Podcast appearances and mentions of liz rice

  • 58PODCASTS
  • 94EPISODES
  • 41mAVG DURATION
  • ?INFREQUENT EPISODES
  • Jan 31, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about liz rice

Latest podcast episodes about liz rice

2nd Story
Episode 305: Bobbie & Liz Rice - West Suburban Chinese School (西郊實驗中文學校)

2nd Story

Play Episode Listen Later Jan 31, 2025 20:29


In this week's story, mother-daughter duo Bobbie & Liz Rice share stories of their shared Chinese values and experiences, as well as the ways they've helped each other to evolve and change.

Paul's Security Weekly
Learning EBPF - Liz Rice - ASW Vault

Paul's Security Weekly

Play Episode Listen Later Jun 18, 2024 37:16


Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon. Segment Resources: Download "Learning eBPF": https://isovalent.com/learning-ebpf Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/ Show Notes: https://securityweekly.com/vault-asw-11

Paul's Security Weekly TV
Learning EBPF - Liz Rice - ASW Vault

Paul's Security Weekly TV

Play Episode Listen Later Jun 18, 2024 37:16


Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon. Segment Resources: Download "Learning eBPF": https://isovalent.com/learning-ebpf Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/ Show Notes: https://securityweekly.com/vault-asw-11

Application Security Weekly (Audio)
Learning EBPF - Liz Rice - ASW Vault

Application Security Weekly (Audio)

Play Episode Listen Later Jun 18, 2024 37:16


Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon. Segment Resources: Download "Learning eBPF": https://isovalent.com/learning-ebpf Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/ Show Notes: https://securityweekly.com/vault-asw-11

Application Security Weekly (Video)
Learning EBPF - Liz Rice - ASW Vault

Application Security Weekly (Video)

Play Episode Listen Later Jun 18, 2024 37:16


Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon. Segment Resources: Download "Learning eBPF": https://isovalent.com/learning-ebpf Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/ Show Notes: https://securityweekly.com/vault-asw-11

The IaC Podcast
Cloud-Native Security and Networking with Liz Rice

The IaC Podcast

Play Episode Listen Later May 30, 2024 26:00


How are modern cloud-native environments changing the way we handle security? Liz Rice, Chief Open Source Officer at Isovalent, explains why traditional IP-based network policies are becoming outdated and how game-changers like Cilium and eBPF, which leverage Kubernetes identities, offer more effective and readable policies. We also discuss the role of community-driven projects under the CNCF, and she shares tips for creating strong, future-proof solutions. What challenges should we expect next? Tune in to find out!Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She is the author of Container Security, and Learning eBPF, both published by O'Reilly, and she sits on the CNCF Governing Board, and on the Board of OpenUK. She was Chair of the CNCF's Technical Oversight Committee in 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018.She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine.

PurePerformance
eBPF and the Superpowers it unleashes with Liz Rice

PurePerformance

Play Episode Listen Later May 6, 2024 47:41


eBPF is a kernel technology enabling high-performance, low overhead tools for networking, security and observability. In simpler terms: eBPF makes the kernel programmable!Tune in to this episode whether you have never heard about eBPF, using eBPF based tools such as bcc, Cillium, Falco, Tetragon, Inspector Gadget ... or whether you are developing your own eBPF programs!Liz Rice, Chief Open Source Officer at Isovalent, kicks this episode off with a brief introduction of eBPF, explains how it works, which use cases it has enabled and why eBPF can truly give you super powers! In our conversation we dive deeper into the performance aspects of eBPF: how and why tools like Cillium outperforms classical network load balancers, how performance engineers can use it and how the Kernel internally handles eBPF extecutions.We discussed a lot of follow up material - here are all the relevant links:Liz's slide deck on "Unleashing the kernel with eBPF": https://speakerdeck.com/lizrice/unleashing-the-kernel-with-ebpfeBPF Documentary on YouTube: https://www.youtube.com/watch?v=Wb_vD3XZYOALearning eBPF GitHub repo accompanying her book: https://github.com/lizrice/learning-ebpf eBPF website: https://epbf.ioLiz on LinkedIn: https://www.linkedin.com/in/lizrice/ 

Cloud Security Podcast
How is Kubernetes Network Security Evolving?

Cloud Security Podcast

Play Episode Listen Later Apr 30, 2024 20:19


How is eBPF impacting Kubernetes Network Security? In this episode, recorded LIVE at Kubecon EU Paris 2024, Liz Rice, Chief Open Source Officer at Isovalent took us through the technical nuances of eBPF and its role in enabling dynamic, efficient network policies that go beyond traditional security measures. She also discusses Tetragon, the new subproject under Cilium, designed to enhance runtime security with deeper forensic capabilities. A great conversation for anyone involved in Kubernetes workload management, offering a peek into the future of cloud-native technologies and the evolving landscape of network security. Guest Socials: ⁠Liz's Linkedin⁠ Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (01:46) A bit about Liz Rice (02:11) What is eBPF and Cilium? (03:24) SC Linux vs eBPF (04:11) Business use case for Cilium (06:37) Cilium vs Cloud Managed Services (08:51) Why was there a need for Tetragon? (11:20) Business use case for Tetragon (11:32) Projects related to Multi-Cluster Deployment (12:45) Where can you learn more about eBPF and Tetragon (13:50) Hot Topics from Kubecon EU 2024 (15:07) The Fun Section (15:35) How has Kubecon changed over the years? Resources spoken about during the interview: Cilium Tetragon eBPF

Open at Intel
Better Than the Sum of Our Parts

Open at Intel

Play Episode Listen Later Apr 24, 2024 28:11 Transcription Available


Stephen Augustus, Head of Open Source at Cisco, and Liz Rice, Chief Open Source Officer at Isovalent, discuss Cisco's acquisition of Isovalent, which has closed since recording, bringing together two teams with long-standing expertise in open source cloud native technologies, observability, and security. The two share their excitement about working together, emphasizing the alignment of Isovalent with Cisco's security division and the potential enhancements this acquisition brings to open source projects like Cilium and eBPF. They explore the implications for the open source community, and the continuous investment and development in these projects under Cisco's umbrella. We discuss the ways this merger could innovate security practices, enhance infrastructure observability, and leverage AI for more intelligent networking solutions. 00:00 Welcome and Introduction 00:22 Cisco's Acquisition of Isovalent 00:53 The Excitement and Potential of the Acquisition 02:14 Strategic Alignment and Future Vision 04:03 Open Source Commitment and Community Impact 06:53 The Road Ahead: Integration and Innovation 19:49 Exploring AI and Future Technologies at Cisco 26:03 Reflections and Closing Thoughts Resources: Cilium, eBPF and Beyond | Open at Intel (podbean.com) The Art of Open Source: A Conversation with Stephen Augustus | Open at Intel (podbean.com) Guests: Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She was Chair of the CNCF's Technical Oversight Committee in 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly. She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine. Stephen Augustus is a Black engineering director and leader in open source communities. He is the Head of Open Source at Cisco, working within the Strategy, Incubation, & Applications (SIA) organization. For Kubernetes, he has co-founded transformational elements of the project, including the KEP (Kubernetes Enhancements Proposal) process, the Release Engineering subproject, and Working Group Naming. Stephen has also previously served as a chair for both SIG PM and SIG Azure. He continues his work in Kubernetes as a Steering Committee member and a Chair for SIG Release. Across the wider LF (Linux Foundation) ecosystem, Stephen has the pleasure of serving as a member of the OpenSSF Governing Board and the OpenAPI Initiative Business Governing Board. Previously, he was a TODO Group Steering Committee member, a CNCF (Cloud Native Computing Foundation) TAG Contributor Strategy Chair, and one of the Program Chairs for KubeCon / CloudNativeCon, the cloud native community's flagship conference. He is a maintainer for the Scorecard and Dex projects, and a prolific contributor to CNCF projects, amongst the top 40 (as of writing) code/content committers, all-time. In 2020, Stephen co-founded the Inclusive Naming Initiative, a cross-industry group dedicated to helping projects and companies make consistent, responsible choices to remove harmful language across codebases, standards, and documentation. He has previously held positions at VMware (via Heptio), Red Hat, and CoreOS. Stephen is based in New York City.  

Cloud Security Podcast
Kubernetes Network Security for Multi Tenancy

Cloud Security Podcast

Play Episode Listen Later Dec 8, 2023 26:22


Kubernetes security explained : We spoke to Cailyn Edwards, CNCF Ambassador and Senior Security Engineer at Shopify. Interview was recorded at Kubecon NA 2023. We asked her about the complexities of Kubernetes Network Security in a multi-tenant environment. During the interview, she shared the nuances of Kubernetes network security in multi-tenant setups, tools and tactics for securing Kubernetes environments, insights from her journey at Shopify and tips for advancing the security maturity of Kubernetes networks. Thank you to our episode sponsor Vanta - You can check them out at vanta.com/cloud Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠ Questions asked: Questions asked: (00:00) Introduction (02:25) A bit about Cailyn (03:08) How is Kubernetes Networking different? (04:20) Foundational pieces of Kubernetes Networking (06:21) Whats missing in Kubernetes Networking? (07:47) What is Multi Tenancy? (10:20) What are some of the common threat models? (13:16) How are people responding to threats? (14:41) Where to start learning about this? (16:26) Best practices for Kubernetes Networking (18:16) What becomes more important with maturity? (21:14) Resources to learn more about Kubernetes Security (22:30) The Fun Section Resources shared during the episode: Kubernetes Security Checklist - https://kubernetes.io/docs/concepts/security/security-checklist/ Pentesting your own cluster with Liz Rice - https://www.youtube.com/watch?v=fVqCAUJiIn0

Open at Intel
Cilium, eBPF and Beyond

Open at Intel

Play Episode Listen Later Dec 7, 2023 22:58


In this podcast, Isovalent's Liz Rice discusses her involvement with several open source projects, such as the Cilium project and the eBPF platform. With the graduation of Cilium in the CNCF, Liz explains its networking and security capabilities and how it benefits the cloud-native ecosystem. She also dives into eBPF and discusses the implications of AI. The talk concludes with an exploration about open source communities, recommendations regarding emerging trends in the open source world, and Liz's anticipation for the future of Cilium and the impact of eBPF. 00:00 Introduction and Guest Background 01:10 Understanding Cilium and its Role in Networking 02:15 Exploring the Origins and Impact of eBPF 04:21 Insights into the eBPF Summit and Community Events 08:00 The Role of Open Source in Technology Development 12:40 The Intersection of AI and Open Source 18:21 Future Developments in Cilium and Open Source 21:02 Conclusion and Final Thoughts Guest: Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She was Chair of the CNCF's Technical Oversight Committee in 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly. She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine.  

Open Source Underdogs
Episode 63: EBPF Networking Isovalent with Liz Rice – Chief Open Source Officer

Open Source Underdogs

Play Episode Listen Later Aug 13, 2023 24:45


Intro Mike: Hello and welcome to Open Source Underdogs! I’m your host, Mike Schwartz, and this is episode 63, with Liz Rice, Chief Open Source Officer at Isovalent, the software startup behind Cilium, an eBPF-based Networking, Security and Observability project.  This episode was recorded in early February at the inaugural State of Open Source Conference or SoCon,... The post Episode 63: EBPF Networking Isovalent with Liz Rice – Chief Open Source Officer first appeared on Open Source Underdogs.

Eficode
Stories about how eBPF is used today

Eficode

Play Episode Listen Later Jul 21, 2023 38:58


We've had previous conversations with Liz Rice in the DevOps Sauna podcast before and hosted her eBPF talk at The DEVOPS Conference Global 2023. It seems that many people don't know much about the work that Isovalent is doing and eBPF in general, although they are huge worldwide. Bill Mulligan, the Community Pollinator of Isovalent, is here to tell a few stories about their work and impact. -DevOps Sauna episode with Liz Rice Why sidecar-less Cilium Service Mesh is a game-changer: https://hubs.li/Q01WTQ8H0 -Liz Rice's keynote at The DEVOPS Conference Global 2023: https://hubs.li/Q01WTR150

DevOps Paradox
DOP 217: Learning eBPF With Liz Rice

DevOps Paradox

Play Episode Listen Later Jun 28, 2023 46:39


#217: Extended Berkeley Packet Filter, or eBPF, has been making waves in the tech industry over the past few years. It's a technology that enables you to extend the functionality of the Linux kernel without having to write kernel modules. But what exactly is eBPF, and how does it impact our systems, networks, and security? In this episode, we speak with Liz Rice, Chief Open Source Officer with eBPF pioneers Isovalent, about where eBPF started and why you may never write a line of (byte)code of eBPF yourself.   Liz's contact information: Twitter: https://twitter.com/lizrice LinkedIn: https://www.linkedin.com/in/lizrice/   YouTube channel: https://youtube.com/devopsparadox/   Books and Courses: Catalog, Patterns, And Blueprints https://www.devopstoolkitseries.com/posts/catalog/   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

Dev Interrupted
Exploring the Capabilities of eBPF: An Interview with Author & Chief Open Source Officer, Liz Rice

Dev Interrupted

Play Episode Listen Later May 16, 2023 38:28


On this week's episode of Dev Interrupted, we talk to Liz Rice, Chief Open Source Officer at Isovalent, and author of the book Learning eBPF: Programming the Linux Kernel for Enhanced Observability, Networking, and Security. Liz is an expert on open source, containers, and cloud-native technologies, and joins us to discuss her book, what she describes as some of the eBPF "superpowers" people are talking about, and some of the fascinating projects surrounding eBPF like Project Kepler. Liz also gives advice to engineers looking to try their hand at writing a book. Show Notes:Register for our summer series! Check out Liz's book: https://isovalent.com/learning-ebpf/Isovalent's labs: https://isovalent.com/resource-library/labs/Support the show: Subscribe to our Substack Follow us on YouTube Review us on Apple Podcasts or Spotify Follow us on Twitter or LinkedIn Offers: Learn about Continuous Merge with gitStream Want to try LinearB? Book a Demo & use discount code "Dev Interrupted Podcast"

programmier.bar – der Podcast für App- und Webentwicklung
Deep Dive 124 – Observability mit Michael Friedrich von GitLab

programmier.bar – der Podcast für App- und Webentwicklung

Play Episode Listen Later May 5, 2023 79:19


Wir begrüßen Michael Friedrich, Developer Evangelist bei GitLab, der uns tiefe Einblicke in die Welt der Observability und modernen Monitoring-Methoden gewährt. Wir entmystifizieren das Buzzword "Observability" und zeigen, wie es sich von traditionellen Monitoring-Ansätzen unterscheidet. Michael erläutert, wie Observability einen besseren Einblick in die Abläufe komplexer IT-Systeme ermöglicht und wie verschiedene Daten korreliert werden, um die Ursachen von Problemen schneller identifizieren zu können.In unserem Gespräch gehen wir auf das "Warum" hinter einem Fehler ein und diskutieren, wie Observability dazu beiträgt, die Ursachen von Problemen besser zu verstehen. Michael gibt uns auch eine Einführung in verschiedene Tools, die in diesem Bereich eingesetzt werden, wie Prometheus, Grafana und eBPF, und zeigt, wie diese Technologien dazu beitragen, Observability in der Praxis umzusetzen.Picks of the Day: Michael: Liz Rice: Learning eBPF – Dieses Buch von Liz Rice bietet einen Leitfaden für eBPF, Extended Berkeley Packet Filter. Dabei handelt es sich um ein leistungsfähiges und flexibles Framework zur Überwachung und Modifikation von Linux-Systemen auf Kernel-Ebene. Schreibt uns! Schickt uns eure Themenwünsche und euer Feedback: podcast@programmier.barFolgt uns! Bleibt auf dem Laufenden über zukünftige Folgen und virtuelle Meetups und beteiligt euch an Community-Diskussionen. TwitterInstagramFacebookMeetupYouTubeMusik: Hanimo

Eficode
Field day: Key takeaways from KubeCon 2023

Eficode

Play Episode Listen Later May 4, 2023 34:19


A couple of weeks ago, some members of our Eficode team attended KubeCon + CloudNativeCon Europe 2023 in Amsterdam, the event that gathers adopters and technologists from leading open source and cloud native communities. Andy Allred even took the stage together with Liz Rice Enjoy some key takeaways from The Cloud Native Computing Foundation's (CNCF) flagship conference in this short DevOps Sauna episode! See also: -Liz Rice's talk from The DEVOPS Conference - Global 2023: DevOps Superpowers with eBPF https://www.thedevopsconference.com/videos?name=unleashing&topic=all&event=5 -Podcast with Liz Rice: Why sidecar-less Cilium Service Mesh is a game-changer https://www.eficode.com/devops-podcast/sidecar-less-cilium-mesh

Screaming in the Cloud
Learning eBPF with Liz Rice

Screaming in the Cloud

Play Episode Listen Later May 2, 2023 33:59


Liz Rice, Chief Open Source Officer at Isovalent, joins Corey on Screaming in the Cloud to discuss the release of her newest book, Learning eBPF, and the exciting possibilities that come with eBPF technology. Liz explains what got her so excited about eBPF technology, and what it was like to write a book while also holding a full-time job. Corey and Liz also explore the learning curve that comes with kernel programming, and Liz illustrates why it's so important to be able to explain complex technologies in simple terminology. About LizLiz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She sits on the CNCF Governing Board, and on the Board of OpenUK. She was Chair of the CNCF's Technical Oversight Committee in 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, and Learning eBPF, both published by O'Reilly.She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine.Links Referenced: Isovalent: https://isovalent.com/ Learning eBPF: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Container Security: https://www.amazon.com/Container-Security-Fundamental-Containerized-Applications/dp/1492056707/ GitHub for Learning eBPF: https://github.com/lizRice/learning-eBPF TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Our returning guest today is Liz Rice, who remains the Chief Open Source Officer with Isovalent. But Liz, thank you for returning, suspiciously closely timed to when you have a book coming out. Welcome back.Liz: [laugh]. Thanks so much for having me. Yeah, I've just—I've only had the physical copy of the book in my hands for less than a week. It's called Learning eBPF. I mean, obviously, I'm very excited.Corey: It's an O'Reilly book; it has some form of honeybee on the front of it as best I can tell.Liz: Yeah, I was really pleased about that. Because eBPF has a bee as its logo, so getting a [early 00:01:17] honeybee as the O'Reilly animal on the front cover of the book was pretty pleasing, yeah.Corey: Now, this is your second O'Reilly book, is it not?Liz: It's my second full book. So, I'd previously written a book on Container Security. And I've done a few short reports for them as well. But this is the second, you know, full-on, you can buy it on Amazon kind of book, yeah.Corey: My business partner wrote Practical Monitoring for O'Reilly and that was such an experience that he got entirely out of observability as a field and ran running to AWS bills as a result. So, my question for you is, why would anyone do that more than once?Liz: [laugh]. I really like explaining things. And I had a really good reaction to the Container Security book. I think already, by the time I was writing that book, I was kind of interested in eBPF. And we should probably talk about what that is, but I'll come to that in a moment.Yeah, so I've been really interested in eBPF, for quite a while and I wanted to be able to do the same thing in terms of explaining it to people. A book gives you a lot more opportunity to go into more detail and show people examples and get them kind of hands-on than you can do in their, you know, 40-minute conference talk. So, I wanted to do that. I will say I have written myself a note to never do a full-size book while I have a full-time job because it's a lot [laugh].Corey: You do have a full-time job and then some. As we mentioned, you're the Chief Open Source Officer over at Isovalent, you are on the CNCF governing board, you're on the board of OpenUK, and you've done a lot of other stuff in the open-source community as well. So, I have to ask, taking all of that together, are you just allergic to things that make money? I mean, writing the book as well on top of that. I'm told you never do it for the money piece; it's always about the love of it. But it seems like, on some level, you're taking it to an almost ludicrous level.Liz: Yeah, I mean, I do get paid for my day job. So, there is that [laugh]. But so, yeah—Corey: I feel like that's the only way to really write a book is, in turn, to wind up only to just do it for—what someone else is paying you to for doing it, viewing it as a marketing exercise. It pays dividends, but those dividends don't, in my experience from what I've heard from everyone say, pay off as of royalties on book payments.Liz: Yeah, I mean, it's certainly, you know, not a bad thing to have that income stream, but it certainly wouldn't make you—you know, I'm not going to retire tomorrow on the royalty stream unless this podcast has loads and loads of people to buy the book [laugh].Corey: Exactly. And I'm always a fan of having such [unintelligible 00:03:58]. I will order it while we're on the call right now having this conversation because I believe in supporting the things that we want to see more of in the world. So, explain to me a little bit about what it is. Whatever you talking about learning X in a title, I find that that's often going to be much more approachable than arcane nonsense deep-dive things.One of the O'Reilly books that changed my understanding was Linux Kernel Internals, or Understanding the Linux Kernel. Understanding was kind of a heavy lift at that point because it got very deep very quickly, but I absolutely came away understanding what was going on a lot more effectively, even though I was so slow I needed a tow rope on some of it. When you have a book that started with learning, though, I imagined it assumes starting at zero with, “What's eBPF?” Is that directionally correct, or does it assume that you know a lot of things you don't?Liz: Yeah, that's absolutely right. I mean, I think eBPF is one of these technologies that is starting to be, particularly in the cloud-native world, you know, it comes up; it's quite a hot technology. What it actually is, so it's an acronym, right? EBPF. That acronym is almost meaningless now.So, it stands for extended Berkeley Packet Filter. But I feel like it does so much more than filtering, we might as well forget that altogether. And it's just become a term, a name in its own right if you like. And what it really does is it lets you run custom programs in the kernel so you can change the way that the kernel behaves, dynamically. And that is… it's a superpower. It's enabled all sorts of really cool things that we can do with that superpower.Corey: I just pre-ordered it as a paperback on Amazon and it shows me that it is now number one new release in Linux Networking and Systems Administration, so you're welcome. I'm sure it was me that put it over the top.Liz: Wonderful. Thank you very much. Yeah [laugh].Corey: Of course, of course. Writing a book is one of those things that I've always wanted to do, but never had the patience to sit there and do it or I thought I wasn't prolific enough, but over the holidays, this past year, my wife and business partner and a few friends all chipped in to have all of the tweets that I'd sent bound into a series of leather volumes. Apparently, I've tweeted over a million words. And… yeah, oh, so I have to write a book 280 characters at a time, mostly from my phone. I should tweet less was really the takeaway that I took from a lot of that.But that wasn't edited, that wasn't with an overall theme or a narrative flow the way that an actual book is. It just feels like a term paper on steroids. And I hated term papers. Love reading; not one to write it.Liz: I don't know whether this should make it into the podcast, but it reminded me of something that happened to my brother-in-law, who's an artist. And he put a piece of video on YouTube. And for unknowable reasons if you mistyped YouTube, and you spelt it, U-T-U-B-E, the page that you would end up at from Google search was a YouTube video and it was in fact, my brother-in-law's video. And people weren't expecting to see this kind of art movie about matches burning. And he just had the worst comment—like, people were so mean in the comments. And he had millions of views because people were hitting this page by accident, and he ended up—Corey: And he made the cardinal sin of never read the comments. Never break that rule. As soon as you do that, it doesn't go well. I do read the comments on various podcast platforms on this show because I always tell people to insulted all they want, just make sure you leave a five-star review.Liz: Well, he ended up publishing a book with these comments, like, one comment per page, and most of them are not safe for public consumption comments, and he just called it Feedback. It was quite something [laugh].Corey: On some level, it feels like O'Reilly books are a little insulated from the general population when it comes to terrible nonsense comments, just because they tend to be a little bit more expensive than the typical novel you'll see in an airport bookstore, and again, even though it is approachable, Learning eBPF isn't exactly the sort of title that gets people to think that, “Ooh, this is going to be a heck of a thriller slash page-turner with a plot.” “Well, I found the protagonist unrelatable,” is not sort of the thing you're going to wind up seeing in the comments because people thought it was going to be something different.Liz: I know. One day, I'm going to have to write a technical book that is also a murder mystery. I think that would be, you know, quite an achievement. But yeah, I mean, it's definitely aimed at people who have already come across the term, want to know more, and particularly if you're the kind of person who doesn't want to just have a hand-wavy explanation that involves boxes and diagrams, but if, like me, you kind of want to feel the code, and you want to see how things work and you want to work through examples, then that's the kind of person who might—I hope—enjoy working through the book and end up with a possible mental model of how eBPF works, even though it's essentially kernel programming.Corey: So, I keep seeing eBPF in an increasing number of areas, a bunch of observability tools, a bunch of security tools all tend to tie into it. And I've seen people do interesting things as far as cost analysis with it. The problem that I run into is that I'm not able to wind up deploying it universally, just because when I'm going into a client engagement, I am there in a purely advisory sense, given that I'm biasing these days for both SaaS companies and large banks, that latter category is likely going to have some problems if I say, “Oh, just take this thing and go ahead and deploy it to your entire fleet.” If they don't have a problem with that, I have a problem with their entire business security posture. So, I don't get to be particularly prescriptive as far as what to do with it.But if I were running my own environment, it is pretty clear by now that I would have explored this in some significant depth. Do you find that it tends to be something that is used primarily in microservices environments? Does it effectively require Kubernetes to become useful on day one? What is the onboard path where people would sit back and say, “Ah, this problem I'm having, eBPF sounds like the solution.”Liz: So, when we write tools that are typically going to be some sort of infrastructure, observability, security, networking tools, if we're writing them using eBPF, we're instrumenting the kernel. And the kernel gets involved every time our application wants to do anything interesting because whenever it wants to read or write to a file, or send receive network messages, or write something to the screen, or allocate memory, or all of these things, the kernel has to be involved. And we can use eBPF to instrument those events and do interesting things. And the kernel doesn't care whether those processes are running in containers, under Kubernetes, just running directly on the host; all of those things are visible to eBPF.So, in one sense, doesn't matter. But one of the reasons why I think we're seeing eBPF-based tools really take off in cloud-native is that you can, by applying some programming, you can link events that happened in the kernel to specific containers in specific pods in whatever namespace and, you know, get the relationship between an event and the Kubernetes objects that are involved in that event. And then that enables a whole lot of really interesting observability or security tools and it enables us to understand how network packets are flowing between different Kubernetes objects and so on. So, it's really having this vantage point in the kernel where we can see everything and we didn't have to change those applications in any way to be able to use eBPF to instrument them.Corey: When I see the stories about eBPF, it seems like it's focused primarily on networking and flow control. That's where I'm seeing it from a security standpoint, that's where I'm seeing it from cost allocation aspect. Because, frankly, out of the box, from a cloud provider's perspective, Kubernetes looks like a single-tenant application with a really weird behavioral pattern, and some of that crosstalk gets very expensive. Is there a better way than either using eBPF and/or VPC flow logs to figure out what's talking to what in the Kubernetes ecosystem, or is BPF really your first port of call?Liz: So, I'm coming from a position of perspective of working for the company that created the Cilium networking project. And one of the reasons why I think Cilium is really powerful is because it has this visibility—it's got a component called Hubble—that allows you to see exactly how packets are flowing between these different Kubernetes identities. So, in a Kubernetes environment, there's not a lot of point having network flows that talk about IP addresses and ports when what you really want to know is, what's the Kubernetes namespace, what's the application? Defining things in terms of IP addresses makes no sense when they're just being refreshed and renewed every time you change pods. So yeah, Kubernetes changes the requirements on networking visibility and on firewalling as well, on network policy, and that, I think, is you don't have to use eBPF to create those tools, but eBPF is a really powerful and efficient platform for implementing those tools, as we see in Cilium.Corey: The only competitor I found to it that gives a reasonable explanation of why random things are transferring multiple petabytes between each other in the middle of the night has been oral tradition, where I'm talking to people who've been around there for a while. It's, “So, I'm seeing this weird traffic pattern at these times a day. Any idea what that might be?” And someone will usually perk up and say, “Oh, is it—” whatever job that they're doing. Great. That gives me a direction to go in.But especially in this era of layoffs and as environments exist for longer and longer, you have to turn into a bit of a data center archaeologist. That remains insufficient, on some level. And some level, I'm annoyed with trying to understand or needing to use tooling like this that is honestly this powerful and this customizable, and yes, on some level, this complex in order to get access to that information in a meaningful sense. But on the other, I'm glad that that option is at least there for a lot of workloads.Liz: Yeah. I think, you know, that speaks to the power of this new generation of tooling. And the same kind of applies to security forensics, as well, where you might have an enormous stream of events, but unless you can tie those events back to specific Kubernetes identities, which you can use eBPF-based tooling to do, then how do you—the forensics job of tying back where did that event come from, what was the container that was compromised, it becomes really, really difficult. And eBPF tools—like Cilium has a sub-project called Tetragon that is really good at this kind of tying events back to the Kubernetes pod or whether we want to know what node it was running on what namespace or whatever. That's really useful forensic information.Corey: Talk to me a little bit about how broadly applicable it is. Because from my understanding from our last conversation, when you were on the show a year or so ago, if memory serves, one of the powerful aspects of it was very similar to what I've seen some of Brendan Gregg's nonsense doing in his kind of various talks where you can effectively write custom programming on the fly and it'll tell you exactly what it is that you need. Is this something that can be instrument once and then effectively use it for basically anything, [OTEL 00:16:11]-style, or instead, does it need to be effectively custom configured every time you want to get a different aspect of information out of it?Liz: It can be both of those things.Corey: “It depends.” My least favorite but probably the most accurate answer to hear.Liz: [laugh]. But I think Brendan did a really great—he's done many talks talking about how powerful BPF is and built lots of specific tools, but then he's also been involved with Bpftrace, which is kind of like a language for—a high-level language for saying what it is that you want BPF to trace out for you. So, a little bit like, I don't know, awk but for events, you know? It's a scripting language. So, you can have this flexibility.And with something like Bpftrace, you don't have to get into the weeds yourself and do kernel programming, you know, in eBPF programs. But also there's gainful employment to be had for people who are interested in that eBPF kernel programming because, you know, I think there's just going to be a whole range of more tools to come, you know>? I think we're, you know, we're seeing some really powerful tools with Cilium and Pixie and [Parker 00:17:27] and Kepler and many other tools and projects that are using eBPF. But I think there's also a whole load of more to come as people think about different ways they can apply eBPF and instrument different parts of an overall system.Corey: We're doing this over audio only, but behind me on my wall is one of my least favorite gifts ever to have been received by anyone. Mike, my business partner, got me a thousand-piece puzzle of the Kubernetes container landscape where—Liz: [laugh].Corey: This diagram is psychotic and awful and it looks like a joke, except it's not. And building that puzzle was maddening—obviously—but beyond that, it was a real primer in just how vast the entire container slash Kubernetes slash CNCF landscape really is. So, looking at this, I found that the only reaction that was appropriate was a sense of overwhelmed awe slash frustration, I guess. It's one of those areas where I spend a lot of time focusing on drinking from the AWS firehose because they have a lot of products and services because their product strategy is apparently, “Yes,” and they're updating these things in a pretty consistent cadence. Mostly. And even that feels like it's multiple full-time jobs shoved into one.There are hundreds of companies behind these things and all of them are in areas that are incredibly complex and difficult to go diving into. EBPF is incredibly powerful, I would say ridiculously so, but it's also fiendishly complex, at least shoulder-surfing behind people who know what they're doing with it has been breathtaking, on some level. How do people find themselves in a situation where doing a BPF deep dive make sense for them?Liz: Oh, that's a great question. So, first of all, I'm thinking is there an AWS Jigsaw as well, like the CNCF landscape Jigsaw? There should be. And how many pieces would it have? [It would be very cool 00:19:28].Corey: No, because I think the CNCF at one point hired a graphic designer and it's unclear that AWS has done such a thing because their icons for services are, to be generous here, not great. People have flashcards that they've built for is what services does logo represent? Haven't a clue, in almost every case because I don't care in almost every case. But yeah, I've toyed with the idea of doing it. It's just not something that I'd ever want to have my name attached to it, unfortunately. But yeah, I want someone to do it and someone else to build it.Liz: Yes. Yeah, it would need to refresh every, like, five minutes, though, as they roll out a new service.Corey: Right. Because given that it appears from the outside to be impenetrable, it's similar to learning VI in some cases, where oh, yeah, it's easy to get started with to do this trivial thing. Now, step two, draw the rest of the freaking owl. Same problem there. It feels off-putting just from a perspective of you must be at least this smart to proceed. How do you find people coming to it?Liz: Yeah, there is some truth in that, in that beyond kind of Hello World, you quite quickly start having to do things with kernel data structures. And as soon as you're looking at kernel data structures, you have to sort of understand, you know, more about the kernel. And if you change things, you need to understand the implications of those changes. So, yeah, you can rapidly say that eBPF programming is kernel programming, so why would anybody want to do it? The reason why I do it myself is not because I'm a kernel programmer; it's because I wanted to really understand how this is working and build up a mental model of what's happening when I attach a program to an event. And what kinds of things can I do with that program?And that's the sort of exploration that I think I'm trying to encourage people to do with the book. But yes, there is going to be at some point, a pretty steep learning curve that's kernel-related but you don't necessarily need to know everything in order to really have a decent understanding of what eBPF is, and how you might, for example—you might be interested to see what BPF programs are running on your existing system and learn why and what they might be doing and where they're attached and what use could that be.Corey: Falling down that, looking at the process table once upon a time was a heck of an education, one week when I didn't have a lot to do and I didn't like my job in those days, where, “Oh, what is this Avahi daemon that constantly running? MDNS forwarding? Who would need that?” And sure enough, that tickled something in the back of my mind when I wound up building out my networking box here on top of BSD, and oh, yeah, I want to make sure that I can still have discovery work from the IoT subnet over to whatever it is that my normal devices live. Ah, that's what that thing always running for. Great for that one use case. Almost never needed in other cases, but awesome. Like, you fire up a Raspberry Pi. It's, “Why are all these things running when I'm just want to have an embedded device that does exactly one thing well?” Ugh. Computers have gotten complicated.Liz: I know. It's like when you get those pop-ups on—well certainly on Mac, and you get pop-ups occasionally, let's say there's such and such a daemon wants extra permissions, and you think I'm not hitting that yes button until I understand what that daemon is. And it turns out, it's related, something completely innocuous that you've actually paid for, but just under a different name. Very annoying. So, if you have some kind of instrumentation like tracing or logging or security tooling that you want to apply to all of your containers, one of the things you can use is a sidecar container approach. And in Kubernetes, that means you inject the sidecar into every single pod. And—Corey: Yes. Of course, the answer to any Kubernetes problem appears to be have you tried running additional containers?Liz: Well, right. And there are challenges that can come from that. And one of the reasons why you have to do that is because if you want a tool that has visibility over that container that's inside the pod, well, your instrumentation has to also be inside the pod so that it has visibility because your pod is, by design, isolated from the host it's running on. But with eBPF, well eBPF is in the kernel and there's only one kernel, however many containers were running. So, there is no kind of isolation between the host and the containers at the kernel level.So, that means if we can instrument the kernel, we don't have to have a separate instance in every single pod. And that's really great for all sorts of resource usage, it means you don't have to worry about how you get those sidecars into those pods in the first place, you know that every pod is going to be instrumented if it's instrumented in the kernel. And then for service mesh, service mesh usually uses a sidecar as a Layer 7 Proxy injected into every pod. And that actually makes for a pretty convoluted networking path for a packet to sort of go from the application, through the proxy, out to the host, back into another pod, through another proxy, into the application.What we can do with eBPF, we still need a proxy running in userspace, but we don't need to have one in every single pod because we can connect the networking namespaces much more efficiently. So, that was essentially the basis for sidecarless service mesh, which we did in Cilium, Istio, and now we're using a similar sort of approach with Ambient Mesh. So that, again, you know, avoiding having the overhead of a sidecar in every pod. So that, you know, seems to be the way forward for service mesh as well as other types of instrumentation: avoiding sidecars.Corey: On some level, avoiding things that are Kubernetes staples seems to be a best practice in a bunch of different directions. It feels like it's an area where you start to get aligned with the idea of service meesh—yes, that's how I pluralize the term service mesh and if people have a problem with that, please, it's imperative you've not send me letters about it—but this idea of discovering where things are in a variety of ways within a cluster, where things can talk to each other, when nothing is deterministically placed, it feels like it is screaming out for something like this.Liz: And when you think about it, Kubernetes does sort of already have that at the level of a service, you know? Services are discoverable through native Kubernetes. There's a bunch of other capabilities that we tend to associate with service mesh like observability or encrypted traffic or retries, that kind of thing. But one of the things that we're doing with Cilium, in general, is to say, but a lot of this is just a feature of the networking, the underlying networking capability. So, for example, we've got next generation mutual authentication approach, which is using SPIFFE IDs between an application pod and another application pod. So, it's like the equivalent of mTLS.But the certificates are actually being passed into the kernel and the encryption is happening at the kernel level. And it's a really neat way of saying we don't need… we don't need to have a sidecar proxy in every pod in order to terminate those TLS connections on behalf of the application. We can have the kernel do it for us and that's really cool.Corey: Yeah, at some level, I find that it still feels weird—because I'm old—to have this idea of one shared kernel running a bunch of different containers. I got past that just by not requiring that [unintelligible 00:27:32] workloads need to run isolated having containers run on the same physical host. I found that, for example, running some stuff, even in my home environment for IoT stuff, things that I don't particularly trust run inside of KVM on top of something as opposed to just running it as a container on a cluster. Almost certainly stupendous overkill for what I'm dealing with, but it's a good practice to be in to start thinking about this. To my understanding, this is part of what AWS's Firecracker project starts to address a bit more effectively: fast provisioning, but still being able to use different primitives as far as isolation boundaries go. But, on some level, it's nice to not have to think about this stuff, but that's dangerous.Liz: [laugh]. Yeah, exactly. Firecracker is really nice way of saying, “Actually, we're going to spin up a whole VM,” but we don't ne—when I say ‘whole VM,' we don't need all of the things that you normally get in a VM. We can get rid of a ton of things and just have the essentials for running that Lambda or container service, and it becomes a really nice lightweight solution. But yes, that will have its own kernel, so unlike, you know, running multiple kernels on the same VM where—sorry, running multiple containers on the same virtual machine where they would all be sharing one kernel, with Firecracker you'll get a kernel per instance of Firecracker.Corey: The last question I have for you before we wind up wrapping up this episode harkens back to something you said a little bit earlier. This stuff is incredibly technically nuanced and deep. You clearly have a thorough understanding of it, but you also have what I think many people do not realize is an orthogonal skill of being able to articulate and explain those complex concepts simply an approachably, in ways that make people understand what it is you're talking about, but also don't feel like they're being spoken to in a way that's highly condescending, which is another failure mode. I think it is not particularly well understood, particularly in the engineering community, that there are—these are different skill sets that do not necessarily align congruently. Is this something you've always known or is this something you've figured out as you've evolved your career that, oh I have a certain flair for this?Liz: Yeah, I definitely didn't always know it. And I started to realize it based on feedback that people have given me about talks and articles I'd written. I think I've always felt that when people use jargon or they use complicated language or they, kind of, make assumptions about how things are, it quite often speaks to them not having a full understanding of what's happening. If I want to explain something to myself, I'm going to use straightforward language to explain it to myself [laugh] so I can hold it in my head. And I think people appreciate that.And you can get really—you know, you can get quite in-depth into something if you just start, step by step, build it up, explain everything as you go along the way. And yeah, I think people do appreciate that. And I think people, if they get lost in jargon, it doesn't help anybody. And yeah, I very much appreciate it when people say that, you know, they saw a talk or they read something I wrote and it meant that they finally grokked whatever that concept was that that I was trying to explain. I will say at the weekend, I asked ChatGPT to explain DNS in the style of Liz Rice, and it started off, it was basically, “Hello there. I'm Liz Rice and I'm here to explain DNS in very simple terms.” I thought, “Okay.” [laugh].Corey: Every time I think I've understood DNS, there's another level to it.Liz: I'm pretty sure there is a lot about DNS that I don't understand, yeah. So, you know, there's always more to learn out there.Corey: There's certainly is. I really want to thank you for taking time to speak with me today about what you're up to. Where's the best place for people to find you to learn more? And of course, to buy the book.Liz: Yeah, so I am Liz Rice pretty much everywhere, all over the internet. There is a GitHub repo that accompanies the books that you can find that on GitHub: lizRice/learning-eBPF. So, that's a good place to find some of the example code, and it will obviously link to where you can download the book or buy it because you can pay for it; you can also download it from Isovalent for the price of your contact details. So, there are lots of options.Corey: Excellent. And we will, of course, put links to that in the [show notes 00:32:08]. Thank you so much for your time. It's always great to talk to you.Liz: It's always a pleasure, so thanks very much for having me, Corey.Corey: Liz Rice, Chief Open Source Officer at Isovalent. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment that you have somehow discovered this episode by googling for knitting projects.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

2nd Story
Episode 263: Liz Rice - Una Estadounidense En Habana

2nd Story

Play Episode Listen Later Apr 28, 2023 18:19


In this week's story, teller Liz Rice shares how, while abroad intending to study Spanish, she learned a great deal more in addition. [Teller's Note: At the 4:50 mark, Liz intended to state that her teachers speak fluent English, in addition to the expected Spanish.]

Cloud Security Podcast
Network Security for Kubernetes

Cloud Security Podcast

Play Episode Listen Later Apr 16, 2023 40:11


Cloud Security Podcast -  This month we are talking about "Kubernetes Security & KubeCon EU 2023" and for the third episode in this series, we spoke to Liz Rice ( Liz's Linkedin⁠). Liz Rice from Isovalent speaks about how Network Security can be done in Kubernetes. Kubernetes network security with eBPF, Cilium can be raised to be better than selinux seccomp tcpdump - yes the linux networking security tools. Yes you read that right. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: ⁠⁠⁠⁠www.cloudsecuritypodcast.tv⁠⁠⁠⁠ FREE CLOUD BOOTCAMPs on ⁠⁠⁠⁠www.cloudsecuritybootcamp.com⁠⁠⁠⁠ Host Twitter: Ashish Rajan (⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠) Guest Socials: Andrew Martin (⁠⁠Andrew's Linkedin⁠⁠) Podcast Twitter - ⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠ ⁠⁠⁠⁠@CloudSecureNews⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠Cloud Security News ⁠⁠⁠⁠ - ⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠ Spotify TimeStamp for Interview Questions (00:00) Introduction (00:15) A word from our sponsor snyk.io/csp (03:36) A bit about Liz Rice (04:36) Liz's path into Cloud Native (06:22) What is EBPF? (08:12) Use case for EBPF in on premise (10:37) SC Linux and EBPF (11:28) Why we are solving this now with Kubernetes? (13:22) EBPF in managed vs unmanaged Kubernetes? (15:37) Implementation of EBPF (17:38) Access Management and Network Security (21:02) Challenges with multi cluster Kubernetes deployment (24:03) Key management in multi cluster (25:11) Current gaps in Kubernetes security (27:41) Developer first in the cloud native space (32:47) The future of EBPF (34:36) Where can you learn more about EBPF (36:25) The fun questions See you at the next episode!

Paul's Security Weekly
ASW #235 - Liz Rice

Paul's Security Weekly

Play Episode Listen Later Apr 5, 2023 71:50


Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon.   Segment Resources:  Download "Learning eBPF": https://isovalent.com/learning-ebpf   Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Code examples accompanying the book: https://github.com/lizrice/learning-ebpf= Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/   BingBang and Azure, Super FabriXss and Azure, reversing the 3CX trojan on macOS, highlights from Real World Crypto, fun GPT prompts, and a secure code game   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw235

Paul's Security Weekly TV
Learning eBPF - Liz Rice - ASW #235

Paul's Security Weekly TV

Play Episode Listen Later Apr 4, 2023 38:26


Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon.   Segment Resources: Download "Learning eBPF": https://isovalent.com/learning-ebpf  Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Code examples accompanying the book: https://github.com/lizrice/learning-ebpf= Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw235

Application Security Weekly (Audio)

Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon.   Segment Resources:  Download "Learning eBPF": https://isovalent.com/learning-ebpf   Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Code examples accompanying the book: https://github.com/lizrice/learning-ebpf= Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/   BingBang and Azure, Super FabriXss and Azure, reversing the 3CX trojan on macOS, highlights from Real World Crypto, fun GPT prompts, and a secure code game   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw235

Application Security Weekly (Video)
Learning eBPF - Liz Rice - ASW #235

Application Security Weekly (Video)

Play Episode Listen Later Apr 4, 2023 38:26


Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon.   Segment Resources: Download "Learning eBPF": https://isovalent.com/learning-ebpf  Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Code examples accompanying the book: https://github.com/lizrice/learning-ebpf= Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw235

Tech. Strong. Women.
A Conversation with Liz Rice, Chief Open Source Officer at Isovalent - Tech.Strong.Women EP 15

Tech. Strong. Women.

Play Episode Listen Later Feb 23, 2023 36:08


In this episode of Tech. Strong. Women., hosts Jodi Ashley and Tracy Ragan talk with Liz Rice, chief open source officer at Isovalent, about extended Berkeley Packet Filter (eBPF) and its impact on the open source ecosystem and observability, the challenges open source developers face with the upcoming Cyber Resilience Act legislation and the significant impact AI has on open source. Rice will discuss how AI opens up numerous opportunities for further automation and optimization of open source development, integration and delivery all along the SDLC. Finally, Rice explores how the modern remote, work-from-anywhere technology landscape will empower more women and underrepresented groups to pursue tech careers.

theCUBE Insights
Liz Rice, Isovalent | CloudNativeSecurityCon 23

theCUBE Insights

Play Episode Listen Later Feb 3, 2023 23:43


Liz Rice, Chief Open Source Officer, Isovalent & Emeritus Chair, Technical Oversight Committee talks with Lisa Martin and John Furrier for coverage of Cloud Native SecurityCon 2023.

The New Stack Podcast
Devs and Ops: Can This Marriage Be Saved?

The New Stack Podcast

Play Episode Listen Later Nov 1, 2022 42:09


DETROIT — Are we still shifting left? Is it realistic to expect developers to take on the burdens of security and infrastructure provisioning, as well as writing their applications? Is platform engineering the answer to saving the DevOps dream? Bottom line: Do Devs and Ops really talk to each other — or just passive-aggressively swap Jira tickets? These are some of the topics explored by a panel, “Devs and Ops People: It's Time for Some Kubernetes Couples Therapy,” convened by The New Stack at KubeCon + CloudNativeCon North America, here in the Motor City, on Thursday. Panelists included Saad Malik, chief technology officer and co-founder of Spectro Cloud; Viktor Farcic, developer advocate at Upbound; Liz Rice, chief open source officer at Isolalent, and Aeris Stewart, community manager at Humanitec. The latest TNS pancake breakfast was hosted by Alex Williams, The New Stack's founder and publisher, with Heather Joslyn, TNS features editor, fielding questions from the audience. The event was sponsored by Spectro Cloud. Alleviating Cognitive Load for Devs A big pain point in the DevOps structure — the marriage of frontend and backend in cross-functional teams — is that all devs aren't necessarily willing or able to take on all the additional responsibilities demanded of them. A lot of organizations have “copy-pasted this one size fits all approach to DevOps,” said Stewart. “If you look at the tooling landscape, it is rapidly growing not just in terms of the volume of tools, but also the complexity of the tools themselves,” they said. “And developers are in parallel expected to take over an increasing amount of the software delivery process. And all of this, together, is too much cognitive load for them.” This situation also has an impact on operations engineers, who must help alleviate developers' burdens. “It's causing a lot of inefficiencies of these organizations,” they added, “and a lot of the same inefficiencies that DevOps was supposed to get rid of.” Platform engineering — in which operations engineers provide devs with an internal developer platform that abstracts away some of the complexity — is “a sign of hope,” Stewart said, for organizations for whom DevOps is proving tough to implement. The concept behind DevOps is “about making teams self-sufficient, so they have full control of their application, right from the idea until it is running in production,” said Farcic. But, he added, “you cannot expect them to have 17 years of experience in Kubernetes, and AWS and whatnot. And that's where platforms come in. That's how other teams, who have certain expertise, provide services so that those  … developers and operators can actually do the work that they're supposed to do, just as operators today are using services from AWS to do their work. So what AWS for Ops is to Ops, to me, that's what internal developer platforms are to application developers.” Consistency vs. Innovation Platform engineering has been a hot topic in DevOps circles (and at KubeCon) but the definition remains a bit fuzzy, the panelists acknowledged. (“In a lot of organizations, ‘platform engineering' is just a fancy new way of saying ‘Ops,'” said Rice.) The audience served up questions to the panel about the limits of the DevOps model and how platform engineering fits into that discussion. One audience member asked about balancing the need to provide a consistent platform to an organization's developers while also allowing devs to customize and innovate. Malik said that both consistency and innovation are possible in a platform engineering structure.   “An organization will decide where they want to be able to provide that abstraction,” he said, adding, “When they think about where they want to be as a whole, they could think about, Hey, when we provide our platform, we're going to be providing everything from security to CI/CD from GitHub, from repository management, this is what you will get if you use our IDP or platform itself. But “there are going to be unique use cases,” Malik added, such as developers who are building a new blockchain technology or running WebAssembly. “I think it's okay to give those development teams the ability to run their own platform, as long as you tell them, these are the areas that you have to be responsible for,” he said. “ You're responsible for your own security, your own backup, your own retention capabilities.” One audience member mentioned “Team Topologies,” a 2019 engineering management book by Manuel Pais and Matthew Skelton, and asked the panel if platform engineering is related to DevOps in that it's more of an approach to engineering management than a destination. “Platform engineering is in the budding stage of its evolution,” said Stewart. “And right now, it's really focused on addressing the problems that organizations ran into when they were implementing DevOps. They added, “I think as we see the community come together more and get more best practices about how to develop platform, you will see it become more than just a different approach to DevOps and become something more distinct. But I don't think it's there quite yet.” Check out the full panel discussion to hear more from our DevOps “counseling session.”

DevOps and Docker Talk
Cilium and eBPF with Liz Rice

DevOps and Docker Talk

Play Episode Listen Later Oct 28, 2022 55:09


Bret is joined by Liz Rice, Chief Open Source Officer at Isovalent, the makers of Cilium, to discuss Cilium and eBPF. Liz Rice is back to give us more insight into eBPF and the Cilium project. Isovalent is the company that created and manages the Cilium Project, which does an increasing number of things for Kubernetes, including networking, CNI support, security, advanced networking stuff, and observability, as well as other things like load balancing. Liz is one of my go-to experts on how low-level Linux internals work. She's been speaking about container internals since the early days of Docker.Streamed live on YouTube on September 8, 2022.Unedited live recording of this show on YouTube (Ep #183)★Topics★Cilium websiteIsovalent websiteeBPFNetwork Policy Editor★Liz Rice★Liz Rice on TwitterLiz Rice's websiteBooks on Containers, eBPF, Kubernetes and Go★Join my Community★ Best coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com ★ Support this podcast on Patreon ★

The Business of Open Source
The Gratification of Contributing to Open Source with Liz Rice

The Business of Open Source

Play Episode Listen Later Oct 26, 2022 28:43


Liz Rice, Chief Open Source Officer at Isovalent, joins me to discuss the business model behind Cilium and the enjoyment she has found working in open source. In this episode, Liz and I discuss why Isovalent decided to donate Cilium to CNCF, and the additional decisions behind developing for Cilium open source versus Cilium for Enterprise. Tune into this episode to hear how entrepreneurship taught Liz what she didn't enjoy doing so she could focus on work she enjoys, and what she finds most rewarding about working in open source.Highlights: Liz introduces herself and describes her role as Chief Open Source Officer at Isovalent (00:55) Why Isovalent decided to donate Cilium to CNCF (02:11) What Liz sees as the relationship between cloud native and open source (07:43) Liz's past experiences as an entrepreneur and how it led her to to where she is now (10:05) How Isovalent has evolved and grown into a company with enterprise product offerings (17:17) How decisions are made differently when developing the open-source version of Cilium versus the enterprise version (22:12) The gratification and value Liz has found working in open source (25:58) Links: LinkedIn: https://www.linkedin.com/in/lizrice Twitter: https://twitter.com/lizrice Github: https://github.com/lizrice Company: https://isovalent.com/ Cilium: www.cilium.io eBPF: www.eBPF.io 

Tiger Turf Talk
Episode 95: Inaugural All-Female Grounds Crew SLLWS Series- Kelly Lynch and Liz Rice

Tiger Turf Talk

Play Episode Listen Later Oct 7, 2022 72:05


Our Final episode in the All-Female Grounds Crew took place a few weeks after this historic event to show a vantage point of what happened and the impact this event had on so many not only in this industry but the world. We had Kelly Lynch on to discuss her experience and the incredible energy she brought to the crew. Thank you for following this phenomenal event and the crew's fantastic work! It was truly remarkable to have the opportunity to reflect on everything that happened and its impact on our industry for years to come.

Changelog Master Feed
All your network are belong to eBPF (Ship It! #67)

Changelog Master Feed

Play Episode Listen Later Aug 25, 2022 74:44 Transcription Available


A few weeks ago, Jerod spoke with Liz Rice about the power of eBPF on The Changelog. Today, we have the pleasure of both Liz Rice, Chief Open Source Office at Isovalent & Thomas Graf, CTO & co-founder at Isovalent, the creators of Cilium. Around 2014, Facebook achieved a 10x performance improvement by replacing their traditional load balancers with eBPF. In 2017, every single packet that went to Facebook was processed by eBPF. Nowadays, every Android phone is using it. Truth be told, if it's network-related and it matters, eBPF is most likely a part of it.

Ship It! DevOps, Infra, Cloud Native
All your network are belong to eBPF

Ship It! DevOps, Infra, Cloud Native

Play Episode Listen Later Aug 25, 2022 74:44 Transcription Available


A few weeks ago, Jerod spoke with Liz Rice about the power of eBPF on The Changelog. Today, we have the pleasure of both Liz Rice, Chief Open Source Office at Isovalent & Thomas Graf, CTO & co-founder at Isovalent, the creators of Cilium. Around 2014, Facebook achieved a 10x performance improvement by replacing their traditional load balancers with eBPF. In 2017, every single packet that went to Facebook was processed by eBPF. Nowadays, every Android phone is using it. Truth be told, if it's network-related and it matters, eBPF is most likely a part of it.

The Changelog
The power of eBPF

The Changelog

Play Episode Listen Later Aug 14, 2022 64:53 Transcription Available


eBPF is a revolutionary kernel technology that has lit the cloud native world on fire. If you're going to have one person explain the excitement, that person would be Liz Rice. Liz is the COSO at Isovalent, creators of the open source Cilium project and pioneers of eBPF tech. On this episode Liz tells Jerod all about the power of eBPF, where it came from, what kind of new applications its enabling, and who is building the next generation of networking, security, and observability tools with it.

Changelog Master Feed
The power of eBPF (The Changelog #501)

Changelog Master Feed

Play Episode Listen Later Aug 14, 2022 64:53 Transcription Available


eBPF is a revolutionary kernel technology that has lit the cloud native world on fire. If you're going to have one person explain the excitement, that person would be Liz Rice. Liz is the COSO at Isovalent, creators of the open source Cilium project and pioneers of eBPF tech. On this episode Liz tells Jerod all about the power of eBPF, where it came from, what kind of new applications its enabling, and who is building the next generation of networking, security, and observability tools with it.

Eficode
Why sidecar-less Cilium Mesh is a game-changer

Eficode

Play Episode Listen Later Aug 4, 2022 45:26


The Cilium project - best known as a networking plugin for Kubernetes - just released a service mesh functionality. We've invited Liz Rice for a technical conversation around Cilium Service Mesh. Liz Rice is Chief Open Source Officer with eBPF specialists Isovalent, creators of the Cilium cloud native networking, security and observability project. She was Chair of the CNCF's Technical Oversight Committee in 2019-2022, and Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly. Liz Rice in LinkedIn https://www.linkedin.com/in/lizrice A guided tour of Cilium Service Mesh: https://www.youtube.com/watch?v=e10kDBEsZw4 Guide: Make the most of DevOps and Cloud https://hubs.li/Q01jd2fZ0 The Future of Kubernetes - a blog post: https://hubs.li/Q01jd0ZD0 Takeaways and Trends in CloudNativeCon 2022 - a blog post: https://hubs.li/Q01jd0-x0

Kube Cuddle
Liz Rice

Kube Cuddle

Play Episode Listen Later Jun 30, 2022 60:41


Thanks for all of the support that the podcast is getting on Patreon. If you'd like to help keep the podcast sustainable for only $2 a month, you can get more info here.Liz's TwitterRich's TwitterPodcast TwitterLinks:eBPFCiliumZX80 / Timex Sinclair 1000 / Commodore 64Kelsey Hightower's Tetris demoThomas GrafBrendan GreggLiz's talk at KubeCon LAA Beginner's Guide to eBPF Programming with GoHubbleDTraceBeyond printf & tcpdump: Debugging Kubernetes Networking with eBPF (from KubeCon LA)TetragonThe Clilum Project Update at KubeCon ValenciaLiz's talk about the Cilium Service MeshThe CNCF's Technical Oversight CommitteeThe Charlie memeThat XKCD cartoonWhat is eBPF? by LizListener question from @isugimpy -  Thanks!Episode TranscriptLogo by the amazing Emily Griffin.Music by Monplaisir.Thanks for listening.★ Support this podcast on Patreon ★

Console DevTools
eBPF, with Liz Rice (Isovalent) - S03E02

Console DevTools

Play Episode Listen Later Jun 16, 2022 32:23


In this episode we speak to Liz Rice, Chief Open Source Officer at Isovalent, the company behind the open source eBPF product Cilium. We discuss why it's such a revolutionary approach to developing low-level kernel applications, how BPF can be used for observability, networking and security, how developers should think about application security, and why all of these technologies are open source.About Liz RiceLiz Rice is Chief Open Source Officer at eBPF pioneers Isovalent, creators of the Cilium project, which provides cloud native networking, observability and security. Prior to Isovalent she was VP Open Source Engineering with security specialists Aqua Security. She is also Chair of the CNCF's Technical Oversight Committee, has co-chaired the KubeCon / CloudNativeCon and is an Ambassador for Open UK.Other things mentioned:IsovalentBerkeley labDave ThalerKubernetesFirecrackerLambdaM1 MacbookVS CodeLet us know what you think on Twitter:https://twitter.com/consoledotdevhttps://twitter.com/davidmyttonhttps://twitter.com/lizriceOr by email: hello@console.devAbout ConsoleConsole is the place developers go to find the best tools. Our weekly newsletter picks out the most interesting tools and new releases. We keep track of everything - dev tools, devops, cloud, and APIs - so you don't have to. Sign up for free at: https://console.devRecorded: 2022-05-05. 

Screaming in the Cloud
Siphoning through the Acronyms with Liz Rice

Screaming in the Cloud

Play Episode Listen Later Mar 8, 2022 37:12


About LizLiz Rice is Chief Open Source Officer with cloud native networking and security specialists Isovalent, creators of the Cilium eBPF-based networking project. She is chair of the CNCF's Technical Oversight Committee, and was Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly.She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, and competing in virtual races on Zwift.Links: Isovalent: https://isovalent.com/ Container Security: https://www.amazon.com/Container-Security-Fundamental-Containerized-Applications/dp/1492056707/ Twitter: https://twitter.com/lizrice GitHub: https://github.com/lizrice Cilium and eBPF Slack: http://slack.cilium.io/ CNCF Slack: https://cloud-native.slack.com/join/shared_invite/zt-11yzivnzq-hs12vUAYFZmnqE3r7ILz9A TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Today's episode is brought to you in part by our friends at MinIO the high-performance Kubernetes native object store that's built for the multi-cloud, creating a consistent data storage layer for your public cloud instances, your private cloud instances, and even your edge instances, depending upon what the heck you're defining those as, which depends probably on where you work. It's getting that unified is one of the greatest challenges facing developers and architects today. It requires S3 compatibility, enterprise-grade security and resiliency, the speed to run any workload, and the footprint to run anywhere, and that's exactly what MinIO offers. With superb read speeds in excess of 360 gigs and 100 megabyte binary that doesn't eat all the data you've gotten on the system, it's exactly what you've been looking for. Check it out today at min.io/download, and see for yourself. That's min.io/download, and be sure to tell them that I sent you.Corey: This episode is sponsored in part by our friends at Sysdig. Sysdig is the solution for securing DevOps. They have a blog post that went up recently about how an insecure AWS Lambda function could be used as a pivot point to get access into your environment. They've also gone deep in-depth with a bunch of other approaches to how DevOps and security are inextricably linked. To learn more, visit sysdig.com and tell them I sent you. That's S-Y-S-D-I-G dot com. My thanks to them for their continued support of this ridiculous nonsense.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. One of the interesting things about hanging out in the cloud ecosystem as long as I have and as, I guess, closely tied to Amazon as I have been, is that you learned that you never quite are able to pronounce things the way that people pronounce them internally. In-house pronunciations are always a thing. My guest today is Liz Rice, the Chief Open Source Officer at Isovalent, and they're responsible for, among other things, the Cilium open-source project, which is around eBPF, which I can only assume is internally pronounced as ‘Ehbehpf'. Liz, thank you for joining me today and suffering my pronunciation slings and arrows.Liz: I have never heard ‘Ehbehpf' before, but I may have to adopt it. That's great.Corey: You also are currently—in a term that is winding down if I'm not misunderstanding—you were the co-chair of KubeCon and CloudNativeCon at the CNCF, and you are also currently on the technical oversight committee for the foundation.Liz: Yeah, yeah. I'm currently the chair, in fact, of the technical oversight committee.Corey: And now that Amazon has joined, I assumed that they had taken their horrible pronunciation habits, like calling AMIs ‘Ah-mies' and whatnot, and started spreading them throughout the ecosystem with wild abandon.Liz: Are we going to have to start calling CNCF ‘Ka'Nff' or something?Corey: Exactly. They're very frugal, by which I mean they never buy a vowel. So yeah, it tends to be an ongoing challenge. Joking and all the rest aside, let's start, I guess, at the macro view. The CNCF does an awful lot of stuff, where if you look at the CNCF landscape, for example, like, I think some of my jokes on the internet go a bit too far, but you look at this thing and last time I checked, there were something like four or 500 different players in various spaces.And it's a very useful diagram, don't get me wrong by any stretch of the imagination, but it also is one of those things that is so staggeringly vast that I've got a level with you on this one, given my old, ancient sysadmin roots, “The hell with it. I'm going to run some VMs in a three-tiered architecture just like grandma and grandpa used to do,” and call it good. Not really how the industry is evolved, but it's overwhelming.Liz: But that might be the right solution for your use case so, you know, don't knock it if it works.Corey: Oh, yeah. If it's a terrible architecture and it works, is it really that terrible of an architecture? One wonders.Liz: Yeah, yeah. I mean, I'm definitely not one of those people who thinks, you know, every solution has the same—you know, is solved by the same hammer, you know, all problems are not the same nail. So, I am a big fan of a lot of the CNCF projects, but that doesn't mean to say I think those are the only ways to deploy software. You know, there are plenty of things like Lambda are a really great example of something that is super useful and very applicable for lots of applications and for lots of development teams. Not necessarily the right solution for everything. And for other people, they need all the bells and whistles that something like Kubernetes gives them. You know, horses for courses.Corey: It's very easy for me to make fun of just about any company or service or product, but the thing that always makes me set that aside and get down to brass tacks has been, “Okay, great. You can build whatever you want. You can tell whatever glorious marketing narrative you wish to craft, but let's talk to a real customer because once we do that, then if you're solving a problem that someone is having in the wild, okay, now it's no longer just this theoretical exercise and PowerPoint. Now, let's actually figure out how things work when the rubber meets the road.”So, let's start, I guess, with… I'll leave it to you. Isovalent are the creators of the Cilium eBPF-based networking project.Liz: Yeah.Corey: And eBPF is the part of that I think I'm the most familiar with having heard the term. Would you rather start on the company side or on the eBPF side?Liz: Oh, I don't mind. Let's—why don't we start with eBPF? Yeah.Corey: Cool. So easy, ridiculous question. I know that it's extremely important because Brendan Gregg periodically gets on stage and tells amazing stories about this; the last time he did stuff like that, I went stumbling down into the rabbit hole of DTrace, and I have never fully regretted doing that, nor completely forgiven him. What is eBPF?Liz: So, it stands for extended Berkeley Packet Filter, and we can pretty much just throw away those words because it's not terribly helpful. What eBPF allows you to do is to run custom programs inside the kernel. So, we can trigger these programs to run, maybe because a network packet arrived, or because a particular function within the kernel has been called, or a tracepoint has been hit. There are tons of places you can attach these programs to, or events you can attach programs to.And when that event happens, you can run your custom code. And that can change the behavior of the kernel, which is, you know, great power and great responsibility, but incredibly powerful. So Brendan, for example, has done a ton of really great pioneering work showing how you can attach these eBPF programs to events, use that to collect metrics, and lo and behold, you have amazing visibility into what's happening in your system. And he's built tons of different tools for observing everything from, I don't know, memory use to file opens to—there's just endless, dozens and dozens of tools that Brendan, I think, was probably the first to build. And now this sort of new generations of eBPF-based tooling that are kind of taking that legacy, turning them into maybe more, going to say user-friendly interfaces, you know, with GUIs, and hooking them up to metrics platforms, and in the case of Cilium, using it for networking and hooking it into Kubernetes identities, and making the information about network flows meaningful in the context of Kubernetes, where things like IP addresses are ephemeral and not very useful for very long; I mean, they just change at any moment.Corey: I guess I'm trying to figure out what part of the stack this winds up applying to because you talk about, at least to my mind, it sounds like a few different levels all at once: You talk about running code inside of the kernel, which is really close to the hardware—it's oh, great. It's adventures in assembly is almost what I'm hearing here—but then you also talk about using this with GUIs, for example, and operating on individual packets to run custom programs. When you talk about running custom programs, are we talking things that are a bit closer to, “Oh, modify this one field of that packet and then call it good,” or are you talking, “Now, we launch Microsoft Word.”Liz: Much more the former category. So yeah, let's inspect this packet and maybe change it a bit, or send it to a different—you know, maybe it was going to go to one interface, but we're going to send it to a different interface; maybe we're going to modify that packet; maybe we're going to throw the packet on the floor because we don't—there's really great security use cases for inspecting packets and saying, “This is a bad packet, I do not want to see this packet, I'm just going to discard it.” And there's some, what they call ‘Packet of Death' vulnerabilities that have been mitigated in that way. And the real beauty of it is you just load these programs dynamically. So, you can change the kernel or on the fly and affect that behavior, just immediately have an effect.If there are processes already running, they get instrumented immediately. So, maybe you run a BPF program to spot when a file is opened. New processes, existing processes, containerized processes, it doesn't matter; they'll all be detected by your program if it's observing file open events.Corey: Is this primarily used from a security perspective? Is it used for—what are the common use cases for something like this?Liz: There's three main buckets, I would say: Networking, observability, and security. And in Cilium, we're kind of involved in some aspects of all those three things, and there are plenty of other projects that are also focusing on one or other of those aspects.Corey: This is where when, I guess, the challenge I run into the whole CNCF landscape is, it's like, I think the danger is when I started down this path that I'm on now, I realized that, “Oh, I have to learn what all the different AWS services do.” This was widely regarded as a mistake. They are not Pokémon; I do not need to catch them all. The CNCF landscape applies very similarly in that respect. What is the real-world problem space for which eBPF and/or things like Cilium that leverage eBPF—because eBPF does sound fairly low-level—that turn this into something that solves a problem people have? In other words, what is the problem that Cilium should be the go-to answer for when someone says, “I have this thing that hurts.”Liz: So, at one level, Cilium is a networking solution. So, it's Kubernetes CNI. You plug it in to provide connectivity between your applications that are running in pods. Those pods have to talk to each other somehow and Cilium will connect those pods together for you in a very efficient way. One of the really interesting things about eBPF and networking is we can bypass some of the networking stack.So, if we are running in containers, we're running our applications in containers in pods, and those pods usually will have their own networking namespace. And that means they've got their own networking stack. So, a packet that arrives on your machine has to go through the networking stack on that host machine, go across a virtual interface into your pod, and then go through the networking stack in that pod. And that's kind of inefficient. But with eBPF, we can look at the packet the moment it's come into the kernel—in fact in some cases, if you have the right networking interfaces, you can do it while it's still on the network interface card—so you look at that packet and say, “Well, I know what pod that's destined for, I can just send it straight there.” I don't have to go through the whole networking stack in the kernel because I already know exactly where it's going. And that has some real performance improvements.Corey: That makes sense. In my explorations—we'll call it—with Kubernetes, it feels like the universe—at least at the time I went looking into it—was, “Step One, here's how to wind up launching Kubernetes to run a blog.” Which is a bit like using a chainsaw to wind up cutting a sandwich. Okay, massively overpowered but I get the basic idea, like, “Okay, what's project Step Two?” It's like, “Oh, great. Go build Google.”Liz: [laugh].Corey: Okay, great. It feels like there's some intermediary steps that have been sort of glossed over here. And at the small-scale that I kicked the tires on, things like networking performance never even entered the equation; it was more about get the thing up and running. But yeah, at scale, when you start seeing huge numbers of containers being orchestrated across a wide variety of hosts that has serious repercussions and explains an awful lot. Is this the sort of thing that gets leveraged by cloud providers themselves, is it something that gets built in mostly on-prem environments, or is it something that rides in, almost, user-land for most of these use cases that customers coming to bringing to those environments? I'm sorry, users, not customers. I'm too used to the Amazonian phrasing of everyone as a customer. No, no, they are users in an open-source project.Liz: [laugh]. Yeah, so if you're using GKE, the GKE Dataplane V2 is using Cilium. Alibaba Cloud uses Cilium. AWS is using Cilium for EKS Anywhere. So, these are really, I think, great signals that it's super scalable.And it's also not just about the connectivity, but also about being able to see your network flows and debug them. Because, like you say, that day one, your blog is up and running, and day two, you've got some DNS issue that you need to debug, and how are you going to do that? And because Cilium is working with Kubernetes, so it knows about the individual pods, and it's aware of the IP addresses for those pods, and it can map those to, you know, what's the pod, what service is that pod involved with. And we have a component of Cilium called Hubble that gives you the flows, the network flows, between services. So, you know, we've probably all seen diagrams showing Service A talking to Service B, Service C, some external connectivity, and Hubble can show you those flows between services and the outside world, regardless of how the IP addresses may be changing underneath you, and aggregating network flows into those services that make sense to a human who's looking at a Kubernetes deployment.Corey: A running gag that I've had is that one of the drawbacks and appeals of Kubernetes, all at once, is that it lets you cosplay as a cloud provider, even if you don't happen to work for one of them. And there's a bit of truth to it, but let's be serious here, despite what a lot of the cloud providers would wish us to believe via a bunch of marketing, there's a tremendous number of data center environments out there, hybrid environments, and companies that are in those environments are not somehow laggards, or left behind technologically, or struggling to digitally transform. Believe it or not—I know it's not a common narrative—but large companies generally don't employ people who lack critical thinking skills and strategic insight. There's usually a reason that things are the way that they are and when you don't understand that my default approach is that, oh context that gets missing, so I want to preface this with the idea there is nothing wrong in those environments. But in a purely cloud-native environment—which means that I'm very proud about having no single points of failure as I have everything routing to a single credit card that pays the cloud providers—great. What is the story for Cilium if I'm using, effectively, the managed Kubernetes options that Name Any Cloud Provider will provide for me these days? Is it at that point no longer for me or is it something that instead expresses itself in ways I'm not seeing, yet?Liz: Yeah, so I think, as an open-source project—and it is the only CNI that's at incubation level or beyond, so you know, it's CNCF-supported networking solution; you can use it out of the box, you can use it for your tiny blog application if you've decided to run that on Kubernetes, you can do so—things start to get much more interesting at scale. I mean, that… continuum between you know, there are people purely on managed services, there are people who are purely in the cloud, hybrid cloud is a real thing, and there are plenty of businesses who have good reasons to have some things in their own data centers, something's in the public cloud, things distributed around the world, so they need connectivity between those. And Cilium will solve a lot of those problems for you in the open-source, but also, if you're telco scale and you have things like BGP networks between your data centers, then that's where the paid versions of Cilium, the enterprise versions of Cilium, can help you out. And, as Isovalent, that's our business model to have, like—we fully support or we contribute a lot of resources into the open-source Cilium, and we want that to be the best networking solution for anybody, but if you are an enterprise who wants those extra bells and whistles, and the kind of scale that, you know, a telco, or a massive retailer, or a large media organization, or name your vertical, then we have solutions for that as well. And I think it was one of the really interesting things about the eBPF side of it is that, you know, we're not bound to just Kubernetes, you know? We run in the kernel, and it just so happens that we have that Kubernetes interface for allocating IP addresses to endpoints that happened to be pods. But—Corey: So, back to my crappy pile of VMs—because the hell with all this newfangled container nonsense—I can still benefit from something like Cilium?Liz: Exactly, yeah. And there's plenty of people using it for just load-balancing, which, why not have an eBPF-based high-performance load balancer?Corey: Hang on, that's taking me a second to work my way through. What is the programming language for eBPF? It is something custom?Liz: Right. So, when you load your BPF program into the kernel, it's in the form of eBPF bytecode. There are people who write an eBPF bytecode by hand; I am not one of those people.Corey: There are people who used to be able to write Sendmail configs without running through the M four preprocessor, and I don't understand those people either.Liz: [laugh]. So, our choices are—well, it has to be a language that can be compiled into that bytecode, and at the moment, there are two options: C, and more recently, Rust. So, the C code, I'm much more familiar with writing BPF code in C, it's slightly limited. So, because these BPF programs have to be safe to run, they go through a verification process which checks that you're not going to crash the kernel, that you're not going to end up in some hardware loop, and basically make your machine completely unresponsive, we also have to know that BPF programs, you know, they'll only access memory that they're supposed to and that they can't mess up other processes. So, there's this BPF verification step that checks for example that you always check that a pointer isn't nil before you dereference it.And if you try and use a pointer in your C code, it might compile perfectly, but when you come to load it into the kernel, it gets rejected because you forgot to check that it was non-null before.Corey: You try and run it, the whole thing segfaults, you see the word ‘fault' there and well, I guess blameless just went out the window there.Liz: [laugh]. Well, this is the thing: You cannot segfault in the kernel, you know, or at least that's a bad [day 00:19:11]. [laugh].Corey: You say that, but I'm very bad with computers, let's be clear here. There's always a way to misuse things horribly enough.Liz: It's a challenge. It's pretty easy to segfault if you're writing a kernel module. But maybe we should put that out as a challenge for the listener, to try to write something that crashes the kernel from within an eBPF because there's a lot of very smart people.Corey: Right now the blood just drained from anyone who's listening, in the kernel space or the InfoSec space, I imagine.Liz: Exactly. Some of my colleagues at Isovalent are thinking, “Oh, no. What's she brought on here?” [laugh].Corey: What have you done? Please correct me if I'm misunderstanding this. So, eBPF is a very low-level tool that requires certain amounts of braining in order [laugh] to use appropriately. That can be a heavy lift for a lot of us who don't live in those spaces. Cilium distills this down into something that is all a lot more usable and understandable for folks, and then beyond that, you wind up with Isovalent, that winds up effectively productizing and packaging this into something that becomes a lot more closer to turnkey. Is that directionally accurate?Liz: Yes, I would say that's true. And there are also some other intermediate steps, like the CLI tools that Brendan Gregg did, where you can—I mean, a CLI is still fairly low-level, but it's not as low-level as writing the eBPF code yourself. And you can be quite in-dep—you know, if you know what things you want to observe in the kernel, you don't necessarily have to know how to write the eBPF code to do it, but if you've got these fairly low-level tools to do it. You're absolutely right that very few people will need to write their own… BPF code to run in the kernel.Corey: Let's move below the surface level of awareness; the same way that most of us don't need to know how to compile our own kernel in this day and age.Liz: Exactly.Corey: A few people very much do, but because of their hard work, the rest of us do not.Liz: Exactly. And for most of us, we just take the kernel for granted. You know, most people writing applications, it doesn't really matter if—they're just using abstractions that do things like open files for them, or create network connections, or write messages to the screen, you don't need to know exactly how that's accomplished through the kernel. Unless you want to get into the details of how to observe it with eBPF or something like that.Corey: I'm much happier not knowing some of the details. I did a deep dive once into Linux system kernel internals, based on an incredibly well-written but also obnoxiously slash suspiciously thick O'Reilly book, Linux Systems Internalsand it was one of those, like, halfway through, “Can I please be excused? My brain is full.” It's one of those things that I don't use most of it on a day-to-day basis, but it's solidified by understanding of what the computer is actually doing in a way that I will always be grateful for.Liz: Mmm, and there are tens of millions of lines of code in the Linux kernel, so anyone who can internalize any of that is basically a superhero. [laugh].Corey: I have nothing but respect for people who can pull that off.Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured and fully managed with built in access via key-value, SQL, and full-text search. Flexible JSON documents aligned to your applications and workloads. Build faster with blazing fast in-memory performance and automated replication and scaling while reducing cost. Capella has the best price performance of any fully managed document database. Visit couchbase.com/screaminginthecloud to try Capella today for free and be up and running in three minutes with no credit card required. Couchbase Capella: make your data sing.In your day job, quote-unquote—which is sort of a weird thing to say, given that you are working at an open-source company; in fact, you are the Chief Open Source Officer, so what you're doing in the community, what you're exploring on the open-source project side of things, it is all interrelated. I tend to have trouble myself figuring out where my job starts and stops most weeks; I'm sympathetic to it. What inspired you folks to launch a company that is, “Ah, we're going to be in the open-source space?” Especially during a time when there's been a lot of pushback, in some respects, about the evolution of open-source and the rise of large cloud providers, where is open-source a viable strategy or a tactic to get to an outcome that is pleasing for all parties?Liz: Mmm. So, I wasn't there at the beginning, for the Isovalent journey, and Cilium has been around for five or six years, now, at this point. I very strongly believe in open-source as an effective way of developing technology—good technology—and getting really good feedback and, kind of, optimizing the speed at which you can innovate. But I think it's very important that businesses don't think—if you're giving away your code, you cannot also sell your code; you have to have some other thing that adds value. Maybe that's some extra code, like in the Isovalent example, the enterprise-related enhancements that we have that aren't part of the open-source distribution.There's plenty of other ways that people can add value to open-source. They can do training, they can do managed services, there's all sorts of different—support was the classic example. But I think it's extremely important that businesses don't just expect that I can write a bunch of open-source code, and somehow magically, through building up a whole load of users, I will find a way to monetize that.Corey: A bunch of nerds will build my product for me on nights and weekends. Yeah, that's a bit of an outmoded way of thinking about these things.Liz: Yeah exactly. And I think it's not like everybody has perfect ability to predict the future and you might start a business—Corey: And I have a lot of sympathy for companies who originally started with the idea of, “Well, we are the project leads. We know this code the best, therefore we are the best people in the world to run this as a service.” The rise of the hyperscale cloud providers has called that into significant question. And I feel for them because it's difficult to completely pivot your business model when you're already a publicly-traded company. That's a very fraught and challenging thing to do. It means that you're left with a bunch of options, none of them great.Cilium as a project is not that old, neither is Isovalent, but it's new enough in the iterative process, that you were able to avoid that particular pitfall. Instead, you're looking at some level of making this understandable and useful to humans, almost the point where it disappears from their level of awareness that they need to think about. There's huge value in something like that. Do you think that there is a future in which projects and companies built upon projects that follow this model are similarly going to be having challenges with hyperscale cloud providers, or other emergent threats to the ecosystem—sorry, ‘threat' is an unfair and unkind word here—but changes to the ecosystem, as we see the world evolving in ways that most of us did not foresee?Liz: Yeah, we've certainly seen some examples in the last year or two, I guess, of companies that maybe didn't anticipate, and who necessarily has a crystal ball to anticipate how cloud providers might use their software? And I think in some cases, the cloud providers has not always been the most generous or most community-minded in their approach to how they've done that. But I think for a company, like Isovalent, our strong point is talent. It would be extremely rare to find the level of expertise in, you know, what is a pretty specialized area. You know, the people at Isovalent who are working on Cilium are also working on eBPF itself, and that level of expertise is, I think, pretty unrivaled.So, we're in such a new space with eBPF, we've only in the last year or so, got to the point where pretty much everyone is running a kernel that's new enough to use eBPF. Startups do have a kind of agility that I think gives them an advantage, which I hope we'll be able to capitalize on. I think sometimes when businesses get upset about their code being used, they probably could have anticipated it. You know, if it's open-source, people will use your software, and you have to think of that.Corey: “What do you mean you're using the thing we gave away for free and you're not paying us to use it?”Liz: Yeah.Corey: “Uh, did you hear what you just said?” Some of this was predictable, let's be fair.Liz: Yeah, and I think you really have to, as a responsible business, think about, well, what does happen if they use all the open-source code? You know, is that a problem? And as far as we're concerned, everybody using Cilium is a fantastic… thing. We fully welcome everyone using Cilium as their data plane because the vast majority of them would use that open-source code, and that would be great, but there will be people who need that extra features and the expertise that I think we're in a unique position to provide. So, I joined Isovalent just about a year ago, and I did that because I believe in the technology, I believe in the company, I believe in, you know, the foundations that it has in open-source.It's a very much an open-source first organization, which I love, and that resonates with me and how I think we can be successful. So, you know, I don't have that crystal ball. I hope I'm right, we'll find out. We should do this again, you know, a couple of years and see how that's panning out. [laugh].Corey: I'll book out the date now.Liz: [laugh].Corey: Looking back at our conversation just now, you talked about open-source, and business strategy and how that's going to be evolving. We talked about the company, we talked about an incredibly in-depth, technical product that honestly goes significantly beyond my current level of technical awareness. And at no point in any of those aspects of the conversation did you talk about it in a way that I did not understand, nor did you come off in any way as condescending. In fact, you wrote an O'Reilly book on Container Security that's written very much the same way. How did you learn to do that? Because it is, frankly, an incredibly rare skill.Liz: Oh, thank you. Yeah, I think I have never been a fan of jargon. I've never liked it when people use a complicated acronym, or really early days in my career, there was a bit of a running joke about how everything was TLAs. And you think, well, I understand why we use an acronym to shorten things, but I don't think we need to assume that everybody knows what everything stands for. Why can't we explain things in simple language? Why can't we just use ordinary terms?And I found that really resonates. You know, if I'm doing a presentation or if I'm writing something, using straightforward language and explaining things, making sure that people understand the, kind of, fundamentals that I'm going to build my explanation on. I just think that has a—it results in people understanding, and that's my whole point. I'm not trying to explain something to—you know, my goal is that they understand it, not that they've been blown away by some kind of magic. I want them to go away going, “Ah, now I understand how this bit fits with that bit,” or, “How this works.” You know?Corey: The reason I bring it up is that it's an incredibly undervalued skill because when people see it, they don't often recognize it for what it is. Because when people don't have that skill—which is common—people just write it off as oh, that person's a bad communicator. Which I think is a little unfair. Being able to explain complex things simply is one of the most valuable yet undervalued skills that I've found in this entire space.Liz: Yeah, I think people sometimes have this sort of wrong idea that vocabulary and complicated terms are somehow inherently smarter. And if you use complicated words, you sound smarter. And I just don't think that's accessible, and I don't think it's true. And sometimes I find myself listening to someone, and they're using complicated terms or analogies that are really obscure, and I'm thinking, but could you explain that to me in words of one syllable? I don't think you could. I think you're… hiding—not you [laugh]. You know, people—Corey: Yeah. No, no, that's fair. I'll take the accusation as [unintelligible 00:31:24] as I can get it.Liz: [laugh]. But I think people hide behind complex words because they don't really understand them sometimes. And yeah, I would rather people understood what I'm saying.Corey: To me—I've done it through conference talks, but the way I generally learn things is by building something with them. But the way I really learn to understand something is I give a conference talk on it because, okay, great. I can now explain Git—which was one of my early technical talks—to folks who built Git. Great. Now, how about I explain it to someone who is not immersed in the space whatsoever? And if I can make it that accessible, great, then I've succeeded. It's a lot harder than it looks.Liz: Yeah, exactly. And one of the reasons why I enjoy building a talk is because I know I've got a pretty good understanding of this, but by the time I've got this talk nailed, I will know this. I might have forgotten it in six months time, you know, but [laugh] while I'm giving that talk, I will have a really good understanding of that because the way I want to put together a talk, I don't want to put anything in a talk that I don't feel I could explain. And that means I have to understand how it works.Corey: It's funny, this whole don't give talks about things you don't understand seems like there's really a nouveau concept, but here we are, we're [working on it 00:32:40].Liz: I mean, I have committed to doing talks that I don't fully understand, knowing that—you know, with the confidence that I can find out between now and the [crosstalk 00:32:48]—Corey: I believe that's called a forcing function.Liz: Yes. [laugh].Corey: It's one of those very high-risk stories, like, “Either I'm going to learn this in the next three months, or else I am going to have some serious egg on my face.”Liz: Yeah, exactly, definitely a forcing function. [laugh].Corey: I really want to thank you for taking so much time to speak with me today. If people want to learn more, where can they find you?Liz: So, I am online pretty much everywhere as lizrice, and I am on Twitter. I'm on GitHub. And if you want to come and hang out, I am on the Cilium and eBPF Slack, and also the CNCF Slack. Yeah. So, come say hello.Corey: There. We will put links to all of that in the [show notes 00:33:28]. Thank you so much for your time. I appreciate it.Liz: Pleasure.Corey: Liz Rice, Chief Open Source Officer at Isovalent. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment containing an eBPF program that on every packet fires off a Lambda function. Yes, it will be extortionately expensive; almost half as much money as a Managed NAT Gateway.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

The InfoQ Podcast
Liz Rice on Programming the Linux Kernel with eBPF, Cilium and Service Meshes

The InfoQ Podcast

Play Episode Listen Later Jan 31, 2022 35:52


Charles Humble and Liz Rice discuss eBPF, a way of making the Linux kernel programmable. They talk about why it exists, how it works under the hood, and what you can and can't do with it. They also talk about Cilium, an open source library for observing network connectivity between container workloads, and the new Cilium-based service mesh currently in beta. Read a transcript of this interview: https://bit.ly/3rTPKwi Subscribe to our newsletters: - The InfoQ weekly newsletter: www.infoq.com/news/InfoQ-Newsletter/ - The Software Architects' Newsletter [monthly]: www.infoq.com/software-architects-newsletter/ Upcoming Virtual Events - events.infoq.com/ QCon London: https://qconlondon.com/ - April 4-6, 2022 / London, UK QCon Plus: https://plus.qconferences.com/ - May 10-20, 2022 - Nov 29 - Dec 9, 2022 QCon San Francisco https://qconsf.com/ - Oct 24-28, 2022 InfoQ Live: https://live.infoq.com/ - Feb 22, 2022 - June 21, 2022 - July 19, 2022 - August 23, 2022 Follow InfoQ: - Twitter: twitter.com/infoq - LinkedIn: www.linkedin.com/company/infoq/ - Facebook: www.facebook.com/InfoQdotcom/ - Instagram: @infoqdotcom - Youtube: www.youtube.com/infoq

The Secure Developer
Ep.107, A look into the future

The Secure Developer

Play Episode Listen Later Jan 11, 2022 34:42


Today we have a fun episode lined up for you! Over the last year of 2021, we've been honored to have some incredibly smart people on the show to share their views and practices in the DevSecCon space with us all. And in each episode, they were asked a slightly open-ended question: if you took out your crystal ball and you thought about someone sitting in your position or your type of role in five years' time, what would be most different about their reality? For this special installment, we've put together some highlights of these brilliant answers! Hear perspectives that cover everything from changes on the data, AI, and ML front to the idea of ownership when it comes to security. We also touch on the increased fragmentation in the DevOps scene that we're going to need to work with, bigger picture concerns about how regulation might be different in five years, and some final optimistic predictions on ways we could all be in a much better place! We hear some golden nuggets from the likes of Robert wood from CMS, cybersecurity influencer Ashish Rajan, Liz Rice from eBPF pioneers Isovalent, our very own Simon Maple who weighs in with his concrete expectations of what will happen, Dev Akhawe, Daniel Bryant, Rinki Sethi, and so many more! So to hear what these top industry professionals have to say about the future, join us today!

Ship It! DevOps, Infra, Cloud Native
Gerhard at KubeCon NA 2021: Part 2

Ship It! DevOps, Infra, Cloud Native

Play Episode Listen Later Nov 3, 2021 86:45 Transcription Available


In the second set of interviews from KubeCon North America 2021, Gerhard and Liz Rice talk about eBPF superpowers - Cilium + Hubble - and what's it like to work with Duffie Cooley. Jared Watts shares the story behind Crossplane reaching incubating status, and Dan Mangum tells us what it was like to be at this KubeCon in person. Dan's new COO role (read Click Ops Officer) comes up. David Ansari from VMware speaks about his first KubeCon experience both as an attendee and as a speaker. The RabbitMQ Deep Dive talk that he gave will be a nice surprise if you watch it - link in the show notes. Dan Lorenc brings his unique perspective on supply chain security, and tells us about the new company that he co-founded, Chainguard. How to secure container images gets covered, as well as one of the easter eggs that Scott Nichols put in chainguard.dev.

Changelog Master Feed
Gerhard at KubeCon NA 2021: Part 2 (Ship It! #26)

Changelog Master Feed

Play Episode Listen Later Nov 3, 2021 86:45 Transcription Available


In the second set of interviews from KubeCon North America 2021, Gerhard and Liz Rice talk about eBPF superpowers - Cilium + Hubble - and what's it like to work with Duffie Cooley. Jared Watts shares the story behind Crossplane reaching incubating status, and Dan Mangum tells us what it was like to be at this KubeCon in person. Dan's new COO role (read Click Ops Officer) comes up. David Ansari from VMware speaks about his first KubeCon experience both as an attendee and as a speaker. The RabbitMQ Deep Dive talk that he gave will be a nice surprise if you watch it - link in the show notes. Dan Lorenc brings his unique perspective on supply chain security, and tells us about the new company that he co-founded, Chainguard. How to secure container images gets covered, as well as one of the easter eggs that Scott Nichols put in chainguard.dev.

The Secure Developer
Ep. #103 - Containers, Processes, and the Future of Security with Liz Rice

The Secure Developer

Play Episode Listen Later Oct 19, 2021 45:29


Welcome to another episode of the Secure Developer! During today's conversation, Guy Podjarny, founder of Snyk, speaks with Liz Rice, Chief Open-Source Officer with eBPF pioneers Isovalent, where she works on the Cilium project, which provides cloud native networking, observability and security. They touch on plenty of current and relevant topics, with a focus on eBPF and the CNCF and its role in security. You'll hear all about her role and her journey into the world of cyber security, and what it was like to transition into the sometimes intimidating world of security. We touch on why containers are essentially just processes, and Liz gives us an introduction to eBPF, how it benefits security, and the renaissance it is currently experiencing. Liz tells us all about her work at CNCF and the Technical Oversight Committee, and how it is building much of the foundation for cloud native computing. Join us today to hear all this and more!

Maestría tu Vida con Meditación
S3 Ep. 3 Maestra de Reiki Liz Rice

Maestría tu Vida con Meditación

Play Episode Listen Later Oct 4, 2021 15:58


En este episodio, entrevisto a mi maestra Liz Rice, Maestra de Reiki. Ella es una luz tan brillante y tan alegre. Ella explica qué es Reiki y cómo podemos aprender a liberar viejos programas atascados que nos impiden cambiar. Hay muchos bloqueos causados ​​por traumas pasados ​​que debemos estar dispuestos a liberar con una intención honesta y fe en que tenemos el poder de curarnos a nosotros mismos. Aquí está su información y recomiendo sus servicios. También soy practicante de Reiki e incluiré mi sitio web si desea una sesión. Ofrezco sesiones de meditación de atención plena y sesiones de Reiki con cita previa. Para encontrarla en el internet aqui esta su pagina de web: https://lizricereiki.wordpress.com/ Aqui esta el mio: https://reikimeastriatuvida.com --- Support this podcast: https://anchor.fm/maria-castro05/support

Maestría tu Vida con Meditación
S3 Ep. 3 Reiki Master Liz Rice

Maestría tu Vida con Meditación

Play Episode Listen Later Oct 4, 2021 27:13


In this episode, I interview my teacher Liz Rice, Reiki Master. She is such a bright light and so joyous. She explains what Reiki is and how we can learn to release stuck old programs that keep us from changing. There are many blockages that are caused from past traumas that we need to be willing to release with an honest intention and faith that we have the power to heal ourselves. Here is her information and I highly recommend her services. I am also a Reiki practitioner and I will include my website if you would like a session. I offer mindfulness meditation sessions and Reiki sessions by appointment. Liz Rice can be found here: https://lizricereiki.wordpress.com/ My website is: https://reikimaestriatuvida.com/ --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/maria-castro05/support

DSO Overflow
EP12: Exploring eBPF Cloud Native Security

DSO Overflow

Play Episode Listen Later Jun 19, 2021 35:14 Transcription Available


Extended Berkeley Packet Filter (eBPF) allows us to tap into the kernel to implement monitoring, observability, networking, and security.  In this episode, we invited Chris Kranz and Liz Rice to discuss the usage and adoption of eBPF within Cloud Native solutions.Referenceshttp://www.brendangregg.com/https://nathanleclaire.com/https://github.com/iovisor/bpftracehttps://ebpf.io/what-is-ebpfhttps://github.com/lizrice/ebpf-beginnerseBPF for Windows: https://www.youtube.com/watch?v=LrrV-eo6fugCommunity: http://slack.cilium.io/eBPF Summit 2021https://ebpf.io/summit-2021/Please visit our YouTube Channel to see Chris present in our June 2021 Gathering (monthly meet-up).Guest SpeakersChris KranzChris supports the Sales Engineering team in EMEA at Sysdig, helping make cloud native easier and more secure for Sysdig customers. Before joining Sysdig, he spent time building microservices and cloud applications with various end users, and before that lived a life of cloud, virtualisation and storage!https://www.linkedin.com/in/ckranz/@ckranzLiz RiceLiz is focused on containers, cloud native technologies, security and distributed systems, and  heavily involved in open source as the chair the Technical Oversight Committee of the Cloud Native Computing Foundation (CNCF), and an ambassador for OpenUK.https://www.linkedin.com/in/lizrice/@lizriceYour HostsMichael Man: https://www.linkedin.com/in/mman/Glenn Wilson: https://www.linkedin.com/in/glennwilson/DevSecOps - London GatheringKeep in touch with our events associated with this podcast.https://www.meetup.com/DevSecOps-London-Gathering/https://twitter.com/DevSecOps_LGhttps://www.youtube.com/c/DevSecOpsLondonGathering

GOTO - Today, Tomorrow and the Future
Container Security • Liz Rice & Eoin Woods

GOTO - Today, Tomorrow and the Future

Play Episode Listen Later Mar 26, 2021 29:15 Transcription Available


This interview was recorded for the GOTO Book Club.http://gotopia.tech/bookclubLiz Rice - Author of "Container Security"Eoin Woods - CTO of EndavaDESCRIPTIONWhat should you do to secure your containers?Liz Rice, author of the book  Container Security: Fundamental Technology Concepts that Protect Containerized Applications & VP of open source engineering at Aqua Security, and Eoin Woods, CTO at Endava, explore what containers are, what are the implications of a shared kernel and how to assess potential security risks that could affect your deployments. Learn best practices and understand how containers work in this Book Club interview.The interview is based on Liz's book "Container Security": https://amzn.to/3oU4iJeRead the full transcription of the interview here:https://gotopia.tech/bookclub/episodes/secure-your-containers-liz-riceRECOMMENDED BOOKSLiz Rice • Container Security • https://amzn.to/3oU4iJeLiz Rice • Kubernetes Security • https://www.oreilly.com/library/view/kubernetes-security/9781492039075https://twitter.com/GOTOconhttps://www.linkedin.com/company/goto-https://www.facebook.com/GOTOConferencesLooking for a unique learning experience?Attend the next GOTO conference near you! Get your ticket at https://gotopia.techSUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted almost daily.https://www.youtube.com/GotoConferences

Kubernetes Podcast from Google
Replicated, with Grant Miller

Kubernetes Podcast from Google

Play Episode Listen Later Mar 24, 2021 48:06


Grant Miller is the co-founder and CEO of Replicated, which helps operationalize and scale the delivery of Kubernetes-based apps into the enterprise. We look at what it means to be enterprise software in a SaaS world, and we also get some 2021 predictions from guest host Liz Rice. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Episode 19, with Liz Rice Episode 133, with Thomas Graf Cilium talk at DockerCon 2017 Liz’s 2021 predictions from KubeCon NA (Virtual) 2020 Cheese exports are down Autonomous driving levels Prince Harry joins a startup Nick Clegg joins Facebook News of the week SoloCon announcements Mesh7 to be acquired by VMware GKE adds runtime configuration of pod subnets and larger Internal Load Balancer support Amazon reduces EKS cluster create time from “glacial” to “slow” NetApp launches Spot Wave CircleCI Server 3.0 Diamanti Spektra 3.2 Sonatype launches Nexus Container Davanum Srinivas elected to the CNCF TOC “Unironically Using Kubernetes for my Personal Blog” Links from the interview SparkPeople Marc Campbell look.io acquired by LivePerson Replicated Open source from Replicated kurl KOTS Troubleshoot SchemaHero Donated to the CNCF EnterpriseReady and the EnterpriseReady Podcast Kubelist and the Kubelist Podcast Replicants, replicators and gremlins Grant Miller and Replicated on Twitter

Getup Kubicast
Kubicast #54 - Segurança além da análise estática

Getup Kubicast

Play Episode Listen Later Feb 12, 2021 36:10


O Kubicast estreia a sua 4a temporada trazendo a Carol Valencia da Aqua Container Security para falar de um assunto que, vira e mexe, visita o nosso podcast: a Segurança em Containers e Kubernetes. Considerar a análise dinâmica do container de fato é core para a segurança do negócio e um caminho para romper a bolha que nos cerca apenas de desafios básicos de proteção dos ambientes conteinerizados. Além da Liz Rice, a Carol é uma referência em DevSecOps. Vale ouvir o que ela tem para dizer! Alguns links que citamos neste episódio:Análise dinâmica e descobertas de malwares com técnicas avançadas:Fileless: https://blog.aquasec.com/fileless-malware-container-securityEntrypoint: https://blog.aquasec.com/container-vulnerability-dzmlt-dynamic-container-analysisStarboard — Instalado como operator vai auditar automaticamente o ambiente kubernetes: https://blog.aquasec.com/automating-configuration-auditing-starboard-operatorTracee: Investigação forense em seu container usando eBPF: https://blog.aquasec.com/ebpf-container-tracing-malware-detectionRECOMENDAÇÕES do episódio: Carol: O Tradutor e O Preço da Verdade - Dark WatersJoão: Westworld e Green BookO Kubicast é apresentado por João Brito, CTO da Getup, a única especialista brasileira 100% focada em Kubernetes. #Kubernetes #DevSecOps #SRE #docker #Containers

Electro Monkeys
Conteneurs et sécurité avec Liz Rice

Electro Monkeys

Play Episode Listen Later Jan 12, 2021 53:57


Container Security est un livre écrit par Liz Rice et paru aux éditions O'Reilly en avril 2020. Je l'attendais avec impatience, et je l'ai dévoré dès sa sortie. Il est bourré d'informations utiles. Après un rappel des rudiments de Linux, tous ce qu'il y a à connaître sur la sécurité des conteneurs y est abordé, de l'isolation, au cycle de vie des images jusqu'à la gestion des secrets.En bon podcaster, je me suis tout de suite jeté sur Twitter en espérant trouver dans mon réseau quelqu'un pour parler de la sécurité des conteneurs et des différents aspects que j'avais pu découvrir au travers de ce livre. Il se trouve que c'est Liz elle-même qui m'a répondu, et a accepté sans hésiter d'être mon invitée, même si elle ne se sentait pas totalement en confiance avec son français. Et je tiens d'ailleurs à la remercier très chaleureusement d'avoir fait cet effort, car nous avons bien plus souvent l'occasion de voir des français répondre à des interviews en anglais, que l'inverse. D'ailleurs, c'est son tout premier podcast francophone.A-t-on encore besoin de présenter Liz Rice ? Liz est VP Open Source Engineering chez Aqua Security, mais elle est également Présidente du Comité de Contrôle Technique à la CNCF, et j'imagine que beaucoup d'entre vous ont déjà eu l'occasion de la croiser dans une KubeCon ou une autre. Ensemble nous discutons de la sécurité des conteneurs, en prenant comme point de départ le livre qu'elle vient de publier.Notes de l'épisodeAqua Starboard https://github.com/aquasecurity/starboardSupport the show (https://www.patreon.com/electromonkeys)

The DevOps FAUNCast
Securing Kubernetes: The Paranoid Guide

The DevOps FAUNCast

Play Episode Listen Later Oct 23, 2020 12:38


This episode is sponsored by The Chief I/O, an online publication where you can read and share stories about cloud native, DevOps, Kubernetes, AIOps, and many other topics. You can subscribe to The Chief I/O newsletter to receive our best stories and the latest cloud native news and trends twice a week. Visit thechief.io/newsletter. It's a sunny May afternoon in a Barcelona KubeCon. Liz Rice is on the stage discussing penetration testing in Kubernetes. She says that one of the reasons why you might want to do penetration testing is stories such as this. In 2018, Tesla left their Kubernetes Dashboard open to the internet. The Dashboard has cluster-admin privileges. They were hacked, and the end result was their system was used to run cryptocurrency mining malware. "The hackers had infiltrated Tesla's Kubernetes console, which was not password-protected," RedLock researchers wrote. "Within one Kubernetes pod, access credentials were exposed to Tesla's AWS environment, which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry." It was a big headline and one that prompted the larger Kubernetes industry to focus more on security. But why? How did one of the biggest tech companies in Silicon Valley got hacked? Is it simply a human issue? Or is there more to Security in Kubernetes? I'm your host Kassandra Russel, and today we are going to talk about Security in Kubernetes. We will examine the differences between securing a traditional environment and a container-based environment. Next, we will discuss industry standards and emerging thought patterns around security. And finally, we will go through some of the best security practices and general security advice for production workloads in Kubernetes. Before diving into all of this, we've been busy during the last weeks working on a new project. If you like this podcast, you will certainly like the new project, it's a surprise, we are going to talk more about it in the future. In the meantime, you can subscribe to the podcast announcement list, we will announce it soon. Back to the subject at hand, remember the two generals' problem from one of our previous episodes? It's a classic thought experiment exposing an unsolvable problem and demonstrating the design challenges of distributed systems and the pitfall of reaching consensus over a lossy network. If you are interested in knowing more about this, we recommend you listen to our 5th episode “The Ubiquity of Kubernetes”. --- Send in a voice message: https://anchor.fm/thedevopsfauncast/message Support this podcast: https://anchor.fm/thedevopsfauncast/support

Getup Kubicast
#49 - Segurança na marra

Getup Kubicast

Play Episode Listen Later Oct 22, 2020 30:46


O episódio #49 do Kubicast traz de volta o tema “Segurança” para conversar com @João Freire, também conhecido como P0ssuidão pelos amigos do tempo de IRC. O João sabe que as ferramentas de segurança do Kubernetes não vêm por default, porém, como ele mesmo disse: “elas estão apenas lá esperando ser configurados”. Então, falamos sobre as boas práticas de segurança, como algumas regras simples podem impedir grandes problemas e como algumas outras podem criar problemas grandes e deixar seus colegas da empresa sem acesso a nada. Por falar em segurança, citamos o trabalho que a Liz Rice vem fazendo na área e comentamos sobre rodar container em modo privilegiado ou com Root. ===== RECOMENDAÇÕES do programa: João Freire: beba muita água nesses dias de calor! (Gravamos esse Kubicast durante aquela onda de calor que fez em setembro)/João Brito: Criando um Kubernetes interno (Spotify) Escritores da Liberdade (Netflix)/Container Security (e-book) e vídeos da Liz Rice. ===== Comentários, críticas e sugestões, escreva para @GetupCloud no Twitter usando a #Kubicast. ===== Ouça o #Kubicast no Spotify, Overcast, Itunes ou RadioPublic.===== Se você curte o #Kubicast, compartilhe o podcast em suas redes sociais. Até o próximo!

The Cloud Pod
Episode 80: The Cloud Pod now with more Seoul

The Cloud Pod

Play Episode Listen Later Aug 9, 2020 72:50


Ian Mckay fills in for Jonathan on this week's double-stuffed episode of The Cloud Pod. A big thanks to this week's sponsor: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. Commvault is data-management done differently. It allows you to translate your virtual workloads to a cloud provider automatically, greatly simplifying the move to the cloud or your disaster recovery solution to the cloud. This week's highlights A string of attacks deletes, but does not leak, unsecured databases. Cloudfare's Matthew Prince plans to be the next top dog of data. Following the eight weeks of Next' 20 we'll get three weeks of Re:Invent. General: Cat Got Your Data? It's earnings season and revenues are up for Azure, but for whatever reason Azure isn't happy with it. Aqua Security announced Aqua Wave and Aqua Enterprise. Check out our interview with Liz Rice for more.  The rash of automated

TCP Talks
TCP Talks with Aqua Security's Liz Rice

TCP Talks

Play Episode Listen Later Jul 26, 2020 33:18


In this TCP Talks episode, Justin Brodley and Jonathan Baker chat with Liz Rice, VP of open source engineering for Aqua Security, which provides tools to secure cloud-native deployments.  Liz describes Aqua's evolution over the years: From a provider of container security to its acquisition of CloudSploit and its development of open-source security solutions. Most customers are using cloud native software, and Aqua wants to secure those workloads and engage that community.  "As a business, we have to be where the discussions are. Having open-source tools that are genuinely useful gives us a good way to participate in that community," Liz explains.  In addition to her role at Aqua Security, she is the chair on the CloudNative Computing Foundation's (CNCF) Technical Oversight Committee. During the conversation, Liz gives an overview of how they handle projects. Key Takeaways

The Cloud Pod
TCP Talks with Aqua Security's Liz Rice

The Cloud Pod

Play Episode Listen Later Jul 26, 2020 33:18


In this TCP Talks episode, Justin Brodley and Jonathan Baker chat with Liz Rice, VP of open source engineering for Aqua Security, which provides tools to secure cloud-native deployments.  Liz describes Aqua’s evolution over the years: From a provider of container security to its acquisition of CloudSploit and its development of open-source security solutions. Most customers are using cloud native software, and Aqua wants to secure those workloads and engage that community.  “As a business, we have to be where the discussions are. Having open-source tools that are genuinely useful gives us a good way to participate in that community,” Liz explains.  In addition to her role at Aqua Security, she is the chair on the CloudNative Computing Foundation‘s (CNCF) Technical Oversight Committee. During the conversation, Liz gives an overview of how they handle projects. Key Takeaways Open source tools offer an entry point into communities. “As a business, we have to be there — we have to be where the discussions are. And having open source tools and solutions that are genuinely useful gives us a good way of participating in that community,” Liz says of the value of Aqua developing open-source tools. The company's Starboard toolkit for finding risks in Kubernetes workloads and environments is a recent example. Liz discusses Starboard's comparative advantage — it integrates existing Kubernetes tools, not just from Aqua but also from third-parties, into the Kubernetes experience. “You can run Trivy through Starboard and your results are right there next to the workload you’re interested in,” she says.  Liz discusses CNCF's role with Kubernetes and beyond. “Google today contributes tons of time, energy, and engineering hours into Kubernetes. If tomorrow they were to decide they were going to walk away, Kubernetes still exists, and it would do so because of the CNCF and its participants,” she explains.  Resources  Here’s what was mentioned in the episode “

Open Source Security Podcast
Episode 200 - Talking Container Security with Liz Rice

Open Source Security Podcast

Play Episode Listen Later Jun 8, 2020 28:44


Josh and Kurt talk to Liz Rice from Aqua Security about container security and her new book on the same topic. What does container security look like today? What are some things you can do now? What will container security look like in the future? Show Notes Container Security download Pictures of elephants Kubernetes Security book Starboard project Dynamic threat analysis

Culinary Historians of Chicago
Comparative Food Choices, FoodCultura - University of Chicago, Fall, 2019

Culinary Historians of Chicago

Play Episode Listen Later May 31, 2020 39:06


Comparative Food Choices, FoodCultura - University of Chicago, Fall, 2019 Cleo Schoeplein and Liz Rice present their work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. There was a technical error in audio recording affecting its quality. It is posted to maintain the historical record of this event. The collaboration included Foodcultura: The Art and Anthropology of Cuisine, a team-taught course offered during the autumn of 2019 at the University of Chicago. The students, individually or in groups, proposed projects using approaches of anthropology and/or art and carried out extensive fieldwork using the city’s diverse alimentary and gustatory resources. Their final presentations took place during a marathon session in December at UChicago’s Gray Center for Arts and Inquiry. On January 25 four students presented their work to Chicago Foodways Roundtable. Three presentations centered on the theme of sugar: Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian; Alana Ferguson’s musings on cotton candy as an art form; and Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda. Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. Part 2 of A Taste of FoodCultura, on February 15, will feature Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. Liz Rice will present her work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. Finally, although the student group responsible is unable to attend, we will show The Camera Eats First, a slide presentation commenting on today’s Instagram culture. Recorded at Bethany Retirement Community on February 15, 2020

Culinary Historians of Chicago
Chicago's Live Poultry Shops, FoodCultura - University of Chicago, Fall, 2019

Culinary Historians of Chicago

Play Episode Listen Later May 31, 2020 40:57


Chicago's Live Poultry Shops, FoodCultura - University of Chicago, Fall, 2019 Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. There was a technical error in audio recording affecting its quality. It is posted to maintain the historical record of this event. The collaboration included Foodcultura: The Art and Anthropology of Cuisine, a team-taught course offered during the autumn of 2019 at the University of Chicago. The students, individually or in groups, proposed projects using approaches of anthropology and/or art and carried out extensive fieldwork using the city’s diverse alimentary and gustatory resources. Their final presentations took place during a marathon session in December at UChicago’s Gray Center for Arts and Inquiry. On January 25 four students presented their work to Chicago Foodways Roundtable. Three presentations centered on the theme of sugar: Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian; Alana Ferguson’s musings on cotton candy as an art form; and Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda. Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. Part 2 of A Taste of FoodCultura, on February 15, will feature Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. Liz Rice will present her work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. Finally, although the student group responsible is unable to attend, we will show The Camera Eats First, a slide presentation commenting on today’s Instagram culture. Recorded at Bethany Retirement Community on February 15, 2020

Culinary Historians of Chicago
Public and Private Dining, FoodCultura - University of Chicago, Fall, 2019

Culinary Historians of Chicago

Play Episode Listen Later May 29, 2020 23:52


Public and Private Dining Experiences, FoodCultura, Fall, 2019 Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. The collaboration included Foodcultura: The Art and Anthropology of Cuisine, a team-taught course offered during the autumn of 2019 at the University of Chicago. The students, individually or in groups, proposed projects using approaches of anthropology and/or art and carried out extensive fieldwork using the city’s diverse alimentary and gustatory resources. Their final presentations took place during a marathon session in December at UChicago’s Gray Center for Arts and Inquiry. On January 25 four students presented their work to Chicago Foodways Roundtable. Three presentations centered on the theme of sugar: Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian; Alana Ferguson’s musings on cotton candy as an art form; and Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda. Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. Part 2 of A Taste of FoodCultura, on February 15, will feature Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. Liz Rice will present her work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. Finally, although the student group responsible is unable to attend, we will show The Camera Eats First, a slide presentation commenting on today’s Instagram culture. Recorded at Bethany Retirement Community on January 25, 2020 www.CulinaryHistorians.org

Culinary Historians of Chicago
Day of the Dead - Día de Muertos, FoodCultura - University of Chicago, Fall, 2019

Culinary Historians of Chicago

Play Episode Listen Later May 29, 2020 25:04


Día de Muertos - Day of the Dead, FoodCultura, Fall, 2019 Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda The collaboration included Foodcultura: The Art and Anthropology of Cuisine, a team-taught course offered during the autumn of 2019 at the University of Chicago. The students, individually or in groups, proposed projects using approaches of anthropology and/or art and carried out extensive fieldwork using the city’s diverse alimentary and gustatory resources. Their final presentations took place during a marathon session in December at UChicago’s Gray Center for Arts and Inquiry. On January 25 four students presented their work to Chicago Foodways Roundtable. Three presentations centered on the theme of sugar: Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian; Alana Ferguson’s musings on cotton candy as an art form; and Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda. Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. Part 2 of A Taste of FoodCultura, on February 15, will feature Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. Liz Rice will present her work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. Finally, although the student group responsible is unable to attend, we will show The Camera Eats First, a slide presentation commenting on today’s Instagram culture. Recorded at Bethany Retirement Community on January 25, 2020 www.CulinaryHistorians.org

Culinary Historians of Chicago
Roeser's Bakery, FoodCultura - University of Chicago, Fall, 2019

Culinary Historians of Chicago

Play Episode Listen Later May 29, 2020 22:51


Roeser's Bakery, FoodCultura - University of Chicago, Fall, 2019 Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian. The collaboration included Foodcultura: The Art and Anthropology of Cuisine, a team-taught course offered during the autumn of 2019 at the University of Chicago. The students, individually or in groups, proposed projects using approaches of anthropology and/or art and carried out extensive fieldwork using the city’s diverse alimentary and gustatory resources. Their final presentations took place during a marathon session in December at UChicago’s Gray Center for Arts and Inquiry. On January 25 four students presented their work to Chicago Foodways Roundtable. Three presentations centered on the theme of sugar: Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian; Alana Ferguson’s musings on cotton candy as an art form; and Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda. Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. Part 2 of A Taste of FoodCultura, on February 15, will feature Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. Liz Rice will present her work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. Finally, although the student group responsible is unable to attend, we will show The Camera Eats First, a slide presentation commenting on today’s Instagram culture. Recorded at Bethany Retirement Community on January 25, 2020 www.CulinaryHistorians.org

Culinary Historians of Chicago
Cotton Candy, FoodCultura - University of Chicago, Fall, 2019

Culinary Historians of Chicago

Play Episode Listen Later May 29, 2020 6:27


Cotton Candy as Art, FoodCultura, Fall, 2019 Alana Ferguson’s musings on cotton candy as an art form. The collaboration included Foodcultura: The Art and Anthropology of Cuisine, a team-taught course offered during the autumn of 2019 at the University of Chicago. The students, individually or in groups, proposed projects using approaches of anthropology and/or art and carried out extensive fieldwork using the city’s diverse alimentary and gustatory resources. Their final presentations took place during a marathon session in December at UChicago’s Gray Center for Arts and Inquiry. On January 25 four students presented their work to Chicago Foodways Roundtable. Three presentations centered on the theme of sugar: Yoon-Jee Choi’s analysis of cakes from Roeser’s Bakery through the eyes of a Bauhaus historian; Alana Ferguson’s musings on cotton candy as an art form; and Eli Bec’s discussion of ofrendas prepared for Día de Muertos (Day of the Dead altars) and her own personal ofrenda. Maisie Watson and Daniel Simantob explored the intersection of public and private dining experiences at Sinhá, a Brazilian home-restaurant in Chicago and in their own apartment. Part 2 of A Taste of FoodCultura, on February 15, will feature Paige Resnick exploring Chicago’s live poultry shops and the many issues associated with selecting and preparing one’s own chicken. Liz Rice will present her work comparing food choices in South Shore and Albany Park, two very different Chicago neighborhoods. Finally, although the student group responsible is unable to attend, we will show The Camera Eats First, a slide presentation commenting on today’s Instagram culture. Recorded at Bethany Retirement Community on January 25, 2020 www.CulinaryHistorians.org

DevOps and Docker Talk
Container and Kubernetes Security with Liz Rice of Aqua Security

DevOps and Docker Talk

Play Episode Listen Later May 21, 2020 66:28


I'm joined in a live Q&A with Liz Rice of Aqua Security talking about the state of container security and tools to help you understand and protect your workloads.

The Art of Modern Ops
Navigating the Kubernetes Hype Cycle with Cornelia Davis, Weaveworks & Liz Rice, Aqua Security

The Art of Modern Ops

Play Episode Play 24 sec Highlight Listen Later Apr 23, 2020 31:37


Anyone who looks at the growth of Kubecon CloudNativeCon attendance over the past four years can recognize that Kubernetes is more than a passing fad. Instead, Kubernetes represents the way forward for companies to scale, go faster and be more competitive. Many question whether we've achieved ‘peak Kubecon'.Listen in as Cornelia Davis and Liz Rice discuss the current state of cloud native, its ecosystem of projects and how the CNCF can help you navigate the complexity of piecing together a Kubernetes solution that's right for your team.Most organizations find open source software appealing because of the choice it offers. However there are tradeoffs; an abundance of choice can also increase complexity. An ideal situation would consist of an integrated plug and play solution with open source standards and solutions. One of the most pressing questions is whether we'll see a more integrated solution for delivering Kubernetes in the enterprise versus a straight do yourself approach.

Dreamweaver's Business and Career Coaching Podcast
Episode 32: The Davidson Hang Podcast w/Elizabeth Rice (Enterprise Account Executive at Linkedin Learning)

Dreamweaver's Business and Career Coaching Podcast

Play Episode Listen Later Apr 15, 2020 30:37


We had a fun, light conversation with Liz Rice who closed over a million dollars in revenue for the year already in Linkedin Learning's AE Divison. I love and appreciate her positive energy and joy she brings to the workplace every day even virtual during these weird times. If you want to connect with her to say hi, reach out via https://www.linkedin.com/in/elizabethrice3/

BeerSecOps
EP11: Liz Rice - The Container Security Book

BeerSecOps

Play Episode Listen Later Apr 6, 2020 35:29


Liz Rice @lizrice, VP of Open Source Engineering at Aqua makes a second appearance on BeerSecOps with Steve Giguere @_SteveGiguere_of Aqua Security @aquasecteam to discuss her new book from O’Reilly, diving deep into Container Security.

Down the Security Rabbithole Podcast
DtSR Episode 368 - Contain(er) Your Security

Down the Security Rabbithole Podcast

Play Episode Listen Later Oct 30, 2019 42:24


Welcome to another edition of the DtSR Podcast! This week Liz Rice joins us all the way from the (still) UK, and James is back too! What a treat... join us and read the show notes! Highlights from this week's episode include... Liz explains containers, security, and gives us a foundation Liz explains the fundamental stages of securing containers Liz explains the model of different types of containers and the things you need to worry about Rafal asks "where do you install the agent?"   Guest Liz Rice - ( @LizRice ) - Liz Rice leads Aqua’s technology evangelism activities in the cloud-native ecosystem. She is an active member of the open source community, and an award-winning speaker known for her live-coding demos. She is currently co-chair of KubeCon & CloudNativeCon. Prior to getting immersed in containers she built up a wealth of software development, team, and product management experience working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP with companies including Skype, Last.fm and Metaswitch Networks. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, and competing in virtual races on Zwift. Find her on LinkedIn: https://www.linkedin.com/in/lizrice/

BeerSecOps
EP02: Cloud Native and Open Source with Liz Rice

BeerSecOps

Play Episode Listen Later Oct 20, 2019 38:42


Steve Giguere, a DevSecOps engineer, sat down with Liz Rice, the VP of Open Source Engineering at Aqua and the chair of the CNCF’s Technical Oversight Committee, to discuss Open Source tools and Cloud Native subjects.

IBM Developer Podcast
Phil Estes & Liz Rice | Containers & Security

IBM Developer Podcast

Play Episode Listen Later Sep 16, 2019 24:21


Our guests Phil Estes (IBM) & Liz Rice (Aqua Security) take us on a journey through container technologies history and current landscape.

Changelog Master Feed
LIVE from Gophercon UK (Go Time #97)

Changelog Master Feed

Play Episode Listen Later Sep 4, 2019 79:37 Transcription Available


LIVE from LondonGophers as part of GopherCon UK! Mat Ryer, and Mark Bates were joined by Liz Rice, Kat Zień, Gautam Rege to talk about the magic in Go’s standard library. Huge thanks to the organizers of LondonGophers and GopherCon UK for making this possible.

Code[ish]
33. GopherCon 2019 Spotlight, Part 2

Code[ish]

Play Episode Listen Later Sep 4, 2019


Aaron Schlesinger is the core maintainer on Athens, an open source on-prem module proxy. He walks through the history of packages and modules in Go, and introduces how Athens satisfies the needs of developers. Go modules allow you to serve up a Go project's dependencies via an API; Athens implements that API--and integrates with other implementations of the API as well--to simplify dependency management, no matter where the code is stored. Beyang Liu is the CTO and co-founder of Sourcegraph, a company that focuses on developer tools. They use Go to build high-performance code search, code intelligence, and jump to def functionality that works across repository boundaries and across entire code bases. Their role at GopherCon 2019 is to live blog all of the talks for interested parties who were not able to physically attend the conference. Liz Rice is a technology evangelist with Aqua Security. It's a container security company, and she came to GopherCon to teach a workshop that introduced people to the concepts behind containers. She also recently became a Google developer expert in Go, which certifies her as someone creating interesting content that the community can look towards for education and inspiration. Johnny Boursiquot is an SRE at Heroku, and a long time gopher. He gave the closing keynote at GopherCon, and his singular focus is on ensuring that the Go community is truly diverse and welcoming to new members. Every year, new developers attend GopherCon, and he wants to encourage veterans to embrace this growth as a positive change. He also provides a wealth of resources on listeners who are brand new to Go and eager to learn more about it. Links from this episode Athens Project is a proxy server for the Go modules download API Several resources for newcomers to Go include: A Tour of Go Go by Example Go Bridge workshops Aaron Schlesinger's talk, "The Athens Project" Johnny Boursiquot's closing keynote, "What Got Us Here, Won't Get Us There"

Go Time
LIVE from Gophercon UK

Go Time

Play Episode Listen Later Sep 4, 2019 79:37 Transcription Available


LIVE from LondonGophers as part of GopherCon UK! Mat Ryer, and Mark Bates were joined by Liz Rice, Kat Zień, Gautam Rege to talk about the magic in Go’s standard library. Huge thanks to the organizers of LondonGophers and GopherCon UK for making this possible.

Go Time
LIVE from Gophercon UK

Go Time

Play Episode Listen Later Sep 4, 2019 79:37


LIVE from LondonGophers as part of GopherCon UK! Mat Ryer, and Mark Bates were joined by Liz Rice, Kat Zień, Gautam Rege to talk about the magic in Go’s standard library. Huge thanks to the organizers of LondonGophers and GopherCon UK for making this possible.

Voices in DevOps
A Conversation with Liz Rice of Aqua Security

Voices in DevOps

Play Episode Listen Later Aug 12, 2019 34:40


Jon Collins speaks with Liz Rice on the use of DevOps in building Security Platforms. Voices in DevOps – Episode 10: A Conversation with Liz Rice of Aqua Security

Voices in DevOps
A Conversation with Liz Rice of Aqua Security

Voices in DevOps

Play Episode Listen Later Aug 12, 2019 34:40


Jon Collins speaks with Liz Rice on the use of DevOps in building Security Platforms. Voices in DevOps – Episode 10: A Conversation with Liz Rice of Aqua Security

Voices in DevOps
A Conversation with Liz Rice of Aqua Security

Voices in DevOps

Play Episode Listen Later Aug 12, 2019 34:40


Jon Collins speaks with Liz Rice on the use of DevOps in building Security Platforms. Voices in DevOps – Episode 10: A Conversation with Liz Rice of Aqua Security

Voices in DevOps
A Conversation with Liz Rice of Aqua Security

Voices in DevOps

Play Episode Listen Later Aug 12, 2019 34:40


Jon Collins speaks with Liz Rice on the use of DevOps in building Security Platforms. Voices in DevOps – Episode 10: A Conversation with Liz Rice of Aqua Security

Kubernetes Podcast from Google
Attacking and Defending Kubernetes, with Ian Coldwater

Kubernetes Podcast from Google

Play Episode Listen Later Aug 6, 2019 43:19


Ian Coldwater specializes in breaking and hardening Kubernetes, containers, and cloud native infrastructure. A pre-eminent voice in the Kubernetes security community, they are currently a Lead Platform Security Engineer at Heroku. Ian joins Adam and Craig to talk about the offensive and defensive arts. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter of the week Black Hat USA DEFCON Scavenger hunts An example of Spot the Fed An example of the Mystery Challenge News of the week Mesosphere becomes D2iQ Google Cloud launches Migrate for Anthos in Beta Google Cloud Game Servers coming soon Episode 26: Agones, with Mark Mandel and Cyril Tovena Announcing Kubernetes Summits in Seoul and Sydney Security updates of the week CVE-2019-11247: API server allows access to custom resources via wrong scope CVE-2019-11249: kubectl cp (round 3!) IBM and Red Hat: OpenShift on IBM Cloud OpenShift coming to Z Series and LinuxONE Cloud Paks and services Cisco Container Platform now supports Microsoft AKS Helm deployments at the Kubedex How Kubernetes can be used for genetic analysis by Mu Huan and Eric Li Alibaba Cloud Announcing CloudBees Jenkins X Distribution Episode 44, Continuous Delivery Foundation, with Tracy Miranda TiDB Operator now Generally Available Links from the interview Red teams and penetration testing Fuzzing Attacking Helm’s Tiller Black-box and white-box testing DevSecOps: guard rails, not gates OWASP - the Open Web Application Security Project The math behind calculating security risk CVSS score etcd: encrypt it at rest! Admission control Technologies for isolation: AppArmor Seccomp gVisor Firecracker (not yet supported with Kubernetes) “Kubernetes is powerful, and it’s insecure by design” Ian and Duffie Cooley’s BlackHat talk Cloud doesn’t make it better! Threat modelling hostpath - “a powerful escape hatch” Trail of Bits blog: understanding Docker container escapes Recommended watching: Ship of Fools by Ian Coldwater (slides) Hacking and Hardening Kubernetes by Example by Brad Geesaman (slides) A Hackers Guide to Kubernetes and the Cloud by Rory McCune (and his upcoming Black Hat training) DIY Pen Testing for your Kubernetes Cluster by Liz Rice (our guest on episode 19) Ian Coldwater on Twitter

TFIR: Open Source & Emerging Technologies
Liz Rice On Technology & Culture Of The Cloud Native World

TFIR: Open Source & Emerging Technologies

Play Episode Listen Later Aug 2, 2019 10:25


Liz Rice, VP of Open Source Engineering at Aqua Security sat down with Swapnil Bhartiya at KubeCon and CloudNativeCon, Barcelona, to talk about a wide range of topics. Here is the timestamp of topics we discussed. 00:02:31 How diverse and inclusive is the Cloud Native community? 00:03:51 What are the benefits of having a diverse community? 00:05:38 What kind of challenges are there for the Technical Oversight Committee? 00:06:51 Tell us a bit about new SIGs (Special Interest Group) 00:06:56 Are there any new initiatives around SIG? 00:08:14 Zero trust security in the Cloud Native world and where does GitLab fit into the picture

Cloud Engineering – Software Engineering Daily
Kubernetes Security with Liz Rice

Cloud Engineering – Software Engineering Daily

Play Episode Listen Later Feb 14, 2019 54:36


A Kubernetes cluster presents multiple potential attack surfaces: the cluster itself, a node running on the cluster, a pod running in the node, a container running in a pod. If you are managing your own Kubernetes cluster, you need to be aware of the security settings on your etcd, your API server, and your container The post Kubernetes Security with Liz Rice appeared first on Software Engineering Daily.

Brakeing Down Security Podcast
2019-003-Liz Rice, creating processes to shift security farther left in DevOps

Brakeing Down Security Podcast

Play Episode Listen Later Jan 27, 2019 63:34


  BIO: Liz Rice is the Technology Evangelist with container security specialists Aqua Security, where she also works on container-related open source projects including kube-hunter and kube-bench. She was Co-Chair of the CNCF’s KubeCon + CloudNativeCon 2018 events in Copenhagen, Shanghai and Seattle, and co-author of the O’Reilly Kubernetes Security book. She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not building startups and writing code, Liz loves riding bikes in places with better weather than her native London. Liz Rice (@lizrice on Twitter) https://www.lizrice.com/ https://medium.com/@lizrice/non-privileged-containers-based-on-the-scratch-image-a80105d6d341 https://www.forbes.com/sites/adrianbridgwater/2018/07/23/shift-happens-why-your-software-needs-to-shift-left/#41aac6047f8c https://www.cloudops.com/2018/10/takeaways-from-liz-rice-pop-up-meetup-on-container-security/ https://thenewstack.io/cloud-native-security-patching-with-devops-best-practices/ https://changelog.com/gotime/56 - podcast with Liz https://kubernetes-security.info - co-author of O’Reilly Kubernetes security book https://www.slideshare.net/Docker/dont-have-a-meltdown - Liz Rice/Justin Cormack slides https://www.bbc.com/news/technology-41753022 - NHS ransomware issue in 2017 https://docs.docker.com/config/containers/container-networking/ - docker portmapping https://techbeacon.com/9-practical-steps-secure-your-container-deployment   If security needs to “Shift Left”, what can devs do to accommodate the change?     Everyone will have to make adjustments, not just security… right?   Reverse uptime… Forgotten data?   Test Driven Development Why do we need security as far left?     “We don’t patch, we just push a fix, ”     “We’ll fix it in production…”     Or we pump more resources to overcome perf issues     Is there time for code reviews?     “We don’t need change management…”   https://testssl.sh - @drwetter   Automation: How does security that solve security issues?     Do Microservices solve everything?     What don’t they solve?         What does security need to embrace to make the shift less painful?         What does development need to embrace to make the shift less painful?             Cause security wants to get in there… There are already DevSecOps processes a-plenty and many . Why aren’t companies adopting them?     Maturity?     Lack of resources?     Negligent devs - how can you ignore the news of breaches?   Setting Goals     “Start Small” - what’s an example of a small goal?   Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

The CyberWire
Shamoon variant implicated in Saipem hack. Charming Kitten reappears. Sino-American tension over trade and industrial espionage.

The CyberWire

Play Episode Listen Later Dec 13, 2018 20:36


In today’s podcast we hear that the Saipem hack looks like a new Shamoon variant. Charming Kitten started prowling through relevant places after the Iran sanctions became more serious. US authorities denounce Chinese espionage, especially industrial espionage, but there are as yet no new indictments or sanctions. Concerns mount over Chinese influence operations. Another Canadian may be in Chinese custody—possibly in retaliation for the detention of Huawei’s CFO. Ben Yelin from UMD CHHS on how password policies align with the 5th amendment. Guest is Liz Rice from Aqua Security on the notion of security teams “shifting left.” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_12_13.html Support our show

TFIR: Open Source & Emerging Technologies
China is doing incredible things with Kubernetes and Cloud Native: Liz Rice

TFIR: Open Source & Emerging Technologies

Play Episode Listen Later Dec 5, 2018 5:59


Q&A with a Co-Chair of KubeCon & CloudNativeCon We sat down with Liz Rice, Co-Chair KubeCon & CloudNativeCon, to talk about her experience in China, future events and diversity at CNCF events. TFiR: How has been your experience so far in KubeCon & CloudNativeCon China? Liz Rice: It has been phenomenal. This is my first time in China and it’s amazing to see these enormous Chinese companies who are embracing cloud native and doing advanced things with that. I was particularly struck by the number of applications of AI on Kubernetes. There are power companies, genetics research that’s been done using cloud native technologies. TFiR: Let’s look beyond China, what’s exciting about Seattle? LR: I’m really excited because we just sold out. There will be more than 7,500 attendees at Seattle KubeCon & CloudNativeCon. We are seeing this growing adoption of Kubernetes, so obviously there will be developers and technical discussions around technology. We want to maintain that, but we are also seeing end users and people with expertise and experience or running Kubernetes and cloud native in production. We want to hear more and more stories from them. I’ve just seen the stage layout and from the perspective of actually standing on that a really big stage, it’s going to be quite fun. We will see a lot of projects that are going through the process of graduation and want to move from sandbox into incubation. TFiR: Diversity is a topic that we cover here at TFiR. CNCF is doing incredible work to make its events more inclusive and diverse, will we continue to see that? LR: One of the things that I’m really impressed about the CNCF is that there is a genuine focus on trying to improve access for a diverse audience. We have diversity scholarships, and I believe 301 people have attended or are going to be attending KubeCon & CloudNativeCon this calendar year as a result of the diversity scholarships. It’s great to see those people from really unusual and interesting places around the world getting to attend and take back some knowledge to their local communities.

Open Source Security Podcast
Episode 123 - Talking about Kubernetes and container security with Liz Rice

Open Source Security Podcast

Play Episode Listen Later Nov 19, 2018 27:52


Josh and Kurt talk to Liz Rice about Kubernetes and container security. How did we get where we are today, what's new and exciting today, and where do we think things are going.

Kubernetes Podcast from Google
kube-hunter and KubeCon, with Liz Rice

Kubernetes Podcast from Google

Play Episode Listen Later Sep 5, 2018 26:01


Liz Rice from Aqua Security builds penetration testing tools for Kubernetes by day, and runs the KubeCon program by night. Adam and Craig dig into both topics. Do you have something cool to share? Some questions? Let us know: web: kubernetespodcast.com mail: kubernetespodcast@google.com twitter: @kubernetespod Chatter Adam went to Battle Ground Lake State Park Adam and Craig are both going to Google Cloud Next in Tokyo (September 19-20) Craig is also going to Google Cloud Summits in Singapore (September 13), Sydney (September 26) and Hong Kong (October 10) News of the week Google Cloud grants $9M in credits for the operation of the Kubernetes project The Machines Can Do the Work, a Story of Kubernetes Testing, CI, and Automating the Contributor Experience CNCF to host TiKV in the Sandbox New CNCF members CNCF Survey Istio 1.0.1 Forbes contributor Janakiram MSV on Cloud Native TriggerMesh Amazon adds support for Horizontal Pod Autoscaler Kontena 1.3.0 Links from the interview Aqua Security kube-bench kube-hunter: GitHub Launch blog post Introduction video KubeCon & CloudNativeCon: Europe: Copenhagen, May China: Shanghai, November North America: Seattle, December

The Women in Tech Show: A Technical Podcast

Security tools are essential in helping tackle vulnerabilities in the cloud. Liz Rice, Technology Evangelist at Aqua Security explained the capabilities of security tools, vulnerability reports, and the process of deploying security patches.

The Cloudcast
The Cloudcast #343 - Container Vulnerability Scanning

The Cloudcast

Play Episode Listen Later Apr 19, 2018 25:45


Aaron and Tyler Britten talk with Liz Rice (@lizrice, Technology Evangelist @AquaSecTeam) about what's easy—and what's not—about finding and patching security vulnerabilities in containers. This is a cross-over show with @PodCTL podcast. Show Links: Liz’s talk at Velocity Conf - “What’s so hard about container vulnerability scanning?” Use code "CLOUD" to get 20% off Velocity and OSCON Conference Passes Aqua Security Homepage Liz Rice’s Blog [Video] Kubernetes, Metadata and You (KubeCon 2017 Austin) [PODCAST] @PodCTL - Containers | Kubernetes | OpenShift - RSS Feed, iTunes, Google Play, Stitcher, TuneIn and all your favorite podcast players [A CLOUD GURU] Get The Cloudcast Alexa Skill [A CLOUD GURU] A Cloud Guru Membership - Start your free trial. Unlimited access to the best cloud training and new series to keep you up-to-date on all things AWS. [A CLOUD GURU] FREE access to AWS Certification Exam Prep Guide - At A Cloud Guru, the #1 question received from students is "I want to pass the AWS cert exam, so where do I start?" This course is your answer. [FREE] eBook from O'Reilly Show Notes Topic 1 - Welcome to the show Liz. Tell us a little bit about your background and the types of things that you’re working on these days. Topic 2 - Let’s start with the basics. A container is defined by a file (e.g. Dockerfile) that the user/developer/operator defines. How can a vulnerability get into that file? Topic 3 - Is it up to the CI/CD system or  host OS (where the container runs) or container orchestrator (e.g. Kubernetes) or container registry to figure out if a vulnerability exists? Topic 4 - How do most container registries today manage vulnerability lists, container scanning and potential mitigations? What are the difficult parts of those tasks? Topic 5 - Most containers today are Linux containers. Are you seeing anything happening (yet) around how to manage Windows containers vulnerabilities? Is the assumption that Microsoft will fix this through one of their existing tools, or are things happening in the open source community as well? Feedback? Email: show at thecloudcast dot net Twitter: @thecloudcastnet and @ServerlessCast

PodCTL - Kubernetes and Cloud-Native
Container Vulnerability Scanning

PodCTL - Kubernetes and Cloud-Native

Play Episode Listen Later Apr 18, 2018 25:45


Show: 32Show Overview:Tyler and Aaron Delp talk with Liz Rice (@lizrice, Technology Evangelist @AquaSecTeam) about what's easy—and what's not—about finding and patching security vulnerabilities in containers. This is a cross-over show with @TheCloudcastNet podcast. Show Notes:Liz’s talk at Velocity Conf - “What’s so hard about container vulnerability scanning?”Use code CLOUD to get 20% off Velocity or OSCON ticketsAqua Security HomepageLiz Rice’s Blog[Video] Kubernetes, Metadata and You (KubeCon 2017 Austin)Topic 1 - Welcome to the show Liz. Tell us a little bit about your background and the types of things that you’re working on these days.Topic 2 - Let’s start with the basics. A container is defined by a file (e.g. Dockerfile) that the user/developer/operator defines. How can a vulnerability get into that file?Topic 3 - Is it up to the CI/CD system or host OS (where the container runs) or container orchestrator (e.g. Kubernetes) or container registry to figure out if a vulnerability exists?Topic 4 - How do most container registries today manage vulnerability lists, container scanning and potential mitigations? What are the difficult parts of those tasks?Topic 5 - Most containers today are Linux containers. Are you seeing anything happening (yet) around how to manage Windows containers vulnerabilities? Is the assumption that Microsoft will fix this through one of their existing tools, or are things happening in the open source community as well? Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl.com

HashiCast
Episode 1 - Liz Rice, Aqua Security

HashiCast

Play Episode Listen Later Apr 3, 2018 44:49


This episode of HashiCast highlights Liz Rice from Aqua Security. Liz Rice works for Aqua Security who build a platform which provides development-to-production lifecycle controls for securing containerized applications. In addition to her work with Aqua, Liz is very active in the world of technology and has given some fascinating talks at GopherCon, DockerCon and many other conferences around the globe. She is also the maintainer of Kube-bench and Manifesto. We chat all things application security, the state of the industry, problems application developers face and some things you can do to help build a more secure workflow. Guests: Liz Rice - Aqua Security Hosts: Anubhav Mishra, Nic Jackson - Developer Advocates, HashiCorp Intro Music: El Mariachi by The Greek Fandango Orchestra (Creative Commons) freakfandango.bandcamp.com Links: Aqua Security: https://www.aquasec.com Kube Bench: https://github.com/aquasecurity/kube-bench Manifesto: https://github.com/aquasecurity/manifesto Talks: Velocity London - Keynote on Cloud Native Security https://www.youtube.com/watch?v=eB8kzdWWcfA&feature=youtu.be DockerCon - What have namespaces done for you lately? https://youtu.be/MHv6cWjvQjM HashiConf - Your Secret's Safe with Me - Securing Container Secrets with Vault https://www.youtube.com/watch?v=j3QJRdiTr1I&list=PL81sUbsFNc5Y-jbEC1y5BWenDoYscVv4t&index=30

Changelog Master Feed
Container Security and Demystifying Complexity (Go Time #56)

Changelog Master Feed

Play Episode Listen Later Sep 8, 2017 63:55 Transcription Available


Liz Rice joined the show to talk about containers, cloud security, making complex concepts easier to understand, and other interesting Go projects and news.

Go Time
Container Security and Demystifying Complexity

Go Time

Play Episode Listen Later Sep 8, 2017 63:55


Liz Rice joined the show to talk about containers, cloud security, making complex concepts easier to understand, and other interesting Go projects and news.

Go Time
Container Security and Demystifying Complexity

Go Time

Play Episode Listen Later Sep 8, 2017 63:55 Transcription Available


Liz Rice joined the show to talk about containers, cloud security, making complex concepts easier to understand, and other interesting Go projects and news.

Zone 1 Radio - #TechTalkfest
#TechTalkfest - The Neverending Development Story - @z1radio

Zone 1 Radio - #TechTalkfest

Play Episode Listen Later Sep 5, 2013 29:59


Tech Talkfest talks to the movers and shakers of Tech City, keeping up to date with their projects and charting the progress, pitfalls and plans of working in the world’s most exciting industry. This week we have an exclusive interview with TankTopTV’s Liz Rice and she has some exciting news about their latest step in their development cycle… Christoph Burgdorfer delves into how the life cycle of a product launch has changed forever in technology, and assesses what this means for both developers and consumers Also this week, coder David Simons investigates the pro’s and con’s of our ever more computer-literate children. Sofie Sandell has a guide to Pinterest and as ever Judith Lewis and the Search News has the very latest updates for anyone working in SEO Tech: (n) All things Gadgets and Gizmos Talkfest: (n) An enjoyable discussion and conversation -- www.twitter.com/TechTalkfest and www.twitter.com/z1radio www.ZoneOneRadio.com www.facebook.com/ZoneOneRadio #Technology #Podcast #SiliconeRoundabout #TechCity #Developer #Development #Pinterest #SEO #Search

Zone 1 Radio
#TechTalkfest - The Neverending Development Story - @z1radio

Zone 1 Radio

Play Episode Listen Later Sep 5, 2013 52:38


Tech Talkfest talks to the movers and shakers of Tech City, keeping up to date with their projects and charting the progress, pitfalls and plans of working in the world’s most exciting industry. This week we have an exclusive interview with TankTopTV’s Liz Rice and she has some exciting news about their latest step in their development cycle… Christoph Burgdorfer delves into how the life cycle of a product launch has changed forever in technology, and assesses what this means for both developers and consumers Also this week, coder David Simons investigates the pro’s and con’s of our ever more computer-literate children. Sofie Sandell has a guide to Pinterest and as ever Judith Lewis and the Search News has the very latest updates for anyone working in SEO Tech: (n) All things Gadgets and Gizmos Talkfest: (n) An enjoyable discussion and conversation -- www.twitter.com/TechTalkfest and www.twitter.com/z1radio www.ZoneOneRadio.com www.facebook.com/ZoneOneRadio