Podcasts about postfix

Limiting Process Priority in a FreeBSD Jail, Why You Should Use FreeBSD, The web fun fact that domains can end in dots and canonicalization failures, Replacing postfix with dma + auth, modern unix tool list, Smol KVM, The Computers of Voyager NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines FreeBSD Tips and Tricks: Limiting Process Priority in a FreeBSD Jail (https://it-notes.dragas.net/2024/07/11/limiting-process-priority-in-freebsd-jail/) Why You Should Use FreeBSD (https://freebsdfoundation.org/blog/why-you-should-use-freebsd/) News Roundup The web fun fact that domains can end in dots and canonicalization failures (https://utcc.utoronto.ca/~cks/space/blog/web/DomainDotsAndCanonicalization) Replacing postfix with dma + auth (https://dan.langille.org/2024/08/02/replacing-postfix-with-dma-auth/) modern unix tool list (https://notes.billmill.org/computer_usage/cli_tips_and_tools/modern_unix_tool_list.html) Smol KVM (https://adventurist.me/posts/00324) The Computers of Voyager (https://hackaday.com/2024/05/06/the-computers-of-voyager/) Beastie Bits No unmodified files remain from original import of OpenBSD (https://www.undeadly.org/cgi?action=article;sid=20240824114631) The BSDCan 2024 Playlist is now complete (https://www.undeadly.org/cgi?action=article;sid=20240814053159) UDP parallel input committed to -current (http://undeadly.org/cgi?action=article;sid=20240727110501) Your browser is your Computer (https://www.exaequos.com) For the member-berries (https://defrag98.com) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

En el episodio 88 del podcast de Entre Dev y Ops hablaremos sobre la compra de HashiCorp por parte de IBM. Blog Entre Dev y Ops - https://www.entredevyops.es Telegram Entre Dev y Ops - https://t.me/entredevyops Twitter Entre Dev y Ops - https://twitter.com/entredevyops LinkedIn Entre Dev y Ops - https://www.linkedin.com/company/entredevyops/ Patreon Entre Dev y Ops - https://www.patreon.com/edyo Amazon Entre Dev y Ops - https://amzn.to/2HrlmRw Enlaces comentados: Artículo en el Blog de Hashicorp - https://www.hashicorp.com/blog/hashicorp-joins-ibm Nota de prensa de IBM - https://newsroom.ibm.com/2024-04-24-IBM-to-Acquire-HashiCorp-Inc-Creating-a-Comprehensive-End-to-End-Hybrid-Cloud-Platform Artículo de RevistaCloud sobre la adquisición - https://revistacloud.com/ibm-adquiere-hashicorp-en-una-jugada-estrategica-para-el-software-y-servicios-en-la-nube/ Píldora 9: IBM compra RedHat - https://www.entredevyops.es/podcasts/pildora-9.html Píldora 21: OpenTofu - https://www.entredevyops.es/podcasts/pildora-21.html Podcast 80: Hashicorp adopta la BUSL 1.1 - https://www.entredevyops.es/podcasts/podcast-80.html Acusación de Hashicorp a OpenTofu - https://www.infoworld.com/article/3714980/opentofu-may-be-showing-us-the-wrong-way-to-fork.html Página proyectos Open Source de IBM - https://www.ibm.com/opensource/  mdadm - https://raid.wiki.kernel.org/index.php/Linux_Raid Postfix - https://en.wikipedia.org/wiki/Postfix_(software) La charla sobre Postfix en FOSDEM de Wietse Venema - https://archive.fosdem.org/2014/schedule/event/postfix_lessons_learned_and_recent_developments/ IBM Redbooks - https://www.redbooks.ibm.com/

AppArmor unprivileged user namespace restrictions are back on the agenda this week as we survey the latest improvements to this hardening feature in the upcoming Ubuntu 24.04 LTS, plus we discuss SMTP smuggling in Postfix, runC container escapes and Qualys' recent disclosure of a privilege escalation exploit for GNU libc and more.

Wireguard VPN Server with Unbound on OpenBSD, Auditing for OpenZFS Storage Performance, OpenBSD 7.2 on a Thinkpad X201, Practical Guides to fzf, Replacing postfix with dma, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines How To Set Up a Wireguard VPN Server with Unbound on OpenBSD (https://marcocetica.com/posts/wireguard_openbsd/) Auditing for OpenZFS Storage Performance (https://klarasystems.com/articles/openzfs-auditing-for-storage-performance/) News Roundup Some notes on OpenBSD 7.2 on a Thinkpad X201 (https://box.matto.nl/some-notes-on-openbsd-72-on-a-thinkpad-x201.html) fzf A Practical Guide to fzf: Building a File Explorer (https://thevaluable.dev/practical-guide-fzf-example/) A Practical Guide to fzf: Shell Integration (https://thevaluable.dev/fzf-shell-integration/) *** Replacing postfix with dma (https://dan.langille.org/2023/02/28/replacing-postfix-with-dma/) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Dennis - Thanks (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/500/feedback/Dennis%20-%20Thanks.md) Luna - Trillian (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/500/feedback/Luna%20-%20trillian.md) Lyubomir - ipfw question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/500/feedback/Lyubomir%20-%20ipfw%20question.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

Uppvärmning/uppföljning Fredrik sabbar sladd Elspartips AirFryer-hörnan: köttbullar och majskolv Bilhandlardrama Jocke blockar fler och fler tld:er i sin mailserver. Datormagazin Retro #6: 100%+ bokat! (1136 beställningar och 42 av dem köpte 1337-paketet) Archörnan - synkar inte fastnålade flikar ordentligt? Ämnen IOS 16: Sena intryck Fredrik vet nu när man får ha djupeffekten på hemskärmen Nya omslagsvisningen på låsskärmen är finfin Fokus blir mer användbart Hem-appen Batterisymbolen Dexcom Follow för Apple Watch i Europa. Halvhjärtat. Dela dokument och filer inom förening Den sista disketten är ännu inte såld Retrospel: Huntdown och Return to monkey island Film & TV SkyShowtime ersätter Paramount+. Secrets of Sulphur Springs. För barn/ungdomar på Disney+. The Grand Tour: A Scandi Flick. 3,5/5 BMÅ (J) Blade Runner 2099 Länkar Affärsdrivande statliga verk Jockes blocklista för Postfix Filmlistan Peter Esses film - lönar sig rörligt elpris? Arc Köp Datormagazin retro #6 Clear Viticcis IOS-recension Passkeys Mullvad bygger hårdvara Copland Opencore legacy patcher Installera macOS på äldre Mac Kaby lake Dexcom follow Sugarmate Access Den siste försäljaren av disketter Zencastr Return to monkey island Thimbleweed park Steams Monkey Island-erbjudande Huntdown Skyshowtime Pinocchio (2022) Secrets of Sulphur springs The Grand Tour: A Scandi Flick Blade Runner 2099 RSS 2.0 fyller 20 år Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-326-peakar-pa-1700.watt.html

Uppvärmning/uppföljning Vi testar nya sätt och möblemang, allt för det perfekta ljudet Datormagazin Retro #6: 95% bokat. Jocke har blivit med 11” Macbook Air. Oväntat trevlig återkomst. Jocke säljer sin iMac. Köp och fynda finfin data. Spamflod från en rad nya tld:er. Jocke blockar hårt. Jocke skapar github-repo lajv! Ämnen IOS 16: Tidiga intryck? Fredrik skannar sina öron … och frilägger bilder Stickerclip - det perfekta komplementet Diffusion bee - AI-bilder som tidsfördriv, och Mac-app Film & TV Handmaids Tale säsong fem börjar denna vecka Länkar Zencastr Datormagazin retro #6 är numera i hamn! Nyhetsbrevet Uppsnappat Jockes pappas dator blev kapad - hela historien i avsnitt 323 Elvatums Macbook air När Jocke köpte tolvtummare Köp Jockes iMac Markdown med Github-smak Spamassassin Spamhaus Postfix Jockes Github-repo med blockade tld:er Octocatklistermärken Github-flavored markdown Stickerclip Diffusion bee - AI-bilder som tidsfördriv, och Mac-app DALL-E Stable diffusion Cortex pratar AI som ritar bilder Handmaid's tale, säsong fem Downstream Verge presenterar sin nya design Kollijox Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-325-vi-testar-nagot-annat-som-omvaxling.html

About AnilAnil Dash is the CEO of Glitch, the friendly developer community where coders collaborate to create and share millions of web apps. He is a recognized advocate for more ethical tech through his work as an entrepreneur and writer. He serves as a board member for organizations like the Electronic Frontier Foundation, the leading nonprofit defending digital privacy and expression, Data & Society Research Institute, which researches the cutting edge of tech's impact on society, and The Markup, the nonprofit investigative newsroom that pushes for tech accountability. Dash was an advisor to the Obama White House's Office of Digital Strategy, served for a decade on the board of Stack Overflow, the world's largest community for coders, and today advises key startups and non-profits including the Lower East Side Girls Club, Medium, The Human Utility, DonorsChoose and Project Include.As a writer and artist, Dash has been a contributing editor and monthly columnist for Wired, written for publications like The Atlantic and Businessweek, co-created one of the first implementations of the blockchain technology now known as NFTs, had his works exhibited in the New Museum of Contemporary Art, and collaborated with Hamilton creator Lin-Manuel Miranda on one of the most popular Spotify playlists of 2018. Dash has also been a keynote speaker and guest in a broad range of media ranging from the Obama Foundation Summit to SXSW to Desus and Mero's late-night show.Links: Glitch: https://glitch.com Web.dev: https://web.dev Glitch Twitter: https://twitter.com/glitch Anil Dash Twitter: https://twitter.com/anildash TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: It seems like there is a new security breach every day. Are you confident that an old SSH key, or a shared admin account, isn't going to come back and bite you? If not, check out Teleport. Teleport is the easiest, most secure way to access all of your infrastructure. The open source Teleport Access Plane consolidates everything you need for secure access to your Linux and Windows servers—and I assure you there is no third option there. Kubernetes clusters, databases, and internal applications like AWS Management Console, Yankins, GitLab, Grafana, Jupyter Notebooks, and more. Teleport's unique approach is not only more secure, it also improves developer productivity. To learn more visit: goteleport.com. And not, that is not me telling you to go away, it is: goteleport.com.Corey: It seems like there is a new security breach every day. Are you confident that an old SSH key, or a shared admin account, isn't going to come back and bite you? If not, check out Teleport. Teleport is the easiest, most secure way to access all of your infrastructure. The open source Teleport Access Plane consolidates everything you need for secure access to your Linux and Windows servers—and I assure you there is no third option there. Kubernetes clusters, databases, and internal applications like AWS Management Console, Yankins, GitLab, Grafana, Jupyter Notebooks, and more. Teleport's unique approach is not only more secure, it also improves developer productivity. To learn more visit: goteleport.com. And not, that is not me telling you to go away, it is: goteleport.com.Corey: This episode is sponsored in part by our friends at Redis, the company behind the incredibly popular open source database that is not the bind DNS server. If you're tired of managing open source Redis on your own, or you're using one of the vanilla cloud caching services, these folks have you covered with the go to manage Redis service for global caching and primary database capabilities; Redis Enterprise. To learn more and deploy not only a cache but a single operational data platform for one Redis experience, visit redis.com/hero. Thats r-e-d-i-s.com/hero. And my thanks to my friends at Redis for sponsoring my ridiculous non-sense.  Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Today's guest is a little bit off the beaten path from the cloud infrastructure types I generally drag, kicking and screaming, onto the show. If we take a look at the ecosystem and where it's going, it's clear that in the future, not everyone who wants to build a business, or a tool, or even an application is going to necessarily spring fully-formed into the world from the forehead of some God, knowing how to code. And oh, “I'm going to go to a boot camp for four months to learn how to do it first,” is increasingly untenable. I don't know if you would call it low-code or not. But that's how it feels. My guest today is Anil Dash, CEO of Glitch. Anil, thank you for joining me.Anil: Thanks so much for having me.Corey: So, let's get the important stuff out of the way first, since I have a long-standing history of mispronouncing the company Twitch as ‘Twetch,' I should probably do the same thing here. So, what is Gletch? And what does it do?Anil: Glitch is, at its simplest, a tool that lets you build a full-stack app in your web browser in about 30 seconds. And, you know, for your community, your audience, it's also this ability to create and deploy code instantly on a full-stack server with no concern for deploy, or DevOps, or provisioning a container, or any of those sort of concerns. And what it is for the users is, honestly, a community. They're like, “I looked at this app that was on Glitch; I thought it was cool; I could do what we call [remixing 00:02:03].” Which is to kind of fork that app, a running app, make a couple edits, and all of a sudden live at a real URL on the web, my app is running with exactly what I built. And that's something that has been—I think, just captured a lot of people's imagination to now where they've built over 12 or 15 million apps on the platform.Corey: You describe it somewhat differently than I would, and given that I tend to assume that people who create and run successful businesses don't generally tend to do it without thought, I'm not quite, I guess, insufferable enough to figure out, “Oh, well, I thought about this for ten seconds, therefore I've solved a business problem that you have been needling at for years.” But when I look at Glitch, I would describe it as something different than the way that you describe it. I would call it a web-based IDE for low-code applications and whatnot, and you never talk about it that way. Everything I can see there describes it talks about friendly creators, and community tied to it. Why is that?Anil: You're not wrong from the conventional technologist's point of view. I—sufficient vintage; I was coding in Visual Basic back in the '90s and if you squint, you can see that influence on Glitch today. And so I don't reject that description, but part of it is about the audience we're speaking to, which is sort of a next generation of creators. And I think importantly, that's not just age, right, but that could be demographic, that can be just sort of culturally, wherever you're at. And what we look at is who's making the most interesting stuff on the internet and in the industry, and they tend to be grounded in broader culture, whether they're on, you know, Instagram, or TikTok, or, you know, whatever kind of influencer, you want to point at—YouTube.And those folks, they think of themselves as creators first and they think of themselves as participating in the community first and then the tool sort of follow. And I think one of the things that's really striking is, if you look at—we'll take YouTube as an example because everyone's pretty familiar with it—they have a YouTube Creator Studio. And it is a very rich and deep tool. It does more than, you know, you would have had iMovie, or Final Cut Pro doing, you know, 10 or 15 years ago, incredibly advanced stuff. And those [unintelligible 00:04:07] use it every day, but nobody goes to YouTube and says, “This is a cloud-based nonlinear editor for video production, and we target cinematographers.” And if they did, they would actually narrow their audience and they would limit what their impact is on the world.And so similarly, I think we look at that for Glitch where the social object, the central thing that people organize around a Glitch is an app, not code. And that's this really kind of deep and profound idea, which is that everybody can understand an app. Everybody has an idea for an app. You know, even the person who's, “Ah, I'm not technical,” or, “I'm not really into technology,” they're like, “But you know what? If I could make an app, I would make this.”And so we think a lot about that creative impulse. And the funny thing is, that is a common thread between somebody that literally just got on the internet for the first time and somebody who has been doing cloud deploys for as long as there's been a cloud to deploy to, or somebody has been coding for decades. No matter who you are, you have that place that is starting from what's the experience I want to build, the app I want to build? And so I think that's where there's that framing. But it's also been really useful, in that if you're trying to make a better IDE in the cloud and a better text editor, and there are multiple trillion-dollar companies that [laugh] are creating products in that category, I don't think you're going to win. On the other hand, if you say, “This is more fun, and cooler, and has a better design, and feels better,” I think we could absolutely win in a walk away compared to trillion-dollar companies trying to be cool.Corey: I think that this is an area that has a few players in it could definitely stand to benefit by having more there. My big fear is not that AWS is going to launch stuff in your space and drive you out of business; I think that is a somewhat naive approach. I'm more concerned that they're going to try to launch something in your space, give it a dumb name, fail that market and appropriately, not understand who it's for and set the entire idea back five years. That is, in some cases, it seems like their modus operandi for an awful lot of new markets.Anil: Yeah, I mean, that's not an uncommon problem in any category that's sort of community driven. So, you know, back in the day, I worked on building blogging tools at the beginning of this, sort of, social media era, and we worried about that a lot. We had built some of the first early tools, Movable Type, and TypePad, and these were what were used to launch, like, Gawker and Huffington Post and all the, sort of, big early sites. And we had been doing it a couple years—and then at that time, major player—AOL came in, and they launched their own AOL blog service, and we were, you know, quaking in our boots. I remember just being kind of like, pit in your stomach, “Oh, my gosh. This is going to devastate the category.”And as it turns out, people were smart, and they have taste, and they can tell. And the domain that we're in is not one that is about raw computing power or raw resources that you can bring to bear so much as it is about can you get people to connect together, collaborate together, and feel like they're in a place where they want to make something and they want to share it with other people? And I mean, we've never done a single bit of advertising for Glitch. There's never been any paid acquisition. There's never done any of those things. And we go up against, broadly in the space, people that have billboards and they buy out all the ads of the airport and, you know, all the other kind of things we see—Corey: And they do the typical enterprise thing where they spend untold millions in acquiring the real estate to advertise on, and then about 50 cents on the message, from the looks of it. It's, wow, you go to all this trouble and expense to get something in front of me, and after all of that to get my attention, you don't have anything interesting to say?Anil: Right.Corey: [crosstalk 00:07:40] inverse of that.Anil: [crosstalk 00:07:41] it doesn't work.Corey: Yeah. Oh, yeah. It's brand awareness. I love that game. Ugh.Anil: I was a CIO, and not once in my life did I ever make a purchasing decision based on who was sponsoring a golf tournament. It never happened, right? Like, I never made a call on a database platform because of a poster that was up at, you know, San Jose Airport. And so I think that's this thing that developers in particular, have really good BS filters, and you can sort of see through.Corey: What I have heard about the airport advertising space—and I but a humble cloud economist; I don't know if this is necessarily accurate or not—but if you have a company like Accenture, for example, that advertises on airport billboards, they don't even bother to list their website. If you go to their website, it turns out that there's no shopping cart function. I cannot add ‘one consulting' to my cart and make a purchase.Anil: “Ten pounds of consult, please.”Corey: Right? I feel like the primary purpose there might very well be that when someone presents to your board and says, “All right, we've had this conversation with Accenture.” The response is not, “Who?” It's a brand awareness play, on some level. That said, you say you don't do a bunch traditional advertising, but honestly, I feel like you advertise—more successfully—than I do at The Duckbill Group, just by virtue of having a personality running the company, in your case.Now, your platform is for the moment, slightly larger than mine, but that's okay,k I have ambition and a tenuous grasp of reality and I'm absolutely going to get there one of these days. But there is something to be said for someone who has a track record of doing interesting things and saying interesting things, pulling a, “This is what I do and this is how I do it.” It almost becomes a personality-led marketing effort to some degree, doesn't it?Anil: I'm a little mindful of that, right, where I think—so a little bit of context and history: Glitch as a company is actually 20 years old. The product is only a few years old, but we were formerly called Fog Creek Software, co-founded by Joel Spolsky who a lot of folks will know from back in the day as Joel on Software blog, was extremely influential. And that company, under leadership of Joel and his co-founder Michael Pryor spun out Stack Overflow, they spun out Trello. He had created, you know, countless products over the years so, like, their technical and business acumen is off the charts.And you know, I was on the board of Stack Overflow from, really, those first days and until just recently when they sold, and you know, you get this insight into not just how do you build a developer community that is incredibly valuable, but also has a place in the ecosystem that is unique and persists over time. And I think that's something that was very, very instructive. And so when it came in to lead Glitch I, we had already been a company with a, sort of, visible founder. Joel was as well known as a programmer as it got in the world?Corey: Oh, yes.Anil: And my public visibility is different, right? I, you know, I was a working coder for many years, but I don't think that's what people see me on social media has. And so I think, I've been very mindful where, like, I'm thrilled to use the platform I have to amplify what was created on a Glitch. But what I note is it's always, “This person made this thing. This person made this app and it had this impact, and it got these results, or made this difference for them.”And that's such a different thing than—I don't ever talk about, “We added syntax highlighting in the IDE and the editor in the browser.” It's just never it right. And I think there are people that—I love that work. I mean, I love having that conversation with our team, but I think that's sort of the difference is my enthusiasm is, like, people are making stuff and it's cool. And that sort of is my lens on the whole world.You know, somebody makes whatever a great song, a great film, like, these are all things that are exciting. And the Glitch community's creations sort of feel that way. And also, we have other visible people on the team. I think of our sort of Head of Community, Jenn Schiffer, who's a very well known developer and her right. And you know, tons of people have read her writing and seen her talks over the years.And she and I talk about this stuff; I think she sort of feels the same way, which is, she's like, “If I were, you know, being hired by some cloud platform to show the latest primitives that they've deployed behind an API,” she's like, “I'd be miserable. Like, I don't want to do that in the world.” And I sort of feel the same way. But if you say, “This person who never imagined they would make an app that would have this kind of impact.” And they're going to, I think of just, like, the last couple of weeks, some of the apps we've seen where people are—it could be [unintelligible 00:11:53]. It could be like, “We made a Slack bot that finally gets this reporting into the right channel [laugh] inside our company, but it was easy enough that I could do it myself without asking somebody to create it even though I'm not technically an engineer.” Like, that's incredible.The other extreme, we have people that are PhDs working on machine learning that are like, “At the end of the day, I don't want to be responsible for managing and deploying. [laugh]. I go home, and so the fact that I can do this in create is really great.” I think that energy, I mean, I feel the same way. I still build stuff all the time, and I think that's something where, like, you can't fake that and also, it's bigger than any one person or one public persona or social media profile, or whatever. I think there's this bigger idea. And I mean, to that point, there are millions of developers on Glitch and they've created well over ten million apps. I am not a humble person, but very clearly, that's not me, you know? [laugh].Corey: I have the same challenge to it's, effectively, I have now a 12 employee company and about that again contractors for various specialized functions, and the common perception, I think, is that mostly I do all the stuff that we talk about in public, and the other 11 folks sort of sit around and clap as I do it. Yeah, that is only four of those people's jobs as it turns out. There are more people doing work here. It's challenging, on some level, to get away from the myth of the founder who is the person who has the grand vision and does all the work and sees all these things.Anil: This industry loves the myth of the great man, or the solo legend, or the person in their bedroom is a genius, the lone genius, and it's a lie. It's a lie every time. And I think one of the things that we can do, especially in the work at Glitch, but I think just in my work overall with my whole career is to dismantle that myth. I think that would be incredibly valuable. It just would do a service for everybody.But I mean, that's why Glitch is the way it is. It's a collaboration platform. Our reference points are, you know, we look at Visual Studio and what have you, but we also look at Google Docs. Why is it that people love to just send a link to somebody and say, “Let's edit this thing together and knock out a, you know, a memo together or whatever.” I think that idea we're going to collaborate together, you know, we saw that—like, I think of Figma, which is a tool that I love. You know, I knew Dylan when he was a teenager and watching him build that company has been so inspiring, not least because design was always supposed to be collaborative.And then you think about we're all collaborating together in design every day. We're all collaborating together and writing in Google Docs—or whatever we use—every day. And then coding is still this kind of single-player game. Maybe at best, you throw something over the wall with a pull request, but for the most part, it doesn't feel like you're in there with somebody. Certainly doesn't feel like you're creating together in the same way that when you're jamming on these other creative tools does. And so I think that's what's been liberating for a lot of people is to feel like it's nice to have company when you're making something.Corey: Periodically, I'll talk to people in the AWS ecosystem who for some reason appear to believe that Jeff Barr builds a lot of these services himself then writes blog posts about them. And it's, Amazon does not break out how many of its 1.2 million or so employees work at AWS, but I'm guessing it's more than five people. So yeah, Jeff probably only wrote a dozen of those services himself; the rest are—Anil: That's right. Yeah.Corey: —done by service teams and the rest. It's easy to condense this stuff and I'm as guilty of it as anyone. To my mind, a big company is one that has 200 people in it. That is not apparently something the world agrees with.Anil: Yeah, it's impossible to fathom an organization of hundreds of thousands or a million-plus people, right? Like, our brains just aren't wired to do it. And I think so we reduce things to any given Jeff, whether that's Barr or Bezos, whoever you want to point to.Corey: At one point, I think they had something like more men named Jeff on their board than they did women, which—Anil: Yeah. Mm-hm.Corey: —all right, cool. They've fixed that and now they have a Dave problem.Anil: Yeah [unintelligible 00:15:37] say that my entire career has been trying to weave out of that dynamic, whether it was a Dave, a Mike, or a Jeff. But I think that broader sort of challenge is this—that is related to the idea of there being this lone genius. And I think if we can sort of say, well, creation always happens in community. It always happens influenced by other things. It is always—I mean, this is why we talk about it in Glitch.When you make an app, you don't start from a blank slate, you start from a working app that's already on the platform and you're remix it. And there was a little bit of a ego resistance by some devs years ago when they first encountered that because [unintelligible 00:16:14] like, “No, no, no, I need a blank page, you know, because I have this brilliant idea that nobody's ever thought of before.” And I'm like, “You know, the odds are you'll probably start from something pretty close to something that's built before.” And that enabler of, “There's nothing new under the sun, and you're probably remixing somebody else's thoughts,” I think that sort of changed the tenor of the community. And I think that's something where like, I just see that across the industry.When people are open, collaborative, like even today, a great example is web browsers. The folks making web browsers at Google, Apple, Mozilla are pretty collaborative. They actually do share ideas together. I mean, I get a window into that because they actually all use Glitch to do test cases on different bugs and stuff for them, but you see, one Glitch project will add in folks from Mozilla and folks from Apple and folks from the Chrome team and Google, and they're like working together and you're, like—you kind of let down the pretense of there being this secret genius that's only in this one organization, this one group of people, and you're able to make something great, and the web is greater than all of them. And the proof, you know, for us is that Glitch is not a new idea. Heroku wanted to do what we're doing, you know, a dozen years ago.Corey: Yeah, everyone wants to build Heroku except the company that acquired Heroku, and here we are. And now it's—I was waiting for the next step and it just seemed like it never happened.Anil: But you know when I talked to those folks, they were like, “Well, we didn't have Docker, and we didn't have containerization, and on the client side, we didn't have modern browsers that could do this kind of editing experience, all this kind of thing.” So, they let their editor go by the wayside and became mostly deploy platform. And—but people forget, for the first year or two Heroku had an in-browser editor, and an IDE and, you know, was constrained by the tech at the time. And I think that's something where I'm like, we look at that history, we look at, also, like I said, these browser manufacturers working together were able to get us to a point where we can make something better.Corey: This episode is sponsored by our friends at Oracle HeatWave is a new high-performance accelerator for the Oracle MySQL Database Service. Although I insist on calling it “my squirrel.” While MySQL has long been the worlds most popular open source database, shifting from transacting to analytics required way too much overhead and, ya know, work. With HeatWave you can run your OLTP and OLAP, don't ask me to ever say those acronyms again, workloads directly from your MySQL database and eliminate the time consuming data movement and integration work, while also performing 1100X faster than Amazon Aurora, and 2.5X faster than Amazon Redshift, at a third of the cost. My thanks again to Oracle Cloud for sponsoring this ridiculous nonsense.Corey: I do have a question for you about the nuts and bolts behind the scenes of Glitch and how it works. If I want to remix something on Glitch, I click the button, a couple seconds later it's there and ready for me to start kicking the tires on, which tells me a few things. One, it is certainly not using CloudFormation to provision it because I didn't have time to go and grab a quick snack and take a six hour nap. So, it apparently is running on computers somewhere. I have it on good authority that this is not just run by people who are very fast at assembling packets by hand. What does the infrastructure look like?Anil: It's on AWS. Our first year-plus of prototyping while we were sort of in beta and early stages of Glitch was getting that time to remix to be acceptable. We still wish it were faster; I mean, that's always the way but, you know, when we started, it was like, yeah, you did sit there for a minute and watch your cursor spin. I mean, what's happening behind the scenes, we're provisioning a new container, standing up a full stack, bringing over the code from the Git repo on the previous project, like, we're doing a lot of work, lift behind the scenes, and we went through every possible permutation of what could make that experience be good enough. So, when we start talking about prototyping, we're at five-plus, almost six years ago when we started building the early versions of what became Glitch, and at that time, we were fairly far along in maturity with Docker, but there was not a clear answer about the use case that we're building for.So, we experimented with Docker Swarm. We went pretty far down that road; we spent a good bit of time there, it failed in ways that were both painful and slow to fix. So, that was great. I don't recommend that. In fairness, we have a very unusual use case, right? So, Glitch now, if you talk about ten million containers on Glitch, no two of those apps are the same and nobody builds an orchestration infrastructure assuming that every single machine is a unique snowflake.Corey: Yeah, massively multi-tenant is not really a thing that people know.Anil: No. And also from a security posture Glitch—if you look at it as a security expert—it is a platform allowing anonymous users to execute arbitrary code at scale. That's what we do. That's our job. And so [laugh], you know, so your threat model is very different. It's very different.I mean, literally, like, you can go to Glitch and build an app, running a full-stack app, without even logging in. And the reason we enable that is because we see kids in classrooms, they're learning to code for the first time, they want to be able to remix a project and they don't even have an email address. And so that was about enabling something different, right? And then, similarly, you know, we explored Kubernetes—because of course you do; it's the default choice here—and some of the optimizations, again, if you go back several years ago, being able to suspend a project and then quickly sort of rehydrate it off disk into a running app was not a common use case, and so it was not optimized. And so we couldn't offer that experience because what we do with Glitch is, if you haven't used an app in five minutes, and you're not a paid member, who put that app to sleep. And that's just a reasonable—Corey: Uh, “Put the app to sleep,” as in toddler, or, “Put the app to sleep,” as an ill puppy.Anil: [laugh]. Hopefully, the former, but when we were at our worst and scaling the ladder. But that is that thing; it's like we had that moment that everybody does, which is that, “Oh, no. This worked.” That was a really scary moment where we started seeing app creation ramping up, and number of edits that people were making in those apps, you know, ramping up, which meant deploys for us ramping up because we automatically deploy as you edit on Glitch. And so, you know, we had that moment where just—well, as a startup, you always hope things go up into the right, and then they do and then you're not sleeping for a long time. And we've been able to get it back under control.Corey: Like, “Oh, no, I'm not succeeding.” Followed immediately by, “Oh, no, I'm succeeding.” And it's a good problem to have.Anil: Exactly. Right, right, right. The only thing worse than failing is succeeding sometimes, in terms of stress levels. And organizationally, you go through so much; technically, you go through so much. You know, we were very fortunate to have such thoughtful technical staff to navigate these things.But it was not obvious, and it was not a sort of this is what you do off the shelf. And our architecture was very different because people had looked at—like, I look at one of our inspirations was CodePen, which is a great platform and the community love them. And their front end developers are, you know, always showing off, “Here's this cool CSS thing I figured out, and it's there.” But for the most part, they're publishing static content, so architecturally, they look almost more like a content management system than an app-running platform. And so we couldn't learn anything from them about our scaling our architecture.We could learn from them on community, and they've been an inspiration there, but I think that's been very, very different. And then, conversely, if we looked at the Herokus of the world, or all those sort of easy deploy, I think Amazon has half a dozen different, like, “This will be easier,” kind of deploy tools. And we looked at those, and they were code-centric not app-centric. And that led to fundamentally different assumptions in user experience and optimization.And so, you know, we had to chart our own path and I think it was really only the last year or so that we were able to sort of turn the corner and have high degree of confidence about, we know what people build on Glitch and we know how to support and scale it. And that unlocked this, sort of, wave of creativity where there are things that people want to create on the internet but it had become too hard to do so. And the canonical example I think I was—those of us are old enough to remember FTPing up a website—Corey: Oh, yes.Anil: —right—to Geocities, or whatever your shared web host was, we remember how easy that was and how much creativity was enabled by that.Corey: Yes, “How easy it was,” quote-unquote, for those of us who spent years trying to figure out passive versus active versus ‘what is going on?' As far as FTP transfers. And it turns out that we found ways to solve for that, mostly, but it became something a bit different and a bit weird. But here we are.Anil: Yeah, there was definitely an adjustment period, but at some point, if you'd made an HTML page in notepad on your computer, and you could, you know, hurl it at a server somewhere, it would kind of run. And when you realize, you look at the coding boot camps, or even just to, like, teach kids to code efforts, and they're like, “Day three. Now, you've gotten VS Code and GitHub configured. We can start to make something.” And you're like, “The whole magic of this thing getting it to light up. You put it in your web browser, you're like, ‘That's me. I made this.'” you know, north star for us was almost, like, you go from zero to hello world in a minute. That's huge.Corey: I started participating one of those boot camps a while back to help. Like, the first thing I changed about the curriculum was, “Yeah, we're not spending time teaching people how to use VI in, at that point, the 2010s.” It was, that was a fun bit of hazing for those of us who were becoming Unix admins and knew that wherever we'd go, we'd find VI on a server, but here in the real world, there are better options for that.Anil: This is rank cruelty.Corey: Yeah, I mean, I still use it because 20 years of muscle memory doesn't go away overnight, but I don't inflict that on others.Anil: Yeah. Well, we saw the contrast. Like, we worked with, there's a group called Mouse here in New York City that creates the computer science curriculum for the public schools in the City of New York. And there's a million kids in public school in New York City, right, and they all go through at least some of this CS education. [unintelligible 00:24:49] saw a lot of work, a lot of folks in the tech community here did. It was fantastic.And yet they were still doing this sort of very conceptual, theoretical. Here's how a professional developer would set up their environment. Quote-unquote, “Professional.” And I'm like, you know what really sparks kids' interests? If you tell them, “You can make a page and it'll be live and you can send it to your friend. And you can do it right now.”And once you've sparked that creative impulse, you can't stop them from doing the rest. And I think what was wild was kids followed down that path. Some of the more advanced kids got to high school and realized they want to experiment with, like, AI and ML, right? And they started playing with TensorFlow. And, you know, there's collaboration features in Glitch where you can do real-time editing and a code with this. And they went in the forum and they were asking questions, that kind of stuff. And the people answering their questions were the TensorFlow team at Google. [laugh]. Right?Corey: I remember those days back when everything seemed smaller and more compact, [unintelligible 00:25:42] but almost felt like a balkanization of community—Anil: Yeah.Corey: —where now it's oh, have you joined that Slack team, and I'm looking at this and my machine is screaming for more RAM. It's, like, well, it has 128 gigs in it. Shouldn't that be enough? Not for Slack.Anil: Not for chat. No, no, no. Chat is demanding.Corey: Oh, yeah, that and Chrome are basically trying to out-ram each other. But if you remember the days of volunteering as network staff on Freenode when you could basically gather everyone for a given project in the entire stack on the same IRC network. And that doesn't happen anymore.Anil: And there's something magic about that, right? It's like now the conversations are closed off in a Slack or Discord or what have you, but to have a sort of open forum where people can talk about this stuff, what's wild about that is, for a beginner, a teenage creator who's learning this stuff, the idea that the people who made the AI, I can talk to, they're alive still, you know what I mean? Like, yeah, they're not even that old. But [laugh]. They think of this is something that's been carved in stone for 100 years.And so it's so inspiring to them. And then conversely, talking to the TensorFlow team, they made these JavaScript examples, like, tensorflow.js was so accessible, you know? And they're like, “This is the most heartwarming thing. Like, we think about all these enterprise use cases or whatever. But like, kids wanting to make stuff, like recognize their friends' photo, and all the vision stuff they're doing around [unintelligible 00:26:54] out there,” like, “We didn't know this is why we do it until we saw this is why we do it.”And that part about connecting the creative impulse from both, like, the most experienced, advanced coders at the most august tech companies that exist, as well as the most rank beginners in public schools, who might not even have a computer at home, saying that's there—if you put those two things together, and both of those are saying, “I'm a coder; I'm able to create; I can make something on the internet, and I can share it with somebody and be inspired by it,” like, that is… that's as good as it gets.Corey: There's something magic in being able to reach out to people who built this stuff. And honestly—you shouldn't feel this way, but you do—when I was talking to the folks who wrote the things I was working on, it really inspires you to ask better questions. Like when I'm talking to Dr. Venema, the author of Postfix and I'm trying to figure out how this thing works, well, I know for a fact that I will not be smarter than he is at basically anything in that entire universe, and maybe most beyond that, as well, however, I still want to ask a question in such a way that doesn't make me sound like a colossal dumbass. So, it really inspires you—Anil: It motivates you.Corey: Oh, yeah. It inspires you to raise your question bar up a bit, of, “I am trying to do x. I expect y to happen. Instead, z is happening as opposed to what I find the documentation that”—oh, as I read the documentation, discover exactly what I messed up, and then I delete the whole email. It's amazing how many of those things you never send because when constructing a question the right way, you can help yourself.Anil: Rubber ducking against your heroes.Corey: Exactly.Anil: I mean, early in my career, I'd gone through sort of licensing mishap on a project that later became open-source, and sort of stepped it in and as you do, and unprompted, I got an advice email from Dan Bricklin, who invented the spreadsheet, he invented VisiCalc, and he had advice and he was right. And it was… it was unreal. I was like, this guy's one of my heroes. I grew up reading about his work, and not only is he, like, a living, breathing person, he's somebody that can have the kindness to reach out and say, “Yeah, you know, have you tried this? This might work.”And it's, this isn't, like, a guy who made an app. This is the guy who made the app for which the phrase killer app was invented, right? And, you know, we've since become friends and I think a lot of his inspiration and his work. And I think it's one of the things it's like, again, if you tell somebody starting out, the people who invented the fundamental tools of the digital era, are still active, still building stuff, still have advice to share, and you can connect with them, it feels like a cheat code. It feels like a superpower, right? It feels like this impossible thing.And I think about like, even for me, the early days of the web, view source, which is still buried in our browser somewhere. And you can see the code that makes the page, it felt like getting away with something. “You mean, I can just look under the hood and see how they made this page and then I can do it too?” I think we forget how radical that is—[unintelligible 00:29:48] radical open-source in general is—and you see it when, like, you talk to young creators. I think—you know, I mean, Glitch obviously is used every day by, like, people at Microsoft and Google and the New York Timesor whatever, like, you know, the most down-the-road, enterprise developers, but I think a lot about the new creators and the people who are learning, and what they tell me a lot is the, like, “Oh, so I made this app, but what do I have to do to put it on the internet?”I'm like, “It already is.” Like, as soon as you create it, that URL was live, it all works. And their, like, “But isn't there, like, an app store I have to ask? Isn't there somebody I have to get permission to publish this from? Doesn't somebody have to approve it?”And you realize they've grown up with whether it was the app stores on their phones, or the cartridges in their Nintendo or, you know, whatever it was, they had always had this constraint on technology. It wasn't something you make; it's something that is given to you, you know, handed down from on high. And I think that's the part that animates me and the whole team, the community, is this idea of, like, I geek out about our infrastructure. I love that we're doing deploys constantly, so fast, all the time, and I love that we've taken the complexity away, but the end of the day, the reason why we do it, is you can have somebody just sort of saying, I didn't realize there was a place I could just make something put it in front of, maybe, millions of people all over the world and I don't have to ask anybody permission and my idea can matter as much as the thing that's made by the trillion-dollar company.Corey: It's really neat to see, I guess, the sense of spirit and soul that arises from a smaller, more, shall we say, soulful company. No disparagement meant toward my friends at AWS and other places. It's just, there's something that you lose when you get to a certain point of scale. Like, I don't ever have to have a meeting internally and discuss things, like, “Well, does this thing that we're toying with doing violate antitrust law?” That is never been on my roadmap of things I have to even give the slightest crap about.Anil: Right, right? You know, “What does the investor relations person at a retirement fund think about the feature that we shipped?” Is not a question that we have to answer. There's this joy in also having community that sort of has come along with us, right? So, we talk a lot internally about, like, how do we make sure Glitch stays weird? And, you know, the community sort of supports that.Like, there's no reason logically that our logo should be the emoji of two fish. But that kind of stuff of just, like, it just is. We don't question it anymore. I think that we're very lucky. But also that we are part of an ecosystem. I also am very grateful where, like… yeah, that folks at Google use Glitch as part of their daily work when they're explaining a new feature in Chrome.Like, if you go to web.dev and their dev portal teaches devs how to code, all the embedded examples go to these Glitch apps that are running, showing running code is incredible. When we see the Stripe team building examples of, like, “Do you want to use this new payment API that we made? Well, we have a Glitch for you.” And literally every day, they ship one that sort of goes and says, “Well, if you just want to use this new Stripe feature, you just remix this thing and it's instantly running on Glitch.”I mean, those things are incredible. So like, I'm very grateful that the biggest companies and most influential companies in the industry have embraced it. So, I don't—yeah, I don't disparage them at all, but I think that ability to connect to the person who'd be like, “I just want to do payments. I've never heard of Stripe.”Corey: Oh yeah.Anil: And we have this every day. They come into Glitch, and they're just like, I just wanted to take credit cards. I didn't know there's a tool to do that.Corey: “I was going to build it myself,” and everyone shrieks, “No, no. Don't do that. My God.” Yeah. Use one of their competitors, fine,k but building it yourself is something a lunatic would do.Anil: Exactly. Right, right. And I think we forget that there's only so much attention people can pay, there's only so much knowledge they have.Corey: Everything we say is new to someone. That's why I always go back to assuming no one's ever heard of me, and explain the basics of what I do and how I do it, periodically. It's, no one has done all the mandatory reading. Who knew?Anil: And it's such a healthy exercise to, right, because I think we always have that kind of beginner's mindset about what Glitch is. And in fairness, I understand why. Like, there have been very experienced developers that have said, “Well, Glitch looks too colorful. It looks like a toy.” And that we made a very intentional choice at masking—like, we're doing the work under the hood.And you can drop down into a terminal and you can do—you can run whatever build script you want. You can do all that stuff on Glitch, but that's not what we put up front and I think that's this philosophy about the role of the technology versus the people in the ecosystem.Corey: I want to thank you for taking so much time out of your day to, I guess, explain what Glitch is and how you view it. If people want to learn more about it, about your opinions, et cetera. Where can they find you?Anil: Sure. glitch.com is easiest place, and hopefully that's a something you can go and a minute later, you'll have a new app that you built that you want to share. And, you know, we're pretty active on all social media, you know, Twitter especially with Glitch: @glitch. I'm on as @anildash.And one of the things I love is I get to talk to folks like you and learn from the community, and as often as not, that's where most of the inspiration comes from is just sort of being out in all the various channels, talking to people. It's wild to be 20-plus years into this and still never get tired of that.Corey: It's why I love this podcast. Every time I talk to someone, I learn something new. It's hard to remain too ignorant after you have enough people who've shared wisdom with you as long as you can retain it.Anil: That's right.Corey: Thank you so much for taking the time to speak with me.Anil: So, glad to be here.Corey: Anil Dash, CEO of Gletch—or Glitch as he insists on calling it. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment telling me how your small team at AWS is going to crush Glitch into the dirt just as soon as they find a name that's dumb enough for the service.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

About ScottScott first typed ‘docker run' in 2013 and hasn't looked back. He's been with Docker since 2014 in a variety of leadership roles and currently serves as CEO. His experience previous to Docker includes Sun Microsystems, Puppet, Netscape, Cisco, and Loudcloud (parent of Opsware). When not fussing with computers he spends time with his three kids fussing with computers.Links: Docker: https://www.docker.com Twitter: https://twitter.com/scottcjohnston TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Liquibase. If you're anything like me, you've screwed up the database part of a deployment so severely that you've been banned from touching every anything that remotely sounds like SQL, at at least three different companies. We've mostly got code deployments solved for, but when it comes to databases we basically rely on desperate hope, with a roll back plan of keeping our resumes up to date. It doesn't have to be that way. Meet Liquibase. It is both an open source project and a commercial offering. Liquibase lets you track, modify, and automate database schema changes across almost any database, with guardrails to ensure you'll still have a company left after you deploy the change. No matter where your database lives, Liquibase can help you solve your database deployment issues. Check them out today at liquibase.com. Offer does not apply to Route 53.Corey: This episode is sponsored in part by something new. Cloud Academy is a training platform built on two primary goals. Having the highest quality content in tech and cloud skills, and building a good community the is rich and full of IT and engineering professionals. You wouldn't think those things go together, but sometimes they do. Its both useful for individuals and large enterprises, but here's what makes it new. I don't use that term lightly. Cloud Academy invites you to showcase just how good your AWS skills are. For the next four weeks you'll have a chance to prove yourself. Compete in four unique lab challenges, where they'll be awarding more than $2000 in cash and prizes. I'm not kidding, first place is a thousand bucks. Pre-register for the first challenge now, one that I picked out myself on Amazon SNS image resizing, by visiting cloudacademy.com/corey. C-O-R-E-Y. That's cloudacademy.com/corey. We're gonna have some fun with this one!Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. Once upon a time, I started my public speaking career as a traveling contract trainer for Puppet; I've talked about this before. And during that time, I encountered someone who worked there as an exec, Scott Johnston, who sat down, talked to me about how I viewed things, and then almost immediately went to go work at Docker instead. Today's promoted episode brings Scott on to the show. Scott, you fled to get away from me, became the CEO of Docker over the past, oh what is it, seven years now. You're still standing there, and I'm not making fun of Docker quite the way that I used to. First, thanks for joining me.Scott: Great to be here, Corey. Thanks for the invitation. I'm not sure I was fleeing you, but we can recover that one at another time.Corey: Oh, absolutely. In that era, one of my first talks that I started giving that anyone really paid any attention to was called, “Heresy in the Church of Docker,” where I listed about 10 to 13 different things that Docker didn't seem to have answers for, like network separation, security, audit logging, et cetera, et cetera. And it was a fun talk that I used to basically learn how to speak publicly without crying before and after the talk. And in time, it wound up aging out as these problems got addressed, but what surprised me at the time was how receptive the Docker community was to the idea of a talk that wound up effectively criticizing something that for, well, a number of them it felt a lot of the time like it wasn't that far from a religion; it was very hype-driven: “Docker, Docker, Docker” was a recurring joke. Docker has changed a lot. The burning question that I think I want to start this off with is that it's 2021; what is Docker? Is it a technology? Is it a company? Is it a religion? Is it a community? What is Docker?Scott: Yes. I mean that sincerely. Often, the first awareness or the first introduction that newcomers have is in fact the community, before they get their hands on the product, before they learn that there's a company behind the product is they have a colleague who is, either through a Zoom or sitting next to them in some places, or in a coffee shop, and says, “Hey, you got to try this thing called Docker.” And they lean over—either virtually or physically—and look at the laptop of their friend who's promoting Docker, and they see a magical experience. And that is the introduction of so many of our community members, having spoken with them and heard their own kind of journeys.And so that leads to like, “Okay, so why the excitement? Why did the friend lean over to the other friend and introduce?” It's because the tools that Docker provides just helps devs get their app built and shipping faster, more securely, with choice, without being tied into any particular runtime, any particular infrastructure. And that combination has proven to be a breakthrough dopamine hit to developers since the very beginning, since 2013, when Docker is open-source.Corey: It feels like originally, the breakthrough of Docker, that people will say, “Oh, containers aren't new. We've had that going back to LPARs on mainframes.” Yes, I'm aware, but suddenly, it became easy to work with and didn't take tremendous effort to get unified environments. It was cynically observed at the time by lots of folks smarter than I am, that the big breakthrough Docker had was how to make my MacBook look a lot more like a Linux server in production. And we talk about breaking down silos between ops and dev, but in many ways, this just meant that the silo became increasingly irrelevant because, “Works on my machine” was no longer a problem.“Well, you better back up your email because your laptop's about to go into production in that case.” Containers made it easier and that was a big deal. It seems, on some level, like there was a foray where Docker the company was moving into the world of, “Okay, now we're going to run a lot of these containers in production for you, et cetera.” It really feels like recently, the company as a whole and the strategy has turned towards getting back to its roots of solving developer problems and positioning itself as a developer tool. Is that a fair characterization?Scott: A hundred percent. That's very intentional, as well. We certainly had good products, and great customers, and we're solving problems for customers on the ops side, I'll call it, but when we stood back—this is around 2019—and said, “Where's the real… joy?” For lack of a better word, “Where's the real joy from a community standpoint, from a product experience standpoint, from a what do we do different and better and more capable than anyone else in the ecosystem?” It was that developer experience. And so the reset that you're referring to in November 2019, was to give us the freedom to go back and just focus the entire company's efforts on the needs of developers without any other distractions from a revenue, customer, channel, so on and so forth.Corey: So, we knew this was going to come up in the conversation, but as of a couple of weeks ago—as of the time of this recording—you announced a somewhat, well, let's say controversial change in how the pricing and licensing works. Now, as of—taking effect at the end of this year—the end of January, rather, of next year—Docker Desktop is free for folks to use for individual use, and that's fine, and for corporate use, Docker Desktop also remains free until you are a large company defined by ten million in revenue a year and/or 250 employees or more. And that was interesting and I don't think I'd seen that type of requirement placed before on what was largely an open-source project that's now a developer tool. I believe there are closed-source aspects of it as well for the desktop experience, but please don't quote me on that; I'm not here to play internet lawyer engineer. But at that point, the internet was predictably upset about this because it is easy to yell about any change that is coming, regardless.I was less interested in that than I am in what the reception has been from your corporate customers because, let's be clear, users are important, community is important, but goodwill will not put food on the table past a certain point. There has to be a way to make a company sustainable, there has to be a recurring revenue model. I realize that you know this, but I'm sure there are people listening to this who are working in development somewhere who are, “Wait, you mean I need to add more value than I cost?” It was a hard revelation for [laugh] me back when I had been in the industry a few years—Scott: [laugh]. Sure.Corey: —and I'm still struggling with that—Scott: Sure.Corey: Some days.Scott: You and me both. [laugh].Corey: So, what has the reaction been from folks who have better channels of communicating with you folks than angry Twitter threads?Scott: Yeah. Create surface area for a discussion, Corey. Let's back up and talk on a couple points that you hit along the way there. One is, “What is Docker Desktop?” Docker Desktop is not just Docker Engine.Docker Desktop is a way in which we take Docker Engine, Compose, Kubernetes, all important tools for developers building modern apps—Docker Build, so on and so forth—and we provide an integrated engineered product that is engineered for the native environments of Mac and Windows, and soon Linux. And so we make it super easy to get the container runtime, Kubernetes stack, the networking, the CLI, Compose, we make it super easy just to get that up and running and configured with smart defaults, secured, hardened, and importantly updated. So, any vulnerabilities patched and so on and so forth. The point is, it's a product that is based on—to your comments—upstream open-source technologies, but it is an engineered commercial product—Docker Desktop is.Corey: Docker Desktop is a fantastic tool; I use it myself. I could make a bunch of snide comments that on Mac, it's basically there to make sure the fans are still working on the laptop, but again, computers are hard. I get that. It's incredibly handy to have a graphical control panel. It turns out that I don't pretend to understand those people, but some folks apparently believe that there are better user interfaces than text and an 80-character-wide terminal window. I don't pretend to get those people, but not everyone has the joy of being a Linux admin for far too long. So, I get it, making it more accessible, making it easy, is absolutely worth using.Scott: That's right.Corey: It's not a hard requirement to run it on a laptop-style environment or developer workstation, but it makes it really convenient.Scott: Before Docker desktop, one had to install a hypervisor, install a Linux VM, install Docker Engine on that Linux VM, bridge between the VM and the local CLI on the native desktop—like, lots of setup and maintenance and tricky stuff that can go wrong. Trust me how many times I stubbed my own toes on putting that together. And so Docker Desktop is designed to take all of that setup nonsense overhead away and just let the developer focus on the app. That's what the product is, and just talking about where it came from, and how it uses these other upstream technologies. Yes, and so we made a move on August 31, as you noted, and the motivation was the following: one is, we started seeing large organizations using Docker Desktop at scale.When I say ‘at scale,' not one or two or ten developers; like, hundreds and thousands of developers. And they were clamoring for capabilities to help them manage those developer environments at scale. Second is, we saw them getting a lot of benefit in terms of productivity, and choice, and security from using Docker Desktop, and so we stood back and said, “Look, for us to scale our business, we're at 10-plus million monthly active developers today. We know there's 45 million developers coming in this decade; how do we keep scaling while giving a free experience, but still making sure we can fund our engineers and deliver features and additional value?” We looked at other projects, Corey.The first thing we did is we looked outside our four walls, said, “How have other projects with free and open-source components navigated these waters?” And so the thresholds that you just mentioned, the 250 employees and the ten million revenue, were actually thresholds that we saw others put in place to draw lines between what is available completely for free and what is available for those users that now need to purchase subscription if they're using it to create value for their organizations. And we're very explicit about that. You could be using Docker for training, you could be using Docker for eval in those large organizations; we're not going to chase you or be looking to you to step up to a subscription. However, if you're using Docker Desktop in those environments, to build applications that run your business or that are creating value for your customers, then purchasing a subscription is a way for us to continue to invest in a product that the ecosystem clearly loves and is getting a lot of value out of. And so, that was again, the premise of this change. So, now to the root of your question is, so what's the reaction? We're very, very pleased. First off, yes, there were some angry voices out there.Corey: Yeah. And I want to be clear, I'm not trivializing people who feel upset.Scott: No.Corey: When you're suddenly using a thing that is free and discovering that, well, now you have to pay money for it, people are not generally going to be happy about that.Scott: No.Corey: When people are viewed themselves as part of the community, of contributing to what they saw as a technical revolution or a scrappy underdog and suddenly they find themselves not being included in some way, shape or form, it's natural to be upset, I don't want to trivialize—Scott: Not at all.Corey: People's warm feelings toward Docker. It was a big part of a lot of folks' personality, for better or worse, [laugh] for a few years in there. But the company needs to be sustainable, so what I'm really interested in is what has that reaction been from folks who are, for better or worse, “Yes, yes, we love Docker, but I don't get to sign $100,000 deals because I just really like the company I'm paying the money to. There has to be business value attached to that.”Scott: That's right. That's right. And to your point, we're not trivializing either the reaction by the community, it was encouraging to see many community members got right away what we're doing, they saw that still, a majority of them can continue using Docker for free under the Docker Personal subscription, and that was also intentional. And you saw on the internet and on Twitter and other social media, you saw them come and support the company's moves. And despite some angry voices in there, there was overwhelmingly positive.So, to your question, though, since August 31, we've been overwhelmed, actually, by the positive response from businesses that use Docker Desktop to build applications and run their businesses. And when I say overwhelmed, we were tracking—because Docker Desktop has a phone-home capability—we had a rough idea of what the baseline usage of Docker Desktops were out there. Well, it turns out, in some cases, there are ten times as many Docker Desktops inside organizations. And the average seems to be settling in around three times to four times as many. And we are already closing business, Corey.In 12 business days, we have companies come through, say, “Yes, our developers use this product. Yes, it's a valuable product. We're happy to talk to a salesperson and give you over to procurement, and here we go.” So, you and I both been around long enough to know, like 12 working days to have a signed agreement with an enterprise agreement is unheard of.Corey: Yeah, but let's be very clear here, on The Duckbill Group's side of things where I do consulting projects, I sell projects to companies that are, “Great, this project will take, I don't know, four to six weeks, whatever it happens to be, and, yeah, you're going to turn a profit on this project in about the first four hours of the engagement.” It is basically push button and you will receive more money in your budget than you had when you started, and that is probably the easiest possible enterprise sale, and it still takes 60 to 90 days most of the time to close deals.Scott: That's right.Corey: Trying to get a procurement deal for software through enterprise procurement processes is one of those things when people say, “Okay, we're going to have a signature in Q3,” you have to clarify what year they're talking about. So, 12 days is unheard of.Scott: [laugh]. Yep. So, we've been very encouraged by that. And I'll just give you a rough numbers: the overall response is ten times our baseline expectations, which is why—maybe unanticipated question, or you going to ask it soon—we came back within two weeks—because we could see this curve hit right away on the 31st of August—we came back and said, “Great.” Now, that we have the confidence that the community and businesses are willing to support us and invest in our sustainability, invest in the sustainable, scalable Docker, we came and we accelerated—pulled forward—items in our roadmap for developers using Docker Desktop, both for Docker Personal, for free in the community, as well as the subscribers.So, things like Docker Desktop for Linux, right? Docker Desktop for Mac, Docker Desktop for Windows has been out there about five years, as I said. We have heard Docker Desktop for Linux rise in demand over those years because if you're managing a large number of developers, you want a consistent environment across all the developers, whether they're using Linux, Mac, or Windows desktops. So, Docker Desktop for Linux will give them that consistency across their entire development environment. That was the number two most requested feature on our public roadmap in the last year, and again, with the positive response, we're now able to confidently invest in that. We're hiring more engineers than planned, we're pulling that forward in the roadmap to show that yes, we are about growing and growing sustainably, and now that the environment and businesses are supporting us, we're happy to double down and create more value.Corey: My big fear when the change was announced was the uncertainty inherent to it. Because if there's one thing that big companies don't like, it's uncertainty because uncertainty equates to risk in their mind. And a lot of other software out there—and yes, Oracle Databases I am looking at you—have a historical track record of, “Okay, great. We have audit rights to inspect your environment, and then when we wind up coming in, we always find that there have been licensing shortfalls,” because people don't know how far things spread internally, as well as, honestly, it's accounting for this stuff in large, complex organizations is a difficult thing. And then there are massive fines at stake, and then there's this whole debate back and forth.Companies view contracts as if every company behaves like that when it comes down to per-seat licensing and the rest. My fear was that that risk avoidance in large companies would have potentially made installing Docker Desktop in their environment suddenly a non-starter across the board, almost to the point of being something that you would discipline employees for, which is not great. And it seems from your response, that has not been a widespread reaction. Yes of course, there's always going to be some weird company somewhere that does draconian things that we don't see, but the fact that you're not sitting here, telling me that you've been taking a beating from this from your enterprise buyers, tells me you're onto something.Scott: I think that's right, Corey. And as you might expect, the folks that don't reach out are silent, and so we don't see folks who don't reach out to us. But because so many have reached out to us so positively, and basically quickly gone right to a conversation with procurement versus any sort of back-and-forth or questions and such, tells us we are on the right track. The other thing, just to be really clear is, we did work on this before the August 31 announcement as well—this being how do we approach licensing and compliance and such—and we found that 80% of organizations, 80% of businesses want to be in compliance, they have a—not just want to be in compliance, but they have a history of being in compliance, regardless of the enforcement mechanism and whatnot. And so that gave us confidence to say, “Hey, we're going to trust our users. We're going to say, ‘grace period ends on January 31.'”But we're not shutting down functionality, we're not sending in legal [laugh] activity, we're not putting any sort of strictures on the product functionality because we have found most people love the product, love what it does for them, and want to see the company continue to innovate and deliver great features. And so okay, you might say, “Well, doesn't that 20% represent opportunity?” Yeah. You know, it does, but it's a big ecosystem. The 80% is giving us a great boost and we're already starting to plow that into new investment. And let's just start there; let's start there and grow from there.This episode is sponsored by our friends at Oracle Cloud. Counting the pennies, but still dreaming of deploying apps instead of "Hello, World" demos? Allow me to introduce you to Oracle's Always Free tier. It provides over 20 free services and infrastructure, networking databases, observability, management, and security.And - let me be clear here - it's actually free. There's no surprise billing until you intentionally and proactively upgrade your account. This means you can provision a virtual machine instance or spin up an autonomous database that manages itself all while gaining the networking load, balancing and storage resources that somehow never quite make it into most free tiers needed to support the application that you want to build.With Always Free you can do things like run small scale applications, or do proof of concept testing without spending a dime. You know that I always like to put asterisks next to the word free. This is actually free. No asterisk. Start now. Visit https://snark.cloud/oci-free that's https://snark.cloud/oci-free.Corey: I also have a hard time imagining that you and your leadership team would be short-sighted enough to say, “Okay, that”—even 20% of companies that are willing to act dishonestly around stuff like that seems awfully high to me, but assuming it's accurate, would tracking down that missing 20% be worth setting fire to the tremendous amount of goodwill that Docker still very much enjoys? I have a hard time picturing any analysis where that's even a question other than something you set up to make fun of.Scott: [laugh]. No, that's exactly right Corey, it wouldn't be worth it which is why again, we came out of the gate with like, we're going to trust our users. They love the community, they love the product, they want to support us—most of them want to support us—and, you know, when you have most, you're never going to get a hundred percent. So, we got most and we're off to a good start, by all accounts. And look, a lot of folks too sometimes will be right in that gray middle where you let them know that they're getting away with something they're like, “All right, you caught me.”We've seen that behavior before. And so, we can see all this activity out there and we can see if folks have a license or compliance or not, and sometimes just a little tap on the shoulder said, “Hey, did you know that you might be paying for that?” We've seen most folks at the time say, “Ah, okay. You caught me. Happy to talk to procurement.”So, this does not have to be heavy-handed as you said, it does not have to put at risk the goodwill of the 80%. And we don't have to get a hundred percent to have a great successful business and continuing successful community.Corey: Yeah. I'll also point out that, by my reading of your terms and conditions and how you've specified this—I mean, this is not something I've asked you about, so this could turn into a really awkward conversation but I'm going to roll with it anyway, it explicitly states that it is and will remain free for personal development.Scott: That is correct.Corey: When you're looking at employees who work at giant companies and have sloppy ‘bring your own device' controls around these things, all right, they have it installed on their work machine because in their spare time, they're building an app somewhere, they're not going to get a nasty gram, and they're not exposing their company to liability by doing that?Scott: That is exactly correct. And moreover, just keep looking at those use cases, if the company is using it for internal training or if the company is using it to evaluate someone else's technology, someone else's software, all those cases are outside the pay-for subscription. And so we believe it's quite generous in allowing of trials and tests and use cases that make it accessible and easy to try, easy to use, and it's just in the case where if you're a large organization and your developers are using it to build applications for your business and for your customers, thus you're getting a lot of value using the product, we're asking you to share that value with us so we can continue to invest in the product.Corey: And I think that's a reasonable expectation. The challenge that Docker seems to have had for a while has been that the interesting breakthrough, revelatory stuff that you folks did was all open-source. It was a technology that was incredibly inspired in a bunch of different ways. I am, I guess, mature enough to admit that my take that, “Oh, Docker is terrible”—which was never actually my take—was a little short-sighted. I'm very good at getting things wrong across the board, and that is no exception.I also said virtualization was a flash in the pan and look how that worked out. I was very anti-cloud, et cetera, et cetera. Times change, people change, and doubling down on being wrong gains you nothing. But the question that was always afterwards what is the monetization strategy? Because it's not something you can give away for free and make it up in volume?Even VC money doesn't quite work like that forever, so there's a—the question is, what is the monetization strategy that doesn't leave people either resenting you because, “Remember that thing that used to be free isn't anymore? Doesn't it suck to be you?” And is still accessible as broadly as you are, given the sheer breadth and diversity of your community? Like I can make bones about the fact that ten million in revenue and 250 employees are either worlds apart, or the wrong numbers, or whatever it is, but it's not going to be some student somewhere sitting someplace where their ramen budget is at risk because they have to spend $5 a month or whatever it is to have this thing. It doesn't apply to them.And this feels like, unorthodox though it certainly is, it's not something to be upset about in any meaningful sense. The people that I think would actually be upset and have standing to be upset about this are the enterprise buyers, and you're hearing from them in what is certainly—because I will hear it if not—that this is something they're happy about. They are thrilled to work with you going forward. And I think it makes sense. Even when I was doing stuff as an independent consultant, before I formalized the creation of The Duckbill Group and started hiring people, my policy was always to not use the free tier of things, even if I fit into them because I would much rather personally be a paying customer, which elevates the, I guess, how well my complaints are received.Because I'm a free user, I'm just another voice on Twitter; albeit a loud one and incredibly sarcastic one at times. But if I'm a paying customer, suddenly the entire tenor of that conversation changes, and I think there's value to that. I've always had the philosophy of you pay for the things you use to make money. And that—again, that is something that's easy for me to say now. Back when I was in crippling debt in my 20s, I assure you, it was not, but I still made the effort for things that I use to make a living.Scott: Yeah.Corey: And I think that philosophy is directionally correct.Scott: No, I appreciate that. There's a lot of good threads in there. Maybe just going way back, Docker stands on the shoulders of giants. There was a lot of work with container tech in the Linux kernel, and you and I were talking before about it goes back to LPAR on IBMs, and you know, BS—Berkeley's—Corey: BSD jails and chroots on Linux. Yeah.Scott: Chroot, right? I mean, Bill Joy, putting chroot in—Corey: And Tupperware parties, I'm sure. Yeah.Scott: Right. And all credit to Solomon Hykes, Docker's founder, who took a lot of good up and coming tech—largely on the ops side and in Linux kernel—took the primitives from Git and combined that with immutable copy-on-write file system and put those three together into a really magical combination that simplified all this complexity of dependency management and portability of images across different systems. And so in some sense, that was the magic of standing on these giant shoulders but seeing how these three different waves of innovation or three different flows of innovation could come together to a great user experience. So, also then moving forward, I wouldn't say they're happy, just to make sure you don't get inbound, angry emails—the enterprise buyers—but they do recognize the value of the product, they think the economics are fair and straight ahead, and to your point about having a commercial relationship versus free or non-existing relationship, they're seeing that, “Oh, okay, now I have insight into the roadmap. Now, I can prioritize my requirements that my devs have been asking for. Now, I can double-down on the secure supply chain issues, which I've been trying to get in front of for years.”So, it gives them an avenue that now, much different than a free user as you observed, it's a commercial relationship where it's two way street versus, “Okay, we're just going to use this free stuff and we don't have much of a say because it's free, and so on and so forth.” So, I think it's been an eye-opener for both the company but also for the businesses. There is a lot of value in a commercial relationship beyond just okay, we're going to invest in new features and new value for developers.Corey: The challenge has always been how do you turn something that is widely beloved, that is effectively an open-source company, into money? There have been a whole bunch of questions about this, and it seems that the consensus that has emerged is that a number of people for a long time mistook open-source for a business model instead of a strategy, and it's very much not. And a lot of companies are attempting to rectify that with weird license changes where, “Oh, you're not allowed to take our code and build a service out of it if you're a cloud provider.” Amazon's product strategy is, of course, “Yes,” so of course, there's always going to be something coming out of AWS that is poorly documented, has a ridiculous name, and purports to do the same thing for way less money, except magically you pay them by the hour. I digress.Scott: No, it's a great surface area, and you're right I completely didn't answer that question. [laugh]. So—Corey: No, it's fair. It's—Scott: Glad you brought it back up.Corey: —a hard problem. It's easy to sit here and say, “Well, what I think they should do”—but all of those solutions fall apart under ten seconds of scrutiny.Scott: Super, super hard problem which, to be fair, we as a team and a community wrestled with for years. But here's where we landed, Corey. The short version is that you can still have lots of great upstream open-source technologies, and you'll have an early adopter community that loves those, use those, gets a lot of progress running fast and far with those, but we've found that the vast majority of the market doesn't want to spend its time cobbling together bits and bytes of open-source tech, and maintaining it, and patching it, and, and, and. And so what we're offering is an engineered product that takes the upstream but then adds a lot of value—we would say—to make it an engineered, easy to use, easy to configure, upgraded, secure, so on and so forth. And the convenience of that versus having to cobble together your own environment from upstream has proved to be what folks are willing to pay for. So, it's the classic kind of paying for time and convenience versus not.And so that is one dimension. And the other dimension, which you already referenced a little bit with AWS is that we have SaaS; we have a SaaS product in Docker Hub, which is providing a hosted registry with quality content that users know is updated not less than every 30 days, that is patched and maintained by us. And so those are examples of, in some sense, consumption [unintelligible 00:27:53]. So, we're using open-source to build this SaaS service, but the service that users receive, they're willing to pay for because they're not having to patch the Mongo upstream, they're not having to roll the image themselves, they're not having to watch the CVEs and scramble when everything comes out. When there's a CVE out in our upstream, our official images are patched no less than 24 hours later and typically within hours.That's an example of a service, but all based on upstream open-source tech that for the vast majority of uses are free. If you're consuming a lot of that, then there's a subscription that kicks in there as well. But we're giving you value in exchange for you having to spend your time, your engineers, managing all that that I just walked through. So, those are the two avenues that we found that are working well, that seem to be a fair trade and fair balance with the community and the rest of the ecosystem.Corey: I think the hardest part for a lot of folks is embracing change. And I have encountered this my entire career where I started off doing large-scale email systems administration, and hey, turns out that's not really a thing anymore. And I used to be deep in the bowels of Postfix, for example. I'm referenced in the SVN history of Postfix, once upon a time, just for helping with documentation and finding weird corner cases because I'm really good at breaking things by accident. And I viewed it as part of my identity.And times have changed and moved on; I don't run Postfix myself for anything anymore. I haven't touched it in years. Docker is still there and it's still something that people are actively using basically everywhere. And there's a sense of ownership and identity for especially early adopters who glom on to it because it is such a better way of doing some things that it is almost incomprehensible that we used to do it any other way. That's transformation.That's something awesome. But people want to pretend that we're still living in that era where technology has not advanced. The miraculous breakthrough in 2013 is today's de rigueur type of environment where this is just, “Oh, yeah. Of course you're using Docker.” If you're not, people look at you somewhat strangely.It's like, “Oh, I'm using serverless.” “Okay, but you can still build that in Docker containers. Why aren't you doing that?” It's like, “Oh, I don't believe in running anything that doesn't make me pay AWS by the second.” So okay, great. People are going to have opinions on this stuff. But time marches on and whatever we wish the industry would do, it's going to make its own decisions and march forward. There's very little any of us can do to change that.Scott: That's right. Look, it was a single container back in 2013, 2014, right? And now what we're seeing—and you kind of went there—is we're separating the implementation of service from the service. So, the service could be implemented with a container, could be a serverless function, could be a hosted XYZ as a service on some cloud, but what developers want to do is—what they're moving towards is, assemble your application based on services regardless of the how. You know, is that how a local container? To your point, you can roll a local serverless function now in an OCI image, and push it to Amazon.Corey: Oh, yeah. It's one of that now 34 ways I found to run containers on AWS.Scott: [laugh]. You can also, in Compose, abstract all that complexity away. Compose could have three services in it. One of those services is a local container, one of those services might be a local serverless function that you're running to test, and one of those services could be a mock to a Database as a Service on a cloud. And so that's where we are.We've gone beyond the single-container Docker run, which is still incredibly powerful but now we're starting to uplevel to applications that consist of multiple services. And where do those services run? Increasingly, developers do not need to care. And we see that as our mission is continue to give that type of power to developers to abstract out the how, extract out the infrastructure so they can just focus on building their app.Corey: Scott, I want to thank you so much for taking the time to speak with me. If people want to learn more—and that could mean finding out your opinions on things, potentially yelling at you about pricing changes, more interestingly, buying licenses for their large companies to run this stuff, and even theoretically, since you alluded to it a few minutes ago, look into working at Docker—where can they find you?Scott: No, thanks, Corey. And thank you for the time to discuss and look back over both years, but also zoom in on the present day. So, www.docker.com; you can find any and all what we just walked through. They're more than happy to yell at me on Twitters at @scottcjohnston, and we have a public roadmap that is in GitHub. I'm not going to put the URL here, but you can find it very easily. So, we love hearing from our community, we love engaging with them, we love going back and forth. And it's a big community; jump in, the waters warm, very welcoming, love to have you.Corey: And we'll of course, but links to that in the [show notes. 00:32:28] Thank you so much for your time. I really do appreciate it.Scott: Thank you, Corey. Right back at you.Corey: Scott Johnston, CEO of Docker. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with a comment telling me that Docker isn't interested in at all because here's how to do exactly what Docker does in LPARs on your mainframe until the AWS/400 comes to [unintelligible 00:33:02].Scott: [laugh].Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

About EmmaEmma Bostian is a Software Engineer at Spotify in Stockholm. She is also a co-host of the Ladybug Podcast, author of Decoding The Technical Interview Process, and an instructor at LinkedIn Learning and Frontend Masters.Links: Ladybug Podcast: https://www.ladybug.dev LinkedIn Learning: https://www.linkedin.com/learning/instructors/emma-bostian Frontend Masters: https://frontendmasters.com/teachers/emma-bostian/ Decoding the Technical Interview Process: https://technicalinterviews.dev Twitter: https://twitter.com/emmabostian TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at Jellyfish. So, you're sitting in front of your office chair, bleary eyed, parked in front of a powerpoint and—oh my sweet feathery Jesus its the night before the board meeting, because of course it is! As you slot that crappy screenshot of traffic light colored excel tables into your deck, or sift through endless spreadsheets looking for just the right data set, have you ever wondered, why is it that sales and marketing get all this shiny, awesome analytics and inside tools? Whereas, engineering basically gets left with the dregs. Well, the founders of Jellyfish certainly did. That's why they created the Jellyfish Engineering Management Platform, but don't you dare call it JEMP! Designed to make it simple to analyze your engineering organization, Jellyfish ingests signals from your tech stack. Including JIRA, Git, and collaborative tools. Yes, depressing to think of those things as your tech stack but this is 2021. They use that to create a model that accurately reflects just how the breakdown of engineering work aligns with your wider business objectives. In other words, it translates from code into spreadsheet. When you have to explain what you're doing from an engineering perspective to people whose primary IDE is Microsoft Powerpoint, consider Jellyfish. Thats Jellyfish.co and tell them Corey sent you! Watch for the wince, thats my favorite part.Corey: This episode is sponsored in part by Liquibase. If you're anything like me, you've screwed up the database part of a deployment so severely that you've been banned from touching every anything that remotely sounds like SQL, at at least three different companies. We've mostly got code deployments solved for, but when it comes to databases we basically rely on desperate hope, with a roll back plan of keeping our resumes up to date. It doesn't have to be that way. Meet Liquibase. It is both an open source project and a commercial offering. Liquibase lets you track, modify, and automate database schema changes across almost any database, with guardrails to ensure you'll still have a company left after you deploy the change. No matter where your database lives, Liquibase can help you solve your database deployment issues. Check them out today at liquibase.com. Offer does not apply to Route 53.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. One of the weird things that I've found in the course of, well, the last five years or so is that I went from absolute obscurity to everyone thinking that I know everyone else because I have thoughts and opinions on Twitter. Today, my guest also has thoughts and opinions on Twitter. The difference is that what she has to say is actually helpful to people. My guest is Emma Bostian, software engineer at Spotify, which is probably, if we can be honest about it, one of the least interesting things about you. Thanks for joining me.Emma: Thanks for having me. That was quite the intro. I loved it.Corey: I do my best and I never prepare them, which is a blessing and a curse. When ADHD is how you go through life and you suck at preparation, you've got to be good at improv. So, you're a co-host of the Ladybug Podcast. Let's start there. What is that podcast? And what's it about?Emma: So, that podcast is just my three friends and I chatting about career and technology. We all come from different backgrounds, have different journeys into tech. I went the quote-unquote, “Traditional” computer science degree route, but Ali is self-taught and works for AWS, and Kelly she has, like, a master's in psychology and human public health and runs her own company. And then Sydney is an awesome developer looking for her next role. So, we all come from different places and we just chat about career in tech.Corey: You're also an instructor at LinkedIn Learning and Frontend Masters. I'm going to guess just based upon the name that you are something of a frontend person, which is a skill set that has constantly eluded me for 20 years, as given evidence by every time I've tried to build something that even remotely touches frontend or JavaScript in any sense.Emma: Yeah, to my dad's disdain, I have stuck with the frontend; he really wanted me to stay backend. I did an internship at IBM in Python, and you know, I learned all about assembly language and database, but frontend is what really captures my heart.Corey: There's an entire school of thought out there from a constituency of Twitter that I will generously refer to as shitheads that believe, “Oh, frontend is easy and it's somehow less than.” And I would challenge anyone who holds that perspective to wind up building an interface that doesn't look like crap first, then come and talk to me. Spoiler, you will not say that after attempting to go down that rabbit hole. If you disagree with this, you can go ahead and yell at me on Twitter so I know where you're hiding, so I can block you. Now, that's all well and good, but one of the most interesting things that you've done that aligns with topics near and dear to my heart is you wrote a book.Now, that's not what's near and dear to my heart; I have the attention span to write a tweet most days. But the book was called Decoding the Technical Interview Process. Technical interviewing is one of those weird things that comes up from time to time, here and everywhere else because it's sort of this stylized ritual where we evaluate people on a number of skills that generally don't reflect in their day-to-day; it's really only a series of skills that you get better by practicing, and you only really get to practice them when you're interviewing for other jobs. That's been my philosophy, but again, I've written a tweet on this; you've written a book. What's the book about and what drove you to write it?Emma: So, the book covers everything from an overview of the interview process, to how do you negotiate a job offer, to systems design, and talks about load balancing and cache partitioning, it talks about what skills you need from the frontend side of things to do well on your JavaScript interviews. I will say this, I don't teach HTML, CSS, and JavaScript in-depth in the book because there are plenty of other resources for that. And some guy got mad at me about that the other day and wanted a refund because I didn't teach the skills, but I don't need to. [laugh]. And then it covers data structures and algorithms.They're all written in JavaScript, they have easy to comprehend diagrams. What drove me to write this is that I had just accepted a job offer in Stockholm for a web developer position at Spotify. I had also just passed my Google technical interviews, and I finally realized, holy crap, maybe I do know what I'm doing in an interview now. And this was at the peak of when people were getting laid off due to COVID and I said, “You know what? I have a lot of knowledge. And if I have a computer science degree and I was able to get through some of the hardest technical interviews, I think I should share that with the community.”Because some people didn't go through a CS degree and don't understand what a linked list is. And that's not their fault. It's just unfortunately, there weren't a lot of great resources—especially for web developers out there—to learn these concepts. Cracking the Coding Interview is a great book, but it's written in backend language and it's a little bit hard to digest as a frontend developer. So, I decided to write my own.Corey: How much of the book is around the technical interview process as far as ask, “Here's how you wind up reversing linked lists,” or, “Inverting a binary tree,” or whatever it is where you're tracing things around without using a pointer, how do you wind up detecting a loop in a recursive whatever it is—yeah, as you can tell, I'm not a computer science person at all—versus how much of it is, effectively, interview 101 style skills for folks who are even in non-technical roles could absorb?Emma: My goal was, I wanted this to be approachable by anyone without extensive technical knowledge. So, it's very beginner-friendly. That being said, I cover the basic data structures, talking about what traditional methods you would see on them, how do you code that, what does that look like from a visual perspective with fake data? I don't necessarily talk about how do you reverse a binary tree, but I do talk about how do you balance it if you remove a node? What if it's not a leaf node? What if it has children? Things like that.It's about [sigh] I would say 60/40, where 40% is coding and technical stuff, but maybe—eh, it's a little bit closer to 50/50; it kind of depends. I do talk about the take-home assessment and tips for that. When I do a take-home assessment, I like to include a readme with things I would have done if I had more time, or these are performance trade-offs that I made; here's why. So, there's a lot of explanation as to how you can improve your chances at moving on to the next round. So yeah, I guess it's 50/50.I also include a section on tips for hiring managers, how to create an inclusive and comfortable environment for your candidates. But it's definitely geared towards candidates, and I would say it's about 50/50 coding tech and process stuff.Corey: One of the problems I've always had with this entire industry is it feels like we're one of the only industries that does this, where we bring people in, and oh, you've been an engineer for 15 years at a whole bunch of companies I've recognized, showing career progression, getting promoted at some of them transitioning from high-level role to high-level role. “Great, we are so glad that you came in to interview. Now, up to the whiteboard, please, and implement FizzBuzz because I have this working theory that you don't actually know how to code, and despite the fact that you've been able to fake your way through it at big companies for 15 years, I'm the one that's going to catch you out with some sort of weird trivia question.” It's this adversarial, almost condescending approach and I don't see it in any other discipline than tech. Is that just because I'm not well-traveled enough? Is that because I'm misunderstanding the purpose of all of these things? Or, what is this?Emma: I think partially it was a gatekeeping solution for a while, for people who are comfortable in their roles and may be threatened by people who have come through different paths to get to tech. Because software engineer used to be an accredited title that you needed a degree or certification to get. And in some countries it still is, so you'll see this debate sometimes about calling yourself a software engineer if you don't have that accreditation. But in this day and age, people go through boot camps, they can come from other industries, they can be self-taught. You don't need a computer science degree, and I think the interview process has not caught up with that.I will say [laugh] the worst interview I had was at IBM when I was already working there. I was already a web developer there, full-time. I was interviewing for a role, and I walked into the room and there were five guys sitting at a table and they were like, “Get up to the whiteboard.” It was for a web development job and they quizzed me about Java. And I was like, “Um, sir, I have not done Java since college.” And they were like, “We don't care.”Corey: Oh, yeah, coding on a whiteboard in front of five people who already know the answer—Emma: Horrifying.Corey: —during a—for them, it's any given Tuesday, and for you, it is a, this will potentially determine the course that your career takes from this point forward. There's a level of stress that goes into that never exists in our day-to-day of building things out.Emma: Well, I also think it's an artificial environment. And why, though? Like, why is this necessary? One of the best interviews I had was actually with Gatsby. It was for an open-source maintainer role, and they essentially let me try the product before I bought it.Like, they let me try out doing the job. It was a paid process, they didn't expect me to do it for free. I got to choose alternatives if I wanted to do one thing or another, answer one question or another, and this was such an exemplary process that I always bring it up because that is a modern interview process, when you are letting people try the position. Now granted, not everyone can do this, right? We've got parents, we've got people working two jobs, and not everyone can afford to take the time to try out a job.But who can also afford a five-stage interview process that still warrants taking vacation days? So, I think at least—at the very least—pay your candidates if you can.Corey: Oh, yeah. One of the best interviews I've ever had was at a company called Three Rings Design, which is now defunct, unfortunately, but it was fairly typical ops questions of, “Yeah, here's an AWS account. Spin up a couple EC2 instances, load balance between them, have another one monitored. You know, standard op stuff. And because we don't believe in asking people to work for free, we'll pay you $300 upon completion of the challenge.”Which, again, it's not huge money for doing stuff like that, but it's also, this shows a level of respect for my time. And instead of giving me a hard deadline of when it was due, they asked me, “When can we expect this by?” Which is a great question in its own right because it informs you about a candidate's ability to set realistic deadlines and then meet them, which is one of those useful work things. And they—unlike most other companies I spoke with in that era—were focused on making it as accommodating for the candidate as possible. They said, “We're welcome to interview you during the workday; we can also stay after hours and have a chat then, if that's more convenient for your work schedule.”Because they knew I was working somewhere else; an awful lot of candidates are. And they just bent over backwards to be as accommodating as possible. I see there's a lot of debate these days in various places about the proper way to interview candidates. No take-home because biases for people who don't have family obligations or other commitments outside of work hours. “Okay, great, so I'm going to come in interview during the day?” “No. That biases people who can't take time off.” And, on some level, it almost seems to distill down to no one likes any way that there is of interviewing candidates, and figuring out a way that accommodates everyone is a sort of a fool's errand. It seems like there is no way that won't get you yelled at.Emma: I think there needs to be almost like a choose your own adventure. What is going to set you up for success and also allow you to see if you want to even work that kind of a job in the first place? Because I thought on paper, open-source maintainer sounds awesome. And upon looking into the challenges, I'm like, “You know what? I think I'd hate this job.”And I pulled out and I didn't waste their time and they didn't waste mine. So, when you get down to it, honestly, I wish I didn't have to write this book. Did it bring me a lot of benefit? Yeah. Let's not sugarcoat that. It allowed me to pay off my medical debt and move across a continent, but that being said, I wish that we were at a point in time where that did not need to exist.Corey: One of the things that absolutely just still gnaws at me even years later, is I interviewed at Google twice, and I didn't get an offer either time, I didn't really pass their technical screen either time. The second one that really sticks out in my mind where it was, “Hey, write some code in a Google Doc while we watch remotely,” and don't give you any context or hints on this. And just it was—the entire process was sitting there listening to them basically, like, “Nope, not what I'm thinking about. Nope, nope, nope.” It was… by the end of that conversation, I realized that if they were going to move forward—which they didn't—I wasn't going to because I didn't want to work with people that were that condescending and rude.And I've held by it; I swore I would never apply there again and I haven't. And it's one of those areas where, did I have the ability to do the job? I can say in hindsight, mostly. Were there things I was going to learn as I went? Absolutely, but that's every job.And I'm realizing as I see more and more across the ecosystem, that they were an outlier in a potentially good way because in so many other places, there's no equivalent of the book that you have written that is given to the other side of the table: how to effectively interview candidates. People lose sight of the fact that it's a sales conversation; it's a two-way sale, they have to convince you to hire them, but you also have to convince them to work with you. And even in the event that you pass on them, you still want them to say nice things about you because it's a small industry, all things considered. And instead, it's just been awful.Emma: I had a really shitty interview, and let me tell you, they have asked me subsequently if I would re-interview with them. Which sucks; it's a product that I know and love, and I've talked about this, but I had the worst experience. Let me clarify, I had a great first interview with them, and I was like, “I'm just not ready to move to Australia.” Which is where the job was. And then they contacted me again a year later, and it was the worst experience of my life—same recruiter—it was the ego came out.And I will tell you what, if you treat your candidates like shit, they will remember and they will never recommend people interview for you. [laugh]. I also wanted to mention about accessibility because—so we talked about, oh, give candidates the choice, which I think the whole point of an interview should be setting your candidates up for success to show you what they can do. And I talked with [Stephen 00:14:09]—oh, my gosh, I can't remember his last name—but he is a quadriplegic and he types with a mouthstick. And he was saying he would go to technical interviews and they would not be prepared to set him up for success.And they would want to do these pair programming, or, like, writing on a whiteboard. And it's not that he can't pair program, it's that he was not set up for success. He needed a mouthstick to type and they were not prepared to help them with that. So, it's not just about the commitment that people need. It's also about making sure that you are giving candidates what they need to give the best interview possible in an artificial environment.Corey: One approach that people have taken is, “Ah, I'm going to shortcut this and instead of asking people to write code, I'm going to look at their work on GitHub.” Which is, in some cases, a great way to analyze what folks are capable of doing. On the other, well, there's a lot of things that play into that. What if they're working in environment where they don't have the opportunity to open-source their work? What if people consider this a job rather than an all-consuming passion?I know, perish the thought. We don't want to hire people like that. Grow up. It's not useful, and it's not helpful. It's not something that applies universally, and there's an awful lot of reasons why someone's code on GitHub might be materially better—or worse—than their work product. I think that's fine. It's just a different path toward it.Emma: I don't use GitHub for largely anything except just keeping repositories that I need. I don't actively update it. And I have, like, a few thousand followers; I'm like, “Why the hell do you guys follow me? I don't do anything.” It's honestly a terrible representation.That being said, you don't need to have a GitHub repository—an active one—to showcase your skills. There are many other ways that you can show a potential employer, “Hey, I have a lot of skills that aren't necessarily showcased on my resume, but I like to write blogs, I like to give tech talks, I like to make YouTube videos,” things of that nature.Corey: I had a manager once who refused to interview anyone who didn't have a built-out LinkedIn profile, which is also one of these bizarre things. It's, yeah, a lot of people don't feel the need to have a LinkedIn profile, and that's fine. But the idea that, “Oh, yeah, they have this profile they haven't updated in a couple years, it's clearly they're not interested in looking for work.” It's, yeah. Maybe—just a thought here—your ability to construct a resume and build it out in the way that you were expecting is completely orthogonal to how effective they might be in the role. The idea that someone not having a LinkedIn profile somehow implies that they're sketchy is the wrong lesson to take from all of this. That site is terrible.Emma: Especially when you consider the fact that LinkedIn is primarily used in the United States as a social—not social networking—professional networking tool. In Germany, they use Xing as a platform; it's very similar to LinkedIn, but my point is, if you're solely looking at someone's LinkedIn as a representation of their ability to do a job, you're missing out on many candidates from all over the world. And also those who, yeah, frankly, just don't—like, they have more important things to be doing than updating their LinkedIn profile. [laugh].Corey: On some level, it's the idea of looking at a consultant, especially independent consultant type, when their website is glorious and up-to-date and everything's perfect, it's, oh, you don't really have any customers, do you? As opposed to the consultants you know who are effectively sitting there with a waiting list, their website looks like crap. It's like, “Is this Geocities?” No. It's just that they're too busy working on the things that bring the money instead of the things that bring in business, in some respects.Let's face it, websites don't. For an awful lot of consulting work, it's word of mouth. I very rarely get people finding me off of Google, clicking a link, and, “Hey, my AWS bill is terrible. Can you help us with it?” It happens, but it's not something that happens so frequently that we want to optimize for it because that's not where the best customers have been coming from. Historically, it's referrals, it's word of mouth, it's people seeing the aggressive shitposting I engage in on Twitter and saying, “Oh, that's someone that should help me with my Amazon bill.” Which I don't pretend to understand, but I'm still going to roll with it.Emma: You had mentioned something about passion earlier, and I just want to say, if you're a hiring manager or recruiter, you shouldn't solely be looking at candidates who superficially look like they're passionate about what they do. Yes, that is—it's important, but it's not something that—like, I don't necessarily choose one candidate over the other because they push commits, and open pull requests on GitHub, and open-source, and stuff. You can be passionate about your job, but at the end of the day, it's still a job. For me, would I be working if I had to? No. I'd be opening a bookstore because that's what I would really love to be doing. But that doesn't mean I'm not passionate about my job. I just show it in different ways. So, just wanted to put that out there.Corey: Oh, yeah. The idea that you must eat, sleep, live, and breathe is—hell with that. One of the reasons that we get people to work here at The Duckbill Group is, yeah, we care about getting the job done. We don't care about how long it takes or when you work; it's oh, you're not feeling well? Take the day off.We have very few things that are ‘must be done today' style of things. Most of those tend to fall on me because it's giving a talk at a conference; they will not reschedule the conference for you. I've checked. So yeah, that's important, but that's not most days.Emma: Yeah. It's like programming is my job, it's not my identity. And it's okay if it is your primary hobby if that is how you identify, but for me, I'm a person with actual hobbies, and, you know, a personality, and programming is just a job for me. I like my job, but it's just a job.Corey: And on the side, you do interesting things like wrote a book. You mentioned earlier that it wound up paying off some debt and helping cover your move across an ocean. Let's talk a little bit about that because I'm amenable to the idea of side projects that accidentally have a way of making money. That's what this podcast started out as. If I'm being perfectly honest, and started out as something even more self-serving than that.It's, well if I reach out to people in this industry that are doing interesting things and ask them to grab a cup of coffee, they'll basically block me, whereas if I ask them to, would you like to appear on my podcast, they'll clear time on their schedule. I almost didn't care if my microphone was on or not when I was doing these just because it was a chance to talk to really interesting people and borrow their brain, people reached out asking they can sponsor it, along with the newsletter and the rest, and it's you want to give me money? Of course, you can give me money. How much money? And that sort of turned into a snowball effect over time.Five years in, it's turned into something that I would never have predicted or expected. But it's weird to me still, how effective doing something you're actually passionate about as a side project can sort of grow wings on its own. Where do you stand on that?Emma: Yeah, it's funny because with the exception of the online courses that I've worked with—I mentioned LinkedIn Learning and Frontend Masters, which I knew were paid opportunities—none of my side projects started out for financial reasonings. The podcast that we started was purely for fun, and the sponsors came to us. Now, I will say right up front, we all had pretty big social media followings, and my first piece of advice to anyone looking to get into side projects is, don't focus so much on making money at the get-go. Yes, to your point, Corey, focus on the stuff you're passionate about. Focus on engaging with people on social media, build up your social media, and at that point, okay, monetization will slowly find its way to you.But yeah, I say if you can monetize the heck out of your work, go for it. But also, free content is also great. I like to balance my paid content with my free content because I recognize that not everyone can afford to pay for some of this information. So, I generally always have free alternatives. And for this book that we published, one of the things that was really important to me was keeping it affordable.The first publish I did was $10 for the book. It was like a 250-page book. It was, like, $10 because again, I was not in it for the money. And when I redid the book with the egghead.io team, the same team that did Epic React with Kent C. Dodds, I said, “I want to keep this affordable.” So, we made sure it was still affordable, but also that we had—what's it called? Parity pricing? Pricing parity, where depending on your geographic location, the price is going to accommodate for how the currency is doing. So, yes, I would agree. Side project income for me allows me to do incredible stuff, but it wasn't why I got into it in the first place. It was genuinely just a nice-to-have.Corey: I haven't really done anything that asks people for money directly. I mean, yeah, I sell t-shirts on the website, and mugs, and drink umbrellas—don't get me started—but other than that and the charity t-shirt drive I do every year, I tend to not be good at selling things that don't have a comma in the price tag. For me, it was about absolutely building an audience. I tend to view my Twitter follower count as something of a proxy for it, but the number I actually care about, the audience that I'm focused on cultivating, is newsletter subscribers because no social media platform that we've ever seen has lasted forever. And I have to imagine that Twitter will one day wane as well.But email has been here since longer than we'd been alive, and by having a list of email addresses and ways I can reach out to people on an ongoing basis, I can monetize that audience in a more direct way, at some point should I need them to. And my approach has been, well, one, it's a valuable audience for some sponsors, so I've always taken the asking corporate people for money is easier than asking people for personal money, plus it's a valuable audience to them, so it tends to blow out a number of the metrics that you would normally expect of, oh, for this audience size, you should generally be charging Y dollars. Great. That makes sense if you're slinging mattresses or free web hosting, but when it's instead, huh, these people buy SaaS enterprise software and implement it at their companies, all of economics tend to start blowing apart. Same story with you in many respects.The audience that you're building is functionally developers. That is a lucrative market for the types of sponsors that are wise enough to understand that—in a lot of cases these days—which product a company is going to deploy is not dictated by their exec so much as it is the bottom-up adoption path of engineers who like the product.Emma: Mm-hm. Yeah, and I think once I got to maybe around 10,000 Twitter followers is when I changed my mentality and I stopped caring so much about follower count, and instead I just started caring about the people that I was following. And the number is a nice-to-have but to be honest, I don't think so much about it. And I do understand, yes, at that point, it is definitely a privilege that I have this quote-unquote, “Platform,” but I never see it as an audience, and I never think about that “Audience,” quote-unquote, as a marketing platform. But it's funny because there's no right or wrong. People will always come to you and be like, “You shouldn't monetize your stuff.” And it's like—Corey: “Cool. Who's going to pay me then? Not you, apparently.”Emma: Yeah. It's also funny because when I originally sold the book, it was $10 and I got so many people being like, “This is way too cheap. You should be charging more.” And I'm like, “But I don't care about the money.” I care about all the people who are unemployed and not able to survive, and they have families, and they need to get a job and they don't know how.That's what I care about. And I ended up giving away a lot of free books. My mantra was like, hey if you've been laid off, DM me. No questions asked, I'll give it to you for free. And it was nice because a lot of people came back, even though I never asked for it, they came back and they wanted to purchase it after the fact, after they'd gotten a job.And to me that was like… that was the most rewarding piece. Not getting their money; I don't care about that, but it was like, “Oh, okay. I was actually able to help you.” That is what's really the most rewarding. But yeah, certainly—and back really quickly to your email point, I highly agree, and one of the first things that I would recommend to anyone looking to start a side product, create free content so that you have a backlog that people can look at to… kind of build trust.Corey: Give it away for free, but also get emails from people, like a trade for that. So, it's like, “Hey, here's a free guide on how to start a podcast from scratch. It's free, but all I would like is your email.” And then when it comes time to publish a course on picking the best audio and visual equipment for that podcast, you have people who've already been interested in this topic that you can now market to.This episode is sponsored by our friends at Oracle Cloud. Counting the pennies, but still dreaming of deploying apps instead of "Hello, World" demos? Allow me to introduce you to Oracle's Always Free tier. It provides over 20 free services and infrastructure, networking databases, observability, management, and security.And - let me be clear here - it's actually free. There's no surprise billing until you intentionally and proactively upgrade your account. This means you can provision a virtual machine instance or spin up an autonomous database that manages itself all while gaining the networking load, balancing and storage resources that somehow never quite make it into most free tiers needed to support the application that you want to build.With Always Free you can do things like run small scale applications, or do proof of concept testing without spending a dime. You know that I always like to put asterisks next to the word free. This is actually free. No asterisk. Start now. Visit https://snark.cloud/oci-free that's https://snark.cloud/oci-free.Corey: I'm not sitting here trying to judge anyone for the choices that they make at all. There are a lot of different paths to it. I'm right there with you. One of the challenges I had when I was thinking about, do I charge companies or do I charge people was that if I'm viewing it through a lens of audience growth, well, what stuff do I gate behind a paywall? What stuff don't I? Well, what if I just—Emma: Mm-hm.Corey: —gave it all away? And that way I don't have to worry about the entire class of problems that you just alluded to of, well, how do I make sure this is fair? Because a cup of coffee in San Francisco is, what, $14 in some cases? Whereas that is significant in places that aren't built on an economy of foolishness. How do you solve for that problem? How do you deal with the customer service slash piracy issues slash all the other nonsense? And it's just easier.Emma: Yeah.Corey: Something I've found, too, is that when you're charging enough money to companies, you don't have to deal with an entire class of customer service problem. You just alluded to the other day that well, you had someone who bought your book and was displeased that it wasn't a how to write code from scratch tutorial, despite the fact that he were very clear on what it is and what it isn't. I don't pretend to understand that level of entitlement. If I spend 10 or 20 bucks on an ebook, and it's not very good, let's see, do I wind up demanding a refund from the author and making them feel bad about it, or do I say, “The hell with it.” And in my case, I—there is privilege baked into this; I get that, but it's I don't want to make people feel bad about what they've built. If I think there's enough value to spend money on it I view that as a one-way transaction, rather than chasing someone down for three months, trying to get a $20 refund.Emma: Yeah, and I think honestly, I don't care so much about giving refunds at all. We have a 30-day money-back guarantee and we don't ask any questions. I just asked this person for feedback, like, “Oh, what was not up to par?” And it was just, kind of like, BS response of like, “Oh, I didn't read the website and I guess it's not what I wanted.” But the end of the day, they still keep the product.The thing is, you can't police all of the people who are going to try to get your content for free if you're charging for it; it's part of it. And I knew that when I got into it, and honestly, my thing is, if you are circulating a book that helps you get a job in tech and you're sending it to all your friends, I'm not going to ask any questions because it's very much the sa—and this is just my morals here, but if I saw someone stealing food from a grocery store, I wouldn't tell on them because at the end of the day, if you're s—Corey: Same story. You ever see someone's stealing baby formula from a store? No, you didn't.Emma: Right.Corey: Keep walking. Mind your business.Emma: Exactly. Exactly. So, at the end of the day, I didn't necessarily care that—people are like, “Oh, people are going to share your book around. It's a PDF.” I'm like, “I don't care. Let them. It is what it is. And the people who wants to support and can, will.” But I'm not asking.I still have free blogs on data structures, and algorithms, and the interview stuff. I do still have content for free, but if you want more, if you want my illustrated diagrams that took me forever with my Apple Pencil, fair enough. That would be great if you could support me. If not, I'm still happy to give you the stuff for free. It is what it is.Corey: One thing that I think is underappreciated is that my resume doesn't look great. On paper, I have an eighth-grade education, and I don't have any big tech names on my resume. I have a bunch of relatively short stints; until I started this place, I've never lasted more than two years anywhere. If I apply through the front door the way most people do for a job, I will get laughed out of the room by the applicant tracking system, automatically. It'll never see a human.And by doing all these side projects, it's weird, but let's say that I shut down the company for some reason, and decide, ah, I'm going to go get a job now, my interview process—more or less, and it sounds incredibly arrogant, but roll with it for a minute—is, “Don't you know who I am? Haven't you heard of me before?” It's, “Here's my website. Here's all the stuff I've been doing. Ask anyone in your engineering group who I am and you'll see what pops up.”You're in that same boat at this point where your resume is the side projects that you've done and the audience you've built by doing it. That's something that I think is underappreciated. Even if neither one of us made a dime through direct monetization of things that we did, the reputational boost to who we are and what we do professionally seems to be one of those things that pays dividends far beyond any relatively small monetary gain from it.Emma: Absolutely, yeah. I actually landed my job interview with Spotify through Twitter. I was contacted by a design systems manager. And I was in the interview process for them, and I ended up saying, “You know, I'm not ready to move to Stockholm. I just moved to Germany.”And a year later, I circled back and I said, “Hey, are there any openings?” And I ended up re-interviewing, and guess what? Now, I have a beautiful home with my soulmate and we're having a child. And it's funny how things work out this way because I had a Twitter account. And so don't undervalue [laugh] social media as a tool in lieu of a resume because I don't think anyone at Spotify even saw my resume until it actually accepted the job offer, and it was just a formality.So yeah, absolutely. You can get a job through social media. It's one of the easiest ways. And that's why if I ever see anyone looking for a job on Twitter, I will retweet, and vouch for them if I know their work because I think that's one of the quickest ways to finding an awesome candidate.Corey: Back in, I don't know, 2010, 2011-ish. I was deep in the IRC weed. I was network staff on the old freenode network—not the new terrible one. The old, good one—and I was helping people out with various things. I was hanging out in the Postfix channel and email server software thing that most people have the good sense not to need to know anything about.And someone showed up and was asking questions about their config, and I was working with them, and teasing them, and help them out with it. And at the end of it, his comment was, “Wow, you're really good at this. Any chance you'd be interested in looking for jobs?” And the answer was, “Well, sure, but it's a global network. Where are you?”Well, he was based in Germany, but he was working remotely for Spotify in Stockholm. A series of conversations later, I flew out to Stockholm and interviewed for a role that they decided I was not a fit for—and again, they're probably right—and I often wonder how my life would have gone differently if the decision had gone the other way. I mean, no hard feelings, please don't get me wrong, but absolutely, helping people out, interacting with people over social networks, or their old school geeky analogs are absolutely the sorts of things that change lives. I would never have thought to apply to a role like that if I had been sitting here looking at job ads because who in the world would pick up someone with relatively paltry experience and move them halfway around the world? This was like a fantasy, not a reality.Emma: [laugh].Corey: It's the people you get to know—Emma: Yeah.Corey: —through these social interactions on various networks that are worth… they're worth gold. There's no way to describe it other than that.Emma: Yeah, absolutely. And if you're listening to this, and you're discouraged because you got turned down for a job, we've all been there, first of all, but I remember being disappointed because I didn't pass my first round of interviews of Google the first time I interviewed with them, and being, like, “Oh, crap, now I can't move to Munich. What am I going to do with my life?” Well, guess what, look where I am today. If I had gotten that job that I thought was it for me, I wouldn't be in the happiest phase of my life.And so if you're going through it—obviously, in normal circumstances where you're not frantically searching for a job; if you're in more of a casual life job search—and you've been let go from the process, just realize that there's probably something bigger and better out there for you, and just focus on your networking online. Yeah, it's an invaluable tool.Corey: One time when giving a conference talk, I asked, “All right, raise your hand if you have never gone through a job interview process and then not been offered the job.” And a few people did. “Great. If your hand is up, aim higher. Try harder. Take more risks.”Because fundamentally, job interviews are two-way streets and if you are only going for the sure thing jobs, great, stretch yourself, see what else is out there. There's no perfect attendance prize. Even back in school there wasn't. It's the idea of, “Well, I've only ever taken the easy path because I don't want to break my streak.” Get over it. Go out and interview more. It's a skill, unlike most others that you don't get to get better at unless you practice it.So, you've been in a job for ten years, and then it's time to move on—I've talked to candidates like this—their interview skills are extremely rusty. It takes a little bit of time to get back in the groove. I like to interview every three to six months back when I was on the job market. Now that I, you know, own the company and have employees, it looks super weird if I do it, but I miss it. I miss those conversations. I miss the aspects—Emma: Yes.Corey: —of exploring what the industry cares about.Emma: Absolutely. And don't underplay the importance of studying the foundational language concepts. I see this a lot in candidates where they're so focused on the newest and latest technologies and frameworks, that they forgot foundational JavaScript, HTML, and CSS. Many companies are focused primarily on these plain language concepts, so just make sure that when you are ready to get back into interviewing and enhance that skill, that you don't neglect the foundation languages that the web is built on if you're a web developer.Corey: I'd also take one last look around and realize that every person you admire, every person who has an audience, who is a known entity in the space only has that position because someone, somewhere did them a favor. Probably lots of someones with lots of favors. And you can't ever pay those favors back. All you can do is pay it forward. I repeatedly encourage people to reach out to me if there's something I can do to help. And the only thing that surprises me is how few people in the audience take me up on that. I'm talking to you, listener. Please, if I can help you with something, please reach out. I get a kick out of doing that sort of thing.Emma: Absolutely. I agree.Corey: Emma, thank you so much for taking the time to speak with me today. If people want to learn more, where can they find you?Emma: Well, you can find me on Twitter. It's just @EmmaBostian, I'm, you know, shitposting over there on the regular. But sometimes I do tweet out helpful things, so yeah, feel free to engage with me over there. [laugh].Corey: And we will, of course, put a link to that in the [show notes 00:35:42]. Thank you so much for taking the time to speak with me today. I appreciate it.Emma: Yeah. Thanks for having me.Corey: Emma Bostian, software engineer at Spotify and oh, so very much more. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an incoherent ranting comment mentioning that this podcast as well failed to completely teach you JavaScript.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

You should never host your own email, so we’ve gone and done just that. What we learned trying to build an email server in 2021. Plus our take on Ubuntu 21.04, become a master of your schedule with our pick, and a Garage Sale update.

In this month's round-up we cover the latest C++ committee plenary session, what's been approved to go into the C++23 standard, other proposals being worked on, news about Concepts and Modules, Clang Power Tools, Postfix completions in CLion and the C & C++ browser Search Extension

Welcome!   It is now up to 100s of thousands of organizations that have been affected by this Microsoft Exchange Server Vulnerability and it was so large that you could drive a freight train through it.  Oh yes -- Microsoft did issue a patch but that did not fix the problem which was the backdoor that the bad guys installed.  Nation-states, especially China and Russia have been spying on us an it will take a lot of research to determine what information they were able to get their hands on and what damage they can do with that information.  We have deep fakes in the news again and there is more so be sure to Listen in. For more tech tips, news, and updates, visit - CraigPeterson.com. --- Tech Articles Craig Thinks You Should Read: Tens of thousands of US organizations hit in ongoing Microsoft Exchange hack Samsung just out-Googled the Pixel at guaranteeing Android updates Google’s Getting Rid of Third-Party Cookies, But Their Replacement Is a Terrible Idea Google claims it will stop tracking individual users for ads Tesla asks fans to lobby the government on its behalf Make Deepfake Videos of Your Ancestors, But Consider Your Data Privacy When Making MyHeritage 'Deepfakes'   China’s and Russia’s spying sprees will take years to Unpack A new type of supply-chain attack with serious consequences is flourishing --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] If you've been listening to me for a while, you may not believe this, but I've got a recommendation here on Android phones. Coming up we're going to talk about Google's new replacement for cookies, and a little bit about what Teslas' been up to. I don't like this. I have never been a fan of Android phones, and you know why I haven't been a fan? The biggest problem with Android phones is the lack of security updates. That really does concern me a lot. Google also has not been the best when it comes to the Playstore and making sure that everything on the store is actually safe. Here is some very promising news for people who like the Android platform or maybe dislike the Apple platform for one reason or another. Frankly, there's a lot of reasons there too. Samsung has always been the leader when it comes to keeping their number one phones updated in the past. I've always said, make sure you can get updates. Samsung with its Galaxy phones has been good for about two years. They provide you with the security updates you need with some patches. Even if Google comes out with a patch, most of the phones out there that are running Android, do not get the updates. Ever. Some of these phones are older, they don't bother supporting them. Some manufacturers drop support within months after you buy the phone. Samsung has been good for about two years. So my rule of thumb has always been, if you're going to buy Android, if you gotta do it. Stick with Samsung and stick with their number one model. It is now promising four years of security updates for more than 130 Galaxy phones. That's pretty big when you consider that frankly, Android phones have been the butt of many a joke over the years. Samsung is working pretty hard to make sure that they are really able to deliver for the Galaxy owners. Now, this is cool because Samsung just early, I think, this year it was that the Samsung promise that most new Galaxy phones would be getting about three generations of Android version updates. Now, that amounts to a few years, as a rule, the generations in the Android world are pretty much about a year. Google has been providing updates for its own phone that it has. They provided to these other companies, like Samsung, to then take it and modify it to fit what they want and then they provide it to you. So, three generations are good. Now, they have said four years of security updates. Now, that's a pretty impressive promise. What they're trying to do is compete with Apple that has historically provided about five years of support. There's a big difference, obviously between two years and five years, but there isn't as much of a difference between four years' worth of security updates, and the five, six, seven years that Apple has been doing depending on what kind of security updates. That's very impressive. Of course, Samsung just a year ago wasn't guaranteeing anything in terms of updates. Most new phone purchases were good for a year or two of updates, but only the Pixel, which is made by Google and Android. One base phones were on the record about how long you could be getting updates from the manufacturer. Now Samsung is doing one better than Google. Remember, Google is the guy that actually provides the Android operating system. Google's only guaranteed three years of version and security updates for Pixel phones and that's not very many phones. Frankly, Google Pixel is not been selling well. It's the standard that all of the Android manufacturers use in order to have a kind of proof of concept. So this is what it should look like. This just should be how it acts. I'm looking at this list here. This thing is huge of all of these phones from Samsung that is going to be supported, here. You've got the Galaxy foldable devices. The whole family of folds. The Galaxy S series and starts at the  S 10 plus moving on to the S 20, S 25 G, S 20 plus blah, blah, blah. A bunch of different S 20 models and the S 21. That's pretty darn good. That's a lot of phones. Also, the Galaxy Note series, starting at the Note 10, all the way up to the current Note, 20 ultra-five GS the Galaxy AA series. Again, certainly, the 10 going up to eight 45, the Galaxy AMS, the up through the Galaxy X covers series and again tab series, which has been pretty popular for a lot of people. If you're thinking about picking up one of your Android phones here soon, maybe you should give a second thought to the Galaxy. Now, they're guaranteeing that they're going to provide these security updates for you for four years. Yeah. Yeah. Okay, a guarantee we'll see how long that lasts. The other problem is how quickly are they going to get it out? You'll see Apple devices, who just this week they had a security patch, they pushed it out and they expect to see 70, 80% of all of the phones with that security patch installed within a week. That's your Apple iPhones. Google comes out with a security patch. They push it out. It has to go to the vendors like Samsung and then the vendor like Samsung has to take that add the device drivers that need for all of these models. Think about that for a minute. That's a lot of device drivers. That's a lot of different models. I think it's going to take them a while to do that and then they'll get it to you. That security update that comes from Google, we've seen takes six months in the past before it gets on to your phone. If you're looking at. Security, if that's a real concern of yours and sure should be particularly after this disaster of a company called Microsoft and their windows products. Particularly now this Microsoft exchange server bug. I'm so upset with Microsoft, but you know what? We'll get into that a little bit later. The Samsung, the galaxies, the Google Androids are not designed for all of the safety and security that you really do need, frankly. When you think about the models were talking about 130 models that Samsung is going to be providing new updates for. Okay. When we look at Apple and the iPhone models let me see how many iPhone models are there out there. I'm going to Google that right now, even as we're talking. So 2007, that is when they first came up with them. Okay. So since the very first iPhone, according to the pho iPhone Wiki, there have been 29 models of the iPhone. 29. Two nine. How many did I say Samsung is going to be updating? 130. So who has an easier time of providing updates, security, updates, testing the updates, pushing the updates, having people install the updates, the company that in the last, how many years has been making iPhones yet since 2007? Okay. So all the way up to 2021, that's a lot of years. Versus the Android who has been making these Galaxy's for many years, but is only going to be providing updates back to the Galaxy S 10 from 2019. That covers the 130 models. Are you getting what I'm selling here? Are you buying it? Yeah, it's impossible. Really? For Samsung, even with all that, they're trying to do here. They're trying to help out. It's impossible for them to keep up with security-based unless they have this massive team. I don't expect that they do have a massive team that's going to be working in parallel. 130 teams, one for each phone. That just isn't happening. So again, if security is a concern, Android is not the way to go. If, for some reason you morally, ethically, religiously cannot use an iPhone and then have a solid look at Samsung because of this promise they came up with, here in the last two weeks, of four years of security updates for more than 130 phones. Finally, there is an Android phone that will have security updates at some point in time, versus what we've had over the years of really, you can only count on it for one or two years. It's just not worth it. Not a good thing. Hey, I am sending out on my newsletter, not just my show Notes, but I have also been sending out one or two other emails a week that have some very narrow training. What I've been doing is making audiograms for you guys.   This is a video that is of me speaking, explaining something.  On that video, you can see all of the words you can read along, which is great for people who are hearing impaired, or maybe you want to have that computer muted for whatever reason. It makes it easy. You can find me on YouTube, just go to Craig peterson.com/youtube, and you can catch those audiograms. You can also get them. If you are an active subscriber to my newsletter, active means you open it. You read it. I know you do. If I don't consider you active you just don't get this extra information. So, make sure you open those emails. A lot of us have been complaining about cookies and tracking for a long time. Google has finally heard us? I'm not sure about this. We're going to talk about third-party cookies, right now. Hi, everybody. Thanks for joining me, Craig Peterson here. Well, third-party cookies are where you go to a website, and that web browser kind of squeals on you, shall we say. What happens is Google, for instance, is trying to track you as you go online. As you go between websites. They're calling this kind of an advertising surveillance industry on the web. Frankly, this third-party cookie has really been an important part of this whole surveillance industry. What it does now is it allows a website to have a look at where you have been online. When I say it allows a website, it's really Google, that's doing the tracking. Obviously, you're going to a website, Google doesn't own every website out there. In fact, it barely owns any, when you look at the number of websites that are out on the internet. So Google has this whole concept of if you're visiting this site and you have visited this site and this other site, I know something about you. So it sells that information because it's seeing the pattern, right? That's the whole idea behind the advertising. Phasing out these tracking cookies and these other persistent third-party identifiers have been something people have been trying to get rid of for a very long time. The Electronic Frontier Foundation you'll find them online@eff.org has been jumping up and down trying to get everybody to pull up their socks if you will. One of the first players to really jump into this was Apple. Apple has pretty much told the whole industry, you got to stop doing some of this tracking. Some of the tracking is okay. Again, how many times have I said, if I'm looking for a Ford F-150 then I don't mind seeing ads for the Ford F-150.  Why would I want to see ads for a motor scooter when I'm looking for a pickup truck. Frankly, if I'm looking for an F-150, I expect to see ads maybe for a Chevy Silverado or a Dodge truck, does that make sense to you?  I'm looking for something and that's when I'm interested in seeing it. Google is now jumping on this bandwagon because Apple has said we are going to be doing a couple of things. We are going to be forcing you, app developers, to tell everybody exactly what you are doing with their information, what you're tracking, who you're selling it to, what it's being used for. That's a very big deal. It's got the whole advertising industry very worried. Google is coming along saying, okay, Apple will do you a little bit of one better. Of course, the biggest complaint from Facebook who ironically has been buying newspaper ads, if you can believe that. Google has been destroying the newspaper industry and now it's going to newspapers to try and get people to stop Apple from destroying Facebook's industry by blocking some of the advertising tracking that Facebook has been doing. Now, what Google is doing is looking to replace these third-party cookies. How were they going to do that? They are already doing a few rather sneaky things. For instance, they fingerprint your browser. Your browser has a fingerprint because you have certain extensions on your browser that you've added. You have your computer, which has an operating system that has a certain version. It has a certain amount of memory. It has a certain amount of disc storage. A lot of the private information, personal information about your computer can be gleaned by a website. One of the things they've been doing this, you're blocking cookies. No problem. I can still figure out who you are and they don't necessarily know exactly who you are, but they have a very good idea. One of the proposals Google has come out with is called the federated learning of cohorts, which is very ambitious and could be the replacement, if you will, for these third-party cookies that could be the most harmful. What it is is a way to make your browser do the profiling. Itself. Historically they've been able to track your browser as you go around and then they have to pull all of that information together. They pull it together and they come up with a picture of you and who you are. Yeah. You're interested in buying a pickup truck, particularly an F150. This is an example. That picture gets detailed about you, but it's something that the advertisers have to put together. What this flock or federated learning of cohorts is doing is it's boiling down your recent browsing activity into a category. They're calling this a behavioral label, and then they're sharing it with websites and advertisers. The idea is basically your web browser itself is going to put you in one or more buckets and the websites that you're visiting and the advertisers that are advertising on those websites will be able to get that label that your browser has put on you. Yeah, you like that? So what EFF is saying is that this could exacerbate many of the worst non-privacy problems with behavioral ads, including discrimination and predatory targeting. You can guess what those things mean, right? They're calling this a privacy sandbox, right? It's always the opposite. If Congress is passing a bill, that is a COVID relief bill, you can bet that there's very little to do with COVID relief in the bill. Wait a minute, actually, that's true. There's only 9% of the money in this almost $2 trillion spending plan. 9%, that actually goes to COVID relief. Instant COVID relief bill. Same thing here with Google, right? This is the privacy sandbox and it's going to be better, Google says. In the world, we have today where data brokers and ad tech giants, track and profile everybody with complete impunity. Just like Equifax has. Just like Equifax lost our personal identifiable information, our social security numbers, or addresses or names or date of birth, et cetera, et cetera. Yeah. Yeah. Okay. We pay a small fine. Yet. We go on. Are they out of business? Have they lost business? In fact, they gained business because people have been paying Equifax to monitor their credit. Oh my gosh. That framing that Google is talking about is based on a false premise that you have to choose between tracking and new tracking. Does that sound familiar? Yeah.  It's not an either-or. We really should be rejecting this whole new federated learning of cohorts proposal Google has come out with. You can bet that Apple is going to reject this outright because it's really rather terrible. If you care about your privacy on the other hand again, I look at it and say I want an F-150. I don't mind ads for pickup trucks, so what's wrong with that? Okay. There's two sides to this. I just don't like them calling me by name when I walked past a billboard. Stick around, we'll be right back. I'm a fan of much of what Elon Musk has done, what he's trying to do when it comes to technology, and being a proponent of technology. I'm not fond of Elon Musk taking over $3 billion from the taxpayers though. Hi, everybody. I appreciate you spending a couple of hours with me here on the weekend. There's so much to cover. Elon Musk it was $3 billion that he had received in government subsidies. Now we're looking at this, according to good jobs, first.org. We're looking at $4.9 billion dollars that Elon Musk has received basically from the taxpayer. It's really sad when you get right down to it. Now, Tesla got money from taxpayers he's paid some of it back. It's really the government trying to name a winner. There's a lot of competing technologies. There's even non-electric cars out there. How many of you even aware of this? That use, for instance, hydrogen instead of electricity. Now there's, of course, with any technology there's complications here and there. Hydrogen is absolutely amazing. It's an electric car. You fill it up with hydrogen and the only byproduct of the burning, if you will, the hydrogen, is water. In fact, it doesn't burn the hydrogen. It combines it with oxygen to make the water and produce electricity all at the same time. Very cool. There are some prototypes out already on the roads out in California and some other places around the world. When the government's giving out billions of dollars to electric cars, they're effectively naming a winner. Aren't they? Does that make sense? I don't think so. We've got to have a free market and this is not a way to have a free market. It's just like with solar, wind, some of these other technologies where the government is taking our tax dollars and is saying this particular technology, and even worse, look at Solyndra, look at some of these others just absolute debacles. Now, even worse they give money to a specific company within a certain industry. That is not a good thing. Government has a terrible record at picking winners. Even investors, you look at people who are angel investors and who are venture capitalists. They are lucky. If they make money in one of 10 of their investments. It is not a great way for them to make money. A professional investor does terribly. Imagine how poorly a politician does.  The politician is going to be listening to the people knocking on their door, saying here's some money for next time you run for the house or Senate. Or locally, in local elections, it even happens. That is a very bad thing. It's been proven again, and again over particularly in the last about 140 years. Governments' terrible about picking winners. Yet they do it every day of the week. Tesla has gotten money, right? Some, of its tax benefits, some of it is actual cash.  The bottom line, they've some great technology. Now what's happening is Tesla is asking Tesla fans to lobby the government on its behalf. Great article by Rachel Kraus over on Mashable about this week. I love it. She says a Tesla fan. Your mission. Should you choose to accept it is to go to bat politically for the company. Check this out online. You might want to too because Tesla has launched a new online portal called the Tesla engagement platform. CNBC spotted this about a week ago, and this is a hub where Tesla posts actions its users can take like contacting government officials when there is a potential law that would affect the company. In fact, it says in a blog post on this hub Tesla built. Engage Tesla is a new platform for both Tesla's public policy team and Tesla owners clubs. Its goal is to create a digital Homebase for all of our work and to make it easier for Tesla community members to learn what's top of mind for us. Take meaningful action and stay in the loop. We hope you'll enjoy our, excuse me, will we hope you'll join us in getting involved? Oh my gosh. So, I'm on Engage Tesla, it is at engage.tesla.com. Very pretty pictures. By the way, of some of these new Tesla cars, very cool cars. I would absolutely drive one of these things. One exception, I don't like the handles. I talked about that a couple of years back. About door handles on the outside. Having been in emergency medicine for a while. EMS, I can tell you, in accidents, you want something you can grab onto and have serious leverage. The doors get bent, things happen.  There's at least one case I'm aware of where someone got trapped inside the car that was involved in an accident and then burned to death because the people who were trying to rescue him could not get him out of the car because there are no door handles to pull on. Yes. I know the handles come out automatically when everything's working right.  I'm talking about the most extreme of problems here. Anyhow, I'm digressing again. Uber is doing much the same thing, by the way. It isn't just Tesla. Uber is, in fact, they had their drivers this was October last year, sue Uber over what these drivers called pressure to vote and advocate for the proposition in California. Not a good thing when you get right down to it. It is it's a real problem when you look at this in detail now. I'm not sure it's a terrible problem, but I do have a serious problem with companies soliciting the government in order to get things like tax subsidies in order to get special favors. A lot of people do too. Look at all of the people who were upset with Tesla for trying to get a tax holiday for its battery plant and for some of its other facilities and things that they're doing. By the way, there is currently a post on this Tesla engagement platform asking Nebraska residents to contact lawmakers about a law coming up for a vote that would enable Tesla to open showrooms and service stations in the state where it's currently prohibited. Now I brought that one up, particularly because I think again, free market. There's no reason in today's world. No legitimate, let me put it that way, reason to have dealerships. I think we should be able to buy a vehicle directly from a manufacturer. If they want to have certified repair shops, knock yourselves out, but we don't need somebody sitting there anymore in a dealership. Same thing with most of these distributorships. I think we have been shown that a car can be ordered online, configured, online shipping to us. We can be pretty darn happy with it. By the way, that they are shipping it to us in our state gives them what's called a legal nexus. So, they do have a presence in the state. They can be sued in the state if there is a problem. This whole thing in Nebraska, I don't think there should be dealerships that are exclusively provided the right to sell vehicles within the state. My opinion. All right. Hey, stick around. Cause we will be back. We're going to talk a little bit about deep fakes. This is cool because MyHeritage is doing something that's scaring a few people. You're listening to Craig Peterson. Make sure you check out my website, Craig peterson.com and sign up. You might've seen some of these deep fakes out there. Videos where it's putting Elon Musk's face on people or others in videos. Did you know that there's audio as well? They're using it to bring back our ancestors. Hi guys. I really appreciate you listening to me. There is a website out there called MyHeritage and it's very popular. It's a site that allows you to do a genealogical examination of yourself, a little look at DNA, they'll look at your family tree. They've got some research stuff up there. They have something new called Deep Nostalgia and I think this is very cool. It really introduces some interesting problems, frankly. This allows you to animate a face in a photo. It's unnerving. When you have a look at this thing. You can check it out, again. MyHeritage.com/deep-nostalgia N O S T A L G I A. In case you're wondering how to spell it.  They require you to create an account on their site and then you upload the photograph. It takes that photograph and it has them pose it's really uncanny. I'm looking at a picture black and white that was taken it's right there on their site of a couple. I would guess this is a 1960-ish-era photograph based on the hairstyles and the glasses. It's just so weird because they have this photo. It's a head-on face-on photo and they've animated it so that the woman in this photo she's moving her head around. She's smiling. This is a really great smile. She blinked. She moves her head up and down and looks over to her and looks back again. Wowsers. It is absolutely amazing. You might want to check it out.  It's a form of artificial intelligence that's doing this. Of course, it has to make a bunch of assumptions. So if you look, you don't even have to look that closely, but if you look fairly closely at the picture, you'll see some detailed problems with her hair, the ends of her hair. At the top of her head, because you can't see the whole top of her head in the original picture. You can obviously not see both sides of her face or her head because that particular picture just a straight-on shot.  It's making it up as it goes. We're seeing deep fakes more and more. We're going to see a real problem, coming up in another couple of years, certainly by the time 2024 arrives with deep fakes. We've already got Russians influencing our elections. Of course, not as much as the oligarchs out in Silicon Valley have been influencing our elections, but they are already influencing us in a very big way. China, as well, imagine what'll happen when they start producing deep fakes of our presidential candidates saying things or doing things that they have never said nor done. What I did is. I figured I want to give you guys an example. Audio seems to be a little bit harder for the deep fakers than some of the videos. At least the technology and audio hasn't quite come as far.  I'm going to play for you right now. A deep fake of my voice. This is not my voice, you're about to hear. Then I'm going to play a completely computer-generated deep, fake. So let's go here. I'm going to play my voice right now. This is an example of a deep fake using my voice. Did you catch that? That wasn't me. That was a computer again. I'm going to play it for you one more time. This is an example of a deep fake using my voice. Now you can hear some of the problems with it. If you listen really closely that it's not really me, but it's close enough that if you weren't paying a whole lot of attention, you would not notice that it really wasn't me saying something. Expect within the next year, that type of technology to get to the point where you won't be able to tell. So think about it. What would happen? If a tape was released, talking about, Mitt Romney for instance, saying half of the voters that are never going to vote for me anyway, and that was recorded. I guess, by one of the waiters, it was at an event. If you took this voice of mine and you created a deep fake, cause all you need is about five seconds worth of someone's voice to make a deep fake. You had politician X, let's say that Hillary is running again for precedent, okay in 24. You could have her say almost anything. The audio quality might not be up to it, but with most of these recordings that are made on people's cell phones either, is it. I want to play another deep fake. This is a completely fabricated female voice. This is an example of a deep fake using a completely generated voice. Yes, indeed. I created that. I can make her say anything I want to. Help me. Craig is holding me hostage inside his computer. Yeah. This is going to be a huge problem in the future. There are concerns about what they are doing over at MyHeritage. Look at some of these pictures. Here's one it's cool. It's unnerving. Here's again, a guy with a family, this one's in color, he's got a right ear, the really pops out there, but he's looking around. Have you used an iPhone and taken a picture and they call them live pictures. You can see the person right before the shutter is closed. You can see the person moving around. It's really a little video right in front of the picture. That's what these things look like. Ah, here's this little kid he's looking around. Here's one, a very old one. Oh my goodness, it is creepy. You got to check this out online. MyHeritage is.com/deep nostalgia. Now here's where the concern comes in. In an article on Life Hacker. By David Murphy, he is talking about taking these old pictures could be very old pictures of somebody sitting around somewhere, uploading it to the site. Then you get a little bit of nostalgia. I get creepy nostalgia that only comes from this static image now moving around on your screen. I don't get it, really, I don't myself. I think that it's just plain creepy, but if you decide to do it, cause it is cool. Okay. You probably should use a temporary account to make it to make your account over on MyHeritage and maybe also delete the photos that you upload and turn into these deep fakes. So many other websites out there, if you do go ahead and upload it, they go and claim the rights to it because it's a derivative piece. They made this little video from your photos. So, that's not your photo anymore. It's now theirs.  It gives them a royalty-free worldwide perpetual and non-exclusive license to host copy, post, and distribute the content. It could be a problem, but I can tell you one thing that definitely would be a problem, that is if you use a username and the password you've used elsewhere. Now, I have to bring this up because most of us are using the same password on every website or maybe, yeah we're really smart. We got three passwords and we vary them. I did that for years, but that was many decades ago. We just can't do that anymore. If you are going to make an account on MyHeritage or anywhere else, make sure you don't use a password that you've used anywhere else because it is a problem. Ultimately, it's a real problem for you and you can't believe your eyes or your ears anymore. You share these pictures. I don't know that they allow you to download them because I did not put my own pictures up there. If these pictures are watermarked. Delete your account. Click that blue link under the big grid text to get started.  That's supposed to delete anything anyways. You can figure it out but have a look anyway, it's in my newsletter that comes out on Sunday morning. There'll be a link in there that you can click on and see what they've been able to do. Remember. When it comes to particularly things coming up in this next election where it really matters who we vote for, it really matters. Other countries have a very big opinion about who we should be electing to office. Look at what happened with Rep Swalwell out in California. Here's a guy who was running for mayor the Chinese socialist government decided they would put a honeypot into his campaign. So they got this woman who was trained in seducing people. They seduced Swalwell and she raised money for him, for his campaign as mayor and stuck with him over the years, all the way until he was in Congress. Then in Congress, she helped him get onto the very influential committee in Congress, where he had full access to our government secrets. Certain secrets that are. She apparently was feeding all the information right back to China. That is not a good thing, not a good thing at all. It goes to how much. China is willing to do to directly influence and infiltrate our government and our businesses. If they will assign one of their spies to seduce a mayor of a small city in California, and then help elevate him to Congress and to the chairmanship in Congress. By the way, The speaker of the house, Nancy Pelosi has not removed him from that seat. She's got a Chinese spy problem herself. That's another story. They're willing to do anything. It's going to be a rough little time here going forward. Let me tell you these deep fakes are getting more and more real. I'll be right back with a whole lot more. You're listening to Craig Peterson. I've been talking about this on the radio all week, at least since midweek.  I want to talk about it now, and why I am so upset with Microsoft. I can hardly contain myself. This is crazy. This is Craig Peterson here. You heard it right. The guy that's very upset with Microsoft. What shall I say? We're going to be getting into that in just a couple of minutes. This is a real problem. What are we supposed to do? We have bad guys now doing what is called supply chain attacks. The simple way to explain this is you have someone who is supplying software for you.  It could be Microsoft. We heard about something, that happened very recently with SolarWinds and how they had software that they were providing their customers, which included government agencies. All kinds of them. It included many businesses. A lot of managed services providers were hacked by this. A very, very big problem, because they were trusting the software that came from SolarWinds, and that software had been digitally signed, so they knew it was legitimate. Everything's good. Nothing to worry about here, let's go on with our lives. However, the reality was that the SolarWinds software had been hacked many months prior to anybody really noticing.  It was hacked in such a way that when SolarWinds provided their software to their customers were now infected. Now, you might look at it and say SolarWinds, they should be signing their software. They should be watching the chain of custody for their software. They did, in both cases, they were signing it digitally so that their customers knew, okay, this is legit. This is really from us. You can install it. It's good. But you're checking the signature didn't do any good. You were still going to be hacked because it was in SolarWinds software. Microsoft has been providing us with software for many years. I helped develop some of the Windows NT code ways back when. Their new technology, that's what the current versions of Windows are based on.  I can remember way back then, just what a mess it was I couldn't believe the way they did so many things. It was just absolutely crazy. Of course, David Cutler, VMS guy, for those of you who remember all of that, really spearheaded that NT project. There were a lot of VMS systems in it, but then Microsoft ripped them out. They ripped them out because they didn't want to have to support an operating system that enforced security. VMS has been a very secure operating system is written by true programming professionals, not interns, as it was exposed with Microsoft, having interns develop one of their versions of their operating system, like 80% of it. It was crazy. That was only found out because of discovery. Yet Microsoft is sitting on cash. A whole lot of cash. It's billions of dollars. Let me see. I'm looking up right now.  Microsoft is sitting on $136 billion in cash, right now, according to MacroTrends. Now, were they using that cash, that $136 billion in cash, to make their products more secure? Doesn't look like it does it. They had such a huge hole. You could drive a freight train through. The Chinese were able to infiltrate,  in fact, many of our machines. This isn't tens of thousands of our machines, this isn't just something like ransomware, where you know about it because Hey, they're asking a ransom, right? They're threatening they're going to release our secrets, our software, our personal information. If we don't pay up it wasn't one of those things. What they did is they got onto these machines in education. In other words, school districts. Hospitals, doctor's offices, government agencies, including defense department guys, Homeland security guys. Okay. Our businesses all the way across the world.  They put back doors on. What a backdoor is. it is something that allows them to go to your machine anytime they want?  In this case do pretty much anything they want it to. Microsoft comes out with fixes this last week. This is specifically for the Microsoft exchange server. By the way, if you're running Microsoft Exchange server, either locally in your business or in the cloud, you have this bug. They released a patch that supposedly closes the hole. It was used by the Chinese to install permanent back doors and what did they not do? They didn't remove the back doors that the Chinese had put in. What's Microsoft saying to us then, are they saying, Hey, listen, you're fools for buying our software. I don't think they're saying that. I am at the point now where I'm saying that we are fools for trusting Microsoft. We're fools for trusting these companies that have a product to sell. All they're trying to do is sell the product. Look at what's been happening with some of these antivirus products. Look at what's happening with these VPN products. They have the software to sell and they're going to sell it. They're not going to tell you the whole truth, nothing but the truth. Forget about it. They're going to do anything they can to sell you the product. So are Microsoft people. Are people getting fired for buying Microsoft? It's like IBM in the seventies and the eighties, you never got fired for buying IBM. People should be fired for buying Microsoft. If you have a Microsoft Exchange server, not only do you need to make sure you install all of the patches. There were four critical Microsoft exchange servers, zero-day vulnerabilities patch. In other words, things that they hadn't been able to patch it and know about yet. Supposedly, right? There are articles I've read that say they've known about at least one of these vulnerabilities for a year plus. There are other vulnerabilities Microsoft knows about that they haven't bothered closing the door on. They are in our supply chain. They are getting us the software that we need and they're signing it and it's installed in it. We're upgrading our machines. Sometimes the upgrades that they provide, the security patches actually work, in this case. It may close the door. What it's not doing is providing us with a way out of this huge mess. Velma agrees with me here. Okay. No, she absolutely does. They released fixes on March 2nd. Microsoft has been saying they've been used in limited and targeted attacks against law firms, infectious disease researchers, defense contractors, policy think tanks among other victims. Yeah. Yeah. How is it a problem? I don't see it. Oh, my goodness. Companies are seeing abuses of these Microsoft exchange server problems starting in January. There are reports that I found out there online. There are three clusters of vulnerabilities. Tens of thousands of US-based organizations are running Microsoft exchange servers that have been backdoored by these threat actors, who we are thinking are Chinese. They are stealing administrative passwords. They're exploiting these critical vulnerabilities in the email systems and calendaring application. They've done nothing, Microsoft to disinfect the system's already been compromised. Can you believe this? I got this from Krebs on security. They were the first ones to report this mass hack and Krebs has got some great stuff they have had for many years now, frankly. Brian Krebs put the number of compromised US organizations, at least at 30,000 worldwide. Krebs said that there were at least a hundred thousand hacked organizations. Now, an organization is a government agency. It could be a hospital, could be a doctor's office, could be a business, right? Anything is an organization, tens of thousands in the U. S. This is the real deal. This is a very big deal. You have to assume if you are running a Microsoft Exchange server, this is the server that is used for email. This is how small businesses often run. Their email is an exchange server. This is how hospitals and government agencies, et cetera, run their exchange server, which is ridiculous. I have never purposely used an exchange server, right? If there's any way around it I've always has gone to something better, a Unix-based system. Postfix, almost anything rather than the incredibly buggy software from Microsoft. It is just horrible. Anyway, you have to assume that you were compromised between near the end last week of February and the first week of March. Absolutely incredible limited targeted attacks. This isn't something that was just absolutely widespread. They went after companies because they knew they could get something out of the companies, a very skilled hacking group from China. They're focused primarily on stealing data from US-based infectious disease researchers. As I said, law firms, right? Higher education institutions, defense contractors, policy, think tanks and NGOs. It's absolutely incredible what they've been doing and we cannot put up with it anymore. I want to put a little word here. If you are a business and you have been using Microsoft exchange server restore from a backup. I would say in the January timeframe, you'd probably be safe. Probably, didn't have any back doors in January. Hopefully, you've got a backup that goes back that far. Okay. Then find something else. Don't use this. Microsoft does not care. You cannot have $136 billion cash on hand, and not spending serious amounts on security. You can't tell me they care. Because frankly, I don't think they do. Hey, go online. Craig peterson.com get some of the free training, other things, and I'm offering right there. Craig peterson.com. Hey, welcome back everybody we're talking right now about InfoSec, information security. Have you thought about maybe taking up a bit of a new career? Well, there are some estimated 2 million open jobs in this one? This is Craig Peterson. Thanks for joining me today. This article appeared in dark reading. Now, dark reading is an online magazine, right? It's a website. And they had this article that I absolutely had to read because it reminded me of someone I know. One of our listeners, who decided he needed a new career. He'd lost his job. He'd been out of work for over a year and he had been managing a retail camera shop and they shut it down. He was stuck. What do I do? He'd been listening to the show for a long time. He decided he wanted to go into information security. He took some courses on it and he got himself a job. A full-time job being the chief IT security guy for this company after just a few months. So that tells you how desperate these companies are. Kind of jerking his chain a little bit, but not right, because he just barely had any background.  If you want me to connect you with him, if you are serious about thinking about one of these careers, I'll be glad to forward your request to him, just to see if he's willing to talk to you. Just email me M e@craigpeterson.com and make sure you mentioned what this is all about. So I know what's going on. Ran Harel, who is security principal and product manager over at Semperis said, when I was growing up, I was quite an introvert, by the way, that sounds like a lot of us in it. I didn't realize until much later on in my career, just how great the security and tech community is looking back. I realize how quickly I could have solved so many issues, by just asking on an IRC channel or forum. IRC is an internet relay chat, a bit of a technical thing, but it's an online chat. I would tell my former self, the problem you are facing now is probably been dealt with multiple times in the past year alone. Don't be afraid to ask the InfoSec community and then learn from them. That's absolutely true. I found an online IRC channel basically, and they were set up just to talk about CMMC is this new standard that department of defense contractors are having to use. As you probably know, we have clients that are manufacturers and make things for the Department of Defense and they have to maintain security.  It's been interesting going in there answering questions for people and even asking a couple of questions. It is a great resource. This particular kind of IRC is over on discussion. You can find them all over the place. Reddit has a bunch of sub- Reddits. It's dealing with these things, including, by the way, getting into an InfoSec career. So keep that in mind. There's lots of people like myself that are more than willing to help because some of the stuff can get pretty confusing. All right. The next one. Is from Cody Cornell, chief security officer, and co-founder over at swimlane. He said, apply for jobs. You are not qualified for everyone else is. Man. I have seen that so many times everybody from PhDs all the way on, down throughout a high school and who have sent me applications that they were not even close to qualified for. Now, you can probably guess with me, I don't care if you have a degree. All I care about is can you do the work. Can you get along with the team are you really going to pull your weight and contribute?  I have seen many times that the answer to that is no, but I've seen other times where, wow, this person's really impressive. So again, apply for jobs you're not qualified for because everybody is. Security changes every day. New skills techniques and the needs of organizations are always shifting. And to be able to check every box from an experience and skills perspective is generally impossible. Looking back at 20 years of jobs in the security space, I don't believe that I was ever a hundred percent qualified for any of them, but felt confident that I could successfully do them. So keep that in mind. Okay. Again, imposter syndrome, we're all worried about it. This applies to more than just InfoSec. This applies to every job, every part of life, we all feel as though were impostors and that we're not really qualified, but the question is, can you figure it out? Can you really do it? Next up here is Chris Robert, a hacker in residence, he calls himself over at Semperis and he says, overall, the most important lessons that I'd tell my younger self are not tech-based. Rather they focus on the human aspect of working in the cybersecurity industry. I think cybersecurity professionals in general, tend to focus on technology and ignore the human element, which is a mistake and something we need to collectively learn from and improve. I agree with him on that as well. However, we know humans are going to make mistakes, so make sure you got the technology in place that will help to mitigate those types of problems. Next up, who's got, Marlys Rogers. She's CISO over at the CSAA insurance group that's a lot of four-letter acronyms. You are nothing without data. Data is queen. Coming from an insurance person, right? Without hard data, you can only speak to security in more imagined ways or ways. The board and C-suite are aware of in the media cost-benefit is only achievable with related data points. Demonstrating how much we are fighting off and how the tools, processes, and people make that happen. Next up we have Edward Frye, he's CSO over at our Aryaka. When I first started out, I was fairly impatient and wanted to get things done right away. While there are some things that need to be done right now, not everything needs to be done. Now have the ability to prioritize and focus on the items that will have the biggest impact. I think one of the biggest lessons I've learned along the way is while we may need to move quickly, this race is a marathon, not a sprint. Patience is essential for security pros. I can certainly see that one. Chris Morgan, senior cyber threat intelligence analyst over at Digital Shadows, despite the way that many in media liked to portray cyber threats, not everything will bring about the end of the world. For those getting into incident response and threats, try to have a sense of perspective and establish the facts before allowing your colleagues to push too quickly towards remediation mitigation, et cetera. Expectation management amongst senior colleagues is also something you'll frequently have to do to avoid them breaking down over a mere phishing site. The quote, one of my former colleagues try to avoid chicken, little central. I've seen that before as well. The next one is things are changing daily and the last one is a perception of security is still a challenge. So great little article by Joan Goodchild. You'll see it in my newsletter, which we're trying to get out now Sunday mornings. You can click through the link if you'd like to read more. As you can see. 2 million open jobs while between one and 3 million, depending on whose numbers you're going at in cybersecurity. You don't have to be an expert. As I said, one of our listeners went from not knowing much about it at all. He can install windows. That's it. To having a job in cybersecurity in less than six months, stick around. We'll be right back. I'm doing a special presentation coming up next month for the New England Society of Physicians and Psychiatrists. We're going to be talking a little bit about what we will talk about right now. What can you do to keep your patient information safe?  What can we do as patients to help make sure our data's safe. Hi, everybody. You'll also find me on pretty much every podcast platform out there. Just search for my name, Craig Peterson. I have a podcast and it makes it pretty easy. I've found some of them don't understand if you try and search for Craig Peterson, tech talk, some of them do. I've been a little inconsistent with my naming over the years, but what the heck you can find me. It's easy enough to do. I've got this new kind of purple-ish logo that you can look for to make sure it's the right one. And then you can listen to subscribe, please subscribe. It helps all of our numbers. You can also, of course, by listening online with one of these devices, help our numbers too. Cause it's you guys that are important.  The more subscribers we have, the way these algorithms work, the more promotion we'll get.  I think that's frankly, a very good thing as well. What do you do if you need to see a doctor, that question has a different answer today than it did a year ago. I won't be able to say that in about another month, right? Because mid March is when everything changed last year, 2020, man, what a year? To see a doctor nowadays, we are typically going online aren't we. You're going to talk to them. So many doctors have been using some of these platforms that are just not secure things like zoom, for instance, which we know isn't secure. Now, the fed kind of loosens things up a little bit under the Trump administration saying, Hey. People need to see doctors. The HIPAA PCI rules were loosened up a little bit in order to make things a little bit better. Then there's the whole DSS thing with HIPAA. All of these rules are just across the board are loosened up. That has caused us to have more of our information stolen.  I'm going to be talking a little bit about this FBI, actually multi-agency warning that came out about the whole medical biz and what we need to be doing. Bottom line, Zoom is not something we should be using when we're talking to our doctors. Now, this really bothers me too. Zoom is bad. We know that it's not secure and it should not be used for medical discussions, but Zoom has been private labeling its services so that you can go out and say, Hey, zoom, I want to use you and I'm going to call it my XYZ medical platform. People have done that. Businesses have done that. Not really realizing how insecure Zoom is. I'm going to give them the benefit of the doubt here. You go and you use the XYZ medical platform and you have no clue of Zoom. Other than man, this looks a lot like Zoom, that's the dead giveaway. Keep an eye out for that because a lot of these platforms just aren't secure. I do use Zoom for basic webinars because everybody has it. Everybody knows how to use it.  I have WebEx and the WebEx version of it is secure. In fact, all the basic versions, even of WebEx are secure and I can have a thousand people on a webinar or which is a great way to go. It's all secure end to end. Unlike again, what Zoom had been doing, which is it might be secure from your desktop, but it gets to a server where it's no longer secure. That kind of problem that telegram has, frankly. If you are talking to your doctor, try and use an approved platform. That's how you can keep it safer. If you're a doctor and you have medical records be really careful. Zoom has done some just terrible things from a security standpoint. For instance, installing a complete web server on a Mac and allowing access to the Mac now via the webserver. Are you nuts? What the heck are you doing? That's just crazy. Just so insecure. This is all part of a bigger discussion and the discussion has to do with Zero trust architectures.  We're seeing this more and more. A couple of you, Danny. I know you reached out to me asking specifically about zero trust architectures. Now Danny owns a chain of. Coffee shops and his family does as well. He says, Hey, listen, what should I do to become secure? So I helped them out. I got him a little Cisco platform, and second Cisco go that he can use as much more secure than the stuff you buy the big box retailers or your buying at Amazon, et cetera, and got it all configured for him and running. Then he heard me talk about zero-trust and said, Hey, can I do zero-trust with this Cisco go, this Muraki go, is actually what it is and the answer is, well so here's the concept that businesses should be using, not just medical businesses, but businesses in general and zero trust means that you do not trust the devices, even the ones that you own that are on your network. You don't trust them to be secure. You don't trust them to talk to other devices without explicit permission. Instead of having a switch that allows everything to talk to everything or a wifi network where everything can talk to everything, you have very narrow, very explicit ways that devices can talk to each other. That's what zero-trust is all about.  That's where the businesses are moving. There's zero trust architecture, and it doesn't refer to just a specific piece of technology. Obviously, we're talking about the idea that devices, and even on top of that, the users who are using the devices only have the bare minimum access they need in order to perform their job. Some businesses look at this and say that's a problem. I'm going to get complaints that someone needs access to this and such. You need that because here's what can happen. You've got this data that's sitting out there might be your intellectual property. You might be a doctor in a doctor's office and you've got patient records. You might have the records from your PCI your credit card records that you have. I put on. Those are sitting there on your network that is in fact a little dangerous because now you've got something the bad guys want.  It's dangerous if the bad guys find it and they take it, you could lose your business. It's that simple. They are not allowing you to use the excuse anymore because of COVID. That excuse doesn't work anymore. The same thing's true with the credit card numbers that you have the excuse of I'm just a small business. It's not a big deal. Doesn't work anymore. They are taking away your credit card privileges. We had an outreach from a client that became a client, that had their ability to take credit cards taken away from them because again, there was a leak. So we have to be careful when you're talking and you have private information, or if you don't want your machine to be hacked, do not use things like Zoom. I covered this extensively in my Improving Windows Security course. So keep an eye out for that as well. If you're not on my email list, you won't find out about this stuff. Go right now to Craig peterson.com. If you scroll down to the bottom of that homepage and sign up for that newsletter so you can get all of what I talk about here and more. Hey, thanks to some hackers out there. Your application for unemployment benefits might've been approved and you didn't apply for it in the first place. Turns out somebody stealing our information again. Hi everybody. Craig Peterson here.  This is a big concern of mine and I've often wondered because I have not been receiving these stimulus checks. I did not get the first round. I did not get the second round and I contacted the IRS and the IRS says depends on when you filed for 2019. Oh my gosh.  Of course, I was a little late filing that year. They still haven't caught up. I guess that's good news, right? That the IRS data processing centers are terrible. It goes back to aren't you glad we don't get the government we pay for is the bottom line here, but I've been concerned. Did somebody steal my refund? Did somebody steal my unemployment benefits, did somebody steal my stimulus checks? It is happening more and more. There is a great little article talking about this, where someone had stolen the author's John personal information again. Now we probably all have had our personal information stolen, whether you're aware of it or not. As usual, I recommend that you go to have I been poned.com and pwnd is spelled, pwn, D have I been poned.com and find out whether or not your data has been stolen and is out there on the dark web. They have a really good database of a lot of these major hacks.  Many of us have been hacked via these credit bureaus and one in particular Equifax who have all kinds of personal information about us, had it all stolen. It's easy enough for people to steal our identities file fake tax returns. That's why the IRS is telling you, Hey, file your return as soon as possible. That way when the bad guys file, we'll know it's the bad guys' cause you already filed it. As opposed to you file your tax return and the IRS comes back and says, Oh, you already filed. We already sent you a refund or whatever. You already filed it. That is a terrible thing to have to happen because now you have to fight and you have to prove it wasn't you. How do you prove a negative? It's almost impossible. At least in this case, hopefully, the check was sent to some state 50 States away, another side of the world. So you can say, Hey, listen, I never been there, then they can hopefully track where it was deposited. Although now the bad guys are using these websites that have banks behind them, or maybe it's a bank with a website that is designed for people to get a debit card and an account just like that. That, in fact, is what was used to hack my buddy. My 75-year-old buddy has been out delivering meals and had his paychecks stolen through one of those. These fraudulent job claims are happening more and more. It's really a rampant scam. We've had warnings coming out from the FBI and they have really accelerated during the lockdown because now we've had these jobless benefits increased, people, making more money staying in their home than they made on the job. Disincentives for working, frankly. He's saying here the author again, John Wasik, that a third of a million people in his state alone were victims of the scam. This is an Illinois. This is where he lives. A third of the people in the state of Illinois, including several people that he knew. We've got some national tallies underway. I don't know if you've seen these. I've seen them on TV and read about them, California. It is crazy. People were applying for California unemployment that didn't live in the state at all, would come into the state and once you're there in the state pick up the check, right? Cause that's all they were doing. Some people have been caught with more than a million dollars worth of California unemployment money. Of course, it wasn't a check, it was actually a debit card. The same basic deal and California is estimating that more than $11 billion was stolen. Can you imagine that tens of millions of people could have been scammed because of this? This is the third time the author had been a victim of identity theft and fraud.  He wanted to know how could they get his information. Well, I've told you, check it out on, have I been pwned. It'll tell you which breaches your information was in. It does it based on your email address.  It'll also tell what type of data was stolen in those breaches. So it's important stuff. I think you should definitely have a look at it. He is very upset and I can understand it. Data breaches last year, more than 737 million data files are ripped off according to act.com.  Frankly, that was a digital pandemic, with more and more of us working at home. I just talked about the last segment. Your doctor's office and you are talking to your doctor. How now? Cause you don't go into the office. There are so many ways they can steal it. The FBI's recording now a 400% increase in cybercrime reports that we had this mega hack of corporate and government systems. This whole thing we've talked about before called the SolarWinds hack, although it was really more of a Microsoft hack, and it went out via SolarWinds as well as other things. Be careful everybody out there. If you find yourself in these breach reports, have I been pwned make sure you go to the website. Set yourself up with a new password. At the very least use a password manager. I just responded to an email before, when it went on the air today, from a listener who was talking about two-factor authentication.  He's worried about what you're to use. I sent him my special report on two-factor authentication, but it is the bottom line, quite a problem. Again, Use one password, use two-factor authentication with one password. Don't use SMS as that and you'll be relatively safe. I don't know I can't say do this and you'll be safe. I don't think there's any way to be sure your safe. Having these organizations, businesses, government agencies hacked all the time that don't seem to care about losing our data, right? Oh, it's a cost of doing business, some of these businesses, and I've talked to them, they'll look at it and say, how much will it cost us in fines if our data is stolen? Versus, how much will it cost us to keep our data relatively safe?  For even a larger small company, a hundred employee company, you're talking about something that is going to be costing you about 25 grand a month.  That's if it's outsourced. If you're trying to do it yourself and a hundred-person company, you can easily be spending a hundred grand a month. It's expensive to do.  They'll look at it and say, okay, this is going to cost us a million dollars a year, odds are, it'll be two years, maybe three before we're hacked. That's this statistic, although you're rolling the dice, it might be tomorrow that you get hacked. $3 million versus our fines are going to be about a million dollars. We'll just take the fine. That to me is just disgusting. How can these people live with themselves? I don't know. Maybe it's just me. I'm going crazy. That leads us to this New York Times article I was talking about on the radio this week. The New York Times article talking about how the United States, really, we are losing control of information warfare. Our warriors have been working at the national security agency and the FBI. They leave those agencies and go to work for private contractors. The tools that we've been using to hack other people have been stolen.  The tools that we're paying to be developed, we meaning the US taxpayer, the tools that we have paid to develop aren't even being used, and that mega attack I was just talking about. That's an example of one of these attacks that would have been stopped had we been using the tools that the federal government paid for.  It's just crazy. What's going on? So here's the bottom line, everybody you can't trust most of these vendors that are out there. They have a product to sell. They don't have the best solution for you, right? They really don't. If they cared about you they would not be selling you antivirus software because it does not work. If Microsoft cared about you, they would have come out with their anti-malware stuff. Windows defender, years and years ago. They would have redesigned Microsoft Office and Microsoft Windows, as well, because those were huge security holes. Look at Adobe. They've been the source of the most security problems of anything out on the market, bar none. Flash was terrible. Java, another example of something that's been a terrible security hole for years. These businesses are trying to get a product to market as quickly and as inexpensively as possible. Quick is usually the number one goal.  It has to be inexpensive for them to develop it. T

This week on the podcast, Dan talks about how his formative years in computing still affect him, Kyle shares some follow-up on deploying the latest PIs, and then Dan talks about using Postfix as an SMTP relay to improve email delivery in PeopleSoft. Show Notes Formative years in computing @ 2:30 Sasank on Setting up the new Kibana Analytics @ 9:45 JCE Follow-Up @ 12:00 PI Deployments Follow-Up @ 14:45 Postfix for SMTP @ 19:45 Estimating Email Volume @ 34:00

Det stora e-postserver- och postpaketavsnittet! Rutger Hauer är död Ars technicas war stories-videor. Blade runner - en resa i kompressionens tecken Fredriks eventuella hostingproblem - dags att skaffa en mycket liten VPS? Semestern är här, Fredrik tycker redan det kan bli svalare Jockes pool-liner har kommit. Tre veckor för sent men lagom till värmen? Lite hat mot DHL En mycket udda postupplevelse En Legonära upplevelse Uppföljning om NASAs mobila plattform och deras crawler-transporter. Kan det bli mer Dune 2 än crawler-transporter? Framtiden för Fredriks pensionerade Mac mini Ska vi ersätta Dropbox? fredwasfed - veckans Instagramtips Länkar Rutger Hauer Jockes text om Rutger Hauer Liftaren Blind fury Sin city Split second Laydyhawke Ars technicas war stories Avsnittet om Blade runner-spelet Dune II Freshrss Tiny tiny RSS Pingdom Oderland One.com Kerio connect Activesync Dovecot Postfix Crawler-transporter Österbotten Nykarleby Allt om trädgård Artikeln om Sandra Neumans grymma trädgård Nextcloud Talk show med Daniel Jalkut fredwasfed Instagrammaterial om Apple park Två nördar - en podcast. Fredrik Björeman och Joacim Melin diskuterar allt som gör livet värt att leva. Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-174-underdelen-av-jabba-the-hutt.html.

01:29 - Running a Mail Server qmail (https://cr.yp.to/qmail.html) Sendmail (https://en.wikipedia.org/wiki/Sendmail) Postfix (https://en.wikipedia.org/wiki/Postfix_(software)) Daemon-tools (https://cr.yp.to/daemontools.html) Istio.io (https://istio.io/) 08:49 - Amitai’s Superpower: Squirrel Power! and Orienting Himself in a New Problem Space (And Helping Others to Orient Them in Their Own Problem Spaces) 15:03 - Refactoring 23:15 - Managing Developer Time Global Day of Coderetreat (https://www.coderetreat.org/) Brooklyn November 2018: Global Day of Coderetreat (https://schmonz.com/2018/11/18/brooklyn-november-2018-global-day-of-coderetreat/) Conway’s Game of Life (https://en.wikipedia.org/wiki/Conway%27s_Game_of_Life) 28:57 - Feedback and Systems 33:38 - Email Servers 35:46 - Predictability WeCamp (http://we-camp.us) 40:39 - Quality and Collaboration 45:47 - Orienting and Problem Space Reflections: Jessica: Having useful questions. John: The bounded perfectionism concept and the tests as questions. Rein: What are the minimum possible criteria for progress? Amitai: “Make hidden things visible. Make abstract things concrete. Make implicit things explicit.” ~ Virginia Satir (https://en.wikipedia.org/wiki/Virginia_Satir) This episode was brought to you by @therubyrep (https://twitter.com/therubyrep) of DevReps, LLC (http://www.devreps.com/). To pledge your support and to join our awesome Slack community, visit patreon.com/greaterthancode (https://www.patreon.com/greaterthancode) To make a one-time donation so that we can continue to bring you more content and transcripts like this, please do so at paypal.me/devreps (https://www.paypal.me/devreps). You will also get an invitation to our Slack community this way as well. Amazon links may be affiliate links, which means you’re supporting the show when you purchase our recommendations. Thanks! Special Guest: Amitai Schleier.

GPU passthrough on bhyve, confusion with used/free disk space on ZFS, OmniOS Community Edition, pfSense 2.4.4 Release p3, NetBSD 8.1 RC1, FreeNAS as your Server OS, and more. Headlines GPU Passthrough Reported Working on Bhyve Normally we cover news focused on KVM and sometimes Xen, but something very special has happened with their younger cousin in the BSD world, Bhyve. For those that don’t know, Bhyve (pronounced bee-hive) is the native hypervisor in FreeBSD. It has many powerful features, but one that’s been a pain point for some years now is VGA passthrough. Consumer GPUs have not been useable until very recently despite limited success with enterprise cards. However, Twitter user Michael Yuji found a workaround that enables passing through a consumer card to any *nix system configured to use X11: https://twitter.com/michael_yuji/status/1127136891365658625 All you have to do is add a line pointing the X server to the Bus ID of the passed card and the VM will boot, with acceleration and everything. He theorizes that this may not be possible on windows because of the way it looks for display devices, but it’s a solid start. As soon as development surrounding VGA passthrough matures on Bhyve, it will become a very attractive alternative to more common tools like Hyper-V and Qemu, because it makes many powerful features available in the host system like jails, boot environments, BSD networking, and tight ZFS integration. For example, you could potentially run your Router, NAS, preferred workstation OS and any number of other things in one box, and only have to spin up a single VM because of the flexibility afforded by jails over Linux-based containers. The user who found this workaround also announced they’d be writing it up at some point, so stay tuned for details on the process. It’s been slow going on Bhyve passthrough development for a while, but this new revelation is encouraging. We’ll be closely monitoring the situation and report on any other happenings. Confusion with used/free disk space in ZFS I use ZFS extensively. ZFS is my favorite file system. I write articles and give lectures about it. I work with it every day. In traditional file systems we use df(1) to determine free space on partitions. We can also use du(1) to count the size of the files in the directory. But it’s different on ZFS and this is the most confusing thing EVER. I always forget which tool reports what disk space usage! Every time somebody asks me, I need to google it. For this reason I decided to document it here - for myself - because if I can’t remember it at least I will not need to google it, as it will be on my blog, but maybe you will also benefit from this blog post if you have the same problem or you are starting your journey with ZFS. The understanding of how ZFS is uses space and how to determine which value means what is a crucial thing. I hope thanks to this article I will finally remember it! News Roundup OmniOS Community Edition The OmniOS Community Edition Association is proud to announce the general availability of OmniOS - r151030. OmniOS is published according to a 6-month release cycle, r151030 LTS takes over from r151028, published in November 2018; and since it is a LTS release it also takes over from r151022. The r151030 LTS release will be supported for 3 Years. It is the first LTS release published by the OmniOS CE Association since taking over the reins from OmniTI in 2017. The next LTS release is scheduled for May 2021. The old stable r151026 release is now end-of-life. See the release schedule for further details. This is only a small selection of the new features, and bug fixes in the new release; review the release notes for full details. If you upgrade from r22 and want to see all new features added since then, make sure to also read the release notes for r24, r26 and r28. The OmniOS team and the illumos community have been very active in creating new features and improving existing ones over the last 6 months. pfSense 2.4.4 Release p3 is available We are pleased to announce the release of pfSense® software version 2.4.4-p3, now available for new installations and upgrades! pfSense software version 2.4.4-p3 is a maintenance release, bringing a number of security enhancements as well as a handful of fixes for issues present in the 2.4.4-p2 release. pfSense 2.4.4-RELEASE-p3 updates and installation images are available now! To see a complete list of changes and find more detail, see the Release Notes. We had hoped to bring you this release a few days earlier, but given the announcement last Tuesday of the Intel Microarchitectural Data Sampling (MDS) issue, we did not have sufficient time to fully incorporate those corrections and properly test for release on Thursday. We felt that it was worth delaying for a few days, rather than making multiple releases within a week. Upgrade Notes Due to the significant nature of the changes in 2.4.4 and later, warnings and error messages, particularly from PHP and package updates, are likely to occur during the upgrade process. In nearly all cases these errors are a harmless side effect of the changes between FreeBSD 11.1 and 11.2 and between PHP 5.6 and PHP 7.2. Always take a backup of the firewall configuration prior to any major change to the firewall, such as an upgrade. Do not update packages before upgrading pfSense! Either remove all packages or do not update packages before running the upgrade. The upgrade will take several minutes to complete. The exact time varies based on download speed, hardware speed, and other factors such installed packages. Be patient during the upgrade and allow the firewall enough time to complete the entire process. After the update packages finish downloading it could take 10-20 minutes or more until the upgrade process ends. The firewall may reboot several times during the upgrade process. Monitor the upgrade from the firewall console for the most accurate view. NetBSD 8.1 RC1 is out The NetBSD Project is pleased to announce NetBSD 8.1, the first update of the NetBSD 8 release branch. It represents a selected subset of fixes deemed important for security or stability reasons, as well as new features and enhancements. Some highlights of the 8.1 release are: x86: Mitigation for INTEL-SA-00233 (MDS) Various local user kernel data leaks fixed. x86: new rc.conf(5) setting smtoff to disable Simultaneous Multi-Threading Various network driver fixes and improvements. Fixes for thread local storage (TLS) in position independent executables (PIE). Fixes to reproducible builds. Fixed a performance regression in tmpfs. DRM/KMS improvements. bwfm(4) wireless driver for Broadcom FullMAC PCI and USB devices added. Various sh(1) fixes. mfii(4) SAS driver added. hcpcd(8) updated to 7.2.2 httpd(8) updated. FreeNAS as your Server OS What if you could have a server OS that had built in RAID, NAS and SAN functionality, and could manage packages, containers and VMs in a GUI? What if that server OS was also free to download and install? Wouldn’t that be kind of awesome? Wouldn’t that be FreeNAS? FreeNAS is the world’s number one, open source storage OS, but it also comes equipped with all the jails, plugins, and VMs you need to run additional server-level services for things like email and web site hosting. File, Block, and even Object storage is all built-in and can be enabled with a few clicks. The ZFS file system scales to more drives than you could ever buy, with no limits for dataset sizes, snapshots, and restores. FreeNAS is also 100% FreeBSD. This is the OS used in the Netflix CDN, your PS4, and the basis for iOS. Set up a jail and get started downloading packages like Apache or NGINX for web hosting or Postfix for email service. Just released, our new TrueCommand management platform also streamlines alerts and enables multi-system monitoring. Beastie Bits Keep Crashing Daemons Running on FreeBSD Look what I found today... my first set of BSD CDs... NetBSD - Intel MDS FreeBSD 11.3-BETA2 -- Please test! Feedback/Questions Anthony - Question Guntbert - Podcast Guillaume - Another suggestion for Ales from Serbia Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Your browser does not support the HTML5 video tag.

Coming up on this weeks episode, we have BSD news, tidbits and articles out the wazoo to share. Also, be sure to stick around for our interview with Brandon Mercer as he tells us about OpenBSD being used in the healthcare industry. This episode was brought to you by Headlines NetBSD 7.0 Release Announcement (http://www.netbsd.org/releases/formal-7/NetBSD-7.0.html) DRM/KMS support brings accelerated graphics to x86 systems using modern Intel and Radeon devices (Linux 3.15) Multiprocessor ARM support. Support for many new ARM boards, including the Raspberry Pi 2 and BeagleBone Black Major NPF improvements: BPF with just-in-time (JIT) compilation by default support for dynamic rules support for static (stateless) NAT support for IPv6-to-IPv6 Network Prefix Translation (NPTv6) as per RFC 6296 support for CDB based tables (uses perfect hashing and guarantees lock-free O(1) lookups) Multiprocessor support in the USB subsystem. GPT support in sysinst via the extended partitioning menu. Lua kernel scripting GCC 4.8.4, which brings support for C++11 Experimental support for SSD TRIM in wd(4) and FFS tetris(6): Add colours and a 'down' key, defaulting to 'n'. It moves the block down a line, if it fits. *** CloudFlare develops interesting new netmap feature (https://blog.cloudflare.com/single-rx-queue-kernel-bypass-with-netmap/) Normally, when Netmap is enabled on an interface, the kernel is bypassed and all of the packets go to the Netmap consumers CloudFlare has developed a feature that allows all but one of the RX queues to remain connected to the kernel, and only a single queue be passed to Netmap The change is a simple modification to the nm_open API, allowing the application to open only a specific queue of the NIC, rather than the entire thing The RSS or other hashing must be modified to not direct traffic to this queue Then specific flows are directed to the netmap application for matching traffic For example under Linux: ethtool -X eth3 weight 1 1 1 1 0 1 1 1 1 1 ethtool -K eth3 lro off gro off ethtool -N eth3 flow-type udp4 dst-port 53 action 4 Directs all name server traffic to NIC queue number 4 Currently there is no tool like ethtool to accomplish this same under FreeBSD I wonder if the flows could be identified more specifically using something like ipfw-netmap *** Building your own OpenBSD based Mail server! (http://www.theregister.co.uk/2015/09/12/feature_last_post_build_mail_server/?mt=1442858572214) part 2 (http://www.theregister.co.uk/2015/09/19/feature_last_post_build_mailserver_part_2/) part 3 (http://www.theregister.co.uk/2015/09/26/feature_last_post_build_mailserver_part_3/) The UK Register gives us a great writeup on getting your own mail server setup specifically on OpenBSD 5.7 In this article they used a MiniPC the Acer Revo One RL85, which is a decently priced little box for a mail server (http://www.theregister.co.uk/2015/07/24/review_acer_revo_one_rl85_/) While a bit lengthy in 3 parts, it does provide a good walkthrough of getting OpenBSD setup, PostFix and DoveCot configured and working. In the final installment it also provides details on spam filtering and antivirus scanning. Getting started with the UEFI bootloader on OpenBSD (http://blog.jasper.la/openbsd-uefi-bootloader-howto/) If you've been listening over the past few weeks, you've heard about OpenBSD.s new UEFI boot-loader. We now have a blog post with detailed instructions on how to get setup with this on your own system. The initial setup is pretty straightforward, and should only take a few minutes at most. In involves the usual fdisk commands to create a FAT EFI partition, and placing the bootx64.efi file in the correct location. As a bonus, we even get instructions on how to enable the frame-buffer driver on systems without native Intel video support (ThinkPad x250 in this example) *** Recipe for building a 10Mpps FreeBSD based router (http://blog.cochard.me/2015/09/receipt-for-building-10mpps-freebsd.html) Olivier, (of FreeNAS and BSD Router Project fame) treats us this week to a neat blog post about building your own high-performance 10Mpps FreeBSD router As he first mentions, the hardware required will need to be beefy, no $200 miniPC here. In his setup he uses a 8 core Intel Xeon E5-2650, along with a Quad port 10 Gigabit Chelsio TS540-CR. He mentions that this doesn't work quite on stock FreeBSD yet, you will need to pull code in from the projects/routing (https://svnweb.freebsd.org/base/projects/routing/) which fixes an issue with scaling on cores, in this case he is shrinking the NIC queues down to 4 from 8. If you don't feel like doing the compiles yourself, he also includes links to experimental BSDRouter project images which he used to do the benchmarks Bonus! Nice graphic of the benchmarks from enabling IPFW or PF and what that does to the performance. *** Interview - Brandon Mercer - bmercer@openbsd.org (mailto:bmercer@openbsd.org) / @knowmercymod (https://twitter.com/knowmercymod) OpenBSD in Healthcare Sorry about the audio quality degradation. The last 7 or 8 minutes of the interview had to be cut, a problem with the software that captures the audio from skype and adds it to our compositor. My local monitor is analogue and did not experience the issue, so I was unaware of the issue during the recording *** News Roundup Nvidia releases new beta FreeBSD driver along with new kernel module (https://devtalk.nvidia.com/default/topic/884727/unix-graphics-announcements-and-news/linux-solaris-and-freebsd-driver-358-09-beta-/) Includes a new kernel module, nvidia-modeset.ko While this module does NOT have any user-settable features, it works with the existing nvidia.ko to provide kernel-mode setting (KMS) used by the integrated DRM within the kernel. The beta adds support for 805A and 960A nvidia cards Also fixes a memory leak and some regressions *** MidnightBSD 0.7-RELEASE (http://www.midnightbsd.org/pipermail/midnightbsd-users/Week-of-Mon-20150914/003462.html) We missed this while away at Euro and elsewhere, but MidnightBSD (A desktop-focused FreeBSD 6.1 Fork) has come out with a new 0.7 release This release primarily focuses on stability, but also includes important security fixes as well. It cherry-picks updates to a variety of FreeBSD base-system updates, and some important ZFS features, such as TRIM and LZ4 compression Their custom .mports. system has also gotten a slew of updates, with almost 2000 packages now available, including a WiP of Gnome3. It also brings support for starting / stopping services automatically at pkg install or removal. They note that this will most likely be the last i386 release, joining the club of other projects that are going 64bit only. *** "Open Source as a Career Path" (http://media.medfarm.uu.se/play/video/5400) The FreeBSD Project held a panel discussion (http://www.cb.uu.se/~kristina/WomENcourage/2014/2015-09-25_Friday/2015-09-25%20113238.JPG) of why Open Source makes a good career path at the ACM.s womENcourage conference in Uppsala, Sweden, the weekend before EuroBSDCon The Panel was lead by Dru Lavigne, and consisted of Deb Goodkin, Benedict Reuschling, Dan Langille, and myself We attempted to provide a cross section of experiences, including women in the field, the academic side, the community side, and the business side During the question period, Dan gave a great answer (https://gist.github.com/dlangille/e262bccdea08b89b5360) to the question of .Why do open source projects still use old technologies like mailing lists and IRC. The day before, the FreeBSD Foundation also had a booth at the career fair. We were the only open source project that attended. Other exhibitors included: Cisco, Facebook, Intel, Google, and Oracle. The following day, Dan also gave a workshop (http://www.cb.uu.se/~kristina/WomENcourage/2014/2015-09-25_Friday/2015-09-25%20113238.JPG) on how to contribute to an open source project *** Beastie-Bits NetBSD 2015PkgSrc Freeze (http://mail-index.netbsd.org/pkgsrc-users/2015/09/12/msg022186.html) Support for 802.11N for RealTek USB in FreeBSD (https://github.com/freebsd/freebsd/commits/master/sys/dev/usb/wlan/if_rsu.c) Wayland ported to DragonFlyBSD (https://github.com/DragonFlyBSD/DeltaPorts/pull/123) OpenSMTPd developer debriefs on audit report (http://undeadly.org/cgi?action=article&sid=20151013161745) FreeBSD fixes issue with pf under Xen with TSO. Errata coming soon (https://svnweb.freebsd.org/base?view=revision&revision=289316) Xinuos funds the HardenedBSD project (http://slexy.org/view/s2EBjrxQ9M) Feedback/Questions Evan (http://slexy.org/view/s21PMmNFIs) Darin writes in (http://slexy.org/view/s20qH07ox0) Jochen writes in (http://slexy.org/view/s2d0SFmRlD) ***

Coming up this week, we've got something a little bit different for you. We'll be talking with Andrew Tanenbaum, the creator of MINIX. They've recently imported parts of NetBSD into their OS, and we'll find out how and why that came about. As always, all the latest news and answers to your emails, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines The missing EuroBSDCon videos (http://2014.eurobsdcon.org/) Some of the missing videos from EuroBSDCon 2014 we mentioned before (http://www.bsdnow.tv/episodes/2014_11_19-rump_kernels_revisited) have mysteriously appeared Jordan Hubbard (http://www.bsdnow.tv/episodes/2013_11_27-bridging_the_gap), FreeBSD, looking forward to another 10 years (https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/01.Keynote%20-%20FreeBSD:%20looking%20forward%20to%20another%2010%20years%20-%20Jordan%20Hubbard.mp4) Lourival Viera Neto, NPF scripting with Lua (https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/06.NFS%20scripting%20with%20Lua%20-%20Lourival%20Viera%20Neto.mp4) Kris Moore, Snapshots, replication and boot environments (https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/02.Snapshots,%20replication%20and%20boot%20environments%20-%20Kris%20Moore.mp4) Andy Tanenbaum, A reimplementation of NetBSD based on a microkernel (https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/07.A%20reimplementation%20of%20NetBSD%20based%20on%20a%20microkernel%20-%20Andy%20Tanenbaum.mp4) Kirk McKusick (http://www.bsdnow.tv/episodes/2013-10-02_stacks_of_cache), An introduction to FreeBSD's implementation of ZFS (https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/03.An%20introduction%20to%20the%20implementation%20of%20ZFS%20-%20Kirk%20McKusick.mp4) Emannuel Dreyfus, FUSE and beyond, bridging filesystems (https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/05.FUSE%20and%20beyond:%20bridging%20filesystems%20-%20Emannuel%20Dreyfus.mp4) John-Mark Gurney (http://www.bsdnow.tv/episodes/2014_10_29-ipsecond_wind), Optimizing GELI performance (https://va.ludost.net/files/eurobsdcon/2014/Vitosha/03.Saturday/04.Optimizing%20GELI%20performance%20-%20John-Mark%20Gurney.mp4) Unfortunately, there are still about six talks missing… and no ETA *** FreeBSD on a MacBook Pro (or two) (https://gist.github.com/mpasternacki/974e29d1e3865e940c53) We've got a couple posts about running FreeBSD on a MacBook Pro this week In the first one, the author talks a bit about trying to run Linux on his laptop for quite a while, going back and forth between it and something that Just Works™ Eventually he came full circle, and the focus on using only GUI tools got in the way, instead of making things easier He works on a lot of FreeBSD-related software, so switching to it for a desktop seems to be the obvious next step He's still not quite to that point yet, but documents his experiments with BSD as a desktop The second article (http://blog.foxkit.us/2015/01/freebsd-on-apple-macbook-pro-13-late.html) also documents an ex-Linux user switching over to BSD for their desktop It also covers (http://blog.foxkit.us/2015/01/freebsd-on-apple-macbook-pro-82-now.html) power management, bluetooth and trackpad setup On the topic of Gentoo, "Underneath the beautiful and easy-to-use Portage system lies the same glibc, the same turmoil over a switch to a less-than-ideal init system, and the same kernel-level bugs that bring my productivity down" Check out both articles if you've been considering running FreeBSD on a MacBook *** Remote logging over TLS (https://www.marc.info/?l=openbsd-tech&m=142136923124184&w=2) In most of the BSDs, syslogd has been able to remotely send logs to another server for a long time That feature can be very useful, especially for forensics purposes - it's much harder for an attacker to hide their activities if the logs aren't on the same server The problem is, of course, that it's sent in cleartext (https://en.wikipedia.org/wiki/Syslog#Protocol), unless you tunnel it over SSH or use some kind of third party wrapper With a few recent commits (https://www.marc.info/?l=openbsd-cvs&m=142160989610410&w=2), OpenBSD's syslogd now supports sending logs over TLS natively, including X509 certificate verification By default, syslogd runs as an unprivileged user in a chroot on OpenBSD, so there were some initial concerns about certificate verification - how does that user access the CA chain outside of the chroot? That problem was also conquered (https://www.marc.info/?l=openbsd-tech&m=142188450524692&w=2), by loading the CA chain directly from memory (https://www.marc.info/?l=openbsd-cvs&m=142191799331938&w=2), so the entire process can be run in the chroot (https://www.marc.info/?l=openbsd-cvs&m=142191819131993&w=2) without issue Some of the privsep verifcation code even made its way into (https://www.marc.info/?l=openbsd-cvs&m=142191878632141&w=2) LibreSSL right afterwards If you haven't set up remote logging before, now might be an interesting time to try it out *** FreeBSD, not a Linux distro (https://www.youtube.com/watch?v=wwbO4eTieQY) George Neville-Neil gave a presentation recently, titled "FreeBSD: not a Linux distro" It's meant to be an introduction to new users that might've heard about FreeBSD, but aren't familiar with any BSD history He goes through some of that history, and talks about what FreeBSD is and why you might want to use it over other options There's even an interesting "thirty years in three minutes" segment It's not just a history lesson though, he talks about some of the current features and even some new things coming in the next version(s) We also learn about filesystems, jails, capsicum, clang, dtrace and the various big companies using FreeBSD in their products This might be a good video to show your friends or potential employer if you're looking to introduce FreeBSD to them *** Long-term support considered harmful (http://www.tedunangst.com/flak/post/long-term-support-considered-harmful) There was recently a pretty horrible bug (https://www.marc.info/?l=bugtraq&m=142237866420639&w=2) in GNU's libc (BSDs aren't affected, don't worry) Aside from the severity of the actual problem, the fix was delayed (https://code.google.com/p/chromium/issues/detail?id=364511) for quite a long time, leaving people vulnerable Ted Unangst writes a post about how this idea of long-term support (https://plus.google.com/u/0/+ArtoPekkanen/posts/88jk5ggXYts?cfem=1) could actually be harmful in the long run, and compares it to how OpenBSD does things OpenBSD releases a new version every six months, and only the two most recent releases get support and security fixes He describes this as both a good thing and a bad thing: all the bugs in the ecosystem get flushed out within a year, but it forces people to stay (relatively) up-to-date "Upgrades only get harder and more painful (and more fragile) the longer one goes between them. More changes, more damage. Frequent upgrades amortize the cost and ensure that regressions are caught early." There was also some (https://lobste.rs/s/a4iijx/long_term_support_considered_harmful) discussion (https://news.ycombinator.com/item?id=8954737) about the article you can check out *** Interview - Andrew Tanenbaum - info@minix3.org (mailto:info@minix3.org) / @minix3 (https://twitter.com/minix3) MINIX's integration of NetBSD News Roundup Using AFL on OpenBSD (http://www.undeadly.org/cgi?action=article&sid=20150121093259) We've talked about American Fuzzy Lop (http://lcamtuf.coredump.cx/afl/) a bit on a previous episode, and how some OpenBSD devs are using it (https://www.marc.info/?l=openbsd-cvs&w=2&r=1&s=afl&q=b) to catch and fix new bugs Undeadly has a cool guide on how you can get started with fuzzing It's a little on the advanced side, but if you're interested in programming or diagnosing crashes, it'll be a really interesting article to read Lots of recent CVEs in other open source projects are attributed to fuzzing - it's a great way to stress test your software *** Lumina 0.8.1 released (http://blog.pcbsd.org/2015/01/lumina-desktop-0-8-1-released/) A new version of Lumina, the BSD-licensed desktop environment from PCBSD, has been released This update includes some new plugins, lots of bugfixes and even "quality-of-life improvements" There's a new audio player desktop plugin, a button to easily minimize all windows at once and some cool new customization options You can get it in PCBSD's edge repo or install it through regular ports (on FreeBSD, OpenBSD or DragonFly!) If you haven't seen our episode about Lumina, where we interview the developer and show you a tour of its features, gotta go watch it (http://www.bsdnow.tv/episodes/2014_09_10-luminary_environment) *** My first OpenBSD port (http://homing-on-code.blogspot.com/2015/01/my-first-openbsd-port.html) The author of the "Code Rot & Why I Chose OpenBSD" article has a new post up, this time about ports He recently made his first port and got it into the tree, so he talks about the whole process from start to finish After learning some of the basics and becoming comfortable running -current, he noticed there wasn't a port for the "Otter" web browser At that point he did what you're supposed to do in that situation, and started working on it himself OpenBSD has a great porter's handbook (http://www.openbsd.org/faq/ports/) that he referenced throughout the process Long story short, his browser of choice is in the official ports collection and now he's the maintainer (and gets to deal with any bug reports, of course) If some software you use isn't available for whatever BSD you're using, you could be the one to make it happen *** How to slide with DragonFly (http://www.dragonflybsd.org/docs/docs/howtos/howtoslide/) DragonFly BSD has a new HAMMER FS utility called "Slider" It's used to easily browse through file history and undelete files - imagine something like a commandline version of Apple's Time Machine They have a pretty comprehensive guide on how to use it on their wiki page If you're using HAMMER FS, this is a really handy tool to have, check it out *** OpenSMTPD with Dovecot and Salt (https://blog.al-shami.net/2015/01/howto-small-mail-server-with-salt-dovecot-and-opensmtpd/) We recently had a feedback question about which mail servers you can use on BSD - Postfix, Exim and OpenSMTPD being the big three This blog post details how to set up OpenSMTPD, including Dovecot for IMAP and Salt for quick and easy deployment Intrigued by it becoming the default MTA in OpenBSD, the author decided to give it a try after being a long-time Postfix fan "Small, fast, stable, and very easy to customize, no more ugly m4 macros to deal with" Check it out if you've been thinking about configuring your first mail server on any of the BSDs *** Feedback/Questions Christopher writes in (http://slexy.org/view/s20q2fSfEO) (handbook section (https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-ezjail.html#jails-ezjail-update-os)) Mark writes in (http://slexy.org/view/s2zGvAczeN) Kevin writes in (http://slexy.org/view/s21Dn2Tey8) Stefano writes in (http://slexy.org/view/s215nxxrtF) Matthew writes in (http://slexy.org/view/s20cwezc9l) *** Mailing List Gold Not that interested actually (https://www.marc.info/?l=openbsd-misc&m=142194821910087&w=2) This guy again (https://lists.freebsd.org/pipermail/freebsd-jail/2015-January/002742.html) Yep, this is the place (https://lists.freebsd.org/pipermail/freebsd-doc/2015-January/024888.html) ***

On today's show we have an interview with Joe Marcus Clark, one of the original portmgr members in FreeBSD, and one of the key GNOME porters. Keeping along with that topic, we have a FreeBSD ports tutorial for you as well. The latest news and answers to your BSD questions, right here on BSD Now - the place to B.. SD. This episode was brought to you by Headlines Tailoring OpenBSD for an old, strange computer (http://multixden.blogspot.com/2014/02/tailoring-openbsd-for-old-strange.html) The author of this article had an OmniBook 800CT (http://hpmuseum.net/display_item.php?hw=233), which comes with a pop-out mouse, black and white display, 32MB of RAM and a 133MHz CPU Obviously he had to install some kind of BSD on it! This post goes through all his efforts of trimming down OpenBSD to work on such a limited device He goes through the trial and error of "compile, break it, rebuild, try again" After cutting a lot out from the kernel, saving a precious megabyte here and there, he eventually gets it working *** pkgsrcCon and BSDCan (http://www.pkgsrc.org/pkgsrcCon/2014/) pkgsrccon is "a technical conference for people working on the NetBSD Packages Collection, focusing on existing technologies, research projects, and works-in-progress in pkgsrc infrastructure" This year it will be on June 21st and 22nd The schedule (http://www.pkgsrc.org/pkgsrcCon/2014/schedule.html) is still being worked out, so if you want to give a talk, submit it BSDCan's schedule (https://www.bsdcan.org/2014/schedule/events.en.html) was also announced We'll be having presentations about ARM on NetBSD and FreeBSD, PF on OpenBSD, Capsicum and casperd, ASLR in FreeBSD, more about migrating from Linux to BSD, FreeNAS stuff and much more Kris' presentation was accepted! Tons of topics, look forward to the recorded versions of all of them hopefully! *** Two factor auth with pushover (http://www.tedunangst.com/flak/post/login-pushover) A new write-up from our friend Ted Unangst (http://www.bsdnow.tv/episodes/2014_02_05-time_signatures) Pushover is "a web hook to smartphone push notification gateway" - you sent a POST to a web server and it sends a code to your phone His post goes through the steps of editing your login.conf and setting it all up to work Now you can get a two factor authenticated login for ssh! *** The status of GNOME 3 on BSD (http://undeadly.org/cgi?action=article&sid=20140219085851) It's no secret that the GNOME team is a Linux-obsessed bunch, almost to the point of being hostile towards other operating systems OpenBSD keeps their GNOME 3 ports up to date very well, and Antoine Jacoutot writes about his work on that and how easy it is to use This post goes through the process of how simple it is to get GNOME 3 set up on OpenBSD and even includes a screencast (https://www.bsdfrog.org/tmp/undeadly-gnome.webm) A few recent (http://blogs.gnome.org/mclasen/2014/02/19/on-portability/) posts (http://blogs.gnome.org/desrt/2014/02/19/on-portability/) from some GNOME developers show that they're finally working with the BSD guys to improve portability The FreeBSD and OpenBSD teams are working together to bring the latest GNOME to all of us - it's a beautiful thing This goes right along with our interview today! *** Interview - Joe Marcus Clark - marcus@freebsd.org (mailto:marcus@freebsd.org) The life and daily activities of portmgr, GNOME 3, Tinderbox, portlint, various topics Tutorial The FreeBSD Ports Collection (http://www.bsdnow.tv/tutorials/ports) News Roundup DragonflyBSD 3.8 goals and 3.6.1 release (http://bugs.dragonflybsd.org/versions/4) The Dragonfly team is thinking about what should be in version 3.8 On their bug tracker, it lists some of the things they'd like to get done before then In the meantime, 3.6.1 (http://lists.dragonflybsd.org/pipermail/commits/2014-February/199294.html) was released with lots of bugfixes *** NYCBSDCon 2014 wrap-up piece (http://www.informit.com/blogs/blog.aspx?uk=NYCBSDCon-2014-Rocked-a-Cold-February-Weekend) We've got a nice wrap-up titled "NYCBSDCon 2014 Heats Up a Cold Winter Weekend" The author also interviews GNN (http://www.bsdnow.tv/episodes/2014_01_29-journaled_news_updates) about the conference There's even a little "beginner introduction" to BSD segment Includes a mention of the recently-launched journal and lots of pictures from the event *** FreeBSD and Linux, a comparative analysis (https://www.youtube.com/watch?&v=5mv_oKFzACM#t=418) GNN in yet another story - he gave a presentation at the NYLUG about the differences between FreeBSD and Linux He mentions the history of BSD, the patch set and 386BSD, the lawsuit, philosophy and license differences, a complete system vs "distros," development models, BSD-only features and technologies, how to become a committer, overall comparisons, different hats and roles, the different bsds and their goals and actual code differences Serves as a good introduction you can show your Linux friends *** PCBSD CFT and weekly digest (http://blog.pcbsd.org/2014/02/call-for-testers-new-major-upgrade-methodology/) Upgrade tools have gotten a major rewrite You have to help test it, there is no choice! Read more here (http://blog.pcbsd.org/2014/02/pc-bsd-weekly-feature-digest-18/) How dare Kris be "unimpressed with" freebsd-update and pkgng!? Various updates and fixes *** Feedback/Questions Jeffrey writes in (http://slexy.org/view/s213KxUdVj) Shane writes in (http://slexy.org/view/s20lwkjLVK) Ferdinand writes in (http://slexy.org/view/s21DqJs77g) Curtis writes in (http://slexy.org/view/s20eXKEqJc) Clint writes in (http://slexy.org/view/s21XMVFuVu) Peter writes in (http://slexy.org/view/s20Xk05MHe) ***

X-Apparently-To: mbcox99@sbcglobal.net via 98.139.172.126; Sun, 24 Mar 2013 01:04:27 +0000Received-SPF: neutral (67.18.59.7 is neither permitted nor denied by domain of radiooutofthepast.org)X-YMailISG: 6bxfE6AWLDtvtQbrkyyBQTNYKaQJuv5VktrO_4lmT7Irp.Me c9KwJXysGlJvA7TVr.zVOwD9kLImsZc0pYDLfrsCg00oNs2v6dPFQIJAie_p loQsUYF_2TvSZZuGFlw9OS7QK74AfpWSuJIYeWeiAWFVVutApVvGPWbdQ8qc rsol6.LLqh8jDMpGIRHL75MQysEqvo35kPTatFnmHdodWdkmejlaKkiyeiOb EmL5j5qCpXRzmLQ.BS5AmSzmkAd1X4g.sraEuuxqxuCh34ixE6VNEPMcMp6E 6mXM3zmvyT7FzdOH_wlBzoKxYJV68OXqflZ0Q.ckxW8aRQIf6pgwLxfn0NWj lmb7S1wLpgwlEQZ.EKfwbe99r2YQrp.M8CLikc6OZeslBTnGjXImifDVS3BA yQ7g21Sjp4Wkf6aCkxi5oBt.H4gkXI2FC4PrejVf8OIUlnVlAM0l334jXwoN 9372Hftt33sRyR8W_.MjpxfyUZ61vC2IK1Evhds313461YBGPa8Bf0JJNlzd 36RwGr9VxvJsbk8CINYYHxWH4zLVOP3ORvEcX_yw7GBu4cH2oydbLppExAGC wXUdMrtJC6NGHE5HSEKIdGpy5r0Nde4uHnBzFi0hakz3heFANW1lHvcjthEp 61dw3_nORnRH9isGsCBdpbOWBdDA5dr32D0qVObFEZbFo6pMZ07kKOFalK.3 GHgh98lihw3M5c4rQFWsDx3ucM3Iyyao6q2Ycz.FaW2IgEcyw3RmRipgoxHO NQaB.GQacNhIhEpD9cm61eRjRHsypY21yevI5V85DdzorLhNlF.p_tM7Dc3b X2smdfCOMe7ocUsayvP9E63h3wOnTr.aAPmS8pEU5pEY3e9Dd24pPOCKeSR8 1CxXXK5Qb8JkalqkccnZYnrdCdIXp7gy_rEQbUbJgN.udRFDkAtYwIuTtjwc 8YgQt.n7VYuedJLVxeeW9d865O3.S0wIanT5uK8a2h5BIZUD1XbgrBNJPaqe cNTwHXJuVu12i17KhFdRFrKn4yfjUJSwtcPSKnlclzUUkr7cfUwcqWhVc3Bs 3BmxiQrYxu01JkOl4J7j3AwH7d0.DsweB.0sVV3tonOvb6qXR0UTj5nWBs0e HtkCuEWRPsjPKbKKhANhqpf6g6twp80KGT0INTC5gALlwlWXtbd66IwEAdcT D3dCxTVSkeJvql6Cb3DtpRR4Zb8wnfRYltFFKPyxyNAWvGpGZYDc9zEDD2cs jwMhD7bNMGrKALSFI6uiH1XQ_HOMip97N_InIi7smmG_1ehSSuoC8s9kXFtq bpPu9c5JsGgq8TR_eMhE7lWRRUZhGaUSwoTUsHCYQKYZtXpyw1c8gHp3U8T2 AvC1bgS1dMwbqQVL5OnxPx0gJtC_f63tK6yYlOo95BL5JVSot.LAiGcRhnD1 0vxmdSFlv.DGvfqyq_50CLHxp9MAEvQm0ZO2X-Originating-IP: [67.18.59.7]Authentication-Results: mta1017.sbc.mail.ne1.yahoo.com  from=radiooutofthepast.org; domainkeys=neutral (no sig);  from=sbcglobal.net; dkim=permerror (bad sig)Received: from 127.0.0.1  (EHLO gateway12.websitewelcome.com) (67.18.59.7)  by mta1017.sbc.mail.ne1.yahoo.com with SMTP; Sun, 24 Mar 2013 01:04:26 +0000Received: by gateway12.websitewelcome.com (Postfix, from userid 5007)        id 021538919DA73; Sat, 23 Mar 2013 20:04:26 -0500 (CDT)Received: from gator504.hostgator.com (gator504.hostgator.com [74.53.141.18])        by gateway12.websitewelcome.com (Postfix) with ESMTP id E5C458919DA30;        Sat, 23 Mar 2013 20:04:25 -0500 (CDT)Received: from localhost ([127.0.0.1]:33222 helo=gator504.hostgator.com)        by gator504.hostgator.com with esmtp (Exim 4.80)        (envelope-from )        id 1UJZMH-0002su-Fk; Sat, 23 Mar 2013 20:04:25 -0500Received: from nm13-vm0.access.bullet.mail.sp2.yahoo.com        ([98.139.44.160]:25957)        by gator504.hostgator.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)        (Exim 4.80) (envelope-from )        id 1UJZME-0002rT-As for otr-discussion@radiooutofthepast.org;        Sat, 23 Mar 2013 20:04:22 -0500Received: from [98.139.44.104] by nm13.access.bullet.mail.sp2.yahoo.com with        NNFMP; 24 Mar 2013 01:04:21 -0000Received: from [98.138.104.98] by tm9.access.bullet.mail.sp2.yahoo.com with        NNFMP; 24 Mar 2013 01:04:21 -0000Received: from [127.0.0.1] by smtp118.sbc.mail.ne1.yahoo.com with NNFMP;        24 Mar 2013 01:04:21 -0000DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sbcglobal.net; s=s1024;        t=1364087061; bh=7BVu9ylGW7Bo3qRheGt5yFkcnM5tBDPwPRl5/pFxpsQ=;        h=X-Yahoo-Newman-Id:Message-ID:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:X-Mailer:Date:To:From:Subject:Mime-Version:Content-Type;        b=x3tZ50u0yj1OH9TlpB9Fmt79RXsXXCA/CX8BZZtHwMkB+4jJn2Z6QquUukTIb76uU0iBDLNTUNh930GGOVmE19snCR1dUItjo7yZKHZUfnHwZ3yLT20QHs9U/DqchGtI+xYWxF0mtbI5DaQnRZ9zjcGMWVzJMNj27tBK/LitqIw=X-Yahoo-Newman-Id: 308513.22913.bm@smtp118.sbc.mail.ne1.yahoo.comMessage-ID: X-YMail-OSG: X309g58VM1k4MLCTtgQ.66kSrCdOV_Kf0Bfa9XmTzwHgfZx        5uIfyCuQ3SErqCx3b5WDq.55skzixuqXknBFM46euaHzGzL1Fy7dGsV7yIsQ        jYb7U.rNJbGajPunScy58Ab6kH2v0TLAaTTmOsqG84puYY_pXNJWeGRxxuah        rhnbxk6ksk8SOK0nXHH9PmAdNwpkV_eilCRzRXl9PcIT2.mqZ0nOeFB.L8uM        PFEwra3Q8iU.y1_oX_tq3U26YzL.mS1ZsczSP08MYZXdr7X3GFZvbiKCTvCr        ILNnQtXsvTBCLEMN4WoOgIv29gkqYXZWmef_wm36JGxDhFSQWdn5Mr1AQZnt        C25ByOiJVMwyxootdrnaDet.EARy0fRNZc10Ufl59CE6sMiLtyly92Aug6YU        Uh.olZgxWXt0m4DUC_C8IikPXpXcuL4FINTG4hWXKOdrtzVOBvbF4cqTYwjZ        q9uQpgYHVzW7lT98nZ88vr.t.yNOwkiOq_nNr92WyNjsUwHiImIleLcT1xJQ        V9hJnZ.sCpojT6gV6i3PBHctRD2Tli0uNsC3W1h_omrwOrBX1RRr7ASfaxnc        o8XkgeXgqx3IC_KTC5R72ncerRhAG4AAPXdvhgtiyG2w_S861lWyBcxfA5Fk        WukSS6jPG6uZu2Bcu7wYmBSrdGB0EN8bE16wYYd0rxqFykflZuEF.nOe5L54        136Zb8qDIhVF.u8sFX-Yahoo-SMTP: 3XqEaPyswBDmoHUuWA26EU7NwuD7HXrtSrL3bf_biXWBbQ--X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9Date: Sat, 23 Mar 2013 18:02:40 -0700To: otr-discussion@radiooutofthepast.orgFrom: matthew cox Mime-Version: 1.0X-Spam-Status: No, score=0.0X-Spam-Score: 0X-Spam-Bar: /X-Spam-Flag: NOSubject: [Otr-discussion] Brunch With The Brits 254X-BeenThere: otr-discussion@radiooutofthepast.orgX-Mailman-Version: 2.1.14-1Precedence: listReply-To: Old Time Radio Discussion List-Id: Old Time Radio Discussion        List-Unsubscribe: ,        List-Archive: List-Post: List-Help: List-Subscribe: ,        Content-Transfer-Encoding: 7bitContent-Type: text/plain; charset="us-ascii"; Format="flowed"Errors-To: otr-discussion-bounces@radiooutofthepast.orgSender: otr-discussion-bounces@radiooutofthepast.orgX-AntiAbuse: This header was added to track abuse, please include it with any abuse reportX-AntiAbuse: Primary Hostname - gator504.hostgator.comX-AntiAbuse: Original Domain - sbcglobal.netX-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]X-AntiAbuse: Sender Address Domain - radiooutofthepast.orgX-BWhitelist: noX-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: localhost (gator504.hostgator.com) [127.0.0.1]:33222X-Source-Auth: X-Email-Count: 0As it's the weekend and another episode of Brunch is in the works I'd like to begin this press release with an apology.  The host admits unabashedly he was listening to a certain basketball tournament during recording and Kansas was playing and Kansas won.  Only in March ... even if K State loses if K U wins it's okay.  Now let's talk about Brunch.1  We start as always with Harry Lime who is off to India this week from March 21 of 1952 with an episode called Faith Lime And Charity. Branded.2 In This Sceptred Isle from January 18 of 1996 you'll learn of the Jacobite rising.3  Dad's Army this week is from March 18 of 1975 thetitle is Branded and it's a great episode.4 Then we have our Sherlock Holmes episode.  It's called The Adventure of the Pryory School from March 24 of 1995.  And finally5 Mike Chapter 5 read by John Lingard has Mkike and Bob having a brotherly talk.  Thanks to John Lingard for his work on this project.Ways to listen1 Brunch is in itunes at http://bwtbrits.libsyn.com2 Brunch is here at http://www.radiooutofthepast.org3 Hear Brunch every Sunday at www.ren.orgEmail us at brunch@london.comBrunch has a facebook group as well                And you can follow us on twitter.com/bwtbrits  enjoy Matt Cox host Maria Castaneda Producer Director                                                                    m                                                                                                                                       To Unsubscribe:mailto:otr-discussion-request@radiooutofthepast.org?subject=unsubscribehttp://mail.radiooutofthepast.org/mailman/listinfo/otr-discussion_radiooutofthepast.org_______________________________________________Otr-discussion mailing listOtr-discussion@radiooutofthepast.orghttp://radiooutofthepast.org/mailman/listinfo/otr-discussion_radiooutofthepast.org

Episode 44 - How to Roll Your Own Cloud Services For Maximum Privacy                                      Subscribe on iTunes Subscribe to RSS Download MP3 Edward Rudd calls in and Jacob West stops by our studios to discuss alternatives to popular cloud-based services like Dropbox. Listen to us discuss the pros and cons to doing it yourself. We list some of the software that’s out there that will allow you to setup your very own service for personal use. Show notes Why roll your own? Privacy Storage Total control http://zenhabits.net/google-free/ Pros/cons of “Rolling your own {INSERT SERVICE HERE}”? Good option for young kids Cons 1. A dedicated server just for Zimbra with Domain Keys installed 2. A block of 24-32 ip numbers. (49 ip numbers would be ideal, but it’s harder to buy odd blocks like that.) Put your mail server as close to the middle of that range as possible. It sounds like a lot, but most collocation facilities can hook you up with this for 300-500 usd a month. 3. Proactive attention to getting your ip block removed from all spam lists (especially Barracuda, their list is the most annoying for the high number of false positives) before the fact. Just let them know you exist. 4. Pray that all of the hundreds of moving pieces you’ve just put in place don’t break, that bad hackers don’t brute force their way into your server. Strong passwords don’t really help as much as people tell you they do either. That’s now something you have to worry about too. Where to host? Linode Slicehost “Your house” (Business grade internet options) Dropbox Alternatives Owncloud (http://owncloud.org) - Dropbox Alternative + Calendar + Contacts + plugins AeroFS - http://aerofs.com - Dropbox Alternative without a central server Rsync SparkleShare - http://sparkleshare.org/ - just clients and uses git on the server GMail Alternatives qmail, Postfix, Sendmail Horde, IMP, Squirrel Mail, Roundcube http://www.turnkeylinux.org/zimbra Spam filter? Amavisd (runs spamassassin + virus scanning as a pluggable mail filter) hosted service http://ask.slashdot.org/story/11/08/07/1533224/ask-slashdot-self-hosted-gmail-alternatives Google Docs Alternatives http://www.fengoffice.com/web/pricing.php http://etherpad.org/ http://onedrum.com/ Bought by Yammer and integrated with it now ANY Self-hosted WIKI !!! Flickr Alternatives http://www.zenphoto.org/ http://gallery.menalto.com/ YouTube Alternatives Google Voice Alternatives http://www.twilio.com/api/openvbxhttp://pbxinaflash.net/ Full Backup Solutions? Backblaze Carbonite rsync.net LOCAL BACKUP DEVICE! and the Shoe leather express to a remote location!! Security? selinux, disable password login on SSH Talentopoly links - Noteworthy links posted on Talentopoly in the last two weeks Changing times for web developers – 6 Tips You Should Read to survive Workless gem, dynamically scale your Heroku worker dynos Your team should work like an open source project

Neste podcast, o professor Alexander Luz Sperandio – mestre em Ciências pela USP e físico pela UFMS – fala sobre softwares livres e discorre sobre as facilidades e usabilidade do sistema Linux, sugerindo  aplicativos e serviços que rodam neste sistema operacional, que se mostra mais seguro com relação aos ataques de vírus e softwares maliciosos. Distribuições citadas neste podcast: Ubuntu, Debian, Fedora, CentOS, openSUSE. Software para criação de máquinas virtuais: VMWare. Serviços: Apache Web Server, CD Web; Postfix; Sendmail, Qmail; CCH; Bind. Aplicativo: Open Office.Como aprender mais:www.guiafoca.org (www.focalinux.org)www.tldp.orglinuxgazette.net

Was man weiss, und doch nicht kennt. In dieser Folge geht es um einen der ältesten und zugleich populärsten Dienst im Internet, um die elektronische Post, kurz E-Mail. Begleite uns und unsere E-Mail auf der Reise vom Absender, vorbei an Mailservern, Spamfiltern und Virencheckern bis zum Mailprogramm des Empfaengers, und erfahre dabei viele interessante Details über Kopfzeilen, Datenprotokolle und andere sonst verborgene Dinge rund um den Nachrichtenaustausch im Internet. Trackliste D+O – Zensursula Borrachos – Pornostar 7ieben – Sonntags Freibeuter AG – Partytime MZMK – Krzyk Nächste Sendung: 5. September 2009, 19:00 Uhr E-Mail Weg :: Der Weg einer E-Mail von Jens Kubieziel SMTP :: Simple Mail Transfer Protocol POP3 :: Post Office Protocol Version 3 IMAP :: Internet Message Access Protocol SMTP und POP3 :: Wie "sprechen" Server miteinander übers Netz? Greylisting :: Greylisting erklärt. Procmail :: Webseite von Procmail SpamAssassin :: Weitverbreiteter serverseitiger Open Source Spamfilter AMaViS :: A Mail Virus Scanner TLS :: Transport Layer Security, Verschlüsselung während der Uebertragung Postfix :: Postfix Mailserver Sendmail :: Sendmail, das älteste Mailserverprogramm der Welt QMail :: QMail Mailserver Exim :: Exim Mailserver Thunderbird :: Mozilla Thunderbird. Freies grafisches Mailprogramm für alle gängigen Betriebssysteme Mutt :: Exzellentes Mailprogramm für den Textmodus (Konsole) Alpine :: Alpine Mailprogramm. Nachfolger von Pine. YAM :: Yet Another Mailer. Grafisches Mailprogramm für den Commodore Amiga File Download (57:42 min / 61 MB)

Was man weiss, und doch nicht kennt. In dieser Folge geht es um einen der ältesten und zugleich populärsten Dienst im Internet, um die elektronische Post, kurz E-Mail. Begleite uns und unsere E-Mail auf der Reise vom Absender, vorbei an Mailservern, Spamfiltern und Virencheckern bis zum Mailprogramm des Empfaengers, und erfahre dabei viele interessante Details über Kopfzeilen, Datenprotokolle und andere sonst verborgene Dinge rund um den Nachrichtenaustausch im Internet. Trackliste D+O – Zensursula Borrachos – Pornostar 7ieben – Sonntags Freibeuter AG – Partytime MZMK – Krzyk Nächste Sendung: 5. September 2009, 19:00 Uhr E-Mail Weg :: Der Weg einer E-Mail von Jens Kubieziel SMTP :: Simple Mail Transfer Protocol POP3 :: Post Office Protocol Version 3 IMAP :: Internet Message Access Protocol SMTP und POP3 :: Wie "sprechen" Server miteinander übers Netz? Greylisting :: Greylisting erklärt. Procmail :: Webseite von Procmail SpamAssassin :: Weitverbreiteter serverseitiger Open Source Spamfilter AMaViS :: A Mail Virus Scanner TLS :: Transport Layer Security, Verschlüsselung während der Uebertragung Postfix :: Postfix Mailserver Sendmail :: Sendmail, das älteste Mailserverprogramm der Welt QMail :: QMail Mailserver Exim :: Exim Mailserver Thunderbird :: Mozilla Thunderbird. Freies grafisches Mailprogramm für alle gängigen Betriebssysteme Mutt :: Exzellentes Mailprogramm für den Textmodus (Konsole) Alpine :: Alpine Mailprogramm. Nachfolger von Pine. YAM :: Yet Another Mailer. Grafisches Mailprogramm für den Commodore Amiga File Download (57:42 min / 61 MB)