Podcast appearances and mentions of liz rice

Ship It! DevOps, Infra, Cloud Native

Play Episode Listen Later Aug 25, 2022 74:44 Transcription Available

A few weeks ago, Jerod spoke with Liz Rice about the power of eBPF on The Changelog. Today, we have the pleasure of both Liz Rice, Chief Open Source Office at Isovalent & Thomas Graf, CTO & co-founder at Isovalent, the creators of Cilium. Around 2014, Facebook achieved a 10x performance improvement by replacing their traditional load balancers with eBPF. In 2017, every single packet that went to Facebook was processed by eBPF. Nowadays, every Android phone is using it. Truth be told, if it's network-related and it matters, eBPF is most likely a part of it.

truth network android operations cloud ship infrastructure belong cto devops kubernetes sre devsecops cloud native jerod cncf changelog ebpf cilium liz rice isovalent

All your network are belong to eBPF

Play Episode Listen Later Aug 25, 2022 74:44 Transcription Available

truth network android operations cloud infrastructure belong cto devops kubernetes sre devsecops cloud native jerod cncf changelog ebpf cilium liz rice isovalent

The power of eBPF

The Changelog

Play Episode Listen Later Aug 14, 2022 64:53 Transcription Available

eBPF is a revolutionary kernel technology that has lit the cloud native world on fire. If you're going to have one person explain the excitement, that person would be Liz Rice. Liz is the COSO at Isovalent, creators of the open source Cilium project and pioneers of eBPF tech. On this episode Liz tells Jerod all about the power of eBPF, where it came from, what kind of new applications its enabling, and who is building the next generation of networking, security, and observability tools with it.

development code software hackers programming open source software engineering jerod changelog coso ebpf cilium liz rice isovalent jerod santo

The power of eBPF (The Changelog #501)

development code software hackers programming open source software engineering jerod changelog coso ebpf cilium liz rice isovalent jerod santo

Play Episode Listen Later Aug 14, 2022 64:53 Transcription Available

Why sidecar-less Cilium Mesh is a game-changer

Eficode

Play Episode Listen Later Aug 4, 2022 45:26

The Cilium project - best known as a networking plugin for Kubernetes - just released a service mesh functionality. We've invited Liz Rice for a technical conversation around Cilium Service Mesh. Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She was Chair of the CNCF's Technical Oversight Committee in 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly. Liz Rice in LinkedIn https://www.linkedin.com/in/lizrice A guided tour of Cilium Service Mesh: https://www.youtube.com/watch?v=e10kDBEsZw4 Guide: Make the most of DevOps and Cloud https://hubs.li/Q01jd2fZ0 The Future of Kubernetes - a blog post: https://hubs.li/Q01jd0ZD0 Takeaways and Trends in CloudNativeCon 2022 - a blog post: https://hubs.li/Q01jd0-x0

game changers co chair devops mesh kubernetes sidecar cncf ebpf container security cilium liz rice isovalent kubecon cloudnativecon

Liz Rice

Kube Cuddle

Play Episode Listen Later Jun 30, 2022 60:41

Thanks for all of the support that the podcast is getting on Patreon. If you'd like to help keep the podcast sustainable for only $2 a month, you can get more info here.Liz's TwitterRich's TwitterPodcast TwitterLinks:eBPFCiliumZX80 / Timex Sinclair 1000 / Commodore 64Kelsey Hightower's Tetris demoThomas GrafBrendan GreggLiz's talk at KubeCon LAA Beginner's Guide to eBPF Programming with GoHubbleDTraceBeyond printf & tcpdump: Debugging Kubernetes Networking with eBPF (from KubeCon LA)TetragonThe Clilum Project Update at KubeCon ValenciaLiz's talk about the Cilium Service MeshThe CNCF's Technical Oversight CommitteeThe Charlie memeThat XKCD cartoonWhat is eBPF? by LizListener question from @isugimpy - Thanks!Episode TranscriptLogo by the amazing Emily Griffin.Music by Monplaisir.Thanks for listening.★ Support this podcast on Patreon ★

music guide containers kubernetes monplaisir ebpf liz rice

eBPF, with Liz Rice (Isovalent) - S03E02

Console DevTools

Play Episode Listen Later Jun 16, 2022 32:23

In this episode we speak to Liz Rice, Chief Open Source Officer at Isovalent, the company behind the open source eBPF product Cilium. We discuss why it's such a revolutionary approach to developing low-level kernel applications, how BPF can be used for observability, networking and security, how developers should think about application security, and why all of these technologies are open source.About Liz RiceLiz Rice is Chief Open Source Officer at eBPF pioneers Isovalent, creators of the Cilium project, which provides cloud native networking, observability and security. Prior to Isovalent she was VP Open Source Engineering with security specialists Aqua Security. She is also Chair of the CNCF's Technical Oversight Committee, has co-chaired the KubeCon / CloudNativeCon and is an Ambassador for Open UK.Other things mentioned:IsovalentBerkeley labDave ThalerKubernetesFirecrackerLambdaM1 MacbookVS CodeLet us know what you think on Twitter:https://twitter.com/consoledotdevhttps://twitter.com/davidmyttonhttps://twitter.com/lizriceOr by email: hello@console.devAbout ConsoleConsole is the place developers go to find the best tools. Our weekly newsletter picks out the most interesting tools and new releases. We keep track of everything - dev tools, devops, cloud, and APIs - so you don't have to. Sign up for free at: https://console.devRecorded: 2022-05-05.

networking ambassadors developers console apis cncf ebpf bpf aqua security cilium liz rice isovalent open uk kubecon cloudnativecon

Siphoning through the Acronyms with Liz Rice

Screaming in the Cloud

Play Episode Listen Later Mar 8, 2022 37:12

About LizLiz Rice is Chief Open Source Officer with cloud native networking and security specialists Isovalent, creators of the Cilium eBPF-based networking project. She is chair of the CNCF's Technical Oversight Committee, and was Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly.She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, and competing in virtual races on Zwift.Links: Isovalent: https://isovalent.com/ Container Security: https://www.amazon.com/Container-Security-Fundamental-Containerized-Applications/dp/1492056707/ Twitter: https://twitter.com/lizrice GitHub: https://github.com/lizrice Cilium and eBPF Slack: http://slack.cilium.io/ CNCF Slack: https://cloud-native.slack.com/join/shared_invite/zt-11yzivnzq-hs12vUAYFZmnqE3r7ILz9A TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Today's episode is brought to you in part by our friends at MinIO the high-performance Kubernetes native object store that's built for the multi-cloud, creating a consistent data storage layer for your public cloud instances, your private cloud instances, and even your edge instances, depending upon what the heck you're defining those as, which depends probably on where you work. It's getting that unified is one of the greatest challenges facing developers and architects today. It requires S3 compatibility, enterprise-grade security and resiliency, the speed to run any workload, and the footprint to run anywhere, and that's exactly what MinIO offers. With superb read speeds in excess of 360 gigs and 100 megabyte binary that doesn't eat all the data you've gotten on the system, it's exactly what you've been looking for. Check it out today at min.io/download, and see for yourself. That's min.io/download, and be sure to tell them that I sent you.Corey: This episode is sponsored in part by our friends at Sysdig. Sysdig is the solution for securing DevOps. They have a blog post that went up recently about how an insecure AWS Lambda function could be used as a pivot point to get access into your environment. They've also gone deep in-depth with a bunch of other approaches to how DevOps and security are inextricably linked. To learn more, visit sysdig.com and tell them I sent you. That's S-Y-S-D-I-G dot com. My thanks to them for their continued support of this ridiculous nonsense.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. One of the interesting things about hanging out in the cloud ecosystem as long as I have and as, I guess, closely tied to Amazon as I have been, is that you learned that you never quite are able to pronounce things the way that people pronounce them internally. In-house pronunciations are always a thing. My guest today is Liz Rice, the Chief Open Source Officer at Isovalent, and they're responsible for, among other things, the Cilium open-source project, which is around eBPF, which I can only assume is internally pronounced as ‘Ehbehpf'. Liz, thank you for joining me today and suffering my pronunciation slings and arrows.Liz: I have never heard ‘Ehbehpf' before, but I may have to adopt it. That's great.Corey: You also are currently—in a term that is winding down if I'm not misunderstanding—you were the co-chair of KubeCon and CloudNativeCon at the CNCF, and you are also currently on the technical oversight committee for the foundation.Liz: Yeah, yeah. I'm currently the chair, in fact, of the technical oversight committee.Corey: And now that Amazon has joined, I assumed that they had taken their horrible pronunciation habits, like calling AMIs ‘Ah-mies' and whatnot, and started spreading them throughout the ecosystem with wild abandon.Liz: Are we going to have to start calling CNCF ‘Ka'Nff' or something?Corey: Exactly. They're very frugal, by which I mean they never buy a vowel. So yeah, it tends to be an ongoing challenge. Joking and all the rest aside, let's start, I guess, at the macro view. The CNCF does an awful lot of stuff, where if you look at the CNCF landscape, for example, like, I think some of my jokes on the internet go a bit too far, but you look at this thing and last time I checked, there were something like four or 500 different players in various spaces.And it's a very useful diagram, don't get me wrong by any stretch of the imagination, but it also is one of those things that is so staggeringly vast that I've got a level with you on this one, given my old, ancient sysadmin roots, “The hell with it. I'm going to run some VMs in a three-tiered architecture just like grandma and grandpa used to do,” and call it good. Not really how the industry is evolved, but it's overwhelming.Liz: But that might be the right solution for your use case so, you know, don't knock it if it works.Corey: Oh, yeah. If it's a terrible architecture and it works, is it really that terrible of an architecture? One wonders.Liz: Yeah, yeah. I mean, I'm definitely not one of those people who thinks, you know, every solution has the same—you know, is solved by the same hammer, you know, all problems are not the same nail. So, I am a big fan of a lot of the CNCF projects, but that doesn't mean to say I think those are the only ways to deploy software. You know, there are plenty of things like Lambda are a really great example of something that is super useful and very applicable for lots of applications and for lots of development teams. Not necessarily the right solution for everything. And for other people, they need all the bells and whistles that something like Kubernetes gives them. You know, horses for courses.Corey: It's very easy for me to make fun of just about any company or service or product, but the thing that always makes me set that aside and get down to brass tacks has been, “Okay, great. You can build whatever you want. You can tell whatever glorious marketing narrative you wish to craft, but let's talk to a real customer because once we do that, then if you're solving a problem that someone is having in the wild, okay, now it's no longer just this theoretical exercise and PowerPoint. Now, let's actually figure out how things work when the rubber meets the road.”So, let's start, I guess, with… I'll leave it to you. Isovalent are the creators of the Cilium eBPF-based networking project.Liz: Yeah.Corey: And eBPF is the part of that I think I'm the most familiar with having heard the term. Would you rather start on the company side or on the eBPF side?Liz: Oh, I don't mind. Let's—why don't we start with eBPF? Yeah.Corey: Cool. So easy, ridiculous question. I know that it's extremely important because Brendan Gregg periodically gets on stage and tells amazing stories about this; the last time he did stuff like that, I went stumbling down into the rabbit hole of DTrace, and I have never fully regretted doing that, nor completely forgiven him. What is eBPF?Liz: So, it stands for extended Berkeley Packet Filter, and we can pretty much just throw away those words because it's not terribly helpful. What eBPF allows you to do is to run custom programs inside the kernel. So, we can trigger these programs to run, maybe because a network packet arrived, or because a particular function within the kernel has been called, or a tracepoint has been hit. There are tons of places you can attach these programs to, or events you can attach programs to.And when that event happens, you can run your custom code. And that can change the behavior of the kernel, which is, you know, great power and great responsibility, but incredibly powerful. So Brendan, for example, has done a ton of really great pioneering work showing how you can attach these eBPF programs to events, use that to collect metrics, and lo and behold, you have amazing visibility into what's happening in your system. And he's built tons of different tools for observing everything from, I don't know, memory use to file opens to—there's just endless, dozens and dozens of tools that Brendan, I think, was probably the first to build. And now this sort of new generations of eBPF-based tooling that are kind of taking that legacy, turning them into maybe more, going to say user-friendly interfaces, you know, with GUIs, and hooking them up to metrics platforms, and in the case of Cilium, using it for networking and hooking it into Kubernetes identities, and making the information about network flows meaningful in the context of Kubernetes, where things like IP addresses are ephemeral and not very useful for very long; I mean, they just change at any moment.Corey: I guess I'm trying to figure out what part of the stack this winds up applying to because you talk about, at least to my mind, it sounds like a few different levels all at once: You talk about running code inside of the kernel, which is really close to the hardware—it's oh, great. It's adventures in assembly is almost what I'm hearing here—but then you also talk about using this with GUIs, for example, and operating on individual packets to run custom programs. When you talk about running custom programs, are we talking things that are a bit closer to, “Oh, modify this one field of that packet and then call it good,” or are you talking, “Now, we launch Microsoft Word.”Liz: Much more the former category. So yeah, let's inspect this packet and maybe change it a bit, or send it to a different—you know, maybe it was going to go to one interface, but we're going to send it to a different interface; maybe we're going to modify that packet; maybe we're going to throw the packet on the floor because we don't—there's really great security use cases for inspecting packets and saying, “This is a bad packet, I do not want to see this packet, I'm just going to discard it.” And there's some, what they call ‘Packet of Death' vulnerabilities that have been mitigated in that way. And the real beauty of it is you just load these programs dynamically. So, you can change the kernel or on the fly and affect that behavior, just immediately have an effect.If there are processes already running, they get instrumented immediately. So, maybe you run a BPF program to spot when a file is opened. New processes, existing processes, containerized processes, it doesn't matter; they'll all be detected by your program if it's observing file open events.Corey: Is this primarily used from a security perspective? Is it used for—what are the common use cases for something like this?Liz: There's three main buckets, I would say: Networking, observability, and security. And in Cilium, we're kind of involved in some aspects of all those three things, and there are plenty of other projects that are also focusing on one or other of those aspects.Corey: This is where when, I guess, the challenge I run into the whole CNCF landscape is, it's like, I think the danger is when I started down this path that I'm on now, I realized that, “Oh, I have to learn what all the different AWS services do.” This was widely regarded as a mistake. They are not Pokémon; I do not need to catch them all. The CNCF landscape applies very similarly in that respect. What is the real-world problem space for which eBPF and/or things like Cilium that leverage eBPF—because eBPF does sound fairly low-level—that turn this into something that solves a problem people have? In other words, what is the problem that Cilium should be the go-to answer for when someone says, “I have this thing that hurts.”Liz: So, at one level, Cilium is a networking solution. So, it's Kubernetes CNI. You plug it in to provide connectivity between your applications that are running in pods. Those pods have to talk to each other somehow and Cilium will connect those pods together for you in a very efficient way. One of the really interesting things about eBPF and networking is we can bypass some of the networking stack.So, if we are running in containers, we're running our applications in containers in pods, and those pods usually will have their own networking namespace. And that means they've got their own networking stack. So, a packet that arrives on your machine has to go through the networking stack on that host machine, go across a virtual interface into your pod, and then go through the networking stack in that pod. And that's kind of inefficient. But with eBPF, we can look at the packet the moment it's come into the kernel—in fact in some cases, if you have the right networking interfaces, you can do it while it's still on the network interface card—so you look at that packet and say, “Well, I know what pod that's destined for, I can just send it straight there.” I don't have to go through the whole networking stack in the kernel because I already know exactly where it's going. And that has some real performance improvements.Corey: That makes sense. In my explorations—we'll call it—with Kubernetes, it feels like the universe—at least at the time I went looking into it—was, “Step One, here's how to wind up launching Kubernetes to run a blog.” Which is a bit like using a chainsaw to wind up cutting a sandwich. Okay, massively overpowered but I get the basic idea, like, “Okay, what's project Step Two?” It's like, “Oh, great. Go build Google.”Liz: [laugh].Corey: Okay, great. It feels like there's some intermediary steps that have been sort of glossed over here. And at the small-scale that I kicked the tires on, things like networking performance never even entered the equation; it was more about get the thing up and running. But yeah, at scale, when you start seeing huge numbers of containers being orchestrated across a wide variety of hosts that has serious repercussions and explains an awful lot. Is this the sort of thing that gets leveraged by cloud providers themselves, is it something that gets built in mostly on-prem environments, or is it something that rides in, almost, user-land for most of these use cases that customers coming to bringing to those environments? I'm sorry, users, not customers. I'm too used to the Amazonian phrasing of everyone as a customer. No, no, they are users in an open-source project.Liz: [laugh]. Yeah, so if you're using GKE, the GKE Dataplane V2 is using Cilium. Alibaba Cloud uses Cilium. AWS is using Cilium for EKS Anywhere. So, these are really, I think, great signals that it's super scalable.And it's also not just about the connectivity, but also about being able to see your network flows and debug them. Because, like you say, that day one, your blog is up and running, and day two, you've got some DNS issue that you need to debug, and how are you going to do that? And because Cilium is working with Kubernetes, so it knows about the individual pods, and it's aware of the IP addresses for those pods, and it can map those to, you know, what's the pod, what service is that pod involved with. And we have a component of Cilium called Hubble that gives you the flows, the network flows, between services. So, you know, we've probably all seen diagrams showing Service A talking to Service B, Service C, some external connectivity, and Hubble can show you those flows between services and the outside world, regardless of how the IP addresses may be changing underneath you, and aggregating network flows into those services that make sense to a human who's looking at a Kubernetes deployment.Corey: A running gag that I've had is that one of the drawbacks and appeals of Kubernetes, all at once, is that it lets you cosplay as a cloud provider, even if you don't happen to work for one of them. And there's a bit of truth to it, but let's be serious here, despite what a lot of the cloud providers would wish us to believe via a bunch of marketing, there's a tremendous number of data center environments out there, hybrid environments, and companies that are in those environments are not somehow laggards, or left behind technologically, or struggling to digitally transform. Believe it or not—I know it's not a common narrative—but large companies generally don't employ people who lack critical thinking skills and strategic insight. There's usually a reason that things are the way that they are and when you don't understand that my default approach is that, oh context that gets missing, so I want to preface this with the idea there is nothing wrong in those environments. But in a purely cloud-native environment—which means that I'm very proud about having no single points of failure as I have everything routing to a single credit card that pays the cloud providers—great. What is the story for Cilium if I'm using, effectively, the managed Kubernetes options that Name Any Cloud Provider will provide for me these days? Is it at that point no longer for me or is it something that instead expresses itself in ways I'm not seeing, yet?Liz: Yeah, so I think, as an open-source project—and it is the only CNI that's at incubation level or beyond, so you know, it's CNCF-supported networking solution; you can use it out of the box, you can use it for your tiny blog application if you've decided to run that on Kubernetes, you can do so—things start to get much more interesting at scale. I mean, that… continuum between you know, there are people purely on managed services, there are people who are purely in the cloud, hybrid cloud is a real thing, and there are plenty of businesses who have good reasons to have some things in their own data centers, something's in the public cloud, things distributed around the world, so they need connectivity between those. And Cilium will solve a lot of those problems for you in the open-source, but also, if you're telco scale and you have things like BGP networks between your data centers, then that's where the paid versions of Cilium, the enterprise versions of Cilium, can help you out. And, as Isovalent, that's our business model to have, like—we fully support or we contribute a lot of resources into the open-source Cilium, and we want that to be the best networking solution for anybody, but if you are an enterprise who wants those extra bells and whistles, and the kind of scale that, you know, a telco, or a massive retailer, or a large media organization, or name your vertical, then we have solutions for that as well. And I think it was one of the really interesting things about the eBPF side of it is that, you know, we're not bound to just Kubernetes, you know? We run in the kernel, and it just so happens that we have that Kubernetes interface for allocating IP addresses to endpoints that happened to be pods. But—Corey: So, back to my crappy pile of VMs—because the hell with all this newfangled container nonsense—I can still benefit from something like Cilium?Liz: Exactly, yeah. And there's plenty of people using it for just load-balancing, which, why not have an eBPF-based high-performance load balancer?Corey: Hang on, that's taking me a second to work my way through. What is the programming language for eBPF? It is something custom?Liz: Right. So, when you load your BPF program into the kernel, it's in the form of eBPF bytecode. There are people who write an eBPF bytecode by hand; I am not one of those people.Corey: There are people who used to be able to write Sendmail configs without running through the M four preprocessor, and I don't understand those people either.Liz: [laugh]. So, our choices are—well, it has to be a language that can be compiled into that bytecode, and at the moment, there are two options: C, and more recently, Rust. So, the C code, I'm much more familiar with writing BPF code in C, it's slightly limited. So, because these BPF programs have to be safe to run, they go through a verification process which checks that you're not going to crash the kernel, that you're not going to end up in some hardware loop, and basically make your machine completely unresponsive, we also have to know that BPF programs, you know, they'll only access memory that they're supposed to and that they can't mess up other processes. So, there's this BPF verification step that checks for example that you always check that a pointer isn't nil before you dereference it.And if you try and use a pointer in your C code, it might compile perfectly, but when you come to load it into the kernel, it gets rejected because you forgot to check that it was non-null before.Corey: You try and run it, the whole thing segfaults, you see the word ‘fault' there and well, I guess blameless just went out the window there.Liz: [laugh]. Well, this is the thing: You cannot segfault in the kernel, you know, or at least that's a bad [day 00:19:11]. [laugh].Corey: You say that, but I'm very bad with computers, let's be clear here. There's always a way to misuse things horribly enough.Liz: It's a challenge. It's pretty easy to segfault if you're writing a kernel module. But maybe we should put that out as a challenge for the listener, to try to write something that crashes the kernel from within an eBPF because there's a lot of very smart people.Corey: Right now the blood just drained from anyone who's listening, in the kernel space or the InfoSec space, I imagine.Liz: Exactly. Some of my colleagues at Isovalent are thinking, “Oh, no. What's she brought on here?” [laugh].Corey: What have you done? Please correct me if I'm misunderstanding this. So, eBPF is a very low-level tool that requires certain amounts of braining in order [laugh] to use appropriately. That can be a heavy lift for a lot of us who don't live in those spaces. Cilium distills this down into something that is all a lot more usable and understandable for folks, and then beyond that, you wind up with Isovalent, that winds up effectively productizing and packaging this into something that becomes a lot more closer to turnkey. Is that directionally accurate?Liz: Yes, I would say that's true. And there are also some other intermediate steps, like the CLI tools that Brendan Gregg did, where you can—I mean, a CLI is still fairly low-level, but it's not as low-level as writing the eBPF code yourself. And you can be quite in-dep—you know, if you know what things you want to observe in the kernel, you don't necessarily have to know how to write the eBPF code to do it, but if you've got these fairly low-level tools to do it. You're absolutely right that very few people will need to write their own… BPF code to run in the kernel.Corey: Let's move below the surface level of awareness; the same way that most of us don't need to know how to compile our own kernel in this day and age.Liz: Exactly.Corey: A few people very much do, but because of their hard work, the rest of us do not.Liz: Exactly. And for most of us, we just take the kernel for granted. You know, most people writing applications, it doesn't really matter if—they're just using abstractions that do things like open files for them, or create network connections, or write messages to the screen, you don't need to know exactly how that's accomplished through the kernel. Unless you want to get into the details of how to observe it with eBPF or something like that.Corey: I'm much happier not knowing some of the details. I did a deep dive once into Linux system kernel internals, based on an incredibly well-written but also obnoxiously slash suspiciously thick O'Reilly book, Linux Systems Internalsand it was one of those, like, halfway through, “Can I please be excused? My brain is full.” It's one of those things that I don't use most of it on a day-to-day basis, but it's solidified by understanding of what the computer is actually doing in a way that I will always be grateful for.Liz: Mmm, and there are tens of millions of lines of code in the Linux kernel, so anyone who can internalize any of that is basically a superhero. [laugh].Corey: I have nothing but respect for people who can pull that off.Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured and fully managed with built in access via key-value, SQL, and full-text search. Flexible JSON documents aligned to your applications and workloads. Build faster with blazing fast in-memory performance and automated replication and scaling while reducing cost. Capella has the best price performance of any fully managed document database. Visit couchbase.com/screaminginthecloud to try Capella today for free and be up and running in three minutes with no credit card required. Couchbase Capella: make your data sing.In your day job, quote-unquote—which is sort of a weird thing to say, given that you are working at an open-source company; in fact, you are the Chief Open Source Officer, so what you're doing in the community, what you're exploring on the open-source project side of things, it is all interrelated. I tend to have trouble myself figuring out where my job starts and stops most weeks; I'm sympathetic to it. What inspired you folks to launch a company that is, “Ah, we're going to be in the open-source space?” Especially during a time when there's been a lot of pushback, in some respects, about the evolution of open-source and the rise of large cloud providers, where is open-source a viable strategy or a tactic to get to an outcome that is pleasing for all parties?Liz: Mmm. So, I wasn't there at the beginning, for the Isovalent journey, and Cilium has been around for five or six years, now, at this point. I very strongly believe in open-source as an effective way of developing technology—good technology—and getting really good feedback and, kind of, optimizing the speed at which you can innovate. But I think it's very important that businesses don't think—if you're giving away your code, you cannot also sell your code; you have to have some other thing that adds value. Maybe that's some extra code, like in the Isovalent example, the enterprise-related enhancements that we have that aren't part of the open-source distribution.There's plenty of other ways that people can add value to open-source. They can do training, they can do managed services, there's all sorts of different—support was the classic example. But I think it's extremely important that businesses don't just expect that I can write a bunch of open-source code, and somehow magically, through building up a whole load of users, I will find a way to monetize that.Corey: A bunch of nerds will build my product for me on nights and weekends. Yeah, that's a bit of an outmoded way of thinking about these things.Liz: Yeah exactly. And I think it's not like everybody has perfect ability to predict the future and you might start a business—Corey: And I have a lot of sympathy for companies who originally started with the idea of, “Well, we are the project leads. We know this code the best, therefore we are the best people in the world to run this as a service.” The rise of the hyperscale cloud providers has called that into significant question. And I feel for them because it's difficult to completely pivot your business model when you're already a publicly-traded company. That's a very fraught and challenging thing to do. It means that you're left with a bunch of options, none of them great.Cilium as a project is not that old, neither is Isovalent, but it's new enough in the iterative process, that you were able to avoid that particular pitfall. Instead, you're looking at some level of making this understandable and useful to humans, almost the point where it disappears from their level of awareness that they need to think about. There's huge value in something like that. Do you think that there is a future in which projects and companies built upon projects that follow this model are similarly going to be having challenges with hyperscale cloud providers, or other emergent threats to the ecosystem—sorry, ‘threat' is an unfair and unkind word here—but changes to the ecosystem, as we see the world evolving in ways that most of us did not foresee?Liz: Yeah, we've certainly seen some examples in the last year or two, I guess, of companies that maybe didn't anticipate, and who necessarily has a crystal ball to anticipate how cloud providers might use their software? And I think in some cases, the cloud providers has not always been the most generous or most community-minded in their approach to how they've done that. But I think for a company, like Isovalent, our strong point is talent. It would be extremely rare to find the level of expertise in, you know, what is a pretty specialized area. You know, the people at Isovalent who are working on Cilium are also working on eBPF itself, and that level of expertise is, I think, pretty unrivaled.So, we're in such a new space with eBPF, we've only in the last year or so, got to the point where pretty much everyone is running a kernel that's new enough to use eBPF. Startups do have a kind of agility that I think gives them an advantage, which I hope we'll be able to capitalize on. I think sometimes when businesses get upset about their code being used, they probably could have anticipated it. You know, if it's open-source, people will use your software, and you have to think of that.Corey: “What do you mean you're using the thing we gave away for free and you're not paying us to use it?”Liz: Yeah.Corey: “Uh, did you hear what you just said?” Some of this was predictable, let's be fair.Liz: Yeah, and I think you really have to, as a responsible business, think about, well, what does happen if they use all the open-source code? You know, is that a problem? And as far as we're concerned, everybody using Cilium is a fantastic… thing. We fully welcome everyone using Cilium as their data plane because the vast majority of them would use that open-source code, and that would be great, but there will be people who need that extra features and the expertise that I think we're in a unique position to provide. So, I joined Isovalent just about a year ago, and I did that because I believe in the technology, I believe in the company, I believe in, you know, the foundations that it has in open-source.It's a very much an open-source first organization, which I love, and that resonates with me and how I think we can be successful. So, you know, I don't have that crystal ball. I hope I'm right, we'll find out. We should do this again, you know, a couple of years and see how that's panning out. [laugh].Corey: I'll book out the date now.Liz: [laugh].Corey: Looking back at our conversation just now, you talked about open-source, and business strategy and how that's going to be evolving. We talked about the company, we talked about an incredibly in-depth, technical product that honestly goes significantly beyond my current level of technical awareness. And at no point in any of those aspects of the conversation did you talk about it in a way that I did not understand, nor did you come off in any way as condescending. In fact, you wrote an O'Reilly book on Container Security that's written very much the same way. How did you learn to do that? Because it is, frankly, an incredibly rare skill.Liz: Oh, thank you. Yeah, I think I have never been a fan of jargon. I've never liked it when people use a complicated acronym, or really early days in my career, there was a bit of a running joke about how everything was TLAs. And you think, well, I understand why we use an acronym to shorten things, but I don't think we need to assume that everybody knows what everything stands for. Why can't we explain things in simple language? Why can't we just use ordinary terms?And I found that really resonates. You know, if I'm doing a presentation or if I'm writing something, using straightforward language and explaining things, making sure that people understand the, kind of, fundamentals that I'm going to build my explanation on. I just think that has a—it results in people understanding, and that's my whole point. I'm not trying to explain something to—you know, my goal is that they understand it, not that they've been blown away by some kind of magic. I want them to go away going, “Ah, now I understand how this bit fits with that bit,” or, “How this works.” You know?Corey: The reason I bring it up is that it's an incredibly undervalued skill because when people see it, they don't often recognize it for what it is. Because when people don't have that skill—which is common—people just write it off as oh, that person's a bad communicator. Which I think is a little unfair. Being able to explain complex things simply is one of the most valuable yet undervalued skills that I've found in this entire space.Liz: Yeah, I think people sometimes have this sort of wrong idea that vocabulary and complicated terms are somehow inherently smarter. And if you use complicated words, you sound smarter. And I just don't think that's accessible, and I don't think it's true. And sometimes I find myself listening to someone, and they're using complicated terms or analogies that are really obscure, and I'm thinking, but could you explain that to me in words of one syllable? I don't think you could. I think you're… hiding—not you [laugh]. You know, people—Corey: Yeah. No, no, that's fair. I'll take the accusation as [unintelligible 00:31:24] as I can get it.Liz: [laugh]. But I think people hide behind complex words because they don't really understand them sometimes. And yeah, I would rather people understood what I'm saying.Corey: To me—I've done it through conference talks, but the way I generally learn things is by building something with them. But the way I really learn to understand something is I give a conference talk on it because, okay, great. I can now explain Git—which was one of my early technical talks—to folks who built Git. Great. Now, how about I explain it to someone who is not immersed in the space whatsoever? And if I can make it that accessible, great, then I've succeeded. It's a lot harder than it looks.Liz: Yeah, exactly. And one of the reasons why I enjoy building a talk is because I know I've got a pretty good understanding of this, but by the time I've got this talk nailed, I will know this. I might have forgotten it in six months time, you know, but [laugh] while I'm giving that talk, I will have a really good understanding of that because the way I want to put together a talk, I don't want to put anything in a talk that I don't feel I could explain. And that means I have to understand how it works.Corey: It's funny, this whole don't give talks about things you don't understand seems like there's really a nouveau concept, but here we are, we're [working on it 00:32:40].Liz: I mean, I have committed to doing talks that I don't fully understand, knowing that—you know, with the confidence that I can find out between now and the [crosstalk 00:32:48]—Corey: I believe that's called a forcing function.Liz: Yes. [laugh].Corey: It's one of those very high-risk stories, like, “Either I'm going to learn this in the next three months, or else I am going to have some serious egg on my face.”Liz: Yeah, exactly, definitely a forcing function. [laugh].Corey: I really want to thank you for taking so much time to speak with me today. If people want to learn more, where can they find you?Liz: So, I am online pretty much everywhere as lizrice, and I am on Twitter. I'm on GitHub. And if you want to come and hang out, I am on the Cilium and eBPF Slack, and also the CNCF Slack. Yeah. So, come say hello.Corey: There. We will put links to all of that in the [show notes 00:33:28]. Thank you so much for your time. I appreciate it.Liz: Pleasure.Corey: Liz Rice, Chief Open Source Officer at Isovalent. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment containing an eBPF program that on every packet fires off a Lambda function. Yes, it will be extortionately expensive; almost half as much money as a Managed NAT Gateway.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

amazon death google service startups networking cloud ip pok rust powerpoint screaming aws linux github co chair vod devops acronyms dns hubble s3 sql joking git kubernetes amazonian lambda voip microsoft word step one capella infosec packet zwift cli vms step two cni bgp aws lambda guis cncf kubecon ebpf corey quinn sysdig bpf alibaba cloud minio container security cilium gke liz rice tlas isovalent duckbill group dtrace kubecon cloudnativecon sendmail chief cloud economist last week in aws humblepod corey is

Liz Rice on Programming the Linux Kernel with eBPF, Cilium and Service Meshes

The InfoQ Podcast

Play Episode Listen Later Jan 31, 2022 35:52

Charles Humble and Liz Rice discuss eBPF, a way of making the Linux kernel programmable. They talk about why it exists, how it works under the hood, and what you can and can't do with it. They also talk about Cilium, an open source library for observing network connectivity between container workloads, and the new Cilium-based service mesh currently in beta. Read a transcript of this interview: https://bit.ly/3rTPKwi Subscribe to our newsletters: - The InfoQ weekly newsletter: www.infoq.com/news/InfoQ-Newsletter/ - The Software Architects' Newsletter [monthly]: www.infoq.com/software-architects-newsletter/ Upcoming Virtual Events - events.infoq.com/ QCon London: https://qconlondon.com/ - April 4-6, 2022 / London, UK QCon Plus: https://plus.qconferences.com/ - May 10-20, 2022 - Nov 29 - Dec 9, 2022 QCon San Francisco https://qconsf.com/ - Oct 24-28, 2022 InfoQ Live: https://live.infoq.com/ - Feb 22, 2022 - June 21, 2022 - July 19, 2022 - August 23, 2022 Follow InfoQ: - Twitter: twitter.com/infoq - LinkedIn: www.linkedin.com/company/infoq/ - Facebook: www.facebook.com/InfoQdotcom/ - Instagram: @infoqdotcom - Youtube: www.youtube.com/infoq

service newsletter programming linux linux kernel ebpf meshes infoq cilium liz rice

Ep.107, A look into the future

The Secure Developer

Play Episode Listen Later Jan 11, 2022 34:42

Today we have a fun episode lined up for you! Over the last year of 2021, we've been honored to have some incredibly smart people on the show to share their views and practices in the DevSecCon space with us all. And in each episode, they were asked a slightly open-ended question: if you took out your crystal ball and you thought about someone sitting in your position or your type of role in five years' time, what would be most different about their reality? For this special installment, we've put together some highlights of these brilliant answers! Hear perspectives that cover everything from changes on the data, AI, and ML front to the idea of ownership when it comes to security. We also touch on the increased fragmentation in the DevOps scene that we're going to need to work with, bigger picture concerns about how regulation might be different in five years, and some final optimistic predictions on ways we could all be in a much better place! We hear some golden nuggets from the likes of Robert wood from CMS, cybersecurity influencer Ashish Rajan, Liz Rice from eBPF pioneers Isovalent, our very own Simon Maple who weighs in with his concrete expectations of what will happen, Dev Akhawe, Daniel Bryant, Rinki Sethi, and so many more! So to hear what these top industry professionals have to say about the future, join us today!

ai automation ml cms devops application security ebpf security culture liz rice isovalent daniel bryant ashish rajan

Gerhard at KubeCon NA 2021: Part 2

Ship It! DevOps, Infra, Cloud Native

Play Episode Listen Later Nov 3, 2021 86:45 Transcription Available

In the second set of interviews from KubeCon North America 2021, Gerhard and Liz Rice talk about eBPF superpowers - Cilium + Hubble - and what's it like to work with Duffie Cooley. Jared Watts shares the story behind Crossplane reaching incubating status, and Dan Mangum tells us what it was like to be at this KubeCon in person. Dan's new COO role (read Click Ops Officer) comes up. David Ansari from VMware speaks about his first KubeCon experience both as an attendee and as a speaker. The RabbitMQ Deep Dive talk that he gave will be a nice surprise if you watch it - link in the show notes. Dan Lorenc brings his unique perspective on supply chain security, and tells us about the new company that he co-founded, Chainguard. How to secure container images gets covered, as well as one of the easter eggs that Scott Nichols put in chainguard.dev.

operations cloud coo infrastructure devops vmware kubernetes gerhard sre devsecops cloud native cncf changelog kubecon ebpf liz rice chainguard crossplane scott nichols dan lorenc kubecon north america kubecon na jared watts

Gerhard at KubeCon NA 2021: Part 2 (Ship It! #26)

Maestría tu Vida con Meditación

Play Episode Listen Later Nov 3, 2021 86:45 Transcription Available

operations cloud coo ship infrastructure devops vmware kubernetes gerhard sre devsecops cloud native cncf changelog kubecon ebpf liz rice chainguard crossplane scott nichols dan lorenc kubecon north america kubecon na jared watts

Ep. #103 - Containers, Processes, and the Future of Security with Liz Rice

The Secure Developer

Play Episode Listen Later Oct 19, 2021 45:29

Welcome to another episode of the Secure Developer! During today's conversation, Guy Podjarny, founder of Snyk, speaks with Liz Rice, Chief Open-Source Officer with eBPF pioneers Isovalent, where she works on the Cilium project, which provides cloud native networking, observability and security. They touch on plenty of current and relevant topics, with a focus on eBPF and the CNCF and its role in security. You'll hear all about her role and her journey into the world of cyber security, and what it was like to transition into the sometimes intimidating world of security. We touch on why containers are essentially just processes, and Liz gives us an introduction to eBPF, how it benefits security, and the renaissance it is currently experiencing. Liz tells us all about her work at CNCF and the Technical Oversight Committee, and how it is building much of the foundation for cloud native computing. Join us today to hear all this and more!

security processes containers snyk cncf ebpf cilium liz rice isovalent

S3 Ep. 3 Maestra de Reiki Liz Rice

Play Episode Listen Later Oct 4, 2021 15:58

En este episodio, entrevisto a mi maestra Liz Rice, Maestra de Reiki. Ella es una luz tan brillante y tan alegre. Ella explica qué es Reiki y cómo podemos aprender a liberar viejos programas atascados que nos impiden cambiar. Hay muchos bloqueos causados por traumas pasados que debemos estar dispuestos a liberar con una intención honesta y fe en que tenemos el poder de curarnos a nosotros mismos. Aquí está su información y recomiendo sus servicios. También soy practicante de Reiki e incluiré mi sitio web si desea una sesión. Ofrezco sesiones de meditación de atención plena y sesiones de Reiki con cita previa. Para encontrarla en el internet aqui esta su pagina de web: https://lizricereiki.wordpress.com/ Aqui esta el mio: https://reikimeastriatuvida.com --- Support this podcast: https://anchor.fm/maria-castro05/support

tambi reiki maestra ofrezco liz rice

S3 Ep. 3 Reiki Master Liz Rice

Maestría tu Vida con Meditación

Play Episode Listen Later Oct 4, 2021 27:13

In this episode, I interview my teacher Liz Rice, Reiki Master. She is such a bright light and so joyous. She explains what Reiki is and how we can learn to release stuck old programs that keep us from changing. There are many blockages that are caused from past traumas that we need to be willing to release with an honest intention and faith that we have the power to heal ourselves. Here is her information and I highly recommend her services. I am also a Reiki practitioner and I will include my website if you would like a session. I offer mindfulness meditation sessions and Reiki sessions by appointment. Liz Rice can be found here: https://lizricereiki.wordpress.com/ My website is: https://reikimaestriatuvida.com/ --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/maria-castro05/support

reiki reiki masters liz rice

EP12: Exploring eBPF Cloud Native Security

DSO Overflow

Play Episode Listen Later Jun 19, 2021 35:14 Transcription Available

Extended Berkeley Packet Filter (eBPF) allows us to tap into the kernel to implement monitoring, observability, networking, and security. In this episode, we invited Chris Kranz and Liz Rice to discuss the usage and adoption of eBPF within Cloud Native solutions.Referenceshttp://www.brendangregg.com/https://nathanleclaire.com/https://github.com/iovisor/bpftracehttps://ebpf.io/what-is-ebpfhttps://github.com/lizrice/ebpf-beginnerseBPF for Windows: https://www.youtube.com/watch?v=LrrV-eo6fugCommunity: http://slack.cilium.io/eBPF Summit 2021https://ebpf.io/summit-2021/Please visit our YouTube Channel to see Chris present in our June 2021 Gathering (monthly meet-up).Guest SpeakersChris KranzChris supports the Sales Engineering team in EMEA at Sysdig, helping make cloud native easier and more secure for Sysdig customers. Before joining Sysdig, he spent time building microservices and cloud applications with various end users, and before that lived a life of cloud, virtualisation and storage!https://www.linkedin.com/in/ckranz/@ckranzLiz RiceLiz is focused on containers, cloud native technologies, security and distributed systems, and heavily involved in open source as the chair the Technical Oversight Committee of the Cloud Native Computing Foundation (CNCF), and an ambassador for OpenUK.https://www.linkedin.com/in/lizrice/@lizriceYour HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

security windows emea cloud native sales engineering ebpf sysdig liz rice glenn wilson cloud native security open uk

Container Security • Liz Rice & Eoin Woods

GOTO - Today, Tomorrow and the Future

Play Episode Listen Later Mar 26, 2021 29:15 Transcription Available

This interview was recorded for the GOTO Book Club.http://gotopia.tech/bookclubLiz Rice - Author of "Container Security"Eoin Woods - CTO of EndavaDESCRIPTIONWhat should you do to secure your containers?Liz Rice, author of the book Container Security: Fundamental Technology Concepts that Protect Containerized Applications & VP of open source engineering at Aqua Security, and Eoin Woods, CTO at Endava, explore what containers are, what are the implications of a shared kernel and how to assess potential security risks that could affect your deployments. Learn best practices and understand how containers work in this Book Club interview.The interview is based on Liz's book "Container Security": https://amzn.to/3oU4iJeRead the full transcription of the interview here:https://gotopia.tech/bookclub/episodes/secure-your-containers-liz-riceRECOMMENDED BOOKSLiz Rice • Container Security • https://amzn.to/3oU4iJeLiz Rice • Kubernetes Security • https://www.oreilly.com/library/view/kubernetes-security/9781492039075https://twitter.com/GOTOconhttps://www.linkedin.com/company/goto-https://www.facebook.com/GOTOConferencesLooking for a unique learning experience?Attend the next GOTO conference near you! Get your ticket at https://gotopia.techSUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted almost daily.https://www.youtube.com/GotoConferences

security cto programming book club devops containers kubernetes eoin kernel devsecops cncf k8s container security aqua security liz rice endava docker security

Replicated, with Grant Miller

Kubernetes Podcast from Google

Play Episode Listen Later Mar 24, 2021 48:06

Grant Miller is the co-founder and CEO of Replicated, which helps operationalize and scale the delivery of Kubernetes-based apps into the enterprise. We look at what it means to be enterprise software in a SaaS world, and we also get some 2021 predictions from guest host Liz Rice. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 19, with Liz Rice Episode 133, with Thomas Graf Cilium talk at DockerCon 2017 Liz’s 2021 predictions from KubeCon NA (Virtual) 2020 Cheese exports are down Autonomous driving levels Prince Harry joins a startup Nick Clegg joins Facebook News of the week SoloCon announcements Mesh7 to be acquired by VMware GKE adds runtime configuration of pod subnets and larger Internal Load Balancer support Amazon reduces EKS cluster create time from “glacial” to “slow” NetApp launches Spot Wave CircleCI Server 3.0 Diamanti Spektra 3.2 Sonatype launches Nexus Container Davanum Srinivas elected to the CNCF TOC “Unironically Using Kubernetes for my Personal Blog” Links from the interview SparkPeople Marc Campbell look.io acquired by LivePerson Replicated Open source from Replicated kurl KOTS Troubleshoot SchemaHero Donated to the CNCF EnterpriseReady and the EnterpriseReady Podcast Kubelist and the Kubelist Podcast Replicants, replicators and gremlins Grant Miller and Replicated on Twitter

ceo google saas containers kubernetes community management cloud native netapp eks k8s replicated istio personal blog grant miller liz rice

Kubicast #54 - Segurança além da análise estática

Getup Kubicast

Play Episode Listen Later Feb 12, 2021 36:10

O Kubicast estreia a sua 4a temporada trazendo a Carol Valencia da Aqua Container Security para falar de um assunto que, vira e mexe, visita o nosso podcast: a Segurança em Containers e Kubernetes. Considerar a análise dinâmica do container de fato é core para a segurança do negócio e um caminho para romper a bolha que nos cerca apenas de desafios básicos de proteção dos ambientes conteinerizados. Além da Liz Rice, a Carol é uma referência em DevSecOps. Vale ouvir o que ela tem para dizer! Alguns links que citamos neste episódio:Análise dinâmica e descobertas de malwares com técnicas avançadas:Fileless: https://blog.aquasec.com/fileless-malware-container-securityEntrypoint: https://blog.aquasec.com/container-vulnerability-dzmlt-dynamic-container-analysisStarboard — Instalado como operator vai auditar automaticamente o ambiente kubernetes: https://blog.aquasec.com/automating-configuration-auditing-starboard-operatorTracee: Investigação forense em seu container usando eBPF: https://blog.aquasec.com/ebpf-container-tracing-malware-detectionRECOMENDAÇÕES do episódio: Carol: O Tradutor e O Preço da Verdade - Dark WatersJoão: Westworld e Green BookO Kubicast é apresentado por João Brito, CTO da Getup, a única especialista brasileira 100% focada em Kubernetes. #Kubernetes #DevSecOps #SRE #docker #Containers

cto get up westworld alguns seguran containers brito kubernetes o pre considerar devsecops ebpf liz rice fileless

Conteneurs et sécurité avec Liz Rice

Electro Monkeys

Play Episode Listen Later Jan 12, 2021 53:57

Container Security est un livre écrit par Liz Rice et paru aux éditions O'Reilly en avril 2020. Je l'attendais avec impatience, et je l'ai dévoré dès sa sortie. Il est bourré d'informations utiles. Après un rappel des rudiments de Linux, tous ce qu'il y a à connaître sur la sécurité des conteneurs y est abordé, de l'isolation, au cycle de vie des images jusqu'à la gestion des secrets.En bon podcaster, je me suis tout de suite jeté sur Twitter en espérant trouver dans mon réseau quelqu'un pour parler de la sécurité des conteneurs et des différents aspects que j'avais pu découvrir au travers de ce livre. Il se trouve que c'est Liz elle-même qui m'a répondu, et a accepté sans hésiter d'être mon invitée, même si elle ne se sentait pas totalement en confiance avec son français. Et je tiens d'ailleurs à la remercier très chaleureusement d'avoir fait cet effort, car nous avons bien plus souvent l'occasion de voir des français répondre à des interviews en anglais, que l'inverse. D'ailleurs, c'est son tout premier podcast francophone.A-t-on encore besoin de présenter Liz Rice ? Liz est VP Open Source Engineering chez Aqua Security, mais elle est également Présidente du Comité de Contrôle Technique à la CNCF, et j'imagine que beaucoup d'entre vous ont déjà eu l'occasion de la croiser dans une KubeCon ou une autre. Ensemble nous discutons de la sécurité des conteneurs, en prenant comme point de départ le livre qu'elle vient de publier.Notes de l'épisodeAqua Starboard https://github.com/aquasecurity/starboardSupport the show (https://www.patreon.com/electromonkeys)

pr technique ensemble linux comit contr cncf kubecon container security aqua security liz rice

Securing Kubernetes: The Paranoid Guide

The DevOps FAUNCast

Play Episode Listen Later Oct 23, 2020 12:38

This episode is sponsored by The Chief I/O, an online publication where you can read and share stories about cloud native, DevOps, Kubernetes, AIOps, and many other topics. You can subscribe to The Chief I/O newsletter to receive our best stories and the latest cloud native news and trends twice a week. Visit thechief.io/newsletter. It's a sunny May afternoon in a Barcelona KubeCon. Liz Rice is on the stage discussing penetration testing in Kubernetes. She says that one of the reasons why you might want to do penetration testing is stories such as this. In 2018, Tesla left their Kubernetes Dashboard open to the internet. The Dashboard has cluster-admin privileges. They were hacked, and the end result was their system was used to run cryptocurrency mining malware. "The hackers had infiltrated Tesla's Kubernetes console, which was not password-protected," RedLock researchers wrote. "Within one Kubernetes pod, access credentials were exposed to Tesla's AWS environment, which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry." It was a big headline and one that prompted the larger Kubernetes industry to focus more on security. But why? How did one of the biggest tech companies in Silicon Valley got hacked? Is it simply a human issue? Or is there more to Security in Kubernetes? I'm your host Kassandra Russel, and today we are going to talk about Security in Kubernetes. We will examine the differences between securing a traditional environment and a container-based environment. Next, we will discuss industry standards and emerging thought patterns around security. And finally, we will go through some of the best security practices and general security advice for production workloads in Kubernetes. Before diving into all of this, we've been busy during the last weeks working on a new project. If you like this podcast, you will certainly like the new project, it's a surprise, we are going to talk more about it in the future. In the meantime, you can subscribe to the podcast announcement list, we will announce it soon. Back to the subject at hand, remember the two generals' problem from one of our previous episodes? It's a classic thought experiment exposing an unsolvable problem and demonstrating the design challenges of distributed systems and the pitfall of reaching consensus over a lossy network. If you are interested in knowing more about this, we recommend you listen to our 5th episode “The Ubiquity of Kubernetes”. --- Send in a voice message: https://anchor.fm/thedevopsfauncast/message Support this podcast: https://anchor.fm/thedevopsfauncast/support

guide security tesla silicon valley securing aws devops dashboard paranoid kubernetes ubiquity aiops liz rice redlock

#49 - Segurança na marra

Getup Kubicast

Play Episode Listen Later Oct 22, 2020 30:46

O episódio #49 do Kubicast traz de volta o tema “Segurança” para conversar com @João Freire, também conhecido como P0ssuidão pelos amigos do tempo de IRC. O João sabe que as ferramentas de segurança do Kubernetes não vêm por default, porém, como ele mesmo disse: “elas estão apenas lá esperando ser configurados”. Então, falamos sobre as boas práticas de segurança, como algumas regras simples podem impedir grandes problemas e como algumas outras podem criar problemas grandes e deixar seus colegas da empresa sem acesso a nada. Por falar em segurança, citamos o trabalho que a Liz Rice vem fazendo na área e comentamos sobre rodar container em modo privilegiado ou com Root. ===== RECOMENDAÇÕES do programa: João Freire: beba muita água nesses dias de calor! (Gravamos esse Kubicast durante aquela onda de calor que fez em setembro)/João Brito: Criando um Kubernetes interno (Spotify) Escritores da Liberdade (Netflix)/Container Security (e-book) e vídeos da Liz Rice. ===== Comentários, críticas e sugestões, escreva para @GetupCloud no Twitter usando a #Kubicast. ===== Ouça o #Kubicast no Spotify, Overcast, Itunes ou RadioPublic.===== Se você curte o #Kubicast, compartilhe o podcast em suas redes sociais. Até o próximo!

spotify root ent seguran ojo radiopublic coment kubernetes irc freire marra recomenda es gravamos liz rice

Episode 80: The Cloud Pod now with more Seoul

The Cloud Pod

Play Episode Listen Later Aug 9, 2020 72:50

Ian Mckay fills in for Jonathan on this week's double-stuffed episode of The Cloud Pod. A big thanks to this week's sponsor: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. Commvault is data-management done differently. It allows you to translate your virtual workloads to a cloud provider automatically, greatly simplifying the move to the cloud or your disaster recovery solution to the cloud. This week's highlights A string of attacks deletes, but does not leak, unsecured databases. Cloudfare's Matthew Prince plans to be the next top dog of data. Following the eight weeks of Next' 20 we'll get three weeks of Re:Invent. General: Cat Got Your Data? It's earnings season and revenues are up for Azure, but for whatever reason Azure isn't happy with it. Aqua Security announced Aqua Wave and Aqua Enterprise. Check out our interview with Liz Rice for more. The rash of automated

cloud seoul aws reinvent azure google cloud commvault aqua security liz rice cloudfare ian mckay cloud pod foghorn consulting

TCP Talks with Aqua Security's Liz Rice

The Cloud Pod

Play Episode Listen Later Jul 26, 2020 33:18

In this TCP Talks episode, Justin Brodley and Jonathan Baker chat with Liz Rice, VP of open source engineering for Aqua Security, which provides tools to secure cloud-native deployments. Liz describes Aqua’s evolution over the years: From a provider of container security to its acquisition of CloudSploit and its development of open-source security solutions. Most customers are using cloud native software, and Aqua wants to secure those workloads and engage that community. “As a business, we have to be where the discussions are. Having open-source tools that are genuinely useful gives us a good way to participate in that community,” Liz explains. In addition to her role at Aqua Security, she is the chair on the CloudNative Computing Foundation‘s (CNCF) Technical Oversight Committee. During the conversation, Liz gives an overview of how they handle projects. Key Takeaways Open source tools offer an entry point into communities. “As a business, we have to be there — we have to be where the discussions are. And having open source tools and solutions that are genuinely useful gives us a good way of participating in that community,” Liz says of the value of Aqua developing open-source tools. The company's Starboard toolkit for finding risks in Kubernetes workloads and environments is a recent example. Liz discusses Starboard's comparative advantage — it integrates existing Kubernetes tools, not just from Aqua but also from third-parties, into the Kubernetes experience. “You can run Trivy through Starboard and your results are right there next to the workload you’re interested in,” she says. Liz discusses CNCF's role with Kubernetes and beyond. “Google today contributes tons of time, energy, and engineering hours into Kubernetes. If tomorrow they were to decide they were going to walk away, Kubernetes still exists, and it would do so because of the CNCF and its participants,” she explains. Resources Here’s what was mentioned in the episode “

google open source aqua kubernetes cloud native cncf starboard jonathan baker aqua security liz rice

TCP Talks with Aqua Security's Liz Rice

TCP Talks

Play Episode Listen Later Jul 26, 2020 33:18

google open source prometheus aqua kubernetes envoy cloud native cncf starboard jonathan baker aqua security liz rice kubernetes api

Episode 200 - Talking Container Security with Liz Rice

Open Source Security Podcast

Play Episode Listen Later Jun 8, 2020 28:44

Josh and Kurt talk to Liz Rice from Aqua Security about container security and her new book on the same topic. What does container security look like today? What are some things you can do now? What will container security look like in the future? Show Notes Container Security download Pictures of elephants Kubernetes Security book Starboard project Dynamic threat analysis

pictures dynamic container aqua kubernetes starboard container security aqua security liz rice

Comparative Food Choices, FoodCultura - University of Chicago, Fall, 2019

Play Episode Listen Later May 31, 2020 39:06

Comparative Food Choices, FoodCultura - University of Chicago, Fall, 2019 Cleo Schoeplein and Liz Rice present their work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. There was a technical error in audio recording affecting its quality. It is posted to maintain the historical record of this event. The collaboration included Foodcultura: The Art and Anthropology of Cuisine, a team-taught course offered during the autumn of 2019 at the University of Chicago. The students, individually or in groups, proposed projects using approaches of anthropology and/or art and carried out extensive fieldwork using the city’s diverse alimentary and gustatory resources. Their final presentations took place during a marathon session in December at UChicago’s Gray Center for Arts and Inquiry. On January 25 four students presented their work to Chicago Foodways Roundtable. Three presentations centered on the theme of sugar: Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian; Alana Ferguson’s musings on cotton candy as an art form; and Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda. Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. Part 2 of A Taste of FoodCultura, on February 15, will feature Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. Liz Rice will present her work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. Finally, although the student group responsible is unable to attend, we will show The Camera Eats First, a slide presentation commenting on today’s Instagram culture. Recorded at Bethany Retirement Community on February 15, 2020

Chicago's Live Poultry Shops, FoodCultura - University of Chicago, Fall, 2019

Play Episode Listen Later May 31, 2020 40:57

Chicago's Live Poultry Shops, FoodCultura - University of Chicago, Fall, 2019 Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. There was a technical error in audio recording affecting its quality. It is posted to maintain the historical record of this event. The collaboration included Foodcultura: The Art and Anthropology of Cuisine, a team-taught course offered during the autumn of 2019 at the University of Chicago. The students, individually or in groups, proposed projects using approaches of anthropology and/or art and carried out extensive fieldwork using the city’s diverse alimentary and gustatory resources. Their final presentations took place during a marathon session in December at UChicago’s Gray Center for Arts and Inquiry. On January 25 four students presented their work to Chicago Foodways Roundtable. Three presentations centered on the theme of sugar: Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian; Alana Ferguson’s musings on cotton candy as an art form; and Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda. Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. Part 2 of A Taste of FoodCultura, on February 15, will feature Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. Liz Rice will present her work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. Finally, although the student group responsible is unable to attend, we will show The Camera Eats First, a slide presentation commenting on today’s Instagram culture. Recorded at Bethany Retirement Community on February 15, 2020

Day of the Dead - Día de Muertos, FoodCultura - University of Chicago, Fall, 2019

Play Episode Listen Later May 29, 2020 25:04

Día de Muertos - Day of the Dead, FoodCultura, Fall, 2019 Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda The collaboration included Foodcultura: The Art and Anthropology of Cuisine, a team-taught course offered during the autumn of 2019 at the University of Chicago. The students, individually or in groups, proposed projects using approaches of anthropology and/or art and carried out extensive fieldwork using the city’s diverse alimentary and gustatory resources. Their final presentations took place during a marathon session in December at UChicago’s Gray Center for Arts and Inquiry. On January 25 four students presented their work to Chicago Foodways Roundtable. Three presentations centered on the theme of sugar: Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian; Alana Ferguson’s musings on cotton candy as an art form; and Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda. Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. Part 2 of A Taste of FoodCultura, on February 15, will feature Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. Liz Rice will present her work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. Finally, although the student group responsible is unable to attend, we will show The Camera Eats First, a slide presentation commenting on today’s Instagram culture. Recorded at Bethany Retirement Community on January 25, 2020 www.CulinaryHistorians.org

Roeser's Bakery, FoodCultura - University of Chicago, Fall, 2019

university chicago fall arts dead taste brazilian anthropology dia de los muertos inquiry cuisine bakery bauhaus south shore uchicago sinh university of chicago liz rice albany park

Play Episode Listen Later May 29, 2020 22:51

Roeser's Bakery, FoodCultura - University of Chicago, Fall, 2019 Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian. The collaboration included Foodcultura: The Art and Anthropology of Cuisine, a team-taught course offered during the autumn of 2019 at the University of Chicago. The students, individually or in groups, proposed projects using approaches of anthropology and/or art and carried out extensive fieldwork using the city’s diverse alimentary and gustatory resources. Their final presentations took place during a marathon session in December at UChicago’s Gray Center for Arts and Inquiry. On January 25 four students presented their work to Chicago Foodways Roundtable. Three presentations centered on the theme of sugar: Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian; Alana Ferguson’s musings on cotton candy as an art form; and Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda. Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. Part 2 of A Taste of FoodCultura, on February 15, will feature Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. Liz Rice will present her work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. Finally, although the student group responsible is unable to attend, we will show The Camera Eats First, a slide presentation commenting on today’s Instagram culture. Recorded at Bethany Retirement Community on January 25, 2020 www.CulinaryHistorians.org

Cotton Candy, FoodCultura - University of Chicago, Fall, 2019

Play Episode Listen Later May 29, 2020 6:27

Cotton Candy as Art, FoodCultura, Fall, 2019 Alana Ferguson’s musings on cotton candy as an art form. The collaboration included Foodcultura: The Art and Anthropology of Cuisine, a team-taught course offered during the autumn of 2019 at the University of Chicago. The students, individually or in groups, proposed projects using approaches of anthropology and/or art and carried out extensive fieldwork using the city’s diverse alimentary and gustatory resources. Their final presentations took place during a marathon session in December at UChicago’s Gray Center for Arts and Inquiry. On January 25 four students presented their work to Chicago Foodways Roundtable. Three presentations centered on the theme of sugar: Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian; Alana Ferguson’s musings on cotton candy as an art form; and Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda. Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. Part 2 of A Taste of FoodCultura, on February 15, will feature Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. Liz Rice will present her work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. Finally, although the student group responsible is unable to attend, we will show The Camera Eats First, a slide presentation commenting on today’s Instagram culture. Recorded at Bethany Retirement Community on January 25, 2020 www.CulinaryHistorians.org

Public and Private Dining, FoodCultura - University of Chicago, Fall, 2019

navigating kubernetes hype cycle cncf kubecon aqua security liz rice kubecon cloudnativecon

Play Episode Listen Later May 29, 2020 23:52

Public and Private Dining Experiences, FoodCultura, Fall, 2019 Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. The collaboration included Foodcultura: The Art and Anthropology of Cuisine, a team-taught course offered during the autumn of 2019 at the University of Chicago. The students, individually or in groups, proposed projects using approaches of anthropology and/or art and carried out extensive fieldwork using the city’s diverse alimentary and gustatory resources. Their final presentations took place during a marathon session in December at UChicago’s Gray Center for Arts and Inquiry. On January 25 four students presented their work to Chicago Foodways Roundtable. Three presentations centered on the theme of sugar: Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian; Alana Ferguson’s musings on cotton candy as an art form; and Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda. Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. Part 2 of A Taste of FoodCultura, on February 15, will feature Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. Liz Rice will present her work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. Finally, although the student group responsible is unable to attend, we will show The Camera Eats First, a slide presentation commenting on today’s Instagram culture. Recorded at Bethany Retirement Community on January 25, 2020 www.CulinaryHistorians.org

Container and Kubernetes Security with Liz Rice of Aqua Security

DevOps and Docker Talk

Play Episode Listen Later May 21, 2020 66:28

I'm joined in a live Q&A with Liz Rice of Aqua Security talking about the state of container security and tools to help you understand and protect your workloads.

Navigating the Kubernetes Hype Cycle with Cornelia Davis, Weaveworks & Liz Rice, Aqua Security

The Art of Modern Ops

Play Episode Play 24 sec Highlight Listen Later Apr 23, 2020 31:37

Anyone who looks at the growth of Kubecon CloudNativeCon attendance over the past four years can recognize that Kubernetes is more than a passing fad. Instead, Kubernetes represents the way forward for companies to scale, go faster and be more competitive. Many question whether we've achieved ‘peak Kubecon'.Listen in as Cornelia Davis and Liz Rice discuss the current state of cloud native, its ecosystem of projects and how the CNCF can help you navigate the complexity of piecing together a Kubernetes solution that's right for your team.Most organizations find open source software appealing because of the choice it offers. However there are tradeoffs; an abundance of choice can also increase complexity. An ideal situation would consist of an integrated plug and play solution with open source standards and solutions. One of the most pressing questions is whether we'll see a more integrated solution for delivering Kubernetes in the enterprise versus a straight do yourself approach.

Episode 32: The Davidson Hang Podcast w/Elizabeth Rice (Enterprise Account Executive at Linkedin Learning)

Dreamweaver's Business and Career Coaching Podcast

Play Episode Listen Later Apr 15, 2020 30:37

We had a fun, light conversation with Liz Rice who closed over a million dollars in revenue for the year already in Linkedin Learning's AE Divison. I love and appreciate her positive energy and joy she brings to the workplace every day even virtual during these weird times. If you want to connect with her to say hi, reach out via https://www.linkedin.com/in/elizabethrice3/

learning hang enterprise davidson account executives liz rice elizabeth rice

EP11: Liz Rice - The Container Security Book

BeerSecOps

Play Episode Listen Later Apr 6, 2020 35:29

Liz Rice @lizrice, VP of Open Source Engineering at Aqua makes a second appearance on BeerSecOps with Steve Giguere @_SteveGiguere_of Aqua Security @aquasecteam to discuss her new book from O’Reilly, diving deep into Container Security.

aqua o'reilly container security aqua security liz rice

DtSR Episode 368 - Contain(er) Your Security

Down the Security Rabbithole Podcast

Play Episode Listen Later Oct 30, 2019 42:24

Welcome to another edition of the DtSR Podcast! This week Liz Rice joins us all the way from the (still) UK, and James is back too! What a treat... join us and read the show notes! Highlights from this week's episode include... Liz explains containers, security, and gives us a foundation Liz explains the fundamental stages of securing containers Liz explains the model of different types of containers and the things you need to worry about Rafal asks "where do you install the agent?" Guest Liz Rice - ( @LizRice ) - Liz Rice leads Aqua’s technology evangelism activities in the cloud-native ecosystem. She is an active member of the open source community, and an award-winning speaker known for her live-coding demos. She is currently co-chair of KubeCon & CloudNativeCon. Prior to getting immersed in containers she built up a wealth of software development, team, and product management experience working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP with companies including Skype, Last.fm and Metaswitch Networks. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, and competing in virtual races on Zwift. Find her on LinkedIn: https://www.linkedin.com/in/lizrice/

united kingdom security skype vod aqua voip zwift rafal liz rice kubecon cloudnativecon

EP02: Cloud Native and Open Source with Liz Rice

BeerSecOps

Play Episode Listen Later Oct 20, 2019 38:42

Steve Giguere, a DevSecOps engineer, sat down with Liz Rice, the VP of Open Source Engineering at Aqua and the chair of the CNCF’s Technical Oversight Committee, to discuss Open Source tools and Cloud Native subjects.

open source aqua devsecops cloud native cncf liz rice

Phil Estes & Liz Rice | Containers & Security

IBM Developer Podcast

Play Episode Listen Later Sep 16, 2019 24:21

Our guests Phil Estes (IBM) & Liz Rice (Aqua Security) take us on a journey through container technologies history and current landscape.

security ibm estes containers kubernetes cloud native oci cncf kubecon enterprise technology aqua security liz rice

LIVE from Gophercon UK (Go Time #97)

Play Episode Listen Later Sep 4, 2019 79:37 Transcription Available

LIVE from LondonGophers as part of GopherCon UK! Mat Ryer, and Mark Bates were joined by Liz Rice, Kat Zień, Gautam Rege to talk about the magic in Go’s standard library. Huge thanks to the organizers of LondonGophers and GopherCon UK for making this possible.

live development software architecture open source devops docker kubernetes go time golang liz rice gophercon mark bates mat ryer

33. GopherCon 2019 Spotlight, Part 2

Code[ish]

Play Episode Listen Later Sep 4, 2019

Aaron Schlesinger is the core maintainer on Athens, an open source on-prem module proxy. He walks through the history of packages and modules in Go, and introduces how Athens satisfies the needs of developers. Go modules allow you to serve up a Go project's dependencies via an API; Athens implements that API--and integrates with other implementations of the API as well--to simplify dependency management, no matter where the code is stored. Beyang Liu is the CTO and co-founder of Sourcegraph, a company that focuses on developer tools. They use Go to build high-performance code search, code intelligence, and jump to def functionality that works across repository boundaries and across entire code bases. Their role at GopherCon 2019 is to live blog all of the talks for interested parties who were not able to physically attend the conference. Liz Rice is a technology evangelist with Aqua Security. It's a container security company, and she came to GopherCon to teach a workshop that introduced people to the concepts behind containers. She also recently became a Google developer expert in Go, which certifies her as someone creating interesting content that the community can look towards for education and inspiration. Johnny Boursiquot is an SRE at Heroku, and a long time gopher. He gave the closing keynote at GopherCon, and his singular focus is on ensuring that the Go community is truly diverse and welcoming to new members. Every year, new developers attend GopherCon, and he wants to encourage veterans to embrace this growth as a positive change. He also provides a wealth of resources on listeners who are brand new to Go and eager to learn more about it. Links from this episode Athens Project is a proxy server for the Go modules download API Several resources for newcomers to Go include: A Tour of Go Go by Example Go Bridge workshops Aaron Schlesinger's talk, "The Athens Project" Johnny Boursiquot's closing keynote, "What Got Us Here, Won't Get Us There"

google tour athens cto won api sre heroku aqua security liz rice gophercon aaron schlesinger

LIVE from Gophercon UK

Play Episode Listen Later Sep 4, 2019 79:37 Transcription Available

live development software architecture open source devops docker kubernetes golang liz rice gophercon mark bates mat ryer

LIVE from Gophercon UK

Play Episode Listen Later Sep 4, 2019 79:37

live development software architecture open source devops docker kubernetes golang liz rice gophercon mark bates mat ryer

A Conversation with Liz Rice of Aqua Security

conversations voices devops jon collins aqua security liz rice

Play Episode Listen Later Aug 12, 2019 34:40

Jon Collins speaks with Liz Rice on the use of DevOps in building Security Platforms. Voices in DevOps – Episode 10: A Conversation with Liz Rice of Aqua Security

A Conversation with Liz Rice of Aqua Security

conversations voices devops jon collins aqua security liz rice

Play Episode Listen Later Aug 12, 2019 34:40

Jon Collins speaks with Liz Rice on the use of DevOps in building Security Platforms. Voices in DevOps – Episode 10: A Conversation with Liz Rice of Aqua Security

A Conversation with Liz Rice of Aqua Security

conversations voices devops jon collins aqua security liz rice

Play Episode Listen Later Aug 12, 2019 34:40

Jon Collins speaks with Liz Rice on the use of DevOps in building Security Platforms. Voices in DevOps – Episode 10: A Conversation with Liz Rice of Aqua Security

A Conversation with Liz Rice of Aqua Security

conversations voices devops jon collins aqua security liz rice

Play Episode Listen Later Aug 12, 2019 34:40

Jon Collins speaks with Liz Rice on the use of DevOps in building Security Platforms. Voices in DevOps – Episode 10: A Conversation with Liz Rice of Aqua Security

Attacking and Defending Kubernetes, with Ian Coldwater

Kubernetes Podcast from Google

Play Episode Listen Later Aug 6, 2019 43:19

Ian Coldwater specializes in breaking and hardening Kubernetes, containers, and cloud native infrastructure. A pre-eminent voice in the Kubernetes security community, they are currently a Lead Platform Security Engineer at Heroku. Ian joins Adam and Craig to talk about the offensive and defensive arts. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Black Hat USA DEFCON Scavenger hunts An example of Spot the Fed An example of the Mystery Challenge News of the week Mesosphere becomes D2iQ Google Cloud launches Migrate for Anthos in Beta Google Cloud Game Servers coming soon Episode 26: Agones, with Mark Mandel and Cyril Tovena Announcing Kubernetes Summits in Seoul and Sydney Security updates of the week CVE-2019-11247: API server allows access to custom resources via wrong scope CVE-2019-11249: kubectl cp (round 3!) IBM and Red Hat: OpenShift on IBM Cloud OpenShift coming to Z Series and LinuxONE Cloud Paks and services Cisco Container Platform now supports Microsoft AKS Helm deployments at the Kubedex How Kubernetes can be used for genetic analysis by Mu Huan and Eric Li Alibaba Cloud Announcing CloudBees Jenkins X Distribution Episode 44, Continuous Delivery Foundation, with Tracy Miranda TiDB Operator now Generally Available Links from the interview Red teams and penetration testing Fuzzing Attacking Helm’s Tiller Black-box and white-box testing DevSecOps: guard rails, not gates OWASP - the Open Web Application Security Project The math behind calculating security risk CVSS score etcd: encrypt it at rest! Admission control Technologies for isolation: AppArmor Seccomp gVisor Firecracker (not yet supported with Kubernetes) “Kubernetes is powerful, and it’s insecure by design” Ian and Duffie Cooley’s BlackHat talk Cloud doesn’t make it better! Threat modelling hostpath - “a powerful escape hatch” Trail of Bits blog: understanding Docker container escapes Recommended watching: Ship of Fools by Ian Coldwater (slides) Hacking and Hardening Kubernetes by Example by Brad Geesaman (slides) A Hackers Guide to Kubernetes and the Cloud by Rory McCune (and his upcoming Black Hat training) DIY Pen Testing for your Kubernetes Cluster by Liz Rice (our guest on episode 19) Ian Coldwater on Twitter

google threats spot cloud trail ibm ship defending hacking fools api bits seoul attacking containers docker kubernetes coldwater black hat community management migrate cloud native heroku k8s istio anthos red hat openshift liz rice continuous delivery foundation mark mandel agones

Liz Rice On Technology & Culture Of The Cloud Native World

TFIR: Open Source & Emerging Technologies

Play Episode Listen Later Aug 2, 2019 10:25

Liz Rice, VP of Open Source Engineering at Aqua Security sat down with Swapnil Bhartiya at KubeCon and CloudNativeCon, Barcelona, to talk about a wide range of topics. Here is the timestamp of topics we discussed. 00:02:31 How diverse and inclusive is the Cloud Native community? 00:03:51 What are the benefits of having a diverse community? 00:05:38 What kind of challenges are there for the Technical Oversight Committee? 00:06:51 Tell us a bit about new SIGs (Special Interest Group) 00:06:56 Are there any new initiatives around SIG? 00:08:14 Zero trust security in the Cloud Native world and where does GitLab fit into the picture

culture technology barcelona sig gitlab cloud native kubecon aqua security liz rice

Kubernetes Security with Liz Rice

Cloud Engineering – Software Engineering Daily

Play Episode Listen Later Feb 14, 2019 54:36

A Kubernetes cluster presents multiple potential attack surfaces: the cluster itself, a node running on the cluster, a pod running in the node, a container running in a pod. If you are managing your own Kubernetes cluster, you need to be aware of the security settings on your etcd, your API server, and your container The post Kubernetes Security with Liz Rice appeared first on Software Engineering Daily.

security api kubernetes liz rice software engineering daily

2019-003-Liz Rice, creating processes to shift security farther left in DevOps

Brakeing Down Security Podcast

Play Episode Listen Later Jan 27, 2019 63:34

BIO: Liz Rice is the Technology Evangelist with container security specialists Aqua Security, where she also works on container-related open source projects including kube-hunter and kube-bench. She was Co-Chair of the CNCF’s KubeCon + CloudNativeCon 2018 events in Copenhagen, Shanghai and Seattle, and co-author of the O’Reilly Kubernetes Security book. She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not building startups and writing code, Liz loves riding bikes in places with better weather than her native London. Liz Rice (@lizrice on Twitter) https://www.lizrice.com/ https://medium.com/@lizrice/non-privileged-containers-based-on-the-scratch-image-a80105d6d341 https://www.forbes.com/sites/adrianbridgwater/2018/07/23/shift-happens-why-your-software-needs-to-shift-left/#41aac6047f8c https://www.cloudops.com/2018/10/takeaways-from-liz-rice-pop-up-meetup-on-container-security/ https://thenewstack.io/cloud-native-security-patching-with-devops-best-practices/ https://changelog.com/gotime/56 - podcast with Liz https://kubernetes-security.info - co-author of O’Reilly Kubernetes security book https://www.slideshare.net/Docker/dont-have-a-meltdown - Liz Rice/Justin Cormack slides https://www.bbc.com/news/technology-41753022 - NHS ransomware issue in 2017 https://docs.docker.com/config/containers/container-networking/ - docker portmapping https://techbeacon.com/9-practical-steps-secure-your-container-deployment If security needs to “Shift Left”, what can devs do to accommodate the change? Everyone will have to make adjustments, not just security… right? Reverse uptime… Forgotten data? Test Driven Development Why do we need security as far left? “We don’t patch, we just push a fix, ” “We’ll fix it in production…” Or we pump more resources to overcome perf issues Is there time for code reviews? “We don’t need change management…” https://testssl.sh - @drwetter Automation: How does security that solve security issues? Do Microservices solve everything? What don’t they solve? What does security need to embrace to make the shift less painful? What does development need to embrace to make the shift less painful? Cause security wants to get in there… There are already DevSecOps processes a-plenty and many . Why aren’t companies adopting them? Maturity? Lack of resources? Negligent devs - how can you ignore the news of breaches? Setting Goals “Start Small” - what’s an example of a small goal? Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Shamoon variant implicated in Saipem hack. Charming Kitten reappears. Sino-American tension over trade and industrial espionage.

The CyberWire

Play Episode Listen Later Dec 13, 2018 20:36

In today’s podcast we hear that the Saipem hack looks like a new Shamoon variant. Charming Kitten started prowling through relevant places after the Iran sanctions became more serious. US authorities denounce Chinese espionage, especially industrial espionage, but there are as yet no new indictments or sanctions. Concerns mount over Chinese influence operations. Another Canadian may be in Chinese custody—possibly in retaliation for the detention of Huawei’s CFO. Ben Yelin from UMD CHHS on how password policies align with the 5th amendment. Guest is Liz Rice from Aqua Security on the notion of security teams “shifting left.” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_13.html Support our show

China is doing incredible things with Kubernetes and Cloud Native: Liz Rice

TFIR: Open Source & Emerging Technologies

Play Episode Listen Later Dec 5, 2018 5:59

Q&A with a Co-Chair of KubeCon & CloudNativeCon We sat down with Liz Rice, Co-Chair KubeCon & CloudNativeCon, to talk about her experience in China, future events and diversity at CNCF events. TFiR: How has been your experience so far in KubeCon & CloudNativeCon China? Liz Rice: It has been phenomenal. This is my first time in China and it’s amazing to see these enormous Chinese companies who are embracing cloud native and doing advanced things with that. I was particularly struck by the number of applications of AI on Kubernetes. There are power companies, genetics research that’s been done using cloud native technologies. TFiR: Let’s look beyond China, what’s exciting about Seattle? LR: I’m really excited because we just sold out. There will be more than 7,500 attendees at Seattle KubeCon & CloudNativeCon. We are seeing this growing adoption of Kubernetes, so obviously there will be developers and technical discussions around technology. We want to maintain that, but we are also seeing end users and people with expertise and experience or running Kubernetes and cloud native in production. We want to hear more and more stories from them. I’ve just seen the stage layout and from the perspective of actually standing on that a really big stage, it’s going to be quite fun. We will see a lot of projects that are going through the process of graduation and want to move from sandbox into incubation. TFiR: Diversity is a topic that we cover here at TFiR. CNCF is doing incredible work to make its events more inclusive and diverse, will we continue to see that? LR: One of the things that I’m really impressed about the CNCF is that there is a genuine focus on trying to improve access for a diverse audience. We have diversity scholarships, and I believe 301 people have attended or are going to be attending KubeCon & CloudNativeCon this calendar year as a result of the diversity scholarships. It’s great to see those people from really unusual and interesting places around the world getting to attend and take back some knowledge to their local communities.

ai china chinese incredible co chair kubernetes cloud native cncf kubecon liz rice

Episode 123 - Talking about Kubernetes and container security with Liz Rice

Open Source Security Podcast

Play Episode Listen Later Nov 19, 2018 27:52

Josh and Kurt talk to Liz Rice about Kubernetes and container security. How did we get where we are today, what's new and exciting today, and where do we think things are going.

security aqua containers kubernetes container security liz rice

kube-hunter and KubeCon, with Liz Rice

Kubernetes Podcast from Google

Play Episode Listen Later Sep 5, 2018 26:01

Liz Rice from Aqua Security builds penetration testing tools for Kubernetes by day, and runs the KubeCon program by night. Adam and Craig dig into both topics. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter Adam went to Battle Ground Lake State Park Adam and Craig are both going to Google Cloud Next in Tokyo (September 19-20) Craig is also going to Google Cloud Summits in Singapore (September 13), Sydney (September 26) and Hong Kong (October 10) News of the week Google Cloud grants $9M in credits for the operation of the Kubernetes project The Machines Can Do the Work, a Story of Kubernetes Testing, CI, and Automating the Contributor Experience CNCF to host TiKV in the Sandbox New CNCF members CNCF Survey Istio 1.0.1 Forbes contributor Janakiram MSV on Cloud Native TriggerMesh Amazon adds support for Horizontal Pod Autoscaler Kontena 1.3.0 Links from the interview Aqua Security kube-bench kube-hunter: GitHub Launch blog post Introduction video KubeCon & CloudNativeCon: Europe: Copenhagen, May China: Shanghai, November North America: Seattle, December

google work news story automating containers kubernetes 9m community management cloud native kubecon k8s google cloud next istio aqua security liz rice

Security Tools with Liz Rice

The Women in Tech Show: A Technical Podcast

Play Episode Listen Later May 22, 2018

Security tools are essential in helping tackle vulnerabilities in the cloud. Liz Rice, Technology Evangelist at Aqua Security explained the capabilities of security tools, vulnerability reports, and the process of deploying security patches.

tools security technology evangelist aqua security liz rice

The Cloudcast #343 - Container Vulnerability Scanning

The Cloudcast

Play Episode Listen Later Apr 19, 2018 25:45

Aaron and Tyler Britten talk with Liz Rice (@lizrice, Technology Evangelist @AquaSecTeam) about what's easy—and what's not—about finding and patching security vulnerabilities in containers. This is a cross-over show with @PodCTL podcast. Show Links: Liz’s talk at Velocity Conf - “What’s so hard about container vulnerability scanning?” Use code "CLOUD" to get 20% off Velocity and OSCON Conference Passes Aqua Security Homepage Liz Rice’s Blog [Video] Kubernetes, Metadata and You (KubeCon 2017 Austin) [PODCAST] @PodCTL - Containers | Kubernetes | OpenShift - RSS Feed, iTunes, Google Play, Stitcher, TuneIn and all your favorite podcast players [A CLOUD GURU] Get The Cloudcast Alexa Skill [A CLOUD GURU] A Cloud Guru Membership - Start your free trial. Unlimited access to the best cloud training and new series to keep you up-to-date on all things AWS. [A CLOUD GURU] FREE access to AWS Certification Exam Prep Guide - At A Cloud Guru, the #1 question received from students is "I want to pass the AWS cert exam, so where do I start?" This course is your answer. [FREE] eBook from O'Reilly Show Notes Topic 1 - Welcome to the show Liz. Tell us a little bit about your background and the types of things that you’re working on these days. Topic 2 - Let’s start with the basics. A container is defined by a file (e.g. Dockerfile) that the user/developer/operator defines. How can a vulnerability get into that file? Topic 3 - Is it up to the CI/CD system or host OS (where the container runs) or container orchestrator (e.g. Kubernetes) or container registry to figure out if a vulnerability exists? Topic 4 - How do most container registries today manage vulnerability lists, container scanning and potential mitigations? What are the difficult parts of those tasks? Topic 5 - Most containers today are Linux containers. Are you seeing anything happening (yet) around how to manage Windows containers vulnerabilities? Is the assumption that Microsoft will fix this through one of their existing tools, or are things happening in the open source community as well? Feedback? Email: show at thecloudcast dot net Twitter: @thecloudcastnet and @ServerlessCast

Container Vulnerability Scanning

PodCTL - Kubernetes and Cloud-Native

Play Episode Listen Later Apr 18, 2018 25:45

Show: 32Show Overview:Tyler and Aaron Delp talk with Liz Rice (@lizrice, Technology Evangelist @AquaSecTeam) about what's easy—and what's not—about finding and patching security vulnerabilities in containers. This is a cross-over show with @TheCloudcastNet podcast. Show Notes:Liz’s talk at Velocity Conf - “What’s so hard about container vulnerability scanning?”Use code CLOUD to get 20% off Velocity or OSCON ticketsAqua Security HomepageLiz Rice’s Blog[Video] Kubernetes, Metadata and You (KubeCon 2017 Austin)Topic 1 - Welcome to the show Liz. Tell us a little bit about your background and the types of things that you’re working on these days.Topic 2 - Let’s start with the basics. A container is defined by a file (e.g. Dockerfile) that the user/developer/operator defines. How can a vulnerability get into that file?Topic 3 - Is it up to the CI/CD system or host OS (where the container runs) or container orchestrator (e.g. Kubernetes) or container registry to figure out if a vulnerability exists?Topic 4 - How do most container registries today manage vulnerability lists, container scanning and potential mitigations? What are the difficult parts of those tasks?Topic 5 - Most containers today are Linux containers. Are you seeing anything happening (yet) around how to manage Windows containers vulnerabilities? Is the assumption that Microsoft will fix this through one of their existing tools, or are things happening in the open source community as well? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com

microsoft os cloud vulnerability windows signing linux container velocity malware scanning kubernetes registry metadata ci cd openshift aqua security liz rice dockerfile

Episode 1 - Liz Rice, Aqua Security

HashiCast

Play Episode Listen Later Apr 3, 2018 44:49

This episode of HashiCast highlights Liz Rice from Aqua Security. Liz Rice works for Aqua Security who build a platform which provides development-to-production lifecycle controls for securing containerized applications. In addition to her work with Aqua, Liz is very active in the world of technology and has given some fascinating talks at GopherCon, DockerCon and many other conferences around the globe. She is also the maintainer of Kube-bench and Manifesto. We chat all things application security, the state of the industry, problems application developers face and some things you can do to help build a more secure workflow. Guests: Liz Rice - Aqua Security Hosts: Anubhav Mishra, Nic Jackson - Developer Advocates, HashiCorp Intro Music: El Mariachi by The Greek Fandango Orchestra (Creative Commons) freakfandango.bandcamp.com Links: Aqua Security: https://www.aquasec.com Kube Bench: https://github.com/aquasecurity/kube-bench Manifesto: https://github.com/aquasecurity/manifesto Talks: Velocity London - Keynote on Cloud Native Security https://www.youtube.com/watch?v=eB8kzdWWcfA&feature=youtu.be DockerCon - What have namespaces done for you lately? https://youtu.be/MHv6cWjvQjM HashiConf - Your Secret's Safe with Me - Securing Container Secrets with Vault https://www.youtube.com/watch?v=j3QJRdiTr1I&list=PL81sUbsFNc5Y-jbEC1y5BWenDoYscVv4t&index=30

manifesto aqua kube aqua security liz rice dockercon gophercon

Container Security and Demystifying Complexity (Go Time #56)

development software architecture complexity demystifying open source devops docker kubernetes go time golang container security liz rice

Play Episode Listen Later Sep 8, 2017 63:55 Transcription Available

Liz Rice joined the show to talk about containers, cloud security, making complex concepts easier to understand, and other interesting Go projects and news.

Container Security and Demystifying Complexity

development software architecture complexity demystifying open source devops docker kubernetes golang container security liz rice

Play Episode Listen Later Sep 8, 2017 63:55

Liz Rice joined the show to talk about containers, cloud security, making complex concepts easier to understand, and other interesting Go projects and news.

Container Security and Demystifying Complexity