Podcasts about MFA

Today on the show we have Oscar® and two-time Emmy® Nominee Simon Kinberg. He has established himself as one of Hollywood's most prolific filmmakers, having written and produced projects for some of the most successful franchises in the modern era. His films have earned more than seven billion dollars worldwide.  Kinberg graduated from Brown University and received his MFA from Columbia University Film School, where his thesis project was the original script, “Mr and Mrs Smith.” The film was released in 2005, starring Brad Pitt and Angelina Jolie. Upcoming, Kinberg will premiere his action spy film “The 355”, which will be released theatrically by Universal on January 7, 2022. Directed, co-written and produced by Kinberg, the film was one of the biggest deals out of the 2018 Cannes Film Festival and stars an ensemble of A-list actresses including Jessica Chastain, Lupita Nyong'o, Penelope Cruz, Diane Kruger and Fan Bingbing. A dream team of formidable female stars come together in a hard-driving original approach to the globe-trotting espionage genre in The 355.When a top-secret weapon falls into mercenary hands, wild card CIA agent Mason “Mace” Brown (Oscar®-nominated actress Jessica Chastain) will need to join forces with rival badass German agent Marie (Diane Kruger, In the Fade), former MI6 ally and cutting-edge computer specialist Khadijah (Oscar® winner Lupita Nyong'o), and skilled Colombian psychologist Graciela (Oscar® winner Penélope Cruz) on a lethal, breakneck mission to retrieve it, while also staying one-step ahead of a mysterious woman, Lin Mi Sheng (Bingbing Fan, X-Men: Days of Future Past), who is tracking their every move.As the action rockets around the globe from the cafes of Paris to the markets of Morocco to the opulent auction houses of Shanghai, the quartet of women will forge a tenuous loyalty that could protect the world—or get them killed. The film also stars Édgar Ramirez (The Girl on the Train) and Sebastian Stan (Avengers: Endgame).The 355 is directed by genre-defying filmmaker Simon Kinberg (writer-director-producer of Dark Phoenix, producer of Deadpool and The Martian and writer-producer of the X-Men films). The screenplay is by Theresa Rebeck (NBC's Smash, Trouble) and Kinberg, from a story by Rebeck.The 355, presented by Universal Pictures in association with FilmNation Entertainment, is produced by Chastain and Kelly Carmichael for Chastain's Freckle Films and by Kinberg for his Kinberg Genre Films. The film is executive produced by Richard Hewitt (Bohemian Rhapsody), Esmond Ren (Chinese Zodiac) and Wang Rui Huan.His original series “Invasion” premiered on Apple TV+ on October 22nd. He co-created the show with David Weil, serves as Executive Producer, and wrote or co-wrote 9 of its first 10 episodes. It is considered one of Apple's most ambitious series to date as it was filmed on 4 different continents. The show has already been renewed for a second season, which Kinberg is show running and Executive Producing again. He is also the Executive Producer of the upcoming show “Moonfall” for Amazon. Also upcoming, Kinberg produced the sequel to "Murder on the Orient Express,” “Death on The Nile,” directed by Kenneth Branagh and starring Gal Gadot, Armie Hammer, Annette Bening and another all-star cast.Additionally, he is producing several projects for Netflix including “Lift” starring Kevin Hart with director F. Gary Gray, his original script "Here Comes the Flood" with Jason Bateman directing, "Endurance" with Camille Griffin directing, and “Pyros” with Reese Witherspoon starring and producing. Kinberg's latest spec “Wayland” will also begin production next year for Lionsgate, with Michael Showalter directing, and Jessica Chastain producing alongside Kinberg Kinberg will also be producing “The Running Man” at Paramount Pictures to be directed by Edgar Wright, “Artemis” to be directed by Oscar winners Chris Miller and Phil Lord and based on a book by the writer of “The Martian”, the remake of “The Dirty Dozen” at Warner Brothers with David Ayer writing and directing, “Starlight” at 20th Century Studios to be written and directed by Joe Cornish, “Death Notification Agency” at Amazon based on the novel of the same name, “Karma” at Sony Pictures, “Chairman Spaceman” at Fox Searchlight, to be directed by Oscar Winner Andrew Stanton, and an Untitled Action-Romance starring Idris Elba at Apple. Following almost a decade's worth of Marvel films, Kinberg will also write and produce “Battlestar Galactica” for Universal which will be his latest franchise universe. In 2006, he wrote “X-Men: The Last Stand,” which opened on Memorial Day to box office records and began his ongoing relationship with the franchise. In 2008, Kinberg wrote and produced Doug Liman's film “Jumper” for 20th Century Fox. In 2009, Kinberg co-wrote the film “Sherlock Holmes” starring Robert Downey Jr, directed by Guy Ritchie. The film received a Golden Globe for Best Actor and was nominated for two Academy Awards. In 2010, Kinberg established his production company Genre Films, with a first look deal at 20th Century Fox. Under this banner, he produced “X-Men: First Class,” executive produced “Abraham Lincoln: Vampire Hunter” and wrote and produced “This Means War.” In 2013, Kinberg produced “Elysium," which starred Matt Damon and Jodie Foster, directed by Neill Blomkamp. On Memorial Day of 2014, Fox released “X-Men: Days of Future Past," which Kinberg wrote and produced. The film opened number one at the box office, received critical acclaim and went on to gross more than $740 million worldwide. In 2015, Kinberg had four films in release. He re-teamed with Neill Blomkamp to produce “Chappie,” starring Hugh Jackman and Sharlto Copley. Kinberg produced Disney's Academy Award-nominated film “Cinderella," starring Cate Blanchett and directed by Kenneth Branagh.In addition, Kinberg was the co-writer and producer of “The Fantastic Four.” His final film of the year was “The Martian,” which he produced. The film, directed by Ridley Scott and starring Matt Damon, grossed more than $630 million worldwide, won two Golden Globes (including Best Picture) and was nominated for seven Academy Awards (including Best Picture). In 2016, Kinberg produced “Deadpool,” starring Ryan Reynolds. The film broke international and domestic records for box office, including becoming the highest-grossing R-rated film of all time globally. It went on to win two Critics Choice Awards (including Best Picture - Comedy) and receive two Golden Globe nominations (including Best Picture), a WGA nomination and a PGA nomination for Best Picture. That year, Kinberg also wrote and produced “X-Men: Apocalypse.” In 2017, he produced “Logan,” the final installment of the Wolverine franchise with Hugh Jackman. It was selected as the closing film of the Berlin Film Festival and opened #1 at the box office. It was named one of the ten best films of the year from the National Board of Review, garnered three Critics Choice Nominations and an Academy Award Nomination.Kinberg was also a producer on “Murder on the Orient Express,” directed by Kenneth Branagh, with Branagh starring alongside Johnny Depp, Michelle Pfeiffer, Penelope Cruz, Daisy Ridley, Judi Dench, and others. In 2018, Kinberg produced “Deadpool 2,” which matched the success of the first film. It was Kinberg's fourteenth film to open number one at the box office. In 2019, Kinberg made his directorial debut with “X-Men: Dark Phoenix,” which was released June 7. The film once again starred Jennifer Lawrence, Michael Fassbender, James McAvoy, Nicholas Hoult, Sophie Turner, with new addition Jessica Chastain. In television, he was the executive producer of “Designated Survivor,” starring Kiefer Sutherland on ABC and Netflix. He was also the executive producer of “Legion,” “Gifted,” and executive producer and co-creator with Jordan Peele of the remake of “The Twilight Zone” on CBS All Access.  Kinberg has served as a consultant on “Star Wars: Episode VII” and “Rogue One," and he was the creator and executive producer of the animated show “Star Wars: Rebels” on Disney networks. You can also watch Simon's Screenwriting Masterclass on The Dialogue Series on Indie Film Hustle TV.The Dialogue: Learning From the Masters is a groundbreaking interview series that goes behind the scenes of the fascinating craft of screenwriting. In these 70-90 minute in-depth discussions, more than two-dozen of today's most successful screenwriters share their work habits, methods, and inspirations, secrets of the trade, business advice, and eye-opening stories from life in the trenches of the film industry. Each screenwriter discusses his or her filmography in great detail and breaks down the mechanics of one favorite scene from their produced work.Needless to say this is one heck of an episode. Enjoy my conversation with Simon Kinberg.

It might surprise you to learn that just about every production of a Shakespeare play that you've ever seen onstage has been cut, from student shows to Broadway revivals. Cutting Plays for Performance: A Practical and Accessible Guide, a new book by Aili Huber and Dr. Toby Malone, lays out some of the reasons that theater-makers cut Shakespeare's plays, and suggests some handy questions directors and dramaturgs should ask themselves as they take a pen to the plays. Barbara Bogaev interviews Huber about the argument that brought Huber and her co-author together, strategies for cutting plays, and how a good cut can reveal a new and exciting story. Aili Huber has been a theater director for over 20 years. She holds an MFA in directing from Mary Baldwin University and the American Shakespeare Center. Her new book, co-written with Dr. Toby Malone of SUNY-Oswego, is called Cutting Plays for Performance: A Practical and Accessible Guide. It was published by Routledge in December 2021. From the Shakespeare Unlimited podcast. Published January 18, 2022. © Folger Shakespeare Library. All rights reserved. This podcast episode, “Your Way Is Shorter,” was produced by Richard Paul. Garland Scott is the associate producer. It was edited by Gail Kern Paster. Ben Lauer is the web producer. Leonor Fernandez edits a transcript of every episode, available at folger.edu. We had technical help from Andrew Feliciano and Evan Marquart at Voice Trax West in Studio City, California, and Mikael Glago at Midnight Spaghetti Productions in Harrisonburg, Virginia.

With a background in cinema, Jason Rodriguez of the School of the Art Institute of Chicago sits down with Jared to talk about how film influences his poetry. They unpack how Jason captures movement in visual poems, how the bombardment of media and pandemic isolation influence his work, and how he found an MFA program that allows him to investigate all areas of writing without confinement to a single track. Jason Rodriguez is a second-year MFA in Writing student focusing on design, interactivity, and poetry at the School of the Art Institute of Chicago. He's been a producer on the school's podcast, SAIC Beat, for the last three seasons. He was an Assistant Poetry Editor for the journal ANMLY and recently worked on a queer/sci-fi stop-motion short film titled Mother Bunker, which played at the Ann Arbor Film Festival, Outfest, and Melbourne International Film Festival. His writing has been published or is forthcoming in BathHouse Journal, GlitterMOB, Mannequin Haus, Word For/Word, and Gasher, and was included as the introduction to Michael Aurelio's poetry collection, The Smokers (2019). Find him on Instagram @freefloppydisk. MFA Writers is hosted by Jared McCormack and produced by Jared McCormack and Hanamori Skoblow. New episodes are released every two weeks. You can find more MFA Writers at MFAwriters.com. This episode was requested by De'Andre Holmes. Thank you for listening, De'Andre! BE PART OF THE SHOW — Leave a rating and review on Apple Podcasts, Podchaser, or Podcast Addict. — Submit an episode request. If there's a program you'd like to learn more about, contact us and we'll do our very best to find a guest who can speak to their experience. STAY CONNECTED Twitter: @MFAwriterspod Instagram: @MFAwriterspodcast Facebook: MFA Writers Email: mfawriterspodcast@gmail.com

You can buy a phish kit online for 10 bucks. But beware, since it'll probably come back to bite you in ways you might not expect. In this episode, hosts Selena Larson and Crista Giering chat with Jared Peck, Senior Threat Researcher at Proofpoint, about the pros and cons of phish kits — and why there's no honor among thieves. Join us as we discuss: What a phish kit is and how it works Ways a phish kit relates to MFA tokens and other authorizations Monetization, credentials for initial access, and the attack chain How organizations and people can defend against phishing attacks Resource mentioned: Have Money for a Latte? Then You Too Can Buy a Phish Kit | Proofpoint US For more episodes like this one, subscribe to us on Apple Podcasts, Spotify, and the Proofpoint website, or just search for Protecting People in your favorite podcast player.

One of the Crew's Favorite writers, Nick Petrie, joins the boys to discuss his 7th Peter Ash thriller, THE RUNAWAY. When Peter Ash rescues a stranded woman, he finds she's in far deeper trouble than he could ever imagine in the powerful new thriller in this bestselling and award-winning series. Don't miss this latest white-knuckler featuring the character Lee Child calls “the real deal.”     War veteran Peter Ash is driving through northern Nebraska when he encounters a young pregnant woman alone on a gravel road, her car dead. Peter offers her a lift, but what begins as an act of kindness soon turns into a deadly cat-and-mouse chase across the lonely highways with the woman's vicious ex-cop husband hot on their trail. The pregnant woman has seen something she was never meant to see . . . but protecting her might prove to be more than Peter can handle.   In order to save the woman and himself, Peter must use everything he has learned during his time as a Marine, including his knowledge of human nature, in order to escape a ruthless killer with instincts and skills that match—and perhaps exceed—Peter's own.   “If you're not already on the Peter Ash train, jump aboard now. Nick Petrie is doing headliner work.”—Robert Crais  Nick Petrie received his MFA in fiction from the University of Washington and won a Hopwood Award for short fiction while an undergraduate at the University of Michigan. His story “At the Laundromat” won the 2006 Short Story Contest in The Seattle Review, a national literary journal. His first novel, The Drifter, won the ITW Thriller and Barry Awards, and was nominated for Edgar, Anthony, and Hammett Awards. He won the 2016 Literary Award from the Wisconsin Library Association and was named one of Apple's 10 Writers to Read in 2017.  Light It Up was named the Best Thriller of 2018 by Apple Books. Both Light it Up and The Wild One were shortlisted for the Barry Award. Don't forget to subscribe to The Crew Reviews, hit the "LIKE" button, and leave a comment. And if you want to learn more about the guys from The Crew or see additional author interviews, visit us at http://www.thecrewreviews.com Follow us on social media Twitter | https://twitter.com/CREWbookreviews   Instagram | https://www.instagram.com/thecrewreviews Facebook | https://www.facebook.com/thecrewreviews/   Nick Petrie

Your child won't listen to you? Take a number, hun. Today we'll be talking about listening - why your kids don't listen to you and why you may not be the world's best listener and how to get better. We'll kick off our show with The Raise a Glass Series, get on to our questions to explore, and end with A Short Story Before We Go. MFA is the sometimes-musical, dramedy, in 3 acts, 1 intermission, the length of a sitcom designed to give mama's (and any caregiver) a break in the day to breathe and reset along with a much needed audio hug. Quote: “children may not obey, but children will listen, children will look to you, for which way to turn, to learn what to be, careful before you say “listen to me”, children will listen” ~ Finale/Children will Listen from Into the Woods Act I: The Raise a Glass Series·       The Raise a Glass Series is a space for reflection and gratitude centered around the topic of the day and inspired by lyrics from Hamilton the Musical.Today's lyrics – “I know my sister like I know my own mind, You will never find anyone as trusting or as kind, If I tell her that I love him she'd be silently resigned, He'd be mine, She would say, I'm fine, She'd be lying”Act II: Main Questions·       Why doesn't my child listen to me?·       How does someone listen effectively? What are those skills?·       If I could get my child to listen to me all the time what would that look like and mean for our relationship?·       What would my relationship look like if I were a better listener?         Intermission: Angelica InterludeAct III: A Short Story Before We GoThe Actor's NightmareEpisode transcript: available at https://www.mfaparentingedition.com/044Sources that helped inspire this episode:·       Original Broadway Cast of Into the Woods – Children Will Listen / Finale Lyrics | Genius Lyrics·       Lin-Manuel Miranda - Satisfied Lyrics | Lyrics.com·       My child won't listen to me - 10 tips to turn things around - The Montessori Notebook·       Why Your Child Refuses to Listen | Top Five Parenting Mistakes - YouTube·       Check out the episode on finding your voice if you haven't heard it yet right here:  https://www.mfaparentingedition.com/042Connect with Me:Best way - taisha@mfparentingedition.comIG - @mfaparentingeditionSupport the show (https://www.buymeacoffee.com/mfaparenting)

Bradford Pearson (@bradfordpearson) is a journalist, editor, and author of The Eagles of Heart Mountain: A True Story Of Football, Incarceration, and Resistance in World War II America. Sponsor: West Virginia Wesleyan College's MFA in Creative Writing Social Media @CNFPod Show notes and newsletter: brendanomeara.com Support?: patreon.com/cnfpod

About MaciejMaciej Winnicki is a serverless enthusiast with over 6 years of experience in writing software with no servers whatsoever. Serverless Engineer at Stedi, Cloudash Founder, ex-Engineering Manager, and one of the early employees at Serverless Inc.Links: Cloudash: https://cloudash.dev Maciej Winnicki Twitter: https://twitter.com/mthenw Tomasz Łakomy Twitter: https://twitter.com/tlakomy Cloudash email: hello@cloudash.dev TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part byLaunchDarkly. Take a look at what it takes to get your code into production. I'm going to just guess that it's awful because it's always awful. No one loves their deployment process. What if launching new features didn't require you to do a full-on code and possibly infrastructure deploy? What if you could test on a small subset of users and then roll it back immediately if results aren't what you expect? LaunchDarkly does exactly this. To learn more, visitlaunchdarkly.com and tell them Corey sent you, and watch for the wince.Corey: This episode is sponsored in part by our friends at Rising Cloud, which I hadn't heard of before, but they're doing something vaguely interesting here. They are using AI, which is usually where my eyes glaze over and I lose attention, but they're using it to help developers be more efficient by reducing repetitive tasks. So, the idea being that you can run stateless things without having to worry about scaling, placement, et cetera, and the rest. They claim significant cost savings, and they're able to wind up taking what you're running as it is in AWS with no changes, and run it inside of their data centers that span multiple regions. I'm somewhat skeptical, but their customers seem to really like them, so that's one of those areas where I really have a hard time being too snarky about it because when you solve a customer's problem and they get out there in public and say, “We're solving a problem,” it's very hard to snark about that. Multus Medical, Construx.ai and Stax have seen significant results by using them. And it's worth exploring. So, if you're looking for a smarter, faster, cheaper alternative to EC2, Lambda, or batch, consider checking them out. Visit risingcloud.com/benefits. That's risingcloud.com/benefits, and be sure to tell them that I said you because watching people wince when you mention my name is one of the guilty pleasures of listening to this podcast.Corey: Welcome to Screaming in the Cloud. I'm Cloud Economist Corey Quinn. And my guest today is Maciej Winnicki, who is the founder of Cloudash. Now, before I dive into the intricacies of what that is, I'm going to just stake out a position that one of the biggest painful parts of working with AWS in any meaningful sense, particularly in a serverless microservices way, is figuring out what the hell's going on in the environment. There's a bunch of tools offered to do this and they're all—yeee, they aspire to mediocrity. Maciej, thank you for joining me today.Corey: Welcome to Screaming in the Cloud. I'm Cloud Economist Corey Quinn. And my guest today is Maciej Winnicki, who is the founder of Cloudash. Now, before I dive into the intricacies of what that is, I'm going to just stake out a position that one of the biggest painful parts of working with AWS in any meaningful sense, particularly in a serverless microservices way, is figuring out what the hell's going on in the environment. There's a bunch of tools offered to do this and they're all—yeee, they aspire to mediocrity. Maciej, thank you for joining me today.Maciej: Thank you for having me.Corey: So, I turned out to have accidentally blown up Cloudash, sort of before you were really ready for the attention. You, I think, tweeted about it or put it on Hacker News or something; I stumbled over it because it turns out that anything that vaguely touches cloud winds up in my filters because of awesome technology, and personality defects on my part. And I tweeted about it as I set it up and got the thing running, and apparently this led to a surge of attention on this thing that you've built. So, let me start off with an apology. Oops, I didn't realize it was supposed to be a quiet launch.Maciej: I actually thank you for that. Like, that was great. And we get a lot of attention from your tweet thread, actually because at the end, that was the most critical part. At the end of the twitter, you wrote that you're staying as a customer, so we have it on our website and this is perfect. But actually, as you said, that's correct.Our marketing strategy for releasing Cloudash was to post it on LinkedIn. I know this is not, kind of, the best strategy, but that was our plan. Like, it was like, hey, like, me and my friend, Tomasz, who's also working on Cloudash, we thought like, let's just post it on LinkedIn and we'll see how it goes. And accidentally, I'm receiving a notification from Twitter, “Hey, Corey started tweeting about it.” And I was like, “Oh, my God, I'm having a heart attack.” But then I read the, you know—Corey: Oops.Maciej: [laugh]. Yeah. I read the, kind of, conclusion, and I was super happy. And again, thank you for that because this is actually when Cloudash kind of started rolling as a product and as a, kind of, business. So yeah, that was great.Corey: To give a little backstory and context here is, I write a whole bunch of serverless nonsense. I build API's Gateway, I hook them up to Lambda's Function, and then it sort of kind of works. Ish. From there, okay, I would try and track down what was going on because in a microservices land, everything becomes a murder mystery; you're trying to figure out what's broken, and things have exploded. And I became a paying customer of IOpipe. And then New Relic bought them. Well, crap.Then I became a paying customer of Epsagon. And they got acquired by Cisco, at which point I immediately congratulated the founders, who I know on a social basis, and then closed my account because I wanted to get out before Cisco ruins it because, Cisco. Then it was, what am I going to use next? And right around that time is when I stumbled across Cloudash. And it takes a different approach than any other entity in the space that I've seen because you are a native Mac desktop app. I believe your Mac only, but you seem to be Electron, so I could be way off base on that.Maciej: So, we're Linux as well right now and soon we'll be Windows as well. But yeah, so, right now is Mac OS and Linux. Yeah, that's correct. So, our approach is a little bit different.So, let me start by saying what's Cloudash? Like, Cloudash is a desktop app for, kind of, monitoring and troubleshooting serverless architectures services, like, serverless stuff in general. And the approach that we took is a little bit different because we are not web-based, we're desktop-based. And there's a couple of advantages of that approach. The first one is that, like, you don't need to share your data with us because we're not, kind of, downloading your metrics and logs to our back end and to process them, et cetera, et cetera. We are just using the credentials, the AWS profiles that you have defined on your computer, so nothing goes out of your AWS account.And I think this is, like, considering, like, from the security perspective, this is very crucial. You don't need to create a role that you give us access to or anything like that. You just use the stuff that you have on your desktop, and everything stays on your AWS account. So, nothing—we don't download it, we don't process it, we don't do anything from that. And that's one approach—well, that's the one advantage. The other advantage is, like, kind of, onboarding, as I kind of mentioned because we're using the AWS profiles that you have defined in your computer.Corey: Well, you're doing significantly more than that because I have a lot of different accounts configured different ways, and when I go to one of them that uses SSO, it automatically fires me off to the SSO login page if I haven't logged in that day for a 12 hour session—Maciej: Yes.Corey: —for things that have credentials stored locally, it uses those; and for things that are using role-chaining to use assuming roles from the things I have credentials for, and the things that I just do role assumption in, and it works flawlessly. It just works the way that most of my command-line tools do. I've never seen a desktop app that does this.Maciej: Yeah. So, we put a lot of effort into making sure that this works great because we know that, like, no one will use Cloudash if there's—like, not no one, but like, we're targeting, like, serverless teams, maybe, in enterprise companies, or serverless teams working on some startups. And in most cases, those teams or those engineers, they use SSO, or at least MFA, right? So, we have it covered. And as you said, like, it should be the onboarding part is really easy because you just pick your AWS profile, you just pick region, and just pick, right now, a CloudFormation stack because we get the information about your service based on CloudFormation stack. So yeah, we put a lot of effort in making sure that this works without any issues.Corey: There are some challenges to it that I saw while setting it up, and that's also sort of the nature of the fact you are, in fact, integrating with CloudWatch. For example, it's region specific. Well, what if I want to have an app that's multi-region? Well, you're going to have a bad time because doing [laugh] anything multi-region in AWS means you're going to have a bad time that gets particularly obnoxious and EC2 get to when you're doing something like Lambda@Edge, where, oh, where are the logs live; that's going to be in a CloudFront distribution in whatever region it winds up being accessed from. So, it comes down to what distribution endpoint or point of presence did that particular request go through, and it becomes this giant game of whack-a-mole. It's frustrating, and it's obnoxious, and it's also in no way your fault.Maciej: Yeah, I mean, we are at the beginning. Right now, it's the most straightforward, kind of pe—how people think about stacks of serverless. They're think in terms of regions because I think for us, regions, or replicated stacks, or things like that are not really popular yet. Maybe they will become—like, this is how AWS works as a whole, so it's not surprising that we're kind of following this path. I think my point is that our main goal, the ultimate goal, is to make monitoring, as I said, the troubleshooting serverless app as simple as possible.So, once we will hear from our customers, from our users that, “Hey, we would like to get a little bit better experience around regions,” we will definitely implement that because why not, right? And I think the whole point of Cloudash—and maybe we can go more deep into that later—is that we want to bring context into your metrics and logs. If you're seeing a, for example, X-Ray trace ID in your logs, you should be able with one click just see that the trace. It's not yet implemented in Cloudash, but we are having it in the backlog. But my point is that, like, there should be some journey when you're debugging stuff, and you shouldn't be just, like, left alone having, like, 20 tabs, Cloudash tabs open and trying to figure out where I was—like, where's the Lambda? Where's the API Gateway logs? Where are the CloudFront logs? And how I can kind of connect all of that? Because that's—it's an issue right now.Corey: Even what you've done so far is incredibly helpful compared to the baseline experience that folks will often have, where I can define a service that is comprised of a number of different functions—I have one set up right now that has seven functions in it—I grab any one of those things, and I can set how far the lookback is, when I look at that function, ranging from 5 minutes to 30 days. And it shows me at the top the metrics of invocations, the duration that the function runs for, and the number of errors. And then, in the same pane down below it, it shows the CloudWatch logs. So, “Oh, okay, great. I can drag and zoom into a specific timeframe, and I see just the things inside of that.”And I know this sounds like well, what's the hard part here? Yeah, except nothing else does it in an easy-to-use, discoverable way that just sort of hangs out here. Honestly, the biggest win for me is that I don't have to log in to the browser, navigate through some ridiculous other thing to track down what I'm talking about. It hangs out on my desktop all the time, and whether it's open or not, whenever I fire it up, it just works, basically, and I don't have to think about it. It reduces the friction from, “This thing is broken,” to, “Let me see what the logs say.”Very often I can go from not having it open at all to staring at the logs and having to wait a minute because there's some latency before the event happens and it hits CloudWatch logs itself. I'm pretty impressed with it, and I've been keeping an eye on what this thing is costing me. It is effectively nothing in terms of CloudWatch retrieval charges. Because it's not sitting there sucking all this data up all the time, for everything that's running. Like, we've all seen the monitoring system that winds up costing you more than it costs more than they charge you ancillary fees. This doesn't do that.I also—while we're talking about money, I want to make very clear—because disclaiming the direction the money flows in is always important—you haven't paid me a dime, ever, to my understanding. I am a paying customer at full price for this service, and I have been since I discovered it. And that is very much an intentional choice. You did not sponsor this podcast, you are not paying me to say nice things. We're talking because I legitimately adore this thing that you've built, and I want it to exist.Maciej: That's correct. And again, thank you for that. [laugh].Corey: It's true. You can buy my attention, but not my opinion. Now, to be clear, when I did that tweet thread, I did get the sense that this was something that you had built as sort of a side project, as a labor of love. It does not have VC behind it, of which I'm aware, and that's always going to, on some level, shade how I approach a service and how critical I'm going to be on it. Just because it's, yeah, if you've raised a couple 100 million dollars and your user experience is trash, I'm going to call that out.But if this is something where you just soft launched, yeah, I'm not going to be a jerk about weird usability bugs here. I might call it out as “Ooh, this is an area for improvement,” but not, “What jackwagon thought of this?” I am trying to be a kinder, gentler Corey in the new year. But at the same time, I also want to be very clear that there's room for improvement on everything. What surprised me the most about this is how well you nailed the user experience despite not having a full team of people doing UX research.Maciej: That was definitely a priority. So, maybe a little bit of history. So, I started working on Cloudash, I think it was April… 2019. I think? Yeah. It's 2021 right now. Or we're 2022. [unintelligible 00:11:33].Corey: Yeah. 2022, now. I—Maciej: I'm sorry. [laugh].Corey: —I've been screwing that up every time I write the dates myself, I'm with you.Maciej: [laugh]. Okay, so I started working on Cloudash, in 2020, April 2020.Corey: There we go.Maciej: So, after eight months, I released some beta, like, free; you could download it from GitHub. Like, you can still download on GitHub, but at that time, there was no license, you didn't have to buy a license to run it. So, it was, like, very early, like, 0.3 version that was working, but sort of, like, [unintelligible 00:12:00] working. There were some bugs.And that was the first time that I tweeted about it on Twitter. It gets some attention, but, like, some people started using it. I get some feedback, very initial feedback. And I was like, every time I open Cloudash, I get the sense that, like, this is useful. I'm talking about my own tool, but like, [laugh] that's the thing.So, further in the history. So, I'm kind of service engineer by my own. I am a software engineer, I started focusing on serverless, in, like, 2015, 2016. I was working for Serverless Inc. as an early employee.I was then working as an engineering manager for a couple of companies. I work as an engineering manager right now at Stedi; we're also, like, fully serverless. So I, kind of, trying to fix my own issues with serverless, or trying to improve the whole experience around serverless in AWS. So, that's the main purpose why we're building Cloudash: Because we want to improve the experience. And one use case I'm often mentioning is that, let's say that you're kind of on duty. Like, so in the middle of night PagerDuty is calling you, so you need to figure out what's going on with your Lambda or API Gateway.Corey: Yes. PagerDuty, the original [Call of Duty: Nagios 00:13:04]. “It's two in the morning; who is it?” “It's PagerDuty. Wake up, jackass.” Yeah. We all had those moments.Maciej: Exactly. So, the PagerDuty is calling you and you're, kind of, in the middle of night, you're not sure what's going on. So, the kind of thing that we want to optimize is from waking up into understanding what's going on with your serverless stuff should be minimized. And that's the purpose of Cloudash as well. So, you should just run one tool, and you should immediately see what's going on. And that's the purpose.And probably with one or two clicks, you should see the logs responsible, for example, in your Lambda. Again, like that's exactly what we want to cover, that was the initial thing that we want to cover, to kind of minimize the time you spent on troubleshooting serverless apps. Because as we all know, kind of, the longer it's down, the less money you make, et cetera, et cetera, et cetera.Corey: This episode is sponsored by our friends at Oracle Cloud. Counting the pennies, but still dreaming of deploying apps instead of "Hello, World" demos? Allow me to introduce you to Oracle's Always Free tier. It provides over 20 free services and infrastructure, networking, databases, observability, management, and security. And—let me be clear here—it's actually free. There's no surprise billing until you intentionally and proactively upgrade your account. This means you can provision a virtual machine instance or spin up an autonomous database that manages itself all while gaining the networking load, balancing and storage resources that somehow never quite make it into most free tiers needed to support the application that you want to build. With Always Free, you can do things like run small scale applications or do proof-of-concept testing without spending a dime. You know that I always like to put asterisks next to the word free. This is actually free, no asterisk. Start now. Visit snark.cloud/oci-free that's snark.cloud/oci-free.Corey: One of the things that I appreciate about this is that I have something like five different microservices now that power my newsletter production pipeline every week. And periodically, I'll make a change and something breaks because testing is something that I should really get around to one of these days, but when I'm the only customer, cool. Doesn't really matter until suddenly I'm trying to write something and it doesn't work. Great. Time to go diving in, and always I'm never in my best frame of mind for that because I'm thinking about writing for humans not writing for computers. And that becomes a challenge.And okay, how do I get to the figuring out exactly what is broken this time? Regression testing: It really should be a thing more than it has been for me.Maciej: You should write those tests. [laugh].Corey: Yeah. And then I fire this up, and okay, great. Which sub-service is it? Great. Okay, what happened in the last five minutes on that service? Oh, okay, it says it failed successfully in the logs. Okay, that's on me. I can't really blame you for that. But all right.And then it's a matter of adding more [print or 00:14:54] debug statements, and understanding what the hell is going on, mostly that I'm bad at programming. And then it just sort of works from there. It's a lot easier to, I guess, to reason about this from my perspective than it is to go through the CloudWatch dashboards, where it's okay, here's a whole bunch of metrics on different graphs, most of which you don't actually care about—as opposed to unified view that you offer—and then “Oh, you want to look at logs, that's a whole separate sub-service. That's a different service team, obviously, so go open that up in another browser.” And I'm sitting here going, “I don't know who designed this, but are there any windows in their house? My God.”It's just the saddest thing I can possibly experience when I'm in the middle of trying to troubleshoot. Let's be clear, when I'm troubleshooting, I am in no mood to be charitable to anyone or anything, so that's probably unfair to those teams. But by the same token, it's intensely frustrating when I keep smacking into limitations that get in my way while I'm just trying to get the thing up and running again.Maciej: As you mentioned about UX that, like, we've spent a lot of time thinking about the UX, trying different approaches, trying to understand which metrics are the most important. And as we all know, kind of, serverless simplifies a lot of stuff, and there's, like, way less metrics that you need to look into when something is happening, but we want to make sure that the stuff that we show—which is duration errors, and p95—are probably the most important in most cases, so like, covering most of this stuff. So sorry, I didn't mention that before; it was very important from the very beginning. And also, like, literally, I spent a lot of time, like, working on the colors, which sounds funny, [laugh] but I wanted to get them right. We're not yet working on dark mode, but maybe soon.Anyways, the visual part, it's always close to my heart, so we spent a lot of time going back to what just said. So, definitely the experience around using CloudWatch right now, and CloudWatch logs, CloudWatch metrics, is not really tailored for any specific use case because they have to be generic, right? Because AWS has, like, I don't know, like, 300, or whatever number of services, probably half of them producing logs—maybe not half, maybe—Corey: We shouldn't name a number because they'll release five more between now and when this publishes in 20 minutes.Maciej: [laugh]. So, CloudWatch has to be generic. What we want to do with Cloudash is to take those generic tools—because we use, of course, CloudWatch logs, CloudWatch metrics, we fetch data from them—but make the visual part more tailored for specific use case—in our case, it's the serverless use case—and make sure that it's really, kind of—it shows only the stuff that you need to see, not everything else. So again, like that's the main purpose. And then one more thing, we—like this is also some kind of measurement of success, we want to reduce number of tabs that you need to have open in your browser when you're dealing with CloudWatch. So, we tried to put most important stuff in one view so you don't need to flip between tabs, as you usually do when try to under some kind of broader scope, or broader context of your, you know, error in Lambda.Corey: What inspired you to do this as a desktop application? Because a lot of companies are doing similar things, as SaaS, as webapps. And I have to—as someone who yourself—you're a self-described serverless engineer—it seems to me that building a webapp is sort of like the common description use case of a lot of serverless stuff. And you're sitting here saying, “Nope, it's desktop app time.” Which again, I'm super glad you did. It's exactly what I was looking for. How do you get here?Maciej: I'd been thinking about both kinds of types of apps. So like, definitely webapp was the initial idea how to build something, it was the webapp. Because as you said, like, that's the default mode. Like, we are thinking webapp; like, let's build a webapp because I'm an engineer, right? There is some inspiration coming from Dynobase, which was made by a friend [unintelligible 00:18:55] who also lives in Poland—I didn't mention that; we're based in [Poznań 00:18:58], Poland.And when I started thinking about it, there's a lot of benefits of using this approach. The biggest benefit, as I mentioned, is security; and the second benefit is just most, like, cost-effective because we don't need to run in the backend, right? We don't need to download all your metrics, all your logs. We I think, like, let's think about it, like, from the perspective. Listen, so everyone in the company to start working, they have to download all of your stuff from your AWS account. Like, that sounds insane because you don't need all of that stuff elsewhere.Corey: Store multiple copies of it. Yeah I, generally when I'm looking at this, I care about the last five to ten minutes.Maciej: Exactly.Corey: I don't—Maciej: Exactly.Corey: —really care what happened three-and-a-half years ago on this function. Almost always. But occasionally I want to look back at, “Oh, this has been breaking. How long has it been that way?” But I already have that in the AWS environment unless I've done the right thing and turned on, you know, log expiry.Maciej: Exactly. So, this is a lot of, like, I don't want to be, like, you know, mean to anyone but like, that's a lot of waste. Like, that's a lot of waste of compute power because you need to download it; of cost because you need to get this data out of AWS, which you need to pay for, you know, get metric data and stuff like this. So, you need to—Corey: And almost all of its—what is it? Write once, read never. Because it's, you don't generally look at these things.Maciej: Yeah, yeah. Exactly.Corey: And so much of this, too, for every invocation I have, even though it's low traffic stuff, it's the start with a request ID and what version is running, it tells me ‘latest.' Helpful. A single line of comment in this case says ‘200.' Why it says that, I couldn't tell you. And then it says ‘End request ID.' The end.Now, there's no way to turn that off unless you disabled the ability to write to CloudWatch logs in the function, but ingest on that cost 50 cents a gigabyte, so okay, I guess that's AWS's money-making scam of the year. Good for them. But there's so much of that, it's like looking at—like, when things are working, it's like looking at a low traffic site that's behind a load balancer, where there's a whole—you have gigabytes, in some cases, of load balancer—of web server logs on the thing that's sitting in your auto-scaling group. And those logs are just load balancer health checks. 98% of it is just that.Same type of problem here, I don't care about that, I don't want to pay to store it, I certainly don't want to pay to store it twice. I get it, that makes an awful lot of sense. It also makes your security job a hell of a lot easier because you're not sitting on a whole bunch of confidential data from other people. Because, “Well, it's just logs. What could possibly be confidential in there?” “Oh, my sweet summer child, have you seen some of the crap people put in logs?”Maciej: I've seen many things in logs. I don't want to mention them. But anyways—and also, you know, like, usually when you gave access to your AWS account, it can ruin you. You know, like, there might be a lot of—like, you need to really trust the company to give access to your AWS account. Of course, in most cases, the roles are scoped to, you know, only CloudWatch stuff, actions, et cetera, et cetera, but you know, like, there are some situations in which something may not be properly provisioned. And then you give access to everything.Corey: And you can get an awful lot of data you wouldn't necessarily want out of that stuff. Give me just the PDF printout of last month's bill for a lot of environments, and I can tell you disturbing levels of detail about what your architecture is, just because when you—you can infer an awful lot.Maciej: Yeah.Corey: Yeah, I hear you. It makes your security story super straightforward.Maciej: Yeah, exactly. So, I think just repeat my, like, the some inspiration. And then when I started thinking about Cloudash, like, definitely one of the inspiration was Dynobase, from the, kind of, GUI for, like, more powerful UI for DynamoDB. So, if you're interested in that stuff, you can also check this out.Corey: Oh, yeah, I've been a big fan of that, too. That'll be a separate discussion on a different episode, for sure.Maciej: [laugh]. Yeah.Corey: But looking at all of this, looking at the approach of, the only real concern—well, not even a concern. The only real challenge I have with it for my use case is that when I'm on the road, the only thing that I bring with me for a computer is my iPad Pro. I'm not suggesting by any means that you should build this as a new an iPad app; that strikes me as, like, 15 levels of obnoxious. But it does mean that sometimes I still have to go diving into the CloudWatch console when I'm not home. Which, you know, without this, without Cloudash, that's what I was doing originally anyway.Maciej: You're the only person that requested that. And we will put that into backlog, and we will get to that at some point. [laugh].Corey: No, no, no. Smart question is to offer me a specific enterprise tier pricing—.Maciej: Oh, okay. [laugh].Corey: —that is eye-poppingly high. It's like, “Hey, if you want a subsidize feature development, we're thrilled to empower that.” But—Maciej: [laugh]. Yeah, yeah. To be honest, I like that would be hard to write [unintelligible 00:23:33] implement as iPad app, or iPhone app, or whatever because then, like, what's the story behind? Like, how can I get the credentials, right? It's not possible.Corey: Yeah, you'd have to have some fun with that. There are a couple of ways I can think of offhand, but then that turns into a sandboxing issue, and it becomes something where you have to store credentials locally, regardless, even if they're ephemeral. And that's not great. Maybe turn it into a webapp someday or something. Who knows.What I also appreciate is that we had a conversation when you first launched, and I wound up basically going on a Zoom call with you and more or less tearing apart everything you've built—and ideally constructive way—but looking at a lot of the things you've changed in your website, you listened to an awful lot of feedback. You doubled your pricing, for example. Used to be ten bucks a month; now you're twenty. Great. I'm a big believer in charging more.You absolutely add that kind of value because it's, “Well, twenty bucks a month for a desktop app. That sounds crappy.” It's, “Yeah, jackwagon, what's your time worth?” I was spending seven bucks a month in serverless charges, and 120 or 130 a month for Epsagon, and I was thrilled to pieces to be doing it because the value I got from being able to quickly diagnose what the hell was going on far outstripped what the actual cost of doing these things. Don't fall into the trap of assuming that well, I shouldn't pay for software. I can just do it myself. Your time is never free. People think it is, but it's not.Maciej: That's true. The original price of $9.99, I think that was the price was the launch promo. After some time, we've decided—and after adding more features: API Gateway support—we've decided that this is, like, solving way more problems, so like, you should probably pay a little bit more for that. But you're kind of lucky because you subscribed to it when it was 9.99, and this will be your kind of prize for the end of, you know—Corey: Well, I'm going to argue with you after the show to raise the price on mine, just because it's true. It's the—you want to support the things that you want to exist in the world. I also like the fact that you offered an annual plan because I will go weeks without ever opening the app. And that doesn't mean it isn't adding value. It's that oh, yeah, I will need that now that I'm hitting these issues again.And if I'm paying on a monthly basis, and it shows up with a, “Oh, you got charged again.” “Well, I didn't use it this month; I should cancel.” And [unintelligible 00:25:44] to an awful lot of subscriber churn. But in the course of a year, if I don't have at least one instance in which case, wow, that ten minute span justified the entire $200 annual price tag, then, yeah, you built the wrong thing or it's not for me, but I can think of three incidents so far since I started using it in the past four months that have led to that being worth everything you will charge me a year, and then some, just because it made it so clear what was breaking.Maciej: So, in that regard, we are also thinking about the team licenses, that's definitely on the roadmap. There will be some changes to that. And we definitely working on more and more features. And if we're—like, the roadmap is mostly about supporting more and more AWS services, so right now it's Lambda, API Gateway, we're definitely thinking about SQS, SNS, to get some sense how your messages are going through, probably something, like, DynamoDB metrics. And this is all kind of serverless, but why not going wider? Like, why not going to Fargate? Like, Fargate is theoretically serverless, but you know, like, it's serverless on—Corey: It's serverless with a giant asterisk next to it.Maciej: Yeah, [laugh] exactly. So, but why not? Like, it's exactly the same thing in terms of, there is some user flow, there is some user journey, when you want to debug something. You want to go from API Gateway, maybe to the container to see, I don't know, like, DynamoDB metric or something like that, so it should be all easy. And this is definitely something.Later, why not EC2 metrics? Like, it would be a little bit harder. But I'm just saying, like, first thing here is that you are not, like, at this point, we are serverless, but once we cover serverless, why not going wider? Why not supporting more and more services and just making sure that all those use cases are correctly modeled with the UI and UX, et cetera?Corey: That's going to be an interesting challenge, just because that feels like what a lot of the SaaS monitoring and observability tooling is done. And then you fire this thing up, and it looks an awful lot like the AWS console. And it's, “Yeah, I just want to look at this one application that doesn't use any of the rest of those things.” Again, I have full faith and confidence in your ability to pull this off. You clearly have done that well based upon what we've seen so far. I just wonder how you're going to wind up tackling that challenge when you get there.Maciej: And maybe not EC2. Maybe I went too far. [laugh].Corey: Yeah, honestly, even EC2-land, it feels like that is more or less a solved problem. If you want to treat it as a bunch of EC2, you can use Nagios. It's fine.Maciej: Yeah, totally.Corey: There are tools that have solved that problem. But not much that I've seen has solved the serverless piece the way that I want it solved. You have.Maciej: So, it's definitely a long road to make sure that the serverless—and by serverless, I mean serverless how AWS understands serverless, so including Fargate, for example. So, there's a lot of stuff that we can improve. It's a lot of stuff that can make easier with Cloudash than it is with CloudWatch, just staying inside serverless, it will take us a lot of time to make sure that is all correct. And correctly modeled, correctly designed, et cetera. So yeah, I went too far with EC2 sorry.Corey: Exactly. That's okay. We all go too far with EC2, I assure you.Maciej: Sorry everyone using EC2 instances. [laugh].Corey: If people want to kick the tires on it, where can they find it?Maciej: They can find it on cloudash.dev.Corey: One D in the middle. That one throws me sometimes.Maciej: One D. Actually, after talking to you, we have a double-D domain as well, so we can also try ‘Clouddash' with double-D. [laugh].Corey: Excellent, excellent. Okay, that is fantastic. Because I keep trying to put the double-D in when I'm typing it in my search tool on my desktop, and it doesn't show up. And it's like, “What the—oh, right.” But yeah, we'll get there one of these days.Maciej: Only the domain. It's only the domain. You will be redirected to single-D.Corey: Exactly.Maciej: [laugh].Corey: We'll have to expand later; I'll finance the feature request there. It'll go well. If people want to learn more about what you have to think about these things, where else can they find you?Maciej: On Twitter, and my Twitter handle is @mthenw. M-then-W, which is M-T-H—mthenw. And my co-founder @tlakomy. You can probably add that to [show notes 00:29:35]. [laugh].Corey: Oh, I certainly will. It's fine, yeah. Here's a whole bunch of letters. I hear you. My Twitter handle used to be my amateur radio callsign. It turns out most people don't think like that. And yeah, it's become an iterative learning process. Thank you so much for taking the time to speak with me today and for building this thing. I really appreciate both of them.Maciej: Thank you for having me here. I encourage everyone to visit cloudash.dev, if you have any feature requests, any questions just send us an email at hello@cloudash.dev, or just go to GitHub repository in the issues; just create an issue, describe what you want and we can talk about it.We are always happy to help. The main purpose, the ultimate goal of Cloudash is to make the serverless engineer's life easier, on very high level. And on a little bit lower level, just to make, you know, troubleshooting and debugging serverless apps easier.Corey: Well, from my perspective, you've succeeded.Maciej: Thank you.Corey: Thank you. Maciej Winnicki, founder of Cloudash. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment telling me exactly why I'm wrong for using an iPad do these things, but not being able to send it because you didn't find a good way to store the credentials.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Hey everyone. Welcome to a new year and I am excited to share with you the first episode of 2022! I have with me today Maria Gaspar, an interdisciplinary artist whose work addresses issues of spatial justice to amplify, mobilize, or divert structures of power through individual and collective gestures. Maria got her BFA from Pratt Institute, an MFA from the University of Illinois at Chicago, and is currently an Associate Professor at the School of the Art Institute of Chicago. I became aware of Maria's striking photographic pieces before realizing her large breadth of work that existed also in installation, sound, and performance. I enjoyed our conversation where we talked about going to art school as a first-generation immigrant, performance as practice, the invisibility of jails, guides that are generative as opposed to predictive, and re-imagining new and better worlds. As always, stay safe and healthy in this new year and I hope you enjoy this. Links Mentioned:* Maria's Website* Ernesto Pujol* Pedro Páramo by Juan Rulfo* National Museum of Mexican Art* Yvette Mayorga* Holland Cotter's El Museo Review* Jackie Sumell* Favianna Rodriguez* El SawyerFollow Seeing Color:* Seeing Color Website* Subscribe on Apple Podcasts* Facebook* Twitter* Instagram

There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into something effective for modern apps, whether they're on the web, mobile, or cloud? We'll talk about moving on from niche offerings into successful appsec programs. The FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security in mind, the Q4 2021 ThinkstScape quarterly, Salesforce to require MFA!   Show Notes: https://securityweekly.com/asw179 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

What does it look like to connect with the heart of Christ through prayer? How do we do that in our real lives? How do we talk with God instead of at God? To kick off this year, we're in a new series called Spiritual Health. In it we'll walk through five spiritual disciplines:  Studying the Bible with writer Amber Palmer was Episode #97 Praying to connect with the heart of Christ with Kimberly Coyle – that's today Celebrating Sabbath with author Mark Buchanan Imitating Christ as we suffer with author KJ Ramsey And hearing from God with author Jen Barnett In this conversation, Kimberly shares with us: A great prayer when you only have 5 minutes What's going on when we wonder if we're not hearing from God because we're not doing it “right” The role of emotions in our prayer life, And how she's retraining her brain. Key Quotes “We don't need to feel shame that we've prayed ‘wrong' or that we're not spending enough time in prayer.” - Writer Kimberly Coyle “Prayer is a much broader, more beautiful, more flowing experience than sitting down and having the formula or set time of day.”  - Writer Kimberly Coyle “Prayer is returning to center.”  - Writer Kimberly Coyle “Prayers become a habit of thought.”  - Writer Kimberly Coyle “Sometimes we can miss what the answered prayer really is because it doesn't look like we expect it.”  - Writer Kimberly Coyle “God is not afraid at all of our deep emotion.”  - Writer Kimberly Coyle “Where are my spiritual eyes going?”  - Writer Kimberly Coyle “Shake shame off.”  - Writer Kimberly Coyle “There is no right or wrong, where prayer is concerned.”  - Writer Kimberly Coyle Mentioned in the Podcast The FCC requires that I tell you that I'm an Amazon Affiliate, which means I earn a bit of commission on each sale. But don't worry there's no added cost to you! Centering Prayer App Ann Voskamp's One Thousand Gifts Subscribe to Jill's weekly “the good + the grace” email  About Kimberly Coyle Kimberly is a freelance writer with an MFA in Creative Non-Fiction, and the author of  Borrowed Words: A Collection of Seasonal Prayers. She writes for women who want to live a more attentive and meaningful life through the lens of faith, story, and art.  When not writing, she teaches college writing at Fairleigh Dickinson University in New Jersey.  Here's how to connect with Kimberly Website Instagram Kimberly Coyle's Borrowed Words Here's how to connect with Jill Website  GraceInRealLifePodcast.com  Instagram  Facebook group  Facebook page Subscribe to Jill's weekly “the good + the grace” email 

Allie Rowbottom is today's guest! Allie is the author of the New York Times Editors' Choice memoir Jell-O Girls (Little Brown) and the upcoming novel Aesthetica (SoHo Press). Allie's writing has appeared in Vanity Fair, Salon, Lit Hub, No Tokens, NY Tyrant, The Drunken Canal, Bitch, and elsewhere. She has a PhD in literature and creative writing from the University of Houston and an MFA from the California Institute of the Arts and has taught fiction and non-fiction at the University of Houston, CalArts, and Catapult. In this episode, we discuss her upcoming book at length, explore the depths of Instagram and influencer culture, and Allie gives us invaluable lessons on incorporating the language of the social media into our work. Thrilled to have Allie on the show. Follow her on Twitter and Instagram and keep your eyes out for Aesthetica, coming soon. If you like the show, please leave me a REVIEW on Apple Podcasts and/or support us on Patreon. Music by @SighPilot

Allie Rowbottom is today's guest! Allie is the author of the New York Times Editors' Choice memoir Jell-O Girls (Little Brown) and the upcoming novel Aesthetica (SoHo Press). Allie's writing has appeared in Vanity Fair, Salon, Lit Hub, No Tokens, NY Tyrant, The Drunken Canal, Bitch, and elsewhere. She has a PhD in literature and creative writing from the University of Houston and an MFA from the California Institute of the Arts and has taught fiction and non-fiction at the University of Houston, CalArts, and Catapult. In this episode, we discuss her upcoming book at length, explore the depths of Instagram and influencer culture, and Allie gives us invaluable lessons on incorporating the language of the social media into our work. Thrilled to have Allie on the show. Follow her on Twitter and Instagram and keep your eyes out for Aesthetica, coming soon. If you like the show, please leave me a REVIEW on Apple Podcasts and/or support us on Patreon. Music by @SighPilot

It's the start of a brand new calendar year! And therefore it's time to engage in that annual ritual of planning to do better this year by making our list of New Year's Resolutions. To help you with the cybersecurity and privacy items on your list (an area where we all need major improvement), I will share with you my personal list of cyber goals for 2022. Yes, even security advocates can suffer from the "do as I say, not as I do" syndrome. We're all human, and there are plenty of things that I still need to get done - things that you probably need to do, too. I'll also catch you up on the latest security and privacy news: several articles popped up about a supposed data breach at LastPass that turned out to be incorrect; the US Federal Trade Commission is getting very serious about fining companies with lax cybersecurity practices in light of the Log4J/Log4Shell nightmare; clever scammers in Texas are tricking motorists into paying the wrong people for parking; Norton 360 and other antivirus software packages have started pre-installing cryptocurrency mining software on their customers' computers; TurboTax is the second major tax-filing software service to drop out of the federal Free File program; Google's adoption of the Manifest V3 specification gives users yet another reason not to use their Chrome browser; and a lawsuit in California alleges that Google's exclusive search engine deal with Apple is stifling competition and harming consumers. Article Links LastPass says there's no data breach, so your passwords were not hacked https://bgr.com/tech/lastpass-says-theres-no-data-breach-so-your-passwords-were-not-hacked/?bgr-partner=flipboard FTC to Go After Companies that Ignore Log4j https://threatpost.com/ftc-pursue-companies-log4j/177368/ QR code scammers hitting on-street parking in Texas cities https://www.click2houston.com/news/local/2022/01/05/qr-code-scammers-hitting-on-street-parking-in-texas-cities-this-is-what-houston-officials-want-you-to-know/ Norton 360 Now Comes With a Cryptominer https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/ 500M Avira Antivirus Users Introduced to Cryptomining https://krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/ Want to file your tax return for free? TurboTax opts out of major program https://www.freep.com/story/money/personal-finance/susan-tompor/2022/01/05/how-file-your-tax-return-free-turbotax/9077019002/ Podcast on Free File report from Pro Publica: https://podcast.firewallsdontstopdragons.com/2020/01/13/why-free-file-isnt-free/ Google makes the perfect case for why you shouldn't use Chrome https://www.techrepublic.com/article/google-makes-the-perfect-case-for-why-you-shouldnt-use-chrome/ Google Basically Pays Apple to Stay Out of the Search Engine Business, Class Action Lawsuit Alleges https://www.macrumors.com/2022/01/05/google-pays-apple-stay-out-of-search/ Betty White on MFA: https://www.youtube.com/watch?v=DmIDtDAYTPA  Further Info Annual listener survey: https://bit.ly/Firewalls-survey-2022Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/or privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

“You know, there's something that we don't talk about, which I think is like the underside of success and ambition, which is that for every step that we take towards something, it's a step away from something. And the more that we have these rarefied experiences, the more isolating they can be…” Olga Dies Dreaming is one of 2022's most anticipated debuts and our January Discover pick; Xochitl Gonzales joins us on the show to talk about her fabulous new novel and unforgettable protagonist, what it means to be part of a community (or leave one behind), heading to the Iowa Writers Workshop and earning an MFA in her forties, the books and writers who inspire her, and more. Featured books: Olga Dies Dreaming by Xochitl Gonzales, The House on Mango Street by Sandra Cisneros, One Hundred Years of Solitude by Gabriel Garcia Marquez, The World According to Garp by John Irving, and Fortress of Solitude by Jonathan Lethem. Poured Over is produced and hosted by Miwa Messer and engineered by Harry Liang. Follow us here for new episodes Tuesdays and Thursdays (with occasional bonus episode Saturdays).   New episodes of Poured Over land Tuesdays and Thursdays (with occasional bonus eps on Saturdays) on Apple Podcasts, Spotify, Stitcher and wherever you listen to podcasts.

#PodcastersForJustice Critically-acclaimed debut author, Jean Chen Ho, spoke to me about the art of non-linear storytelling, the shifting POVs in her novel Fiona and Jane, and the value of a strong writing community. Jean was born in Taiwan and grew up in Southern California. She is a doctoral candidate in creative writing and literature at the University of Southern California – where she is a Dornsife Fellow in fiction – and has an MFA from UNLV. Her much-anticipated debut novel is a collection of linked stories titled Fiona and Jane. Booklist called it "tender and timeless," a book that "...explores the intimate facets of female friendship, Asian American immigrant experiences in Los Angeles and New York, and the debilitating power of family traumas.” Bestselling author Alexander Chee wrote, “Fiona and Jane is a high wire act. . . .Jean Chen Ho's brilliant debut is as assured as what must surely follow.” And Pulitzer Prize-winning author Viet Thanh Nguyen, called it, “A knockout of a book.” Jean's writing has also been published in The Georgia Review, GQ, Harper's Bazaar, Guernica, The Rumpus, Apogee, McSweeney's Internet Tendency, and others. Stay calm and write on ... Discover The Writer Files Extra You can now have The Writer Files podcast dropped right into your email inbox every time there's a new show. No more shaking your podcast app! As a subscriber, Kelton will send you added insights, links to TWF merch (like "Stay Calm and Write On" coffee mugs anyone?), curated collections of shows like The Publishing Series and The Writer's Brain, updates, and occasional special offers. Learn more at the link below and take our AuthorPods podcasting course survey. Get 'The Writer Files' Podcast Delivered Straight to Your Inbox If you're a fan of The Writer Files, please "Follow" us to automatically see new interviews In this file Jean Chen Ho and I discussed: Why writers shouldn't pick up their phones until noon The rigors and routines of editing How going to Happy Hour and talking about writing ... counts as writing! The loneliness of being a writer Deadlines, accountability, the importance of writing groups And a lot more! Show Notes: Jean-Chen-Ho.com Fiona and Jane by Jean Chen Ho Jean Chen Ho on Instagram Jean Chen Ho on Twitter Kelton Reid on Twitter

Today on the show we have Oscar® and two-time Emmy® Nominee Simon Kinberg. He has established himself as one of Hollywood's most prolific filmmakers, having written and produced projects for some of the most successful franchises in the modern era. His films have earned more than seven billion dollars worldwide.  Kinberg graduated from Brown University and received his MFA from Columbia University Film School, where his thesis project was the original script, “Mr and Mrs Smith.” The film was released in 2005, starring Brad Pitt and Angelina Jolie. Upcoming, Kinberg will premiere his action spy film “The 355”, which will be released theatrically by Universal on January 7, 2022. Directed, co-written and produced by Kinberg, the film was one of the biggest deals out of the 2018 Cannes Film Festival and stars an ensemble of A-list actresses including Jessica Chastain, Lupita Nyong'o, Penelope Cruz, Diane Kruger and Fan Bingbing. A dream team of formidable female stars come together in a hard-driving original approach to the globe-trotting espionage genre in The 355.When a top-secret weapon falls into mercenary hands, wild card CIA agent Mason “Mace” Brown (Oscar®-nominated actress Jessica Chastain) will need to join forces with rival badass German agent Marie (Diane Kruger, In the Fade), former MI6 ally and cutting-edge computer specialist Khadijah (Oscar® winner Lupita Nyong'o), and skilled Colombian psychologist Graciela (Oscar® winner Penélope Cruz) on a lethal, breakneck mission to retrieve it, while also staying one-step ahead of a mysterious woman, Lin Mi Sheng (Bingbing Fan, X-Men: Days of Future Past), who is tracking their every move.As the action rockets around the globe from the cafes of Paris to the markets of Morocco to the opulent auction houses of Shanghai, the quartet of women will forge a tenuous loyalty that could protect the world—or get them killed. The film also stars Édgar Ramirez (The Girl on the Train) and Sebastian Stan (Avengers: Endgame).The 355 is directed by genre-defying filmmaker Simon Kinberg (writer-director-producer of Dark Phoenix, producer of Deadpool and The Martian and writer-producer of the X-Men films). The screenplay is by Theresa Rebeck (NBC's Smash, Trouble) and Kinberg, from a story by Rebeck.The 355, presented by Universal Pictures in association with FilmNation Entertainment, is produced by Chastain and Kelly Carmichael for Chastain's Freckle Films and by Kinberg for his Kinberg Genre Films. The film is executive produced by Richard Hewitt (Bohemian Rhapsody), Esmond Ren (Chinese Zodiac) and Wang Rui Huan.His original series “Invasion” premiered on Apple TV+ on October 22nd. He co-created the show with David Weil, serves as Executive Producer, and wrote or co-wrote 9 of its first 10 episodes. It is considered one of Apple's most ambitious series to date as it was filmed on 4 different continents. The show has already been renewed for a second season, which Kinberg is show running and Executive Producing again. He is also the Executive Producer of the upcoming show “Moonfall” for Amazon. Also upcoming, Kinberg produced the sequel to "Murder on the Orient Express,” “Death on The Nile,” directed by Kenneth Branagh and starring Gal Gadot, Armie Hammer, Annette Bening and another all-star cast.Additionally, he is producing several projects for Netflix including “Lift” starring Kevin Hart with director F. Gary Gray, his original script "Here Comes the Flood" with Jason Bateman directing, "Endurance" with Camille Griffin directing, and “Pyros” with Reese Witherspoon starring and producing. Kinberg's latest spec “Wayland” will also begin production next year for Lionsgate, with Michael Showalter directing, and Jessica Chastain producing alongside Kinberg Kinberg will also be producing “The Running Man” at Paramount Pictures to be directed by Edgar Wright, “Artemis” to be directed by Oscar winners Chris Miller and Phil Lord and based on a book by the writer of “The Martian”, the remake of “The Dirty Dozen” at Warner Brothers with David Ayer writing and directing, “Starlight” at 20th Century Studios to be written and directed by Joe Cornish, “Death Notification Agency” at Amazon based on the novel of the same name, “Karma” at Sony Pictures, “Chairman Spaceman” at Fox Searchlight, to be directed by Oscar Winner Andrew Stanton, and an Untitled Action-Romance starring Idris Elba at Apple. Following almost a decade's worth of Marvel films, Kinberg will also write and produce “Battlestar Galactica” for Universal which will be his latest franchise universe. In 2006, he wrote “X-Men: The Last Stand,” which opened on Memorial Day to box office records and began his ongoing relationship with the franchise. In 2008, Kinberg wrote and produced Doug Liman's film “Jumper” for 20th Century Fox. In 2009, Kinberg co-wrote the film “Sherlock Holmes” starring Robert Downey Jr, directed by Guy Ritchie. The film received a Golden Globe for Best Actor and was nominated for two Academy Awards. In 2010, Kinberg established his production company Genre Films, with a first look deal at 20th Century Fox. Under this banner, he produced “X-Men: First Class,” executive produced “Abraham Lincoln: Vampire Hunter” and wrote and produced “This Means War.” In 2013, Kinberg produced “Elysium," which starred Matt Damon and Jodie Foster, directed by Neill Blomkamp. On Memorial Day of 2014, Fox released “X-Men: Days of Future Past," which Kinberg wrote and produced. The film opened number one at the box office, received critical acclaim and went on to gross more than $740 million worldwide. In 2015, Kinberg had four films in release. He re-teamed with Neill Blomkamp to produce “Chappie,” starring Hugh Jackman and Sharlto Copley. Kinberg produced Disney's Academy Award-nominated film “Cinderella," starring Cate Blanchett and directed by Kenneth Branagh.In addition, Kinberg was the co-writer and producer of “The Fantastic Four.” His final film of the year was “The Martian,” which he produced. The film, directed by Ridley Scott and starring Matt Damon, grossed more than $630 million worldwide, won two Golden Globes (including Best Picture) and was nominated for seven Academy Awards (including Best Picture). In 2016, Kinberg produced “Deadpool,” starring Ryan Reynolds. The film broke international and domestic records for box office, including becoming the highest-grossing R-rated film of all time globally. It went on to win two Critics Choice Awards (including Best Picture - Comedy) and receive two Golden Globe nominations (including Best Picture), a WGA nomination and a PGA nomination for Best Picture. That year, Kinberg also wrote and produced “X-Men: Apocalypse.” In 2017, he produced “Logan,” the final installment of the Wolverine franchise with Hugh Jackman. It was selected as the closing film of the Berlin Film Festival and opened #1 at the box office. It was named one of the ten best films of the year from the National Board of Review, garnered three Critics Choice Nominations and an Academy Award Nomination.Kinberg was also a producer on “Murder on the Orient Express,” directed by Kenneth Branagh, with Branagh starring alongside Johnny Depp, Michelle Pfeiffer, Penelope Cruz, Daisy Ridley, Judi Dench, and others. In 2018, Kinberg produced “Deadpool 2,” which matched the success of the first film. It was Kinberg's fourteenth film to open number one at the box office. In 2019, Kinberg made his directorial debut with “X-Men: Dark Phoenix,” which was released June 7. The film once again starred Jennifer Lawrence, Michael Fassbender, James McAvoy, Nicholas Hoult, Sophie Turner, with new addition Jessica Chastain. In television, he was the executive producer of “Designated Survivor,” starring Kiefer Sutherland on ABC and Netflix. He was also the executive producer of “Legion,” “Gifted,” and executive producer and co-creator with Jordan Peele of the remake of “The Twilight Zone” on CBS All Access.  Kinberg has served as a consultant on “Star Wars: Episode VII” and “Rogue One," and he was the creator and executive producer of the animated show “Star Wars: Rebels” on Disney networks. You can also watch Simon's Screenwriting Masterclass on The Dialogue Series on Indie Film Hustle TV.The Dialogue: Learning From the Masters is a groundbreaking interview series that goes behind the scenes of the fascinating craft of screenwriting. In these 70-90 minute in-depth discussions, more than two-dozen of today's most successful screenwriters share their work habits, methods, and inspirations, secrets of the trade, business advice, and eye-opening stories from life in the trenches of the film industry. Each screenwriter discusses his or her filmography in great detail and breaks down the mechanics of one favorite scene from their produced work.Needless to say this is one heck of an episode. Enjoy my conversation with Simon Kinberg.

Wil Haygood is the author of nine books. His latest is Colorization: 100 Years of Black Films in a White World (Knopf, 2021). This conversation was part of a live series for Goucher College's MFA in Creative Nonfiction. Sponsor: West Virginia Wesleyan College's MFA in Creative Writing. Support: Patreon.com/cnfpod Social Media: @CNFPod Show notes and newsletter: brendanomeara.com

Kurt Kauper was born in Indianapolis, Indiana in 1966, and raised in a suburb of Boston, Massachusetts. He received his BFA from Boston University in 1988, and his MFA from UCLA in 1995. He has lived in New York City for the past 20 years. His figure paintings of historical and imagined people tend to leave expectations unfulfilled, and elude simple categorization. In contradistinction to his clear and precise articulations of form, Kauper's content is characterized by indeterminacy, unintentionality, ambiguity, fluidity, destabilization, strangeness, amorality, uselessness, and neutrality. He's had solo shows at ACME Gallery in Los Angeles, Deitch Projects in New York City, and Almine Rech Gallery, New York. He has been included in numerous group exhibitions both in the United States and Europe, including venues such as the Whitney Museum of American Art in New York, The Pompidou Center in Paris, the Kunsthalle Vienna, and the Stedelijk Museum in Gent. He has received numerous awards, including grants from the Elizabeth Greenshields Foundation, the Louis Comfort Tiffany Foundation, and the Pollock Krasner Foundation. His work is included in the collections of The Museum of Modern Art, New York, The Whitney Museum of American Art, The Hammer Museum, The Oakland Museum of Art, the Weatherspoon Museum, and the Yale University Art Gallery. He has taught at The School of the Museum of Fine Arts, Boston, Yale University, Princeton University, and the New York Academy of Art. He is currently a Professor of Art at Queens College in New York City.

Today is our first episode of Cultivating Happier Dancers. Michelle Loucadoux-Fraser and Kristin Deiss join Susanne Puerschel. Michelle is one of the weird multi-hyphenates in the world of dance. She's been a ballet dancer, a musical theater dancer, an educator, a writer, and now she's doing a lot of things with Danscend. She started out as a ballet dancer and then moved through to the musical theater world for almost a decade and has been teaching dancers for almost 30 years. Kristin is a dancer, choreographer, and educator who grew up in Philadelphia, PA where she first received her dance training at the Rock School of the Pennsylvania Ballet before attending both the School of American Ballet as well as the Miami City Ballet School.  After a year-long struggle with Juvenile Rheumatoid Arthritis, Kristin left the ballet barre behind to pursue another path, but ultimately returned to the world she loved.  Kristin holds a BA in History from Drew University, an MA in History from UNC Chapel Hill, and an MFA in Dance Performance and Choreography from Tisch School of the Arts at NYU.  She has performed with companies such as Cherylyn Lavagnino Dance, the LA Philharmonic, and Jessica Kondrath | The Movement, as well as presented choreographic work in festivals throughout the country.  Kristin is also a certified yoga teacher through the Mind Body Dancer program, a Reiki Master, and an Integrated Energy Practitioner.  She is currently the Chair of the Commercial Dance Department at Hussian College Los Angeles. In today's episode, Kristin and Michelle join Susanne to discuss the goal of Cultivating Happier Dancers. They discuss mental wellness of dancers and why it's important to collaborate. They discuss the dynamics in the dance studio and its impact on both the educators and their students. Michelle shares her experiences with toxic environment in the dance studio during their upbringing and the fear, disrespect, and demoralization she faced. Kristin details three aspects that we can utilize to make sure that our dance studio dynamics are in the best interest of educators and dancers. Other topics include: How to make a dance studio really supportive Dynamics analysis in dance and music The need for dance educators to bring positive energy Awareness of our own energy Our educators understanding their importance Self-reflection, self-care, and check-ins Digging into our belief systems Setting boundaries Thank you for listening, So much ♥, Michelle, Susanne & Kristin Give away click me! Important Links to Danscend: Instagram Website Facebook Twitter Linkedin Pointe To Rise links below: Facebook Instagram Website SMS Pointe To Rise –  +1 (310) 349-3873 We would love to hear your thoughts so please go leave a review or come join us in the Pointe To Rise Community here on Instagram |  Facebook

In today's Books with Hooks, guest agent Veronia Park joins us from Fuse Literary to discuss Joanne's and Gaylen's submissions with them. In the segment, Veronica chats about straddling the line between two age categories; knowing, with MG fiction, who your target parents and teachers are because they're the ones who're going to be putting your book in their children's hands; writing a dual-POV query letter for a dual-POV novel; letting your characters lie a little, or hold back truths, especially in the beginning; and including the first few pages of each POV character in a dual-POV situation.After which, Bianca chats with the amazing Tomi Adeyemi, #1 NYT bestselling and award-winning author of Children of Blood and Bone and Children of Virtue and Vengeance about working through rejection to use the feedback you're given; making the most of opportunities like Pitch Wars; reading new releases in your genre so you know what's currently doing well; knowing when to give up on a project and move on; getting validation from yourself rather than external sources; how to be inspired rather than intimidated by great work; why trying and failing isn't a bad thing; and how rejected books can act as your MFA. Tomi also discusses her amazing writer's masterclass called The Writer's Roadmap.  Find us on our socials: Twitter: @SNOTYAW @BiancaM_author @carlywatters @ceciliaclyra Instagram: @biancamarais_author @carlywatters @cece_lyra_agent @ the_shit_about_writingFacebook: @tsnotyawWebsite: www.biancamarais.comVeronica Park on Twitter: @veroniKaboomFuse Literary on Twitter: @FuseLiterarywww.fuseliterary.comJoanne on Twitter: @JoanneKelleGaylen on Twitter: @gaylenjoyTomi Adeyemi on Twitter: @tomi_adeyemiTomi on Instagram: @tomiadeyemihttps://www.thewritersroadmap.net/

Xochitl Gonzalez received her MFA from the Iowa Writers' Workshop. Prior to writing, she wore many hats, including entrepreneur, wedding planner, fundraiser and tarot card reader. She is a proud alumna of the New York City public school system and holds a BA in art history and visual art from Brown University. She lives in her hometown of Brooklyn with her dog, Hectah Lavoe. Olga Dies Dreaming is her debut novel. This episode is brought to you by the House of Chanel, celebrating 100 years of Chanel No. 5. Learn more about your ad choices. Visit megaphone.fm/adchoices

[This interview was conducted online so there may be some audio variation.] Jenn speaks with debut author of the novel Brown Girls, Daphne Palasi Andreades about selling (and pubbing) a book during a pandemic, her MFA experience as a BIPOC, and tackling "unconventional" narratives in her novel.  [Transcript of this episode can be found on the Episodes page of the podcast Tumblr. You can sign up for the MiP monthly newsletter with job listings, guest news, and new eps here.]

The podcast team is on vacation (re: staycation)! Enjoy one of our favorite episodes from the earliest days of the show. Regular programming will resume in two weeks. Can writing be a form of protest? And if so, is there room for hope? Jared sits down with Marcus Jamison of the University of South Carolina to talk about Confederate monuments and economic justice, as well as finding solace in writing and crafting poetry after our literary heroes. Marcus Jamison is a poet and scholar from Hamlet, North Carolina. He is in his final year as an MFA candidate in poetry at the University of South Carolina, where he served as a senior editor for Yemassee Journal. His poems have appeared in Barely South Review and Quarterly West, as the 2017 winner of an AWP Intro Journals Award. He has also been a finalist for the Scotti Merrill Award and for 92Y's Discovery Poetry Contest. A fellow of The Watering Hole, he is also an avid fiction and nonfiction writer. He can be found on Twitter @theRarePoet. BE PART OF THE SHOW — Leave a rating and review on Apple Podcasts, Podchaser, or Podcast Addict. — Submit an episode request. If there's a program you'd like to learn more about, contact us and we'll do our very best to find a guest who can speak to their experience. STAY CONNECTED Twitter: @MFAwriterspod Instagram: @MFAwriterspodcast Facebook: MFA Writers Email: mfawriterspodcast@gmail.com

About EllEll, former SysAdmin, cloud builder, podcaster, and container advocate, has always been a security enthusiast. This enthusiasm and driven curiosity have helped her become an active member of the InfoSec community, leading her to explore the exciting world of Genetic Software Mapping at Intezer.Links: Intezer: https://www.intezer.com Twitter: https://twitter.com/Ell_o_Punk TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: It seems like there is a new security breach every day. Are you confident that an old SSH key, or a shared admin account, isn't going to come back and bite you? If not, check out Teleport. Teleport is the easiest, most secure way to access all of your infrastructure. The open source Teleport Access Plane consolidates everything you need for secure access to your Linux and Windows servers—and I assure you there is no third option there. Kubernetes clusters, databases, and internal applications like AWS Management Console, Yankins, GitLab, Grafana, Jupyter Notebooks, and more. Teleport's unique approach is not only more secure, it also improves developer productivity. To learn more visit: goteleport.com. And not, that is not me telling you to go away, it is: goteleport.com.Corey: This episode is sponsored by our friends at Oracle Cloud. Counting the pennies, but still dreaming of deploying apps instead of "Hello, World" demos? Allow me to introduce you to Oracle's Always Free tier. It provides over 20 free services and infrastructure, networking, databases, observability, management, and security. And—let me be clear here—it's actually free. There's no surprise billing until you intentionally and proactively upgrade your account. This means you can provision a virtual machine instance or spin up an autonomous database that manages itself all while gaining the networking load, balancing and storage resources that somehow never quite make it into most free tiers needed to support the application that you want to build. With Always Free, you can do things like run small scale applications or do proof-of-concept testing without spending a dime. You know that I always like to put asterisks next to the word free. This is actually free, no asterisk. Start now. Visit snark.cloud/oci-free that's snark.cloud/oci-free.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. If there's one thing we love doing in the world of cloud, it's forgetting security until the very end, going back and bolting it on as if we intended to do it that way all along. That's why AWS says security is job zero because they didn't want to remember all of their slides once they realized they forgot security. Here to talk with me about that today is Ell Marquez, security research advocate at Intezer. Ell, thank you for joining me.Ell: Of course.Corey: So, what does a security research advocate do, for lack of a better question, I suppose? Because honestly, you look at that, it's like, security research advocate, it seems, would advocate for doing security research. That seems like a good thing to do. I agree, but there's probably a bit more nuance to it, then I can pick up just by the [unintelligible 00:01:17] reading of the title.Ell: You know, we have all of these white papers that you end up getting, the pen test reports that are dropped on your desk that nobody ever gets to, they become low priority, my job is to actually advocate that you do something with the information that you get. And part of that just involves translating that into plain English, so anyone can go with it.Corey: I've got to say, if you want to give the secrets of the universe and make sure that no one ever reads them, make sure that it has a whole bunch of academic-style citations at the beginning, and ideally put it behind some academic paywall, and it feels like people will claim to have read it but never actually read the thing.Ell: Don't forget charts.Corey: Oh yes, with the charts. In varying shades of blue. Apparently that's the only color you're allowed to do some of these charts in; despite having a full universe of color palettes out there, we're just going to put it in varying shades of corporate blue and hope that people read it.Ell: Yep, that sounds about security there. [laugh].Corey: So, how much of, I guess, modern security research these days is coming out of academia versus coming out of industry?Ell: In my experience in, you know, research I've done in researching researchers, it all really revolves around actual practitioners these days, people who are on the front lines, you know, monitoring their honey pots, and actually reporting back on what they're seeing, not just theoretical.Corey: Which I guess brings us to the question of, I wind up watching all of the keynotes that all the big cloud providers put on and they simultaneously pat me on the head and tell me that their side of security is just fine with their shared responsibility model and the rest, whereas all of the breaches I'm ever going to deal with and the only way anyone can ever see my data is if I make a mistake in configuring something. And honestly, does that really sound like something I would do? Probably not, but let's face it, they claim that they are more or less infallible. How accurate is that?Ell: I wish that I could find the original person that said this, but I've heard it so many times. And it's actually the ‘cloud irresponsibility model.' We have this blind faith that if we're paying somebody for it, it's going to be done correctly. I think you may have seen this with billing. How many people are paying for redundant security services with a cloud provider?Corey: I've once—well, more than once have noticed that if you were to configure every AWS security service that they have and enable it in your account, that the resulting bill would be larger than the cost of the data breach it was preventing. So, on some level, there is a point at which it just becomes ridiculous and it's not necessarily worth pursuing further. I honestly used to think that the shared responsibility model story was a sales pitch, and then I grew ever more cynical. And now my position on it is that it's because if you get breached, it's your fault is what they're trying to say. But if you say it outright to someone who just got breached, they're probably not going to give you money anymore. So, you need to wrap that in this whole involved 45-minute presentation with slides, and charts, and images and the rest because people can't refute one of those quite the way that they can a—it's in a tweet sentence of, “It's your fault.”Ell: I kind of have to agree with them in the end that it is your fault. Like, the buck stops with you, regardless. You are the one that chose to trust that cloud provider was going to do everything because your security team might make a mistake, but the cloud provider is made up of humans as well who can make just as many mistakes. At the end of the day, I don't care what cloud provider you used; I care that my data was compromised.Corey: One of the things that irks me the most is when I read about a data breach from a vendor that I had either trusted knowingly with my data or worse, never trusted but they somehow scraped it somewhere and then lost it, and they said, “Oh, a third-party contractor that we hired.” It's, “Yeah, look, I'm doing business with you, ideally, not the people that you choose to do business with in turn. I didn't select that contractor. You did, you can pass out the work and delegate that. You cannot delegate the responsibility.” So no, Verizon, when you talk about having a third-party contractor have a data breach of customer data, you lost the data by not vetting your contractors appropriately.Ell: Let's go back in time to hopefully something everybody remembers: Target. Target being compromised because of their HVAC provider. Yet how many people—you know this is being recorded in the holiday season—are still shopping at Target right now? I don't know if people forget or they just don't care.Corey: A year later, their stock price was higher than it was before the breach. Sure they had a complete turnover of their C-suite at that point; their CSO and CEO were forced out as a result, but life went on. And they continue to remain a going concern despite quite literally having a bull's eye painted on the building. You'd think that would be a metaphor for security issues. But no, no, that is something they actually do.Ell: You know, when you talk about, you know, the CEO being let go or, you know, being run out, but what part did he honestly have to do with it? They're talking about, oh, well, they made the decisions and they were responsible. What because they got that, you know, list of just 8000 papers with the charts on it?Corey: As I take a look at a lot of the previous issues that we've seen with I've been doing my whole S3 Bucket Negligence Awards for a while, but once I actually had a bucket engraved and sent to a company years ago, the Pokémon Company, based upon a story that I read in the Wall Street Journal, how they declined to do business with a prospective vendor because going through their onboarding process, they noticed among other things, insufficient security controls around a whole bunch of things including S3 buckets, and it's holy crap, a company actually making a meaningful decision based upon security. And say what you will about the Pokémon Company, their audience is—at least theoretically—children and occasionally adults who believe they're children—great, not here to shame—but they understand that this is not something you can afford to be lax in and they kiboshed the entire deal. They didn't name the vendor, obviously, but that really took me aback. It was such a rarity to see that, and it's why I unfortunately haven't had to make a bucket like that since. I wish I did. I wish more companies did things like this. But no it's just a matter of, well, we claim to do the right thing, and we checked all the boxes and called it good, and oops, these things happen.Ell: Yes, but even when it goes that way, who actually remembers what happened, and did you ever follow up if there were any consequences to not going, “Okay, third-party. You screwed up, we're out. We're not using you.” I can't name a single time that happened.Corey: Over at The Duckbill Group, we have large enterprise customers. We have to be respectful and careful with their data, let's be very clear here. We have all of their AWS billing data going back for some fixed period of time. And it worries me what happens if that data gets breached. Now, sure, I've done the standard PR crisis comms thing, I have statements and actions prepared to go in the event that it happens, but I'm also taking great pains to make sure it doesn't.It's the idea of okay, let's make sure that we wind up keeping these things not just distinct from the outside world, but distinct from individual clients so we're not mixing and matching any of this stuff. It's one of those areas where if we wind up having a breach, it's not because we didn't follow the baseline building blocks of doing this right. It's something that goes far beyond what we would typically expect to see in an environment like this. This, of course, sets aside the fact that while a breach like that would be embarrassing, it isn't actually material to anyone's business. This is not to say that I'm not taking it seriously because we have contractual provisions that we will not disclose a lot of this stuff, but it does not mean the end of someone's business if this stuff were to go public in the same way that, for example, back when I worked at Grindr many years ago, in the event that someone's data had been leaked there, people could theoretically been killed. There's a spectrum of consequences here, but it still seems like you just do the basic block-and-tackling to make sure that this stuff isn't publicly exposed, then you start worrying about the more advanced stuff. But with all these breaches, it seems like people don't even do that.Ell: You have Tesla, right, who's working on going to Mars, sending people there who had their S3 buckets compromised. At that point, if we've got this technology, just giant there, I think we're safe to do that whole, “Hey, assume breach, assume compromise.” But when I say that, it drives me up the wall how many people just go, “Okay, well, there's nothing we can do. We should just assume that there's going to be an issue,” and just have this mentality where they give up. No, that gives you a starting point to work from, but that's not the way it's being seen.Corey: One of the things that I've started doing as I built up my new laptop recently has been all right, how do I work with this in such a way that I don't have credentials that are going to grant access to things in any long-lived way ever residing on disk? And so that meant with AWS, I started using SSO to log into a bunch of things. It goes through a website, and then it gives a token and the rest that lasts for 12 hours. Great.Okay, SSH keys, how do I handle that? Historically, I would have them encrypted with a passphrase, but then I found for Mac OS an app called Secretive that stores it in the Secure Enclave. I have to either type in a password or prove it with a biometric Touch ID nonsense every time something tries to access the key. It's slightly annoying when I'm checking out five or six Git repos at once, but it also means that nothing that I happen to have compromised in a browser or whatnot is going to be able to just grab the keys, send it off somewhere, and then I'll never realize that I've been compromised throughout. It's the idea of at least theoretically defense in depth because it's me, it's my personal electronics, in all likelihood, that are going to be compromised, more so than it is configured, locked-down S3 buckets, managed properly. And if not me, someone else in my company who has access to these things.Ell: I'm going to give you the best advice you're ever going to get, and people are going to go, “Duh,” but it's happening right now: Don't get complacent, don't get lazy, how many of us are, “Okay, we're just going to put the key over here for a second.” Or, “We're just going to do this for a minute,” and then we forget. I recently, you know, did some research into Emotet and—you know, the new virus and the group behind it—you know how they got caught? When they were raided, everything was in plain text. They forgot to use their VPN for a while, all the files that they'd gotten no encryption. These were the people that that's what they were looking for, but you get lazy.Corey: I've started treating at least the security credential side of doing weird things, even one off bash scripts, as if they were in production. I stuff the credentials into something like AWS's parameter store, and then just have a one line snippet of code that retrieves them at runtime to wind up retrieving those. Would it be easier to just slap it in there in the code? Absolutely, of course it would. But I also look at my newsletter production pipeline, and I count the number of DynamoDB tables that are in active use that are labeled Test or Dev, and I realized, huh, I'm actually kind of bad at taking something that was in Dev and getting it ready for production. Very often, I just throw a load at it and call it good. So, if I never get complacent around things like that, it's a lot harder for me to get yelled at for checking secrets into Git, for example.Ell: Probably not the first time that you've heard this but, Corey, I'm going to have to go with you're abnormal because that is not what we're seeing in a day-to-day production environment.Corey: Oh, of course not. And the reason I do this is because I was a grumpy old sysadmin for so long, and have gotten burned in so many weird ways of messing things up. And once it's in Git, it's eternal—we all know that—and I don't ever want to be in a scenario where I open-source something and surprise, surprise, come to find out in the first two days of doing something, I had something on disk. It's just better not to go down that path if at all possible.Ell: Being a former sysad as well, I must say, what you're able to do within your environment, your computer is almost impossible within a corporate environment. Because as a sysad, I'm looking at, “What did the devs do again? Oh, man, what's the security team going to do?” And you're stuck in the middle trying to figure out how to solve a problem and then manage it through that entire environment.Corey: I never really understood intrinsically the value of things like single-sign-on, until I wound up starting this company. Because first, it was just me for a few years. And yeah, I can manage my developer environments and my AWS environments in such a way that if they get compromised, it's not going to be through basic, “Oops, I forgot that's how computers work,” type of moment. It's going to be at least something a little bit more difficult, I would imagine. Because if you—all right, if you managed to wind up getting my keys and the passphrase, and in some cases, the MFA device, great, good, congratulations, you've done something novel and probably deserve the data.Whereas as soon as I started bringing other people in who themselves were engineers, I sort of still felt the same way. Okay, we're all responsible adults here, and by and large, since I wasn't working with junior people, that held true. And then I started bringing in people who did not come from a deeply computer-y technical background, doing things like finance, and doing things like sales, and doing things like marketing, all of which are themselves deeply technical in their own way, but data privacy and data security are not really something that aligns with that. So, it got into the weeds of, “How do I make sure that people are doing responsible things on their work computers like turning on disk encryption, and forcing a screensaver, and a password and the rest.” And forcing them to at least do some responsible things like having 1Password for everyone was great until I realized a couple people weren't even using it for something, and oh dear. It becomes a much more difficult problem at scale when you have to deal with people who, you know, have actual work to do rather than sitting around trying to defend the technology against any threat they can imagine.Ell: In what you just said though, there is one flaw is we tend to focus on, like you said, marketing and finance and all these organizations who—don't get phished, don't click on this link. But we kind of give the just the openness that your security team, your sysads, your developers, they're going to know best practices. And then we focus on Windows because that's what the researchers are doing. And then we focus on Windows because that's what marketing is using, that's what finance is using. So, what there's no way to compromise a Mac or Linux box? That's a huge, huge open area that you're allowing for attackers.Corey: Let's be very clear here. We don't have any Windows boxes—of which I'm aware—in the company. And yeah, the technical folk we have brought in, most of them I'd worked—or at least the early folks—I'd worked with previously. And we had a shared understanding of security. At least we all said the right things.But yeah, as you—right, as you grow, as you scale, this becomes a big deal. And it's, I also think there's something intrinsically flawed about a model where the entire instruction set is, it all falls on you to not click the link or you're going to doom us all. Maybe if someone can click a link and doom us all, the problem is not with them; it's the fact that we suck at building secure systems that respect defense in depth.Ell: Something that we do wrong, though, is we split it up. We have endpoint protection when we're talking about, you know, our Windows boxes, our Linux boxes, our Mac boxes. And then we have server-side and cloud security. Those connect. Think about, there's a piece of malware called EvilGNOME. You go in on a Linux box, you have access to my camera, keylogging, and watching exactly what I'm doing. I'm your sysad. I then cat out your SSH keys, I go into your box, they now have the password, but we don't look for that. We just assume that those two aren't really that connected, and if we monitor our network and we monitor these devices, we'll be fine. But we don't connect the two pieces.Corey: One thing that I did at a consulting client back in 2012, or so that really raised eyebrows whenever I told people about it was that we wound up going to some considerable trouble building a allow list within Squid—a proxy server that those of us in Linux-land are all too familiar with in some cases—so everything in production could only talk to the outside world via that proxy; it was not allowed to establish any outbound connections other than through that proxy. So, it was at that point only allowed to talk to specify update servers, specified third-party APIs and the rest, so at least in theory, I haven't checked back on them since, I don't imagine that the log4yay nonsense that we've seen recently would necessarily work there. I mean, sure, you have the arbitrary execution of code—that's bad—but reaching out to random endpoints on the internet would not have worked from within that environment. And I liked that model, but oh my God, was it a pain in the butt to set up properly because it turns out, even in 2012, just to update a Linux system reasonably, there's a fair number of things it needs to connect to, from time-to-time, once you have all the things like New Relic instrumentation in, and the app repository you're talking to, and whatever container source you're using, and, and, and. Then you wind up looking at challenges like, oh, I don't know, if you're looking at an AWS-style environment, like most modern things are, okay, we're only going to allow it to talk to AWS endpoints. Well, that's kind of the entire internet now. The goalposts move, the rules change, the game marches on.Ell: On an even simpler point, with that you're assuming only outbound traffic through those devices. Are they not connected to anything within the internal network? Is there no way for an attacker to pivot between systems? I pivot over to that, I get the information, and I make an outbound connection on something that's not configured that way.Corey: We had—you're allowed to talk outbound to the management subnet, which was on its own VLAN, and that could make established connections into other things, but nothing else was allowed to connect into that. There was some defense in depth and some thought put into this. I didn't come up with most of this to be clear, it was—this was smart people sitting around. And yeah, if I sit here and think about this for a while, of course there's going to be ways to do it. This was also back in the days of doing it in physical data centers, so you could have a pretty good idea of what was connect to the outside world just by looking at where the cables went. But there was also always the question of how does this–does this do what I think it's doing or what have I overlooked? Security's job is never done.Ell: Or what was misconfigured in the last update. It's an assumption that everything goes correctly.Corey: Oh, there is that. I want to talk though, about the things I had to worry about back then, it seems like in many cases get kicked upstairs to the cloud providers that we're using these days. But then we see things like Azurescape where security researchers were able to gain access to the Azure control plane where customers using Cosmos DB—Azure's managed database service, one of them—could suddenly have their data accessed by another customer. And Azure is doing its clam up thing and not talking about this publicly other than a brief disclosure, but how is this even possible from security architecture point of view? It makes me wonder if it hadn't been disclosed publicly by the researcher, would they have ever said something? Most assuredly not.Ell: I've worked with several researchers, in Intezer and outside of Intezer, and the amount of frustration that I see within reasonable disclosure, it just blows my mind. You have somebody threatening to sue the researcher if they bring it out. You have a company going, “Okay, well, we've only had six weeks. Give us three more weeks.” And next thing we know, it's six months.There is just this pushback about what we can actually bring out to the public on why they're vulnerable in organizations. So, we're put in this catch-22 as researchers. At what point is my responsibility to the public, and at what point is my responsibility to protect myself, to keep myself from getting sued personally, to keep my company from going down? How can we win when we have small research groups and these massive cloud providers?Corey: This episode is sponsored in part by something new. Cloud Academy is a training platform built on two primary goals. Having the highest quality content in tech and cloud skills, and building a good community the is rich and full of IT and engineering professionals. You wouldn't think those things go together, but sometimes they do. Its both useful for individuals and large enterprises, but here's what makes it new. I don't use that term lightly. Cloud Academy invites you to showcase just how good your AWS skills are. For the next four weeks you'll have a chance to prove yourself. Compete in four unique lab challenges, where they'll be awarding more than $2000 in cash and prizes. I'm not kidding, first place is a thousand bucks. Pre-register for the first challenge now, one that I picked out myself on Amazon SNS image resizing, by visiting cloudacademy.com/corey. C-O-R-E-Y. That's cloudacademy.com/corey. We're gonna have some fun with this one!Corey: For a while, I was relatively confident that we had things like Google's Project Zero, but then they started softening their disclosure timelines and the rest, and it was, we had the full disclosure security distribution list that has been shuttered to my understanding. Increasingly, it's become risky to—yourself—to wind up publishing something that has not been patched and blessed by the providers and the rest. For better or worse, I don't have those problems, just because I'm posting about funny implications of the bill. Yeah, worst case, AWS is temporarily embarrassed, and they can wind up giving credits to people who were affected and be mad at me for a while, but there's no lasting harm in the way that there is with well, people were just able to look at your data for six months, and that's our bad oops-a-doozy. Especially given the assertions that all of these providers have made to governments, to banks, to tax authorities, to all kinds of environments where security really, really matters.Ell: The last statistic that I heard, and it was earlier this year, that it takes over 200 days for compromise even to be detected. How long is it going to take for them to backtrack, figure out how it got in, have they already patched those systems and that vulnerability is gone, but they managed to establish persistence somehow, the layers that go into actually doing your digital forensics only delay the amount of time that any of that is going to come out where that they have some information to present to you. We keep going, “Oh, we found this vulnerability. We're working on patches. We have it fixed.” But does every single vendor already have it pitched? Do they know how it actually interacted within one customer's environment that allowed that breach to happen? It's just ridiculous to think that's actually occurring, and every company is now protected because that patch came out.Corey: As I take a look at how companies respond to these things, you're right, the number one concern most of them have is image control, if I'm being honest with you. It's the reputational management of we are still good at security, even though we've had a lapse here. Like, every breach notification starts out with, “Your security is important to us.” Well, clearly not that important because look at the email you had to send. And it's almost taken on aspects of a comedy piece where it [grips 00:23:10] with corporate insincerity. On some level, when you tell a company that they have a massive security vulnerability, their first questions are not about the data privacy; it's about how do we spend this to make ourselves come out of this with the least damage possible. And I understand it, but it's still crappy.Ell: Us tech folk talk to each other. When we have security and developers speaking to each other, we're a lot more honest than when we're talking to the public, right? We don't try to hold that PR umbrella over ourselves. I was recently on a panel speaking with developers, head SRE folk—what was there? I think there was a CISO on there—and one of the developers just honestly came out and said, “At the end, my job is to say, ‘How much is that breach going to cost, versus how much money will the company lose if I don't make that deployment?'” The first thing that you notice there is that whole how much money you'll lose? The second part is why is the developer the one looking at the breach?Corey: Yeah. The work flows downward. One of the most depressing aspects to me of the CISO role is that it seems like the job is to delegate everything, sign binding contracts in your name, and eventually get fired when there's a breach and your replacement comes in to sign different papers. All the work gets delegated, none of the responsibility does, ideally—unless you're SolarWinds and try and blame it on an intern; I mean, I wish I had an ablative intern or two around here to wind up a casting blame they don't deserve on them. But that's a separate argument—there is no responsibility-taking as I look at this. And that's really a depressing commentary on the state of the world.Ell: You say there's no responsibility taken, but there is a lot of blame assigned. I love the concept of post-mortems to why that breach happened, but the only people in the room are the security team because they had that much control over anything. Companies as a whole need a scapegoat, and more and more, security teams are being blamed for every single compromised as more and more responsibility, more and more privileges, and visibility into what's going on is being taken away from them. Those two just don't balance. And I think it's causing a lot of just complacency and almost giving up from our security teams.Corey: To be clear, when we talk about blameless post-mortems for things like this, I agree with it wholeheartedly within the walls of a company. However, externally as someone whose data has been taken in some of these breaches, oh, I absolutely blame the company. As I should, especially when it's something like well, we have inadvertently leaked your browsing history. Why were you collecting that in the first place? Is sort of the next logical question.I don't believe that my ISP needs that to serve me better. But now you have Verizon sending out emails recently—as of this recording—saying that unless anyone opts out, all the lines in our cell account are going to wind up being data mined effectively, so they can better target advertisements and understand us better. It's no, I absolutely do not want you to be doing that on my phone. Are you out of your mind? There are a few things in this world that we consider more private than our browsing histories. We ask the internet things we wouldn't ask our doctors in many cases, and that is no small thing as far as the level of trust that we place in our ISPs that they are now apparently playing fast and loose with.Ell: I'm going to take this step back because you do a lot of work with cloud providers. Do you think that we actually know what information is being collected about our companies and what we have configured internally and externally by the cloud provider?Corey: That's a good question. I've seen this before, where people will give me the PDF exploded view of last month's AWS bill, and they'll laugh because what information can I possibly get out of that. It just shows spend on services. But I could do that to start sketching out a pretty good idea of what their architecture looks like from that alone. There's an awful lot of value in the metadata.Now, I want to be clear, I do not believe on any provider—except possibly Azure because who knows at this point—that if you encrypt the data, using their encryption facilities—with AWS, I know it's KMS, for example—I do not believe that they can arbitrarily decrypt it and then scan for whatever it is they're looking for. I do not believe that they are doing that because as soon as something like that comes out, it puts the lie to a whole bunch of different audit attestations that they've made and brings the entire empire crumbling down. I don't think they're going to get any useful data from that. However, if I'm trying to build something like Amazon Prime Video, and I can just look at the bill from the Netflix account. Well, that tells me an awful lot about things that they might be doing internally; it's highly suggestive. Could that be used to give them an unfair advantage? Absolutely.I had a tweet a while back that I don't believe that Google's Gmail division is scanning inboxes for things that look like AWS invoices to target their sales teams, but I sure would feel better if they would assure me that was the case. No one was able to ever assure me of that. It's I don't mean to be sitting here slinging mud, but at the same time, it's given that when you don't explicitly say you're not doing something as a company, there's a great chance you might be doing it, that's the sort of stuff that worries me, it's a bunch of unfair dirty trick style stuff.Ell: Maybe I'm just cynical, or maybe I just focus on these topics too much, but after giving a presentation on cloud security, I had two groups, both, you know, from three letter government agencies, come up to me and say, “How do I have these conversations with the cloud provider?” In the conversation, they say, “We've contacted them several times; we want to look at this data; we want to see what they've collected, and we get ghosted, or we end up talking to attorneys. And despite over a year of communication, we've yet to be able to sit down with them.”Corey: Now, that's an interesting story. I would love to have someone come to me with that problem. I don't know how I would solve that yet. But I have a couple ideas.Ell: Hey, maybe they're listening, and they'll reach out to you. But—Corey: You know, if you're having that problem of trying to understand what your cloud provider is doing, please talk to me. I would love to go a little more in depth on that conversation, under an NDA or six.Ell: I was at a loss because the presentation that I was giving was literally about the compromise of managed service providers, whether that be an outsourced security group, whether that be your cloud provider, we're seeing attack groups going after these tar—think about how juicy they are. Why do I need to compromise your account or your company if I can compromise that managed service provider and have access to 15 companies?Corey: Oh, yeah. It's why would someone spend time trying to break into my NetApp when they could break into S3 and get access to everyone's data, theoretically? It's a centralization of security model risk.Ell: Yeah, it seems to so many people as just this crazy idea. It's so far out there. We don't need to worry about it. I mean, we've talked about how Azure Functions has been compromised. We talked about all of these cloud services that people are specifically going after and being able to make traction in these attacks.It's not just this crazy idea. It's something that's happening now, and with the progress that attackers are making, criminal groups are making, this is going to happen pretty soon.Corey: Sometimes when I'm out for a meal with someone who works with AWS in the security org, there'll be an appetizer where, “Oh, there's two of you. I'm going to bring three of them,” because I guess waitstaff love to watch people fight like that. And whenever I want the third one, all I have to do is say, “Can you imagine a day in which, just imagine hypothetically, IAM failed open and allowed every request to go through regardless of everything else?” Suddenly, they look sick, lose their appetite, and I get the third one. But it's at least reassuring to know that even the idea of that is that disgusting to them, and it's not the, “Oh, that happened three weeks ago, but don't tell anyone.” Like, there's none of that going on.I do believe that the people working on these systems at the cloud providers are doing amazingly good work. I believe they are doing far better than I would be able to do in trying to manage all those things myself, by a landslide. But nothing is ever perfect. And it makes me wonder that if and when there are vulnerabilities, as we've already seen—clearly—with Azure, how forthcoming and transparent would they really be? And that's the thing that keeps me up at night.Ell: I keep going back during this talk, but just the interaction with the people there and the crowd was just so eye-opening. And I don't want to be that person, but I keep getting to these moments of, “I told you so.” And I'm not going to go into SolarWinds. Lord, that has been covered, but shortly after that, we saw the same group going through and trying to—I'm not sure if they successfully did it, but they were targeting networks for cloud computing providers. How many companies focused outside of that compromise at that moment to see what it was going to build out to?Corey: That's the terrifying thing is if you can compromise a cloud service provider at this point, it's well, you could sell that exploit on the dark web to someone. Yeah, that is a—if you can get a remote code execution be able to look into any random Cloud account, there's almost no amount of money that is enough for something like that. You could think of the insider trading potential of just compromising Slack. A single company, but everyone talks about everything there, and Slack retains data in perpetuity. Think at the sheer M&A discussions you could come up with? Think of what you could figure out with a sort of a God's eye view of something like that, and then realize that they run on AWS, as do an awful lot of other companies. The damage would be incalculable.Ell: I am not an attacker, nor do I play one on TV, but let's just, kind of, build this out. If I was to compromise a cloud provider, the first thing I would do is lay low. I don't want them to know that I'm there. The next thing I would do is start getting into company environments and scanning them. That way I can see where the vulnerabilities are, I can compromise them that way, and not give out the fact that I came in through that cloud provider. Look, I'm just me sitting here. I'm not a nation state. I'm not somebody who is paid to do this from nine to five, I can only imagine what they would come up with.Corey: It really feels like this is no longer a concern just for those folks who manage have gotten on the bad side of some country's secret service. It seems like APTs, Advanced Persistent Threats, are now theoretically something almost anyone has to worry about.Ell: Let me just set the record straight right now on what I think we need to move away from: The whole APTs are nation states. Not anymore. And APT is anyone who has advanced tactics, anyone who's going to be persistent—because you know what, it's not that they're targeting you, it's that they know that they eventually can get in. And of course, they're a threat to you. When I was researching my work into Advanced Persistent Threats, we had a group named TNT that said, “Okay, you know what? We're done.”So, I contacted them and I said, “Here's what I'm presenting on you. Would you mind reviewing it and tell me if I'm right?” They came back and said, “You know what? We're not in APT because we target open Docker API ports. That's how easy it is.” So, these big attack groups are not even having to rely on advanced methods anymore. The line onto what that is just completely blurring.Corey: That's the scariest part to me is we take a look at this across the board. And the things I have to worry about are no longer things that are solely within my arena of control. They used to be, back when it was in my data center, but now increasingly, I have to extend trust to a whole bunch of different places. Because we're not building anything ourselves. We have all kinds of third-party dependencies, and we have to trust that they're doing the right things as they go, too, and making sure that they're bound so that the monitoring agent that I'm using can't compromise my entire environment. It's really a good time to be professionally paranoid.Ell: And who is actually responsible for all this? Did you know that 70% of the vulnerabilities on our systems right now are on the application level? Yet security teams have to protect it? That doesn't make sense to me at all. And yet, developers can pull in any third-party repository that they need in order to make that application work because hey, we're on a deadline. That function needs to come out.Corey: Ell, I want to thank you for taking the time to speak with me. If people want to learn more about how you see the world and what kind of security research you're advocating for, where can they find you?Ell: I live on Twitter to the point where I'm almost embarrassed to say, but you can find me at @Ell_o_Punk.Corey: Excellent. And we will wind up putting a link to that in the [show notes 00:35:37], as we always do. Thanks so much again for your time. I appreciate it.Ell: Always. I'd be happy to come again. [laugh].Corey: Ell Marquez, security research advocate at Intezer. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment that ends in a link that begs me to click it that somehow it looks simultaneously suspicious and frightening.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Debra Sperling is a professional voiceover artist with over 26 years of experience. Throughout her career, Debra has been the voice of dozens of national television campaigns such as Charmin, Cascade, Pampers, Maybelline, Listerine, Walmart, Folgers, Kellogg's, Olive Garden, Johnson and Johnson, Band-Aid, and many more. Debra is a big player in the Promo world as well, having been the voice of The Oxygen Network and the voice of WEtv, with ongoing promo spots for many networks including NBC, National Geographic, USA, Investigation Discovery, A&E, Animal Planet, and HBO. She is also equally passionate about teaching and coaching, and her renowned "Authenticity in Voiceover" class has helped students worldwide. After attending the High School of Performing Arts, Debra went on to earn her BA in Theatre, her MFA in Acting, and has “been an actor since”. Although she makes her living as a voiceover artist now, she speaks candidly about how her journey began, noting she didn't really know what voice overs were when she first started out. Debra talks about her approach to acting for theatre, TV or film compared to acting for voice overs: why “it is the same thing” for her, and how it starts with bringing your authentic self to the microphone, stage, or set. She also opens up about her love for teaching and coaching, and shares why she feels like leading her voice over class on Zoom during COVID saved her.  In this episode, we talk about:  The culture shock she felt while attending her first show in London  Morgan Freeman's voice  Why she tells people to “stop acting words”  Stephen McKinley Henderson as a mentor and teacher  Missing the collaborative aspect of voice over work due to COVID Connect with Debra: Web: debrasperling.com/about IG: @debrasperlingvo Connect with The Theatre Podcast: Support us on Patreon: Patreon.com/TheTheatrePodcast Twitter & Instagram: @theatre_podcast Facebook.com/OfficialTheatrePodcast TheTheatrePodcast.com Alan's personal Instagram: @alanseales Email me at feedback@thetheatrepodcast.com. I want to know what you think. Thank you to our friends Jukebox The Ghost for our intro and outro music. You can find them on Instagram, Twitter, and Facebook @jukeboxtheghost or via the web via jukeboxtheghost.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

Madison BookBeat - Your listener-supported, community radio home for Madison authors, topics, book events and publishers.Stu Levitan gets 2022 off to a wondrous start with an encore presentation of a conversation with Aimee Nezhukumatathil about her an enchanting and stimulating collection of illustrated nature essays called “World Of Wonders: In Praise Of Fireflies, Whale Sharks, & Other Astonishments.” Published by the good people at Milkweed Editions, it was named Book of the Year by Barnes and Noble, and was a finalist for the Kirkus Prize in nonfiction. And Aimee met two of the criteria as a former Badger who was at the Wisconsin Book Festival.If you took Aldo Leopold's expert eye for Nature and Marcel Proust's ability to evoke memory out of experience and filtered it all through a poet and essayist who was the daughter of a Filipina mother and South Indian father, you might come close to what Aimee Nezhukumatathil has accomplished in World of Wonders.Born in Chicago in 1974, she lived as a child in Iowa, Arizona, Kansas, New York and Ohio; received her undergraduate and master's degrees in poetry and nonfiction from The Ohio State University; was awarded a poetry fellowship to the University of Wisconsin Institute for Creative Writing; spent 14 years teaching in western New York, and in 2016 accepted appointment as Professor of English and Creative Writing in the MFA program at the University of Mississippi in Oxford, where her husband, the essayist Dustin Parsons, also teaches. Since 2003, she has published four collections of poetry and a chapbook of garden poems with the poet Ross Gay, and has been included in several collections and anthologies. She has been awarded a poetry fellowship from the National Endowment for the Arts, the Pushcart Prize, and a 2020 Guggenheim Fellowship in poetry, among other honors.A real pleasure to have Prof. Aimee Nezhukumatathil on Madison BookBeat.

Dan unboxes the Apple Product of the Year while iPhone production grind to a halt.  Stories of MFA failure, trashed Microsoft Surface tablets, and Tesla recalls are batted around on this final episode of 2021!

It is the end of 2021 and I cannot believe how much has happened. This year has been one of challenge and triumph, great loss, but also one of abundance. I thought I'd close out the year by talking about our bodies, the food we consume, and how the food in our community reflects our resilience. I'm really excited about today's episode and to be talking with someone near and dear to my heart, Jessica Featherson. Join Jessica and I as we  discuss what having it all means to her, her journey, and common misconceptions associated with having it all.  She has a creative background in dance and it has played an important role in saving her life.We also explore The relationship of food and Black culture and the role it plays in having it all with health, and Seeking and accepting your gifts and embracing your purpose as the path to having it allMeet Jessica FeathersonJessica self-identifies as a womanist who advocates for amplified representation, visibility, and culturally relevant wellness solutions for black womxn. She wears many hats: performance + culinary artist, experience curator, scholar, educator, health + fitness coach. She is deeply passionate about health, wellness, and the unique, interconnected relationship between the mind, body, and soul.​She received my BFA in dance performance from Temple University and my MFA from Rutgers University. She has performed nationally and internationally with Kariamu & Co: Traditions, Laurie Taylor/Soul Movement, and Eric Taylor Dance and taught on faculty at Rutgers University/Mason Gross School of the Arts and Ballet Hispanico.​In 2016, Jessica obtained her Health Coach certification from the Institute of Integrative Nutrition (IIN). Jessica's mission is to teach and empower women to be loud and unapologetic in their existence and to radically love and care for themselves so that they can flourish in all aspects of their lives. I want to send a special thank you to Jessica for being so open and willing to have this important conversation. A special thank you to all of you for tuning in this season and contributing to the conversation. We will continue this much-needed conversation in the new year. As always please like, follow, and share the podcast within your circle. Happy New Year and here's to having it all!Connect with Jessica:For Updates on her work in the health, realm check out WellBodyKitchenTo connect with Jessica via her creative endeavors visit her personal website jessicacamille.comYou can also find Jessica on Facebook. Connect with me:I would love to hear from you; send me an email at: cheri@leaderandloverpodcast.comWant to find out more about the show? you can do that at: www.leaderandloverpodcast.comFind Leader and Lover on Facebook: https://www.facebook.com/leaderandloverFind me on Instagram: https://www.instagram.com/cheri_spigner/

Mike Damiano stops by to close out 2021 to talk about his Atavist story "We Wish to be Able to Sing."  Social Media: @CNFPod Show notes and newsletter: brendanomeara.com Support: Patreon.com/cnfpod Sponsor love: West Virg. Wesleyan College's MFA in Creative Writing

In today's Books with Hooks, guest agent Veronia Park joins us from Fuse Literary to review four submissions. During the segment, Veronica discusses having the query vibe matching the sample pages vibe; under-promising and over-delivering with the sample; ensuring you have stakes at the end of each POV paragraph in the query; when not to include the prologue in the sample pages; and the three-part rule: what does your MC want more than anything, why can't they get it, and what will happen if they do/don't get it?After which, Bianca chats with Alka Joshi, author of The Henna Artist and The Secret Keeper of Jaipur about how there isn't a ticking clock for publishing; having and listening to external cheerleaders; tooting your own horn; when an MFA is worth it, and when it's not; five crucial tips for emerging writers; taking time away to recharge and then coming back to appreciating your story; and the importance of knowing the story behind the story.Find us on our socials: Twitter: @SNOTYAW @BiancaM_author @carlywatters @ceciliaclyra Instagram: @biancamarais_author @carlywatters @cece_lyra_agent @ the_shit_about_writingFacebook: @tsnotyawWebsite: www.biancamarais.comVeronica Park on Twitter: @veroniKaboomFuse Literary on Twitter: @FuseLiterarywww.fuseliterary.comAlka Joshi on Twitter: @alkajoshi and on Instagram: @thealkajoshi

"If you exist, you belong."  Filmmaker Arielle Nobile ponders and explores the question of belonging, and has settled on this answer. Still, we continue to ask, 'Where do I belong?' 'Do I belong?' and 'How do we all belong, despite our differences?" We hope today's episode assures and inspires you that in our human family,   despite our missteps, all are welcome here.Our conversation covers revolutionary listening, perhaps the most powerful key to understanding and accepting each other. We can belong to ourselves and stand on our beliefs, and belong to each other, even when we strongly disagree with each other. We also talk about Arielle's recent move from the U.S. to Argentina, and what that means, her journey from in front of the camera to behind it, and how creatives can become bridges to unite disparate - and often, alienated -  groups of people.Arielle and I share our experiences in performing arts,  communication and optimism in humanity during challenging times. Thanks for listening.Arielle is a documentary film maker, who is usually the one asking all the questions. She is the CEO of Legacy Connections  , which was founded in 2005. Arielle's company produces documentary films for families to reflect on their history, truths, shared values and vision for the future.  She received her BFA in Experimental Theatre from NYU's Tisch School of the Arts. She then studied in an MFA-style year-long directing program at Second City Theatre in Chicago. She taught improv and theatre at Second City and Piven Theatre to adults and children, which makes her uniquely skilled at helping all her subjects relax and be natural on camera. Arielle is the producer/director of the award-winning documentary series Belonging in the USA: Stories from our Neighbors. The first film in the trilogy, The Story of Michael D. McCarty was a 2019 official selection at the Pan African Film Festival, the largest Black film festival in the US. Check-out Arielle's related Belonging in the USA podcast. Arielle was named to The Independent Magazine's List of “10 Filmmakers to Watch” in 2018 for the Belonging in the USA documentary series. In 2012, she won a Hugo Television award for her 6-part public television series, Belonging in Boulder: Unexpected Stories from Your Neighbors.

Peter is wrestling with the passing of his mother and what it means for the choices he's made and is making. A chance meeting at a local bar finds him wandering small town backroads looking for something -- maybe even answers. After the story, we talk with Tacheny Perry about the roots of this story and how her personal experiences filter in. She also provides a perspective on getting an MFA in Writing and how that helped focus her energy. If you'd like to read this story or learn more about Tacheny, head over to Etched Onyx Magazine at www.onyxpublications.com. All audio and story material are copyright 2021, all rights reserved.

To round out 2021, we are revisiting a few of our favorite episodes of 2021. Melissa Febos is the author of the critically acclaimed memoir, Whip Smart (St. Martin's Press 2010), and the essay collection, Abandon Me (Bloomsbury 2017), which was a LAMBDA Literary Award finalist, a Publishing Triangle Award finalist, an Indie Next Pick, and was named a Best Book of 2017 by Esquire, Book Riot, The Cut, Electric Literature, Bustle, Medium, Refinery29, The Brooklyn Rail, Salon, The Rumpus, and others. Her second essay collection, Girlhood, was published by Bloomsbury on March 30, 2021. A craft book will be published by Catapult in 2022. The recipient of an MFA from Sarah Lawrence College, she is an associate professor at the University of Iowa, where she teaches in the Nonfiction Writing Program. This episode is brought to you by the House of Chanel, celebrating 100 years of Chanel No. 5. Visit Thresholds online at www.thisisthresholds.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

It's the return of Sari Botton and Carolita Johnson who were last guests on the same show back in April 2018!Sari Botton is a writer, editor and teacher living in Kingston, NY. She is the editor of the award-winning anthology Goodbye to All That: Writers on Loving and Leaving NY and its New York Times-Bestselling follow-up, Never Can Say Goodbye: Writers on Their Unshakable Love for NY. Sari publishes three newsletters: her newest endeavor Oldster Magazine, as well as Adventures in "Journalism," and Memoir Monday. Her work has appeared in the New York Times, New York Magazine, the Village Voice, Harper's Bazaar, Marie Claire, More, and the Rumpus, plus other publications and anthologies. She is a contributing editor and leads essay writing and anthology editing at Catapult and is an adjunct in the MFA program at Bay Path University. Her memoir-in-essays, And You May Find Yourself... will be published by Heliotrope in June, 2022. Sari is the former Essays Editor for Longreads and hopes to one day reopen her co-working space for writers, Kingston Writers' Studio.Carolita Johnson is a cartoonist and illustrator from NYC. She spent 13 years in Paris, France, after graduating from Parson's School of Design with a degree in Fashion Design. In Paris, she earned a masters degree in Modern Letters and Linguistics, and got some (admittedly very idiosyncratic) chops in pre-doctoral Medieval Anthropology, which turned out to be a gateway drug to cartoons and illustration. Her cartoons appear in the new yorker magazine, and in the books: the rejection collection 1, and the rejection collection 2, and sex and sensibility, and she's illustrated the books the new vampire's handbook, and women on food. Carolita is also a writer who has contributed to https://longreads.com/author/carolita/, has an essay in the 2021 reprint of Sari Botton's, goodbye to all that as well as a recent piece in Oldster Magazine on the inner workings of a woman's body.We start out by checking in with what's new with these two since they were last on the show, and then get into a thought provoking conversation based in the essence of Oldster Mag, "perspectives on the joys and frustrations on getting older - at any stage of life." This means we talk about the aging woman's body, how it's largely ignored by the medical industry, ageism, how these two feel about being 56, what's good about it and what's not so good about it. Plus they make some reading recommendations that I've already started on myself!Here's a link to the 10% Happier Podcast I mentioned about ending polarization and the "I, We, I" curve that we can all work to shift.Here's a link to the Joan Didion essay, "Goodbye to All That."Thanks to Warren from Radio Kingston for engineering today's show!Our show music is from Shana Falana !!!Feel free to email me, say hello: she@iwantwhatshehas.org** Please: SUBSCRIBE to the pod and leave a REVIEW wherever you are listening, it helps other users FIND IThttp://iwantwhatshehas.org/podcastITUNES | SPOTIFY | STITCHERITUNES: https://itunes.apple.com/us/podcast/i-want-what-she-has/id1451648361?mt=2SPOTIFY:https://open.spotify.com/show/77pmJwS2q9vTywz7Uhiyff?si=G2eYCjLjT3KltgdfA6XXCASTITCHER: https://www.stitcher.com/podcast/she-wants/i-want-what-she-has?refid=stpr'Follow:INSTAGRAM * https://www.instagram.com/iwantwhatshehaspodcast/FACEBOOK * https://www.facebook.com/iwantwhatshehaspodcastTWITTER * https://twitter.com/wantwhatshehas

Today our guest is Deenah Vollmer. An LA Native, NYU and Columbia alumna, comedic performer, writer, poet, and clown. We discuss how she started a poetry club at UC Santa Cruz, her experience in the eclectic music scene in New York, ayahuasca, and the connection of clown and therapy. Check out her website and Instagram: https://www.deenahvollmer.net/ @dee3nah @the_pizza_underground Check out my website and Instagram: https://www.emicoproductions.com/ @empersico @artistswithem @emicoproductions

This episode is brought to you by the Ladies of the Fright Patreon! When we hit our goal of 30 patrons, we'll begin paying authors $25 for short story reprints! We've got tons of exclusive content for patrons at every tier. Head on over to patreon.com/ladiesofthefright and join our community today! Show Notes For our eighth tropisode, we're talking FORESTS with debut author Katherine Silva. Katherine Silva is a Maine author of dark fiction, a connoisseur of coffee, and victim of cat shenanigans. She is a two-time Maine Literary Award finalist for speculative fiction and a member of the Horror Writers of Maine, The Horror Writers Association, and New England Horror Writers Association. Katherine is also a founder of Strange Wilds Press, Dark Taiga Creative Writing Consultations, and The Kat at Night Blog. Her latest book, The Wild Dark, is now available wherever books are sold. AND as you all know, Lisa Quigley is a horror author and pagan witch. She holds an MFA in Creative Writing from the University of California, Riverside's low-residency MFA program in Palm Desert. Her work has appeared in such places as Unnerving Magazine, Journal of Alta California, and Automata Review. She is the co-host of the award-winning horror fiction podcast Ladies of the Fright. Hell's Bells (2020) and Camp Neverland (2021) from Unnerving are her novellas. The Forest is her debut novel. Lisa lives in New Jersey with one handsome devil and two wild monsters. Find her at www.lisaquigley.net. Forest Group Reads The Forest by Lisa Quigley The Wild Dark by Katherine Silva Forest Book and Film Mentions The Wizard of Oz (film and book) The Forest by Lisa Quigley The Wild Dark by Katherine Silva The Ritual by Adam Neville The Night Will Find Us by Matthew Leions Pines by Blake Crouch The Blair Witch Project  The Fiends and the Furrows folk horror anthology Annihilation by Jeff Vandermeer Strange Grace by Tessa Gratton The Neverending Story The Girl Who Loved Tom Gordon by Stephen King Women Who Run with the Wolves by Clarissa Pinkola Estes The Bear in the Nightingale by Katherine Arden The Changeling by Victor LaValle Find Katherine: Website

Guest Erika Meitner was raised in a household where reformed Judaism revolved around justice and social action. As a first-generation American, her immigrant parents expected her to go into a medical career or something established. Raised with an eye toward social justice and a voice to say something about it, though, she was drawn to both the arts—particularly creative writing—and religious studies in college and spoke up for women's rights and other issues. Upon receiving a fellowship to study in Jerusalem after graduation, she studied Kabbalah and Jewish mysticism, and biblical and literary translation and considered rabbinical school.To pay off her undergraduate loans, however, she worked as a consultant during the run-up to Y2K. When she realized she was spending all of her spare time reading, she knew that wasn't the life for her and went briefly into teaching middle school. The call to both religious studies and creative writing were strong, though, and she applied for master's programs in each. Just as she was readying herself to return to Israel, she got off the wait list at UVa's creative writing MFA program.Knowing the road to established poet and academic would take some time, she kept a strong of Plan Bs going—from writing residencies and another master's degree in Jewish studies to summer teaching stints and management consulting projects. These and other experiences that relied on her ability to solve problems through her interpersonal communication skills only made her writing richer.In this episode, find out from Erika how answering the really big questions of our time requires interpersonal skills developed over a lifetime.…on ROADS TAKEN...with Leslie Jennings Rowley. About This Episode's GuestErika Meitner is a poet, a parent, and a teaching artist in the academy, currently at Virginia Tech where she is Professor of English in the creative writing programs.  Her latest collection of poetry, Holy Moly Carry Me, is the winner of the 2018 National Jewish Book Award in poetry, and a finalist for the 2018 National Book Critics Circle award in poetry. In addition to her poetry, she also creates large-scale documentary photo/text projects on urban environments and conducts ethnographic research with coastal communities dealing with the impacts of both development and climate change. Her sixth book of poems, Useful Junk, is forthcoming in Spring 2022. You can find her work at ErikaMeitner.com. Executive Producer/Host: Leslie Jennings RowleyMusic: Brian Burrows Find more episodes at https://roadstakenshow.comEmail the show at RoadsTakenShow@gmail.com 

Paul Selig is considered to be one of the foremost spiritual channels working today. In his breakthrough works of channeled literature — I Am the Word, The Book of Love and Creation, The Book of Knowing and Worth, The Book of Mastery, The Book of Truth, The Book of Freedom, and the Beyond the Known Trilogy: Realization, Alchemy, and The Kingdom (see books page) — author and medium Paul Selig has recorded an extraordinary program for personal and planetary evolution as humankind awakens to its own divine nature. Paul was born in New York City and received his master's degree from Yale. A spiritual experience in 1987 left him clairvoyant. As a way to gain a context for what he was beginning to experience he studied a form of energy healing and began to “hear” for his clients. Described as “a medium for the living,” Paul has the unique ability to step-into and “become” the people his clients ask about, often taking on their personalities and physical characteristics as he “hears” them telepathically. Paul's work is widely featured in a variety of media, including ABC News Nightline, Fox News, the Biography Channel series The UneXplained, Gaiam TV's Beyond Belief, and the documentary film PGS: Your Personal Guidance System. He has appeared on numerous radio shows and podcasts including Coast to Coast AM with George Noory and Bob Olson's Afterlife TV. Paul offers channeled workshops internationally and serves on the faculty of The Omega Institute, The Kripalu Center, and the Esalen Institute. Also a noted educator, he served on the faculty of NYU for over 25 years and directed the MFA in Creative Writing Program at Goddard College. He lives in New York City where he maintains a private practice as an intuitive and conducts frequent live-stream seminars.

The saga of The New York Times Bestselling book The Henna Artist, continues in this novel. Born in Jodhpur, Rajasthan, India, Alka Joshi has lived in the U.S. since the age of nine. She has a BA from Stanford University and an MFA from California College of the Arts. She ran her own advertising and PR agency for 30 years. The Henna Artist was her first novel. Currently, she is working on the third book of the trilogy and a screen adaption of The Henna Artist. https://alkajoshi.com Along with all the perks of becoming an adult come challenges and the need to learn skills that help you self-regulate as you venture into new experiences. Kristi Hugstad is the author of Beneath the Surface: A Teen's Guide to Reaching Out when You or Your Friend Is in Crisis. Ever since her husband completed suicide in 2012, she has dedicated her life to helping to abolish the stigma of mental illness and suicide. A certified grief recovery specialist and a grief and loss facilitator for recovering addicts at South Coast Behavioral Health, Kristi frequently speaks at high schools. https://www.thegriefgirl.com

Sonya Huber (@sonyahuber) is the author of the memoir Supremely Tiny Acts: A Memoir of a Day (Mad Creek Books).  Show notes: brendanomeara.com Support: patreon.com/cnfpod Social Media: @CNFPod Sponsor: West Virginia Wesleyan College's MFA in Creative Writing

Today we're celebrating a win! We're talking to organizers and leaders at National Nurses United (NNU),who recently ran a very impactful campaign to get Representative John Garamendi from California to commit to being a co-sponsor for the Medicare for All bill in Congress. Representative Garamendi supported previous versions of Medicare for All legislation, but had not signed on since Representative Pramila Jayapal became the lead sponsor and rewrote the bill in 2019. After a long campaign using multiple tactics, NNU and local organizers were able to bring him back into the fold and he has committed to co-sponsoring the bill. Show Notes Our guests are: Deborah Burger, RN, Co-President of National Nurses United, the country's largest union of bedside nurses; Jasmine Ruddy, Medicare for All Team Lead, National Nurses United; and Max Cotterill, Community Organizer, National Nurses United (and our MFA national team lead for this campaign). Deborah first tells us how the pandemic has affected nurses and patient care, and how a Medicare for All system would have made for a far better pandemic response for patients and healthcare workers. Profit-driven hospitals have focused on the bottom line and as a result, haven't had the supplies, resources or staff to adequately respond to a public health crisis. Nurses are experiencing moral suffering as a result of being forced to work in unsafe environments where they can't provide the care that they've been trained to give. On top of that, hundreds of RNs are among the thousands of healthcare workers who have died of COVID. Many of those deaths can be connected back to inadequate protection and infection control in the workplace. Finally, a Medicare for all system would include a robust public health system, responsible for reliable, science-based information and national coordination of supplies and resources from Day 1. Instead the market-based system of hospitals and health insurance have put up barriers to care, hurt patients and healthcare workers, and exacerbated the crisis of the pandemic. While it's clear to many of us that the pandemic made it obvious why we need a Medicare for All system, that revelation unfortunately did not sweep through Congress. Jasmine tells us about NNU's broader strategy this past year, and why securing Representative Garamendi's co-sponsorship was a priority. When the Medicare for All bill was reintroduced in the House this spring, it was more urgent than ever to build momentum for this legislation. In the weeks leading up to the reintroduction, partner organizations and volunteers organized to get 112 original co-sponsors on the bill. In the weeks that followed, that list went up to 118, more than half of the Democrats in the House. But that would still not be enough, so NNU focused on organizing in districts of Democrats who weren't yet co-sponsors. In the fall, volunteer-led district level campaigns focused on four members of congress: Representative Albio Sires (NJ-8), Representative Joyce Beatty (OH-3), Representative Vicente Gonzalez (TX-15) and Representative John Garamendi (CA-3). National Nurses United used several COVID-safe tactics to move Representative Garamendi, including a car caravan (left) and projection onto Garamendi's district office in Davis CA (right). Source: https://www.facebook.com/nationalnurses/photos Max tells us about the creative, COVID-safe tactics they used to help move elected officials. The campaign first textbanked voters to identify supporters, then organized volunteers around the country to send handwritten postcards to Medicare for All supporters in the district asking them to call their Representative, and finally held a day of action featuring a car caravan in the biggest city in the district. The car caravan was planned around the local farmers' market, a big community event, ensuring lots of visibility. It also garnered earned media,

Krista's focus on research and strategy combined with her background in UX and service design, allows her to bridge the strategy and design practices. As an experienced designer and strategist, she has worked with brands such as Fidelity, American Greetings, the Department of Defense, Bose, MINI, and National Geographic Channel. Before making the transition to an agency, Krista worked for several years in higher education as an educational technologist specializing in instructional design, visual design, and media literacy. She combines her background in teaching and learning with design research, design thinking, service design, and strategy to advocate for human-centered experiences. Krista holds an MFA in Design Management from the Savannah College of Art and Design. She has designed and taught college courses in methods of contextual research, human factors, innovation, and service design. She is currently an adjunct profession of the MDes, Design Innovation program at MassArt --- Send in a voice message: https://anchor.fm/thinkfuture/message Support this podcast: https://anchor.fm/thinkfuture/support

How do you honor your body? If we could model appreciation and honor for our body, to our children, what would that look like? If we could ease our stress concerning our children's ability to hit physical and developmental milestones, how much pressure would we take off ourselves and our children? Today we'll dive into honor and appreciation for our body, the Alexander Technique, and the ridiculous pressure we put on ourselves and our kids for them to hit developmental milestones prescribed by other people. Imagine the relationship you can develop with another human being when you can accept them for who they are without having to change them. We'll kick off our show with The Raise a Glass Series, get on to our questions to explore, and end with A Short Story Before We Go. MFA is the sometimes-musical, dramedy, in 3 acts, 1 intermission, the length of a sitcom designed to give mama's (and any caregiver) a break in the day to breathe and reset along with a much needed audio hug.  Quote: "It will all work out. Now it may not work out how you think it will or how you hope it does, but believe me, it will all work out exactly as it's supposed to. Our job is to have zero expectations and just let go." Ted Lasso in Ted Lasso. Act I: The Raise a Glass Series·       The Raise a Glass Series is a space for reflection and gratitude centered around the topic of the day and inspired by lyrics from Hamilton the Musical.Today's lyrics – “I'm not falling behind or running late. I'm not standing still I am lying in wait.” Act II: Main Questions·       How do you honor your body? ·       How can we use our bodies more efficiently, safely, and creatively? ·       If we could model appreciation and honor for our body, to our children, what would that look like? ·       If we could ease our stress concerning our children's ability to hit physical and developmental milestones, how much pressure would we take off ourselves and our children? ·       What would removing that pressure mean for our relationship? ·       What can we gain by daily movement with our family?Intermission: Angelica InterludeTricky Trickster of Potty Jokes & Insults Act III: A Short Story Before We GoAutumn in New York with Alexander…Alexander Technique, that isEpisode transcript: available at https://www.mfaparentingedition.com/042Sources that helped inspire this episode:·       Connect with Me:Best way - taisha@mfparentingedition.comIG - @mfaparentingeditionSupport the Show: buy me a drink to say “hey, keep up the good work”, just go to                     www.buymeacoffee.com/mfaparentingSupport the show (https://www.buymeacoffee.com/mfaparenting)

Stacy D. Flood is the author of the novella The Salt Fields, available from Lanternfish Press. Originally from Buffalo, and currently living in Seattle, Stacy's work has been published and performed nationally as well as in the Puget Sound Area. Having received his MFA in Creative Writing from San Francisco State University, he has also been an artist-in-residence at DISQUIET in Lisbon, as well as The Millay Colony of the Arts. In addition, he is the recipient of the Gregory Capasso Award in Fiction from the University at Buffalo, along with a Getty Fellowship to the Squaw Valley Community of Writers. *** Otherppl with Brad Listi is a weekly literary podcast featuring in-depth interviews with today's leading writers. Launched in 2011. Books. Literature. Writing. Publishing. Authors. Screenwriters. Etc. Available where podcasts are available: Apple Podcasts, Spotify, Stitcher, iHeart Radio, etc. Subscribe to Brad Listi's email newsletter. Support the show on Patreon Merch @otherppl Instagram  YouTube Email the show: letters [at] otherppl [dot] com The podcast is a proud affiliate partner of Bookshop, working to support local, independent bookstores. Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode 87 features Allana Clarke (b. 1987) is a Trinidadian-American artist whose practice is built upon a foundation of uncertainty, curiosity, a will to heal, and an insistence upon freedom. Fluidly moving through photography, sculptural and text-based works, video and performance, her research-based practice incorporates socio-political and art historical texts, to contend with ideas of Blackness, the binding nature of bodily signification, and of the possibility to create non-totalizing identifying structures. Clarke received her BFA in photography from New Jersey City University in 2011 and an MFA in Interdisciplinary Practice from MICA's Mount Royal School of Art in 2014. She is an assistant professor at Wayne State University in Detroit. Clarke has been an artist in residence at the Skowhegan School of Painting & Sculpture, The Vermont Studio Center, Lighthouse Works, and Yaddo. She has received several grants including the Toby Devan Lewis Fellowship, Franklin Furnace Fund, and a Puffin Foundation Grant. Her work has been screened and performed at Gibney Dance in NY, Invisible Export NY, New School Glassbox Studio NY, FRAC in Nantes, France, SAVVY Contemporary in Berlin and was featured in the Bauhaus Centennial edition Bauhaus Now: Is Modernity an Attitude. She recently completed a 2020-21 NXTHVN fellowship, a mentorship program co-founded by artist Titus Kaphar. Clarke is represented by Galerie Thomas Zander in Cologne and Kavi Gupta Gallery in Chicago 2023 Forthcoming solo exhibition with Kavi Gupta Gallery, Chicago, IL 2022 An Infinitive Breath, Galerie Thomas Zander, Cologne, Germany (Forthcoming, March) A Particular Fantasy, Solo companion exhibitions, Art Omi. Ghent, NY and Bennington College. Bennington, VT Artist website https://allanaclarke.com/ Galerie Zander www.galeriezander.com Kavi Gupta Gallery https://kavigupta.com/artists/89-allana-clarke/ Culture Magazine https://www.culturedmag.com/article/2021/12/03/tomorrows-stars-are-on-display-at-art-basel-miami-beach-2021 The Armory https://www.thearmoryshow.com/armory-live/reads/features/interview-with-the-2021-gramercy-international-prize-winner NXTHVN https://www.nxthvn.com/residents/allana-clarke/ Wayne State University https://cfpca.wayne.edu/news/artist-allana-clarke-joins-art-department-faculty-40791 M|I|C/A https://www.mica.edu/art-articles/details/allana-clarke/ Ocula https://ocula.com/art-galleries/kavi-gupta-gallery/artworks/allana-clarke/aftermaths/

Amanda Shires is a creative force of the highest nature. She's a Grammy-winning singer, songwriter, and violinist; and after already accomplishing so much in her career, her love of words and poetry compelled her to pursue an MFA in creative writing, which she got from Sewanee University of the South. She's also a painter.In this episode, Maggie and Amanda talk about her approach to songwriting, how she found time to get her MFA while balancing music and family - she and her husband, Grammy winning songwriter and artist Jason Isbell are raising their daughter Mercy while also balancing their respective impressive careers. They also discuss the challenges and rewards of motherhood, and Amanda shares her story of becoming an activist and the moment when she decided to start her own band, The Highwomen.Grammy-winning singer, songwriter and violinist Amanda Shires began her career as a teenager playing fiddle with the Texas Playboys. Through the years, she has toured and recorded with notable artists including John Prine, Billy Joe Shaver, Todd Snider, Shovels and Rope, Gregg Allman, Justin Townes Earle, Jason Isbell & the 400 Unit, and more. In 2019, Shires formed country supergroup The Highwomen alongside Brandi Carlile, Maren Morris, and Natalie Hemby. Her new album, For Christmas, is a collection of mostly original songs that illuminate the wide range of emotions and sentiments that people feel around the holidays.Salute the Songbird is brought to you by Osiris Media. Hosted by Maggie Rose. Produced by Austin Marshall, Maggie Rose, Kirsten Cluthe and Brad Stratton. Music by Maggie Rose. Show logo by Premier Music Group. Graphics by Katherine Boils. See acast.com/privacy for privacy and opt-out information.

Both stage acting and fiction writing are practices in understanding and embodying characters. Cordis Paldano of Minnesota State University, Mankato joins Jared to discuss the ways his acting career informs his writing, the pros and cons of starting the MFA at an older age, and the experience of publishing a children's novel he wrote in under two months. Cordis Paldano is a third-year MFA student in Fiction at Minnesota State University. Previously, he was a theatre artist studying acting at the French National Academy of Drama in Paris. He has performed in over 25 plays in India and France, and co-founded a theatre company in Pondicherry. He is also the author of a 2018 children's novel (Hachette India). This episode was requested by Ailee Slater. Thank you for listening, Ailee! BE PART OF THE SHOW — Leave a rating and review on Apple Podcasts, Podchaser, or Podcast Addict. — Submit an episode request. If there's a program you'd like to learn more about, contact us and we'll do our very best to find a guest who can speak to their experience. STAY CONNECTED Twitter: @MFAwriterspod Instagram: @MFAwriterspodcast Facebook: MFA Writers Email: mfawriterspodcast@gmail.com

Davoud Gerami. A cosmopolite by nature, Davoud is a filmmaker and visual artist with an MFA in Documentary Media from Ryerson University in Toronto, Canada. His experience with the cinematic medium spans over two decades and has taken him to the four corners of the planet. His area of interest is the condition of human, as well as all the wide and interdisciplinary territories this subject covers; include Social Justice, Internationalism, the Environment, and the Culture Industry.

Chip Scanlan (@chipscanlan) is the author of Writers on Writing. He's a teacher, writer, journalist, novelist, etc. A great dude, too. Patreon: patreon.com/cnfpod Social: @CNFPod Newsletter: brendanomeara.com Sponsor: West Virg. Wesleyan College's MFA in Creative Writing