need to specify absolutely everything that you want to deploy, and every piece of configuration. And that's fine if you're just deploying a side project, but if you're in an enterprise that has responsibilities to protect user data, and you can't just deploy anything, they end up thousands and thousands and thousands of lines long. And then we have amazing guardrails, so if you tried to deploy a CloudFormation template with a flaw in it, we can either just fix it, or reject the deploy. But CloudFormation is not known to be the fastest to deploy, so you end up in this developer cycle, where you build this template by hand, and then it goes through that CloudFormation deploy, and then you get the failure message that it didn't deploy because of some compliance thing, and developers just got frustrated, and were like, sod this. [laugh].I'm not deploying to AWS. Back the on-prem. And that's where CDK was a bit different because it allowed us to actually build abstractions with all of our guardrails baked in, so that it just looked like a standard class, for developers, like, developers already know Java, Python, TypeScript, the languages off CDK, and so we were able to just make it easy by saying, “You want API Gateway? There's an API Gateway class. You want, I don't know, an EC2 instance? There you go.” And that way, developers could focus on the thing they wanted, instead of all of the compliance stuff that they needed to care about every time they wanted to deploy.Corey: Personally, I keep lobbying AWS to add my preferred language, which is crappy shell scripting, but for some reason they haven't really been quick to add that one in. The thing that I think surprises me, on some level—though, perhaps it shouldn't—is not just the adoption of serverless that you're driving at Liberty Mutual, but the way that you're interacting with that feels very futuristic, for lack of a better term. And please don't think that I'm in any way describing this in a way that's designed to be insulting, but I do a bunch of serverless nonsense on Twitter for Pets. That's not an exaggeration. twitterforpets.com has a bunch of serverless stuff behind it because you know, I have personality defects.But no one cares about that static site that's been a slide dump a couple of times for me, and a running joke. You're at Liberty Mutual; you're an insurance company. When people wind up talking about big enterprise institutions, you're sort of a shorthand example of exactly what they're talking about. It's easy to contextualize or think of that as being very risk averse—for obvious reasons; you are an insurance company—as well as wanting to move relatively slowly with respect to technological advancement because mistakes are going to have drastic consequences to all of your customers, people's lives, et cetera, as opposed to tweets or—barks—not showing up appropriately at the right time. How did you get to the, I guess, advanced architectural philosophy that you clearly have been embracing as a company, while having to be respectful of the risk inherent that comes with change, especially in large, complex environments?Matt: Yeah, it's funny because so for everyone, we were talking before this recording started about, I've been with Liberty since 2011. So, I've seen a lot of change in the length of time I've been here. And I've built everything from IBM applications right the way through to the modern serverless apps. But the interesting thing is, the journey to where we are today definitely started eight or nine years ago, at a minimum because there was something identified in the leadership that they said, “Listen, we're all about our customers. And that means we don't want to be wasting millions of dollars, and thousands of hours, and big trains of people to build software that does stuff. We want to focus on why are we building a piece of software, and how quickly can we get there? If you focus on those two things you're doing all right.”And that's why starting from the early days, we focused on things like, okay, everything needs to go through CI/CD pipelines. You need to have your infrastructure as code. And even if you're deploying on-prem, you're still going to be using the same standards that we use to deploy to AWS today. So, we had years and years and years of just baking good development practices into the company. And then whenever we started to move to AWS, the question became, do we want to just deploy the same thing or do we want to take full advantage of what the cloud has to offer? And I think because we were primed and because the leadership had the right direction, you know, we were just sitting there ready to say, “Okay, serverless seems like a way we can rapidly help our customers.” And that's what we've done.Corey: A lot of the arguments against serverless—and let's be clear, they rhyme with the previous arguments against cloud that lots of people used to make; including me, let's be clear here. I'm usually wrong when I try to predict the future. “Well, you're putting your availability in someone else's hands,” was the argument about cloud. Yeah, it turns out the clouds are better at keeping things up than we are as individual companies.Then with serverless, it's the, “Well, if they're handling all that stuff for you on their side, when they're down, you're down. That's an unacceptable business risk, so we're going to be cloud-agnostic and multi-cloud, and that means everything we build serverlessly needs to work in multiple environments, including in our on-prem environment.” And from the way that we're talking about servers and things that you're building, I don't believe that is technically possible, unless some of the stuff you're building is ridiculous. How did you come to accept that risk organizationally?Matt: These are the conversations that we're all having. Sort of, I'd say once a week, we all have a multi-cloud discussion—and I really liked the article you wrote, it was maybe last year, maybe the year before—but multi-cloud to me is about taking the best capabilities that are out there and bringing them together. So, you know, like, Azure [ID 00:12:47] or whatever, things from the other clouds that they're good at, and using those rather than thinking, “Can I build a workload that I can simultaneously pay all of the price to run across all of the clouds, all of the time, so that if one's down, theoretically, I might have an outage?” So, the way we've looked at it is we embraced really early the well-architected framework from AWS. And it talks about things like you need to have multi-region availability, you need to have your backups in place, you need to have things like circuit breakers in place for if third-party goes down, and we've just tried to build really resilient architectures as best as we can on AWS. And do you know what I think, if [laugh] it AWS is not—I know at re:Invent, there it went down extraordinarily often compared to normal, but in general—Corey: We were all tired of re:Invent; their us-east-1 was feeling the exact same way.Matt: Yeah, so that's—it deserved a break. But, like, if somebody can't buy insurance for an hour, once a year, [laugh] I think we're okay with it versus spending millions to protect that one hour.Corey: And people make assumptions based on this where, okay, we had this problem with us-east-1 that froze things like the global Route 53 control planes; you couldn't change DNS for seven hours. And I highlighted that as, yeah, this is a problem, and it's something to severely consider, but I will bet you anything you'd care to name that there is an incredibly motivated team at AWS, actively fixing that as we speak. And by—I don't know how long it takes to untangle all of those dependencies, but I promise they're going to be untangled in relatively short order versus running data centers myself, when I discover a key underlying dependency I didn't realize was there, well, we need to break that. That's never going to happen because we're trying to do things as a company, and it's just not the most important thing for us as a going concern. With AWS, their durability and reliability is the most important thing, arguably compared to security.Would you rather be down or insecure? I feel like they pick down—I would hope in most cases they would pick down—but they don't want to do either one. That is something they are drastically incentivized to fix. And I'm never going to be able to fix things like that and I don't imagine that you folks would be able to either.Matt: Yeah, so, two things. The first thing is the important stuff, like, for us, that's claims. We want to make sure at any point in time, if you need to make a claim you can because that is why we're here. And we can do that with people whether or not the machines are up or down. So, that's why, like, you always have a process—a manual process—that the business can operate, irrespective of whether the cloud is still working.And that's why we're able to say if you can't buy insurance in that hour, it's okay. But the other thing is, we did used to have a lot of data centers, and I have to say, the people who ran those were amazing—I think half the staff now work for AWS—but there was this story that I heard where there was an app that used to go down at the same time every day, and nobody could work out why. And it was because someone was coming in to clean the room at that time, and they unplugged the server to plug in a vacuum, and then we're cleaning the room, and then plugging it back in again. And that's the kind of thing that just happens when you manage people, and you manage a building, and manage a premises. Whereas if you've heard that happened that AWS, I mean, that would be front page news.Corey: Oh, it absolutely would. There's also—as you say, if it's the sales function, if people aren't able to buy insurance for an hour, when us-east-1 went down, the headlines were all screaming about AWS taking an outage, and some of the more notable customers were listed as examples of this, but the story was that, “AWS has massive outage,” not, “Your particular company is bad at technology.” There's sort of a reputational risk mitigation by going with one of these centralized things. And again, as you're alluding to, what you're doing is not life-critical as far as the sales process and getting people to sign up. If an outage meant that suddenly a bunch of customers were no longer insured, that's a very different problem. But that's not your failure mode.Matt: Exactly. And that's where, like, you got to look at what your business is, and what you're specifically doing, but for 99.99999% of businesses out there, I'm pretty sure you can be down for the tiny window that AWS is down per year, and it will be okay, as long as you plan for it.Corey: So, one thing that really surprised me about the entirety of what you've done at Liberty Mutual is that you're a big enterprise company, and you can take a look at any enterprise company, and say that they have dueling mottos, which is, “I am not going to comment on that,” or, “That's not funny.” Like, the safe mode for any large concern is to say nothing at all. But a lot of folks—not just you—at Liberty have been extremely vocal about the work that you're doing, how you view these things, and I almost want to call it advocacy or evangelism for the CDK. I'm slightly embarrassed to admit that for a little while there, I thought you were an AWS employee in their DevRel program because you were such an advocate in such strong ways for the CDK itself.And that is not something I expected. Usually you see the most vocal folks working in environments that, let's be honest, tend to play a little bit fast and loose with things like formal corporate communications. Liberty doesn't and yet, there you folks are telling these great stories. Was that hard to win over as a culture, or am I just misunderstanding how corporate life is these days?Matt: No, I mean, so it was different, right? There was a point in time where, I think, we all just sort of decided that—I mean, we're really good at what we do from an engineering perspective, and we wanted to make sure that, given the messaging we were given, those 5000 teck employees in Liberty Mutual, if you consider the difference in broadcasting to 5000 versus going external, it may sound like there's millions, billions of people in the world, but in reality, the difference in messaging is not that much. So, to me what I thought, like, whenever I started anyway—it's not, like, we had a meeting and all decided at the same time—but whenever I started, it was a case of, instead of me just posting on all the internal channels—because I've been doing this for years—it's just at that moment, I thought, I could just start saying these things externally and still bring them internally because all you've done is widened the audience; you haven't actually made it shallower. And that meant that whenever I was having the internal conversations, nothing actually changed except for it meant external people, like all their Heroes—like Jeremy Daly—could comment on these things, and then I could bring that in internally. So, it almost helped the reverse takeover of the enterprise to change the culture because I didn't change that much except for change the audience of who I was talking to.Corey: This episode is sponsored by our friends at Oracle HeatWave is a new high-performance accelerator for the Oracle MySQL Database Service. Although I insist on calling it “my squirrel.” While MySQL has long been the worlds most popular open source database, shifting from transacting to analytics required way too much overhead and, ya know, work. With HeatWave you can run your OLTP and OLAP, don't ask me to ever say those acronyms again, workloads directly from your MySQL database and eliminate the time consuming data movement and integration work, while also performing 1100X faster than Amazon Aurora, and 2.5X faster than Amazon Redshift, at a third of the cost. My thanks again to Oracle Cloud for sponsoring this ridiculous nonsense.Corey: One thing that you've done that I want to say is admirable, and I stumbled across it when I was doing some work myself over the break, and only right before this recording did I discover that it was you is the cdkpatterns.com website. Specifically what I love about it is that it publishes a bunch of different patterns of ways to do things. This deviates from a lot of tutorials on, “Here's how to build this one very specific thing,” and instead talks about, “Here's the architecture design; here's what the baseline pattern for that looks like.” It's more than a template, but less than a, “Oh, this is a messaging app for dogs and I'm trying to build a messaging app for cats.” It's very generalized, but very direct, and I really, really like that model of demo.Matt: Thank you. So, watching some of your Twitter threads where you experiment with new—Corey: Uh oh. People read those. That's a problem.Matt: I know. So, whatever you experiment with a new piece of AWS to you, I've always wondered what it would be like to be your enabling architect. Because technically, my job in Liberty is, I meant to try and stay ahead of everybody and try and ease the on-ramp to these things. So, if I was your enabling architect, I would be looking at it going, “I should really have a pattern for this.” So that whenever you want to pick up that new service the patterns in cdkpatterns.com, there's 24, 25 of them right there, but internally, there's way more than dozens now.The goal is, the pattern is the least amount to code for you to learn a concept. And then that way, you can not only see how something works, but you can maybe pick up one of the pieces of the well-architected framework while you're there: All of it's unit tested, all of it is proper, you know, like, commented code. The idea is to not be crap, but not be gold-plated either. I'm currently in the process of upgrading that all to V2 as well. So, that [unintelligible 00:21:32].Corey: You mentioned a phrase just now: “Enabling architect.” I have to say this one that has not crossed my desk before. Is that an internal term you use? Is that an enterprise concept I've somehow managed to avoid? Is that an AWS job role? What is that?Matt: I've just started saying [laugh] it's my job over the past couple of years. That—I don't know, patent pending? But the idea to me is—Corey: No, it's evocative. I love the term, I'd love to learn more.Matt: Yeah, because you can sort of take two approaches to your architecture: You can take the traditional approach, which is the ‘house of no' almost, where it's like, “This is the architecture. How dare you want to deviate. This is what we have decided. If you want to change it, here's the Architecture Council and go through enterprise architecture as people imagine it.” But as people might work out quite quickly, whenever they meet me, the whole, like, long conversational meetings are not for me. What I want to do is teach engineers how to help themselves, so that's why I see myself as enabling.And what I've been doing is using techniques like Wardley Mapping, which is where you can go out and you can actually take all the components of people's architecture and you can draw them on a map for—it's a map of how close they are to the customer, as well as how cutting edge the tech is, or how aligned to our strategic direction it is. So, you can actually map out all of the teams, and—there's 160, 170 engineers in Belfast and Dublin, and I can actually go in and say, “Oh, that piece of your architecture would be better if it was evolved to this. Well, I have a pattern for that,” or, “I don't have a pattern for that, but you know what? I'll build one and let's talk about it next week.” And that's always trying to be ahead, instead of people coming to me and I have to say no.Corey: AWS Proton was designed to do something vaguely similar, where you could set out architectural patterns of—like, the two examples that they gave—I don't know if it's in general availability yet or still in public preview, but the ones that they gave were to build a REST API with Lambda, and building something-or-other with Fargate. And the idea was that you could basically fork those, or publish them inside of your own environment of, “Oh, you want a REST API; go ahead and do this.” It feels like their vision is a lot more prescriptive than what yours is.Matt: Yeah. I talked to them quite a lot about Proton, actually because, as always, there's different methodologies and different ways of doing things. And as I showed externally, we have our software accelerator, which is kind of our take on Proton, and it's very open. Anybody can contribute; anybody can consume. And then that way, it means that you don't necessarily have one central team, you can have—think of it more like an SRE function for all of the patterns, rather than… the Proton way is you've separate teams that are your DevOps teams that set up your patterns and then separate team that's consumer, and they have different permissions, different rights to do different things. If you use a Proton pattern, anytime an update is made to that pattern, it auto-deploys your infrastructure.Corey: I can see that breaking an awful lot.Matt: [laugh]. Yeah. So, the idea is sort of if you're a consumer, I assume you [unintelligible 00:24:35] be going to change that infrastructure. You can, they've built in an escape hatch, but the whole concept of it is there's a central team that looks to what the best configuration for that is. So, I think Proton has so much potential, I just think they need to loosen some of the boundaries for it to work for us, and that's the feedback I've given them directly as well.Corey: One thing that I want to take a step beyond this is, you care about this? More than most do. I mean, people will work with computers, yes. We get paid for that. Then they'll go and give talks about things. You're doing that as well. They'll launch a website occasionally, like, cdkpatterns.com, which you have. And then you just sort of decide to go for the absolute hardest thing in the world, and you're one of four authors of a book on this. Tell me more.Matt: Yeah. So, this is something that there's a few of us have been talking since one of the first CDK Days, where we're friends, so there's AWS Heroes. There's Thorsten Höger, Matt Bonig, Sathyajith Bhat, and myself, came together—it was sometime in the summer last year—and said, “Okay. We want to write a book, but how do we do this?” Because, you know, we weren't authors before this point; we'd never done it before. We weren't even sure if we should go to a publisher, or if we should self-publish.Corey: I argue that no one wants to write a book. They want to have written a book, and every first-time author I've ever spoken to at the end has said, “Why on earth would anyone want to do this a second time?” But people do it.Matt: Yeah. And that's we talked to Alex DeBrie, actually, about his book, the amazing Dynamodb Book. And it was his advice, told us to self-publish. And he gave us his starter template that he used for his book, which took so much of the pain out because all we had to do was then work out how we were going to work together. And I will say, I write quite a lot of stuff in general for people, but writing a book is completely different because once it's out there, it's out there. And if it's wrong, it's wrong. You got to release a new version and be like, “Listen, I got that wrong.” So, it did take quite a lot of effort from the group to pull it together. But now that we have it, I want to—I don't have a printed copy because it's only PDF at the minute, but I want a copy just put here [laugh] in, like, the frame. Because it's… it's what we all want.Corey: Yeah, I want you to do that through almost a traditional publisher, selfishly, because O'Reilly just released the AWS Cookbook, and I had a great review quote on the back talking about the value added. I would love to argue that they use one of mine for The CDK Book—and then of course they would reject it immediately—of, “I don't know why you do all this. Using the console and lying about it is way easier.” But yeah, obviously not the direction you're trying to take the book in. But again, the industry is not quite ready for the lying version of ClickOps.It's really neat to just see how willing you are to—how to frame this?—to give of yourself and your time and what you've done so freely. I sometimes make a joke—that arguably isn't that funny—that, “Oh, AWS Hero. That means that you basically volunteer for a $1.6 trillion company.”But that's not actually what you're doing. What you're doing is having figured out all the sharp edges and hacked your way through the jungle to get to something that is functional, you're a trailblazer. You're trying to save other people who are working with that same thing from difficult experiences on their own, having to all thrash and find our own way. And not everyone is diligent and as willing to continue to persist on these things. Is that a somewhat fair assessment how you see the Hero role?Matt: Yeah. I mean, no two Heroes are the same, from what I've judged, I haven't met every Hero yet because pandemic, so Vegas was the first time [I met most 00:28:12], but from my perspective, I mean, in the past, whatever number of years I've been coding, I've always been doing the same thing. Somebody always has to go out and be the first person to try the thing and work out what the value is, and where it'll work for us more work for us. The only difference with the external and public piece is that last 5%, which it's a very different thing to do, but I personally, I like even having conversations like this where I get to meet people that I've never met before.Corey: You sort of discovered the entire secret of why I have an interview podcast.Matt: [laugh]. Yeah because this is what I get out of it, just getting to meet other people and have new experiences. But I will say there's Heroes out there doing very different things. You've got, like, Hiro—as in Hiro, H-I-R-O—actually started AWS Newbies and she's taught—ah, it's hundreds of thousands of people how to actually just start with AWS, through a course designed for people who weren't coders before. That kind of thing is next-level compared to anything I've ever done because you know, they have actually built a product and just given it away. I think that's amazing.Corey: At some level, building a product and giving it away sounds like, “You know, I want to never be lonely again.” Well, that'll work because you're always going to get support tickets. There's an interesting narrative around how to wind up effectively managing the community, and users, and demands, based on open-source maintainers, that we're all wrestling with as an industry, particularly in the wake of that whole log4j nonsense that we've been tilting at that windmill, and that's going to be with us for a while. One last thing I want to talk about before we wind up calling this an episode is, you are one of the organizers of CDK Day. What is that?Matt: Yeah, so CDK Day, it's a complete community-organized conference. The past two have been worldwide, fully virtual just because of the situation we're in. And I mean, they've been pretty popular. I think we had about 5000 people attended the last one, and the idea is, it's a full day of the community just telling their stories of how they liked or disliked using the CDK. So, it's not a marketing event; it's not a sales event; we actually run the whole event on a budget of exactly $0. But yeah, it's just a day of fun to bring the community together and learn a few things. And, you know, if you leave it thinking CDK is not for you, I'm okay with that as much as if you just make a few friends while you're there.Corey: This is the first time I'd realized that it wasn't a formal AWS event. I almost feel like that's the tagline that you should have under it. It's—because it sounds like the CDK Day, again, like, it's this evangelism pure, “This is why it's great and why you should use it.” But I love conferences that embrace critical views. I built one of the first talks I ever built out that did anything beyond small user groups was “Heresy in the Church of Docker.”Then they asked me to give that at ContainerCon, which was incredibly flattering. And I don't think they made that mistake a second time, but it was great to just be willing to see some group of folks that are deeply invested in the technology, but also very open to hearing criticism. I think that's the difference between someone who is writing a nuanced critique versus someone who's just [pure-on 00:31:18] zealotry. “But the CDK is the answer to every technical problem you've got.” Well, I start to question the wisdom of how applicable it really is, and how objective you are. I've never gotten that vibe from you.Matt: No, and that's the thing. So, I mean, as we've worked out in this conversation, I don't work for AWS, so it's not my product. I mean, if it succeeds or if it fails, it doesn't impact my livelihood. I mean, there are people on the team who would be sad for, but the point is, my end goal is always the same. I want people to be enabled to rapidly deliver their software to help their customers.If that's CDK, perfect, but CDK is not for everyone. I mean, there are other options available in the market. And if, even, ClickOps is the way to go for you, I am happy for you. But if it's a case of we can have a conversation, and I can help you get closer to where you need to be with some other tool, that's where I want to be. I just want to help people.Corey: And if I can do anything to help along that axis, please don't hesitate to let me know. I really want to thank you for taking the time to speak with me and being so generous, not just with your time for this podcast, but all the time you spend helping the rest of us figure out which end is up, as we continue to find that the way we manage environments evolves.Matt: Yeah. And, listen, just thank you for having me on today because I've been reading your tweets for two years, so I'm just starstruck at this moment to even be talking to you. So, thank you.Corey: No, no. I understand that, but don't worry, I put my pants on two legs at a time, just like everyone else. That's right, the thought leader on Twitter, you have to jump into your pants. That's the rule. Thanks again so much. I look forward to having a further conversation with you about this stuff as I continue to explore, well honestly, what feels like a brand new paradigm for how we manage code.Matt: Yeah. Reach out if you need any help.Corey: I certainly will. You'll regret asking. Matt [Coulter 00:33:06], Technical Architect at Liberty Mutual. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, write an angry comment, then click the submit button, but lie and say you hit the submit button via an API call.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Our award winning ready survey game show is back, this time live from GopherCon 2021! Go Time panelists Natalie & Jon join forces with Go Team members Steve Francia, Katie Hockman, Julie Qui, and Rob Findley to battle it out and see who can better guess what the GopherCon gophers had to say!

In this episode of The Chris and Andre Show, the guys talk about "primarying" a sitting president and Joe Manchin's ongoing lies, dive into business to understand how inflation is having a greater impact on the poor while Apple is paying top-dollar for talent, make fun of the Missouri governor for thinking source code is a crime and compare bluetooth keyboards, address the real issue with how the media is covering the Antonio Brown situation, and give their reactions and predictions to a bunch of Pop Culture, including The Matrix Resurrections, CW/DC shows, Andrew Garfield and Spider-Man, Morbius, and The Book of Boba Fett. (00:00:00) Intros - The guys are back and ready to kick things off on their 2022 edition of The Chris and Andre Show! (00:02:26) Politics - The guys try to understand why some progressives are considering primarying President Biden in 2024 (https://www.politico.com/news/2022/01/01/progressives-2024-primary-challenge-526299 ), discuss the ugly history of New Year's for parts of America (https://www.thedailybeast.com/the-ugly-history-of-new-years-is-too-real-for-white-republicans), laugh with a former West Virginia state senator as he tears Joe Manchin a new one (https://www.wtrf.com/news/local-news/former-west-virginia-state-senator-texts-manchin-you-are-caught-being-paid-off-joe/), wonder how Republicans in North Carolina can sleep at night with their continued gerrymandering, and discuss the “National Divorce” idea being thrown around by Marjorie Taylor Greene. (00:40:58) Business - Economists are warning of inflation inequality that will hit poor people much harder than anyone else (https://www.cnbc.com/2021/12/29/economists-warn-of-inflation-inequality-in-2022.html), meanwhile Apple is willing to pay top-dollar to keep top-talent from leaving (https://www.bloomberg.com/news/articles/2021-12-28/apple-pays-unusual-180-000-bonuses-to-retain-engineering-talent). (01:01:56) Technology - The governor of Missouri doesn't understand how the internet works and wants to arrest a journalist who spotted a major security breach on their website (https://www.theverge.com/2021/12/31/22861188/missouri-governor-mike-parson-hack-website-source-code), Andre admits defeat in his battle against Docker (https://youtu.be/DW81Pj-uOQI), and the guys share their likes and dislikes about their current Bluetooth keyboards. (01:20:21) Sports - Chris gets real for a minute and says that everyone is missing the point on the Antonio Brown situation (https://www.washingtonpost.com/sports/2022/01/05/antonio-brown-tampa-bay-bucs-released/). (01:37:29) Pop Culture - Everybody saw the Matrix Resurrections this weekend and no one is hesitating to share their critical thoughts on the project, then they pivot to discussing why CW shows seem to keep getting worse (https://www.youtube.com/watch?v=4u1x6wxar0w), whether or not Andrew Garfield should return for TASM 3 (https://www.youtube.com/watch?v=XeAis4Dh1BQ), the fact that Morbius is delayed (and whether or not it can be good), and close things out with The Book of Boba Fett.

Jeff Levin is a software engineer, entrepreneur, and the former director of the Alaska Developer's Alliance. Growing up in Alaska, Jeff was constantly drawn to computers. Going so far as to memorize the DOS commands to boot windows by the age of 4. We learn about life in Alaska, his unique high school experience, finding dev work from remote areas, and how the Alaska Developers Alliance is building a community for software professionals.Connect with Jeff:https://twitter.com/JeffLevin3https://www.linkedin.com/in/levinology/https://levinology.comMentioned in today's episode:Alaska Developers Alliance: https://www.akdevalliance.comMS-DOS: https://en.wikipedia.org/wiki/MS-DOSMicrosoft Frontpage: https://en.wikipedia.org/wiki/Microsoft_FrontPageWant more from Ardan Labs?You can learn Go, Kubernetes, Docker & more through our video training, live events, or through our blog!

00:54 - Emily's Superpower: Being a Good Teacher * Greater Than Code Episode 261: Celebrating Computer Science Education with Dave Bock (https://www.greaterthancode.com/celebrating-computer-science-education) * CyberPatriot (https://www.uscyberpatriot.org/) 06:24 - Online College Courses vs In-Person Learning / Emily's Community College Path * Network Engineering (https://www.fieldengineer.com/blogs/what-is-network-engineer-definition) * Virginia Tech (https://vt.edu/) * Guaranteed Transfer Programs (https://blog.collegevine.com/an-introduction-to-guaranteed-transfer-programs/) * Loudoun Codes (http://loudouncodes.org/) * Emily Haggard: My Path to Virginia Tech (http://loudouncodes.org/2020/09/23/path_to_va_tech.html) 11:58 - Computer Science Curriculums * Technical Depth * The Missing Semester of Your CS Education (https://missing.csail.mit.edu/) 19:28 - Being A Good Mentor / Mentor, Student Relationships * Using Intuition * Putting Yourself in Others' Mindsets * Diversity and Focusing On Commonalities * Addressing Gatekeeping in Tech * Celebrating Accomplishments * Bragging Loudly * Grace Hopper Conference (https://ghc.anitab.org/) * Cultural Dynamics Spread 38:24 - Dungeons & Dragons (https://dnd.wizards.com/) * Characters as an Extensions of Players Reflections: Dave: College is what you make of it, not where you went. Arty: Teaching people better who don't have a lot of experience yet. Mandy: “Empowered women, empower women.” Empowered men also empower women. Emily: Your mentor should have different skills from you and you should seek them out for that reason. This episode was brought to you by @therubyrep (https://twitter.com/therubyrep) of DevReps, LLC (http://www.devreps.com/). To pledge your support and to join our awesome Slack community, visit patreon.com/greaterthancode (https://www.patreon.com/greaterthancode) To make a one-time donation so that we can continue to bring you more content and transcripts like this, please do so at paypal.me/devreps (https://www.paypal.me/devreps). You will also get an invitation to our Slack community this way as well. Transcript: MANDY: Hey, everybody! Welcome to Episode 265 of Greater Than Code. My name is Mandy Moore and I'm here with our guest panelist, Dave Bock. DAVE: Hi, I'm David Bock and I am here with our usual co-host, Arty Starr. ARTY: Thank you, Dave. And I'm here today with our guest, Emily Haggard. Emily is graduating from Virginia Tech with a Bachelor's in Computer Science this past December so, congratulations. She has a wide variety of experience in technology from web development to kernel programming, and even network engineering and cybersecurity. She is an active member of her community, having founded a cybersecurity club for middle schoolers. In her free time, she enjoys playing Dungeons and Dragons and writing novels. Welcome to the show, Emily. EMILY: Thank you. ARTY: So our first question we always ask is what is your superpower and how did you acquire it? EMILY: So I spent some time thinking about this and I would say that my superpower is that I'm a good teacher and what that means is that the people who come to me with questions wanting to learn something number one, my goal is to help them understand and number two, I think it's very important to make sure that whatever gap we have in our experience doesn't matter and that they don't feel that. So that they could be my 6-year-old brother and I'm trying to teach him algebra, or something and he doesn't feel like he is the 6-year-old trying to learn algebra. DAVE: I'll echo that sentiment about being a good teacher actually on two fronts, Emily. First of all, I am teaching your brother now in high school and just the other day, he credited you towards giving him a lot of background knowledge about the course and the curriculum before we ever started the class. So he seconds that you're a good teacher. And then listeners might remember, I was on a few weeks ago talking about my nonprofit and Emily was there at the beginning of me starting to volunteer in high schools. In fact, the way I met Emily, it was the fall of 2014. The first time I was volunteering at Loudoun Valley High School and one morning prior to class, there was going to be a meeting of a cybersecurity club. There were a bunch to the students milling about and there was this sophomore girl sitting in front of a computer, looking at a PowerPoint presentation of networking IP addresses, how the /24 of an IP address resolves and just all that kind of detail. Like very low-level detail about networking stuff and I was like, “Oh, that's interesting.” I wouldn't have expected a sophomore girl to be so interested in the low-level type of details of IP. And then the club started and she got up and started giving that presentation. That was not a slide deck she was reading; it was a slide deck she was creating. EMILY: Thank you. I actually remember that. [laughs] ARTY: So how did you acquire that superpower? EMILY: I think it was out of necessity. So going back to the story that David mentioned in high school, there was a cybersecurity competition called CyberPatriot that I competed in with friends and one year, all of a sudden, they just introduced network engineering to the competition. We had to configure and troubleshoot a simulated network and no one knew how to do that. So I took it upon myself to just figure it out so that my team could be competitive and win, but then part of the way that I learn actually is being able to teach something like that's how I grasp. I know that I've understood something and I'm ready to move on to the next topic is like, if I could teach this thing. So actually, I started out building all of that as a way to kind of condense my notes and condense my knowledge so that it'd stick in my head for the competition and I just realized it's already here, I should share this. So that's how I started there. Teaching network engineering to high schoolers that don't have any background knowledge is really hard. It forced me to put it in terms that would make sense and take away the really technical aspects of it and I think that built the teaching skill. DAVE: That relates to the club you started at the middle school for a CyberPatriot. How did that start? EMILY: That was initially a desire to have a capstone project and get out of high school a few weeks early. But I was sitting there with my friend and thinking about, “Okay, well, we need to do something that actually helps people. What should we do?” Like some people are going out and they're painting murals in schools, or gardening. It was like, well, we don't really like being outside and we're not really artistic. [chuckles] But what we do have is a lot of technical knowledge from all this work with CyberPatriot and we know that CyberPatriot has a middle school competition. So we actually approached the middle school. We had a sit down with, I think the dean at our local middle school. We talked about what CyberPatriot was and what we wanted to do with the students, which was have them bust over to the high school so we could teach them as an afterschool program. I guess we convinced him and so, a couple months later they're busing students over for us to teach. DAVE: Wow. And did they ever participate in competitions as middle schoolers? EMILY: Yes, they did. DAVE: Very cool. EMILY: Yeah. DAVE: Can you go into what those competitions are like? I don't think most of the audience even knows that exists. EMILY: Yeah, sure. So CyberPatriot, it's a cybersecurity competition for predominantly high schoolers that's run by the Air Force and you have a couple rounds throughout the year, I think it's like five, or so, and at each round you have 6 hours and you're given some virtual machines, which you have to secure and remove viruses from and things, and you get points for doing all of that. They added on network simulation, which was with some Cisco proprietary software, which would simulate your routers, your firewalls, and everything. So you'd have to configure and troubleshoot that as well and you would get points for the same thing. It builds a lot of comradery with all of us having to sit there for 6 hours after school and like, we're getting tired. It's a Friday night, everyone's a little bit loopy and all we've eaten is pizza for 6 hours. [laughs] DAVE: Well, that's a good jumpstart to your career, I think. [laughs] EMILY: Yes, for sure. MANDY: So while in college, I'm guessing that – well, I'm assuming that you've been pretty impacted by COVID and doing in-person learning versus online learning. How's that been for you? EMILY: I've actually found it pushes me to challenge the status quo. Online college classes, for the most part, the lectures aren't that helpful. They're not that great. So I had to pick up a lot of skills, like learning to teach myself, reading books, and figuring out ways to discern if I needed to research something further, if I really understood it yet, or not. That's a really hard question to ask actually is if you don't have the knowledge, how do you know that you don't have that knowledge? That's something I kind of had – it's a skill that you have to work on. So that is something I developed over the time when we were online and I've actually also done – I worked time for a year after high school and I took mostly online classes at the community college. Those skills started there, too and then I just built on them when I came to Virginia Tech and we had COVID happen. DAVE: Actually, I'd like to ask about that community college time. I know you had an interesting path into Virginia Tech, one that I'm really interested in for my own kids as well. Can you talk about that? EMILY: Yeah. So I, out of high school, always thought I'm going to – I'm a first-generation student. My parents did not go to college. They went to the military and grandparents before them. So I had always had it in my head that I am going to go and get that 4-year degree. That's what I want for myself. At the end of high school, I applied to Virginia Tech. I had a dream school. I wanted to go to Georgia Tech. They rejected me. Oh, well, that dream shot. I need to find something new. So I applied to Virginia Tech thinking it was going to be a safe bet. It's an in-state school, I was a very good student; they would never reject me and so, I applied for the engineering program and I was rejected. They did admit me for the neuroscience program, but it wasn't going to be what I wanted and I was realizing that I did not like either chemistry, or biology, so that would never work. And then at the same time, because of my work with CyberPatriot, I was able to get an internship in network engineering at a college not too far from where I lived. After I graduated high school, they offered me a job as a network engineer, which I took because my team was fantastic, I really liked my manager, and I was comfortable there. I took this job and I said, “Okay, I'm going to keep working on the college thing because it's what I always wanted for myself.” So I just signed up for community college and that was pretty tough working a full-time and doing community college until 11 o'clock at night and getting up the next day and doing it all over again. And from there, I decided that Virginia Tech was going to be the best option for me, just from a very logical perspective. I kind of thought Virginia Tech was a bit cult-y. I was never really gung-ho about going, but it made the most sense being an in-state school that's very well-known. I worked through community college and I applied to Virginia Tech again after 1 year at community college and they rejected me again. so I was like, “Oh no, now what do I do I?” And I realized I needed to make use of the guaranteed transfer program. One of the really cool things in Virginia at least is that a lot of the state schools have agreements with the community college, where if you get an associates with a specific GPA, you can transfer into that program and the university and your transfer's guaranteed, they can't reject you. So I was like, “Aha, they can't get rid of me this time.” Yeah, I did it and it's kind of a messy process. I actually went into that in a blog post on David has a nonprofit called Loudoun Codes. I wrote a blog post for his website and detailed that entire – being a transfer student is hard because there's a lot of credits that may not get transferred over because Virginia Tech is a little bit – all 4-year colleges are a little bit elitist in their attitude towards community college and they didn't take some of the credits that I had, which put me behind quite far, even though I had that knowledge, they said I didn't. So that added on some extra time and some extra summer semesters while I was at Tech. ARTY: Yeah. I did something similar with doing community college and then what you're talking about with the whole elitist attitude with the transfer and having a whole bunch of your credits not transferring and I'm definitely familiar with that whole experience. DAVE: Yeah. EMILY: And even now that I think about it, I remember community college, too. It's built for one specific type of student, which is great. I think they're really good at helping people who just weren't present, or weren't able to do the work and make the progress in high school. They're really good at helping those types of students. But as someone who did a whole bunch of AP classes, had a crazy GPA, they just didn't really know how to handle me. They said, “Okay, you've tested out of pretty much all of our math classes, but you are still lacking some credits.” So I had to take multi-variable calculus in community college in order to get credit to replace the fact that I tested out of pre-cal and which was kind of silly, but in the long run, it was great because I hear multi-variable calculus at Tech is pretty hard. But definitely, there's a lot of bureaucratic nonsense about college. Education is important. It's great. I've learned a lot of things, but there's still all these old ways of thinking and people are just not ready for change in college a lot of the time. The people who make decisions that is. DAVE: Well, I'd like to ask a little bit about the computer science curriculum that you've had and the angle I'm asking from when I worked at LivingSocial, I worked with one of the first group of people that had graduated from our bootcamp program and had transferred from other careers, spent 12 weeks learning software engineering skills, and then were integrated with a group of software engineers at LivingSocial. We would occasionally get into conversations about, well, if I learned to be a software engineer in 12 weeks, what do you learn in 4 years of college? So we started to do these internal brown bags that were kind of the Discovery Channel version of computer science. A lot of that material I've since recycled into the presentations I do at high school. But for your typical person who might have sidelined into this career from a different perspective, what's been your curriculum like? EMILY: I really like the parts of the curriculum that had technical depth because coming into it at my level, that's what I was lacking in certain areas. I had built the foundation really strong, but the details of it, I didn't have. The classes that Virginia Tech, like the notorious systems class and a cybersecurity class I have taken this semester, that have gone in detail with technology and pushed what I understood, those were my most valuable classes. There was a lot of it that I would've been happy without [laughs] because I'm not sure it will apply so much to my life going forward. I'm a very practical person. Engineer mindset; I don't want to worry about things that can actually be applied to the real world so much. So for me this semester, actually, it's been really challenging because I've taken a data structures and algorithms class where we're talking about NP complete versus NP hard, and what it would mean if we could solve an NP complete problem in polynomial time. It's really hard to care. It's really hard to see how that [laughs] helps. It's interesting from a pure math perspective, but coming into it as someone who was already in the adult world and very grounded, it feels like bloat. DAVE: Yeah. That stuff is interesting if you're are designing databases, but most of us are just using databases and that – [overtalk] EMILY: Right. DAVE: Stuff is all kind of baked in. EMILY: Yeah. DAVE: For the average person on a technical career path, we're far more interested in the business problems than the math problems. ARTY: I'm curious, too. There's also lots of stuff that seems like it's missing in college curriculum from just really fundamental things that you need to know as a software engineer. So did you have things like source control and continuous integration? I think back to my own college experience and I didn't learn about source control until I got out of college. [laughs] And why is that? Why is that? It seems so backwards because there's these fundamental things that we need to learn and within 4 years, can we not somehow get that in the curriculum? I'm wondering what your experience has been like. EMILY: So Virginia Tech, I think the CS department head is actually really good at being reflective because he requires every senior to take a seminar class as they exit. It's a one credit class; it's mostly just feedback for the school and I think it's really cool because he asks all of us to make a presentation, just record ourselves talking over some slides about our experience and the things we would change. That really impressed me that this guy who gets to make so many decisions is listening to the people who are just kind of peons of the system and what I said was that there are certain classes that they give background knowledge. Like there's one in particular where it's essentially the closest crossover we have with the electrical engineering department and it's really painful, as someone who works with software, to try and put myself in a hardware mindset working with AND gates, OR gates, and all that, and trying to deal with these simulated chips. It's awful and then it never comes back. We never talk about again in the curriculum and it's a prerequisite for the systems class, which has nothing at all to do with that, really. This segues into another thing. I've had an internship while I've been at Virginia Tech that's a web consultant role, or a development consultant role with a company called Acceleration. They run just a small office in Blacksburg and they have a really cool business model. They take students at Virginia Tech and at Radford, a neighboring school, and they have us work with clients on real software development projects. They pair us with mentors who have 5, 10 years of experiences, software consultants, and we get to learn all those things that school doesn't teach us. So that's actually how I learned Git, Scrum, and all that stuff that isn't taught in college even now and I went back to the CS department head and I said, “Replace that class with the class that teaches us Git, Scrum, Kanban, and even just a brief overview of Docker, AWS, and the concepts so that people have a foundation when they try to go to work and they're trying to read all this documentation, or they're asked to build a container image and they have no idea what it's talking about, or what it's for.” Yeah, going back to the original question, no, I didn't learn version control in college, but the weird thing is that I was expected to know it in my classes without ever being taught it because, especially in the upper level like 3,004 level, or 1,000 level classes, they have you work on group projects where Git is essential and some of them, especially the capstone project, are long-term projects and you really need to use Scrum, or use some sort of methodology rather than just the how you would treat a two-week project. Actually, it's interesting because David was my sponsor on my capstone project in college and he really helped my team with the whole project planning, sprint planning, and just understanding how Scrum and all that works and what it's for. DAVE: Yeah. I just shared a link that is a series of videos from MIT called The Missing Semester of Your Computer Science Education that talks about Git, version control and command line, using the back shell, stuff about using a database, how to use a debugger; just all that kind of stuff is stuff that you're expected to know, but never formally taught. ARTY: What about unit testing? EMILY: Okay. So that's an interesting exception to the rule, but I don't think they really carried it through, through my entire experience at Tech. So in the earlier classes, we were actually forced to write unit tests that was part of our assignments and they would look to see that we had – I think we had to have a 100% testing coverage, or very close to it. So that was good, but then it kind of dropped away as we went to the upper-level classes and you just had to be a good programmer and you had to know to test small chunks of your code because we'd have these massive projects and there would be a testing framework to see if the entire thing worked, but there was no unit testing, really. Whereas, at work in my internship, unit tests are paramount, like [laughs], we put a huge emphasis on that. ARTY: So earlier Emily, you had had mentioned teaching people that had no experience at all and the challenge of trying to be able to help and support people and learning to understand regardless of what their gap was in existing experience. So what are some of the ideas, principles, things that you've learned on how to do that effectively? EMILY: That's a really tough question because I've worked on building intuition rather than a set of rules. But I think a few of the major things probably are thinking about it long enough beforehand, because there's always a lot of background context that they need. Usually, you don't present a solution before you've presented the problem and so, it's important to spend time thinking about that and especially how you're going to order concepts. I've noticed, too with some of the best teachers I've had in college is they were very careful with the order in which they introduced topics to build the necessary context and that's something that's really important with complete beginners. The thing is sometimes you have to build that context very quickly, which the best trick I have for that is just to create an analogy that has nothing to do with technology at all, create it out of a shared experience that you have, or something that they've probably experienced. Like a lot of times analogies for IP addressing use the mailing service, houses on a street and things like that, things that are common to our experience. I guess, maybe that's the foundation of it is you're trying to figure out what you have in common with this person that can take them from where they are to where you are currently and that requires a lot of social skills, intuition, and practice, so. DAVE: That's a really good observation because one of the things I find teaching high school, and this has been a skill I've had to learn, is being able to put my mindset in the point of view of the student that I need to go to where they are and use a good metaphor analogy to bring them up a step. That's a real challenge to be able to strip away all the knowledge I have and be like, “Oh, this must be the understanding of the problem they have” and try to figure out how to walk them forward. EMILY: Yeah. DAVE: That's a valuable skill. EMILY: I think that's really rewarding, though because when I see in their eyes that they've understood it, or I watch them solve the problem, then I know that I did it well and that's really rewarding. It's like, okay, cool. I got them to where I wanted them to be. ARTY: Reminds me. I was helping out mentoring college students for a while and I hadn't really been involved with college for a really long time. I was working with folks that knew very, very little and it was just astounding to me one, just realizing how much I actually knew. That's easy to take for granted. But also, just that if you can dial back and be patient, it's really rewarding I found to just be able to help people, to see that little light go on where they start connecting the dots and they're able to make something appear on the screen for the first time. That experience of “I made that! I made that happen.” I feel like that's one of the most exciting things about software and in programming is that experience of being able to create and make something come to life in that way. Just mentoring as an experience is something, I think is valuable in a lot of ways beyond just the immediate being able to help someone things, like it's a cool experience being a mentor as well. EMILY: And I think it's really important, too as a mentor to have good mentors yourself. I was really lucky to have David just show up in my high school one day [laughs] and I've been really lucky consistently with the mentors in my life. In my internship that I mentioned, I worked with fantastic engineers who are really good teachers. It's difficult to figure out how to good teacher without having first had good teachers yourself and regardless of the level of experience I have, I think I will always want to have that mentor relationship so that I can keep learning. One of the things, too is a lot of my mentors are quite different from mine. Like I am a very quiet introvert person. I would not say I'm very charismatic. I would say David is the opposite of all those things. So wanting to build those skills myself, it's good to have a role model who has them. DAVE: Well, thank you for that compliment. EMILY: Yeah. MANDY: That's really interesting that you said to find mentor that's the opposite of yourself. I literally just heard the same thing said by a different person last week that was like, “Yeah, you should totally find someone who you want to be, or emulate,” and I thought that was really good advice. EMILY: I agree with that completely. There's a lot of conversation around diversity in computer science and that's definitely a problem. Women do not have the representation they should, like I've always gone through classes and been 1 of 3 women in the class. [chuckles] But I think one of the ways in which we can approach this, besides just increasing the enrollment number, is focusing on commonalities—kind of what I mentioned before— from the perspective of mentors who are different than their students. Maybe a male mentor trying to mentor a female student. Focusing on your commonalities rather than naturally gravitating towards people who are like you; trying to find commonalities with people who are different from you. I think that's important. From the student perspective, it's less about finding commonalities more about, like you said, finding the things you want to emulate. Looking at other groups of people and figuring out what they're good at and what things you would like to take from them. [laughs] So. DAVE: Yeah, that's been an interesting challenge I've noticed in the school system is that in the elementary school years, boys and girls are equally competent and interested in this material. By the time they get to high school, we have that 70/30 split of males versus females. In the middle school, the numbers are all over place, but in the formal classes, it seems to be at 70/30 split by 7th grade and I can't really find any single root cause that causes that. Unfortunately, I think I saw some stuff this week with Computer Science Education Week where students as young as first grade are working with small robots in small groups and there always seems to be the extrovert boy that is like, “It's a robot. I'm going to be the one that plays with it,” and he gatekeeps access to girls who are like, “It's my turn.” It's really discouraging to see that behavior ingrained at such a young age. Any attempt I try to address it at the high school level – well, not any attempt, but I feel like a lot of times I can come off as the creepy old guy trying to encourage high school age girls to be more interested in computer science. It's a hard place for me to be. EMILY: Yeah. I don't think you're the creepy old guy. [laughter] I think this is a larger topic in society right now is it's ingrained in women to be meek and to not be as confident, and that's really hard to overcome. That sounds terrible. I don't think people consciously do that all the time. I don't think men are consciously trying to speak over women all the time, but it it's definitely happened to me all over the place—it's happened at work, it's happened in interviews. I think getting over that is definitely really tough, but some of the things that have helped me are to see and celebrate women's accomplishments. Like every time I hear about Grace Hopper, it makes me so happy. I know one time in high school, David took a few other female students and I to a celebration of women's accomplishments and the whole thing, there were male allies there, but the topic of the night was women bragging loudly about the things that they've accomplished. Because that's not something that's encouraged for us to do, but it's something that it builds our confidence and also changes how other people see us. Because the thing is, it's easy to brag and it's saddening that people will just implicitly believe that the more you say you did. So the more frequently you brag about how smart you are, the more inclined people are to believe it because we're pretty suggestible as humans. When women don't do that, that subtly over time changes the perspective of us. We have to, very intently – I can't think of a word I'm trying to say, but be very intentional about bragging about ourselves regardless of how uncomfortable it is, regardless of whether we think we deserve it, or not. MANDY: I also think it's really important for women to also amplify other women, like empowered women empower women. So when we step up and say, “Look at this thing Emily did, isn't that cool?” EMILY: Yeah. MANDY: That's something that we should be doing to highlight and amplify others' accomplishments. EMILY: For sure. I've been to the Grace Hopper conference virtually because it was during COVID times, but that was a huge component of it was there would be these networking circles where women just talk about the amazing things that they've done and you just meet all these strangers who have done really cool things. It goes in both directions, like you said, you get to raise them up and also be encouraged yourself and have something to look forward to. ARTY: It sounds like just being exposed to that culture was a powerful experience for you. EMILY: For sure. ARTY: I was thinking about our conversation earlier about role models and finding someone to look up to that you're like, “You're a really cool person. I admire you.” Having strong women as role models makes it much easier for us to operate a certain way when we interact with other people, and stay solid within ourself and confident within ourself and not cave in. When all the examples around us of women are backing off, caving in, and just being submissive in the way that they interact with the world, those are the sort of patterns we pick up and learn. Likewise, the mixed gender conversations and things that happen. We pick up on those play of dynamics, the things that we see, and if we have strong role models, then it helps us shift those other conversations. So if we have exp more experience with these things, like the Grace Hopper conference and being able to go into these other that have a culture built around strong women and supporting being a strong woman, then you can take some of those things back with you in these other environments and then also be a role model for others. Because people see you being strong and standing up for yourself, being confident and they might have the same reaction to you of like, “Wow, I really admire her. She's really cool.” And then they start to emulate those things too. So these cultural dynamics, they spread and it's this subconscious spreading thing that happens. But maybe if we can get more experiences in these positive environments, we can iteratively take some of those things back with us and influence our other environments that, that maybe aren't so healthy. EMILY: Yeah. I agree. And I think also, it's important to be honest and open about where you started because it's easy, if you're a really confident woman walking into the room, for people to think you've always been that way. I think it's important to tell the stories about when you weren't, because that's how other people are going to connect with you and see a path forward for themselves. Definitely. I'll start by telling a story. I think it's just a million small experiences. I was a strong student in high school. I was very good at math. We had study halls where we'd sit in the auditorium and we'd all be doing homework, and students would often go to the guy in my math class who knew less than I did and ask for help. I would just sit there and listen to him poorly help the other students and mostly just brag about himself, and just be quiet and think about how angry it made me, but not really be able to speak up, or say anything. I'm very different now. Because of the exposure that I've had, I am much more quick to shut that down and to give a different perspective when someone's acting that way. MANDY: But how cool would it have been if that guy would've been like, “Don't ask me, ask Emily”? DAVE: That's a really important point because I hear women talk about this problem all the time and I don't think the solution is a 100% in the women's hands. I think that it's men in the room. My own personal experience, most of my career has been spent in government contracting space and, in that space, the percentage of women to men is much higher. It's still not great, but I think there's a better attempt at inclusion during recruiting. I think that there's a lot of just forces in that environment that are more amenable to that as a career path for women. And then when I started consultancy with my two business partners, Kim and Karen, that was an unheard-of thing that I had two women business partners and at the time we started it, I didn't think it was that big of a deal at all. But then we were suddenly in the commercial space and people thought it was some scam I was running to be a minority owned company and my partner was my wife, or I'd go into a meeting and somebody thought I brought a secretary and I was like, “No, she's an engineer and she's good, if not better than me.” It opened my eyes to the assumptions that people make about what the consulting rates even should be for men versus women and it's in that environment I learned that I had to speak up. I had to represent to be a solution to that problem. I think you can get in an argument with other guys where they aren't even convinced there's a problem to solve. They'll start talking about, “Oh, well, women just aren't as interested in this career path.” It's like, I've known plenty that are and end up leaving. EMILY: I think definitely having support from both sides has been really important because it is typically men in places of authority and to have them be encouraging and not necessarily forcing you into the spotlight, but definitely trying to raise you up and encourage you to speak out means a lot. ARTY: Yeah. I found most of the teams I've been on, I was the only woman on the team, or one of two maybe and early on, when nobody knows you, people make a lot of assumptions about things. The typical thing I've seen happen is when you've got a woman programmer is often, the bit is flipped pretty early on of that oh, she doesn't know what she's doing and stuff, we don't need to listen to what she says kind of thing and then it becomes those initial conversations and how things are framed, tend to affect a lot of how the relationships on the team are moving forward. One of the things that I learn as just an adaptive thing is I was really smart. So what I do, the first thing on the team I'd find out what the hardest problem was, that none of the guys could solve and figure it out, and then I would go after that one. My first thing on the team, I would go and tackle the hardest thing. I found that once you kick the ass of the biggest baddy on the yard, respect. [laughter] So I ended up not having problems moving forward and that the guys would be more submissive toward me, even as opposed to the other way around. But it's like you come into a culture that is dominated by certain ways of thinking in this masculine hierarchy, alpha male thing going on and if that's the dominant culture, you have to learn to play that game and stake yourself in that game. Generally speaking, in this engineering world, intelligence is fairly respected. So I've at least found that that's been a way for me to operate and be able to reset that playing field anyway. MID-ROLL: This episode is supported by Compiler, an original podcast from Red Hat discussing tech topics big, small, and strange. Compiler unravels industry topics, trends, and the things you've always wanted to know about tech, through interviews with the people who know it best. On their show, you will hear a chorus of perspectives from the diverse communities behind the code. Compiler brings together a curious team of Red Hatters to tackle big questions in tech like, what is technical debt? What are tech hiring managers actually looking for? And do you have to know how to code to get started in open source? I checked out the “Should Managers Code?” episode of Compiler, and I thought it was interesting how the hosts spoke with Red Hatters who are vocal about what role, if any, that managers should have in code bases—and why they often fight to keep their hands on keys for as long as they can. Listen to Compiler on Apple Podcasts, or anywhere you listen to podcasts. We'll also include a link in the show notes. Our thanks to Compiler for their support. ARTY: Well, speaking of games, Arty, one of the things that Emily mentions in her bio is playing Dungeons and Dragons and this is an area where as well as I know Emily from her high school years, this is not something I know much about Emily at all. So I'd like to talk about that. Play, or DM, Emily? EMILY: Both. But I really enjoy DMing because it's all about creating problems to solve, in my opinion, like you throw out a bunch of story threads. The way I approach things is I try actually, unlike a lot of DMs, I do not do a lot of world building for places my players haven't been. I pretty much, there are bright light at the center of the world and anything the light doesn't touch doesn't exist. I haven't written it and I don't really look at it that often. So I'm constantly throwing out story threads to try and see what they latch onto and I'll dive into their character backstory to see what they are more predisposed to be interested in. It's like writing a weekly web comic. You don't have necessarily a set beginning and end and you don't really know where you're going to end up in between, but you end up with all these cool threads and you can tie them together in new and interesting ways. Just seeing the connections between those and being able to change what you want something to be on the fly is really cool and just very stimulating mentally for me. So it's like a puzzle exercise the whole time and it is also an interesting social exercise because you're trying to balance the needs of each person. I feel like D&D allows you to know people on a really deep level, because a lot of times, our characters are just – that we're playing. I guess, I didn't really explain what D&D is; I just made an assumption that people would know. It's a tabletop role playing game where you make a character. You're usually heroic and you're going about on this adventure trying to help people solve problems and these characters tend to be just naturally an extension of ourselves. So you get to see all the things that subconsciously the person doesn't real about themselves, but that show up in their character. I think that's really cool. DAVE: So do you have a weekly game, or how often do you play? EMILY: I try to run a weekly game. College often gets in the way. [laughs] DAVE: How many players? EMILY: It ranges from 3 to 4, sometimes 5. It's really cool because it's also, most of them are people that I met during the pandemic. So we've played predominantly online and this is the way we've gotten to know each other. We've become really close in the year, or so since we started playing together through the game that I DM and through the game that one other person in the group DMs and it's cool. It's definitely a way to kind of transcend the boundaries of Zoom and of video calls in general. DAVE: Hmm. ARTY: How did you end up getting into that? EMILY: It was just a friend group in high school. Someone said, “Hey, I would like to run a Dungeon and Dragons game. Do you want to play?” And I said, “Oh, what's that?” I've always loved books and reading so it was kind of a natural progression to go from reading a story to making a story collaboratively with other people. So that just immediately, I had a connection with it and I loved the game and that's been a huge part of my hobbies and my outside of tech life ever since. DAVE: Yeah. I played D&D as a kid in the late 70s, early 80s, but my mom took all my stuff away from me when that Tom Hanks movie came out that started the whole Satan panic thing. So I didn't play for a long time until my own kids were interested after getting hooked on Magic. Seeing my own kids interested in D&D, the story building, the writing, the math that they had to do, like I don't know why any parent wouldn't encourage their kids to play this game. It's just phenomenal. The collaborative, creative, sharing, math; it's got everything. EMILY: Yeah. I'm an introverted person so it takes a lot to make me feel motivated to be in a group with other people consistently, but D&D does that and it does it in a way that's not, I guess, prohibitive to people who are naturally shy. Because you're pretending to be someone else and you're not necessarily having to totally be yourself and you're able to explore the world through a lens that you find comfortable. DAVE: That's really cool. EMILY: I guess, also, it kind of goes back to our conversation about teaching. Being a DM, a lot of my players are people who have not played before, or very, very new. Like, maybe they've read a lot about it, maybe they've watched them [43:18] shows, but they maybe haven't necessarily played. D&D does require a lot of math and there's a lot of optimization, like you can get very into the weeds with your character sheet trying to make the most efficient battle machine, whatever and that's not really always approachable. Especially when I started introducing my younger siblings to D&D, I used versions, D&D like games that were similar, but not quite D&D. Like less math, a very similar amplified character sheets so you're looking at fewer numbers, or fewer calculations involved just to kind of get the essence, because there's a few core concepts in D&D. You have six statistics about your character that they change a little bit between different types of role-playing games, but they're pretty universal, I think for the most part. It's constitution, strength, dexterity, wisdom, intelligence, and charisma. Once you kind of nail those concepts down and once a person understands what those skills are supposed to mean, that really opens the gates to understanding a lot more about the core mechanics of D&D outside of the spell casting stuff and all the other math that's involved. I think just simplifying the game down to that makes them fall in love with the narrative and collaborative aspect of the game, and then be more motivated to figure out the math, if they weren't already predisposed to that. DAVE: So if somebody were interested in picking up a game trying to figure it out, where would they start? EMILY: It really to depends on the age group. If you're going to play with high school students, I would definitely say if none of you have played before, then pick up a player's handbook, maybe a dungeon master's guide if you're going to DM, you've never DM before because it gives a lot of tips for just dealing with the problems that arise in a collaborative storytelling game. And then probably just a prewritten module so you don't have to worry about building your own story, because these modules are stories that are written by professional game developers and you can take pieces of them and iterate it on yourself so you don't have to start with nothing. But if you are going for a much younger audience, I can't remember off the top of my head what it was, but it's essentially an animal adventure game. It's very much D&D without using the word D&D because I think it's a different company, it's copyrighted, and whatnot. But you have these little cute dog characters and they're trying to defeat an evil animal overlord who wants to ruin the town festival. It's very family friendly, like there's no death like there is in regular D&D and it's just a chance to engage with the character creation aspect of it. MANDY: That's really cool. So we're about heading towards our time, but I really appreciate you coming on the show, Emily and I wanted to just ask you, if you could give any advice to young girls looking to get into tech, or software engineering, what advice would you give them? EMILY: I think don't be afraid to walk off the path. A lot of my life has been kind of bucking the prewritten path that a lot of people are told is the best one because it didn't work for me, or whatever reason, and I think it's important just to not be afraid of that and to be courageous in making your own path. MANDY: That's great advice. So should we head into reflections, everyone? Who wants to start us off? DAVE: I'll start with one. I mentioned that when asked Emily about her path into college, that I was interested in a similar path for my own kids. I had a really strange college path that I started out a music major, ended up a computer science major, and had a non-traditional path. I've always believed that college is what you make of it, not where you went. Where you went might help you get your first job, but from then on, it's networking, it's personality, it's how well you did the job. Talking to Emily about her path, just reinforces that to me and helps me plot a path for what I might have my own children do. I have triplet boys that are in 9th grade. So we're starting to think about that path and not only would a path through Virginia Community College save us a fortune, [laughs] it would also be a guaranteed admission into Virginia Tech, or one of the Virginia schools so it's definitely something worth to consider. So I appreciate that knowledge, Emily. ARTY: I've been thinking a lot about how we can better teach people that don't have a lot of experience yet. We've got so much stuff going on in this field of software engineering and it's really easy to not realize how far that this plateau of knowledge that we live in and work with every day to do our jobs, and how important it is to bring up new folks that are trying to learn. One of the things you said, Emily was about teaching is being able to find those shared things where we've got a common understanding about something—you used metaphor of male delivery to talk about IP addresses, for example. But to be thinking in those ways of how do we find something shared and be able to get more involved with mentoring, reaching back, and helping support people to learn because software is super cool. It really is! We can build amazing, amazing things. It'd be awesome if more of us were able to get involved and have that experience and having good mentors, having good role models, all of those things make a big difference. MANDY: I just love the conversation that we had about men and women in technology and for me, I love to reiterate the fact that empowered women empower women and I even want to take that a step further by saying especially right now in our field, empowered men also empower women. So I think that that's something that really needs to be said and heard and not perceived as like Dave said oh, he felt like the creepy guy encouraging girls, or women to get involved in tech. I think it's cool. Dave has personally, he's mentored me. He's gotten me more interested. I used to do assistant work and now I'm learning programming and it's because I've been encouraged to do so by a lot of different men in the industry that I've been lucky to know. DAVE: Well, thank you, Mandy. You certainly have a who's who of mentors. MANDY: I am very, very lucky to know the people I know. DAVE: I'm quite honored to even be named on that list of people you know. [laughter] EMILY: I think the thought I keep coming back to is one that I've mentioned, but didn't really crystallize in my head until this morning when I was preparing for this recording is, I listened to David's interview and I thought about like, “Oh wow, he did really well on the podcast, all these things that I wish I did.” It really crystallized the idea that your mentor should be different from you and should have skills you don't, and you should seek them out for that reason. Mentors tend to be the people that I run into and I haven't really thought about it that way before, but that gives me a different perspective to go out and intentionally seek out those people. That definitely gives some food for thought for me. [laughs] MANDY: I love intentionally seeking out people who are different from myself in general, just to learn and get perspectives that I might have never even thought of before. But with that, I guess we will wrap up. Emily, it's been so nice having you on the show. Congratulations and best of luck on your exams. I know being – [overtalk] DAVE: I can't believe you took the time to do this with your exams coming up. MANDY: I know! EMILY: I'm procrastinating as hard as I can. [laughter] MANDY: But it's been so nice to have you on the show. Dave, thank you for coming and being a guest panelist and Arty, it's always wonderful to host with you. So I just wish everybody a happy new year and we'll see you next week! Special Guests: Dave Bock and Emily Haggard.

It's a casual community hangout, and we spin the Wheel of Topics. From what Linux does worst, our thoughts on EndlessOS, Ubuntu Web Remix, QubesOS, Brent's adventures with JellyFin, and why Linux will ultimately dominate all operating systems in 20 years.

In this clip from Episode 89 of The Chris and Andre Show, resident tech-expert Andre does his best to give a five minute overview of what Docker is and why it became so popular, as well as why he's always struggled to get behind the technology until recently. Don't miss the rest of the conversation in Episode 89 - You're Not Really An Entrepreneur: https://soundcloud.com/the-chris-and-andre-show/episode-89-youre-not-really-an-entrepreneur Be sure to visit our YouTube page to watch all episodes and clips: https://www.youtube.com/channel/UCY8ClCFudijU4JVLLa2Psrg/ And don't forget to visit our website for the latest episodes, blog posts, and more: https://chrisandandreshow.com/

Here's a little bonus episode before we get back to your regularly scheduled Go Time. We're calling it the funny bits. It's a compilation of times we cracked up making the show for y'all. If you dig it, holler at Jerod. If you don't, email Mat Ryer.

Here's a little bonus episode before we get back to your regularly scheduled Go Time. We're calling it the funny bits. It's a compilation of times we cracked up making the show for y'all. If you dig it, holler at Jerod. If you don't, email Mat Ryer.

Nicolas De Loof rejoint Emmanuel et Antonio pour discuter de Docker Compose. Enregistré le 17 décembre 2021 Téléchargement de l'épisode LesCastCodeurs-Episode–270.mp3 Interview Ta vie ton oeuvre Nicolas De Loof Introduction à la techno Docker en 1 minute Docker compose d'où vient l'idée et le besoin La techno en concepts Un container c'est quoi ? Ça tourne comment ? Du coup, on veut en faire tourner plusieurs Comment on les “lie”? Network autre chose? Mais c'est pas le job de Kubernetes? deploy scaling rollback La spécification Discussion sur les notions: service build label network sécurité (cap_add) docker-compose vs docker compose Comment on l'utilise en pratique pour un dev Comment je définie mon multi container Lien vers des dockerfiles? Echange d'infos (e.g. DB connection ou mot de passe entre DB et l'appli) Ma DB doit démarrer avant mon app Ca fait les health check? Je commite ce fichier où typoiquement ? comment je partage avec mon équipe ? Et ma CI ? Comment je mets en prod ? Je mets en prod hein, ça marche sur ma machine. v2 vs v3 Sous le capot Et donc comment ça marche docker compose? Zoom sur le network La sécurité La communauté, le futur Roadmap Docker desktop payant Nous contacter Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Faire un crowdcast ou une crowdquestion Contactez-nous via twitter https://twitter.com/lescastcodeurs sur le groupe Google https://groups.google.com/group/lescastcodeurs ou sur le site web https://lescastcodeurs.com/

Unedited live recording of this show on YouTube (Ep 114)  Topics and Links Guide to GitOps from weaveworks  GitOps origins; a blog from weaveworks: What DevOps is to the Cloud, GitOps is to Cloud Native Flux CD Argo CD Swarm Sync for Docker Swarm GitOps YouTube Live Show (Ep 113) where Bret talks about, and gives a demo of, Crossplane  YouTube Live Show (Ep 142) where Bret and Viktor Farcic cover DevOps Automation with Crossplane Control GitHub GitOps through "branch protection rules" DevOpsDays ★ Support this podcast on Patreon ★

About AnilAnil Dash is the CEO of Glitch, the friendly developer community where coders collaborate to create and share millions of web apps. He is a recognized advocate for more ethical tech through his work as an entrepreneur and writer. He serves as a board member for organizations like the Electronic Frontier Foundation, the leading nonprofit defending digital privacy and expression, Data & Society Research Institute, which researches the cutting edge of tech's impact on society, and The Markup, the nonprofit investigative newsroom that pushes for tech accountability. Dash was an advisor to the Obama White House's Office of Digital Strategy, served for a decade on the board of Stack Overflow, the world's largest community for coders, and today advises key startups and non-profits including the Lower East Side Girls Club, Medium, The Human Utility, DonorsChoose and Project Include.As a writer and artist, Dash has been a contributing editor and monthly columnist for Wired, written for publications like The Atlantic and Businessweek, co-created one of the first implementations of the blockchain technology now known as NFTs, had his works exhibited in the New Museum of Contemporary Art, and collaborated with Hamilton creator Lin-Manuel Miranda on one of the most popular Spotify playlists of 2018. Dash has also been a keynote speaker and guest in a broad range of media ranging from the Obama Foundation Summit to SXSW to Desus and Mero's late-night show.Links: Glitch: https://glitch.com Web.dev: https://web.dev Glitch Twitter: https://twitter.com/glitch Anil Dash Twitter: https://twitter.com/anildash TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: It seems like there is a new security breach every day. Are you confident that an old SSH key, or a shared admin account, isn't going to come back and bite you? If not, check out Teleport. Teleport is the easiest, most secure way to access all of your infrastructure. The open source Teleport Access Plane consolidates everything you need for secure access to your Linux and Windows servers—and I assure you there is no third option there. Kubernetes clusters, databases, and internal applications like AWS Management Console, Yankins, GitLab, Grafana, Jupyter Notebooks, and more. Teleport's unique approach is not only more secure, it also improves developer productivity. To learn more visit: goteleport.com. And not, that is not me telling you to go away, it is: goteleport.com.Corey: It seems like there is a new security breach every day. Are you confident that an old SSH key, or a shared admin account, isn't going to come back and bite you? If not, check out Teleport. Teleport is the easiest, most secure way to access all of your infrastructure. The open source Teleport Access Plane consolidates everything you need for secure access to your Linux and Windows servers—and I assure you there is no third option there. Kubernetes clusters, databases, and internal applications like AWS Management Console, Yankins, GitLab, Grafana, Jupyter Notebooks, and more. Teleport's unique approach is not only more secure, it also improves developer productivity. To learn more visit: goteleport.com. And not, that is not me telling you to go away, it is: goteleport.com.Corey: This episode is sponsored in part by our friends at Redis, the company behind the incredibly popular open source database that is not the bind DNS server. If you're tired of managing open source Redis on your own, or you're using one of the vanilla cloud caching services, these folks have you covered with the go to manage Redis service for global caching and primary database capabilities; Redis Enterprise. To learn more and deploy not only a cache but a single operational data platform for one Redis experience, visit redis.com/hero. Thats r-e-d-i-s.com/hero. And my thanks to my friends at Redis for sponsoring my ridiculous non-sense.  Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Today's guest is a little bit off the beaten path from the cloud infrastructure types I generally drag, kicking and screaming, onto the show. If we take a look at the ecosystem and where it's going, it's clear that in the future, not everyone who wants to build a business, or a tool, or even an application is going to necessarily spring fully-formed into the world from the forehead of some God, knowing how to code. And oh, “I'm going to go to a boot camp for four months to learn how to do it first,” is increasingly untenable. I don't know if you would call it low-code or not. But that's how it feels. My guest today is Anil Dash, CEO of Glitch. Anil, thank you for joining me.Anil: Thanks so much for having me.Corey: So, let's get the important stuff out of the way first, since I have a long-standing history of mispronouncing the company Twitch as ‘Twetch,' I should probably do the same thing here. So, what is Gletch? And what does it do?Anil: Glitch is, at its simplest, a tool that lets you build a full-stack app in your web browser in about 30 seconds. And, you know, for your community, your audience, it's also this ability to create and deploy code instantly on a full-stack server with no concern for deploy, or DevOps, or provisioning a container, or any of those sort of concerns. And what it is for the users is, honestly, a community. They're like, “I looked at this app that was on Glitch; I thought it was cool; I could do what we call [remixing 00:02:03].” Which is to kind of fork that app, a running app, make a couple edits, and all of a sudden live at a real URL on the web, my app is running with exactly what I built. And that's something that has been—I think, just captured a lot of people's imagination to now where they've built over 12 or 15 million apps on the platform.Corey: You describe it somewhat differently than I would, and given that I tend to assume that people who create and run successful businesses don't generally tend to do it without thought, I'm not quite, I guess, insufferable enough to figure out, “Oh, well, I thought about this for ten seconds, therefore I've solved a business problem that you have been needling at for years.” But when I look at Glitch, I would describe it as something different than the way that you describe it. I would call it a web-based IDE for low-code applications and whatnot, and you never talk about it that way. Everything I can see there describes it talks about friendly creators, and community tied to it. Why is that?Anil: You're not wrong from the conventional technologist's point of view. I—sufficient vintage; I was coding in Visual Basic back in the '90s and if you squint, you can see that influence on Glitch today. And so I don't reject that description, but part of it is about the audience we're speaking to, which is sort of a next generation of creators. And I think importantly, that's not just age, right, but that could be demographic, that can be just sort of culturally, wherever you're at. And what we look at is who's making the most interesting stuff on the internet and in the industry, and they tend to be grounded in broader culture, whether they're on, you know, Instagram, or TikTok, or, you know, whatever kind of influencer, you want to point at—YouTube.And those folks, they think of themselves as creators first and they think of themselves as participating in the community first and then the tool sort of follow. And I think one of the things that's really striking is, if you look at—we'll take YouTube as an example because everyone's pretty familiar with it—they have a YouTube Creator Studio. And it is a very rich and deep tool. It does more than, you know, you would have had iMovie, or Final Cut Pro doing, you know, 10 or 15 years ago, incredibly advanced stuff. And those [unintelligible 00:04:07] use it every day, but nobody goes to YouTube and says, “This is a cloud-based nonlinear editor for video production, and we target cinematographers.” And if they did, they would actually narrow their audience and they would limit what their impact is on the world.And so similarly, I think we look at that for Glitch where the social object, the central thing that people organize around a Glitch is an app, not code. And that's this really kind of deep and profound idea, which is that everybody can understand an app. Everybody has an idea for an app. You know, even the person who's, “Ah, I'm not technical,” or, “I'm not really into technology,” they're like, “But you know what? If I could make an app, I would make this.”And so we think a lot about that creative impulse. And the funny thing is, that is a common thread between somebody that literally just got on the internet for the first time and somebody who has been doing cloud deploys for as long as there's been a cloud to deploy to, or somebody has been coding for decades. No matter who you are, you have that place that is starting from what's the experience I want to build, the app I want to build? And so I think that's where there's that framing. But it's also been really useful, in that if you're trying to make a better IDE in the cloud and a better text editor, and there are multiple trillion-dollar companies that [laugh] are creating products in that category, I don't think you're going to win. On the other hand, if you say, “This is more fun, and cooler, and has a better design, and feels better,” I think we could absolutely win in a walk away compared to trillion-dollar companies trying to be cool.Corey: I think that this is an area that has a few players in it could definitely stand to benefit by having more there. My big fear is not that AWS is going to launch stuff in your space and drive you out of business; I think that is a somewhat naive approach. I'm more concerned that they're going to try to launch something in your space, give it a dumb name, fail that market and appropriately, not understand who it's for and set the entire idea back five years. That is, in some cases, it seems like their modus operandi for an awful lot of new markets.Anil: Yeah, I mean, that's not an uncommon problem in any category that's sort of community driven. So, you know, back in the day, I worked on building blogging tools at the beginning of this, sort of, social media era, and we worried about that a lot. We had built some of the first early tools, Movable Type, and TypePad, and these were what were used to launch, like, Gawker and Huffington Post and all the, sort of, big early sites. And we had been doing it a couple years—and then at that time, major player—AOL came in, and they launched their own AOL blog service, and we were, you know, quaking in our boots. I remember just being kind of like, pit in your stomach, “Oh, my gosh. This is going to devastate the category.”And as it turns out, people were smart, and they have taste, and they can tell. And the domain that we're in is not one that is about raw computing power or raw resources that you can bring to bear so much as it is about can you get people to connect together, collaborate together, and feel like they're in a place where they want to make something and they want to share it with other people? And I mean, we've never done a single bit of advertising for Glitch. There's never been any paid acquisition. There's never done any of those things. And we go up against, broadly in the space, people that have billboards and they buy out all the ads of the airport and, you know, all the other kind of things we see—Corey: And they do the typical enterprise thing where they spend untold millions in acquiring the real estate to advertise on, and then about 50 cents on the message, from the looks of it. It's, wow, you go to all this trouble and expense to get something in front of me, and after all of that to get my attention, you don't have anything interesting to say?Anil: Right.Corey: [crosstalk 00:07:40] inverse of that.Anil: [crosstalk 00:07:41] it doesn't work.Corey: Yeah. Oh, yeah. It's brand awareness. I love that game. Ugh.Anil: I was a CIO, and not once in my life did I ever make a purchasing decision based on who was sponsoring a golf tournament. It never happened, right? Like, I never made a call on a database platform because of a poster that was up at, you know, San Jose Airport. And so I think that's this thing that developers in particular, have really good BS filters, and you can sort of see through.Corey: What I have heard about the airport advertising space—and I but a humble cloud economist; I don't know if this is necessarily accurate or not—but if you have a company like Accenture, for example, that advertises on airport billboards, they don't even bother to list their website. If you go to their website, it turns out that there's no shopping cart function. I cannot add ‘one consulting' to my cart and make a purchase.Anil: “Ten pounds of consult, please.”Corey: Right? I feel like the primary purpose there might very well be that when someone presents to your board and says, “All right, we've had this conversation with Accenture.” The response is not, “Who?” It's a brand awareness play, on some level. That said, you say you don't do a bunch traditional advertising, but honestly, I feel like you advertise—more successfully—than I do at The Duckbill Group, just by virtue of having a personality running the company, in your case.Now, your platform is for the moment, slightly larger than mine, but that's okay,k I have ambition and a tenuous grasp of reality and I'm absolutely going to get there one of these days. But there is something to be said for someone who has a track record of doing interesting things and saying interesting things, pulling a, “This is what I do and this is how I do it.” It almost becomes a personality-led marketing effort to some degree, doesn't it?Anil: I'm a little mindful of that, right, where I think—so a little bit of context and history: Glitch as a company is actually 20 years old. The product is only a few years old, but we were formerly called Fog Creek Software, co-founded by Joel Spolsky who a lot of folks will know from back in the day as Joel on Software blog, was extremely influential. And that company, under leadership of Joel and his co-founder Michael Pryor spun out Stack Overflow, they spun out Trello. He had created, you know, countless products over the years so, like, their technical and business acumen is off the charts.And you know, I was on the board of Stack Overflow from, really, those first days and until just recently when they sold, and you know, you get this insight into not just how do you build a developer community that is incredibly valuable, but also has a place in the ecosystem that is unique and persists over time. And I think that's something that was very, very instructive. And so when it came in to lead Glitch I, we had already been a company with a, sort of, visible founder. Joel was as well known as a programmer as it got in the world?Corey: Oh, yes.Anil: And my public visibility is different, right? I, you know, I was a working coder for many years, but I don't think that's what people see me on social media has. And so I think, I've been very mindful where, like, I'm thrilled to use the platform I have to amplify what was created on a Glitch. But what I note is it's always, “This person made this thing. This person made this app and it had this impact, and it got these results, or made this difference for them.”And that's such a different thing than—I don't ever talk about, “We added syntax highlighting in the IDE and the editor in the browser.” It's just never it right. And I think there are people that—I love that work. I mean, I love having that conversation with our team, but I think that's sort of the difference is my enthusiasm is, like, people are making stuff and it's cool. And that sort of is my lens on the whole world.You know, somebody makes whatever a great song, a great film, like, these are all things that are exciting. And the Glitch community's creations sort of feel that way. And also, we have other visible people on the team. I think of our sort of Head of Community, Jenn Schiffer, who's a very well known developer and her right. And you know, tons of people have read her writing and seen her talks over the years.And she and I talk about this stuff; I think she sort of feels the same way, which is, she's like, “If I were, you know, being hired by some cloud platform to show the latest primitives that they've deployed behind an API,” she's like, “I'd be miserable. Like, I don't want to do that in the world.” And I sort of feel the same way. But if you say, “This person who never imagined they would make an app that would have this kind of impact.” And they're going to, I think of just, like, the last couple of weeks, some of the apps we've seen where people are—it could be [unintelligible 00:11:53]. It could be like, “We made a Slack bot that finally gets this reporting into the right channel [laugh] inside our company, but it was easy enough that I could do it myself without asking somebody to create it even though I'm not technically an engineer.” Like, that's incredible.The other extreme, we have people that are PhDs working on machine learning that are like, “At the end of the day, I don't want to be responsible for managing and deploying. [laugh]. I go home, and so the fact that I can do this in create is really great.” I think that energy, I mean, I feel the same way. I still build stuff all the time, and I think that's something where, like, you can't fake that and also, it's bigger than any one person or one public persona or social media profile, or whatever. I think there's this bigger idea. And I mean, to that point, there are millions of developers on Glitch and they've created well over ten million apps. I am not a humble person, but very clearly, that's not me, you know? [laugh].Corey: I have the same challenge to it's, effectively, I have now a 12 employee company and about that again contractors for various specialized functions, and the common perception, I think, is that mostly I do all the stuff that we talk about in public, and the other 11 folks sort of sit around and clap as I do it. Yeah, that is only four of those people's jobs as it turns out. There are more people doing work here. It's challenging, on some level, to get away from the myth of the founder who is the person who has the grand vision and does all the work and sees all these things.Anil: This industry loves the myth of the great man, or the solo legend, or the person in their bedroom is a genius, the lone genius, and it's a lie. It's a lie every time. And I think one of the things that we can do, especially in the work at Glitch, but I think just in my work overall with my whole career is to dismantle that myth. I think that would be incredibly valuable. It just would do a service for everybody.But I mean, that's why Glitch is the way it is. It's a collaboration platform. Our reference points are, you know, we look at Visual Studio and what have you, but we also look at Google Docs. Why is it that people love to just send a link to somebody and say, “Let's edit this thing together and knock out a, you know, a memo together or whatever.” I think that idea we're going to collaborate together, you know, we saw that—like, I think of Figma, which is a tool that I love. You know, I knew Dylan when he was a teenager and watching him build that company has been so inspiring, not least because design was always supposed to be collaborative.And then you think about we're all collaborating together in design every day. We're all collaborating together and writing in Google Docs—or whatever we use—every day. And then coding is still this kind of single-player game. Maybe at best, you throw something over the wall with a pull request, but for the most part, it doesn't feel like you're in there with somebody. Certainly doesn't feel like you're creating together in the same way that when you're jamming on these other creative tools does. And so I think that's what's been liberating for a lot of people is to feel like it's nice to have company when you're making something.Corey: Periodically, I'll talk to people in the AWS ecosystem who for some reason appear to believe that Jeff Barr builds a lot of these services himself then writes blog posts about them. And it's, Amazon does not break out how many of its 1.2 million or so employees work at AWS, but I'm guessing it's more than five people. So yeah, Jeff probably only wrote a dozen of those services himself; the rest are—Anil: That's right. Yeah.Corey: —done by service teams and the rest. It's easy to condense this stuff and I'm as guilty of it as anyone. To my mind, a big company is one that has 200 people in it. That is not apparently something the world agrees with.Anil: Yeah, it's impossible to fathom an organization of hundreds of thousands or a million-plus people, right? Like, our brains just aren't wired to do it. And I think so we reduce things to any given Jeff, whether that's Barr or Bezos, whoever you want to point to.Corey: At one point, I think they had something like more men named Jeff on their board than they did women, which—Anil: Yeah. Mm-hm.Corey: —all right, cool. They've fixed that and now they have a Dave problem.Anil: Yeah [unintelligible 00:15:37] say that my entire career has been trying to weave out of that dynamic, whether it was a Dave, a Mike, or a Jeff. But I think that broader sort of challenge is this—that is related to the idea of there being this lone genius. And I think if we can sort of say, well, creation always happens in community. It always happens influenced by other things. It is always—I mean, this is why we talk about it in Glitch.When you make an app, you don't start from a blank slate, you start from a working app that's already on the platform and you're remix it. And there was a little bit of a ego resistance by some devs years ago when they first encountered that because [unintelligible 00:16:14] like, “No, no, no, I need a blank page, you know, because I have this brilliant idea that nobody's ever thought of before.” And I'm like, “You know, the odds are you'll probably start from something pretty close to something that's built before.” And that enabler of, “There's nothing new under the sun, and you're probably remixing somebody else's thoughts,” I think that sort of changed the tenor of the community. And I think that's something where like, I just see that across the industry.When people are open, collaborative, like even today, a great example is web browsers. The folks making web browsers at Google, Apple, Mozilla are pretty collaborative. They actually do share ideas together. I mean, I get a window into that because they actually all use Glitch to do test cases on different bugs and stuff for them, but you see, one Glitch project will add in folks from Mozilla and folks from Apple and folks from the Chrome team and Google, and they're like working together and you're, like—you kind of let down the pretense of there being this secret genius that's only in this one organization, this one group of people, and you're able to make something great, and the web is greater than all of them. And the proof, you know, for us is that Glitch is not a new idea. Heroku wanted to do what we're doing, you know, a dozen years ago.Corey: Yeah, everyone wants to build Heroku except the company that acquired Heroku, and here we are. And now it's—I was waiting for the next step and it just seemed like it never happened.Anil: But you know when I talked to those folks, they were like, “Well, we didn't have Docker, and we didn't have containerization, and on the client side, we didn't have modern browsers that could do this kind of editing experience, all this kind of thing.” So, they let their editor go by the wayside and became mostly deploy platform. And—but people forget, for the first year or two Heroku had an in-browser editor, and an IDE and, you know, was constrained by the tech at the time. And I think that's something where I'm like, we look at that history, we look at, also, like I said, these browser manufacturers working together were able to get us to a point where we can make something better.Corey: This episode is sponsored by our friends at Oracle HeatWave is a new high-performance accelerator for the Oracle MySQL Database Service. Although I insist on calling it “my squirrel.” While MySQL has long been the worlds most popular open source database, shifting from transacting to analytics required way too much overhead and, ya know, work. With HeatWave you can run your OLTP and OLAP, don't ask me to ever say those acronyms again, workloads directly from your MySQL database and eliminate the time consuming data movement and integration work, while also performing 1100X faster than Amazon Aurora, and 2.5X faster than Amazon Redshift, at a third of the cost. My thanks again to Oracle Cloud for sponsoring this ridiculous nonsense.Corey: I do have a question for you about the nuts and bolts behind the scenes of Glitch and how it works. If I want to remix something on Glitch, I click the button, a couple seconds later it's there and ready for me to start kicking the tires on, which tells me a few things. One, it is certainly not using CloudFormation to provision it because I didn't have time to go and grab a quick snack and take a six hour nap. So, it apparently is running on computers somewhere. I have it on good authority that this is not just run by people who are very fast at assembling packets by hand. What does the infrastructure look like?Anil: It's on AWS. Our first year-plus of prototyping while we were sort of in beta and early stages of Glitch was getting that time to remix to be acceptable. We still wish it were faster; I mean, that's always the way but, you know, when we started, it was like, yeah, you did sit there for a minute and watch your cursor spin. I mean, what's happening behind the scenes, we're provisioning a new container, standing up a full stack, bringing over the code from the Git repo on the previous project, like, we're doing a lot of work, lift behind the scenes, and we went through every possible permutation of what could make that experience be good enough. So, when we start talking about prototyping, we're at five-plus, almost six years ago when we started building the early versions of what became Glitch, and at that time, we were fairly far along in maturity with Docker, but there was not a clear answer about the use case that we're building for.So, we experimented with Docker Swarm. We went pretty far down that road; we spent a good bit of time there, it failed in ways that were both painful and slow to fix. So, that was great. I don't recommend that. In fairness, we have a very unusual use case, right? So, Glitch now, if you talk about ten million containers on Glitch, no two of those apps are the same and nobody builds an orchestration infrastructure assuming that every single machine is a unique snowflake.Corey: Yeah, massively multi-tenant is not really a thing that people know.Anil: No. And also from a security posture Glitch—if you look at it as a security expert—it is a platform allowing anonymous users to execute arbitrary code at scale. That's what we do. That's our job. And so [laugh], you know, so your threat model is very different. It's very different.I mean, literally, like, you can go to Glitch and build an app, running a full-stack app, without even logging in. And the reason we enable that is because we see kids in classrooms, they're learning to code for the first time, they want to be able to remix a project and they don't even have an email address. And so that was about enabling something different, right? And then, similarly, you know, we explored Kubernetes—because of course you do; it's the default choice here—and some of the optimizations, again, if you go back several years ago, being able to suspend a project and then quickly sort of rehydrate it off disk into a running app was not a common use case, and so it was not optimized. And so we couldn't offer that experience because what we do with Glitch is, if you haven't used an app in five minutes, and you're not a paid member, who put that app to sleep. And that's just a reasonable—Corey: Uh, “Put the app to sleep,” as in toddler, or, “Put the app to sleep,” as an ill puppy.Anil: [laugh]. Hopefully, the former, but when we were at our worst and scaling the ladder. But that is that thing; it's like we had that moment that everybody does, which is that, “Oh, no. This worked.” That was a really scary moment where we started seeing app creation ramping up, and number of edits that people were making in those apps, you know, ramping up, which meant deploys for us ramping up because we automatically deploy as you edit on Glitch. And so, you know, we had that moment where just—well, as a startup, you always hope things go up into the right, and then they do and then you're not sleeping for a long time. And we've been able to get it back under control.Corey: Like, “Oh, no, I'm not succeeding.” Followed immediately by, “Oh, no, I'm succeeding.” And it's a good problem to have.Anil: Exactly. Right, right, right. The only thing worse than failing is succeeding sometimes, in terms of stress levels. And organizationally, you go through so much; technically, you go through so much. You know, we were very fortunate to have such thoughtful technical staff to navigate these things.But it was not obvious, and it was not a sort of this is what you do off the shelf. And our architecture was very different because people had looked at—like, I look at one of our inspirations was CodePen, which is a great platform and the community love them. And their front end developers are, you know, always showing off, “Here's this cool CSS thing I figured out, and it's there.” But for the most part, they're publishing static content, so architecturally, they look almost more like a content management system than an app-running platform. And so we couldn't learn anything from them about our scaling our architecture.We could learn from them on community, and they've been an inspiration there, but I think that's been very, very different. And then, conversely, if we looked at the Herokus of the world, or all those sort of easy deploy, I think Amazon has half a dozen different, like, “This will be easier,” kind of deploy tools. And we looked at those, and they were code-centric not app-centric. And that led to fundamentally different assumptions in user experience and optimization.And so, you know, we had to chart our own path and I think it was really only the last year or so that we were able to sort of turn the corner and have high degree of confidence about, we know what people build on Glitch and we know how to support and scale it. And that unlocked this, sort of, wave of creativity where there are things that people want to create on the internet but it had become too hard to do so. And the canonical example I think I was—those of us are old enough to remember FTPing up a website—Corey: Oh, yes.Anil: —right—to Geocities, or whatever your shared web host was, we remember how easy that was and how much creativity was enabled by that.Corey: Yes, “How easy it was,” quote-unquote, for those of us who spent years trying to figure out passive versus active versus ‘what is going on?' As far as FTP transfers. And it turns out that we found ways to solve for that, mostly, but it became something a bit different and a bit weird. But here we are.Anil: Yeah, there was definitely an adjustment period, but at some point, if you'd made an HTML page in notepad on your computer, and you could, you know, hurl it at a server somewhere, it would kind of run. And when you realize, you look at the coding boot camps, or even just to, like, teach kids to code efforts, and they're like, “Day three. Now, you've gotten VS Code and GitHub configured. We can start to make something.” And you're like, “The whole magic of this thing getting it to light up. You put it in your web browser, you're like, ‘That's me. I made this.'” you know, north star for us was almost, like, you go from zero to hello world in a minute. That's huge.Corey: I started participating one of those boot camps a while back to help. Like, the first thing I changed about the curriculum was, “Yeah, we're not spending time teaching people how to use VI in, at that point, the 2010s.” It was, that was a fun bit of hazing for those of us who were becoming Unix admins and knew that wherever we'd go, we'd find VI on a server, but here in the real world, there are better options for that.Anil: This is rank cruelty.Corey: Yeah, I mean, I still use it because 20 years of muscle memory doesn't go away overnight, but I don't inflict that on others.Anil: Yeah. Well, we saw the contrast. Like, we worked with, there's a group called Mouse here in New York City that creates the computer science curriculum for the public schools in the City of New York. And there's a million kids in public school in New York City, right, and they all go through at least some of this CS education. [unintelligible 00:24:49] saw a lot of work, a lot of folks in the tech community here did. It was fantastic.And yet they were still doing this sort of very conceptual, theoretical. Here's how a professional developer would set up their environment. Quote-unquote, “Professional.” And I'm like, you know what really sparks kids' interests? If you tell them, “You can make a page and it'll be live and you can send it to your friend. And you can do it right now.”And once you've sparked that creative impulse, you can't stop them from doing the rest. And I think what was wild was kids followed down that path. Some of the more advanced kids got to high school and realized they want to experiment with, like, AI and ML, right? And they started playing with TensorFlow. And, you know, there's collaboration features in Glitch where you can do real-time editing and a code with this. And they went in the forum and they were asking questions, that kind of stuff. And the people answering their questions were the TensorFlow team at Google. [laugh]. Right?Corey: I remember those days back when everything seemed smaller and more compact, [unintelligible 00:25:42] but almost felt like a balkanization of community—Anil: Yeah.Corey: —where now it's oh, have you joined that Slack team, and I'm looking at this and my machine is screaming for more RAM. It's, like, well, it has 128 gigs in it. Shouldn't that be enough? Not for Slack.Anil: Not for chat. No, no, no. Chat is demanding.Corey: Oh, yeah, that and Chrome are basically trying to out-ram each other. But if you remember the days of volunteering as network staff on Freenode when you could basically gather everyone for a given project in the entire stack on the same IRC network. And that doesn't happen anymore.Anil: And there's something magic about that, right? It's like now the conversations are closed off in a Slack or Discord or what have you, but to have a sort of open forum where people can talk about this stuff, what's wild about that is, for a beginner, a teenage creator who's learning this stuff, the idea that the people who made the AI, I can talk to, they're alive still, you know what I mean? Like, yeah, they're not even that old. But [laugh]. They think of this is something that's been carved in stone for 100 years.And so it's so inspiring to them. And then conversely, talking to the TensorFlow team, they made these JavaScript examples, like, tensorflow.js was so accessible, you know? And they're like, “This is the most heartwarming thing. Like, we think about all these enterprise use cases or whatever. But like, kids wanting to make stuff, like recognize their friends' photo, and all the vision stuff they're doing around [unintelligible 00:26:54] out there,” like, “We didn't know this is why we do it until we saw this is why we do it.”And that part about connecting the creative impulse from both, like, the most experienced, advanced coders at the most august tech companies that exist, as well as the most rank beginners in public schools, who might not even have a computer at home, saying that's there—if you put those two things together, and both of those are saying, “I'm a coder; I'm able to create; I can make something on the internet, and I can share it with somebody and be inspired by it,” like, that is… that's as good as it gets.Corey: There's something magic in being able to reach out to people who built this stuff. And honestly—you shouldn't feel this way, but you do—when I was talking to the folks who wrote the things I was working on, it really inspires you to ask better questions. Like when I'm talking to Dr. Venema, the author of Postfix and I'm trying to figure out how this thing works, well, I know for a fact that I will not be smarter than he is at basically anything in that entire universe, and maybe most beyond that, as well, however, I still want to ask a question in such a way that doesn't make me sound like a colossal dumbass. So, it really inspires you—Anil: It motivates you.Corey: Oh, yeah. It inspires you to raise your question bar up a bit, of, “I am trying to do x. I expect y to happen. Instead, z is happening as opposed to what I find the documentation that”—oh, as I read the documentation, discover exactly what I messed up, and then I delete the whole email. It's amazing how many of those things you never send because when constructing a question the right way, you can help yourself.Anil: Rubber ducking against your heroes.Corey: Exactly.Anil: I mean, early in my career, I'd gone through sort of licensing mishap on a project that later became open-source, and sort of stepped it in and as you do, and unprompted, I got an advice email from Dan Bricklin, who invented the spreadsheet, he invented VisiCalc, and he had advice and he was right. And it was… it was unreal. I was like, this guy's one of my heroes. I grew up reading about his work, and not only is he, like, a living, breathing person, he's somebody that can have the kindness to reach out and say, “Yeah, you know, have you tried this? This might work.”And it's, this isn't, like, a guy who made an app. This is the guy who made the app for which the phrase killer app was invented, right? And, you know, we've since become friends and I think a lot of his inspiration and his work. And I think it's one of the things it's like, again, if you tell somebody starting out, the people who invented the fundamental tools of the digital era, are still active, still building stuff, still have advice to share, and you can connect with them, it feels like a cheat code. It feels like a superpower, right? It feels like this impossible thing.And I think about like, even for me, the early days of the web, view source, which is still buried in our browser somewhere. And you can see the code that makes the page, it felt like getting away with something. “You mean, I can just look under the hood and see how they made this page and then I can do it too?” I think we forget how radical that is—[unintelligible 00:29:48] radical open-source in general is—and you see it when, like, you talk to young creators. I think—you know, I mean, Glitch obviously is used every day by, like, people at Microsoft and Google and the New York Timesor whatever, like, you know, the most down-the-road, enterprise developers, but I think a lot about the new creators and the people who are learning, and what they tell me a lot is the, like, “Oh, so I made this app, but what do I have to do to put it on the internet?”I'm like, “It already is.” Like, as soon as you create it, that URL was live, it all works. And their, like, “But isn't there, like, an app store I have to ask? Isn't there somebody I have to get permission to publish this from? Doesn't somebody have to approve it?”And you realize they've grown up with whether it was the app stores on their phones, or the cartridges in their Nintendo or, you know, whatever it was, they had always had this constraint on technology. It wasn't something you make; it's something that is given to you, you know, handed down from on high. And I think that's the part that animates me and the whole team, the community, is this idea of, like, I geek out about our infrastructure. I love that we're doing deploys constantly, so fast, all the time, and I love that we've taken the complexity away, but the end of the day, the reason why we do it, is you can have somebody just sort of saying, I didn't realize there was a place I could just make something put it in front of, maybe, millions of people all over the world and I don't have to ask anybody permission and my idea can matter as much as the thing that's made by the trillion-dollar company.Corey: It's really neat to see, I guess, the sense of spirit and soul that arises from a smaller, more, shall we say, soulful company. No disparagement meant toward my friends at AWS and other places. It's just, there's something that you lose when you get to a certain point of scale. Like, I don't ever have to have a meeting internally and discuss things, like, “Well, does this thing that we're toying with doing violate antitrust law?” That is never been on my roadmap of things I have to even give the slightest crap about.Anil: Right, right? You know, “What does the investor relations person at a retirement fund think about the feature that we shipped?” Is not a question that we have to answer. There's this joy in also having community that sort of has come along with us, right? So, we talk a lot internally about, like, how do we make sure Glitch stays weird? And, you know, the community sort of supports that.Like, there's no reason logically that our logo should be the emoji of two fish. But that kind of stuff of just, like, it just is. We don't question it anymore. I think that we're very lucky. But also that we are part of an ecosystem. I also am very grateful where, like… yeah, that folks at Google use Glitch as part of their daily work when they're explaining a new feature in Chrome.Like, if you go to web.dev and their dev portal teaches devs how to code, all the embedded examples go to these Glitch apps that are running, showing running code is incredible. When we see the Stripe team building examples of, like, “Do you want to use this new payment API that we made? Well, we have a Glitch for you.” And literally every day, they ship one that sort of goes and says, “Well, if you just want to use this new Stripe feature, you just remix this thing and it's instantly running on Glitch.”I mean, those things are incredible. So like, I'm very grateful that the biggest companies and most influential companies in the industry have embraced it. So, I don't—yeah, I don't disparage them at all, but I think that ability to connect to the person who'd be like, “I just want to do payments. I've never heard of Stripe.”Corey: Oh yeah.Anil: And we have this every day. They come into Glitch, and they're just like, I just wanted to take credit cards. I didn't know there's a tool to do that.Corey: “I was going to build it myself,” and everyone shrieks, “No, no. Don't do that. My God.” Yeah. Use one of their competitors, fine,k but building it yourself is something a lunatic would do.Anil: Exactly. Right, right. And I think we forget that there's only so much attention people can pay, there's only so much knowledge they have.Corey: Everything we say is new to someone. That's why I always go back to assuming no one's ever heard of me, and explain the basics of what I do and how I do it, periodically. It's, no one has done all the mandatory reading. Who knew?Anil: And it's such a healthy exercise to, right, because I think we always have that kind of beginner's mindset about what Glitch is. And in fairness, I understand why. Like, there have been very experienced developers that have said, “Well, Glitch looks too colorful. It looks like a toy.” And that we made a very intentional choice at masking—like, we're doing the work under the hood.And you can drop down into a terminal and you can do—you can run whatever build script you want. You can do all that stuff on Glitch, but that's not what we put up front and I think that's this philosophy about the role of the technology versus the people in the ecosystem.Corey: I want to thank you for taking so much time out of your day to, I guess, explain what Glitch is and how you view it. If people want to learn more about it, about your opinions, et cetera. Where can they find you?Anil: Sure. glitch.com is easiest place, and hopefully that's a something you can go and a minute later, you'll have a new app that you built that you want to share. And, you know, we're pretty active on all social media, you know, Twitter especially with Glitch: @glitch. I'm on as @anildash.And one of the things I love is I get to talk to folks like you and learn from the community, and as often as not, that's where most of the inspiration comes from is just sort of being out in all the various channels, talking to people. It's wild to be 20-plus years into this and still never get tired of that.Corey: It's why I love this podcast. Every time I talk to someone, I learn something new. It's hard to remain too ignorant after you have enough people who've shared wisdom with you as long as you can retain it.Anil: That's right.Corey: Thank you so much for taking the time to speak with me.Anil: So, glad to be here.Corey: Anil Dash, CEO of Gletch—or Glitch as he insists on calling it. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment telling me how your small team at AWS is going to crush Glitch into the dirt just as soon as they find a name that's dumb enough for the service.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Dagger Co-Founder, and Docker's former VP of Engineering, Sam Alba, joins us for a retrospective on company culture and how early-stage teams should develop it as their companies evolve. As Dagger grows from a founding team of three to ten and so forth, Sam, Jason, and Eiso, share their views on building companies, leading by example, and the importance of embracing culture in a genuine way. Deep dive into the topics discussed in this episode at cutt.ly/ep13_shownotes Join the discussion and follow us on twitter @ devleadership_ Developing Leadership is a podcast presented by Athenian. We are introducing the world of engineering to metrics and data that improve processes and help teams. If you want to learn more about data-enabled engineering, go to athenian.co

Chris can't remember how to get his snow blower working, and Dave can't remember how to use Docker. We're also talking CSS Reset, nuking margin, one thing you can do to make your website better, getting rid of 3rd party Javascript, testing your product on a craptop, and defensive CSS.

Si parla di quanti Docker usiamo, delle potenzialità di Wolframalpha, di come eliminare la pubblicità su YouTube, di come creare dei quiz, di IFTTT, di come usare un Broadlink RM Mini 4 per sopperire alla mancanza di un telecomando, di come...

Unedited live recording on YouTube (Ep #150) Log4Shell info from SANS Institute on YouTube Log4Shell info from Docker blog HashiCorp IPO  Bill Gates Year in Review "Reasons for Optimism After a Difficult Year" GitHub blog "GitHub Actions: Reusable Workflows are Generally Available" Dig into your Docker images contains.dev WebAssembly in 100 seconds on YouTube Modern Finance podcast "Side Chain Scaling with Sandeep Nailwal, Co-Founder of Polygon" My First Million podcast Docker blog: "Faster Multi-Platform Builds: Dockerfile Cross-Compilation Guide" ★ Support this podcast on Patreon ★

Web Development Guide for 2022 Web assembly won't replace JavaScript. TypeScript won't replace JavaScript. GitHub actions won't replace you. Next.JS won't replace PHP. PHP won't replace Python. AWS will continue to build more stuff that you don't need but will be require you to use it for unrelated but coupled tasks. Google Cloud will keep playing catchup. Docker will continue to be the containerisation tool of choice. Podman will not replace Docker. Microsoft will sell developer focused laptops. Dell has done this but Microsoft could bundle the laptops with pre installed developer software tools. Microsoft will attempt to by a Linux laptop manufacturer. Kubernetes will continue to dominate the cloud. Web 3 will not replace web 2. Web services that offer subscriptions will introduce their own block chains and wallets. A games manufacturer will release their own wallet and coins/tokens which can be exchanged for in game purchases or game expansions. Open source could be funded by crypto. A Spotify like company that focuses solely on podcasts could pay artists/creators based on the number of listeners or listen time. This could be done via the blockchain. We will see more JavaScript frameworks with "meta" and "web 3" buzzwords their titles. More NPM hacks. More developers will try and downsize their dependancies using micro frameworks. GraphQL won't replace REST. NoSQL won't replace relational databases. Job requirements will start to require experience with the blockchain and dapps. Serverless won't replace servers but serverless technology will become more popular and it will be a sought after skill. CI/CD will become the norm. In the next Covid lockdown or the next set of restrictions, the job market will be better then it was during the first lockdown Remote working will become the default for all levels of developer. VR will improve but we won't need to put a helmet on to go to a meeting. FaceBook or Twitter will start selling promoted adverts with crypto currencies. API's will still be king. Headless CMS's will become more popular. Let me know your thoughts or get something read out on air. My web development courses ➡️ Learn How to build a JavaScript Tip Calculator ➡️ Learn JavaScript arrays ➡️ Learn PHP arrays ➡️ Learn Python ✉️ Get my weekly newsletter ⏰ My current live coding schedule (Times are BST) Thursdays 20:00 = Live Podcast YouTube Sundays 14:30 - Live coding on Twitch

Alex Ellis is the Founder of OpenFaaS, an open-source project focused on making it simple to deploy serverless functions with containers. Alex tells stories of breaking the family computer with Linux, hacking his school and the challenges he faced as a teenage programmer. We learn all about what led him to create OpenFaaS and the barriers you encounter when trying to grow an open-source project.Connect with Alex:https://www.openfaas.comhttps://www.alexellis.iohttps://twitter.com/alexellisuk/Mentioned in today's episode:Camino De Santiago: https://www.nationalgeographic.com/expeditions/destinations/europe/land/spain-walking-el-camino/Everyday Go (Book by Alex Ellis): https://openfaas.gumroad.com/l/everyday-golangServerless for Everyone Else (Book by Alex Ellis): https://openfaas.gumroad.com/l/serverless-for-everyone-elseZero to OpenFaas in 60 months (GopherCon Talk): https://www.youtube.com/watch?v=QzwBmHkP-rQWant more from Ardan Labs?You can learn Go, Kubernetes, Docker & more through our video training, live events, or through our blog!

Eric Anderson (@ericmander) and Kyle Quest (@kcqon) discuss DockerSlim, the open-source optimization and security tool for Docker container images. Kyle initially created DockerSlim as a humble hackathon project, and now supports it with his company, Slim.AI. Tune in to learn how DockerSlim is redefining DevOps with application intelligence and a backwards compatible vision of the future. In this episode we discuss: Bridging the gap between application and infrastructure Emerging from the cloud native stone age Application intelligence rather than artificial intelligence in Slim.AI DockerSlim integrated into CI/CD pipelines, embedded systems, and robots How Slim.AI aims to become ‘Google for containers' Links: DockerSlim Slim.AI Terraform Serverless Sigstore

Watch the live stream: Watch on YouTube About the show Sponsored by us: Check out the courses over at Talk Python And Brian's book too! Special guest: Kim van Wyk Michael #0: Take our survey: Should we try to shorten the episodes? Please fill out the 3 question Google Form here We'll be taking a break so see you in two weeks. Also feedback / rate us in your podcast player app Brian #1: Jupyter Games Thorsten Beier “Making their own tiny video games can be a great way for kids to learn programming in a playful matter.” For 2D physics-based games, Box2D, (written in C++), is a 2D rigid body simulation library One Python binding, pyb2d, is from Thorsten Game examples use Ipycanvas, Ipywidgets, and Ipyevents for a place to draw and input events. There are Box2D examples for physics simulations, like internal combustion and a wind tunnel. Game examples, with code, and not that much code billiards Angry Shapes (like Angry birds) World of Goo homage Rocket Color Mixing (it's oddly satisfying to play with, and it's like 73 lines of code, including blank lines and docstring) several more examples Demo games/examples in binder Being able to play with a game engine through Jupyter is kind of amazing. Cool teaching/learning tool. Michael #2: Canary Tokens First, what are canaries (from Thinkst)? These tokens might be useful for finding fallout of Log4Shell But also generally useful Kim #3: pywinauto and PyAutoGUI - libraries for programmatically controlling a GUI-based tool. These can be very handy for simplifying the use of complex GUIs with dozens of options you need to set every time you run them and also for automating GUI tooling as part of a pipeline. Brian #4: A reverse chronology of some Python features Brett Cannon Partly for people wishing for the “good old days” of some old version of Python Brett recommends going down the list and stopping at the first feature you can't live without. If you can't go very far, better not complain about language bloat. I had to stop at 3.10, since I really like the new error messages. Here's an abbreviated list of new features in different Python versions. (And I'm abbreviating it even more for the podcast) Python 3.10 Better error messages, Union operator for types, paraenthesized context managers, match statement (pattern matching) Brett notes that the match statement required a new parser for Python the new parser made better error messages possible so, you can't toss pattern matching without being willing to give up better error messages Python 3.9 dict support for | and |=, type hinting generics for built-in collections Python 3.8 f-string support for =, f``"``{val=}``", := walrus operator (assignment expressions) Python 3.7 dictionaries preserve insertion order, breakpoint() Python 3.6 f-strings, (need we say more) also underscores in numeric literals, async generators and comprehensions, preserving keyword argument order … goes back to 3.1 Michael #5: Hyperactive GCs and ORMs/ODMs Does Python do extremely too many GCs for ORMs? Hint: yes During the execution of that single query against SQLAlchemy, without adjusting Python's GC settings, we get an extreme number of GC collections (1,859 GCs for a single SQLAlchemy query of 20k records). Our fix at Talk Python has been to increase the number of surviving allocations required to force a GC from 700 to 50,000. What can be done to improve this? Maybe someday Python will have an adaptive GC where if it runs a collection and finds zero cycles it backs off and if it starts finding more cycles it ramps up or something like that. For now, test adjusting the thresholds Here are a few presentations / resources: Michael's presentation at Python Web Conf 2021 Talk Python Memory Deep Dive course allocations, gen1, gen2 = gc.get_threshold() # GC every 50K not 700 surviving container allocations. allocations = 50_000 gc.set_threshold(allocations, gen1, gen2) Kim #6: DockerSlim- A tool to reduce the size and improve the security of Docker images. I've used it a little and got some 1Gb Ubuntu-based images down to 50Mb and that was barely scratching the surface. Extras Michael: Emojis for comments Kim: python -m http.server - a small reminder to people that this is a quick way to get files off a Python-equipped system by standing up a simple web server. Mess with DNS - Julia Evans released this really impressive learning tool last week to let people explore DNS settings without breaking real sites. Magit - a slightly tongue-in-cheek addition to last week's discussion on git via both CLI and by mashing buttons in VS Code. Anyone using emacs should strongly consider magit for git - I've kept emacs open even while trying to use other editors because I find magit so indispensable. I've included these just as small items off the top of my head that may or may not be worth a mention. Joke: We use cookies candle (and I don't care about cookies extension) Little Bobby Jindi And more Log4Shell memes

Una chiacchierata "tutta serverless" con Michele Sciabarrà: da Apache OpenWhisk a Nimbella e poi Nuvolaris, la startup che non poteva non fondare.

We talk with Chase Granberry about Logflare. We learn why Chase started the company, what Logflare does, how it's built on Elixir, about their custom Elixir logger, where the data is stored, how it's queried, and more! We talk about dealing with the constant stream of log data, how Logflare is collecting and displaying metrics, and talk more about Supabase acquiring the company! Show Notes online - http://podcast.thinkingelixir.com/78 (http://podcast.thinkingelixir.com/78) Elixir Community News - https://www.twitch.tv/josevalim (https://www.twitch.tv/josevalim) – José Valim still live streaming Advent of Code solutions - https://github.com/josevalim/aoc (https://github.com/josevalim/aoc) – Source code for his solutions. - https://github.com/miladamilli/AdventofCode_2021/blob/master/day09.livemd#L103 (https://github.com/miladamilli/Advent_of_Code_2021/blob/master/day09.livemd#L103) – Others like Milada are sharing their solutions. She used VegaLite for graphing a solution. - https://twitter.com/chris_mccord/status/1468998944009166849 (https://twitter.com/chris_mccord/status/1468998944009166849) – Launch a new Elixir app on Fly.io in two commands! mix phx.new and fly launch - https://github.com/phoenixframework/phoenix/pull/4609 (https://github.com/phoenixframework/phoenix/pull/4609) – Chris McCord added phx.gen.release --docker in Phoenix 1.6.4 making it easier to deploy your Elixir app anywhere that uses Docker. - https://community.fly.io/t/introducing-dashboard-logs-page/3371 (https://community.fly.io/t/introducing-dashboard-logs-page/3371) – Fly.io LiveView dashboard added live streaming logs - https://hex.pm/blog/hex-v1.0-released-and-the-future-of-hex (https://hex.pm/blog/hex-v1.0-released-and-the-future-of-hex) – Hex v1.0 released along with a description for their roadmap and backward compatibility. - https://twitter.com/elixirmembrane/status/1468941532589867017 (https://twitter.com/elixirmembrane/status/1468941532589867017) – Membrane Framework introducing BEAMchmark - https://twitter.com/ZachSDaniel1/status/1470512859629170688 (https://twitter.com/ZachSDaniel1/status/1470512859629170688) – ElixirSense gets support for plugins - https://github.com/ash-project/ash (https://github.com/ash-project/ash) – ElixirSense feature driven by Zach Daniel of the Ash Framework - http://podcast.thinkingelixir.com/27 (http://podcast.thinkingelixir.com/27) – Our earlier interview with Zach Daniel about the Ash Framework - https://www.erlang-solutions.com/blog/twenty-years-of-open-source-erlang/ (https://www.erlang-solutions.com/blog/twenty-years-of-open-source-erlang/) – Happy Birthday Open Source Erlang! 23 years ago! Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Discussion Resources - https://logflare.app (https://logflare.app) - https://datastudio.google.com/u/0/reporting/1OiXkL1AOTJw4-dpudE1yAGQcmThGm-/page/kcvr?s=gIAFsUMbDS4 (https://datastudio.google.com/u/0/reporting/1OiXkL1AOTJw4-dpudE1y_AGQc_mThGm-/page/kcvr?s=gIAFsUMbDS4) – When clicked “Backend Status (Elixir)” - https://github.com/Logflare/logflareloggerbackend (https://github.com/Logflare/logflare_logger_backend) – Elixir Logger backend - https://github.com/Logflare/logflare_erl (https://github.com/Logflare/logflare_erl) – Erlang Logflare client - https://www.elastic.co/what-is/elk-stack (https://www.elastic.co/what-is/elk-stack) - https://dev.splunk.com/enterprise/ (https://dev.splunk.com/enterprise/) - https://vercel.com/ (https://vercel.com/) - https://cloud.google.com/bigquery/ (https://cloud.google.com/bigquery/) - https://elixir-broadway.org/ (https://elixir-broadway.org/) - https://hexdocs.pm/phoenix_pubsub/Phoenix.PubSub.html (https://hexdocs.pm/phoenix_pubsub/Phoenix.PubSub.html) - https://www.loom.com/share/22ed1613d1f74c15b9beac88ee6705f9 (https://www.loom.com/share/22ed1613d1f74c15b9beac88ee6705f9) – Supabase Logs & Logflare Endpoints - https://supabase.com/blog/2021/12/02/supabase-acquires-logflare (https://supabase.com/blog/2021/12/02/supabase-acquires-logflare) – Supabase acquires Logflare Guest Information - https://twitter.com/chasers (https://twitter.com/chasers) – Chase on Twitter - https://github.com/Logflare/logflare (https://github.com/Logflare/logflare) – Logflare on Github - https://github.com/chasers (https://github.com/chasers) – Chase on Github - https://logflare.app (https://logflare.app) – Logflare website - https://supabase.com/blog (https://supabase.com/blog) – Supabase blog Find us online - Message the show - @ThinkingElixir (https://twitter.com/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen - @brainlid (https://twitter.com/brainlid) - David Bernheisel - @bernheisel (https://twitter.com/bernheisel) - Cade Ward - @cadebward (https://twitter.com/cadebward)

What's it like building a stream processing platform with around 300 stateful stream processing applications based on Kafka Streams? Levani Kokhreidze (Principal Engineer, Wise) shares his experience building such a platform that the business depends on for multi-currency movements across the globe. He explains how his team uses Kafka Streams for real-time money transfers at Wise, a fintech organization that facilitates international currency transfers for 11 million customers. Getting to this point and expanding the stream processing platform is not, however, without its challenges. One of the major challenges at Wise is to aggregate, join, and process real-time event streams to transfer currency instantly. To accomplish this, the Wise relies on Apache Kafka® as an event broker, as well as Kafka Streams, the accompanying Java stream processing library. Kafka Streams lets you build event-driven microservices for processing streams, which can then be deployed alongside the Kafka cluster of your choice. Wise also uses the Interactive Queries feature in Kafka streams, to query internal application state at runtime. The Wise stream processing platform has gradually moved them away from a monolithic architecture to an event-driven microservices model with around 400 total microservices working together. This has given Wise the ability to independently shape and scale each service to better serve evolving business needs. Their stream processing platform includes a domain-specific language (DSL) that provides libraries and tooling, such as Docker images for building your own stream processing applications with governance. With this approach, Wise is able to store 50 TB of stateful data based on Kafka Streams running in Kubernetes. Levani shares his own experiences in this journey with you and provides you with guidance that may help you follow in Wise's footsteps. He covers how to properly delegate ownership and responsibilities for sourcing events from existing data stores, and outlines some of the pitfalls they encountered along the way. To cap it all off, Levani also shares some important lessons in organization and technology, with some best practices to keep in mind. EPISODE LINKSKafka Streams 101 courseReal-Time Stream Processing with Kafka Streams ft. Bill BejeckWatch the video version of this podcastJoin the Confluent CommunityLearn more with Kafka tutorials, resources, and guides at Confluent DeveloperLive demo: Intro to Event-Driven Microservices with ConfluentUse PODCAST100 to get an additional $100 of free Confluent Cloud usage (details)

Do you enjoy the "final 2 questions" I always ask at the end of the show? I think it's a great way to track the currents of the Python community. This episode focuses in on one of those questions: "What notable PyPI package have you come across recently? Not necessarily the most popular one but something that delighted you and people should know about?" Our guest, Antonio Andrade put together a GitHub repository cataloging guests' response to this question over the past couple of years. So I invited him to come share the packages covered there. We touch on over 40 packages during this episode so I'm sure you'll learn a few new gems to incorporate into your workflow. Links from the show Antonio on Twitter: @AntonioAndrade Notable PyPI Package Repo: github.com/xandrade/talkpython.fm-notable-packages Antonio's recommended packages from this episode: Sumy: Extract summary from HTML pages or plain texts: github.com gTTS (Google Text-to-Speech): github.com Packages discussed during the episode 1. FastAPI - A-W-E-S-O-M-E web framework for building APIs: fastapi.tiangolo.com 2. Pythonic - Graphical automation tool: github.com 3. umap-learn - Uniform Manifold Approximation and Projection: readthedocs.io 4. Tortoise ORM - Easy async ORM for python, built with relations in mind: tortoise.github.io 5. Beanie - Asynchronous Python ODM for MongoDB: github.com 6. Hathi - SQL host scanner and dictionary attack tool: github.com 7. Plotext - Plots data directly on terminal: github.com 8. Dynaconf - Configuration Management for Python: dynaconf.com 9. Objexplore - Interactive Python Object Explorer: github.com 10. AWS Cloud Development Kit (AWS CDK): docs.aws.amazon.com 11. Luigi - Workflow mgmt + task scheduling + dependency resolution: github.com 12. Seaborn - Statistical Data Visualization: pydata.org 13. CuPy - NumPy & SciPy for GPU: cupy.dev 14. Stevedore - Manage dynamic plugins for Python applications: docs.openstack.org 15. Pydantic - Data validation and settings management: github.com 16. pipx - Install and Run Python Applications in Isolated Environments: pypa.github.io 17. openpyxl - A Python library to read/write Excel 2010 xlsx/xlsm files: readthedocs.io 18. HttpPy - More comfortable requests with python: github.com 19. rich - Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal: readthedocs.io 20. PyO3 - Using Python from Rust: pyo3.rs 21. fastai - Making neural nets uncool again: fast.ai 22. Numba - Accelerate Python Functions by compiling Python code using LLVM: numba.pydata.org 23. NetworkML - Device Functional Role ID via Machine Learning and Network Traffic Analysis: github.com 24. Flask-SQLAlchemy - Adds SQLAlchemy support to your Flask application: palletsprojects.com 25. AutoInvent - Libraries for generating GraphQL API and UI from data: autoinvent.dev 26. trio - A friendly Python library for async concurrency and I/O: readthedocs.io 27. Flake8-docstrings - Extension for flake8 which uses pydocstyle to check docstrings: github.com 28. Hotwire-django - Integrate Hotwire in your Django app: github.com 29. Starlette - The little ASGI library that shines: github.com 30. tenacity - Retry code until it succeeds: readthedocs.io 31. pySerial - Python Serial Port Extension: github.com 32. Click - Composable command line interface toolkit: palletsprojects.com 33. Pytest - Simple powerful testing with Python: docs.pytest.org 34. testcontainers-python - Test almost anything that can run in a Docker container: github.com 35. cibuildwheel - Build Python wheels on CI with minimal configuration: readthedocs.io 36. async-rediscache - An easy to use asynchronous Redis cache: github.com 37. seinfeld - Query a Seinfeld quote database: github.com 38. notebook - A web-based notebook environment for interactive computing: readthedocs.io 39. dagster - A data orchestrator for machine learning, analytics, and ETL: dagster.io 40. bleach - An easy safelist-based HTML-sanitizing tool: github.com 41. flynt - string formatting converter: github.com   Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe on YouTube: youtube.com Follow Talk Python on Twitter: @talkpython Follow Michael on Twitter: @mkennedy Sponsors Coiled TopTal AssemblyAI Talk Python Training

Today on That Tech Pod, Laura and Gabi chat with Christine Lovett. Christine is the Principal Customer Engineer at Sourcegraph. As a former software developer and customer engineer at Google and Docker, Christine now works closely with Sourcegraph's top customers to help them get the most out of Universal Code Search. She started her career in sales before learning to code, and ultimately merged her skillset into customer-facing technical roles. She has found her niche specializing in technology ranging from app modernization in cloud to bleeding-edge developer tools. Follow That Tech Pod: Twitter-@thattechpodLinkedIn: LinkedIn.com/thattechpodwebsite: thattechpod.com.

Unedited live recording on YouTube (Ep #108) An earlier YTL show about Docker Hub (Ep #89) Brandon on StackOverflow regclient on GitHub registry spec on GitHub Brandon's videos and presentations on GitHub ★ Support this podcast on Patreon ★

You had questions, the Go Team had answers! Topics covered include generics (of course), governance (of course), Go 2, text editors, GitHub Copilot, garbage collection, and more.

You had questions, the Go Team had answers! Topics covered include generics (of course), governance (of course), Go 2, text editors, GitHub Copilot, garbage collection, and more.

About RobertR2 advocates for Liquibase customers and provides technical architecture leadership. Prior to co-founding Datical (now Liquibase), Robert was a Director at the Austin Technology Incubator. Robert co-founded Phurnace Software in 2005. He invented and created the flagship product, Phurnace Deliver, which provides middleware infrastructure management to multiple Fortune 500 companies.Links: Liquibase: https://www.liquibase.com Liquibase Community: https://www.liquibase.org Liquibase AWS Marketplace: https://aws.amazon.com/marketplace/seller-profile?id=7e70900d-dcb2-4ef6-adab-f64590f4a967 Github: https://github.com/liquibase Twitter: https://twitter.com/liquibase TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: It seems like there is a new security breach every day. Are you confident that an old SSH key, or a shared admin account, isn't going to come back and bite you? If not, check out Teleport. Teleport is the easiest, most secure way to access all of your infrastructure. The open source Teleport Access Plane consolidates everything you need for secure access to your Linux and Windows servers—and I assure you there is no third option there. Kubernetes clusters, databases, and internal applications like AWS Management Console, Yankins, GitLab, Grafana, Jupyter Notebooks, and more. Teleport's unique approach is not only more secure, it also improves developer productivity. To learn more visit: goteleport.com. And not, that is not me telling you to go away, it is: goteleport.com. Corey: You know how Git works right?Announcer: Sorta, kinda, not really. Please ask someone else.Corey: That's all of us. Git is how we build things, and Netlify is one of the best ways I've found to build those things quickly for the web. Netlify's Git-based workflows mean you don't have to play slap-and-tickle with integrating arcane nonsense and web hooks, which are themselves about as well understood as Git. Give them a try and see what folks ranging from my fake Twitter for Pets startup, to global Fortune 2000 companies are raving about. If you end up talking to them—because you don't have to; they get why self-service is important—but if you do, be sure to tell them that I sent you and watch all of the blood drain from their faces instantly. You can find them in the AWS marketplace or at www.netlify.com. N-E-T-L-I-F-Y dot com.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This is a promoted episode. What does that mean in practice? Well, it means the company who provides the guest has paid to turn this into a discussion that's much more aligned with the company than it is the individual.Sometimes it works, Sometimes it doesn't, but the key part of that story is I get paid. Why am I bringing this up? Because today's guest is someone I met in person at Monktoberfest, which is the RedMonk conference in Portland, Maine, one of the only reasons to go to Maine, speaking as someone who grew up there. And I spoke there, I met my guest today, and eventually it turned into this, proving that I am the envy of developer advocates everywhere because now I can directly tie me attending one conference to making a fixed sum of money, and right now they're all screaming and tearing off their headphones and closing this episode. But for those of you who are sticking around, thank you. My guest today is the CTO and co-founder of Liquibase. Please welcome Robert Reeves. Robert, thank you for joining me, and suffering the slings and arrows I'm about to hurled directly into your arse, as a warning shot.Robert: [laugh]. Man. Thanks for having me. Corey, I've been looking forward to this for a while. I love hanging out with you.Corey: One of the things I love about the Monktoberfest conference, and frankly, anything that RedMonk gets up to is, forget what's on stage, which is uniformly excellent; forget the people at RedMonk who are wonderful and I aspire to do more work with them in different ways; they're great, but the people that they attract are invariably interesting, they are invariably incredibly diverse in terms of not just demographics, but interests and proclivities. It's just a wonderful group of people, and every time I get the opportunity to spend time with those folks I do, and I've never once regretted it because I get to meet people like you. Snark and cynicism about sponsoring this nonsense aside—for which I do thank you—you've been a fascinating person to talk to you because you're better at a lot of the database-facing things than I am, so I shortcut to instead of forming my own opinions, I just skate off of yours in some cases. You're going to get letters now.Robert: Well, look, it's an occupational hazard, right? Releasing software, it's hard so you have to learn these platforms, and part of it includes the database. But I tell you, you're spot on about Monktoberfest. I left that conference so motivated. Really opened my eyes, certainly injecting empathy into what I do on a day-to-day basis, but it spurred me to action.And there's a lot of programs that we've started at Liquibase that the germination for that seed came from Monktoberfest. And certainly, you know, we were bummed out that it's been canceled two years in a row, but we can't wait to get back and sponsor it. No end of love and affection for that team. They're also really smart and right about a hundred percent of the time.Corey: That's the most amazing part is that they have opinions that generally tend to mirror my own—which, you know—Robert: [laugh].Corey: —confirmation bias is awesome, but they almost never get it wrong. And that is one of the impressive things is when I do it, I'm shooting from the hip and I already have an apology half-written and ready to go, whereas when dealing with them, they do research on this and they don't have the ‘I'm a loud, abrasive shitpostter on Twitter' defense to fall back on to defend opinions. And if they do, I've never seen them do it. They're right, and the fact that I am as aligned with them as I am, you'd think that one of us was cribbing from the other. I assure you that's not the case.But every time Steve O'Grady or Rachel Stephens, or Kelly—I forget her last name; my apologies is all Twitter, but she studied medieval history, I remember that—or James Governor writes something, I'm uniformly looking at this and I feel a sense of dismay, been, “Dammit. I should have written this. It's so well written and it makes such a salient point.” I really envy their ability to be so consistently on point.Robert: Well, they're the only analysts we pay money to. So, we vote with our dollars with that one. [laugh].Corey: Yeah. I'm only an analyst when people have analyst budget. Other than that, I'm whatever the hell you describe me. So, let's talk about that thing you're here to show. You know, that little side project thing you found and are the CTO of.I wasn't super familiar with what Liquibase does until I looked into it and then had this—I got to say, it really pissed me off because I'm looking at it, and it's how did I not know that this existed back when the exact problems that you solve are the things I was careening headlong into? I was actively annoyed. You're also an open-source project, which means that you're effectively making all of your money by giving things away and hoping for gratitude to come back on you in the fullness of time, right?Robert: Well, yeah. There's two things there. They're open-source component, but also, where was this when I was struggling with this problem? So, for the folks that don't know, what Liquibase does is automate database schema change. So, if you need to update a database—I don't care what it is—as part of your application deployment, we can help.Instead of writing a ticket or manually executing a SQL script, or generating a bunch of docs in a NoSQL database, you can have Liquibase help you out with that. And so I was at a conference years ago, at the booth, doing my booth thing, and a managing director of a very large bank came to me, like, “Hey, what do you do?” And saw what we did and got angry, started yelling at me. “Where were you three years ago when I was struggling with this problem?” Like, spitting mad. [laugh]. And I was like, “Dude, we just started”—this was a while ago—it was like, “We just started the company two years ago. We got here as soon as we could.”But I struggled with this problem when I was a release manager. And so I've been doing this for years and years and years—I don't even want to talk about how long—getting bits from dev to test to production, and the database was always, always, always the bottleneck, whether it was things didn't run the same in test as they did, eventually in production, environments weren't in sync. It's just really hard. And we've automated so much stuff, we've automated application deployment, lowercase a compiled bits; we're building things with containers, so everything's in that container. It's not a J2EE app anymore—yay—but we haven't done a damn thing for the database.And what this means is that we have a whole part of our industry, all of our database professionals, that are frankly struggling. I always say we don't sell software Liquibase. We sell piano recitals, date nights, happy hours, all the stuff you want to do but you can't because you're stuck dealing with the database. And that's what we do at Liquibase.Corey: Well, you're talking about database people. That's not how I even do it. I would never call myself that, for very good reason because you know, Route 53 remains the only database I use. But the problem I always had was that, “Great. I'm doing a deployment. Oh, I'm going to put out some changes to some web servers. Okay, what's my rollback?” “Well, we have this other commit we can use.” “Oh, we're going to be making a database schema change. What's your rollback strategy,” “Oh, I've updated my resume and made sure that any personal files I had on my work laptop been backed up somewhere else when I immediately leave the company when we can't roll back.” Because there's not really going to be a company anymore at that point.It's one of those everyone sort of holds their breath and winces when it comes to anything that resembles a schema change—or an ALTER TABLE as we used to call it—because that is the mistakes will show territory and you can hope and plan for things in pre-prod environments, but it's always scary. It's always terrifying because production is not like other things. That's why I always call my staging environment ‘theory' because things work in theory but not in production. So, it's how do you avoid the mess of winding up just creating disasters when you're dealing with the reality of your production environments? So, let's back up here. How do you do it? Because it sounds like something people would love to sell me but doesn't exist.Robert: [laugh]. Well, it's real simple. We have a file, we call it the change log. And this is a ledger. So, databases need to be evolved. You can't drop everything and recreate it from scratch, so you have to apply changes sequentially.And so what Liquibase will do is it connects to the database, and it says, “Hey, what version are you?” It looks at the change log, and we'll see, ehh, “There's ten change sets”—that's what components of a change log, we call them change sets—“There's ten change sets in there and the database is telling me that only five had been executed.” “Oh, great. Well, I'll execute these other five.” Or it asks the database, “Hey, how many have been executed?” And it says, “Ten.”And we've got a couple of meta tables that we have in the database, real simple, ANSI SQL compliant, that store the changes that happen to the database. So, if it's a net new database, say you're running a Docker container with the database in it on your local machine, it's empty, you would run Liquibase, and it says, “Oh, hey. It's got that, you know, new database smell. I can run everything.”And so the interesting thing happens when you start pointing it at an environment that you haven't updated in a while. So, dev and test typically are going to have a lot of releases. And so there's going to be little tiny incremental changes, but when it's time to go to production, Liquibase will catch it up. And so we speak SQL to the database, if it's a NoSQL database, we'll speak their API and make the changes requested. And that's it. It's very simple in how it works.The real complex stuff is when we go a couple of inches deeper, when we start doing things like, well, reverse engineering of your database. How can I get a change log of an existing database? Because nobody starts out using Liquibase for a project. You always do it later.Corey: No, no. It's one of those things where when you're doing a project to see if it works, it's one of those, “Great, I'll run a database in some local Docker container or something just to prove that it works.” And, “Todo: fix this later.” And yeah, that todo becomes load-bearing.Robert: [laugh]. That's scary. And so, you know, we can help, like, reverse engineering an entire database schema, no problem. We also have things called quality checks. So sure, you can test your Liquibase change against an empty database and it will tell you if it's syntactically correct—you'll get an error if you need to fix something—but it doesn't enforce things like corporate standards. “Tables start with T underscore.” “Do not create a foreign key unless those columns have an ID already applied.” And that's what our quality checks does. We used to call it rules, but nobody likes rules, so we call it quality checks now.Corey: How do you avoid the trap of enumerating all the bad things you've seen happen because at some point, it feels like that's what leads to process ossification at large companies where, “Oh, we had this bad thing happen once, like, a disk filled up, so now we have a check that makes sure that all the disks are at least 20, empty.” Et cetera. Great. But you keep stacking those you have thousands and thousands and thousands of those, and even a one-line code change then has to pass through so many different tests to validate that this isn't going to cause the failure mode that happened that one time in a unicorn circumstance. How do you avoid the bloat and the creep of stuff like that?Robert: Well, let's look at what we've learned from automated testing. We certainly want more and more tests. Look, DevOp's algorithm is, “All right, we had a problem here.” [laugh]. Or SRE algorithm, I should say. “We had a problem here. What happened? What are we going to change in the future to make sure this doesn't happen?” Typically, that involves a new standard.Now, ossification occurs when a person has to enforce that standard. And what we should do is seek to have automation, have the machine do it for us. Have the humans come up and identify the problem, find a creative way to look for the issue, and then let the machine enforce it. Ossification happens in large organizations when it's people that are responsible, not the machine. The machines are great at running these things over and over again, and they're never hung over, day after Super Bowl Sunday, their kid doesn't get sick, they don't get sick. But we want humans to look at the things that we need that creative energy, that brain power on. And then the rote drudgery, hand that off to the machine.Corey: Drudgery seems like sort of a job description for a lot of us who spend time doing operation stuff.Robert: [laugh].Corey: It's drudgery and it's boring, punctuated by moments of sheer terror. On some level, you're more or less taking some of the adrenaline high of this job away from people. And you know, when it comes to databases, I'm kind of okay with that as it turns out.Robert: Yeah. Oh, yeah, we want no surprises in database-land. And that is why over the past several decades—can I say several decades since 1979?Corey: Oh, you can s—it's many decades, I'm sorry to burst your bubble on that.Robert: [laugh]. Thank you, Corey. Thank you.Corey: Five, if we're being honest. Go ahead.Robert: So, it has evolved over these many decades where change is the enemy of stability. And so we don't want change, and we want to lock these things down. And our database professionals have become changed from sentinels of data into traffic cops and TSA. And as we all know, some things slip through those. Sometimes we speed, sometimes things get snuck through TSA.And so what we need to do is create a system where it's not the people that are in charge of that; that we can set these policies and have our database professionals do more valuable things, instead of that adrenaline rush of, “Oh, my God,” how about we get the rush of solving a problem and saving the company millions of dollars? How about that rush? How about the rush of taking our old, busted on-prem databases and figure out a way to scale these up in the cloud, and also provide quick dev and test environments for our developer and test friends? These are exciting things. These are more fun, I would argue.Corey: You have a list of reference customers on your website that are awesome. In fact, we share a reference customer in the form of Ticketmaster. And I don't think that they will get too upset if I mention that based upon my work with them, at no point was I left with the impression that they played fast and loose with databases. This was something that they take very seriously because for any company that, you know, sells tickets to things you kind of need an authoritative record of who's bought what, or suddenly you don't really have a ticket-selling business anymore. You also reference customers in the form of UPS, which is important; banks in a variety of different places.Yeah, this is stuff that matters. And you support—from the looks of it—every database people can name except for Route 53. You've got RDS, you've got Redshift, you've got Postgres-squeal, you've got Oracle, Snowflake, Google's Cloud Spanner—lest people think that it winds up being just something from a legacy perspective—Cassandra, et cetera, et cetera, et cetera, CockroachDB. I could go on because you have multiple pages of these things, SAP HANA—whatever the hell that's supposed to be—Yugabyte, and so on, and so forth. And it's like, some of these, like, ‘now you're just making up animals' territory.Robert: Well, that goes back to open-source, you know, you were talking about that earlier. There is no way in hell we could have brought out support for all these database platforms without us being open-source. That is where the community aligns their goals and works to a common end. So, I'll give you an example. So, case in point, recently, let me see Yugabyte, CockroachDB, AWS Redshift, and Google Cloud Spanner.So, these are four folks that reached out to us and said, either A) “Hey, we want Liquibase to support our database,” or B) “We want you to improve the support that's already there.” And so we have what we call—which is a super creative name—the Liquibase test harness, which is just genius because it's an automated way of running a whole suite of tests against an arbitrary database. And that helped us partner with these database vendors very quickly and to identify gaps. And so there's certain things that AWS Redshift—certain objects—that AWS Redshift doesn't support, for all the right reasons. Because it's data warehouse.Okay, great. And so we didn't have to run those tests. But there were other tests that we had to run, so we create a new test for them. They actually wrote some of those tests. Our friends at Yugabyte, CockroachDB, Cloud Spanner, they wrote these extensions and they came to us and partnered with us.The only way this works is with open-source, by being open, by being transparent, and aligning what we want out of life. And so what our friends—our database friends—wanted was they wanted more tooling for their platform. We wanted to support their platform. So, by teaming up, we help the most important person, [laugh] the most important person, and that's the customer. That's it. It was not about, “Oh, money,” and all this other stuff. It was, “This makes our customers' lives easier. So, let's do it. Oop, no brainer.”Corey: There's something to be said for making people's lives easier. I do want to talk about that open-source versus commercial divide. If I Google Liquibase—which, you know, I don't know how typing addresses in browsers works anymore because search engines are so fast—I just type in Liquibase. And the first thing it spits me out to is liquibase.org, which is the Community open-source version. And there's a link there to the Pro paid version and whatnot. And I was just scrolling idly through the comparison chart to see, “Oh, so ‘Community' is just code for shitty and you're holding back advanced features.” But it really doesn't look that way. What's the deal here?Robert: Oh, no. So, Liquibase open-source project started in 2006 and Liquibase the company, the commercial entity, started after that, 2012; 2014, first deal. And so, for—Nathan Voxland started this, and Nathan was struggling. He was working at a company, and he had to have his application—of course—you know, early 2000s, J2EE—support SQL Server and Oracle and he was struggling with it. And so he open-sourced it and added more and more databases.Certainly, as open-source databases grew, obviously he added those: MySQL, Postgres. But we're never going to undo that stuff. There's rollback for free in Liquibase, we're not going to be [laugh] we're not going to be jerks and either A) pull features out or, B) even worse, make Stephen O'Grady's life awful by changing the license [laugh] so he has to write about it. He loves writing about open-source license changes. We're Apache 2.0 and so you can do whatever you want with it.And we believe that the things that make sense for a paying customer, which is database-specific objects, that makes sense. But Liquibase Community, the open-source stuff, that is built so you can go to any database. So, if you have a change log that runs against Oracle, it should be able to run against SQL Server, or MySQL, or Postgres, as long as you don't use platform-specific data types and those sorts of things. And so that's what Community is about. Community is about being able to support any database with the same change log. Pro is about helping you get to that next level of DevOps Nirvana, of reaching those four metrics that Dr. Forsgren tells us are really important.Corey: Oh, yes. You can argue with Nicole Forsgren, but then you're wrong. So, why would you ever do that?Robert: Yeah. Yeah. [laugh]. It's just—it's a sucker's bet. Don't do it. There's a reason why she's got a PhD in CS.Corey: She has been a recurring guest on this show, and I only wish she would come back more often. You and I are fun to talk to, don't get me wrong. We want unbridled intellect that is couched in just a scintillating wit, and someone is great to talk to. Sorry, we're both outclassed.Robert: Yeah, you get entertained with us; you learn with her.Corey: Exactly. And you're still entertained while doing it is the best part.Robert: [laugh]. That's the difference between Community and Pro. Look, at the end of the day, if you're an individual developer just trying to solve a problem and get done and away from the computer and go spend time with your friends and family, yeah, go use Liquibase Community. If it's something that you think can improve the rest of the organization by teaming up and taking advantage of the collaboration features? Yes, sure, let us know. We're happy to help.Corey: Now, if people wanted to become an attorney, but law school was too expensive, out of reach, too much time, et cetera, but they did have a Twitter account, very often, they'll find that they can scratch that itch by arguing online about open-source licenses. So, I want to be very clear—because those people are odious when they email me—that you are licensed under the Apache License. That is a bonafide OSI approved open-source license. It is not everyone except big cloud companies, or service providers, which basically are people dancing around—they mean Amazon. So, let's be clear. One, are you worried about Amazon launching a competitive service with a dumb name? And/or have you really been validated as a product if AWS hasn't attempted and failed to launch a competitor?Robert: [laugh]. Well, I mean, we do have a very large corporation that has embedded Liquibase into one of their flagship products, and that is Oracle. They have embedded Liquibase in SQLcl. We're tickled pink because that means that, one, yes, it does validate Liquibase is the right way to do it, but it also means more people are getting help. Now, for Oracle users, if you're just an Oracle shop, great, have fun. We think it's a great solution. But there's not a lot of those.And so we believe that if you have Liquibase, whether it's open-source or the Pro version, then you're going to be able to support all the databases, and I think that's more important than being tied to a single cloud. Also—this is just my opinion and take it for what it's worth—but if Amazon wanted to do this, well, they're not the only game in town. So, somebody else is going to want to do it, too. And, you know, I would argue even with Amazon's backing that Liquibase is a little stronger brand than anything they would come out with.Corey: This episode is sponsored by our friends at Oracle HeatWave is a new high-performance accelerator for the Oracle MySQL Database Service. Although I insist on calling it “my squirrel.” While MySQL has long been the worlds most popular open source database, shifting from transacting to analytics required way too much overhead and, ya know, work. With HeatWave you can run your OLTP and OLAP, don't ask me to ever say those acronyms again, workloads directly from your MySQL database and eliminate the time consuming data movement and integration work, while also performing 1100X faster than Amazon Aurora, and 2.5X faster than Amazon Redshift, at a third of the cost. My thanks again to Oracle Cloud for sponsoring this ridiculous nonsense. Corey: So, I want to call out though, that on some level, they have already competed with you because one of database that you do not support is DynamoDB. Let's ignore the Route 53 stuff because, okay. But the reason behind that, having worked with it myself, is that, “Oh, how do you do a schema change in DynamoDB?” The answer is that you don't because it doesn't do schemas for one—it is schemaless, which is kind of the point of it—as well as oh, you want to change the primary, or the partition, or the sort key index? Great. You need a new table because those things are immutable.So, they've solved this Gordian Knot just like Alexander the Great did by cutting through it. Like, “Oh, how do you wind up doing this?” “You don't do this. The end.” And that is certainly an approach, but there are scenarios where those were first, NoSQL is not a acceptable answer for some workloads.I know Rick [Horahan 00:26:16] is going to yell at me for that as soon as he hears me, but okay. But there are some for which a relational database is kind of a thing, and you need that. So, Dynamo isn't fit for everything. But there are other workloads where, okay, I'm going to just switch over. I'm going to basically dump all the data and add it to a new table. I can't necessarily afford to do that with anything less than maybe, you know, 20 milliseconds of downtime between table one and table two. And they're obnoxious and difficult ways to do it, but for everything else, you do kind of need to make ALTER TABLE changes from time to time as you go through the build and release process.Robert: Yeah. Well, we certainly have plans for DynamoDB support. We are working our way through all the NoSQLs. Started with Mongo, and—Corey: Well, back that out a second then for me because there's something I'm clearly not grasping because it's my understanding, DynamoDB is schemaless. You can put whatever you want into various arbitrary fields. How would Liquibase work with something like that?Robert: Well, that's something I struggled with. I had the same question. Like, “Dude, really, we're a schema change tool. Why would we work with a schemaless database?” And so what happened was a soon-to-be friend of ours in Europe had reached out to me and said, “I built an extension for MongoDB in Liquibase. Can we open-source this, and can y'all take care of the care and feeding of this?” And I said, “Absolutely. What does it do?” [laugh].And so I looked at it and it turns out that it focuses on collections and generating data for test. So, you're right about schemaless because these are just documents and we're not going to go through every single document and change the structure, we're just going to have the application create a new doc and the new format. Maybe there's a conversion log logic built into the app, who knows. But it's the database professionals that have to apply these collections—you know, indices; that's what they call them in Mongo-land: collections. And so being able to apply these across all environments—dev, test, production—and have consistency, that's important.Now, what was really interesting is that this came from MasterCard. So, this engineer had a consulting business and worked for MasterCard. And they had a problem, and they said, “Hey, can you fix this with Liquibase?” And he said, “Sure, no problem.” And he built it.So, that's why if you go to the MongoDB—the liquibase-mongodb repository in our Liquibase org, you'll see that MasterCard has the copyright on all that code. Still Apache 2.0. But for me, that was the validation we needed to start expanding to other things: Dynamo, Couch. And same—Corey: Oh, yeah. For a lot of contributors, there's a contributor license process you can go through, assign copyright. For everything else, there's MasterCard.Robert: Yeah. Well, we don't do that. Look, you know, we certainly have a code of conduct with our community, but we don't have a signing copyright and that kind of stuff. Because that's baked into Apache 2.0. So, why would I want to take somebody's ability to get credit and magical internet points and increase the rep by taking that away? That's just rude.Corey: The problem I keep smacking myself into is just looking at how the entire database space across the board goes, it feels like it's built on lock-in, it's built on it is super finicky to work with, and it generally feels like, okay, great. You take something like Postgres-squeal or whatever it is you want to run your database on, yeah, you could theoretically move it a bunch of other places, but moving databases is really hard. Back when I was at my last, “Real job,” quote-unquote, years ago, we were late to the game; we migrated the entire site from EC2 Classic into a VPC, and the biggest pain in the ass with all of that was the RDS instance. Because we had to quiesce the database so it would stop taking writes; we would then do snapshot it, shut it down, and then restore a new database from that RDS snapshot.How long does it take, at least in those days? That is left as an experiment for the reader. So, we booked a four hour maintenance window under the fear that would not be enough. It completed in 45 minutes. So okay, there's that. Sparked the thing up and everything else was tested and good to go. And yay. Okay.It took a tremendous amount of planning, a tremendous amount of work, and that wasn't moving it very far. It is the only time I've done a late-night deploy, where not a single thing went wrong. Until I was on the way home and the Uber driver sideswiped a city vehicle. So, there we go—Robert: [laugh].Corey: —that's the one. But everything else was flawless on this because we planned these things out. But imagine moving to a different provider. Oh, forget it. Or imagine moving to a different database engine? That's good. Tell another one.Robert: Well, those are the problems that we want our database professionals to solve. We do not want them to be like janitors at an elementary school, cleaning up developer throw-up with sawdust. The issue that you're describing, that's a one time event. This is something that doesn't happen very often. You need hands on the keyboard, you want people there to look for problems.If you can take these database releases away from those folks and automate them safely—you can have safety and speed—then that frees up their time to do these other herculean tasks, these other feats of strength that they're far better at. There is no silver bullet panacea for database issues. All we're trying to do is take about 70% of DBAs time and free it up to do the fun stuff that you described. There are people that really enjoy that, and we want to free up their time so they can do that. Moving to another platform, going from the data center to the cloud, these sorts of things, this is what we want a human on; we don't want them updating a column three times in a row because dev couldn't get it right. Let's just give them the keys and make sure they stay in their lane.Corey: There's something glorious about being able to do that. I wish that there were more commonly appreciated ways of addressing those pains, rather than, “Oh, we're going to sell you something big and enterprise-y and it's going to add a bunch of process and not work out super well for you.” You integrate with existing CI/CD systems reasonably well, as best I can tell because the nice thing about CI/CD—and by nice I mean awful—is that there is no consensus. Every pipeline you see, in a release engineering process inherently becomes this beautiful bespoke unicorn.Robert: Mm-hm. Yeah. And we have to. We have to integrate with whatever CI/CD they have in place. And we do not want customers to just run Liquibase by itself. We want them to integrate it with whatever is driving that application deployment.We're Switzerland when it comes to databases, and CI/CD. And I certainly have my favorite of those, and it's primarily based on who bought me drinks at the last conference, but we cannot go into somebody's house and start rearranging the furniture. That's just rude. If they're deploying the app a certain way, what we tell that customer is, “Hey, we're just going to have that CI/CD tool call Liquibase to update the database. This should be an atomic unit of deployment.” And it should be hidden from the person that pushes that shiny button or the automation that does it.Corey: I wish that one day that you could automate all of the button pushing, but the thing that always annoyed me in release engineering was the, “Oh, and here's where we stop to have a human press the button.” And I get it. That stuff's scary for some folks, but at the same time, this is the nature of reality. So, you're not going to be able to technology your way around people. At least not successfully and not for very long.Robert: It's about trust. You have to earn that database professional's trust because if something goes wrong, blaming Liquibase doesn't go very far. In that company, they're going to want a person [laugh] who has a badge to—with a throat to choke. And so I've seen this pattern over and over again.And this happened at our first customer. Major, major, big, big, big bank, and this was on the consumer side. They were doing their first production push, and they wanted us ready. Not on the call, but ready if there was an issue they needed to escalate and get us to help them out. And so my VP of Engineering and me, we took it. Great. Got VP of engineering and CTO. Right on.And so Kevin and I, we stayed home, stayed sober [laugh], you know—a lot of places to party in Austin; we fought that temptation—and so we stayed and I'm texting with Kevin, back and forth. “Did you get a call?” “No, I didn't get a call.” It was Friday night. Saturday rolls around. Sunday. “Did you get a—what's going on?” [laugh].Monday, we're like, “Hey. Everything, okay? Did you push to the next weekend?” They're like, “Oh, no. We did. It went great. We forgot to tell you.” [laugh]. But here's what happened. The DBAs push the Liquibase ‘make it go' button, and then they said, “Uh-Oh.” And we're like, “What do you mean, uh-oh?” They said, “Well, something went wrong.” “Well, what went wrong?” “Well, it was too fast.” [laugh]. Something—no way. And so they went through the whole thing—Corey: That was my downtime when I supposed to be compiling.Robert: Yeah. So, they went through the whole thing to verify every single change set. Okay, so that was weekend one. And then they go to weekend two, they do it the same thing. All right, all right. Building trust.By week four, they called a meeting with the release team. And they said, “Hey, process change. We're no longer going to be on these calls. You are going to push the Liquibase button. Now, if you want to integrate it with your CI/CD, go right ahead, but that's not my problem.” Dev—or, the release team is tier one; dev is tier two; we—DBAs—are tier three support, but we'll call you because we'll know something went wrong. And to this day, it's all automated.And so you have to earn trust to get people to give that up. Once they have trust and you really—it's based on empathy. You have to understand how terrible [laugh] they are sometimes treated, and to actively take care of them, realize the problems they're struggling with, and when you earn that trust, then and only then will they allow automation. But it's hard, but it's something you got to do.Corey: You mentioned something a minute ago that I want to focus on a little bit more closely, specifically that you're in Austin. Seems like that's a popular choice lately. You've got companies that are relocating their headquarters there, presumably for tax purposes. Oracle's there, Tesla's there. Great. I mean, from my perspective, terrific because it gets a number of notably annoying CEOs out of my backyard. But what's going on? Why is Austin on this meteoric rise and how'd it get there?Robert: Well, a lot of folks—overnight success, 40 years in the making, I guess. But what a lot of people don't realize is that, one, we had a pretty vibrant tech hub prior to all this. It all started with MCC, Microcomputer Consortium, which in the '80s, we were afraid of the Japanese taking over and so we decided to get a bunch of companies together, and Admiral Bobby Inman who was director planted it in Austin. And that's where it started. You certainly have other folks that have a huge impact, obviously, Michael Dell, Austin Ventures, a whole host of folks that have really leaned in on tech in Austin, but it actually started before that.So, there was a time where Willie Nelson was in Nashville and was just fed up with RCA Records. They would not release his albums because he wanted to change his sound. And so he had some nice friends at Atlantic Records that said, “Willie, we got this. Go to New York, use our studio, cut an album, we'll fix it up.” And so he cut an album called Shotgun Willie, famous for having “Whiskey River” which is what he uses to open and close every show.But that album sucked as far as sales. It's a good album, I like it. But it didn't sell except for one place in America: in Austin, Texas. It sold more copies in Austin than anywhere else. And so Willie was like, “I need to go check this out.”And so he shows up in Austin and sees a bunch of rednecks and hippies hanging out together, really geeking out on music. It was a great vibe. And then he calls, you know, Kris, and Waylon, and Merle, and say, “Come on down.” And so what happened here was a bunch of people really wanted to geek out on this new type of country music, outlaw country. And it started a pattern where people just geek out on stuff they really like.So, same thing with Austin film. You got Robert Rodriguez, you got Richard Linklater, and Slackers, his first movie, that's why I moved to Austin. And I got a job at Les Amis—a coffee shop that's closed—because it had three scenes in that. There was a whole scene of people that just really wanted to make different types of films. And we see that with software, we see that with film, we see it with fashion.And it just seems that Austin is the place where if you're really into something, you're going to find somebody here that really wants to get into it with you, whether it's board gaming, D&D, noise punk, whatever. And that's really comforting. I think it's the community that's just welcoming. And I just hope that we can continue that creativity, that sense of community, and that we don't have large corporations that are coming in and just taking from the system. I hope they inject more.I think Oracle's done a really good job; their new headquarters is gorgeous, they've done some really good things with the city, doing a land swap, I think it was forty acres for nine acres. They coughed up forty for nine. And it was nine acres the city wasn't even using. Great. So, I think they're being good citizens. I think Tesla's been pretty cool with building that factory where it is. I hope more come. I hope they catch what is ever in the water and the breakfast tacos in Austin.Corey: [laugh]. I certainly look forward to this pandemic ending; I can come over and find out for myself. I'm looking forward to it. I always enjoyed my time there, I just wish I got to spend more of it.Robert: How many folks from Duckbill Group are in Austin now?Corey: One at the moment. Tim Banks. And the challenge, of course, is that if you look across the board, there really aren't that many places that have more than one employee. For example, our operations person, Megan, is here in San Francisco and so is Jesse DeRose, our manager of cloud economics. But my business partner is in Portland; we have people scattered all over the country.It's kind of fun having a fully-distributed company. We started this way, back when that was easy. And because all right, travel is easy; we'll just go and visit whenever we need to. But there's no central office, which I think is sort of the dangerous part of full remote because then you have this idea of second-class citizens hanging out in one part of the country and then they go out to lunch together and that's where the real decisions get made. And then you get caught up to speed. It definitely fosters a writing culture.Robert: Yeah. When we went to remote work, our lease was up. We just didn't renew. And now we have expanded hiring outside of Austin, we have folks in the Ukraine, Poland, Brazil, more and more coming. We even have folks that are moving out of Austin to places like Minnesota and Virginia, moving back home where their family is located.And that is wonderful. But we are getting together as a company in January. We're also going to, instead of having an office, we're calling it a ‘Liquibase Lounge.' So, there's a number of retail places that didn't survive, and so we're going to take one of those spots and just make a little hangout place so that people can come in. And we also want to open it up for the community as well.But it's very important—and we learned this from our friends at GitLab and their culture. We really studied how they do it, how they've been successful, and it is an awareness of those lunch meetings where the decisions are made. And it is saying, “Nope, this is great we've had this conversation. We need to have this conversation again. Let's bring other people in.” And that's how we're doing at Liquibase, and so far it seems to work.Corey: I'm looking forward to seeing what happens, once this whole pandemic ends, and how things continue to thrive. We're long past due for a startup center that isn't San Francisco. The whole thing is based on the idea of disruption. “Oh, we're disruptive.” “Yes, we're so disruptive, we've taken a job that can be done from literally anywhere with internet access and created a land crunch in eight square miles, located in an earthquake zone.” Genius, simply genius.Robert: It's a shame that we had to have such a tragedy to happen to fix that.Corey: Isn't that the truth?Robert: It really is. But the toothpaste is out of the tube. You ain't putting that back in. But my bet on the next Tech Hub: Kansas City. That town is cool, it has one hundred percent Google Fiber all throughout, great university. Kauffman Fellows, I believe, is based there, so VC folks are trained there. I believe so; I hope I'm not wrong with that. I know Kauffman Foundation is there. But look, there's something happening in that town. And so if you're a buy low, sell high kind of person, come check us out in Austin. I'm not trying to dissuade anybody from moving to Austin; I'm not one of those people. But if the housing prices [laugh] you don't like them, check out Kansas City, and get that two-gig fiber for peanuts. Well, $75 worth of peanuts.Corey: Robert, I want to thank you for taking the time to speak with me so extensively about Liquibase, about how awesome RedMonk is, about Austin and so many other topics. If people want to learn more, where can they find you?Robert: Well, I think the best place to find us right now is in AWS Marketplace. So—Corey: Now, hand on a second. When you say the best place for anything being the AWS Marketplace, I'm naturally a little suspicious. Tell me more.Robert: [laugh]. Well, best is, you know, it's—[laugh].Corey: It is a place that is there and people can find you through it. All right, then.Robert: I have a list. I have a list. But the first one I'm going to mention is AWS Marketplace. And so that's a really easy way, especially if you're taking advantage of the EDP, Enterprise Discount Program. That's helpful. Burn down those dollars, get a discount, et cetera, et cetera. Now, of course, you can go to liquibase.com, download a trial. Or you can find us on Github, github.com/liquibase. Of course, talking smack to us on Twitter is always appreciated.Corey: And we will, of course, include links to that in the [show notes 00:46:37]. Robert Reeves, CTO and co-founder of Liquibase. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment complaining about how Liquibase doesn't support your database engine of choice, which will quickly be rendered obsolete by the open-source community.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

In part one of this two-part episode on The DevOpsHandbook, Second Edition, Gene Kim speaks with coauthors Patrick Debois and John Willis about the past, present, and future of DevOps. By sharing their personal stories and experiences, Kim, Debois, and Willis discuss the scenius that inspired the book, and why and how the DevOps movement took hold around the world.   They also examine the updated content in the book, including new case studies, updated metrics, and practices. Finally, they each share the new lessons they have learned since writing the handbook and the future challenges they think DevOps professionals need to solve for the future. Kim will conclude the series in Part 2, where he interviews the remaining two coauthors, Jez Humble and Dr. Nicole Forsgren.    ABOUT THE GUEST(S) Patrick Debois is considered to be the godfather of the DevOps movement after he coined the term DevOps accidentally in 2008. Through his work, he creates synergies projects and operations by using Agile techniques in development, project management, and system administration. He has worked in several companies such as Atlassian, Zender, and VRT Media Lab. Currently, he is a Labs Researcher at Synk and an independent IT consultant.   John Willis an author and Senior Director of the Global Transformation Office at Red Hat.. He has been an active force in the IT management industry for over 35 years. Willis' experience includes being the Director of Ecosystem Development at Docker, the VP of Solutions for Socketplane, the VP of Training and Services at Opscode. He also founded Gulf Breeze Software, an award-winning IBM business partner, which specializes in deploying Tivoli technology for the enterprise.    Patrick DeBois and John Willis are two of five coauthors of The DevOps Handbook along with Gene Kim, Jez Humble, and Nicole Forsgren, PhD.   YOU'LL LEARN ABOUT The DevOps origin story from coining the term, why it took off, to launching the DevOps Days conference as an offshoot of the velocity conference.  How people thought of DevOps when it was first presented (their reactions, their mentalities, and their willingness to adopt it).   What has changed in the DevOps world since the first edition of The DevOps Handbook was published. How the rise of SaaS companies is altering the DevOps world and participating in its evolution, and how building solid relationships with SaaS vendors and communicating comprehensive feedback to them is integral to DevOps.  The significance of speed in changing team dynamics. Why resilient companies like Google and Amazon engineer chaos, and why companies like Toyota are happy when production stoppages happen.   Why you can't afford to provide a high variety of products if you also offer high product variation.   RESOURCES Get The DevOps Handbook (Second Edition) Nudge vs Shove: A Conversation With Richard Thaler Solaris Zones wiki Agile Conference in Toronto 2008 Sys Advent article: In Defense of the Modern Day JVM (Java Virtual Machine) by Gene Kim Mob programming Breaking Traditional IT Paradigms to... (San Francisco 2015) Crowdsourcing Technology Governance (Las Vegas 2018) Laying Down the Tracks for Technical Change at Comcast (Las Vegas 2020) 10+ Deploys Per Day by John Allspaw and Paul Hammond 10+ Deploys Per Day  How chaos engineering works at Vanguard Patrick DeBois tweet mapping out all the failure modes of an online conference.  Jesse Robins LinkedIn  Jesse Robbins on Twitter How A Hotel Company Ran $30B of Revenue In Containers (Las Vegas 2020) by Dwayne Holmes Google Cloud Certified Fellow Program  Operations is a competitive advantage… (Secret Sauce for Startups!) Love Letter To Conferences (And What Makes Some Truly Amazing) by Gene Kim Toyota Kata: Managing People for Improvement, Adaptiveness and Superior Results by Mike Rother Profound podcast by John Willis Ben Rockwood on Twitter Luke Kanies on LinkedIn DevOps 2020 - The Next Decade (London 2020) Beyond the Phoenix Project: The Origins and Evolution of DevOps by Gene Kim and John Willis The Goal: A Process of Ongoing Improvement by Eliyahu M. Goldratt and Jeff Cox The Convergence Of DevOps Operations as a Strategic Weapon by John Willis Iterative Enterprise SRE Transformation (US 2021)   TIMESTAMPS [00:00] Intro  [01:18] What's new and improved in the second edition of the DevOps handbook  [03:56] Meet Patrick DeBois [10:35] How faster technology made ideas like DevOps possible [18:11] The myths and inefficiencies of team autonomy [20:04] What the first DevOps days were like [27:59] Different opinions between the dev community and ops community [30:49] Mob programming and the future of collaboration [39:31] Two surprising things Patrick learned about DevOps [47:20] Patrick DeBois' favorite DevOps patterns  [51:28] How fear of not delivering on time can mask technical errors [59:45] What Patrick DeBois is working on these days [1:04:38] What was expanded in the second edition of the DevOps handbook [1:06:30] How Gene Kim entered the DevOps world.  [1:07:38] Meet John Willis [1:10:42] Why the DevOps movement took off [1:16:00] Mastering production disasters [1:23:32] The birth of the DevOps Days conference [1:37:37] Feelings of belonging and connection in a conference [1:41:29] A few clarifications [1:49:32] Two of the greatest DevOps open spaces [1:52:40] The difference between variety and variation (the cost of knowledge work).  [2:07:12] Why you should want more stoppages in your production line [2:10:16] John Willis' two favorite DevOps case studies [2:18:55] Outro

Today is a deeply technical episode on DevOps, Azure, Docker, Terraform, and more. Our guest is Kyler Middleton, Principal DevOps Network Architect. Kyler is also a Pluralsight author and blogger. The post Day Two Cloud 128: DevOps'ing All The Things appeared first on Packet Pushers.

Today is a deeply technical episode on DevOps, Azure, Docker, Terraform, and more. Our guest is Kyler Middleton, Principal DevOps Network Architect. Kyler is also a Pluralsight author and blogger. The post Day Two Cloud 128: DevOps'ing All The Things appeared first on Packet Pushers.

Today is a deeply technical episode on DevOps, Azure, Docker, Terraform, and more. Our guest is Kyler Middleton, Principal DevOps Network Architect. Kyler is also a Pluralsight author and blogger. The post Day Two Cloud 128: DevOps'ing All The Things appeared first on Packet Pushers.

About DanielleDanielle Baskin is a serial entrepreneur and multimedia artist whose work has been featured in The New York Times, The Guardian, NPR, The New Yorker, WSJ, and more. She's also the CEO of Dialup, a globally acclaimed voice-chat app.Links: Dialup: https://dialup.com Twitter: https://twitter.com/djbaskin Cofounder Quest: https://cofounder.quest Personal Website: https://daniellebaskin.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: It seems like there is a new security breach every day. Are you confident that an old SSH key, or a shared admin account, isn't going to come back and bite you? If not, check out Teleport. Teleport is the easiest, most secure way to access all of your infrastructure. The open source Teleport Access Plane consolidates everything you need for secure access to your Linux and Windows servers—and I assure you there is no third option there. Kubernetes clusters, databases, and internal applications like AWS Management Console, Yankins, GitLab, Grafana, Jupyter Notebooks, and more. Teleport's unique approach is not only more secure, it also improves developer productivity. To learn more visit: goteleport.com. And not, that is not me telling you to go away, it is: goteleport.com. Corey: You know how Git works right?Announcer: Sorta, kinda, not really. Please ask someone else.Corey: That's all of us. Git is how we build things, and Netlify is one of the best ways I've found to build those things quickly for the web. Netlify's Git-based workflows mean you don't have to play slap-and-tickle with integrating arcane nonsense and web hooks, which are themselves about as well understood as Git. Give them a try and see what folks ranging from my fake Twitter for Pets startup, to global Fortune 2000 companies are raving about. If you end up talking to them—because you don't have to; they get why self-service is important—but if you do, be sure to tell them that I sent you and watch all of the blood drain from their faces instantly. You can find them in the AWS marketplace or at www.netlify.com. N-E-T-L-I-F-Y dot com.Corey: Welcome to Screaming in the Cloud, I'm Corey Quinn. It's always fun when I get the opportunity to talk to people whose work inspires me, and makes me reflect more deeply upon how I go about doing things in various ways. Now, for folks who have been following my journey for a while, it's pretty clear that humor plays a big part in this, but that is not something that I usually talk about with respect to whose humor inspires me.Today that's going to change a little bit. My guest is Danielle Baskin, who among so many other things is the CEO of a company called Dialup, but more notably is renowned for pulling a bunch of—I don't know if we'd call them pranks. I don't know if we would call them performance art. I don't know if we would call them shitposting in real life, but they are all amazing. Danielle, thank you so much for joining. How do you describe what it is that you do?Danielle: Thanks for having me. Yeah, I've used a few different terms. I've called it situation design. I've called it serious jokes. I have called what I do business art, but all the things you said, shitposting IRL, that's part of it too.Corey: It's been an absolute pleasure to just watch what you've done since I first became aware of you, which our mutual friend, Chloe Condon first pointed me in your general direction with, “Hey, Corey, you think you're funny? You should watch what Danielle is doing.” That's not how she framed it, but that's what I took from it because I'm incredibly egotistical, which is now basically a brand slash core personality trait. There you have it.And I encountered you for the first time in person—I believe only time to date—at I believe it was Oracle OpenWorld on the expo floor. She had been talking about you a couple of days before, and I saw someone who could only be you because you were dressed as a seer to be at Oracle OpenWorld. The joke should be clear to folks but we'll explain it later for the folks who are—might need to replay that a bit. I staggered up to you with, “Hey, are you Chloe's friend?”Let me give listeners here some advice through counterexample. Don't do that. It makes you look like a sketchy person who has no clue how social graces work. No one has any context and as soon as you said, “No,” I realized, “Oh, I came across as a loon.” I am going to say, “Never mind. My mistake,” and walk away like a sensible person will after bungling an introduction like that. I'm not usually that inartful about these things. I don't know what the hell happened, but it happens often when we meet people that we consider celebrities, and sorry, for some of us that's you.Danielle: [laugh] yeah, also in fairness to you I was probably fully immersed in character being my wizard self, and so I was not there to, you know, be pulled back to reality. For some context, I was at Oracle OpenWorld because I made a thing called same exact name, oracleopenworld.org, but it's a divination conference for oracles, for fortune-tellers, for wizards, for seers, and it happened at the exact same place in time, so there was a whole crew of people dressed up with capes, and robes, and tall pointy hats doing tarot readings and practicing our divination skills.Corey: Now, I could wind up applying about two dozen different adjectives to Oracle, but playful is absolutely not one of them. I would not ever accuse Oracle, or frankly any large company of that scale of having anything even remotely resembling a sense of humor. As someone who does have to factor in the not that remote possibility of getting kicked out of events that I attend, how do you handle that and not find yourself arrested?Danielle: Oh, we were kicked out every single time.Corey: Oh, good good good.Danielle: I've done this for four years. The first year we were kicked out just because we didn't have badges. I made up our own conference lanyard; of course, there's security issues with that. We were pushed out onto the sidewalk, but I wanted to be inside the conference and closer to the building.The next year I did a two-layer conference badge, so I put the real one underneath the fake one so that if security went up to us we had the right to be there. What sort of happened—so, like, the first year we got kicked out was because we were all distributed; maybe there was like 20 of us. Sometimes we were together. Sometimes we were having our own adventures. My friend Brian decided do a séance for the Deloitte team.Corey: Well, that's Deloitte-ful. Tell me more.Danielle: [laugh]. Brian has never done a séance before, but he is a good improv actor and also a spiritual person, so this is, like, perfect for him. As the Deloitte team if they wanted to do a séance they were, like, sure because I think they didn't have anything going—I mean, people are bored at this conference.Corey: Oh, of course, they are.Danielle: Especially if your boss flew you there to stand at your booth and you've been saying the same thing over and over again; you're looking for something interesting. So, he grabs the pillows from a lounge area and little tea light candles and makes a whole circle so that the team can sit down.He's wearing a bright rainbow cape and he stands in the middle and he could have a booming voice if he wants to. So, he just starts riffing and going—he just goes into séance mode, and this was enough to trigger security noticing that something really weird was happening. And when they went—Corey: They come over and say, “What the hell is this?” The answer was “Kubernetes.”Danielle: I had said everyone can blame—if you get in trouble just blame me just say, “I'm doing this with my friend, Danielle,” and have them talk to me. I wanted more people to come and be wizards. I don't want them to worry about it, so I will take all of the issues on me. He said that he should talk to his manager, Danielle, or I don't know.He said something that made it seem we were all part of a company. Which then makes it seem like our whole project was secret guerilla marketing for something. And we didn't pay for booth. We were not selling anything. We were just trolling. Or not troll—I mean, we were having our own divination summit. We were genuinely—Corey: You were virally marketing is the right answer and from my perspective—Danielle: Yeah, no, I wasn't doing viral marketing. They think anything that's unusual and getting people's attention has the ultimate goal of selling something, which it's not a philosophy I live by.Corey: No, it feels like the weird counter-intuitive thing here is the way to get the blessing of everyone from this would've—the only step you missed was charging Deloitte for doing it at their booth because it attracts attention.Danielle: Oh, sure. Oracle should have been paying us a lot of money for entertaining people. Actually, genuinely I had some real heart-to-heart conversations with people who wanted to have a tarot reading about how should they talk to their boss about not listening to them. This is something magical that happens when you are dressed up in costume and you are acting really weird people feel they can say anything because you're acting way more unusual than them, so it sort of takes away people's barriers. So, people are very honest with me about their situation.People had questions about their family. Anyway, I was in the middle of a heart-to-heart tarot reading, and security at Oracle was alerted to find anyone with a cape. Find the wizards and kick them out because they didn't pay to be here. There's some weird marketing thing happen.Corey: “Find and eject the wizards,” is probably the most surreal thing that they have been told that year.Danielle: Oh, yeah. And they didn't know why. The message why I did not transmit to all the security, but they were just told to find us. Two guards with their walkie-talkies in their uniforms went up to me and they had to escort me off the premises. Which means we had to walk through the conference together and I asked them, “Why?” They're like, “We don't know. We were just told to find you.”Corey: Imagine them trying to find you stopping and asking people, “Excuse me, have you seen the wizard?”Danielle: Exactly.Corey: It is hard to be taken seriously when asking questions like that.Danielle: Totally, totally. So yeah, unfortunately, we had to leave and that has consistently happened because I've done it four times. The final year I went, there was a message before the event even started that you're not allowed to wear a cape.Corey: The fact that you can have actual changes made to company policy for large-scale, incredibly expensive events like that is a sign that you've made it.Danielle: It doesn't even point to any particular incident. Yeah, it's cool to have this sort of lore. When I asked in the last year I went, “I asked why can't we wear a cape?” And one of the event organizer security, I don't know what her role was. She said, “There was an incident the previous year.” Which she was talking about me and my friends.Corey: Of course, but that is the best part of it.Danielle: It's just lore than something once happened with these, like, dark spirits that tried to mess up the Oracle conference with their magic.Corey: Times change and events evolve. Years ago I attended an AWS Summit with a large protest sign that said on it AMI has three syllables, and it got a bit of an eyebrow raise from people at the door, but okay, great. Then people started protesting those events for one of the very many reasons people have to protest Amazon, and they keep piling more on that pile all the time which is neither here nor there.I realized, okay, I can't do that anymore because regardless of what the sign says I will get tackled at the door for trying to bring something like that in, and I don't try and actively disrupt keynotes. So okay, it's time to move on and not get myself viewed through certain lenses that are unhelpful, but it's always a question of moving on and try to top what I did previous years. Weren't you also at Dreamforce wearing pajamas?Danielle: I did a few things at Dreamforce. One year I literally set up a tent. They spend millions of dollars on beautiful fake trees and rocks, and also Dreamforce gets taken over every time the event occurs. I did a few things. I thought I should make it seem like this is real nature so I brought camping gear and a tent and just brought a hiking backpack in.Set it up in the middle of the conference floor laying by the waterfall, but there were people in suits networking around me that did not ask me any questions. I just stayed in the tent, but then I decided to list it on Airbnb. So, inside my tent, I was making an Airbnb listing telling people that they could stay at Dreamforce and explore the beautiful nature there, but it took an hour-and-a-half to get kicked out.Corey: The emails that you must have back and forth with places like Airbnb's customer support line and the rest have got to be legendary at this point.Danielle: [laugh] I get interesting cease-and-desists. I wish there was more dialogue. With Airbnb I just got my listing taken down and I couldn't talk to a human, and even when I got kicked out of Dreamforce they wanted me to leave immediately. I totally snuck in; I didn't have a badge or anything. So, I guess they're in the right for that. The second year at Dreamforce I wore a ghillie suit so I hid. So, I stayed a little bit after the conference ended by hiding as a bush.Corey: That is both amazing and probably terrifying for the worker that encountered you while trying to clean up.Danielle: Oh, I mean often employees—like it depends. Some people find my pranks really delightful because it shakes up their day. Security guards also find this amusing. There's some type of organizer that absolutely hates my pranks.Corey: There's something to be said for self-selecting your own audience. One question that I—sure you get; if I get it I know you get it—where it's difficult for people to sometimes draw the line between the fun whimsical things that you do as pranks and the actual things that you do. A great example of this is something you've been doing for, I think, four years now, the decruiter.Danielle: Yeah. The decruiter a service that's the opposite of a recruiter so it is—Corey: At the first re:Invent AWS had a slide that was apparently he made the night before or something and they misspelled security as decurity. From that perspective, what's a decruiter?Danielle: Yes, I love decurity as a way to talk about infiltrating a space, like, “No I'm a decurity officer.” Yeah, decruiter is basically a service where you talk to us to find out if you should quit your job. Instead of finding out if you should work at a place or figuring out what opportunities there are, we discuss the unemployed life—or the inbet—like, being self-employed, between jobs, switching careers, it's a whole spectrum but there's a few recruiters and we're all like very experienced not having an employer or working for a company. And so, we ask people about how would you spend your free time. What's your financial situation? Are you able to afford leaving? It gets pretty personal, but it's highly specific therapy, but we also don't have a high acceptance rate. I've only decruited like 15% people that I've talked to.Corey: Most of them realize that, oh, there's a lot of things I would have to do if I didn't have a job and I'm just going to stay where I am?Danielle: Yeah. Well, I think a lot of people think that as soon as they leave their job a lot of other things in their life will magically transform, or they'll finally be able to do their creative project they've always wanted to do. This is true some percentage of the time, but I always encourage people to do things outside of work and not seek in their whole fulfillment through their job.There's plenty of time where you can explore other ideas and even overlap them to make sure that like when you quit you have things lined up. A lot of people don't know how to answer, “If you suddenly left tomorrow and could just float for three months, what would you do?” If people give me a good answer—and this is similar to an actual job interview I was like, “Why are you excited about working this company?”If people give me a good answer, that's a conversation. A lot of people have no idea, but they're just stuck in a situation where there's things they could do in their outside of work life that would make them feel happier. That's why it's sort of like therapy, but there's a lot of internal company issues that I talk about. A common reason that people want to leave is that they love their role, they love the company's mission, but they do not like their manager, but their manager is really good friends with the CEO and they absolutely can't say anything. This is so common.Corey: They always say people they'll quit jobs they quit managers and there is something to be said for that.Danielle: Yes, it's scary for people to speak up or who do you write a letter to? How do you secretly talk with your team about it? Are you the only one feeling that way? Typically the people that are the most nervous about saying anything are kind of young either in their early 20s and they feel like they can't say anything.I encourage them to come up with a strategy for making change within their corporation but sometimes it's not worth it. If there's tons of other opportunities for them it's not worth them fixing their company.Corey: It's also I think not incumbent upon people to fix their entire corporate culture unless they're at a somewhat higher executive level. That's a fun thing. The derecruiter.com we'll definitely throw a link to that in the [show notes 00:15:49] and I'll start driving people to it when they ask me for advice on these things. Then you decided, okay, that's fun.You're one of those people I feel has a bit of the same alignment that I do which is, why do one thing when I could do a bunch of things? And you decided, ah, you're going to do a startup. What is the best thing that you can do that really can capitalize on emerging cultural trends? That's right. Getting millennial to make phone calls to each other. Tell me about that story.Danielle: Yeah, and it's not just millennials, though I'm millennial. So, a lot of millennials use Dialup. I mean, Dialup started as a project where basically me and a friend set up a robocall between ourselves. So, like a bot would call our phones and if we would pick up we'd both be connected, but neither of us was actually calling each other. So, it was a way to just always be catching up with each other.So, many friends asked me if they could join the robocalls. That was sort of the seat of Dialup is getting serendipitous phone calls throughout the day that connect you to a person that you might know or might want to meet. Because there's overlap of interest or overlap of someone you know. It grew from me and 20 friends to now 31,000 people who are actively using it all over the world and these conversations can be really incredible.Sometimes people stay on the phone for four hours. People have flown out to meet each other. I get notes every day of how a call has impacted someone one. So, that's what I'm up to now, but I'm trying to do more interesting things with voice technology. I just like realized, oh, the voice as a medium it just transports you to other worlds. You have space to imagine.I mean, people listening to this podcast right now they're not seeing us, but they probably are imagining us, what our rooms look like, what we look like. They're imagining the stories that we're telling them without the distraction of video. I want to do more interesting things with intimate audio—not broadcast stuff. Not Clubhouse or Spaces or anything like that, but just more interesting ways to connect people in one-on-ones.Corey: Something I've noticed is that the voice has a power that text does not. It makes it easier to remember that there's a human on the other side of things. It is far easier for me to send off an incendiary tweet at someone than it is for me to call them up and then berate them, not really my style.The more three-dimensional someone becomes in various capacities and the higher bandwidth the communication takes on, I think the easier it is to remember that most people who don't work at Facebook wake up in the morning hoping to do a good job today. Extending empathy to the rest of the world, that's an important thing.Danielle: Yeah, for sure. It's incredible that humans can detect emotional qualities in a voice call. It's hard to describe why, but people can detect pauses and little mutters. You can sort of know when someone's laughing or when someone's listening even though you're missing all of the visual cues.Corey: This episode is sponsored by our friends at Oracle Cloud. Counting the pennies, but still dreaming of deploying apps instead of "Hello, World" demos? Allow me to introduce you to Oracle's Always Free tier. It provides over 20 free services and infrastructure, networking, databases, observability, management, and security. And—let me be clear here—it's actually free. There's no surprise billing until you intentionally and proactively upgrade your account. This means you can provision a virtual machine instance or spin up an autonomous database that manages itself all while gaining the networking load, balancing and storage resources that somehow never quite make it into most free tiers needed to support the application that you want to build. With Always Free, you can do things like run small scale applications or do proof-of-concept testing without spending a dime. You know that I always like to put asterisks next to the word free. This is actually free, no asterisk. Start now. Visit snark.cloud/oci-free that's snark.cloud/oci-free.Corey: Taking a glance at dialup.com, it appears to be a completely free service. You mentioned that it has 30,000 folks involved. Are you taking the VC model of we're going to get a whole bunch of users first and then figure out how to make money later? Sometimes it works super well. Other times it basically becomes Docker retold.Danielle: I've been thinking about this a lot and I swing back and forth. Right now Dialup is its own thing, connecting strangers. It's free though I do have some paying clients because I do serendipitous one-on-ones within organizations. I've got a secret B2B page, and so that is a little bit of revenue. Right now I'm trying to sort of expand beyond Dialup and make a new thing, in which case I am leaning more towards building a sustainable and profitable company rather than do the raise-VC-money-until-you-die model.Corey: I think it's long past time to disrupt the trope of starving artist. What about well-paid artist? It seems like that would inspire and empower people to create a lot more art when they're not worrying about freezing to death. To that end or presumably to that end you are in the process of looking for a co-founder in what is arguably the most Danielle Baskin possible way. How are you doing it?Danielle: Oh, yeah. I could have done a regular LinkedIn post linking to a Google Doc, but that is not my style, and as a self-employed person I can't reach out to old coworkers and be like, “Oh, you're on my team a few years ago. What are you up to now?” So, I'm sort of under-networked and I thought I should make a game that sort of explains what I'm doing, but have people discover the game in an interesting way. So, I bought a bunch of floppy discs—I have a floppy disc dealer outside of LA.Corey: For those who are not millennials and are in fact younger than that—and of course let's not forget Gen X, the Baby Boom Generation, the Silent Generation which I can only assume is comprised entirely of people who represent big companies from a PR point of view because they never comment on anything. What is a floppy disc for someone who was born in, I don't know, 2005?Danielle: Oh, a floppy disk is how you would run software on your computer.Corey: Yeah, a USB stick with no capacity you can wreck with a magnet.Danielle: Yes, it's like a flat wide USB stick, but it only contains—Corey: 1.44 megabytes on the three-and-a-half-inch version.Danielle: I think some of them then went up to 2.88.Corey: Ohh.Danielle: You can't even fit a picture—a modern picture. You could do a super low-resolution pixel art.Corey: This picture of grandma has a whopping eight pixels in it. Oh, okay, great. I guess.Danielle: Yeah. More complex software would be eight floppy disks that you have to insert disk A, insert disk B.Corey: Anti-piracy warnings in that day of ‘don't copy that floppy.' It was a seminal thing for a long time.Danielle: I have it in my game; it says ‘don't make illegal copies of this game.' My game is not literally on the floppy disc. All floppy discs come with pretty interesting artwork on the label. There's a little space for a sticker, and because I have hundreds of floppy disks, I sort of looked at—I had a ton of design inspiration.So, I made floppy discs in the aesthetic of the other ones that say Cofounder Quest—like it's this game—and it leads you to a website. I scattered these in strategic places around the bay area, and I also mailed some to people outside of the bay area. If you stumble across this in person or on the internet, it leads you to this adventure game that's around seven minutes to play.It really explains what I want to do with Dialup, and explains me, and explains my aesthetic, and the sort of playful experiences that I'm into without telling you. So, you get to really experience it. At the end, it basically leads you to a job description and tells you to reach out to me if you're interested.Corey: I was independent for years and I finally decided to take on a business partner. As it turns out, Mike Julian, who's the CEO of The Duckbill Group and I go back ten years, he's my best friend. I kept correcting him. He introduced me as his friend. I said, “No, Mike, your best friend.” Then I got him on audio at one point saying, “Oh, Corey Quinn? He's my best friend.” I have that on my soundboard and I play it every time he gets uppity. That's the sort of nonsense it's important in a co-founder relationship. It is a marriage in some respects.Danielle: Oh, for sure.Corey: It's a business entity. Each one of you can destroy the other financially in different ways. You have to have shared values. The idea of speed-dating your way through finding some random co-founder as a job application, on some level, has always struck me as a little dissonant. I like the approach you're taking of this is who I am and how I go about things. If this aligns then we should talk, and if you don't like this you're not going to like any of the rest of this.Danielle: For sure. I'm definitely self-selecting with who would actually reach out after playing. I also understand. I'm not going to find a co-founder in a few weeks. I'm just starting conversations with people and then seeing who I should continue talking to or seeing if we could do a mini-project together.Yeah, it's weird. It's a very intense relationship. That's why people do end up becoming co-founders with someone that they already know who's a friend. It's possible I already know my co-founder and they've been in front of me this whole time. I think these sorts of moments happen, but I also think that it's cool to totally expand your network and meet someone who maybe has an overlap in spirit, but is someone that you would've never otherwise met. That there could be this great overlap or convergence there. I wanted to cast a very wide net with who this would reach, but it's still going to be a multi-month-long process or longer.Corey: It's not these one-off projects that are the most interesting part to me. It is the sheer variety and consistency of this. During the pandemic I believe you wound up having the verified checkmark badges for houses and fill out this form if you want one and for folks in San Francisco. Absolutely, of course, I filled that out. I read a fairly bad take news article on it of a bunch of people fell for this prank.No, absolutely not. If people are familiar with your work then they know exactly what they're getting into with something like this and you support the kinds of things you want to see more of in the world. I didn't fall for anything. I wanted to see where it led and that's how I feel on everything you do.Danielle: Yeah, you appreciated the joke.Corey: Yeah.Danielle: Yeah, I think people who are familiar with my work understand that I take jokes very seriously. So, it's not simply—like, usually it's not just a website that's like, huh, this was a trick. It's more of an ongoing theater piece. So, I actually did go through all of the applicants for the Blue Check Homes. Oh, for some context, I made a website where you could apply to have a blue verified badge and a plaster crest put on your house if you are a dignified authentic person that lives in the house.So, I'm interviewing—I narrowed it down to 50 people from all the applicants and I'm going through and interviewing people with a committee. I'm recording all of the interviews because I think this will make an interesting mini-documentary. I'm actually making one in installing one, but I'm documenting all of it.When I started it—for a lot of projects I don't have the ending planned yet. I like the sort of joke to unfold on the internet in real-time, and then figure out what the next thing I should do from there is and continue the project in a sort of curious exploratory mindset as opposed to just saying, “All right, the joke is done.”Corey: What is your process for coming up with this stuff? Because for me the most intimidating thing I ever see in the course of a week is not the inevitable cease and desist I get from every large cloud company for everything I do. Rather an empty page where it's all right time for me to write a humorous blog post, or start drafting the bones of a Twitter thread, or start writing my resignation and if I don't come with an idea by the end of it, I'll submit it. Where does the creative process start from with you?Danielle: Yeah. I rarely have creative brainstorming sessions. I'm a person who thinks of a million bad ideas and then there's one good one. My mind leaps to a ton of ideas. I rarely write down ideas. I don't do any sort of—you might imagine I'm in a room of whiteboards and post-it notes, workshopping things and doing creative brainstorm sessions, but I don't.I think I act upon the things that I feel just extremely excited about and feel like I must do this immediately. It's hard to explain, but with a lot of my ideas, I just feel this surge of energy. I have to do this because no one else will do it and it's funny at this moment. If I don't feel that way I kind of don't do anything and see if the idea keeps reemerging. With a lot of ideas I may be thought of it a year ago and it just kept resurfacing, but I don't really force myself to churn out creative projects if that makes sense. People have told me that my work reminds them of Mischief. It's like as a company that puts out a prank on a Tuesday every two weeks.Corey: Not familiar with them, but there have been a whole bunch of flash mob groups, and other folks who affected just wind up being professional pranksters, which I love the concept.Danielle: Yeah, yeah, for sure. I do churn out a lot of pranks and I even have my own prank calendar. I'm not strict with my own deadlines and I also think timing is important. So, you might think of a good idea, but then it's just the spirit of the zeitgeist doesn't want you to do it that week. I improvise the things that I want to launch. I mostly do things that I just feel are rich in something I could explore.Like, with Cofounder Quest I was always on the fence about it because it feels to me annoying to tell people you're trying to hire someone or to put yourself out there and be pitching your startup. So, I was kind of nervous about that, but I also thought if I leave a floppy disk in the park, and then put a picture on the internet it'll lead to something—there's something that it will lead to.It might lead to finding a co-founder. It might lead to meeting interesting people, but also I've never built an interactive game with audio and so I was interested in learning that, but yeah, I tend to land on ideas that I think are rich in terms of things I could learn. Things that I could turn into more immersive theater and things that keep resurfacing as opposed to keeping myself on a strict schedule of creative ideas if that makes sense.Corey: It makes a lot of sense. It's one of those things that it is not commonly understood for those of us who came up in the nose of the grindstone 40 hours a week, have a work ethic. Even if you're not busy look busy. Sometimes work looks a lot more like getting up and going to a coffee shop and meeting some stranger from the internet than it does sitting down churning out code.Danielle: For sure. I think that it is important to continue being in conversations with people. I think good ideas emerge while you're in the middle of talking, and you realize your own limitations and ideas when you have to explain things to other people. While something you're very clear in your head as soon as there's a person you don't know and they ask you, “What are you working on?” You realize, oh, there's so many gaps. It made perfect sense to me, but there's a lot of gaps. So yeah, I think it's important to stay in dialogue and also have to explain yourself to new people instead of just sort of making ideas in a vacuum.Corey: I want to thank you for being so generous with your time and talking to me about all the various things you have going on. If people want to follow along and learn more about what you're up to, where can they find you?Danielle: I post a lot of my projects on Twitter. So, I'm @djbaskin. If you want to play Cofounder Quest, it's cofounder.quest. That is an actual domain. I also have a website daniellebaskin.com, which has a lot of my projects, many of which we didn't discuss. I also do, similar to Oracle OpenWorld, I like to host popup events that involve lots of people trolling. So, if you want to get involved in anything you see I'm always happy to bring more wizards on board.Corey: We will, of course, put links to that in the [show notes 00:31:10]. Danielle, thank you so much for taking the time to speak with me today.Danielle: Oh yeah, thanks for having me. It was great talking with you.Corey: Danielle Baskin, CEO of Dialup, and oh so very much more. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast please leave a five-star review on your podcast platform of choice, along with a long rambling comment applying to be the co-host of this podcast, viewing it of course as a podcasting call.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

We each try out the new Pop_OS! and Carl Richell from System76 joins us to get into the details. Plus why we feel Pop might be the new Ubuntu. Special Guest: Carl Richell.

2021-12-14 Weekly News - Episode 128Watch the video version on YouTube at https://youtu.be/_GrDec5PVwg Hosts: Gavin Pickin - Senior Developer for Ortus SolutionsDan Card  - Software Developer for Ortus SolutionsThanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and almost every other Box out there. A few ways  to say thanks back to Ortus Solutions: Like and subscribe to our videos on YouTube.  Subscribe to our Podcast on your Podcast Apps and leave us a review Sign up for a free or paid account on CFCasts, which is releasing new content every week Buy Ortus's new Book - 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips) Patreon SupportWe have 37 patreons providing 97% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. News and EventsNew Host - Dan CardDan introduces himself and gives a quick run down of his CFML experience.Log4j Vulnerability ReportedThere is a critical security vulnerability (CVE-2021-44228 aka Log4Shell) in the java library log4j which is a popular logging library for java applications. It is included in both Adobe ColdFusion and Lucee for example.Putting together some info to help sort this issue out as it pertains to ColdFusion and Lucee users. I'll update this entry as needed.https://www.petefreitag.com/item/923.cfm Adobe's update on the matter (thanks charlie for pointing this out)Blog - https://coldfusion.adobe.com/2021/12/update-log4j-vulnerability/ Update - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html TLDR for AdobeThere is a critical security vulnerability (CVE-2021-44228) in the Log4j, which is a popular logging library for Java-based applications. The vulnerability also impacts Adobe ColdFusion.Adobe is investigating any potential impact and is taking action including updating affected systems to the latest versions of Apache Log4j recommended by the Apache Software Foundation.ColdFusion plans to release a patch (version(s) 2021, 2018) for this log4j vulnerability to customers on 12/17/2021. VERY FAST FOR ADOBE - THEY DONT MOVE FAST USUALLYIn the meantime, we recommend that ColdFusion users apply the following workarounds/mitigations steps, until this patch is released.Lucee is not affected https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331 Charlie's Blog on the matter https://www.carehart.org/blog/2021/12/14/about_the_log4jshell_pandemic https://coldfusion.adobe.com/2021/12/dealing-recent-log4j-vulnerability-adobe-releases-update/ More news links about Log4j https://www.zdnet.com/article/log4j-flaw-attackers-are-making-thousands-of-attempts-to-exploit-this-severe-vulnerability/New CommandBox FeatureAdd the equivalent of the mod_cfml tomcat valve into CommandBox as an Undertow handler to auto-create contexts based on the front-end servers's virtual hosts.Support the same request headers and behavior of mod_cfmlIdeally, this should have drop-in support behind BonCode IIS or Apache's mod_cfml moduleSupport max contexts settingMake this new behavior off (opt-in) by default Support and require shared key for security (Note, the current mod_cfml Tomcat valve does not require the shared key, but we will)https://ortussolutions.atlassian.net/browse/COMMANDBOX-1411 CBSecurity V2.15.0 released

A pesar de que casi cuarenta contenedores Docker lenvantados detrás de Traefik, lo cierto es que no soy de tenerlos actualizados. Si, soy consciente de que esto es un error de primero de contenedores, pero en general prefiero hacerlo así. Llámame maniático, llámame raro, o como tu quieras. Prefiero revisar que imágenes tengo que actualizar y llegado el momento actualizarlas, pero a mano. Esto de actualizar imágenes Docker, sin supervisión nunca lo he terminado de ver. Sin embargo, lo cierto es que esto es una verdadera locura. Es una verdadera locura porque alguno de estos contenedores, puede tener algún tipo de bug o agujero de seguridad y convertirse en la puerta de entrada. Y evidentemente no se trata de esto. De esta forma, y después de mucho darle muchas vueltas, he decidido ponerle remedio, y ver la mejor manera de actualizar las imágenes Docker. ... Más información en las notas del podcast sobre Como actualizar imágenes Docker automáticamente

In this episode Dominic speaks with Jon about his experience transitioning to using a screen reader and learning to code without his vision. They discuss how some of the tooling works, things other developers can do to make their code more accessible for blind teammates, and more.

In this episode Dominic speaks with Jon about his experience transitioning to using a screen reader and learning to code without his vision. They discuss how some of the tooling works, things other developers can do to make their code more accessible for blind teammates, and more.

Hace ya bastante tiempo que voy detrás de un acortador de urls. Son bastantes las razones que me hacían buscar un acortador de urls. Además de la obvia, la de acortar la url, detrás de este tipo de herramientas, hay determinadas características que las hacen realmente interesantes y recomendables. Definitivamente, te permiten tener un mayor y mejor control de todo aquello que compartes. No solo está el hecho de facilitar el compartir, sino que también es necesario llevar un control de esas descargas. En este sentido, en los últimos episodios del podcast te he hablado de diferentes herramientas para compartir todo tipo de archivos y documentos. Empezando por mi herramienta preferida Filebrowser de la que te hablé en el episodio 242 del podcast titulado explorador de archivos online y menús de restaurante. También te hablé de esta herramienta en el episodio 246, titulado ¿realmente necesitas NextCloud. Por otro lado, en las últimas semanas te he hablado de Gokapi y como reemplazar Firefox Send. Todo, con el objetivo de poder compartir de forma, relativamente sencilla archivos, en condiciones concretas. ... Más información en las notas del poscast sobre Shlink mi acortador de urls con Docker Grupo de telegram: atareao con Linux

The Technical University of Munich has won the Indy Autonomous Challenge. A competition for self-racing vehicles. In this podcast Roland Meertens discussies the the event itself, what makes it challenging, and the approach the TU Munich took with Joe Speed, Florian Sauerbeck, and Sebastian Huch. We discuss the importance of simulation, the limits of hardware, and how Docker helps crossing this gap. We end the podcast by discussing the role of open source software when taking on such a challenge. Read a transcript of this interview: https://bit.ly/3GlzbPw Subscribe to our newsletters: - The InfoQ weekly newsletter: www.infoq.com/news/InfoQ-Newsletter/ - The Software Architects' Newsletter [monthly]: www.infoq.com/software-architects-newsletter/ Upcoming Virtual Events - events.infoq.com/ QCon London: https://qconlondon.com/ - April 4-6, 2022 / London, UK QCon Plus: https://plus.qconferences.com/ - May 10-20, 2022 InfoQ Live: https://live.infoq.com/ - Feb 22, 2022 - June 21, 2022 - July 19, 2022 - August 23, 2022 Follow InfoQ: - Twitter: twitter.com/infoq - LinkedIn: www.linkedin.com/company/infoq/ - Facebook: www.facebook.com/InfoQdotcom/ - Instagram: @infoqdotcom - Youtube: www.youtube.com/infoq

The world of professional cycling is full of characters and they don't get much more interesting than Mitch Docker. Between his many iterations of mullets and mustaches, he was a standout, but it's his hard work and talent that made him a stalwart member of the pro peloton. This Australian made his way to Europe in 2006 to start his pro cycling career which has extended right up until the present, although Mitch is retiring from pro cycling here at the end of the 2021 season. Mitch and Ted will talk shop about the state of cycling, the changes over the years, the good, the bad, and the ugly at the top echelon of cycling, being a parent in the pro ranks, plus plenty more. Be sure to follow Mitch on social media, @MitchBowen, and definitely check out his podcast, Life in the Peloton.

About ClintonClinton Herget is Principal Solutions Engineer at Snyk, where he focuses on helping our large enterprise and public sector clients on their journey to DevSecOps. A seasoned technologist, Clinton spent his 15+ year career prior to Snyk as a web software engineer, DevOps consultant, cloud solutions architect, and technical director in the systems integrator space, leading client delivery of complex agile technology solutions. Clinton is passionate about empowering software engineers and is a frequent conference speaker, developer advocate, and everything-as-code evangelist.Links:Try Snyk for free today at:https://app.snyk.io/login?utm_campaign=Screaming-in-the-Cloud-podcast&utm_medium=Partner&utm_source=AWS TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by my friends at ThinkstCanary. Most companies find out way too late that they've been breached. ThinksCanary changes this and I love how they do it. Deploy canaries and canary tokens in minutes and then forget about them. What's great is the attackers tip their hand by touching them, giving you one alert, when it matters. I use it myself and I only remember this when I get the weekly update with a “we're still here, so you're aware” from them. It's glorious! There is zero admin overhead  to this, there are effectively no false positives unless I do something foolish. Canaries are deployed and loved on all seven continents. You can check out what people are saying at canary.love. And, their Kub config canary token is new and completely free as well. You can do an awful lot without paying them a dime, which is one of the things I love about them. It is useful stuff and not an, “ohh, I wish I had money.” It is speculator! Take a look; that's canary.love because it's genuinely rare to find a security product that people talk about in terms of love. It really is a unique thing to see. Canary.love. Thank you to ThinkstCanary for their support of my ridiculous, ridiculous non-sense.  Corey: Writing ad copy to fit into a 30 second slot is hard, but if anyone can do it the folks at Quali can. Just like their Torque infrastructure automation platform can deliver complex application environments anytime, anywhere, in just seconds instead of hours, days or weeks. Visit Qtorque.io today and learn how you can spin up application environments in about the same amount of time it took you to listen to this ad.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. This promoted episode features Clinton Herget, who's a principal solutions engineer at Snyk. Or ‘Snick.' Or ‘Cynic.' Clinton, thank you for joining me, how the heck do I pronounce your company's name?Clinton: That is always a great place to start, Corey, and we like to say it is ‘sneak' as in sneaking around or a pair of sneakers. Now, our colleagues in the UK do like to say ‘Snick,' but that is because they speak incorrectly. We will accept it; it is still wrong. As long as you're not saying ‘Sink' because it really has nothing to do with plumbing and we prefer to avoid that association.Corey: Generally speaking, I try not to tell other people how to run their business, but I will make an exception here because I can't take it anymore. According to CrunchBase, your company has raised $1.4 billion. Buy a vowel for God's sake. How much could it possibly cost for a single letter that clarifies all of this? My God.Clinton: Yeah, but then we wouldn't spend the first 20 minutes of every sales conversation talking about how to pronounce the company name and we would need to fill that with content. So, I think we're just going to stay the course from here on out.Corey: I like that. So, you're a principal solutions engineer. First, what does that do? And secondly, I've known an awful lot of folks who I would consider problem engineers, but they never self-describe that way. It's always solutions-oriented?Clinton: Well, it's because I worked for Snyk, and we're not a problems company, Corey, we're a solutions company.Corey: I like that.Clinton: It's an interesting role, right, because I work with some of our biggest customers, a lot of our strategic partners here in North America, and I'm kind of the evangelist that comes out and says, “Hey, here's what sucks about being a developer. Here's how we could maybe be better.” And I want to connect with other engineers to say, “Look, I share your pain, there might be an easier way, if you, you know, give me a few minutes here to talk about Snyk.”Corey: So, I've seen Snyk around for a while. I've had a few friends who worked there almost since the beginning and they talk about this thing—this was before, I believe, you had the Dobermann logo back in the early days—and I keep periodically seeing you folks in a variety of different contexts and different places. Often I'll be installing something from Docker Hub, for example, and it will mention that, oh, there's a Snyk scan thing that has happened on the command line, which is interesting because I, to the best of my knowledge, don't pay Docker for things that I do because, “No, I'm going to build it myself out of popsicle sticks,” is sort of my entire engineering ethos. But I keep seeing you in different cases where as best I am aware, I have never paid you folks for services. What is it you do as a company because you're one of those folks that I just keep seeing again and again and again, but I can't actually put my finger on what it is you do.Clinton: Yeah, you know, most people aren't aware that popsicle sticks are actually a CNCF graduated project. So, you know, that's that—Corey: Oh, and they're load-bearing in almost every piece of significant technical debt over the last 50 years.Clinton: Absolutely. Look at your bill of materials; it's there. Well, here's where I can drop in the other fun fact about Snyk's name, it's actually an acronym, right, stands for So, Now You Know. So, now you know that much, at least. Popsicle sticks, key component to any containerized infrastructure. Look, Snyk is a developer security company, right? And people hear that and go, “I'm sorry, what? I'm a developer; I don't give a shit about security.” Or, “I'm a security person”—Corey: Usually they don't say that out loud as often as you would hope, but it's like, “That's not true. I say that I care about security an awful lot.” It's like, “Yeah, you say that. Therein lies the rub.”Clinton: Until you get a couple of drinks in them at the party at re:Invent and then the real stuff comes out, right? No, Snyk is always been historically committed to the open-source community. We want to help open-source developers every bit as much as, you know, we're helping the engineers at our top-tier customers. And that's because fundamentally, open-source is inextricably linked to the way software is developed today, right? There is nobody not using open-source.And so we, sort of, have to be supporting those communities at the same time. And that fundamentally is where the innovation is happening. And you know, my sales guys hate when I say this, right, but you can get an amazing amount of value out of Snyk by using the freemium solution, using the open-source tooling that we've put out in the community, you get full access to our vulnerability database, which is updated every day, and if you're working on public projects, that's going to be free forever, right? We're fundamentally committed to making that work. If you're an enterprise that happens to have money to spend, I guess we'll take that too, right, but my job is really talking to developers and figuring out, you know, how can we reduce the amount of pain in your life through better security tooling?Corey: The challenging part is that your business, although I confess is significantly larger than my business, we're sort of on some level solving the same problem. And that sounds odd to say because I focus on fixing AWS bills and you're focused on improving developer security. But I'm moving up about six levels to the idea that there are only two big problems in the world of technology, in the world of companies for that matter. And the problem that we're solving is the worst one of the two. And that is reducing risk exposure.It is about eliminating downside. It's cost optimization, it's security tooling, it is insurance, et cetera, et cetera, et cetera. And the other problem, the one that I've always found, that is the thing that will get people actually excited rather than something they feel obligated to do is speeding up time to market, improving feature velocity, being able to deliver the right things sooner. That's the problem companies are biasing towards investing in extremely heavily. They'll convene the board to come up with an answer there.That said, you stray closer into that problem space than most security companies that I'm aware of just because you do in fact, speed up the developer process. It let people move faster, but do it safely at least is my general understanding. If I'm completely wrong on this, and, “Nope, we are purely risk mitigation, then this is going to look fairly silly, but it wouldn't be the first time I put my foot in my mouth.”Clinton: Yeah, Corey, it sounds like you really read the first three words of the website, right? “Develop fast. Stay secure.” And I think that fundamentally gets at the traditional alignment, where security equals slow, right, because risk mitigation is all about preventing problematic things from going into production. But only doing that as a stop gate at the end of the process, right, by essentially saying we assume all developers are bad and want to do bad things, and so we're going to put up this big gate and generate an 1100 page PDF, and then throw it back to them and say, “Now, go figure out all of the bad things you did and how to fix them. And by the way, you're already overshooting your delivery target.” Right? So, there's no way to win in that traditional model unless you're empowering developers earlier with the right context they need to actually write more secure code to begin with, rather than remediating after the fact when those fixes are actually most expensive.Corey: It's the idea of the people who want to slow down and protect things and not break are on the operation side of the world, and then you have developers who want to ship things. And you have that natural tension, so we're going to smash them together and call it DevOps, which at least if nothing else, leads to interesting stories on stages. Whether it actually leads to lasting cultural transformation is another thing entirely. And then someone said, “Well, what about security?” And the answer is, “We have a security department?” And the answer is, “Yeah, you know, those grumpy people that say no all the time whenever we ask if we could do anything.” “Oh, that security department. I ignore them and go around them instead.” And it's, “All right, well, we need help on that so we're going to smash them in, too.” Welcome to DevSecOps, which is basically buzzword-driven cultural development. And here we are. But there is something to be said for you can no longer be the Department of No. I would argue that you couldn't do that successfully previously, but at least now we're a little more aware of it.Clinton: I think you could certainly do that when you were deploying software a couple times a year, right? Because you could build in all of the time to very expensively and time consumingly fix things after the fact, right? We're no longer in that world. I think when you're deploying every few seconds or a few minutes, what you need is tooling that, first of all, runs at that speed, that gives developers insights into what risk are they bringing on board with that application once it will be deployed, but then also give them the context they actually need to fix things, right? I mean, regardless of where those vulnerabilities are found, it still ultimately is a line of code that has to be written by a developer and committed and pushed through a pipeline to make it back into production.And that's true, whether we're talking about application security and proprietary code, we're talking about vulnerabilities in open-source, vulnerabilities in the container, infrastructure as code. I mean, it used to be that a network vulnerability was fixed by somebody going into the data center, unplugging a Cat 5 cable and plugging it in somewhere else, right? I mean, that was the definition of network security. It was a hardware problem. Now, networking is software-defined. I mean [laugh]—Corey: Oh, the firewall I trust is basically a wire cutter. Yeah, cut through the entire cable, and that is the only secure firewall. And it's like, oh, no, no, there are side-channel attacks. It's not completely going to solve things for you. Yeah.Clinton: You know, without naming names, there are certainly vendors in the security space that still consider mitigation to be shutting down access to a workload, right. Like, let's remediate by taking this off of the internet and allowing it to no longer be accessible.Corey: I don't think it's come from a security standpoint, but that does feel like it's a disturbing proportion of Google's product strategy.Clinton: [laugh]. Absolutely. But you know, I do think maybe we can take the forward-looking step of saying there are ways to fix issues while keeping applications online at the same time. For example, by arming engineers with the security intelligence they need when they're making decisions about what goes into those applications. Because those wire cutters now, that's a line in a YAML file, right?That's a Kubernetes deployment, that's a CloudFormation template, and that is living in code in the same repo with everything else, with all of the other logic. And so it's fundamentally indistinguishable at the point where all security is really now developer security, except the security tooling available doesn't speak to the developer, it doesn't integrate into their workflow, it doesn't enable them to make remediations, it's still slapping them on the wrist. And this is why I think when you talk about—to invoke one of the most overused buzzwords in the security industry—when you talk about shifting left, that's really only half the story. I mean, if you're taking a traditional solution that's designed to slow things down, and shifting that into the developer workflow, you're just slowing them down earlier, right? You're not enabling them with better decision-making capacity so they can say, “Oh, I now understand the risks that I'm bringing on board by not sanitizing a string before I dump it into a SQL, you know, query. But now I understand that better because Snyk is giving me that information at the right time when I don't have to context switch out of it, which is, as I'm writing that line of code to begin with.”Corey: When I look at your website—and I'm really, really hoping that your marketing folks don't turn me into a liar on this one between the time we have recorded this and the time it sees the light of day in a week or so—it's notable because you are a security vendor, but you almost wouldn't know that from your website. And that is a compliment because at no point, start to finish, on the landing page at snyk.io do I see anything that codes to, “Hackers are coming to kill you. Give us money immediately to protect yourself.”You're not slinging FUD. You're talking entirely about how to improve velocity. The closest it gets to even mentioning security stuff is, “Ship on time with peace of mind.” That is as close as it gets to talking about security stuff. There is no fear based on this, and you don't treat people like children and say, “Security is extremely important.” “Thank you, Professor, I really appreciate that helpful tip.”Clinton: Yeah, you know, again, I think we take the very controversial approach that developers are not bad people who want to make applications less secure, right? And I think again, when you go into that 40-year trajectory of that constant tension between the engineering and the security sides of the house, it really involves certain perceptions about what those other people are like: security are bad and want to shut everything down; developers are, you know, wild cowboys who don't care about standardization and are just introducing a bunch of risk, right? Where Snyk comes in is fundamentally saying, “Hey, we can actually all live together in a world where we recognize there's pain on both sides?” And look, Corey, I'm coming to you after essentially waking up every day for 20 years and writing code of some kind or other, and I can tell you, developers are already scared enough, man. It is a fearful and anxiety ridden experience to know that you're not completely in command of what happens to that application once it leaves your IDE, right?You know at some point you're going to get that PDF dumped on you; you're going to have a build block, you're going to have a bug report come in from a very important customer at three o'clock in the morning and you're going to have to do something about it. I think every software engineer in the world carries that fear around with them. They don't have to be told you have the capacity to do bad stuff here and you should be better at it. What they need is somebody to tell them here's how to do things better, right? Here's not necessarily even why a cross-site scripting attack is dangerous—although we can certainly educate you on that as well—but here's what you need to do to remediate it. Here's how other developers have fixed that in applications that look like yours.And if you get that intelligence at the right point, then it becomes truly—to go back to your original question—it becomes about solutions rather than about problems, right? The last thing we ever want to do is adopt that traditional approach of saying, “You did a bad thing. It's your fault. You have to go figure out what to do. And then by the way, you have to do all the refactoring on top of that because we didn't tell you you did the bad thing until three weeks later when that traditional SaaS tool finally finished running.”Corey: Exactly. It's a question of how much can you reduce that feedback loop? If I get pinged 60 seconds after I commit code that there's a problem with it, great. I still have that in my head. Mostly. I hope. But if it's six months later it's, “Who even wrote this?” And I pull up git blame and, “Ah, crap, it was me. What was I possibly thinking back then?” It's about being able to move rapidly and fix things, I guess, as early in the process as possible, the whole shift-left movement. That's important. That's valuable.Clinton: Yeah, the context switching is so expensive, right, because the minute you switch away from that file, you're reading some documentation. You're out of that world. Most of the developer's time is spent getting into and out of different contexts. Once you're in there, I mean, you could rattle off 40 lines of code in a sitting and actually clear a ticket and you feel really good about yourself, right? The next day, when that comes back from QA saying you did something wrong here, that's the painful part of having to get back in.And by the time you've already done that, you've doubled the amount of time you've spent on that feature. So, it's all about integrating the right intelligence in the right context at the right time, and doing so in such a way that we're not throwing around blame, that we're not saying, “You should have known better.” We're saying, “We want to help you do this better because, you know, ultimately, you're going to write another SQL query. That's okay. We hope that maybe this will inspire you to sanitize those strings properly, and we're going to give you some suggestions on how to do that.”Corey: Yeah. Developer time is way more expensive than the infrastructure. That is, I think, a little understood facet of how this works from an engineering perspective because an awful lot of us came up in this industry considering our time to be free. Because we were doing this as a hobby in some cases, it was. When I was in my dorm room back many years ago, as I was basically in the process of being expelled from boarding school, it was very clearly my time was not worth a whole hell of a lot to anyone at that point.Speaking of expensive things, I want to talk for a minute about your pricing. And what I like about this is, let me be clear here. I am a big fan of taking shortcuts wherever I can, and one of the shortcuts I love doing—and I don't know if I've talked about it on this show before—is when I'm talking to a company and I need to figure out do they know what they're doing or are they clowns, I cheat and I go to the pricing page. And there are two big things that I look for, and you have them both.The first is that over on the far left side of the spectrum, it's do you have a free option? And yes, you do. And, “Click here to get started immediately.” Great because it's three in the morning, I need to get something done, I'm under a deadline, I do not have time for a conversation with sales, and as an engineer, I absolutely don't want to deal with that type of sales process because it feels weird to go and ask my boss to go ahead and sign off on something because I feel like my spending authority is capped at $20. Now that I have a little more context, I understand exactly why [laugh] my spending authority was capped at $20 back when I was an engineer.Clinton: Yeah, exactly right. And so it's not only that commitment to ensuring every software engineer in the world can have access to Snyk immediately by making one click because, you know, ultimately, we're committed to that community, right? There's 3 million developers using Snyk currently. That's about 10% of all engineers in the world. We're very proud of that number.We expect that to continue to grow and I think it shows that there is need out there, right? And if we can enable every engineer who's up at 3 a.m. faced with some security prospect to say, you know, it is as simple as getting a free account and getting a vulnerability report, getting the remediation advice, being able to sleep easier. I think we're successful as a company, regardless of what the bottom line is. But when you look at how to scale that into the enterprise, the way security solutions are priced, I mean, it's like throwing a bunch of wet noodles at the wall and seeing what sticks, right?Corey: Yes. And that's the other piece of your pricing that I like is a lot of people are going to be listening to that, what I'm saying right now about, “Oh, well, we have a free tier. Why do you think we're clowns?” It's, “Ah. Because the other end is just as important if not more so, which is there has to be an enterprise tier, and the price for that has got to be, ‘Click here to have a conversation.'” And the reason behind that is if you work in procurement, which is very often who's going to be reaching out on something like this, you are going to need custom contracts; you are going to want a long-term enterprise deal, and if the top tier is X dollars per thing that's already there, it reeks of unsophisticated vendor to a buyer in that position, and it makes the people a big blue chip companies think, “Oh, they don't know how to deal with someone at our scale.” Pricing his messaging, and I think people lose sight of that. You absolutely say the right things on both ends. I look at this, and there's nothing I would change or improve about your pricing page, which to be honest, is really rare.Clinton: I'm not sure all of our sales leaders would agree with you there, but I will pass that feedback along. Well, and the other thing I would add to that is, what everyone who's in a pricing conversation wants is predictability about what is this going to be in the future, right? And so we base our pricing on how many developers are in your organization, right? That's probably a number you know; that's probably a number that you can predict over time. We're not going to say, “How many CPUs are we using, right? What's the footprint of the cloud resources we're deploying to scan your stuff?” These are all things that you have very little control over and there is alchemy there that introduces a financial risk into that situation. And we're all about risk mitigation at scale, right?Corey: You don't pop up halfway through a cycle of, “Oh, you've gone on a hiring spree. Time to go ahead and pay us a bunch more money you didn't plan for or budget for.” I've had vendors pop up a quarter after I signed a deal—repeatedly—and it drives me up a wall because back in my engineering days, it was, great, now I have to spend time on this that I hadn't planned for; I have to go to my boss and ask for more money, never a great conversation, and as a cherry on top, I get to look like I don't know how to manage vendors for crap. It's just everyone is angry about those conversations. And even the salespeople reaching out had the decency to act a little sheepish about having to have that conversation with me.Clinton: The best ones do, at least. Well, and on top of that, you know, maybe that tool has been capped so that now your bills are breaking because you went one over your cap, right? So, I—Corey: Yeah. I love it. When I fail in production. That's my favorite thing. It's like, “All right, we're going to wind up not scanning for security stuff anymore. And if you go five beyond your cap, we're going to start introducing vulnerabilities.” It's, “That's awesome. Just, great plan.” But I'm kidding. I'm kidding. I want to be very clear, I have never heard a whisper of an actual vendor doing that, on purpose anyway.Clinton: Exactly. Right. And you know, look. We want to make it as easy as possible, and that's why, for example, we're on AWS Marketplace. You can use your existing EDP program to, you know, buy Snyk, just as—Corey: At 50% of your spend on Snyk then winds up counting toward your spend commit, which is always an interesting approach that some people are like, “Ooh. So, we can wind up transferring the money that we're spending on a vendor to count toward our commit?” But in many cases, it's how much are you spending on other third-party vendors in this space because you're getting excited about a few tens of thousands in most cases, and you have a $50 million annual [laugh] commit. What are you doing there, buddy? That's like trying to become a millionaire via credit card points. It doesn't usually pan out that way.Clinton: Fair enough. Yeah. And then look, we're very proud of that partnership with Amazon. And look if hey, if they can lock some of our customers into $15 million a year spend contracts, we'll take a few pennies on that, right?Corey: Oh, yeah, as a vendor, you'd be silly not too. It makes sense. But you're doing significantly more than that. As of this week being re:Invent week, you are—well, tell me about it.Clinton: Yeah, Corey, we are thrilled to announce this week that AWS is now integrating with Snyk's vulnerability database within Amazon Inspector. And this is going to bring the best-of-breed security intelligence with a curated vulnerability database, including all of our proprietary research around things like exploit maturity, reachability, vulnerable conditions, social trends on vulnerabilities, all available within Amazon Inspector to any developer utilizing it. We also have an AWS code pipeline integration that makes it easy for anyone utilizing AWS for your CI/CD to get immediate feedback on vulnerabilities in your applications as they move through that pipeline. And remember, we're never just going to say, “We've identified a vulnerability. Now, you need to figure out what to do with it.” We're always going to integrate the remediation advice because our audience at the end of the day is the developer whose job it is to make the fix and who has such a wide variety of responsibility these days, the best we can do is say to them, not just, “We found something wrong,” but, “Here's the solution that we think you should implement to get that secure code back out into production.”Corey: This episode is sponsored by our friends at CloudAcademy. That's right, they have a different lab challenge up for you called, “Code Red: Repair an AWS Environment with a Linux Bastion Host.” What does it do? Well, its going to assess your ability to troubleshoot AWS networking and security issues in a production like environment. Well, kind of, its not quite like production because some exec is not standing over your shoulder, wetting themselves while screaming. But..ya know, you can pretend in fact I'm reasonably certain you can retain someone specifically for that purpose should you so choose. If you are the first prize winner who completes all four challenges with the fastest time, you'll win a thousand bucks. If you haven't started yet you can still complete all four challenges between now and December 3rd to be eligible for the grand prize. There's only a few days left until the whole thing ends, so I would get on it now. Visit cloudacademy.com/corey. That's cloudacademy.com/C-O-R-E-Y, for god's sake don't drop the “E” that drives me nuts, and thank you again to Cloud Academy for not only promoting my ridiculous non sense but for continuing to help teach people how to work in this ridiculous environment.Corey: First, congratulations. It's neat to have a first-party integration like that with an AWS service, as opposed to, you know, their somewhat storied approach of, “Hey, it's an open-source project. We're just going to implement something that's API compatible ourselves, and irritate people.” Now, to be clear, my problem is not that you should expect to build anything and not face competition. My concern is a little bit more along the lines of, “Huh. Why is that same company always the first in line to compete with something.” Which is neither here nor there.Security is also one of those areas where I think competition is important. You want it continual background level of investment in the space because this stuff is super important. What I like about Snyk and a number of companies in this space is I know exactly where you stand. Let's contrast that for a second with AWS. You're integrating with Inspector, which is a great service, but you're not, I don't believe, integrating with their other security services such as [big breath in] Amazon Detective, the Audit Manager—if you want to consider that one of them—Amazon Macie, AWS Firewall Manager, AWS Shield, the Network Firewall, IoT Device Defender, CloudTrail, Config.Amazon Inspector is in one you're there, but not really Security Hub, or GuardDuty, or IAM itself. And I look at all of these services—I mean, IAM is free, of course, but the rest are very much not—and I do some basic arithmetic and I'm starting to realize that if I can figure all the various AWS security services together and what that's going to cost me, it turns out the answer is more than the data breach. So, on some level, it's one of those—at what point is it so confusing and it starts to look like a cross-sell deal between all of the different services, and turn them all on because you could ever have too much security, we still have to ship things eventually. And their security messaging has been extraordinarily confused for a long time. At some level, the fact that you are now integrating with them on the Inspector side means that for the first time, I think I understand what Inspector does now, which is more than a little messed up. But here we are.Clinton: Indeed. Well, the first thing I would say on that is, you know, stay tuned. As we move into the new year. I think you're going to see a lot more announcements both, you know, on the AWS side, but also kind of industry-wide and terms of integration with Snyk. That Vulnerability Database feed also, as you mentioned earlier, in use in Docker Hub, so anyone with Containers and Docker Hub can get advantage by scanning with our Snyk container tool.We have other integrations with Red Hat, for example. And there are actually many other companies utilizing that DB feed to, again, get access to that best in breed vulnerability data. When you talk about that model of, you know, being outcompeted on the security front, I think that's more difficult to do when you're actually talking about data, right? Like tooling, on some level—and I might get in trouble for saying this—but tooling is commodity, right? Somebody tomorrow is going to come out with a better tool to do a thing a little bit faster in a little bit more intuitive way. What can't be easily replicated is the data and intelligence behind that, right? And so that's why—Corey: Yeah, the secret sauce that makes you folks work is not the fact of, “Ah, we can fire off or catch a web hook, and then run the following command against the codebase.” That is—sure it's handy and it's useful and you're good at that, but that is not the reason that people become your customer.Clinton: Exactly right. Look, there's a lot of tools that can resolve the dependency tree within your open-source application, right? We can do that as well. We leverage a lot of open-source to do that, you know, we're very open with that. As I mentioned earlier, a lot of Snyk tooling is available on GitHub, you can see how it works, that code is public.Really the value we're providing is in that curated security research that our dedicated team is working on day in and day out and verifying public security data that's out in CVEs. Is this actually accurate? Do we agree with the severity rating? Might there be other factors that could modify that severity rating? What happens when you are scanning an application that might have some vulnerable conditions versus others? Don't you want to prioritize those vulnerabilities differently? What happens at runtime, right? If you're deploying an application to an EC2 instance with an OpenSSH ingress into your security group, that's going to make certain vulnerabilities a lot bigger risk than if you've got your IAC configured correctly, right? So, the really the overall mission of Snyk as we move into this broader, kind of, ASPM application, you know, security posture management space, is to say, how many different signals across the SDLC can we combine in intuitive ways for the developer to understand that risk at the right time with the right context and armed with the remediation advice to make a better decision as they're writing their code, you know, rather than after the fact? If I could sum it all up, kind of, that's the vision of where we are both today and ultimately where we're going.Corey: There also needs to be an understanding of who the customer is. If I go through the launch wizard and spin up in a brand new account, my first EC2 instance, and I spin up an instance by going through the wizard, the first thing it does is yell at me. Because, “Ah, that SSH port is open to the world.” Which you need to get into it, once it's there. So, it sets that up for me and yells at me all in the same breath. And it's, this is not a promising start; I kind of need that to get into it.Conversely, if you're not someone learning this stuff for the first time, and you're, oh I don't know, a production engineer at a bank, you care quite a bit differently in that use case about things like OpenSSH groups, it's security posture, et cetera, et cetera. An awful lot of the tooling is, “Ah, you're failing this benchmark, and this benchmark, and this benchmark,” from CIS and the rest of all these rules of, oh, you're not encrypting your data at rest. Well, it's in an AWS data center environment. Yeah, if someone could break in and steal the drives from multiple facilities and somehow recombine them together and get out alive, yeah, that's really not my threat model.But it's easy to turn it on and check a box and make an auditor go away. But that's not where I would spend the bulk of my energies if I'm trying to improve my security posture. And it turns into rote checklists super easily. The thing I've always appreciated about the stuff that you're tooling in the open-source world has highlighted is it's not nonsense. And I really can't understate just how valuable that is.Clinton: Absolutely. And that comes from a combination of signals across that SDLC, from the open-source, from the container, from the proprietary code, from the IAC, but then also what's happening at runtime, right? Like, how are those containers actually deployed onto EKS? What ports are open? What running binaries are on the container that might influence, you know, what packages you choose to upgrade, versus not?All of that matters, and what—you know, the issue I think now is getting that visibility to the developer at the right time so that they can make it actionable. And the thing about infrastructure as code, that I think that's really interesting and not super well understood is a lot of those defaults are really insecure. And developers have no idea, right? Like, they might not be aware that if you don't define that encryption for your S3 bucket, it'll happily deploy unencrypted, right? Yes, that's a compliance problem, but that's also potentially exacerbator have other vulnerabilities that might be in that application.But you only see those when you can combine and have a single pane of glass that gives you the runtime signaling plus everything that's happening in the application, armed with the correct information to actually remediate that at the time, and say, “Don't you think you wanted to add, you know, AES encryption to this bucket? Don't you think you wanted to close down port 22?” And also, combine that with your internal business logic, right? Like maybe for an internal only application that never transits beyond your VPC perimeter, sure, it's fine to have port 22 open, right? There's just going to be people within your zero-trust environment authenticating to it. But for your production web application, that might be a different story.Corey: There are other concerns, too. For example, I'm sitting here complaining about the idea of encrypting at rest in an AWS environment, but if you've signed customer contracts that state that you're doing it, you'd better freaking do it, as opposed to, “Well, I know what the actual security risk is and it's no big deal.” Yeah, don't make that decision. If you are contractually obligated to do a thing. Don't YOLO it; do what you say you're going to do. That's that whole integrity thing.Clinton: Oh, sure. And look in a battle between security and compliance. Compliance always wins, right? But from a developer perspective, I don't know that we on the front lines writing code actually differentiate, right? That certainly is a matter for the people defining the policies and, you know, creating their gating mechanisms in CI to figure out.What I want to know as a developer is, is my build going to succeed, right? Or am I going to get shut down and get the nastygram that says, you know, “We couldn't launch this for x, y, and z reason.” Now, everybody on my team hates me, my lead dev is on me, now there's a bunch of merge conflicts because my branch is behind. I want to get that out into production, but in order to do that, I need information on how are all these signals going to be compiled together in a way that, you know, creates that red light or green light on the risk dashboard later on. But up until I think, you know, relatively recently, I don't have visibility into that except to launch the commit, you know, start the build and see what happens, and then I have that context-switching problem, right, because it's hours or days later, that I finally get that signal back.So yes, I think we have a compliance story to tell from the Snyk perspective as well. A lot of those same issues, you know, we're detecting, especially with regard to infrastructure as code, but it ultimately is up to various parts of the organization to work together and say, “What balance do we want to strike between security and velocity,” right? Understanding that those are not mutually opposed. What we need is tooling and more importantly a culture that takes both into account and allows us to develop securely and fast at the same time.Corey: I want to thank you so much for taking the time to speak with me about all this. If people want to learn more, where can they find you? And for God's sake, please don't say in your booth at re:Invent.Clinton: [laugh]. I will not be at re:Invent this year. I've had a little bit too much of the Vegas Strip here recently.Corey: No, I hear you. Right now, the people going are those whose employers find them expendable, which is why I'm there.Clinton: I wouldn't say that Corey. I think you'll do great, and you know, just make sure to bank all your vacation for a couple weeks after. Look, come to snyk.io start a conversation, but more importantly, just start using it, right?I don't want to give you the sales pitch; I want you to see the value in the tooling, and the easiest way to do that as an engineer is just to start using it. And if there is value there, you want to bring it to your enterprise. I would love to have that conversation and move forward. But engineer to engineer, like, figure out if this is going to work for you: does it make your life easier? Does it reduce the pain and anxiety you feel before making that commit into the production branch? And if so, then yeah, we'd love to talk.Corey: I will, of course, put links to that in the [show notes 00:33:22]. Thank you so much for speaking to me today. I really appreciate it.Clinton: Thank you, Corey. Glad to do it.Corey: Clinton Herget, principal solutions engineer at Snyk. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment yelling at Snyk about how they're a terrible company because they continually refuse to patronize your side business down at the Vowel Emporium.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

The Director of EndlessOS joins us to respond to recent Flatpak criticism. We take the opportunity to expand on the overall effort to solve Linux fragmentation. Special Guests: Martin Wimpress, Neal Gompa, and Will Thompson.

Guest Jason Polites joins Stephanie Wong and Bukola Ayodele this week to talk about advances in serverless computing with Cloud Run and how developers and wallets are benefiting. Cloud Run, a managed service which allows developers to run containers, is now available in all GCP regions, offers increased resource access, global load balancing, and more. Jason tells us how this evolution of Cloud Run has led to the support of bigger, more complicated, and even legacy software fully and efficiently functioning in a serverless environment. The team at Google continues to expand offerings in order to afford the benefits of auto-scaling and other managed services to all workloads. Always On CPU, for example, supports projects with running background functions. Later, Jason gives us examples of projects that best fit a serverless infrastructure and the cost benefits of using Cloud Run. He offers cost-saving tips for projects, like committed use discounts and auto-scaling limits. Balancing cost efficiency with global reliability is important, and Jason tells us how this is easily achieved with Cloud Run features like scaling to zero. To limit the barrier to entry for new Cloud Run and container users, Jason and his team have been working on open source build packs. Developers can turn code into a container without creating Docker files. The containers running in Cloud Run are highly portable as well, giving companies the freedom to move their containers freely. Jason Polites Jason leads the Serverless Compute product team in Google Cloud, including products like Cloud Run and App Engine. Cool things of the week Illicit coin mining, ransomware, APTs target cloud users in first Google Cybersecurity Action Team Threat Horizons report blog Microservices architecture on Google Cloud blog Interview Cloud Run site Cloud Run CPU Allocation docs Run more workloads on Cloud Run with new CPU allocation controls blog Docker site Google Cloud Buildpacks site App Engine site Cloud Functions site GCP Podcast Episode 173: Cloud Run with Steren Giannini and Ryan Gregg podcast GCP Podcast Episode 203: Cloud Run GKE with Donna Malayeri podcast GCP Podcast Episode 261: Full Stack Dart with Tony Pujals and Kevin Moore podcast What's something cool you're working on? Bukola just finished Season 2 of the Click to Deploy series.

We revisit some old assumptions about the open-source Plex-alternative, Jellyfin. We each try it out, and along the way, gain a few insights about open source.