POPULARITY
Alex is in London, listener email, hacking and politics, Elon's Nazi salute, Facebook and Instagram weirdness, the need for fact checking, Cyber Security Review Board members fired, TLAs and FLAs.
Alex is in London, listener email, hacking and politics, Elon's Nazi salute, Facebook and Instagram weirdness, the need for fact checking, Cyber Security Review Board members fired, TLAs and FLAs.
This podcast episode, Segment 2 of our SolarEdge interview, is for my fellow solar installers who crave the inside scoop on industry TLAs such as IRA, VPP, V2G, PCS and NBT. This is the geeky deeper dive on the latest technologies and policy perspectives from SolarEdge. Segment 1, released a few weeks ago, is a great listen for more of a customer perspective. Today's podcast, the second SolarEdge segment, is focused on interests and needs for contractors -- both residential and commercial. Issues related to fire safety, maximizing energy harvest, commercial cost reduction and UL 3741 are among the topics we are discussing. And if you work in California, techniques to increase system size for existing NEM2 customers will also be covered. Joining us on these two SolarEdge podcast segments are Bertrand Vandeweile, SolarEdge's new GM for North America, and John Ahlman, their Chief Marketing Officer. Please tune into this second of two Energy Show podcasts with SolarEdge at www.energyshow.biz.
Killer, Achim www.deutschlandfunk.de, Forschung aktuell
The Learning Curve for understanding home batteries and solar systems is steep. Your battery system education will require mastering at least twice as much jargon, TLAs (that's Three Letter Acronyms), specifications and industry gossip than ordinary solar systems. So if you don't want to get bamboozled by an aggressive salesperson, this week's podcast is a great place to start. Some of the topics and questions include: * What is the best way for me to expand my existing solar system? * What are the important assumptions -- such as shading, battery location and equipment compatibility — that I should verify with my salesperson? * How long will my battery last during a blackout? Can my backup battery start large equipment, such as my AC or pool pumps? * What's the difference between AC- and DC-coupled battery systems, and why should I care? * What changes do I need t make to add a battery to my existing solar system? * What are the building code and fire code restrictions on battery installations in my city? * Can I install two batteries alongside my house or in my garage? * Should I install an Essential Loads Panel, or just go with Whole Home Backup? *How can I connect a generator to my batter system? * What are my alternatives to doing an electric service upgrade? Answers to the questions above are not obvious, and vary significantly based on your location, existing solar equipment, and the electrical wiring in your house. For all the details, please tune into this week's Energy Show podcast at www.energyshow.biz.
This week's show is a little later than usual, but we have a good reason. The Game Awards 2023 was this week and we watched the whole thing live. Tune in to hear about our favorite moments from the show, the awards we care about, and the WORLD PREMIEREs that caught our eye. Geoff Keighley The Game Awards Full Video Games All announcements in 9 minutes Exodus God of War Ragnarok: Valhalla - December 13, 2023 Fortnite LEGO Rocket Racing Festival Stormgate Helldivers 2 - February 8, 2024 Warframe: Whispers in the Wall - December 13, 2023 Light No Fire Hello Games Evolution trailer Skull and Bones - February 16, 2024 Trailer The Finals The Game Awards Orchestra GOTY Medley World Premiere title cards
In this episode of the "Psych in Business" podcast, your host, Dr. Ernest Wayde welcomes back Dr. Karol Wasylyshyn, an executive coach specializing in the role of the Trusted Leadership Advisor (TLA). Dr. Wasylyshyn discusses the critical role of TLAs in supporting CEOs and C-suite leaders. Dr. Wasylyshyn emphasizes the pursuit of mastery in leadership, focusing on the behavioral dimension and the integration of IQ and EQ.The conversation delves into why leaders need TLAs, exploring how self-examination contributes to leadership effectiveness in the 21st century. The integration of emotional intelligence is highlighted as a key tool for working with senior leaders. Dr. Wasylyshyn stresses the importance of leaders being comfortable with vulnerability and how TLAs serve as trusted confidants in this regard.The discussion then shifts to the TLA's role in executive coaching and the development of a deep connection with leaders. Dr. Wasylyshyn explains how TLAs become part of the executive's inner circle, providing a safe space for vulnerability and self-reflection.The episode touches on the qualities leaders should look for in a TLA, emphasizing the need for a strong understanding of business, experience with senior leaders, and the ability to integrate IQ and EQ. Dr. Wasylyshyn also shares insights for individuals aspiring to become TLAs, emphasizing the importance of behavioral sciences training and the ability to integrate it with business realities.A portion of the podcast explores the challenges and dynamics of maintaining confidentiality while collaborating with the company and HR. Dr. Wasylyshyn discusses how TLAs manage information and facilitate open communication between leaders and their superiors.The conversation concludes with an overview of Dr. Wasylyshyn's Integrated Practice Model, highlighting elements such as States of Presence, Model Agility, and TLA Role Dimensions. The model provides a glimpse into the complex and multifaceted work TLAs do behind the scenes to support leaders in their pursuit of excellence.Overall, the episode provides valuable insights into the unique and crucial role of Trusted Leadership Advisors in the business world and the impact they can have on leadership effectiveness and organizational success.
Mic drops, TLAs, and millennial jokes abound in Episode 1.04 of Tech It to the Limit. Your lovable co-hosts, Elliott and Sarah, are joined virtually by the virtual Ms. Miagi of Virtual Nursing Transformation, Sarah Bell (Biofourmis). Pop in your TLC CD (we know you still have it) and get ready for a jaw-dropping, side-achin' good time on the only health tech podcast that fills your Rx for LOL.
News, commentary, and an extended look at the news stories which demonstrate the depth of deception, corruption, and intended destruction still in progress, for the week ending Saturday, 2 September, 2023. Maybe just "withdrawing consent" from Evil just isn't quite enough. https://hebrewnationonline.com/wp-content/uploads/2023/09/MGC-Show-2-Sept-2023-Maui-Black-Curtain-Biden-alias-crimes-bribery-Amish-raid-GBnU-Garland-LNL-MAGAphobia-HL-recap-ATF-IRS-n-TLAs-4th-Reich-podcast-x.mp3
Kellie Macpherson and Matthew Detmers talk about what Internal Controls are and their importance. Get a few laughs when diving into the alphabet soup of three-letter acronyms (TLAs)! Want to learn more about NERC and Compliance. Click Here to visit our website. #compliance #nerc
The guys get into more TLAs around the GPT of the chats. That's right, AI has entered the pod. OK, we mean the real artificial intelligence not the way some view the guy's intelligence. If you're interested in how CHATBOTS can help you and your team, listen and reach out. Reach out to Drew & Sam. Check out the book list! Visit trainwithbty.com Visit fauserconsult.com
Talk the Talk - a podcast about linguistics, the science of language.
Listeners have once again sent us some great questions, and we have answers! Why do we TALK SHIT and not SPEAK SHIT? Do we KEEP OUT, or STAY OUT? Why are so many acronyms three letters long? How do we break young people out of the prescriptivist mindset? Isn't “folk etymology” just… etymology? Can you think of any anagrams that are also synonyms? Plus our favourite game, Related or Not!
The guys discuss their recent Improve the Customer Experience joint training event. 2 days, so many slides and flip chart pages! The TLAs are flying in this one. Sam comments on Drew's facilitation abilities during Holy *** Service and Drew gushes about Sam's NPS session. The next ICE training event is in Ann Arbor. If you can't make it there, the guys have an announcement you'll want to hear! Register for ICE at trainwithbty.com. Share these podcasts with all of your friends, like us, follow us and subscribe! Reach out to Drew & Sam. Check out the book list!
Learning a new industry is hard and we need to make sure we understand the acronyms and terminology. Do your research and understand what transfers over, what the new Three Letter Acronyms are, and how to use them before you go into an interview.Take a listen to find ways to best prepare yourself to use your business lingo!Enjoy your cafecito and a churro!Want to join us for a cafecito or share a topic for us to cover:https://www.corpcafecito.com/contact-usOr email us at:Nallely@corpcafecito.comMario@corpcafecito.comIf you would like to receive individual coaching or to schedule a workshop for you and your team, please visit:www.elevardevelopment.com or email Nallely@elevardevelopment.comNallely Suárez Gass - Executive Coach
Drew jumps into the hotseat as Sam interviews him about a recent presentation in front of a group of his peers. What happens when your laptop lets you know you didn't plug it in? Is it always sunny in San Diego? Virtual Reality training and the pizza grading tool?
Today's Keepin' it Real - the language of insiders. ----- I made a short statement the other day and my son immediately replied, “That's cap.” C A P. Cap. I'm unsure what it means. It's either “that's the gospel truth” or “that's a boldface lie.” I thought about it for a moment and decided I didn't want to know. For centuries generations have used hairstyles, vocabulary, music and clothing to separate themselves from adults just like my kids are doing today. We called things “cool” or “grody” or “sick.” Today my kids use Cap and ‘lit'. When I say someone was ‘lit' it means they were very overserved. With the kids today, ‘lit' means cool or fun or hip or exciting. There's a part of me that wants to adopt this language to try to stay young. There's a bigger part of me that says stay away. My daughter and her friends use the word ‘like' as an opening quotation mark. For example: “She said like I didn't do it and I immediately said like it was you. I saw you. And then she said like, Well, that's cap.” And again, I'm clueless. The stay-at-home women in my part of town have starting using the expression “all the things.” It means just so much of everything. “I've got so many chores and errands and the kids need me and you know, all the things.” All the things. Listen for it. It will be coming from a SUV driver in yoga tights. Sociologists have studied that shared words and, specifically, acronyms self-identify people as part of an in-crowd. At a financial services conference I was amazed by the overflow of TLAs and FLAs. Attendees bandied them back and forth to say to each other, “I am an insider” and to remind outsiders like me that I'm an outsider. Financial services love their TLAs, and when find a tidy TLA won't do, they go to FLAs. Three letter acronyms and four letter acronyms, by the way. In a conference call a few weeks ago I was immediately told through the use of insider language that I was an outsider. It was a passive aggressive masterpiece. The TLAs and FLAs numbered in the dozens. The guy leading the call was letting me know he's my alpha. It wasn't like he was a silverback gorilla standing on a rock and beating his chest to declare his dominance but it was very much like a silverback gorilla standing on a rock and beathing his chest to declare his dominance. The evangelicals have an insider language, too. This may offend some of them, but you'll recognize the use of the word ‘just' in your prayers. “Father God, just just wrap us in your love and just heal our hearts with your manifest of greatness and just feed us with the bounty of your loving kindness as we just work to serve your steadfast love and just just keep your son in front of our eyes…” I stop listening and start counting. I can't help it. And I'm pretty sure if the universe's editor in chief were to speak to us he'd say ‘what's with all the justs? The reason I don't answer your prayers is I lose focus counting.' I'm Cam Marston and I'm JUST JUST JUST just trying to Keep it Real. And all the things.
It's a giddy mood in Glasnevin where we host Drogheda manager Kevin Doherty and Dundalk's Keith Ward fresh from the post round and the training ground respectively. The lads pick up where our referee debate ended last week as well as chipping in on the great 2023 Astro Debate! They also find time in our extended edition to touch on Daire Doyle's gas meters, landlord Enda Stevens, post-wedding friendlies, and European balls! Like we said, it's a giddy affair as our hosts recount toilet adventures with The Monk, the bus who wants to be Roy Keane, confectionary cooking tips and a lot of TLAs. It's episode ten with Collar and Cuff, Future Ticketing and Rascals Brewery and think El Duderino, if you're not into the whole brevity thing!
In our ever-expanding search for TLAs, our guests introduce us to TBD! Who are our guests? President of Team Murph Mike Saigh and Director Erick Ortiz. We invited them on to celebrate their 100+ store. It also gives us a chance to celebrate 40k+ downloads! Mike and Erick explain how the success of Team Murph is tied to their beliefs and training to those beliefs. It's almost like they listen to the pod. If you haven't liked yet? What are you waiting for!
Adam Washington is the CEO of the full-service customer experience agency CX Lavender and joins us to unpicking the world of customer and user experience. The marketing industry is well known for its TLAs – Three Letter Acronyms such as RTB, CPM, B2B, SEO and more. But there is a class of TLAs, the two-letter acronyms that have increasingly populated the marketing vernacular like UX, UI and CX. McKinsey says CX encapsulates everything a business or an organisation does to put customers first, manage their journeys and serve their needs. Adam helps to demystify the meaning of CX and explains the roles of Customer Journey Mapping, Voice of the Customer, Service Design and more. Listen on Apple: https://podcasts.apple.com/au/podcast/managing-marketing/id1018735190 Listen on Spotify: https://open.spotify.com/show/75mJ4Gt6MWzFWvmd3A64XW?si=a3b63c66ab6e4934 Listen on Google: https://podcasts.google.com/feed/aHR0cHM6Ly9mZWVkcy5zb3VuZGNsb3VkLmNvbS91c2Vycy9zb3VuZGNsb3VkOnVzZXJzOjE2MTQ0MjA2NC9zb3VuZHMucnNz Listen on Stitcher: https://www.stitcher.com/show/managing-marketing Listen on Podbean: https://managingmarketing.podbean.com/ For more episodes of TrinityP3's Managing Marketing podcast, visit https://www.trinityp3.com/managing-marketing-podcasts/ Recorded on RiversideFM and edited, mixed and managed by JML Audio with thanks to Jared Lattouf.
Foundations of Amateur Radio Our community is full of TLAs, or three letter acronyms. Some of them more useful than others. For example, I can tell you thank you for the QSO, I'm going QRT, QSY to my QTH. Or, thanks for the chat, I'll just shut up and take my bat and ball and go home. Acronyms arise every day and it came as no surprise to spot a new one in the wild the other day, SHF. It was in a serious forum, discussing antennas if I recall, so I didn't blink and looked it up. Super High Frequency. Okay, so, where's that? I'm familiar with VHF and UHF and as radio amateurs we're often found somewhere on HF, that's Very High Frequency, Ultra High Frequency and High Frequency if you're curious. Turns out that the ITU, the International Telecommunications Union has an official list, of course it does. The current ITU "Radio Regulations" is the 2020 edition. It's great bedtime reading. Volume one of four, Chapter one of ten, Article two of three, Section one of three, Provision 2.1 starts off with these words: "The radio spectrum shall be subdivided into nine frequency bands, which shall be designated by progressive whole numbers in accordance with the following table." When you look at this table you'll discover it starts with band number four and ends with band number twelve, between them covering 3 kHz to 3000 GHz. In position ten you'll see the designation "SHF", covering 3 to 30 GHz, centrimetric waves. A couple of things to note. The list starts at band four. There are of course frequencies below 3 kHz. The list ends at twelve, but there are frequencies above 3000 GHz. You'll also note that I'm not saying 3 Terahertz, since the ITU regulations specify that you shall express frequencies up to 3000 GHz using "gigahertz". Interestingly the same document has a provision for reporting interference where you can report using Terahertz frequencies, so I'm not sure how the ITU deals with such reports. Another thing to note is that this table doesn't actually define what SHF means. It's nowhere in the radio regulations either, I looked. I'm not sure where the words Super High Frequency came from. There is an ITU online database for looking up acronyms and terms. That leads to a document called "Nomenclature of the frequency and wavelength bands used in telecommunications", which also doesn't use "Super High Frequency" anywhere. That said, using the ITU band four, where its definition starts, the VLF band, or Very Low Frequency, followed by LF, Low Frequency, MF, Medium Frequency, the familiar HF or High Frequency, VHF, UHF, then SHF and beyond that, EHF, Extremely High Frequency and THF or Tremendously High Frequency, yes, Tremendously High. There's a report called the "Technical and operational characteristics and applications of the point-to-point fixed service applications operating in the frequency band 275-450 GHz". It introduces the term "THF which stands for tremendously high frequency" but adds the disclaimer that "this terminology is used only within this Report." Seems that there are plenty of documents on the ITU website using that same definition, so I'm guessing that the cat is out of the bag. THF by the way is defined as being for 300 to 3000 GHz frequencies. By the way, the ITU TLA finder exposes that THF stands for Topology Hiding Function. Where's a good acronym when you need it? Speaking of definitions, I came across the definition of a "taboo channel" which according to the ITU is "A channel which coincides with the frequency of the local oscillator in the single super heterodyne receiver which is tuned to an analogue channel." Anyway, we still have a way to go. Below band four, less than 3 kHz, we have ULF or Ultra Low Frequency, SLF, Super Low Frequency and ELF, Extremely Low Frequency, which is defined as band one, between 3 and 30 Hz. Below that, some have suggested TLF, or Tremendously Low Frequency which apparently goes between 1 and 3 Hz with a wavelength between 300,000 down to 100,000 km. Others have suggested that this is an internet meme, but so far it seems to me that it has just as much legitimacy as any of the other wordings, since it appears that the ITU explicitly excludes such definitions, even if internal documents introduce terms from time to time. It did make me wonder, what comes after Tremendously High Frequencies, Red? Turns out, yes, well, infra-red pretty much follows on from Tremendously High Frequencies. If you think that's the end of it, think again. The IEEE, the Institute of Electrical and Electronics Engineers has its own definitions, of course it does. Unfortunately they decided that you need to pay for their standard. It was first issued in 1976 "to remove the confusion". There's an xkcd comic called "Standards", number 927 if you're looking. It goes like this: Situation: There are 14 competing standards. 14?! Ridiculous! We need to develop one universal standard that covers everyone's use cases. Yeah! Soon: Situation: There are 15 competing standards. Anyway, the IEEE designates that after UHF comes L or Long wave, followed by S, or Short wave, then comes C, the compromise between Short wave and X or cross or Exotic. Then there's Ku, Kurtz Under, K, Kurtz, and Ka or Kurtz above, Kurtz being the German word for Short. There's the V band and the W band which follows the V band. Had enough yet? NATO, the EU and the US define these using letters of the alphabet. And broadcasters use Band Numbers which link up to nothing in particular. I wonder if the measure of a society is just how many different ways can be used to describe the same thing. Perhaps we should have stopped at Hertz or Hz, which was established in 1930 by the International Electrotechnical Commission, as an expression of the number of times that a repeated event occurs per second, in honour of Heinrich Hertz. One more three letter acronym, the International Electrotechnical Commission is better known as the IEC. I wonder if the ITU is taking suggestions, ginormous, utterly, inordinately, awfully and humongously seem like perfect opportunities for future expansion. I'm Onno VK6FLAB.
OMG we're at it again with TLAs, NPS, cSAT & we D.I.G for innovation with special guest Brian Trier. Are you gonna eat those tots? Are you READY & SET? Well then, let's GO! Brian shares the secret sauce. We actually D.I.G the innovation and learn Brian's CORE 4. Let's hope this podcast is sustainable. This is the one you can't miss!!
The boys seem to be speaking a language all their own. Don't worry, they explain it all. Sam orders LC and Drew order PJ. What!?! Is Chick-fil-A really all that? Tune in, buckle up and enjoy this audio ride!
Well, a lot of the tech news isn't positive this week, especially if you lost your job or had money invested in FTX. But as always, we make the best of it and give you some great tips and picks so that you can tech better. Enjoy! Followup: Headlight Restoration (01:00) This week in Twitter (03:00) Tumblr will sell you two blue checks for $8 (05:15) Meta laying off 11K (05:40) Amazon is set to lay off about 10K this week (06:00) Amazon unveils smaller delivery drone that can fly in rain (06:20) Amazon becomes the world's first company to lose $1 Trillion in market value (07:10) Apple's $191 Billion single-day surge sets stock-market record (09:20) Patch Tuesday next week (09:55) Dave's Pro Tip of the Week: How to spark joy in your digital life with Marie Kondo and Google One (10:15) Takes: The collapse of crypto firm FTX and its superstar founder explained to those who know nothing about crypto (17:00) UN initiative will use satellites to detect methane emission hotspots (24:40) Carvana bought my car for more than I paid new has lost 98 percent of its value (26:35) Zoom adding mail and calendar feature (29:35) Bonus Odd Take: Microsoft brings helicopters, gliders, and the Spruce Goose to its Flight Simulator (31:05) Picks of the Week: Dave: Palette.fm (33:00) Nate: CyberPower ST425 Standby UPS System, 425VA/260W, 8 Outlets, Compact (35:50)v Find us elsewhere: https://www.notnerd.com https://www.youtube.com/c/Notnerd https://ratethispodcast.com/notnerd https://www.tiktok.com/@notnerdpod https://www.twitter.com/n0tnerd/ https://www.instagram.com/n0tnerd https://www.facebook.com/n0tnerd/ info@Notnerd.com Call or text 608.618.NERD(6373) If you would like to help support Notnerd financially, mentally, or physically, don't hesitate to get in touch with us via any of the methods above. Consider any product/app links to be affiliate links.
Finally - they're here! But what exactly is an Integrated Care System or ICS, and why have they been created? Park your cynicism and have a whistle stop tour of ICSs, ICBs, ICPs to meet the saviours of the NHS. Plus bonus material on the previous iterations of SHAs, DHAs, PCGs, PCTs, CCGs, and any number of TLAs in the NHS! It's going to be an excellent way to spend 8 minutes of your life!
Discover more about the HouseBRIX NFT at https://brixnft.com Why the hell do I want to buy an NFT? Great question and for a lot of people the answer is "YOU DON'T"!!! Generally that is because everything is a scam for them and they have a closed mindset. BUT if you are thinking that you want to buy one then this episode may just help you do it
Discover more about the HouseBRIX NFT at https://brixnft.com What is a crypto wallet? I hear there are several different types...how do I pick the right one? Is it easy to get a wallet? You probably, like me, are easily confused when it comes to NFTs and Crypto. And when it comes to dire warnings of losing your crypto wallet and losing everything, it pays to understand all you can about crypto wallets. So this episode is about how to pick the right wallet for you. TLAs, ENC, Mint, Rug Pulls and NFT slang...Click below to get my Glossary of terms and language so you can mix it with the NFT pros (probably!!) Get the Glossary Wallet BONUS: https://www.coinbase.com/join/42EFFI get a Coinbase account and a bonus of some BitCoin when you use it with this, my affiliate link! Discover the HouseBRIX NFT at https://brixnft.com The Property & NFT Show is all about property, crypto, NFTs and the digital world of web 3.0 If you want to discover how to get into, understand and take advantage of the worlds of crypto, digital, NFT and the traditional assets of Property then this is the podcast for you! Because there are opportunities out there for you... ...but there are also risks! And we need to know which is which!! So, tune in, follow the show and let's learn and earn together! https://podcasts.apple.com/us/podcast/the-property-nft-show/id1633839439?itsct=podcast_box&itscg=30200&ls=1 Email us at hello@housebrix.xyz REMEMBER to get a mention on the show...simply review us on Apple podcasts! Resources: YOU WANT A HouseBRIX NFT BUT NOT SURE WHERE TO START? Start here by clicking the link below https://brixnft.com Before you do anything else, remember that anything Nigel or others talk about, share, discuss, etc is for entertainment purposes only. It is not financial, legal, investment or any other advice of any sort! Do not rely on anything we say or share or do because we are doing it for entertainment purposes only. Think of it like this...we are discussing topics that people may like to investigate further; ideas and information that you might want to consider further; and that sort of thing. You should always seek your own independent advice from relevant people such as lawyers and accountants. Although Nigel is a qualified accountant, he do not have any agreement (implied or otherwise) with you - unless expressly and clearly documented in a specific contract. So please just enjoy the podcast, info and content and use it as a call to action to seek professional and relevant advice specific to you. Does that make sense? Are we clear on this?! If not, then drop us an email and we can tell you the above again! The reason we say this is that everyone's situation is unique and for us to share general content like we do it means it cannot possibly be taken as specific advice just for you. Happy? We certainly hope so. Now go and write a fab review for our Property & NFT Show podcast and we will love you forever! Much love and gratitude, Nigel PS that link re Nigel losing 14kg in weight - use this affiliate link HERE
Discover more about the HouseBRIX NFT at https://brixnft.com What is Ethereum - Ether - Eth? How does it work? Why do I need to know? Today we look at what Ethereum is and at the end of the episode you should be salivating with the potential it holds for you and your business. Believe me because it is an incredible game changer!!! Not sure what the TLAs (three letter acronyms!!) and the NFT slang mean??? Click below to get my Glossary of terms and language so you can mix it with the NFT pros (probably!!) Get the Glossary Wallet BONUS: https://www.coinbase.com/join/42EFFI get a Coinbase account and a bonus of some BitCoin when you use it with this, my affiliate link! Discover the HouseBRIX NFT at https://brixnft.com The Property & NFT Show is all about property, crypto, NFTs and the digital world of web 3.0 If you want to discover how to get into, understand and take advantage of the worlds of crypto, digital, NFT and the traditional assets of Property then this is the podcast for you! Because there are opportunities out there for you... ...but there are also risks! And we need to know which is which!! So, tune in, follow the show and let's learn and earn together! https://podcasts.apple.com/us/podcast/the-property-nft-show/id1633839439?itsct=podcast_box&itscg=30200&ls=1 Email us at hello@housebrix.xyz REMEMBER to get a mention on the show...simply review us on Apple podcasts! Resources: YOU WANT A HouseBRIX NFT BUT NOT SURE WHERE TO START? Start here by clicking the link below https://brixnft.com Before you do anything else, remember that anything Nigel or others talk about, share, discuss, etc is for entertainment purposes only. It is not financial, legal, investment or any other advice of any sort! Do not rely on anything we say or share or do because we are doing it for entertainment purposes only. Think of it like this...we are discussing topics that people may like to investigate further; ideas and information that you might want to consider further; and that sort of thing. You should always seek your own independent advice from relevant people such as lawyers and accountants. Although Nigel is a qualified accountant, he do not have any agreement (implied or otherwise) with you - unless expressly and clearly documented in a specific contract. So please just enjoy the podcast, info and content and use it as a call to action to seek professional and relevant advice specific to you. Does that make sense? Are we clear on this?! If not, then drop us an email and we can tell you the above again! The reason we say this is that everyone's situation is unique and for us to share general content like we do it means it cannot possibly be taken as specific advice just for you. Happy? We certainly hope so. Now go and write a fab review for our Property & NFT Show podcast and we will love you forever! Much love and gratitude, Nigel PS that link re Nigel losing 14kg in weight - use this affiliate link HERE
Discover the HouseBRIX NFT at https://brixnft.com Let's open a crypto wallet! Because you are not going to get very far without one!! Yep, you need one so get out there and do it. I am talking about metamask.io but there are others. Whichever you choose, this is the beginning of your journey in this world. Go slow, go steady & don't go Ape. And keep an eye out for ENCs. Not sure what the TLAs and slang mean? Click below to get my Glossary of terms and language so you can mix it with the NFT pros (probably!!) https://www.coinbase.com/join/42EFFI get a Coinbase account and a bonus of some BitCoin when you use it with this, my affiliate link! Get the Glossary Discover the HouseBRIX NFT at https://brixnft.com The Property & NFT Show is all about property, crypto, NFTs and the digital world of web 3.0 If you want to discover how to get into, understand and take advantage of the worlds of crypto, digital, NFT and the traditional assets of Property then this is the podcast for you! Because there are opportunities out there for you... ...but there are also risks! And we need to know which is which!! So, tune in, follow the show and let's learn and earn together! https://podcasts.apple.com/us/podcast/the-property-nft-show/id1633839439?itsct=podcast_box&itscg=30200&ls=1 Email us at hello@housebrix.xyz REMEMBER to get a mention on the show...simply review us on Apple podcasts! Resources: YOU WANT A HouseBRIX NFT BUT NOT SURE WHERE TO START? Start here by clicking the link below https://brixnft.com Before you do anything else, remember that anything Nigel or others talk about, share, discuss, etc is for entertainment purposes only. It is not financial, legal, investment or any other advice of any sort! Do not rely on anything we say or share or do because we are doing it for entertainment purposes only. Think of it like this...we are discussing topics that people may like to investigate further; ideas and information that you might want to consider further; and that sort of thing. You should always seek your own independent advice from relevant people such as lawyers and accountants. Although Nigel is a qualified accountant, he do not have any agreement (implied or otherwise) with you - unless expressly and clearly documented in a specific contract. So please just enjoy the podcast, info and content and use it as a call to action to seek professional and relevant advice specific to you. Does that make sense? Are we clear on this?! If not, then drop us an email and we can tell you the above again! The reason we say this is that everyone's situation is unique and for us to share general content like we do it means it cannot possibly be taken as specific advice just for you. Happy? We certainly hope so. Now go and write a fab review for our Property & NFT Show podcast and we will love you forever! Much love and gratitude, Nigel PS that link re Nigel losing 14kg in weight - use this affiliate link HERE
In this episode software craftsman Luke Elliott and I discuss what makes great software engineering, excellent software engineers and effective teams… We argue that understanding and delivering value is really all good software engineering is about. And that engineers understanding the customer is possibly the biggest difference between organisations who deliver value and those whose don't; and that this is best achieved by combining people who deeply understand the customers like product owners with engineers who deeply care (about value and consequently the customer). We discuss what makes high performing teams, and touch on the challenge of hiring great engineers. We make a detour chatting about the importance of TDD and Pair Programming and whether they are a cult, and why some love and some hate these practices, but why, ultimately XP practices like these ultimately the ability to deliver value at pace, reliably and sustainably. We briefly rant about TLAs and why one should always clarify acronyms (or rather not have them in the first place) and what it means, if a team doesn't feel sufficiently safe to ask questions (and what one can do to build the needed psychological safety). We close by discussing that the art of architecture is knowing what to do now and what to defer, why David Knuth is right in saying that ‘premature performance optimisation is the root of all evil' and what this means for startup who are in bootstrapping mode and must avoid overly early gold-plating and over-engineering while not impeding future scaling. … Luke is a software craftsman with deep experience in lean and agile software development. He believes that great software is crafted by great teams, and that building great teams is challenging and rewarding work. He has lead successful teams across public and private sector, bluechips and startups, in diverse industries including finance, healthcare and energy. He is a keen proponent of lean and agile approaches, XP and believes in CI/CD, fast feedback loops, outcome over output, and product thinking. He avoids big design up front, command-and-control management, and blame cultures. He is currently Director of Engineering at OakNorth Bank. Luke is currently hiring software engineers of all stripes and if you are interested in working like Luke describes, contact him at luke.elliott@oaknorth.co.uk. He can be contacted via revlucio@gmail.com or Linkedin: https://www.linkedin.com/in/lukeelliott/ – More information at https://www.theburnup.com This podcast produced by Burn Up Media Ltd under under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License. Further Information at: https://creativecommons.org/licenses/by-nc-nd/4.0/
About SethSeth Vargo is an engineer at Google. Previously he worked at HashiCorp, Chef Software, CustomInk, and some Pittsburgh-based startups. He is the author of Learning Chef and is passionate about reducing inequality in technology. When he is not writing, working on open source, teaching, or speaking at conferences, Seth advises non-profits.Links:Twitter: https://twitter.com/sethvargo TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: The company 0x4447 builds products to increase standardization and security in AWS organizations. They do this with automated pipelines that use well-structured projects to create secure, easy-to-maintain and fail-tolerant solutions, one of which is their VPN product built on top of the popular OpenVPN project which has no license restrictions; you are only limited by the network card in the instance.Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured and fully managed with built in access via key-value, SQL, and full-text search. Flexible JSON documents aligned to your applications and workloads. Build faster with blazing fast in-memory performance and automated replication and scaling while reducing cost. Capella has the best price performance of any fully managed document database. Visit couchbase.com/screaminginthecloud to try Capella today for free and be up and running in three minutes with no credit card required. Couchbase Capella: make your data sing.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I have a return guest today, though it barely feels like it qualifies because Seth Vargo was guest number three on this podcast. I've had a couple of folks on since then, and for better or worse, I'm no longer quite as scared of the microphone as I was back in those early days. Seth, thank you for joining me.Seth: Yeah, thank you so much for having me back, Corey. Really excited to figure out whatever we're talking about today.Corey: Well, let's start there because last time we spoke, you were if memory serves a developer advocate at Google Cloud.Seth: Correct.Corey: And you've changed jobs, but not companies—but kind of companies because, welcome to large environments—but over the past few years, you have remained at Google. You are no longer at Google Cloud and you're no longer a developer advocate. In fact, your title is simply ‘Engineer at Google.' And what you've been focusing on, to my understanding, is helping Alphabet companies, namely—you know, the Alphabet, always in parentheses in journalistic styles, Google's parent company because no one thinks of it in terms of Alphabet—is—you're effectively helping companies within the conglomerate umbrella securely and privately consume public cloud.Seth: Yes, that is correct. So, I used to work in what we call the Cloud PA—PA stands for product area. Other product areas are like Chrome and Android—and I moved to the Core PA where I'm helping lead and run an initiative that, like you said, is to help Alphabet companies to, you know, securely and privately use public cloud services.Corey: So, I am going to go out on a limb because my position on multi-cloud has always been pick a cloud—I don't particularly care which one—but pick one and focus on that. I'm going to go out on a limb and presume that given that you are not at Google Cloud anymore, but you are at Google, you probably have a slight preference as far as which public cloud these various companies within the umbrella should be consuming.Seth: Yeah. I mean, obviously, I think most viewers will think the answer is GCP. And if you said GCP, you would be, like, 95% correct.Corey: Well, you'd also be slightly less than that correct, because they're doing a whole rebrand and calling it Google Cloud in public, as opposed to GCP. You really don't work for the same org anymore. You're not up-to-date on the very latest messaging talking points.Seth: I missed—ugh, there's so many TLAs that you lose all your TLAs over time.Corey: Oh, yes.Seth: So, Google Cloud would be, like, 95% correct. But what you have to really understand is, Google has its own, you know, cloud—we didn't call it a cloud at the time, you might call it on-prem or legacy infrastructure, if you will—primarily built on a scheduling system called Borg, which is like Kubernetes version zero. And a lot of the Alphabet companies have workloads that run onboard. So, we're actually talking about hybrid cloud here, which, you know, you may not think of Google is like a hybrid cloud customer, but a workload that runs on our production infrastructure called Borg that needs to interact with a workload that runs on Google Cloud, that is hybrid cloud, it's no different than a customer who has their own data center that needs peering to a public cloud provider, you know, whether that's Google Cloud, or AWS, or Azure.I think the other thing is if you look at, like, the regulatory space, particularly a lot of the Alphabet companies operate in, say, like healthcare, or finance, or FinTech, where certain countries and certain jurisdictions have regulations around, like, you must be multi-cloud. You know, some people might say that means you have to run, you know, the same instance of the same app across clouds, or some people say your data can be here, but your workloads can be over there. That's to be interpreted, but you know, I would say 95% of GCP, but there is a—or sorry, 95% is Google Cloud—Corey: There we go.Seth: But there is a small percentage that is definitely going to be other cloud providers and hybrid cloud as well.Corey: My position on multi-cloud has often—people like to throw it in my face of, “See you gave this general guidance, and therefore whenever you say something that goes against it, you're a giant phony.” And it's yeah, Twitter doesn't do so well with the nuance. My position of pick a provider and go all-in is intended as general guidance for the common case. There are exceptions to this and any individual company or customer is going to have more context than that general guidance will. So, if you say you need to be in multiple clouds for certain reasons, you're probably correct.If you say you need to be in multiple clouds because your regulator demands it, you are certainly correct. I am not arguing against that in any way. I do want to disclaim my one of my biases here as well, and that is specifically that if I were building a startup today and I were not me—by which I mean having spent ten years in the AWS ecosystem learning, not just how it works, but how it breaks because that's important in production, and you know, also having a bunch of service owners at AWS on speed dial—and I, were approaching this from the naive, I need to pick a cloud, which one would I go with, my bias is for Google Cloud. And the reason behind that is the developer experience is spectacular as the primary but not only perspective on that. So, I am curious to know that as you're helping what are effectively internal customers move to Google Cloud, is their interaction with Google Cloud as a platform the same as it would be if I as a random outside customer, were using Google Cloud? Is there a bunch of internal backchannels? “Oh, you get the good kind of internal Google Cloud that most of us don't get access to?” Or something else?Seth: Yeah, so that's a great question. So first, you know, thank you for the kind words on the developer experience—Corey: They were honest words, to be clear. Let me be very direct with you, if I thought your developer experience was trash, I might not say it outright in their effort not to be, you know, actively antagonistic to someone I'm having on the show right now, but I would not say it if I didn't believe it.Seth: Yeah. And I totally—I know you, I've known you for many years. I totally believe you. But I do thank you for saying that because that was the team that I was on before this was largely responsible for that across the platform. But back to your original question around, like, what does the support experience look like? So, it's a little bit of both.So, Alphabet companies, they get a technical account manager, very similar to how, you know, reasonable-sized spend customer would get a technical account manager. That account manager has access to the Cloud support channels. So, all that looks the same. I think we're things look a little bit different is because myself and some of our other leads came from Cloud, you know, I generally don't like this phrase, but we know people. So, we tend not to go directly to Cloud when we can, right?We want Alphabet companies to really behave and act as if they were an external entity, but we're able to help the technical account manager navigate the support process a little bit better by saying like, “You need to ask for this person,” right? You need to say these words to get in front of the right person to get this ticket assigned to the right person. So, the process is still the same, but we're able to leverage our pre-existing knowledge with Cloud. The same way, if you had a [unintelligible 00:07:45] or an ex-Googler who worked for your company, would be able to kind of help move that support process along a little bit faster.Corey: I am quite sincere when I say that this is a problem that goes far beyond simply Google. A disturbing portion of my job as a cloud economist helping my clients consists of nothing other than introducing Amazonians to one another. And these are hard problems at scale. I work at a company with a dozen people in it. And it turns out that yeah, it's pretty easy to navigate who's responsible for what. When you have a hyperscale-size company in the trillion-dollar range, a lot of that breaks down super quickly.Seth: And there's just a lot of churn at all levels of the organization. And, you know, we talked about this when I first joined the show, like, I switched roles, I used to be in Cloud, and now I'm in what we call Core. I still get people who are reaching out to me, at Google and externally, who are saying, “Oh, can you answer this question? Hey, how do I do this?” And I, you know, I've gradually over the past couple of months, you know, convinced people that I don't work on that anymore, and I try to be helpful where I can, but the—Corey: You use the old name and everything. They're eventually going to learn, right?Seth: I know. They'll be like, “What do you call this? GCP? Okay, great. We don't need you anymore.” But it's true, right? Like, there's people leave the organization, people join the organization, there's reorgs, there's strategic changes, people, you know, switch roles within the org, and all of that leads to complexity with, you know, navigating, what is the size of a small nation, in some cases.Corey: Your line in your biography says that you enable Alphabet companies to securely and privately consume public cloud. Now, that would make perfect sense and I would really have no further questions based on what we've already said, except for the words securely and privately, and I want to dive into that, first. Let's work backwards with the second one first. What is ‘privately' mean in this context?Seth: So, privately means, like, privacy-preserving for both the Alphabet company and the users or customers that they have. So, when we look at that from the perspective of the Alphabet company, that means protecting their data from the eyes of the cloud provider. So, that's things like customer-managed encryption keys, you know, bring-your-own-encryption, that's making sure that you have things like, actually, transparency so that if at any point the cloud provider is accessing your data, even for a legitimate purpose, like submitting a support ticket or something—or diagnosing a support ticket, that you have visibility into that. Then the privacy-preserving side on the Alphabet company's customers is about providing that same level of visibility to their customers as well as making sure that any data that they're storing is, you know, private, it's not accessible to certain parties, it's following whether it's like, you know, actual legislation around how long data can be persisted, things like GDPR, or if it's just a general, like, data retention, insider risk management, all of that comes into this idea of, like, building a private system or privacy-preserving system.Corey: Let's be very clear that my position on it is that Google's relationship with privacy has been somewhat challenged, in due to no small part to the sheer scale of how large Google has grown. And let's be clear, I believe firmly that at certain points of scale, yeah, you deserve elevated levels of scrutiny. That is how we want society to function, by and large. And there are times where it feels a little odd on the cloud side. For example, as the time is recording, somewhat recently, there was a bug in some of the copyright detection stuff where Google Drive would start flagging files as having copyright challenges if they contained just the character ‘1' in them.Which, okay, clearly a bug, but it was a bit of a reminder for some folks that wait, but that's right, Google does tend to scan these things. Well, when you have a bunch of end-user customers and in the ways that Google does, that stuff is baked in and it shapes how you wind up seeing things. From Amazon's perspective, historically, they basically sold books and then later underpants. And doing e-commerce transactions was basically the extent of their data work with customers. They weren't really running large-scale, file sharing systems and abilities—in collaboration suites, at least not that really had any of those pesky things called customers.So, that is not built into their approach and their needs in the same way. To be clear, I am sympathetic to the problems, but it's also… it's a challenging problem, especially as you continue to evolve and move things into cloud, you absolutely must be able to trust your cloud provider, or you should not be working on that cloud provider, has been my approach.Seth: Yeah, I mean, there's certainly things that you can do to mitigate. But in general, like, there is some level of trust, forget the data, on the availability side, right? Like when the cloud provider says, “This is our SLA.” And you agree to that SLA, like, yeah, you get money back if they mess it up, but ultimately, you're trusting them to adhere to that SLA, right? And you get recompense if they fail to do so, but that's still, like, trust—trust is far more than just on the privacy side, right? It's on… the promise on the roadmap, it's on privacy, it's on the SLA, right?Corey: Yeah. And you see that concern expressed more articulately from enterprise customers, when there's a matter of trusting companies to do what they say, such as the continued investment that Alphabet slash Google is making in Google Cloud. It's easy to take the approach of well, you've turned off a bunch of consumer services, so therefore, you're going to turn off the cloud at some point, too. No, let me be very clear, for the record, I do not believe that you are going to one day flip a switch and turn off Google Cloud. And neither do your customers.Instead, the approach, the way that enterprises express this, it's not about you flipping the switch and turning it off—that's what contracts are for—their question, and they enshrine this in contracts, in some cases, in the event, not that you turn it off, but that you fail to appropriately continue to invest in the platform. Because at enterprise scale, this is how things tend to die. It is not through flipping a switch, in most cases, it's through, “We're just going to basically mothball it, keep it more or less exactly as it is until it slowly fades into irrelevance for a long period of time.” And when you're providing the infrastructure to run things for serious institutions, that part isn't okay. And credit where due, I have seen every indication that Google means it when they say this is an area of strategic and continued ongoing focus for us as a company.Seth: Yeah, I mean, Google is heavily investing in cloud. I mean, this is a brand new group that I'm working in and we're trying to get Alphabet companies onto cloud, so obviously there's some very high-level top-down executive support for this. I will say that the—a hundred percent agree with everything you're saying—the traditional enterprise approach of build this Java app—because let's be honest, it's always Java—build this Java app, compile it into a JAR and run it forever is becoming problematic. We saw this recently with, like, the log4j—Corey: Yeah, to be in a container. What the hell?Seth: [laugh].Corey: I'm kidding. I'm kidding. Please don't send me email, whatever you do.Seth: What's a container? I'm just kidding. Like, the idea of, like, software rotting is very real and it's becoming more and more of a risk to security, to privacy, to public cloud providers, to enterprises, where when you see something like log4j happen and you can't answer the question, like, do we have any code that uses that? Like, if getting the answer to that question takes you six weeks, [sigh] boy like, a lot of stuff can happen in six weeks while that particular thing is exploited. And you know, kind of gets into software supply chain a little bit, but I do agree that, like, secure, private, and stable APIs are super important, and it's an area where Google is investing. At the same time, I think the industry is moving, the enterprise industry is moving away a little bit from set-it-and-forget-it as a strategy.Corey: I want to talk about the security portion as well as far as securely consuming public cloud goes. And let me start off with a disclaimer here because I don't want people to misconstrue what I'm about to say. If you are migrating to one of the big three cloud providers, their security will be better than anything you will be able to achieve as a company yourself. Not you personally because Google is a bit of an asterisk to that statement, given what you have been doing and have been doing since the '90s in your on-prem world with Borg and the rest, but my philosophy on the relative positioning of the security of cloud providers relative to one another has changed. I spent four months beating the crap out of Azure forever having an issue where there was control plane access and then really saying nothing about it.And after I wound up finding—the day after I put out a blog post on that topic because I was tired of the lack of response, it came out that right at the same time AWS had a very similar problem and had not said anything themselves. And they went back and forth, apparently waiting to wind up doing a release until this happened, Orca Security wound up putting one out there, and it was frustrating on a couple of levels. First, the people at both of these companies who work in security are stars. There is no argument, no bones about that. Problems are going to happen, things are going to occur as a result, and the only saving grace then is the transparency and communication around it, and there was none of it from them.I'm also more than a little bit irked that my friends at AWS were aware of this, basically watched me drag Azure for four months knowing that they'd done the same thing and never bothered to say a word. But okay, that's a choice. I've been saying for a while that of the big three, Google's security posture is the most impressive. And it used to be a slight difference. Like, you nosed ahead of AWS in that respect, not by a huge margin, but by a bit.I don't think it's nearly as close these days, in my mind, and talking to other large companies about these things, and people who are paid to worry about these things all day long, I am very far from alone in that perspective. So, I guess my question for you is, as you look at moving the workload securely to Google Cloud, it feels like security is baked into everything that all aspects of your company have done. Why is that a specific area of focus? Or is that how it gets baked into everything you folks do?Seth: So, you kind of like set up the answer for this perfectly. I swear we didn't talk about this extensively beforehand.Corey: You didn't know any of that was coming, by the way, just to be very clear here. I don't sit here and feed, “All right, I'm going to say this. And here's the right res—” No, this is an impromptu, more or less ad hoc show every time I do it.Seth: Yeah. And I'm going to preface this by saying, like, I don't want this to sound, like, egotistical, but I have never found a company that has as rigorous security and privacy policies, reviews, and procedures as Google.Corey: I thought I had and I was wrong.Seth: Yeah. And—Corey: And I have a lot of apologizing to people to do as a result of that.Seth: And honestly, every time I interact with our internal security engineering teams, or our IP protection teams, I'm that Nathan Fillion meme, where he's like, what—you know, like, “Okay, I get it. I get it.” Right?Corey: And then facepalm it, uh, I should say some—I can't—yeah. Oh, yeah.Seth: The reason that it's hard for Alphabet companies to securely and privately move to cloud specifically for security, is because Alphabet's stance is so much more rigorous than anyone else in the industry, to the point where, in some cases, even our own cloud provider doesn't meet the bar for what we require for an internal workload. And that's really what it comes down to is, like, the reason that Google is the most secure cloud is because our bar is so high that sometimes we can't even meet it.Corey: I have to assume that the correct answer on this is that you then wind up talking to those product teams and figure out how to get them to a point where they can support that bar because the alternative is effectively, it's like, “Oh, yeah, this is Google Cloud and it's absolutely right for multinational banks to use, but you know, not Google workloads. That stuff's important.” And I don't think that is necessarily how you folks tend to view these things.Seth: So, it's a bidirectional stream, right? So, a lot of it is working with a product management team to figure out where we can add these additional security properties into the system—I should say, tri-directional. The second area is where the policy is so specific to Google that Google should actually build its own layer on top of it that adds the security because it's not generally applicable to even big, huge cloud customers. And then the third area is Google's a very big company. Sometimes we didn't write stuff down, and sometimes we have policies where no one can really articulate where that policy came from.And something that's new with this approach that we're taking now is, like, we're actually trying to figure out where that policy came from, and get at the impetus of what it was trying to protect against and make sure that it's still applicable. And I don't know if you've ever worked with governments or you know, large companies, right, they have this spreadsheet of hundreds of thousands of lines—Corey: You are basically describing my client list. Please continue.Seth: I mean, like, sometimes they have to use an Access database because they exhaust the number of rows in an Excel spreadsheet. And it's just checklist upon checklist upon checklist. And that's not how Google does security, right? Security is a very all-encompassing, kind of, 360 type of thing. But we do have policies that are difficult to articulate what they're actually protecting against, and we are constantly re-evaluating those, and saying, like, “This made sense on Borg. Does it actually make sense on Cloud?” And in some cases, it may not. We get the same protections using, say, a GCP-native service, and we can omit that requirement for this particular workload.Corey: This episode is sponsored by our friends at Oracle Cloud. Counting the pennies, but still dreaming of deploying apps instead of “Hello, World” demos? Allow me to introduce you to Oracle's Always Free tier. It provides over 20 free services and infrastructure, networking, databases, observability, management, and security. And—let me be clear here—it's actually free. There's no surprise billing until you intentionally and proactively upgrade your account. This means you can provision a virtual machine instance or spin up an autonomous database that manages itself, all while gaining the networking, load balancing, and storage resources that somehow never quite make it into most free tiers needed to support the application that you want to build. With Always Free, you can do things like run small-scale applications or do proof-of-concept testing without spending a dime. You know that I always like to put asterisks next to the word free? This is actually free, no asterisk. Start now. Visit snark.cloud/oci-free that's snark.cloud/oci-free.Corey: I think that when it comes to things like policies that are intelligently crafted around security, you folks—and to be fair, the AWS security engineers as well—have been doing it right in that, okay, we're going to build a security control to make sure that a thing can't happen. That's not enough. Then there's the defense-in-depth. Okay, let's say that control fails for some variety of ways. Here are the other things we're going to do to prevent cross-account access, for example.And that in turn, winds up continuing to feed on itself and build into a culture of assuming that you can always continue to invest in security. How far is enough? Well, for most folks, they haven't gone far enough yet.Seth: Another way to put this is like, how well do you want to sleep at night? You know, there's folks on the Google security engineering team who are so smart, and they work on, like, our offensive security team, so their full-time job is to try to hack Google and then figure out how to prevent that. And, you know, so I've read some of the reports and some of the ways they think and I'm like, “How do you… how do you pick up a mobile phone and go to like, any website confidently knowing what you know?” Right? [laugh] and like, how do you—Corey: Who said anything about confidently? Yeah.Seth: Yeah. Yeah. How do you use self-checkout at a supermarket and, like, not just, like, wear your entire full-body tinfoil hat suit? But you know, I think the bigger risk is not knowing what the risks are. And this is a lot what we're seeing in software supply chain, too, is a lot of security is around threat modeling and not checklists. But we tend to, like, gravitate toward checklists because they're concrete.But you really have to ask yourself, like, do I need the same security properties on my static blog website that is stored on an S3 bucket or a GCS bucket that's public to the internet, that I do on my credit card processing service? And a lot of times we don't treat those differently, we don't apply a different threat model to them, and then everything has to have the same level of security.Corey: And then everything is in-scope for whatever it is you're trying to defend against. And that is a short path to madness.Seth: Yes. Yes. Your static HTML files and your GCS bucket are in scope for SOC 1 and 2 because you didn't have a way to say they weren't.Corey: Yeah. You've also done some—again, the nice thing about being at a company for a while—from what I can tell, given that I've never done until I started this place—is you move around and work on different projects. You were involved as well, personally, in the exposure notifications project, the joint collaboration thing between a number of companies in the somewhat early days of the pandemic that all of our phones talk to one another and anonymously and in a privacy-preserving way, let us know that hey, by the way, someone you were in close contact with has tested positive for Covid 19 in the previous fixed period of time. What did do you do over there?Seth: Yeah, so the exposure notifications project was a joint effort, primarily between Apple and Google to use Android and iOS devices to help stop the spread of Covid or reduce the spread of Covid as much as possible. The idea being because the incubation period is roughly 14 days, at least pre-Omicron, if we could tell you hey, you might have been exposed and get you to stay at home for three or four days, self-isolate, we could dramatically reduce the spread of Covid. And we know from some of the studies that have come out of, like, the UK and European region that, like, the technology actually reduced the spread of cases by, like, fourteen-hundred percent in some cases. I was one of the tech leads for the server-side. So, the way the system works is it uses the low-energy Bluetooth on iOS and Android devices to basically broadcast random IDs.So, I know this is Screaming into the Cloud, but if we can just quickly Screaming into the Void as a rebrand—Corey: Oh, yeah.Seth: —that's basically what's happening. [laugh]. You're generating these random identifiers, and just, like, yelling them, and there's other phones out there who are listening. And they collect these we'll call RPIs—or Rolling Indicators. They have no data in them.They're like literally, like, a UUID or 32 bytes of random data, they aren't at all, like, associated with your device or your person. So, then what happens is, like, let's say you're in a supermarket, you're near someone for, you know, every so often, and your phones exchange these IDs. If you then test positive, those IDs go up to a centralized server, the server again, also has no idea who you are, so the whole thing is privacy-preserving, end-to-end, then the server basically bundles all of what we call the TEKs, or the Temporary Exposure Keys—into a tarball that go up onto a CDN, and then every night, all of the devices that are participating in EN download this into a local key match. So, at no point does the server ever know that you were in a supermarket with someone else, only your phone knows that you came in contact with this TEK in the past 14 days—or 21 days in some jurisdictions—and it'll generate an exposure notification or an exposure alert, which says, like, “Hey, in the past 14 days, you've come in contact with someone who's confirmed positive for Covid.” And then there's guidance kind of varies by state and by health jurisdiction of, like, self-isolate, or go get tested, or whatever. But the idea—Corey: Or go to the bar in some places, apparently.Seth: Oh. Yeah. The server itself is actually—there's a verification component because ideally, like, we don't want people to just be like, oh, I'm Covid positive, and then like, all their friends get an alert, right? There needs to be some kind of verification mechanism where you either have a positive test, or you have a clinician or a physician who issues you code that you can put into your app so you can then release your keys. And then there's the actual key server component, which I kind of already described.So, it's a pretty complex system and actually is entirely serverless. So, the whole thing, including all, like, background job processing, it was designed to be serverless from the beginning. Total greenfield project, right, like, nothing like this exists, so we're really fortunate there. We made some fun and interesting design decisions to keep costs down while, you know, abusing slash using some of the features of serverless like auto-scaling and, you know, being able to fan out across multiple regions and things like that—Corey: And using DNS as a database. My personal favorite approach to things?Seth: We don't use DNS as a database. We do use Postgres—Corey: A missed opportunity.Seth: —a real database. But we do use DNS, just not for storing information.Corey: So, one question I have for you is that you've been at Google for a while and you've done an awful lot of things there, but previously, you've also done things that don't really directly aligne any of this stuff going on there. You were at HashiCorp and you were at Chef, neither of whom, to my understanding are technologies that Google makes extensive use of internally for their own stuff. It seems like—and even when you're at Google, you have been continually reinventing what it is that you do. I find that admirable because very often, when you see people at a company for a protracted period of time, they sort of get more or less pigeonholed into the role that looks fairly similar from year-to-year. You've been incredibly dynamic. Was it intentional and how do you do it?Seth: So, I have a diagnosed medical condition called Career-DHD. I'm just kidding, but I do. I get bored, and it's actually something that I'm really forward with my managers about. I've always been very straight with my managers and the people I work with it, like, 8 to 12 months from now, I will be doing something different. It will be different.Corey: I wish I'd figured that out earlier on. In my case, the way that I wound up solving for that is I've got to come in, I'm going to solve a interesting problem. When I'm done with that, the consulting engagement is over and then I'm going to go away and everyone knows the score going in. Works out way better than, and then I'm going to go cause problems on purpose in other people's parts of the org because I see problems there. That was where I always went off the rails.Seth: [laugh]. Yeah, I mean, I don't take a dissimilar approach. You know, I try to find high-priority, strategic things that also align with my interest. And it's important to me that there's things that I can provide and things that I can learn. I never like to be the smartest person in the room because you shouldn't be in that room anymore; there's no one for you to learn from. And it's great to share knowledge, but—Corey: I'm not convinced I'm the smartest person in the room right now, despite the fact that right now I'm the only person in the room that I'm sitting in.Seth: I mean, that Minecraft store is pretty intelligent.Corey: I saw Chihuahua wandering around here, too, a—Seth: [laugh].Corey: —minute ago, so there is that.Seth: But, you know, I think from, like, a career advice standpoint, I tell everyone, you should interview somewhere else at least once a year. You never know what's out there, and worst-case scenario, you kept your interview skills up to date.Corey: Keeping those skills in tune is so critically important just because it's a unique skill set that, for many folks, does not have a whole lot of applicability in their day-to-day job. So, if you suddenly have to find a new job, great, you're rusty at this, it's been years, and you're trying to remember, like, okay, when someone asks you what you're looking for in your next job, they're not trying to pick a fight. Don't respond as if they were. Like, the basic stuff. It's a skill, like anything else.Seth: Yeah. And, like, the common questions like, you know, “What do you want to do with your life?” Or like, “What accomplishment are you most proud of?” Like, having those not prepared, but like knowing in general what you want to say from those is very important when you're thinking about interviewing for other jobs. But even in a big company, like the transfer process is, pretty similar for, like, applying externally to other roles; like sometimes there's interviews—Corey: Do they make you code on whiteboards to solve algorithm problems?Seth: Not me. But—Corey: Good.Seth: —in general—Corey: Google has evolved its interview process since the last time I went through that particular brand of corporate hazing. Good, good, good.Seth: Yeah. The interview process has definitely been refactored a lot, especially with Covid and remote, but also just trying to be accessible to folks. I know one of the big changes Google has made is we no longer require, like, eight congruent hours of your time. You can split interviews out over multiple days, which has been really accommodating for folks that have, you know, already have a full-time job or have family obligations at home that don't let them just, like, take eight hours away and devote a hundred percent of their time to interviews. So, I think that is, you know, not a whole lot of positive things that come out of Covid, but the flexibility with, like, interviewing has enabled more people to participate in the interview process that otherwise would not have been able to do so.Corey: And there's something to be said, for making this more accessible to folks who come from backgrounds that don't all look identical. It's incredibly important.Seth: Yep.Corey: One thing that I definitely want to make sure we get to before the end of this is something you've been talking about that's a bit orthogonal, but maybe not entirely so, which is software supply chain security. That has been a common thread of discussion in some circles for a while. What is it, for those who are unfamiliar, like me sometimes, and what does it imply?Seth: Yeah, so I mean, in the past year—but if you look back, you'll find more cases of it—. We live in a world where no company—Google, Amazon, the US government—writes every line of code that they run. And even if you do, right, even if you could find a company that doesn't rely on any external dependencies, what language are they using? Did they write that language? Okay, let's say hypothetically, you write every single line of code and you wrote your own language, and only your employees contribute to that language.What operating system are you running on? Because I guarantee you, Linus probably contributed to it, or Gates contributed to it, and they don't work for you. But let's say you wrote your own operating system, right—so we're getting into, like, crazy Google things now, right? Like, only Google would write their own programming language and their own operating system, right? Who manufactured your CPU, right? Like, did you actually—Corey: There's always dependencies all the way down. We see this sometimes with companies talk about oh, yeah, we're going to go to multiple clouds or a different clouds so that we don't get impacted if there's another AWS outage in us-east-1. Cool, great. Power to you, but are you sure your payment providers not going to go down? Are they taking a dependency on us-east-1?Great, let's say that they're not. Are you sure that their vendors who are in the critical path are also not taking critical and core dependencies on that? And are you sure that they're aware of who all of those critical dependencies and those vendors are, and so on and so forth? It is a vast interconnected web. This is a problem. Dependency sprawl is real and I don't think that there's a good way to get to the bottom of it, particularly across company boundaries like that.Seth: Yeah. And this is where if you look at the non-software supply chain, like, if you look at construction, right? If you're working with a reputable construction agency, they're actually able to tell you, given a granite countertop or, you know, a quartz countertop, from what beach and what lot on what date the grains of sand in that countertop came from. That is a reality of that industry that is natural. You think about, like, automotive, like, VIN, the Vehicle Identification Numbers, like, they tell you exactly what manufacturer, and then there's records that show you exactly what human being on the line put that particular part in that machine.And we don't have that in software today. Like, we have some, you know, bastardized versions of, like, Software Bills of Material, or SBOM, but the simple fact of the matter is like because software has grown organically and because this wasn't ingrained in software from the beginning like it was from, you know, traditional manufacturing, you're going to have an insecure software supply chain for most of my life. Now, what does that actually mean, right—insecure has this negative connotation—it means that you need to make sure that you're aware of everything that you're depending on—which is kind of what you were saying is, like, both the technical dependencies and the process or the people dependencies—and you need to have a rigorous process for how you're going to respond to these incidents. And I think log4j was a really good eye-opening moment for folks when they realized that they didn't have a way to make a large-scale dependency update across their entire fleet of applications.Corey: Because who has to do that on a consistent basis? It happens rarely, but when it happens, it's super important.Seth: But I do think that more and more, we're going to see it happened more and more frequently. And ideally, you know, my opinion is that we're going to get to a point where this is inescapable, but ideally, we get to the point where it's like, “Oh, okay, this dependency is vulnerable. I have a playbook. I follow the playbook. Everything is patched in 30 minutes or less, and I can move on with my life.” And it's not a six-week fire drill with people working late and, you know, going super crazy, trying to mitigate these issues.You know, there's a lot of work happening in this space. We have, like, SLSA, which is an open standard—SLSA—for how you declare, kind of like, your software bill of materials and things like binary authorization and attestations. There's, like, Sigstore, there's Chainguard, there's some companies evolving in this space. Every time I talk to GitHub, I tell them, I'm like, “Hey, if this VP and that VP, like, talked together and, like, worked on something, you could do something amazing in this space.” But I think it's going to be quite a while until we get to a point where we can say the software supply chain is secure.Because like I was saying at the beginning, like, until you manufacture your own CPU, like, you're dependent on Intel and AMD. And until you write your own programming language, you're dependent on Ruby, Python, Go, whatever it might be. And until you take no dependencies on some external system—which by the way, might be a bad business decision, like, if someone did the work for you already in an open-source ecosystem, it's probably a better business decision to evaluate and use that than to build it yourself. Until we have the analysis on that supply chain, and we can in a dashboard, or the click of a button, or the run of a command, very easily see the security status of our supply chain—software supply chain—and determine if a particular vulnerability is or is not relevant, I think we're still going to be in this firefighting mode for at least another couple of years.Corey: And I want to say you're wrong, but I know you're not. And that's what, I guess, keeps a lot of us awake at night for unfortunate reasons. Seth, I really want to thank you for taking the time to speak with me. If people want to learn more, where's the best place to find you?Seth: I'm on Twitter. You can find me at—Corey: I'm sorry to hear that. So, am I. It's the experience.Seth: Yeah, you can find me at @sethvargo. If you say mean and hateful things to me, I actually exercise this finger, and you can click the block button real fast. But yeah, I mean, my DMs are open. If you have any questions, comments, complaints, concerns, you can throw the complaints away and come to me for everything else.Corey: Thank you so much for being so generous with your time. I really appreciate it.Seth: Yeah, thanks for having me. It's always a pleasure.Corey: Seth Vargo, engineer at Google. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment asking how dare I malign the good name of the other cloud provider that isn't Google that also just so coincidentally happens to employ you.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.
About LizLiz Rice is Chief Open Source Officer with cloud native networking and security specialists Isovalent, creators of the Cilium eBPF-based networking project. She is chair of the CNCF's Technical Oversight Committee, and was Co-Chair of KubeCon + CloudNativeCon in 2018. She is also the author of Container Security, published by O'Reilly.She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, and competing in virtual races on Zwift.Links: Isovalent: https://isovalent.com/ Container Security: https://www.amazon.com/Container-Security-Fundamental-Containerized-Applications/dp/1492056707/ Twitter: https://twitter.com/lizrice GitHub: https://github.com/lizrice Cilium and eBPF Slack: http://slack.cilium.io/ CNCF Slack: https://cloud-native.slack.com/join/shared_invite/zt-11yzivnzq-hs12vUAYFZmnqE3r7ILz9A TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Today's episode is brought to you in part by our friends at MinIO the high-performance Kubernetes native object store that's built for the multi-cloud, creating a consistent data storage layer for your public cloud instances, your private cloud instances, and even your edge instances, depending upon what the heck you're defining those as, which depends probably on where you work. It's getting that unified is one of the greatest challenges facing developers and architects today. It requires S3 compatibility, enterprise-grade security and resiliency, the speed to run any workload, and the footprint to run anywhere, and that's exactly what MinIO offers. With superb read speeds in excess of 360 gigs and 100 megabyte binary that doesn't eat all the data you've gotten on the system, it's exactly what you've been looking for. Check it out today at min.io/download, and see for yourself. That's min.io/download, and be sure to tell them that I sent you.Corey: This episode is sponsored in part by our friends at Sysdig. Sysdig is the solution for securing DevOps. They have a blog post that went up recently about how an insecure AWS Lambda function could be used as a pivot point to get access into your environment. They've also gone deep in-depth with a bunch of other approaches to how DevOps and security are inextricably linked. To learn more, visit sysdig.com and tell them I sent you. That's S-Y-S-D-I-G dot com. My thanks to them for their continued support of this ridiculous nonsense.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. One of the interesting things about hanging out in the cloud ecosystem as long as I have and as, I guess, closely tied to Amazon as I have been, is that you learned that you never quite are able to pronounce things the way that people pronounce them internally. In-house pronunciations are always a thing. My guest today is Liz Rice, the Chief Open Source Officer at Isovalent, and they're responsible for, among other things, the Cilium open-source project, which is around eBPF, which I can only assume is internally pronounced as ‘Ehbehpf'. Liz, thank you for joining me today and suffering my pronunciation slings and arrows.Liz: I have never heard ‘Ehbehpf' before, but I may have to adopt it. That's great.Corey: You also are currently—in a term that is winding down if I'm not misunderstanding—you were the co-chair of KubeCon and CloudNativeCon at the CNCF, and you are also currently on the technical oversight committee for the foundation.Liz: Yeah, yeah. I'm currently the chair, in fact, of the technical oversight committee.Corey: And now that Amazon has joined, I assumed that they had taken their horrible pronunciation habits, like calling AMIs ‘Ah-mies' and whatnot, and started spreading them throughout the ecosystem with wild abandon.Liz: Are we going to have to start calling CNCF ‘Ka'Nff' or something?Corey: Exactly. They're very frugal, by which I mean they never buy a vowel. So yeah, it tends to be an ongoing challenge. Joking and all the rest aside, let's start, I guess, at the macro view. The CNCF does an awful lot of stuff, where if you look at the CNCF landscape, for example, like, I think some of my jokes on the internet go a bit too far, but you look at this thing and last time I checked, there were something like four or 500 different players in various spaces.And it's a very useful diagram, don't get me wrong by any stretch of the imagination, but it also is one of those things that is so staggeringly vast that I've got a level with you on this one, given my old, ancient sysadmin roots, “The hell with it. I'm going to run some VMs in a three-tiered architecture just like grandma and grandpa used to do,” and call it good. Not really how the industry is evolved, but it's overwhelming.Liz: But that might be the right solution for your use case so, you know, don't knock it if it works.Corey: Oh, yeah. If it's a terrible architecture and it works, is it really that terrible of an architecture? One wonders.Liz: Yeah, yeah. I mean, I'm definitely not one of those people who thinks, you know, every solution has the same—you know, is solved by the same hammer, you know, all problems are not the same nail. So, I am a big fan of a lot of the CNCF projects, but that doesn't mean to say I think those are the only ways to deploy software. You know, there are plenty of things like Lambda are a really great example of something that is super useful and very applicable for lots of applications and for lots of development teams. Not necessarily the right solution for everything. And for other people, they need all the bells and whistles that something like Kubernetes gives them. You know, horses for courses.Corey: It's very easy for me to make fun of just about any company or service or product, but the thing that always makes me set that aside and get down to brass tacks has been, “Okay, great. You can build whatever you want. You can tell whatever glorious marketing narrative you wish to craft, but let's talk to a real customer because once we do that, then if you're solving a problem that someone is having in the wild, okay, now it's no longer just this theoretical exercise and PowerPoint. Now, let's actually figure out how things work when the rubber meets the road.”So, let's start, I guess, with… I'll leave it to you. Isovalent are the creators of the Cilium eBPF-based networking project.Liz: Yeah.Corey: And eBPF is the part of that I think I'm the most familiar with having heard the term. Would you rather start on the company side or on the eBPF side?Liz: Oh, I don't mind. Let's—why don't we start with eBPF? Yeah.Corey: Cool. So easy, ridiculous question. I know that it's extremely important because Brendan Gregg periodically gets on stage and tells amazing stories about this; the last time he did stuff like that, I went stumbling down into the rabbit hole of DTrace, and I have never fully regretted doing that, nor completely forgiven him. What is eBPF?Liz: So, it stands for extended Berkeley Packet Filter, and we can pretty much just throw away those words because it's not terribly helpful. What eBPF allows you to do is to run custom programs inside the kernel. So, we can trigger these programs to run, maybe because a network packet arrived, or because a particular function within the kernel has been called, or a tracepoint has been hit. There are tons of places you can attach these programs to, or events you can attach programs to.And when that event happens, you can run your custom code. And that can change the behavior of the kernel, which is, you know, great power and great responsibility, but incredibly powerful. So Brendan, for example, has done a ton of really great pioneering work showing how you can attach these eBPF programs to events, use that to collect metrics, and lo and behold, you have amazing visibility into what's happening in your system. And he's built tons of different tools for observing everything from, I don't know, memory use to file opens to—there's just endless, dozens and dozens of tools that Brendan, I think, was probably the first to build. And now this sort of new generations of eBPF-based tooling that are kind of taking that legacy, turning them into maybe more, going to say user-friendly interfaces, you know, with GUIs, and hooking them up to metrics platforms, and in the case of Cilium, using it for networking and hooking it into Kubernetes identities, and making the information about network flows meaningful in the context of Kubernetes, where things like IP addresses are ephemeral and not very useful for very long; I mean, they just change at any moment.Corey: I guess I'm trying to figure out what part of the stack this winds up applying to because you talk about, at least to my mind, it sounds like a few different levels all at once: You talk about running code inside of the kernel, which is really close to the hardware—it's oh, great. It's adventures in assembly is almost what I'm hearing here—but then you also talk about using this with GUIs, for example, and operating on individual packets to run custom programs. When you talk about running custom programs, are we talking things that are a bit closer to, “Oh, modify this one field of that packet and then call it good,” or are you talking, “Now, we launch Microsoft Word.”Liz: Much more the former category. So yeah, let's inspect this packet and maybe change it a bit, or send it to a different—you know, maybe it was going to go to one interface, but we're going to send it to a different interface; maybe we're going to modify that packet; maybe we're going to throw the packet on the floor because we don't—there's really great security use cases for inspecting packets and saying, “This is a bad packet, I do not want to see this packet, I'm just going to discard it.” And there's some, what they call ‘Packet of Death' vulnerabilities that have been mitigated in that way. And the real beauty of it is you just load these programs dynamically. So, you can change the kernel or on the fly and affect that behavior, just immediately have an effect.If there are processes already running, they get instrumented immediately. So, maybe you run a BPF program to spot when a file is opened. New processes, existing processes, containerized processes, it doesn't matter; they'll all be detected by your program if it's observing file open events.Corey: Is this primarily used from a security perspective? Is it used for—what are the common use cases for something like this?Liz: There's three main buckets, I would say: Networking, observability, and security. And in Cilium, we're kind of involved in some aspects of all those three things, and there are plenty of other projects that are also focusing on one or other of those aspects.Corey: This is where when, I guess, the challenge I run into the whole CNCF landscape is, it's like, I think the danger is when I started down this path that I'm on now, I realized that, “Oh, I have to learn what all the different AWS services do.” This was widely regarded as a mistake. They are not Pokémon; I do not need to catch them all. The CNCF landscape applies very similarly in that respect. What is the real-world problem space for which eBPF and/or things like Cilium that leverage eBPF—because eBPF does sound fairly low-level—that turn this into something that solves a problem people have? In other words, what is the problem that Cilium should be the go-to answer for when someone says, “I have this thing that hurts.”Liz: So, at one level, Cilium is a networking solution. So, it's Kubernetes CNI. You plug it in to provide connectivity between your applications that are running in pods. Those pods have to talk to each other somehow and Cilium will connect those pods together for you in a very efficient way. One of the really interesting things about eBPF and networking is we can bypass some of the networking stack.So, if we are running in containers, we're running our applications in containers in pods, and those pods usually will have their own networking namespace. And that means they've got their own networking stack. So, a packet that arrives on your machine has to go through the networking stack on that host machine, go across a virtual interface into your pod, and then go through the networking stack in that pod. And that's kind of inefficient. But with eBPF, we can look at the packet the moment it's come into the kernel—in fact in some cases, if you have the right networking interfaces, you can do it while it's still on the network interface card—so you look at that packet and say, “Well, I know what pod that's destined for, I can just send it straight there.” I don't have to go through the whole networking stack in the kernel because I already know exactly where it's going. And that has some real performance improvements.Corey: That makes sense. In my explorations—we'll call it—with Kubernetes, it feels like the universe—at least at the time I went looking into it—was, “Step One, here's how to wind up launching Kubernetes to run a blog.” Which is a bit like using a chainsaw to wind up cutting a sandwich. Okay, massively overpowered but I get the basic idea, like, “Okay, what's project Step Two?” It's like, “Oh, great. Go build Google.”Liz: [laugh].Corey: Okay, great. It feels like there's some intermediary steps that have been sort of glossed over here. And at the small-scale that I kicked the tires on, things like networking performance never even entered the equation; it was more about get the thing up and running. But yeah, at scale, when you start seeing huge numbers of containers being orchestrated across a wide variety of hosts that has serious repercussions and explains an awful lot. Is this the sort of thing that gets leveraged by cloud providers themselves, is it something that gets built in mostly on-prem environments, or is it something that rides in, almost, user-land for most of these use cases that customers coming to bringing to those environments? I'm sorry, users, not customers. I'm too used to the Amazonian phrasing of everyone as a customer. No, no, they are users in an open-source project.Liz: [laugh]. Yeah, so if you're using GKE, the GKE Dataplane V2 is using Cilium. Alibaba Cloud uses Cilium. AWS is using Cilium for EKS Anywhere. So, these are really, I think, great signals that it's super scalable.And it's also not just about the connectivity, but also about being able to see your network flows and debug them. Because, like you say, that day one, your blog is up and running, and day two, you've got some DNS issue that you need to debug, and how are you going to do that? And because Cilium is working with Kubernetes, so it knows about the individual pods, and it's aware of the IP addresses for those pods, and it can map those to, you know, what's the pod, what service is that pod involved with. And we have a component of Cilium called Hubble that gives you the flows, the network flows, between services. So, you know, we've probably all seen diagrams showing Service A talking to Service B, Service C, some external connectivity, and Hubble can show you those flows between services and the outside world, regardless of how the IP addresses may be changing underneath you, and aggregating network flows into those services that make sense to a human who's looking at a Kubernetes deployment.Corey: A running gag that I've had is that one of the drawbacks and appeals of Kubernetes, all at once, is that it lets you cosplay as a cloud provider, even if you don't happen to work for one of them. And there's a bit of truth to it, but let's be serious here, despite what a lot of the cloud providers would wish us to believe via a bunch of marketing, there's a tremendous number of data center environments out there, hybrid environments, and companies that are in those environments are not somehow laggards, or left behind technologically, or struggling to digitally transform. Believe it or not—I know it's not a common narrative—but large companies generally don't employ people who lack critical thinking skills and strategic insight. There's usually a reason that things are the way that they are and when you don't understand that my default approach is that, oh context that gets missing, so I want to preface this with the idea there is nothing wrong in those environments. But in a purely cloud-native environment—which means that I'm very proud about having no single points of failure as I have everything routing to a single credit card that pays the cloud providers—great. What is the story for Cilium if I'm using, effectively, the managed Kubernetes options that Name Any Cloud Provider will provide for me these days? Is it at that point no longer for me or is it something that instead expresses itself in ways I'm not seeing, yet?Liz: Yeah, so I think, as an open-source project—and it is the only CNI that's at incubation level or beyond, so you know, it's CNCF-supported networking solution; you can use it out of the box, you can use it for your tiny blog application if you've decided to run that on Kubernetes, you can do so—things start to get much more interesting at scale. I mean, that… continuum between you know, there are people purely on managed services, there are people who are purely in the cloud, hybrid cloud is a real thing, and there are plenty of businesses who have good reasons to have some things in their own data centers, something's in the public cloud, things distributed around the world, so they need connectivity between those. And Cilium will solve a lot of those problems for you in the open-source, but also, if you're telco scale and you have things like BGP networks between your data centers, then that's where the paid versions of Cilium, the enterprise versions of Cilium, can help you out. And, as Isovalent, that's our business model to have, like—we fully support or we contribute a lot of resources into the open-source Cilium, and we want that to be the best networking solution for anybody, but if you are an enterprise who wants those extra bells and whistles, and the kind of scale that, you know, a telco, or a massive retailer, or a large media organization, or name your vertical, then we have solutions for that as well. And I think it was one of the really interesting things about the eBPF side of it is that, you know, we're not bound to just Kubernetes, you know? We run in the kernel, and it just so happens that we have that Kubernetes interface for allocating IP addresses to endpoints that happened to be pods. But—Corey: So, back to my crappy pile of VMs—because the hell with all this newfangled container nonsense—I can still benefit from something like Cilium?Liz: Exactly, yeah. And there's plenty of people using it for just load-balancing, which, why not have an eBPF-based high-performance load balancer?Corey: Hang on, that's taking me a second to work my way through. What is the programming language for eBPF? It is something custom?Liz: Right. So, when you load your BPF program into the kernel, it's in the form of eBPF bytecode. There are people who write an eBPF bytecode by hand; I am not one of those people.Corey: There are people who used to be able to write Sendmail configs without running through the M four preprocessor, and I don't understand those people either.Liz: [laugh]. So, our choices are—well, it has to be a language that can be compiled into that bytecode, and at the moment, there are two options: C, and more recently, Rust. So, the C code, I'm much more familiar with writing BPF code in C, it's slightly limited. So, because these BPF programs have to be safe to run, they go through a verification process which checks that you're not going to crash the kernel, that you're not going to end up in some hardware loop, and basically make your machine completely unresponsive, we also have to know that BPF programs, you know, they'll only access memory that they're supposed to and that they can't mess up other processes. So, there's this BPF verification step that checks for example that you always check that a pointer isn't nil before you dereference it.And if you try and use a pointer in your C code, it might compile perfectly, but when you come to load it into the kernel, it gets rejected because you forgot to check that it was non-null before.Corey: You try and run it, the whole thing segfaults, you see the word ‘fault' there and well, I guess blameless just went out the window there.Liz: [laugh]. Well, this is the thing: You cannot segfault in the kernel, you know, or at least that's a bad [day 00:19:11]. [laugh].Corey: You say that, but I'm very bad with computers, let's be clear here. There's always a way to misuse things horribly enough.Liz: It's a challenge. It's pretty easy to segfault if you're writing a kernel module. But maybe we should put that out as a challenge for the listener, to try to write something that crashes the kernel from within an eBPF because there's a lot of very smart people.Corey: Right now the blood just drained from anyone who's listening, in the kernel space or the InfoSec space, I imagine.Liz: Exactly. Some of my colleagues at Isovalent are thinking, “Oh, no. What's she brought on here?” [laugh].Corey: What have you done? Please correct me if I'm misunderstanding this. So, eBPF is a very low-level tool that requires certain amounts of braining in order [laugh] to use appropriately. That can be a heavy lift for a lot of us who don't live in those spaces. Cilium distills this down into something that is all a lot more usable and understandable for folks, and then beyond that, you wind up with Isovalent, that winds up effectively productizing and packaging this into something that becomes a lot more closer to turnkey. Is that directionally accurate?Liz: Yes, I would say that's true. And there are also some other intermediate steps, like the CLI tools that Brendan Gregg did, where you can—I mean, a CLI is still fairly low-level, but it's not as low-level as writing the eBPF code yourself. And you can be quite in-dep—you know, if you know what things you want to observe in the kernel, you don't necessarily have to know how to write the eBPF code to do it, but if you've got these fairly low-level tools to do it. You're absolutely right that very few people will need to write their own… BPF code to run in the kernel.Corey: Let's move below the surface level of awareness; the same way that most of us don't need to know how to compile our own kernel in this day and age.Liz: Exactly.Corey: A few people very much do, but because of their hard work, the rest of us do not.Liz: Exactly. And for most of us, we just take the kernel for granted. You know, most people writing applications, it doesn't really matter if—they're just using abstractions that do things like open files for them, or create network connections, or write messages to the screen, you don't need to know exactly how that's accomplished through the kernel. Unless you want to get into the details of how to observe it with eBPF or something like that.Corey: I'm much happier not knowing some of the details. I did a deep dive once into Linux system kernel internals, based on an incredibly well-written but also obnoxiously slash suspiciously thick O'Reilly book, Linux Systems Internalsand it was one of those, like, halfway through, “Can I please be excused? My brain is full.” It's one of those things that I don't use most of it on a day-to-day basis, but it's solidified by understanding of what the computer is actually doing in a way that I will always be grateful for.Liz: Mmm, and there are tens of millions of lines of code in the Linux kernel, so anyone who can internalize any of that is basically a superhero. [laugh].Corey: I have nothing but respect for people who can pull that off.Corey: Couchbase Capella Database-as-a-Service is flexible, full-featured and fully managed with built in access via key-value, SQL, and full-text search. Flexible JSON documents aligned to your applications and workloads. Build faster with blazing fast in-memory performance and automated replication and scaling while reducing cost. Capella has the best price performance of any fully managed document database. Visit couchbase.com/screaminginthecloud to try Capella today for free and be up and running in three minutes with no credit card required. Couchbase Capella: make your data sing.In your day job, quote-unquote—which is sort of a weird thing to say, given that you are working at an open-source company; in fact, you are the Chief Open Source Officer, so what you're doing in the community, what you're exploring on the open-source project side of things, it is all interrelated. I tend to have trouble myself figuring out where my job starts and stops most weeks; I'm sympathetic to it. What inspired you folks to launch a company that is, “Ah, we're going to be in the open-source space?” Especially during a time when there's been a lot of pushback, in some respects, about the evolution of open-source and the rise of large cloud providers, where is open-source a viable strategy or a tactic to get to an outcome that is pleasing for all parties?Liz: Mmm. So, I wasn't there at the beginning, for the Isovalent journey, and Cilium has been around for five or six years, now, at this point. I very strongly believe in open-source as an effective way of developing technology—good technology—and getting really good feedback and, kind of, optimizing the speed at which you can innovate. But I think it's very important that businesses don't think—if you're giving away your code, you cannot also sell your code; you have to have some other thing that adds value. Maybe that's some extra code, like in the Isovalent example, the enterprise-related enhancements that we have that aren't part of the open-source distribution.There's plenty of other ways that people can add value to open-source. They can do training, they can do managed services, there's all sorts of different—support was the classic example. But I think it's extremely important that businesses don't just expect that I can write a bunch of open-source code, and somehow magically, through building up a whole load of users, I will find a way to monetize that.Corey: A bunch of nerds will build my product for me on nights and weekends. Yeah, that's a bit of an outmoded way of thinking about these things.Liz: Yeah exactly. And I think it's not like everybody has perfect ability to predict the future and you might start a business—Corey: And I have a lot of sympathy for companies who originally started with the idea of, “Well, we are the project leads. We know this code the best, therefore we are the best people in the world to run this as a service.” The rise of the hyperscale cloud providers has called that into significant question. And I feel for them because it's difficult to completely pivot your business model when you're already a publicly-traded company. That's a very fraught and challenging thing to do. It means that you're left with a bunch of options, none of them great.Cilium as a project is not that old, neither is Isovalent, but it's new enough in the iterative process, that you were able to avoid that particular pitfall. Instead, you're looking at some level of making this understandable and useful to humans, almost the point where it disappears from their level of awareness that they need to think about. There's huge value in something like that. Do you think that there is a future in which projects and companies built upon projects that follow this model are similarly going to be having challenges with hyperscale cloud providers, or other emergent threats to the ecosystem—sorry, ‘threat' is an unfair and unkind word here—but changes to the ecosystem, as we see the world evolving in ways that most of us did not foresee?Liz: Yeah, we've certainly seen some examples in the last year or two, I guess, of companies that maybe didn't anticipate, and who necessarily has a crystal ball to anticipate how cloud providers might use their software? And I think in some cases, the cloud providers has not always been the most generous or most community-minded in their approach to how they've done that. But I think for a company, like Isovalent, our strong point is talent. It would be extremely rare to find the level of expertise in, you know, what is a pretty specialized area. You know, the people at Isovalent who are working on Cilium are also working on eBPF itself, and that level of expertise is, I think, pretty unrivaled.So, we're in such a new space with eBPF, we've only in the last year or so, got to the point where pretty much everyone is running a kernel that's new enough to use eBPF. Startups do have a kind of agility that I think gives them an advantage, which I hope we'll be able to capitalize on. I think sometimes when businesses get upset about their code being used, they probably could have anticipated it. You know, if it's open-source, people will use your software, and you have to think of that.Corey: “What do you mean you're using the thing we gave away for free and you're not paying us to use it?”Liz: Yeah.Corey: “Uh, did you hear what you just said?” Some of this was predictable, let's be fair.Liz: Yeah, and I think you really have to, as a responsible business, think about, well, what does happen if they use all the open-source code? You know, is that a problem? And as far as we're concerned, everybody using Cilium is a fantastic… thing. We fully welcome everyone using Cilium as their data plane because the vast majority of them would use that open-source code, and that would be great, but there will be people who need that extra features and the expertise that I think we're in a unique position to provide. So, I joined Isovalent just about a year ago, and I did that because I believe in the technology, I believe in the company, I believe in, you know, the foundations that it has in open-source.It's a very much an open-source first organization, which I love, and that resonates with me and how I think we can be successful. So, you know, I don't have that crystal ball. I hope I'm right, we'll find out. We should do this again, you know, a couple of years and see how that's panning out. [laugh].Corey: I'll book out the date now.Liz: [laugh].Corey: Looking back at our conversation just now, you talked about open-source, and business strategy and how that's going to be evolving. We talked about the company, we talked about an incredibly in-depth, technical product that honestly goes significantly beyond my current level of technical awareness. And at no point in any of those aspects of the conversation did you talk about it in a way that I did not understand, nor did you come off in any way as condescending. In fact, you wrote an O'Reilly book on Container Security that's written very much the same way. How did you learn to do that? Because it is, frankly, an incredibly rare skill.Liz: Oh, thank you. Yeah, I think I have never been a fan of jargon. I've never liked it when people use a complicated acronym, or really early days in my career, there was a bit of a running joke about how everything was TLAs. And you think, well, I understand why we use an acronym to shorten things, but I don't think we need to assume that everybody knows what everything stands for. Why can't we explain things in simple language? Why can't we just use ordinary terms?And I found that really resonates. You know, if I'm doing a presentation or if I'm writing something, using straightforward language and explaining things, making sure that people understand the, kind of, fundamentals that I'm going to build my explanation on. I just think that has a—it results in people understanding, and that's my whole point. I'm not trying to explain something to—you know, my goal is that they understand it, not that they've been blown away by some kind of magic. I want them to go away going, “Ah, now I understand how this bit fits with that bit,” or, “How this works.” You know?Corey: The reason I bring it up is that it's an incredibly undervalued skill because when people see it, they don't often recognize it for what it is. Because when people don't have that skill—which is common—people just write it off as oh, that person's a bad communicator. Which I think is a little unfair. Being able to explain complex things simply is one of the most valuable yet undervalued skills that I've found in this entire space.Liz: Yeah, I think people sometimes have this sort of wrong idea that vocabulary and complicated terms are somehow inherently smarter. And if you use complicated words, you sound smarter. And I just don't think that's accessible, and I don't think it's true. And sometimes I find myself listening to someone, and they're using complicated terms or analogies that are really obscure, and I'm thinking, but could you explain that to me in words of one syllable? I don't think you could. I think you're… hiding—not you [laugh]. You know, people—Corey: Yeah. No, no, that's fair. I'll take the accusation as [unintelligible 00:31:24] as I can get it.Liz: [laugh]. But I think people hide behind complex words because they don't really understand them sometimes. And yeah, I would rather people understood what I'm saying.Corey: To me—I've done it through conference talks, but the way I generally learn things is by building something with them. But the way I really learn to understand something is I give a conference talk on it because, okay, great. I can now explain Git—which was one of my early technical talks—to folks who built Git. Great. Now, how about I explain it to someone who is not immersed in the space whatsoever? And if I can make it that accessible, great, then I've succeeded. It's a lot harder than it looks.Liz: Yeah, exactly. And one of the reasons why I enjoy building a talk is because I know I've got a pretty good understanding of this, but by the time I've got this talk nailed, I will know this. I might have forgotten it in six months time, you know, but [laugh] while I'm giving that talk, I will have a really good understanding of that because the way I want to put together a talk, I don't want to put anything in a talk that I don't feel I could explain. And that means I have to understand how it works.Corey: It's funny, this whole don't give talks about things you don't understand seems like there's really a nouveau concept, but here we are, we're [working on it 00:32:40].Liz: I mean, I have committed to doing talks that I don't fully understand, knowing that—you know, with the confidence that I can find out between now and the [crosstalk 00:32:48]—Corey: I believe that's called a forcing function.Liz: Yes. [laugh].Corey: It's one of those very high-risk stories, like, “Either I'm going to learn this in the next three months, or else I am going to have some serious egg on my face.”Liz: Yeah, exactly, definitely a forcing function. [laugh].Corey: I really want to thank you for taking so much time to speak with me today. If people want to learn more, where can they find you?Liz: So, I am online pretty much everywhere as lizrice, and I am on Twitter. I'm on GitHub. And if you want to come and hang out, I am on the Cilium and eBPF Slack, and also the CNCF Slack. Yeah. So, come say hello.Corey: There. We will put links to all of that in the [show notes 00:33:28]. Thank you so much for your time. I appreciate it.Liz: Pleasure.Corey: Liz Rice, Chief Open Source Officer at Isovalent. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment containing an eBPF program that on every packet fires off a Lambda function. Yes, it will be extortionately expensive; almost half as much money as a Managed NAT Gateway.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.
Этот выпуск в YouTube: https://youtu.be/j0WkA6SYQgw Дима прочитал, а Вячеслав прослушал книгу The Confidence Gap, и теперь они обсуждают насколько полезно то, что они узнали из книги. * Катализаторы, ингибиторы и их отравление * The Confidence Gap (https://www.amazon.com/Confidence-Gap-Guide-Overcoming-Self-Doubt/dp/1590309235) * Что хотел сказать автор? * Уверенность – предусловие для действия или результат действия * Defusion: "мысль – не равно реальность" * Обратная сторона отстранения: отстраняешься и от позитивных чувств и эмоций * Параллели со стоицизмом * Не негативные, а "unworkable" чувства "Ценности – штука полезная" * Задания в книге – как это сработало в аудио формате * Материалы на сайте (https://thehappinesstrap.com/the-confidence-gap-worksheets/) * Акронимов в книге не просто много, а очень много * ACT: Accept, Choose direction, Take action * Triple F: Fear, Flaws, Failure * NAME: Notice, Acknowledge, Make room, Expand awareness * ABC: Allow it, Befriend it, Channel it * FEAR: Fusion, Excessive goals, Avoidance of discomfort, Remoteness for values * DARE: Defusion, Acceptance of discomfort, Realistic goals, Embracing values * Акронимы против аббревиатур * TLAs (https://en.wikipedia.org/wiki/Three-letter_acronym) в Microsoft * ABL - Always Be Learning * Можно ли по-настоящему знать, что двигало другим человеком? В следующем выпуске: yearly themes.
This week, on the crest of Fear⁴, Ryland and Charlie take a wide left turn and take a look at a niche "cult" favorite as they sit down with the year 2000 straight to video exploitation parody film BIG MONEY HU$TLAS. Along with member guest and owner of Juggalo fansite faygoluvers.net, known moreover in circles as Scottie D! They started having a traditional sTRS show, but after nearly 3 hours of talking with Scott and the juggalo world, they just went freestyle! So enjoy the talk and MMFWCL!! Until then!! To be a part of ALL the action, you need to be a member of Tha Reel Sh!t FB Page. Just follow this link and join up!! https://www.facebook.com/groups/397783900310183
In June 2021, the FDA revoked its Emergency Use Authorization for Filtering Facepiece Respirators. Learn what an EUA is and how it affects the use of non-NIOSH approved N-95 respirator in healthcare. Peter Koch: [00:00:04] Hello, listeners, and welcome to the MEMIC Safety Experts podcast, I'm your host, Peter Koch, and the topic today is revoked EUAs. Often I need to hear or read something a second time to understand what's going on. And it's not for lack of education or interest. It's just sometimes a sentence tries to do way too much with too few words or letters or using abbreviations to try to help with understanding. So try to wrap your brain around this. Early on in the sars-cov-2 pandemic, the FDA as a department of the DHHS, created the FRREUAs for HCP in conjunction with NIOSH and the CDC to help combat the spread of covid-19 now due to the increase in availability of NIOSH approved and n-95 FRRs, the FDA has revoked the FRREUA for [00:01:00] HCP. Got it. Yeah, I don't. I didn't either. Every one of those, TLAs adds meeting to the message. And a TLA is a three letter abbreviation, by the way, so that's way too many TLAs packed into two sentences to be functional and I expect that if it was in print you would have to read it again and maybe again and maybe google some of those to figure out what all the pieces are. But just listening, I expect it was almost as confusing as it was to read. And if I were to pull a number of us who heard that headline for the first time, everyone would have a different opinion on its meaning. And unfortunately, many times when I'm in the field talking with clients about new regulations or safety standards, there's often confusion and most often a different opinion on the meaning or applicability. And the FDA's recent revocation of the FRREUA is no exception. So to help clear the air on the [00:02:00] podcast with me today is Steve Badger, CSP, OHST and safety management consultant with MEMIC. Steve has more than 35 years of experience working in the paper, medical sterilization and construction industries. He's an authorized training instructor for the OSHA Training Institute in Manchester, New Hampshire, and is a member of the American Industrial Hygiene Association. Steve uses his experience in different industries and formal training in industrial hygiene practices and indoor air quality testing to help the companies he works with manage their respiratory protections, challenges and others today. Steve is going to help us shed some light on the recent FRREUA revocation. So, Steve, welcome back to the podcast. Steve Badger: [00:02:45] Thank you very much, Peter. Glad to be here. Peter Koch: [00:02:47] That's fantastic. It's been a little while since we've had a conversation here. So I was really happy to I actually read some information that you sent out about the revaccinated EUAs and [00:03:00] it sparked the conversation for us about what they are and why they got revoked. And I thought it would be an interesting conversation to have on the podcast and try to get the word out about some of this. So I'd like to start by jumping right in and define some of those TLAs or three letter abbreviation. Let's start right with an EUA. What isn't EUA in the first place and why are they issued? Steve Badger: [00:03:26] Sure. And an EUA stands for emergency use authorization is really a mechanism to facilitate the availability and the use of medical countermeasures such as vaccines and other medical equipment during public health emergencies. And you see this happen rarely they're not done frequently. But as it says in their own definitions, that the public health emergencies, we don't have a lot of them, but when we have them, we need to be able to use our resources and things that are available to try to help us get [00:04:00] beyond that. And obviously, the covid-19 pandemic has proved to be that in more than one area, including the vaccines, as well as the filtering Facebook's respirators. Now, under this particular EAU, the FDA meeting, the Food and Drug Administration is the one that issued this particular set of EUAs and they can do, as I mentioned earlier, medical products, vaccines to diagnose or treat or even prevent serious life threatening diseases and conditions when there's no approved or adequate available alternatives. In this case here, you know, we're talking about filtering face piece respirators. And as we know that has been a contentious issue from the beginning as to the availability of NIOSH approved respirators. Peter Koch: [00:04:52] Why don't we help people understand? Because there's lots of different terminology about respirators and some people just think a mask is [00:05:00] a respirator or a respirator is a mask. We see we see people in a doctor's office wearing a mask. We see people on a construction site wearing a mask. We see firefighters wearing a mask. So when we talk about an n-95 respirator, what are we talking about and what's the difference between, say that and like a half face respirator and maybe that surgical mask that you might find in your doctor's office? Steve Badger: [00:05:27] Great question. The really the difference comes down to what is doing the filtering and filtering face piece respirator. The ones that we're talking about here, the mask itself is the filter. It's filtering out everything that you're breathing in. The whole entire thing acts as a filter and you know it. The same with a surgical mask is designed to filter out throughout your whole breathing zone everything that's there as opposed to say, you know, elastomeric like a half face or a full face, negative pressure [00:06:00] respirator that is fit tested. They've got it. It's got a seal that has to seal. And then the ear that's getting to you is being filtered through actual filters, cartridges that are designed to filter out different types of contaminants. So there's a big difference between those and the filtering face piece in its function and its ability and its protective qualities. Because if you think about a filtering face piece, it's filtering in both directions, whereas the elastomeric respirators, the cartridges you're breathing in, when you exhale, you're breathing out through an exhalation valve that's not filtered. So this was one of the reasons why these this particular type of respirator wasn't the first and best choice when it came to the health care professionals, Peter Koch: [00:06:51] Because it's filtering the filtering face piece or like a paper mask. Respirator would filter both ways, both in the inhalation and the [00:07:00] exhalation, as I hear you correctly. Steve Badger: [00:07:02] Correct. Peter Koch: [00:07:02] Now, with the filtering face piece and especially the n-95 respirators, some of the similarities beyond the filtering on the inhalation, they do have to be fit tested, is that correct, the n-95 respirators? Steve Badger: [00:07:18] Yes, that is correct. They do have to be fit tested. And the initial people that are first using these things, it was absolutely mandated that everyone had to be fit tested before they could wear them and they had to get a medical approval before they could even do the fit testing to make sure that they were physically capable of wearing these respirators with the people that had already been fit tested. And maybe they've been beyond that year from the initial time that they had been tested. They were given a, I will say, a waiver, but an extension so that they did not have to get that additional fit test within that year, that they as long as they were using the same type and brand of filtering [00:08:00] face piece respirator, that they could extend that fit test beyond that year deadline. Peter Koch: [00:08:07] Oh, good. So that that actually took some pressure off the numbers of people that would have to be tested for an n-95 or one of the respirators that would have been covered under the EUA originally. Now what's the biggest difference between that filtering face piece and say like the surgical mask that you might see in the doctor's office or the dentist office? Steve Badger: [00:08:34] The largest difference really comes down to the pore size. And when we talk about pore size, we're talking about what is the maximum, you know, filtration of that particular respirator or in this case, surgical mask. Now, with the filtering face piece, we know that it will filter out 95 percent of the particles at a certain size and which is which is a very good filter, a very good filter, 95 percent, [00:09:00] as opposed to a surgical mask, which really doesn't have the small enough pores to prevent the viruses from actually getting through that. And they're not fitted as well so that people, if they don't have them appropriately put across their nose or across their face, there's still gaps in them that can allow the escape of the of the virus. Peter Koch: [00:09:24] Good. So that makes sense then why someone who would be required to say treat or come into contact with someone who might have covid-19 needing to wear that n-95 mask instead of just the surgical mask? But, you know, there again, that's the requirement, higher level of protection, especially when there's a significant exposure. And then for everyone else, when there's other options for us to go out there. That's why that cloth face mask or even a surgical type mask would be functional for someone of the public [00:10:00] who maybe isn't required to come into contact with someone who has covid-19, I remember early on masks, you couldn't find them, you couldn't find n-95 mask's anywhere. And I know just outside of the covid-19 pandemic, I mean, respirators are used in industry all the time for particulate respiratory protection, chemical respiratory protection. There's many reasons why you might use an a 95 respirator and you couldn't find them. You just couldn't find them anywhere. So I guess this is a good time to maybe talk a little bit about the history here and to get a better understanding of why the EUAs were issued in the first place. So we did talk about the FDA, the federal Food and Drug Administration, and they are in charge of approving medical products and vaccines for use, and especially when it comes to the medical industry themselves to be approved for [00:11:00] medical use. It's not just, say, NIOSH. Correct. So if I'm going to use a respirator, an approved respirator for medical use, NIOSH isn't the only organization that will approve that respirator for use, is that correct? That needs to be the FDA. Steve Badger: [00:11:17] Well, it is the NIOSH does the approval and how to look at this is that they do the testing, they do the approval. And then the FDA says, OK, based on the NIOSH testing and approval, we will accept these particular respirators. Peter Koch: [00:11:35] Gotcha, I think that's a that's a good point for qualification there. So NIOSH still doing the testing. And then the FDA is saying that these are the group of respirators that are going to be functional for a health care setting. Awesome. All right. So let's look more about the historical context. And if we all remember back to the start of the covid-19 pandemic, which seems like forever [00:12:00] ago, but it wasn't all that long ago, actually, that the virus was determined to be transmitted through the air and into the respiratory system via the droplets expelled when an infected person coughed, sneezed or they spoke. What wasn't really well understood then was how a mask could protect you and why someone in a health care settings should wear an approved n-95 mask and someone not in health care could wear a mask that wasn't approved. So let's talk a little bit about what an n-95 is and then what makes it approved and then we'll get into the timeline. So Steve, take us through what an n-95 respirator n-95 mask is and what makes it approved versus a mask that might not be approved. Steve Badger: [00:12:41] You know, certainly the n-95 respirator is exactly what it sounds. It's designed to filter out 95 percent of the particles within its range, what it's approved for. And so, you know, when we take a look at what's on the outside of the respirator [00:13:00] and what gets inside, it's designed to filter out 95 percent. And that approval process, as we mentioned earlier, is done by NIOSH, the National Institute of Occupational Safety and Health. And they do a lot of testing on these respirators and they put them through their paces to make sure that they really are what the manufacturer tells us they are and that they're going to, you know, meet those standards. Now, to take that one step further, these n-95 respirators, which were, you know, being approved obviously very quickly, the supplies of these got used up. And so they started looking at these different alternatives as to, OK, maybe these aren't approved yet, but there are respirators out there that have been through other trials, through other organizations throughout the world that may be good enough to be able to provide some protection for the health care professionals. Peter Koch: [00:13:58] Oh, all right, I [00:14:00] think I understand so NIOSH is going to approve an n-95 respirator based on their testing and it has to meet a minimum qualification for the for filtering out 95 percent of a certain size particle or particles above a certain size. But there are other organizations I know Canada has their own organization and other countries have their own certification organizations for different types of personal protective equipment. So but it might not be the same testing method or it might not be they might not have the same standard possibly that NIOSH does so when the supply got short. Am I correct that businesses started to look for other supply chains that might not be approved by NIOSH? Am I correct in that? Steve Badger: [00:14:50] Absolutely, that is correct. They started looking outside of the U.S. because of the fact that the U.S. supplies fell [00:15:00] behind very quickly. And so they started looking at countries that everywhere from, you know, Vietnam to New Zealand to places Europe, Italy, that that had companies that were creating respirators that met their standard for it would be an n-95. But they had not yet approved them for use in the United States. Peter Koch: [00:15:24] Very good. So that that sets up kind of sets up a challenge. Right. So as your safety person at the hospital or OSHA or the FDA are going to say, these are the things that you have to use, the companies might not have enough of those things. So they go look someplace else, find other respirators that meet a certain standard, but not the NIOSH standard. So now there's a challenge there. There are companies that are trying to protect their workers, but there aren't enough of the NIOSH approved [00:16:00] n-95 filtering face pieces to go around. So the FDA takes the next step. And I'm expecting that's the emergency use authorization, correct? Steve Badger: [00:16:12] Correct. You know, any time that there is an emergency use authorization, there has to be some reasoning behind it. And for this case here, you know, they gave three main reasons as to why they wanted to implement this. And, you know, first of all, it was the sars-cov-2 virus that causes covid-19 causes serious life threatening disease. There was no question about that at this point, including severe respiratory illness. The second reason was that based on scientific evidence available to the FDA, that there was some benefit of using these filtering face piece respirators, even though they were not NIOSH approved. And third of all is that, you know, there just wasn't any other available alternatives. There was just nothing else out there that was in the pipeline that could possibly [00:17:00] take the place of that or help supplement that. So this is why the FDA decided that this was a good time to implement this particular EUA. Peter Koch: [00:17:13] That's great. And as I understand it, too, there were multiple or at least there were two EUAs that were issued. So talk to us about the first EUA that was issued and then we can talk about the second one. Steve Badger: [00:17:26] Sure. The first EUA was the imported NIOSH Non-NIOSH approved disposable filtering face piece respirators, and that one really covered respirators that were made outside of the United States everywhere but China. And we'll talk about a little bit about that in the second one as to why they separated those. But this particular one this first one was for every other country, the Italy, the Australia, the New Zealand that were making respirators that had not been previously [00:18:00] NIOSH approved. And within that EUA, they had what's called exhibit one. Exhibit one was the list of approved filtering face piece respirators that could be used by health care professionals under this EUA. Peter Koch: [00:18:17] Ok, so once that EUA was issued, they had a list of all the different respirators. So the health care community could go out and choose from that list. They couldn't find NIOSH approved filtering face pieces. They could then look at which ones were then being approved through the emergency use authorization. That's cool. So that list one was a pretty critical list for people to have get their hands on. And then I think it was still hard to find some of those. And then there was another EUA that was issued and you referenced that earlier. That was the one for respirators manufactured in China. So can you talk a little bit about that one? Steve Badger: [00:18:56] Yes. The first EUA approved about 50, [00:19:00] I believe it was 54 different types of respirators from different countries. And as we talked about the use and the need and far outweighed the number that were available. So the second EUA was issued in October of 2020, and that was for respirators that were constructed in the country of China. Now, that particular list was also quite extensive and they actually had about 200 approved respirators that went into Appendix A of that EUA that were approved from that point that the EUA was initiated. So now they've brought in the they had the rest of the world will say in the. First, the EUA and then China and their respirators were the second EUA. Peter Koch: [00:19:55] Right, and so through your reading, were you able to determine why they had a [00:20:00] separate EUA for the respirators made in China versus the ones that may have been made in the other parts of the world? Steve Badger: [00:20:07] There's been nothing that I've been able to find in the reading that would indicate why? You know, there's a lot of conjecture out there as far as, you know, thinking about the fact that, you know, early on they thought that maybe, you know, they wouldn't have to go to that extreme to get enough respirators available. But, yeah, there's definitely nothing in writing that I've been able to find that's indicated as why it was separate after the fact. You know, when we talk about here later on, but after the fact, it became obvious that there were a lot of knockoffs and a lot of, you know, fake respirators that were being sent in, ones that weren't nearly close to approval. And so, you know, after the fact, they started, you know, weeding out those pretty quickly when they started testing them. Peter Koch: [00:20:59] Yeah. [00:21:00] So I do remember some of that information coming through. There were a number of respirators that were packaged to represent themselves as being NIOSH approved or had the OSHA seal of approval, which isn't a thing. You know, she doesn't approve those. They just say you're supposed to wear a particular type of PPE. And then there were some testing information that was placed out there, too, about how the NIOSH respirators and respirators made in other parts of the world and even some of those in China did come it did come very close to meeting that NIOSH standard over the samples that they had. But there are others that didn't do it at all. And so part of the approval, as I see it, is how I've come to understand this as a safety professional is one of the reasons that you want in a third party testing and approving is because it provides you with some information about [00:22:00] the minimum amount of protection that you're going to get. So if you buy something that's going to have the stamp of approval on it, you should you should be able to feel comfortable that it will that it will protect you at this particular level. And so then if you take that protection level and then you look at what you're trying to be protected from, if they match up and you use it the way it's supposed to, you have managed the hazard or exposure to that hazard in a good way. But if it's not going to meet that base level of approval, then it may very well put you at greater risk if you're going to use something that that doesn't have that minimum level of protection. Peter Koch: [00:22:42] Let's take a quick break, integrating workplace safety into your business is a key part of the long term success of any company. And like most components of success, there is no one size fits all solution. MEMIC is committed to partnering with employers across all industries for workplace [00:23:00] safety. And we recognize the key to that partnership is understanding the unique demands of the industries that we ensure our safety experts bring experience from the industries that they serve. And this experience provides a unique perspective through a critical eye when it comes to understanding the particular exposures and challenges of an industry from construction, retail and manufacturing to hospitality and health care. Our team of experts will work with policyholders to identify opportunities to improve safety. Interested in finding more about MEMIC, check us out at MEMIC.com. Or better yet, contact your local independent insurance agent for more information. If you're already insured by MEMIC, then check out our safety resources at MEMIC.com/workplacesafety and sign up for access to our video lending library, our LMS platform or our Safety Director Resource Library. Now let's [00:24:00] get back to today's episode. Peter Koch: [00:24:04] I think as we as we start to look at the EUAs this, you know, the podcast is pretty short today. There is a pretty focused topic. There's not a ton that we need to go through. But we learned about what an EUA is, what the FRRs are, who does the approval process, who issued the emergency use authorization in the first place and why. Now, let's talk about the well, the title of the podcast is that they have been revoked or the EUAs have been revacated. So why were the EUAs revoked here? Why did the FAA pull the EUAs for those filtering face pieces? Steve Badger: [00:24:48] Yeah, looking at, you know, the beginning of this, where they were authorized, the EUAs were issued from that point on, we had a list for [00:25:00] the exhibit one and also for Appendix A for the second. And that list of respirators were really, you know, for lack of a better term, we're really unknowns. And so what NIOSH did was they started doing testing on these particular filtering face piece respirators to see if they met the n-95 standard that 95 percent filtration. And so the process that they would go through is they would take ten samples that were sent to them by the manufacturers. They would test them and come up with an average filtration. And so as they started going through and doing these testing, they found out early on that there were many that either didn't make it or that were very bad respirators that they could tell that they were bad, they tell that they were they were the fakes, that they were the fraudulent ones. And so what they did was they started [00:26:00] eliminating some of these from that list, from that approved list and a couple of different times during 2020, they took some of these out, started weeding them down to the ones that actually that they could say would filter out 95 percent. Now, it's important to note at this point that this did not give them a NIOSH approval. OK, what all this did was that NIOSH did this testing and that they were able to say that in this testing that it did reach that 95 percent. So none of these respirators were able to gain NIOSH approval numbers from this particular testing. So as time went on, the manufacturers that NIOSH had approved previously started catching up on the numbers of respirators that were being in demand as the pandemic, you know, slowly started coming down and the number of cases and the health care workers were able to better protect themselves with NIOSH respirators. [00:27:00] These lists, this Appendix A and exhibit one, they started becoming less and less important. And so in the end of June or actually towards the end of June, the FDA decided to revoke both of these EUAs, meaning that these respirators are no longer approved for use by health care professionals. Peter Koch: [00:27:25] And that's another interesting point to note, that the lists were kind of live. So the Appendix A. And the list one, as NIOSH started testing, they actually eliminated some of the respirators from those list. Is that correct? Did I hear that correctly? Steve Badger: [00:27:43] Yes, they did, they initially they eliminated from the second EUA, the ones from China there was about I want to say it was about 75 respirators that did not meet the first cut right out of the gate. And there was a there was several from [00:28:00] the first the UK from the European and other nations that were creating them. And so they were slowly, you know, they would get several of these on that list and they would eliminate them. And so they would, you know, say, OK, from this point on, from this date on, these are no longer part of this EUA and therefore the health care providers should not be using these. Peter Koch: [00:28:23] Yeah, and I think that's a good point, because if this ever does happen again and another EUA is issued for non-NIOSH approved filtering face pieces that. The purchasing groups for these health care organizations need to understand that, unfortunately, we can only work as fast as we can work and that those lists could be live. So are the lists will be live. And as more testing gets done, those lists might change. So it's important to go back to those lists on a regular basis, work with your suppliers to make sure that you have [00:29:00] you're working off the most accurate list and you're getting the equipment that's best suited for your for your workers. So we come to the end and the EUAs are revoked and what I'm hearing, Steve, is that you're saying because manufacturing picked up enough with the NIOSH approved n-95 respirators, that that there are enough now to go around to outfit the needs of our health care professionals. So that's really the reason why they were revoked, because there wasn't a need for emergency use anymore. We were able to use the approved respirators in most cases. Is that correct? Steve Badger: [00:29:43] Yes, it is correct and you know, and obviously there's a couple of reasons for that. I mean, one, we don't have the certainly have not had the number of cases that we had initially early on, you know, and also, you know, we have to think about respirators as they are. They're the last [00:30:00] line of defense. And so when we think about, you know, you know, hazards and controls that, you know, the controls that have been put into place have also helped eliminate a lot of these potential exposures to the point where maybe not as many respirators are needed to be used because they are that last line of defense. And therefore, you know, if something happens to them, the respirator fails, that person could still be exposed. So we want to try, you know, to eliminate those hazards initially before you get to that respirator point. Peter Koch: [00:30:32] Very good now. All right. So the EUAs are revoked the non NIOSH approved respirators are no longer approved for use in a health care setting. What do I do, I've got maybe a stockpile of respirators that were once approved by the EUA and they're no longer functional or at least no longer proved to be used in a health care setting. So does the FDA have [00:31:00] any recommendations going forward? Steve Badger: [00:31:03] Yes, they do. They have several recommendations for the stockpiles of these things that they're assuming that are out there for the health care professionals. And just because these respirators are no longer a part of this EUA, doesn't mean that they can't be used for other purposes outside of the health care organizations that you could, you know, actually, you know, redistribute these through, you know, into non health care settings, such as, you know, construction or even general industry? You might be able to you know, they offer the suggestion that maybe you could donate them to other countries or other places where approved respirators are still in very short, you know, short quantities as they're very much in demand. They also, you know, tell us that we may even consider, you know, holding on to them to [00:32:00] be used for other purposes so that's where they've kind of left it with us, that we don't want to just, you know, we just don't want to throw these things away, that there are other uses for them. And I think that's very good advice. Peter Koch: [00:32:12] Yeah, I think it's great advice as well. So just because you have a resource, make sure you're using the resource appropriately just for that health care setting of if I'm a health care professional and I'm going to be exposed to someone who potentially has covid-19, I want to make sure I'm protected. So you want to make sure you're using that NIOSH respirator. And since you should be able to have sourced enough of those for the exposure potential that that is out there now. But like you said at the end, there again, it's a good idea. As we you know, we look at where we are currently and there's starting to be an uptick in cases, an uptick with the Delta variant and maybe some other variants that are coming down the road. It's [00:33:00] always good to be prepared. So we don't want to be in a place again where we're scrambling to find respirators. We want to make sure that we have things in stock. So, you know, good advice, use it or do with those stockpiled respirators, what you, as your company feels is going to be the best use for them. And if that is a donation grade, if that's moving them to a different industry, fine, too. If that is holding on to them just in case, that's not a bad idea either. So, Steve, why don't we try? So we learned a lot today in a very short time. And I think most of it is kind of clearing up some of those three letter abbreviations like EUA and FRR and even some larger abbreviations like NIOSH or CDC. So why don't we take that sentence those two sentences we had in the intro and let's try to add the actual words that come up and see if it makes any more sense to us. So here we go. Early [00:34:00] on in the sars-cov-2 or Severe Acute Respiratory Syndrome coronavirus two pandemic the Food and Drug Administration as a Department of the Department of Health and Human Services created the filtering face piece respirator emergency use authorization for health care providers. They did this in conjunction with the National Institute for Occupational safety and Health, or NIOSH and the Centers for Disease Control, or CDC, to help combat the spread of covid-19. Now, due to the increase in availability of the NIOSH approved n-95 filtering face piece respirators, the Food and Drug Administration has revoked the filtering face piece respirator emergency use authorization for health care providers. Makes a little more sense. Still a mouthful to say, but there seems to make more sense to that. So I [00:35:00] guess at the end here, Steve, as you were going through the emergency use authorization, the process and how they were revoked, is there anything else that you want to add to that or maybe something that you found really interesting as you were going through that? Steve Badger: [00:35:17] Yeah, you know, I would say that I probably one of them the most interesting things that I found going through this was, you know, the ability of the government organizations to be able to work together to get to that point where these EUAs were being issued. Because, you know, it wasn't just the FDA. They had to rely on the NIOSH group for their testing and approval. And, you know, and that all, you know, in conjunction with the CDC, the Centers for Disease Control, that they had to all work together to make this work. And I think that that's the part that really drove home to me. The point that, you know, when we're in a crisis and these things happen, that these people can work together, that they can, you [00:36:00] know, do you know the right thing and get these things out to people and in a big hurry. I mean, this was these are not something that typically happens overnight. And in this case, here it did. These were given this temporary approval and this emergency approval. And so they were they were able to help that health care professionals out of a very tough position. Peter Koch: [00:36:26] Yeah, I think that's a really good point. The working across departments at the federal level can be challenging at times. And they definitely collaborated well together and came up with a with good response for a very, very challenging situation for sure. So, Steve, if someone had more questions about the FDA or and or the emergency use authorizations, something happens in the future. They see something over the Internet that there was a new EUA or they want to learn more about these [00:37:00] EUAs in particular, where would they go for more information? Steve Badger: [00:37:05] Certainly the Food and Drug Administration, the FDA has a website that you can go on and, you know, you can look and search for EUAs under that website and it will bring up all of them. And they're, quite frankly, right now there's quite a few of them out there for different types of medical processes and procedures. And also the vaccines, the very vaccines that we're taking to prevent covid fall under these EUAs. So you kind of have to do a little bit of searching through there. And the other place that I would look in regards to the filtering face piece respirators is whether or not the respirator that you've chosen that you have in your hand, is it NIOSH approved or not? Easy enough to go on to the NIOSH website and actually determine that you can do a search and look to see which respirators are really approved? You know, it's not just stamped [00:38:00] on the box from, you know, someplace, you know, out of nowhere that you can actually make sure that that thing is actually what it says that it is so that you're getting that protection factor that you're expecting. Peter Koch: [00:38:12] That's a great point. And to not all, you know, don't always trust the packaging. So if you're looking to purchase n-95 respirators, a good idea is to double check them against the list there for the NIOSH approved respirators. And you'd find that you said right on the NIOSH site or is that the FDA site, Steve? Steve Badger: [00:38:33] You would find it on the NIOSH site for which respirators are approved and they will be given approval number. And you can determine that, you know, from that list is whether or not that one you have in your hand, if it's NIOSH approved, it's going to have a number associated with it that matches up with that NIOSH site. Peter Koch: [00:38:53] Very good. And most of your reputable distributors are going to be familiar with that and be able to help [00:39:00] you if you're purchasing PPE for your organization, whether your health care or not, they should be able to work with you and then know what's approved and what's not approved. And if you ask them questions, is it on it? What's the number they should be able to give you that. So if you're wanting to double check, you can always ask those questions of your supplier. All right. Very good. Steve, thanks so much for coming on and sharing your expertise with us today. Steve Badger: [00:39:27] You're very welcome, Peter. Thank you for having me. Peter Koch: [00:39:29] Excellent. We'll have to bring you on again and talk some more about respirators. I, I know we've been chatting back and forth about a podcast, around respiratory Protection, and it's a pretty enormous topic. And we've got to kind of whittle it down so we can fit it in within our podcast format here. So we'll have you back on again. And I'm looking forward to speaking with you. Steve Badger: [00:39:50] Thank you. Peter Koch: [00:39:50] Perfect. So thanks again for joining us. And to all of our listeners out there today on the MEMIC Safety Experts podcast, we've been speaking with Steve Badger, safety management [00:40:00] consultant, with a MEMIC about the Food and Drug Administration's revoked emergency use authorizations for filtering face piece respirators. If you have any questions or would like to hear more about a particular topic on our podcast, e-mail me at podcast@MEMIC.com. Also, check out our show notes at MEMIC.com/podcast, where you can find additional resources and our entire podcast archive. Did you know we've had more than 50 episodes so far and we're still going strong and hope to do another 50. And while you're there on the website, sign up for our safety net blog so you never miss any of our articles or safety news updates. And if you haven't done so, I'd appreciate it if you took a minute or two to review us on Stitcher, iTunes or whichever podcast service that you found us on. And if you've already done that, thanks, because it really helps us spread the word. Please consider sharing this show with a business associate friend or family member who you think will get something out of [00:41:00] it. And as always, thank you for the continued support. And until next time, this is Peter Koch reminding you that listening to the MEMIC Safety Experts podcast is good, but using what you learned here is even better.
Diese Folge als Video schauen Aus der Preshow: Boris hört, Hintergrund-Musik bei der Preshow, Push-Show, HS-Live beim Baden Heute mit: Nachtrag zur Nikon Z-FC, Yongnuo-Objektiv, CIPA, DiY, diversen anderen TLAs, Bandenwerbung Fast immer dienstags, gerne mal um 18:00 Uhr: Happy Shooting Live. Täglich im Slack mitmachen – auch Audio-/Videokommentare werden gern angenommen. Danke an Maximilian, … „#719 – Eulen und Meerkatzen in verschiedenen Qualitäten“ weiterlesen Der Beitrag #719 – Eulen und Meerkatzen in verschiedenen Qualitäten ist ursprünglich hier erschienen: Happy Shooting - Der Foto-Podcast.
Diese Folge als Video schauen Aus der Preshow: Boris hört, Hintergrund-Musik bei der Preshow, Push-Show, HS-Live beim Baden Heute mit: Nachtrag zur Nikon Z-FC, Yongnuo-Objektiv, CIPA, DiY, diversen anderen TLAs, Bandenwerbung Fast immer dienstags, gerne mal um 18:00 Uhr: Happy Shooting Live. Täglich im Slack mitmachen – auch Audio-/Videokommentare werden gern angenommen. Danke an Maximilian, … „#719 – Eulen und Meerkatzen in verschiedenen Qualitäten“ weiterlesen Der Beitrag #719 – Eulen und Meerkatzen in verschiedenen Qualitäten ist ursprünglich hier erschienen: Happy Shooting - Der Foto-Podcast.
Welcome to Remotely Interesting brought to you by Netlify.People who were remotely interesting: Ben Hong Cassidy Williams Phil Hawksworth Tara Z. Manicsic SHOW NOTES:In this episode, we chat about Distributed Persistent Rendering, On-Demand Builders, and more acronyms than we know what to do with
BARENAKED MONEY PODCAST: EPISODE 2TranscriptJosh Sheluk:Morning Colin.Colin White:Morning Josh. And good morning faithful listeners. Welcome to the next edition of the Barenaked Money Podcast. We're going to have a chat today about something that's very topical. And you may be surprised to find out that we're not going to entirely poo poo it. So stay tuned to find out exactly what our opinion is. It's going to take a while to unfold. It will be an exciting journey.Colin White:We're going to talk about ESG Investing. ESG is the most recent iteration of the TLAs, or three letter acronyms, that have lived in this space for a bit. So Josh, maybe you could help our viewers and listeners with a little bit of a tutorial, if you will, on what some of the various terms are that get thrown around in this space and what they might mean.Josh Sheluk:Yeah. I just wanted to set the stage a little bit, because I know... It's like a lot of things finance, it can be pretty confusing. And there's, as you said, a lot of different acronyms out there that have been used to define this ESG space. Like you introduced right at the outset, ESG. So generally speaking, what we're talking about today is a variety of different types of responsible, or socially focused investments. So ESG has been, I guess the most prominent acronym that's used to describe this. And ESG stands for Environmental, Social, Governance. So these are the focus areas of any type of investment that's branded ESG, or so they say. You'll also see things like SRI, Socially Responsible Investing, responsible investing, carbon-free, CO2-free or low CO2, carbon neutral, green. Everything that you can possibly think of has been used to describe these types of investments. So it is very wide ranging, encompasses a variety of different areas of being socially responsible, I guess you could say.Josh Sheluk:So the question I'm going to throw to you right off the bat, Colin, is why is it just now that we are taking our first foray into this space? Because quite frankly, ESG and ethically focused investments have been around for at least a couple of years now, more than that, if you really go [inaudible 00:02:24].Colin White:Well I mean, I guess I would debate the recently decided. We've been foraying, if that's the word, in this space for as long as it's existed because, well, we're naturally curious. But the challenge is whenever something like this gets trotted out is, we have to decide is it real or is this just marketing? Because again, the whole idea of investing to make the planet a better place is very appealing to many people. And when something's appealing to many people, then it will be somebody who will find a way to sell them something. So we were looking for, and waiting for, something to come along that actually had some meat on the bones.Colin White:Back in the early days of green investing, I was sitting in a presentation. And I'm the kind of person that actually looks through the portfolio of the presenter. And I noticed that there was a coal mining company on the list of the green investments, which at the end, or when the questions came up, I stuck my hand up and said, "I'm just curious, why is there a coal mining company in the green fund?" And he said, "Oh, well, that's the cleanest of the coal mining companies." Didn't like the answer. And I further didn't think that clients who thought they were investing in a green investment would like that answer. So that was where we were early on.Colin White:And also, I was at a presentation where somebody was talking about wonderful new green technologies, emerging technologies, fantastic things that were going to potentially change the direction that the planet rotated. Like they were just amazing things with zero track record. There was no actual business there yet. It was a fantastic story, an exciting story. Disney could have made a movie about it. I wanted to be part of it, but I couldn't call it an investment. It just wasn't there yet. So the experience we've had, all of us, of going through the woods and trying to find these things, because again, we're all curious, we've all been watching. We've been waiting for the moment where we could put our arms around it and go, "This is really an option that is a real investment and pays homage to this very worthwhile cause of investing with a higher purpose." And it's only been recently that we felt that it's matured enough, that there is enough of an option out there for people, that it's matured to a point where we could actually put our stamp on it and call it investing.Colin White:So Josh, maybe you could give us a couple of comments on how we were screening and where that ended up with regards to how a portfolio was constructed.Josh Sheluk:Yeah, yeah. Definitely happy to do that, Colin. I want to follow up on one thing though, before I get to that, because you always talk about business models of companies that are putting out investment products, or financial companies. So talk about the business model of asset management companies and why they have been pushing this type of thing for a long time, maybe not so in line with how we really look at the space.Colin White:Well, again, if there's enough of a demand for something, somebody is going to create the product. If we're reading in the newspaper every day about gold, or about silver, or about Bitcoin, whatever the hottest topic is, there is a manufacturer somewhere who goes, "Ooh, people are talking about this. I have to build one." And they will throw it into the marketplace, just trying to satisfy what they perceive as a demand, without necessarily, in my opinion, taking the additional step of making sure that it's a sustainable offering, like it's really going to be a positive outcome for clients. The industry often will say, "This has been a very successful product." And I challenge them and say, "What do you mean? It's returned good money to clients?" "Oh no, we've attracted $1 billion in the last six months." That's one definition of success. And I guess that might be the prevailing definition of success. But if you actually want to have something that you're happy looking at a year later, that's a different metric or way of looking at success.Josh Sheluk:Yeah. You mentioned Bitcoin there. So there was a Canadian asset management company that launched the Bitcoin fund, I guess we'll call it, a few weeks ago. Great success. Well, by their definition, like you said, collecting assets. Great success for them. Three weeks later, they have an Ethereum ETFO. So any track record, any longterm success with this product? No, but to their definition of it, great success because they were able to attract a lot of assets and that's how they get paid.Colin White:Oh, absolutely. And that's what makes the world go round. So I am very proud, and I think we all should be very proud, that we've actually dug into this space and we've actually come up with what we think is actually, legitimately could be labeled a real investment while still accomplishing some of these goals that any human being would say, "Yeah, these are good goals and things we should chase." So again, back to you, Josh. Run us through it. Tell us how we found them, what we found and what it looks like.Josh Sheluk:Yeah. So it was a pretty extensive process, like you were saying. We've been looking at this space for years and kind of reluctant, not finding enough that we really thought fit what we were looking for. And so just to take a step back, when we're looking for any type of investment for our clients, and especially in this regard, when we're focusing on ethical investing, we are really looking to accomplish two things. The first thing is we absolutely positively need to be able to deliver good financial results. We're financial advisors. We're financial people. If we're not delivering good financial results for you, what are we doing?Josh Sheluk:The second part, especially, as I said, relates to ethical investing, is we need to make sure that it's meeting your values. And as you've alluded to, the early products, or a lot of the products that are out there, they were missing on one of these accounts, either not delivering what we thought were going to be good financial results in the future. Or two, they were branding themselves as "I'm ethical, I'm social, but I have this coal mining company in my portfolio, so I'm not really doing what I'm saying." Or the worst thing, is some of these products we're doing both of these things poorly. They were not delivering on the financial side and not delivering on the ethical investing side. So that's sort of our view when we're looking for this space, when we're getting started.Josh Sheluk:What we did, and what we've been doing over the past couple of years, is we always start with sort of a screen, or a let's call it a wide net, to capture everything that's out there in the industry that fits in some way, shape, or form what we're looking for. So we have some software that very easily these days allows us to filter the list of all of the investments out there into something that is focused specifically on whether it's ESG, or ethical investing, or low carb, all of these monikers that I introduced at the outset.Josh Sheluk:So we had drilled down that list pretty quickly for us. Now, as we've been talking about, companies love offering products in a sort of hot space. So there's a ton of stuff out there that we can look at investing in this ESG space. So our next step is kind of, okay, well, let's just look at things a little bit qualitatively. Which of these companies, which of these investment products has a decent track record? And one of the things that's challenging for us today is not a lot of these products have a long-term track record. So then we're looking to, okay, which type of management companies have a longer track record? Who's really been in this space for a while, for many years? Which companies can we rely on to deliver a good product to us? So that narrows down our list pretty quickly once we do that. Because as I said, a lot of this stuff is sort of flash in the pan, brand new, and we're just not going to look at that type of thing.Josh Sheluk:Then we get to do the fun stuff. We get to really, really dig into what's there. And we dig and we dig and we dig until we have uncovered all of the answers to our questions. So that will usually start with one, looking into detail at the product. What's the philosophy? What's the strategy in terms of the investment? Let's look at the actual holdings that are there. Because that coal mining company, if we see it in the top 10 holdings, well, we know we're going to punt that product, that potential investment pretty quickly. So this is one area where you can really look at the individual holdings that are a part of that investment, individual companies that make up that fund, and decide, yes, this kind of sort of fits with where we think we should be going, or no, this is completely off base.Josh Sheluk:And then we'll meet with the company or the manager that is actually looking after this investment. And that's where we do the most fun work because we get to ask them all kinds of questions and really explore our curiosity to try to figure out, okay, what's your team look like? What is your experience and how are you actually going through this due diligence process on an ongoing basis to make sure that the companies you are investing in are indeed ethical like you say they are, like they say they are? Because we could buy a company today that's the best thing since sliced bread, is acting ethically and all that. And two years from now they're, they're not so ethical anymore. You've got to keep a close eye, close tabs on the companies that you're investing in. So we're, again, looking to understand exactly what process all of these managers are going through to try to identify those ethical companies.Colin White:So then when you take the next step, I mean, we work towards building portfolios. So we need to find ethical investing is by our standards, in different geographies and different industries and get things as diversified as we can. Now, there's going to be certain industries that we have that are going to be naturally either underweight or completely excluded, because it's very difficult by any definition to call the petrochemical industry or the mining industry, environmental. So there are going to be sectors of the economy that are going to be either not included or underweighted. So Josh, can you maybe give us a comment as to what the final diversification was that we were able to approach and maybe where the deficits would be compared to what our regular portfolios would look like?Josh Sheluk:Yeah. So you kind of highlighted the key points there, Colin. You're naturally going to exclude certain types of industries or certain types of businesses when you go through this type of approach. So again, going back to our process and our screening and our decision making and all that, what we don't want to end up with is a portfolio that's built with a hundred wind farms because you're not very diversified at that point. If the wind stops blowing, well, your portfolio is not going to do too well. So we do need to still have some semblance of diversification, even though we know we're going to be excluding certain businesses or certain industries. The easy one right off the bat is you're either going to be significantly underweight or have no exposure to the energy industry. And most people that are looking for an environmentally friendly portfolio would say, "I'm perfectly comfortable with that. I'm very fine with not having any exposure there." And that can be a more up and down industry anyway. So to say that that part's excluded from the portfolio is not necessarily a bad thing. You'll also exclude certain mining companies, right off the bat. If you're operating an open pit mine, well, chances are it's not very environmentally friendly. So there you're losing some diversification. What we [inaudible 00:14:19]. Go ahead.Colin White:Sorry, Josh. Just wanted to interject there for a second. One of the challenges we run into with that is you have supply companies that maybe they build pumps. And 80% of their business is medical, and 20% of it is institutional or industrial, of which some of is mining. Now there's some indexes and there's some analysts that would classify that as a petrochemical company because they supply pumps into the petrochemical industry. But it may be a tiny fraction of what they do. So yeah, or it could be a slam dunk, somebody operating an open pit mine. Yeah, that doesn't make it. When you start getting a little further out from that, then it gets a little fuzzy. And that's where we look to find the managers that are exercising a degree of effort on making sure they're making these calls in a way that actually stays true to the cause. So we'll use some examples that are very one side or the other, but then it gets really, really gray really, really quick. And that's always been the challenge in this space is those gray areas.Josh Sheluk:Yeah. And not only gray areas, but different people have different definitions of what's ethical, right? So there's some subjectivity to the space, which makes it very, very difficult. So when we're looking to accomplish something here, what we're looking to do is, in broad strokes, we're looking to properly define what is ethical in most people's minds. It's not going to be perfect for everybody. As we say, we're here to be transparent. We're not delivering a perfect solution that's going to perfectly satisfy every individual that's out there. But that's probably a losing cause for us anyway, if we were trying to do that.Josh Sheluk:But another great example, you talk about sort of the compromises there. And when we were going through this due diligence process, they brought up mining companies that are looking for like your rare earth minerals and your lithium, for example, right? Lithium is a key component in batteries and to some extent, solar power, solar panels as well. You have silver as well, that are in a lot of electronics and components like that. So you need some mining. Because if you don't have any mining, well, you can't put a battery together. You can't put a solar panel together. So there needs to be some compromise and some wiggle room there. And what we've done is, again, the managers that we have in place are looking at all these things with the company and assessing all these things on what we think is a reasonable basis. And they're able to actually move the needle in a progressive or a positive way.Josh Sheluk:One of the investments that we've selected, that that sort of made our top lists, one of the things that they've been able to hang their hat on is they were able to convince a couple of Canadian banks that they should no longer be financing oil exploration projects in the Arctic, the Canadian Arctic. So we are seeing, again, it's not a perfect portfolio today, but we're seeing progressive improvements in what we're investing in and continue to push for improvements and moving towards a more sustainable future.Colin White:Well, I was at a conference Jane Fonda actually spoke at a couple of years ago. And she was very adamant in Canada that nobody should have any money with any Canadian banks because they all finance Canadian mining and petrochemicals, so we should not use Canadian banks at all, which one could argue is an extreme view. But the other point you make, Josh, which is a very good point, is that the whole world is gradually moving in the direction of being more environmentally friendly. It's not just in this specialized space that you see this. All companies are being evaluated now. And when we evaluate individual companies in the broader market, their carbon footprint's thing, their record on human rights is a thing, their record on environmental sensitivity as a thing. Because there's a real financial downside to being off side any of those things.Colin White:So the whole planet is moving in a better direction. The space that we're focusing on here is the part that's really trying to move that change maybe a little bit quicker. And the companies that are a little bit further ahead with it and putting money with managers who are going to do some of the activist activities that you're talking about and keep this topic alive and kicking.Josh Sheluk:Yeah. So we've talked about some of the challenges with diversification of a portfolio. But you do have some cons I guess, or some downsides to running with a portfolio that is focused on ethical investing. So why don't you highlight some of those key areas for us where you think maybe we're detracting a little bit from where a conventional portfolio would be?Colin White:Oh, sure. Thanks, Josh. So when you're taking a look at the broad market, it's done based on capitalism, improved pursuit of profit, and capital being attracted to the best opportunities. There are constraints within that game, but they're a very broad set of constraints and everybody plays to win the game within those constraints. By adding another constraint, you are taking some options off the table. Now, as to how material that is is going to depend on a number of factors. It's going to depend on the current environment. Now, there are times when the ESG portfolios will do better than the overall market. And there are times when the ESG portfolios will not do as well as the overall market. And by removing some options from the dataset, if you will, you are going to potentially experience more volatility, because we strongly believe in diversification by asset class, by geography, by style.Colin White:We really feel very, very strongly that the best investment portfolios are really thoroughly, thoughtfully diversified. You take away one or two, or a group of options from that diversification? You are now having an outcome that could be more volatile than it would otherwise be. So you have to be prepared for a couple of things in this space, so this is why maybe this space isn't for absolutely everybody. You could have a time when the overall market is up and you are down. You could have a time when the overall market is down and you're down more. You can also have times when the market is down and you're up. You could completely out of step. And being out of step isn't terrible, but it can be uncomfortable. You can be a little bit uncomfortable and maybe question, and then the problem becomes when you become uncomfortable, do you start to make more changes, more decisions? And the math would tell us that being that kind of investor causes a loss of capital, because you tend to make changes when you're behind. And so every time you're behind you make a change, you're locking in the fact you were behind and you don't necessarily get to recover out of it.Colin White:So while I'm a huge fan of the planet, I'm a huge fan of doing the right thing, I'm a huge fan of being ethical, and we're going to put this forward, you have to understand that it may not lead to as strong an investment experience as you would have in one of our regular portfolios. So we want to get radically transparent. We're not just going to say, "Hey, we have ethical investing, give us all your money. We're very successful because we have lots of money." We want to be comfortable talking to you a year from now, and two years from now, and five years from now. I want to be able to sit down with you five years from now and say, "You know what? This is exactly what we talked about could happen. And how does that make you feel? Do we need to make changes?"Colin White:I don't want to be sitting there five years now going, "I've got another idea. This new thing just came out. It's even better." We don't want to be those people. We don't want to be the one that's like, "Let's do Bitcoin. Let's do cannabis. Let's do whatever." Like there's always the next thing. And too many people get caught up in that. For us, this isn't the next thing. This is a good thing that we're going to do well, and it's going to have legs. And I will be perfectly happy to sit down with you five years from now, 10 years from now, talk about the experience. Because we have done our homework. We have done our friend's homework, We're the people in the group project that do all the work and everybody around us just steals from us. That's us. We're having fun with this.Colin White:So it's not for everybody. And I don't want people to feel, who don't invest in the ESG or the green space, that they're somehow evil, that they're sponsoring puppy mills. That's not the case. The planet is moving in this direction for very, very good reasons. And there's a lot of money behind it, a lot of effort being put into it. But for those who want to take that extra step, who feel that they can give up a little bit of the strength of their portfolio in search of a higher cause, and with our help, do so in such a way that they can have reasonable financial expectations. We think we got there. We think we have it. At least, I think we got there. Josh, do you do think we got there?Josh Sheluk:We wouldn't be launching it if we both didn't really feel strongly about that, Colin. So for sure, I think we're excited about it. Because you've been talking about, this is the first time you've kind of been on the marketing-focused side of the business in your entire career. Is that right?Colin White:It's been so exhausting. Everybody got excited about marijuana investing and I just couldn't get excited. So we ran webinars and I went across Canada, did a roadshow making fun of it. So many of these things have come and gone that we just looked at and said, "No, I wouldn't be happy sitting here five years from now talking about this as an investment. So no, I'm not doing it."Colin White:And I apologize to those we've disappointed because we said, "Hey, let's talk about investing in marijuana." And a whole bunch of people were in the room, "We're going to invest in marijuana. Are you giving us samples?" "No, we're not going to. It's bad and here's why."Colin White:So again, it's been exhausting. So yeah, more than excited. And I have no idea how to behave now. I've never been on the popular side of something, so I don't know what to do with my hands anymore.Josh Sheluk:Yeah. Well, that's why we hired somebody that could focus on our marketing because we don't know what to do with something like this when we're at the forefront of a push. So we're super excited about it. We hope our investors are super excited about it as well. And like you said, we look forward to talking about this 5, 10, 20 years down the road. It's a space that's going to continue to evolve. So by no means are we done with this portfolio. Like with all of our investment, there's a constant review process, a constant looking, seeking for something that's better, that's more improved, better delivering on the goals and objectives of, not only the financial aspect of things, but also now the ethical side of things as well.Colin White:Absolutely. It's exhausting, but it's the only way to do it.Josh Sheluk:Thanks, Colin. Appreciate everything that you shared with us today.Colin White:Thanks, Josh. Good work.Josh Sheluk:Take care, man.Colin White:Bye.Speaker 3:Visit us online at wlwp.ca. This information has been prepared by White LeBlanc Wealth Planners, who is a portfolio manager for iA Private Wealth. Opinions expressed in this podcast are those of the Portfolio Manager only, and do not necessarily reflect those of iA Private Wealth, Inc. iA Private Wealth Inc. is a member of the Canadian Investor Protection Fund and the Investment Industry Regulatory Organization of Canada. iA Private Wealth is a trademark and business name under which iA Private Wealth Inc. operates.
Hello Everyone and Welcome to the eighteenth episode of The "Literally Anything" Show. In this episode we are playing 2 Fortnite creative maps about would you rather, the aim of the game is to answer as many questions about 2 different situations we would rather do. After these maps we will be discussing recent affaires and just other TLAS gossip. If you enjoyed this episode then please consider subscribing, liking, following, commenting and of course joining us for the next episode next week. Instagram: @theliterallyanythingshow Twitter: @LiterallyShow YouTube: The "Literally Anything" Show --- Send in a voice message: https://anchor.fm/theliterallyanythingshow/message
Copyright 2021, The Energy Show, Barry Cinnamon This week we're talking about carbon capture and storage, or CCS (sorry, these TLAs are not my fault). Here's why carbon capture and storage is a hot topic. If we could only capture the CO2 that is emitted when we burn fossil fuels, we could keep burning fossil fuels forever. Hooray - especially if you're in any business related to fossil fuels, which is a pretty big chunk of our economy. Taking it one step further, if we could capture the CO2 that is already in the atmosphere, we could potentially reverse the earth's global warming trend. CCS is a fairly straightforward technology, and has been in use for about a hundred years. Billions of investment dollars have been going into scaling up various CCS processes for decades. CCS works best at the source of emissions, such as electric power plants and industrial processes (making steel and cement). When I look at CCS from a thermodynamic, economic and technological maturity standpoint, it is a dead end. Here's why: First, CCS requires a lot of additional energy to remove CO2 from power plant exhausts, and even more from the atmosphere. Remember where that CO2 comes from: when we burn hydrocarbons (natural gas, coal or oil) we release a lot of energy, along with water vapor and CO2. It takes a lot of energy to re-capture the CO2. Second, the extra energy is expensive. The efficiency of CCS power plants is about 40% lower than ordinary power plants. So the energy from these clean CCS plants costs 40% more. Third, in spite of billions of dollars and decades of intensifying research, there are ZERO power plants or industrial processes in the world that are ready to scale up. So why is there so much investment and interest in CCS? If the technology were to work at scale we could keep burning fossil fuels. I have nothing against R&D of various CCS technologies; maybe someday there will be a breakthrough. The problem is that we are betting on a CCS breakthrough in the future, while continuing to burn fossil fuels now. While the fossil fuel industry lobbies for a CCS miracle, other more economic and workable technologies are not being deployed. It reminds me of a person addicted to smoking cigarettes, who knows about the risks of lung cancer, but keeps smoking in the hopes that science will find a cure before he dies. I'm convinced that pursuing CCS as a solution to global warming will INCREASE our CO2 emissions over the next 20+ years. We would be on a faster, cheaper course to solve global warming by focusing on currently viable and scalable technologies. To learn more about the science behind carbon capture and storage, their economic realities, as well as practical energy alternatives, please listed up to this week's Energy Show.
Copyright 2021 - The Energy Show, Barry Cinnamon This week we're focusing on the most common question we get after someone has installed solar and energy storage: “How do I read my electric bill?” Standard electric bills are hard enough to read, but when you have solar and storage you almost need a degree in forensic accounting to figure them out. At a high level -- and forgive my cynicism -- we are pretty much stuck with a ridiculous array of random charges from utilities. The good news is with a properly designed solar and battery storage system you can completely eliminate your electric bill. The bad news is that with the majority of the population working and schooling at home over the past year, our electric bills are at an all-time high. The added electricity consumption (measured in kwh), plus annual rate increases (those $/kwh numbers add up), plus Community Choice Aggregation electricity providers cross-billing, make it almost impossible to determine how well your solar and storage system is working. You need to know three things in order to evaluate the economic performance of your system: 1) Your annual True Up statement, usually 12 months after your system was interconnected. This statement tells you how much your charges and credits were each month, in both kwh and dollars. 2) Your total solar energy generation amount in kwh, which comes directly from your monitoring system. Beware, do not believe the amount that the utility says you generated; that number is ALWAYS wrong. 3) The projected amount of electricity, in kwh, that your solar and storage contractor expected from your system. Once you have these three pieces of information, and a dictionary to decipher the blitz of TLAs that we'll explain on this week's Energy Show, you will have a better understanding of your electric bill.
Thank you for joining us for episode 17 of the Construction DorkCast. In this episode we celebrate Dork of the Year Lilian Magallanes on her DOY. She leads us down several nerdy topics and settles in on AI and NGL, bringing in her friend Jenn Bittinger to dive into those TLAs. No I am not going to spell these out, Nathan. Please join us next week as we get down with some more dorks and talk deep tech and maybe deep state….Jonathan…?
Hello Everyone and Welcome to the tenth episode of The "Literally Anything" Show. In this episode we will be playing a game called patently stupid where we have a problem and we each have to solve the problem using a new invention that we made. Each solution will have a title, pickup line and description (If you listen on YouTube then Quax will provide pictures). After the game we will be going over some events that have happened in the first week of 2021 and then just a casual conversation between us. If you enjoyed this episode then tune in next week for another episode that we have no idea about. Do you want your say in our show just simply record a message on anchor or DM us on Instagram? If you enjoyed this episode then please stay tunes for more or even follow us on Instagram @theliterallyanythingshow or on Twitter @LiterallyShow --- Send in a voice message: https://anchor.fm/theliterallyanythingshow/message
Craig discusses one of the security tools he uses and why you should use it too. For more tech tips, news, and updates, visit - CraigPeterson.com --- Trojan Malware Targets Trump Supporters Nmap 7.90 released: New fingerprints, NSE scripts, and Npcap 1.0.0 Tyler Technologies finally paid the ransom to receive the decryption key 5G in the US averages 51Mbps while other countries hit hundreds of megabits Apple’s T2 security chip has an unfixable flaw Verizon Payment Security Report is a Wake-up Call: Time to Refocus on PCI DSS Compliance Android Ransomware Has Picked Up Some Ominous New Trick --- Automated Machine-Generated Transcript: Craig Peterson: [00:00:00] Remember everybody, don't open those email attachments. I'm going to talk about a new tool released out there that if you're involved with security, you probably need it. So here we go. Hi everybody. Craig Peterson here. I want to talk right now about this great tool that I've been using for decades now, I think. It's called Nmap. Now it's something that I cover. In my cybersecurity mastery course, but it's something you can do to learn a lot about yourself online. There are YouTube videos about it and many others. But the idea behind Nmap is to be able to check and see what's on your network and not just what's on your network, it'll also tell you about what that particular device is, and it just does a whole bunch of things for threat management. It'll check ports. Some of this stuff can go so far as to actually try and break into the systems. Now, Nmap isn't designed to do that. It really is using fingerprints to figure out the operating system that's in use, which is really handy. Particularly for the internet of things devices that might be attached to your network. This is great for home use, as well. If you're a little bit of a techie, they have new protocol libraries. They've got payloads. Now that they've added for host discovery, port scanning version detection, which is really important to make sure that you have the latest version of different software on your systems. So you're not running something outdated. They've fixed a whole bunch of bugs. They've got some different improvements and code quality improvements. But one of the biggest things is that they're using a new driver for raw packet capturing and sending out on the windows side and the Unix side it's been stable forever, but on the windows side, there's never been a really great way to do this. There's something called WinPCap, but that driver has not been updated in the last seven or eight years. It doesn't always work on windows 10. It's using deprecated Windows APIs. I know this is a lot of. TLAs write three-letter acronyms for everybody out there. But bottom line, there is a new driver that lets software like Nmap send and receive its own packets it creates. Normally if you are writing just regular old software where you would open a network connection to a server and then speak whatever protocol you wanted to. You would ask the operating system, Hey, open up a TCP session on port 82, this web server, and so on that remote server. Obviously, I had to get them an IP address, ultimately on that far server. There's a web server and it's listening for requests on port 80. That TCP session requires five packets going back and forth, and then it's established, and then you send your get requests. So it would be like getting space HTTPS slash one dot one or whatever it might be. Whatever version of the HTTP protocol you're trying to use space. then the file you want and the server name. Then the remote server responds. It goes back and forth. There are a lot of packets that are exchanged between your computer and the remote computer, whether it's a web server remotely, or might be a file server remotely could be almost anything remotely. There's a lot going on if you're trying to do diagnosis on the network, if you're trying to figure stuff out, you want to get down to that level. Really. Remember I said, though, that the initial TCP session took five packets in order to set it up. That takes quite a bit of time in internet time because those packets have to go back and forth. Google, in fact, came up with a new version of the protocol that requires less handshaking going on. Software like Nmap that is going to connect to that web server itself wants to see all of the packets. It does not want the operating system to be sitting there, setting up the connections, and sending the data back and forth. It wants to do it. That's the whole idea behind the raw packet capturing and creating is all about. On, the Unix world, which includes Linux, Mac OOS, solarise BSD they've had great packet capture. Code running forever, but this is brand new for Windows. So if you've tried it before and it didn't always work, try it again. Nmap N M A P online, just do a search for it, or you can download it from the Nmap.org, N M A P.org. As I said, this is one of the tools we teach and answer questions about in my cybersecurity mastery course, because it's just so important. So Nmap is basically a command-line type program, but there's something called Zenmap that you can get as well as right there on the Nmap.org site that gives you a graphical front end. If you would like to tinker you probably we should grab it and download it. It's already compiled. Although you can get the source code for you can also check signatures, GPG, signatures, and SHA one hash is for the different releases they've got install, guides, everything. They try and make it very easy for you. The idea is once you have it there on your computer, You can then go ahead and run the latest release, which is right there on the homepage again. Nmap that's November Mike Alpha, Papa N M A P.org. You can just download it from right there and you're off and running. It is very handy. So you run it against your network. It's gonna come back now and show you a whole bunch of information that you need on your network. So there are penetration testing uses, Nmap defense, of course, uses Nmap. There's a bunch of stuff. Password audits, vulnerability, scanners, just all kinds of stuff that you can use right there. On the Nmap.org site. This is going to take you off-site. Now, if you're on a Unix distribution, like a Linux distribution, You can just grab RPMs for your distribution, whatever it might need be. If you're on a Mac, I think brew has it use brew. That's what I use all of the time for managing third-party software. Like this open-source stuff. It'll just download and install it for you, which is really cool. Use the least concept of least privilege. Which is what you really want to do. They've got a, they've got a reference guide that's showing you absolutely everything. There's an SSH service that it discovered on this machine. It's going to tell you which version of SSH it is. It's going to tell you what the operating system is. It's going to give you a key that you can use now to distinctly or uniquely, I should say, I say, identify what it is. I'm looking right now at a scan and it's showing me there's an SSH service. That's what I use in order to connect remotely to a computer and do command line stuff. It's showing me that there is an open Apache server, which is a web server. And it even tells me the version it's HTTPD protocol, a 2.2 0.14 running Ubuntu. Very handy stuff, because you can then feed this into other tools to know. Is it up to date? Do I need to do updates? In fact, this Nmap stuff is used as the basis for the code that uses. Cause we'll use Nmap, it'll do scans, it'll find stuff and create a database. Then we take that database back. If you have us do an audit for you, for instance, you give us the database. We don't even have to run the software. You just run it. It does all of his scans, puts it in a database. You send the database back to us in a zip file. We run it into a whole bunch of process software that lets us know exactly what's going on and also compares the versions. Check it out. Nmap. November Mike alpha, Papa dot org. Absolutely valuable tool for everybody. Hey, we're going to talk about paying ransoms when we get back in and what Tyler technologies did and why. So stick around. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553
Handling date and time is a challenge in any language, but Lau Taarnskov is determined to solve that problem in Elixir. Lau is today’s guest on Elixir Wizards, and this episode is all about his contributions to Elixir. Lau has been involved with web development and e-commerce for decades. He started contributing to Elixir open source in 2014 and created the Calendar and tzdata libraries. Calendar is a datetime library for Elixir, that provides explicit types for datetimes, dates, and times, and full time zone support is provided via its sister package, tzdata. When it comes to the subject of date, time, and time zones, besides talking about it and writing software for it, Lau also writes about it on his blog, Creative Deletion. This episode explores how Lau got started in programming, and what led him to creating Calendar and tzdata. Lau shares the resources that he found helpful when he started using Elixir, and why he was drawn to Elixir in the first place. We hear Lau’s opinions on time zones and daylight savings and whether or not they’re necessary, and he shares some advice for anyone working with time in Elixir. Then it’s time for another edition of Pattern Matching with Todd, in which Todd Resudek asks Brooklyn Zekanka five questions to help us get to know her better. Brooklyn talks about everything from she has lived, what jobs she did before becoming a programmer, and her education in classical music, to her favorite bands, movies, and TV shows, as well as some of the projects she is working on. For all this, and more, don’t miss today’s episode! Key Points From This Episode: Lau explains what TLAs are and why they aren’t always helpful for explicit communication. Lau introduces himself and shares how he got into programming and computer science. The resources Lau found most useful when he started using Elixir, including books he read. What it means that Elixir’s source code is written in Elixir, and why that was helpful for Lau. Lu talks about Calendar, a datetime library that Lau created for Elixir, and Tzdata, a parser and library he created for the tz database, and why he created them. How Lau deconstructed the time zone problems and how his ideas have changed over time. Lau’s opinions on time zones and daylight savings and whether or not they’re necessary. Advice from Lau for anyone working with time in Elixir. Another edition of Pattern Matching with Todd – today’s guest is Brooklyn Zelenka. Where Brooklyn was born, where she has lived, and the jobs she did before programming. Brooklyn talks about her musical background and how it’s similar to programming. Brooklyn shares a pro tip about slides and reflects on her highlights as a speaker. What Brooklyn would be doing if she weren’t a programmer and the genre of music she likes. Brooklyn’s favorite TV shows and movies, including Amadeus and Mad Men. Brooklyn shares what she’s working on currently and the next project she’s excited about. Links Mentioned in Today’s Episode: Lau Taarnskov on Twitter – https://twitter.com/laut Creative Deletion Blog – http://www.creativedeletion.com/ Lau Taarnskov on GitHub – https://github.com/lau Calendar on GitHub – https://github.com/lau/calendar Tzdata on GitHub – https://github.com/lau/tzdata Elixir in Action – https://www.amazon.com/Elixir-Action Programming Elixir – https://www.amazon.com/Programming-Elixir-1-6-Functional-Concurrent/ Brooklyn Zelenka on LinkedIn – https://www.linkedin.com/in/brooklynzelenka/ Brooklyn Zelenka on Twitter – https://twitter.com/expede Brooklyn Zelenka on GitHub – https://github.com/expede FISSIONcodes Website – https://fission.codes/ SmartLogic — https://smartlogic.io/ Amadeus — https://www.rottentomatoes.com/m/amadeus Mad Men — https://www.rottentomatoes.com/tv/mad-men Special Guest: Lau Taarnskov.
Geoff Ramsey of eMarketer joins the conversation with Terry Kawaja to parse the shiny new objects that fascinate the marketing world. Together, they take an objective assessment of the hype generated by the ubiquitous buzzwords and TLAs to determine which ones are real and which ones are B.S.
It sometimes seems like there must be a Moore's Law of marketing technology (or "martech," as the cool kids call it, and our site is on a .io domain, so we’re definitely the cool kids) whereby the number of platforms available doubles every 6 to 8 weeks. And, every couple of months, it seems, a whole new category emerges. From CMS to DAM to CRM to TMS to DMP to DSP to CDP, it's an alphabet soup of TLAs that no one can make sense of PDQ! On this episode, Michael, Moe, and Tim sat down with the man who coined the name for one of those categories back in 2013: David Raab, the founder of the CDP Institute! It was a lively chat about the messy world of vendor overload and how to frame, assess, and successfully manage martech stacks. For complete show notes, including links to items mentioned in this episode and a transcript of the show, visit the show page.
Agricultural like many other industries is very fond of TLAs and FLAs - that's Three Letter Acronyms and Four/Five Letter Acronyms!! Demystify the mire of legal obligations in this episode which introduces you to what you need to know and do in your country when you own, sell, buy or move sheep. So whether you are a shepherd in Canada, United States of America, Ireland, Australia, United Kingdom or Europe this podcast will help you know your PIDs from your PINs and PICs!!
Summary We all know leaders that love using jargon. This doesn’t just lead to eye-rolls - recent research demonstrates that jargon damages our ability to lead. Transcript Hello and welcome to episode 68 of the Leadership Today podcast where each week we tackle one of today’s biggest leadership challenges. This week we explore how jargon damages our ability to lead. We all know leaders that love using jargon. They’re always using acronyms and spouting the latest organisational buzz words. But, beyond the usual eye-rolls the jargon junky elicits, is there any other impact? Recent research suggests that the use of jargon hampers our ability to lead others effectively. One definition of jargon is “special words or expressions that are used by a profession or group that are difficult for others to understand”. Jargon helps those in the know to feel more part of an exclusive group. But that exclusiveness comes, by definition, at the exclusion of others. Jargon can easily create a barrier that reinforces insiders and outsiders. As a management consultant, I came across a lot of jargon. I learnt quickly to ask what jargon words meant, knowing I had to work them into a report at some point. Once you let the jargon word pass the first time, it just became more difficult to find out what the word meant later. Sometimes we are so immersed in our environment that we don’t even recognise the jargon we’re using. It’s often highly specific to our group or organisation. Recently I saw a presentation which included 14 acronyms on one PowerPoint slide. While the mostly insider audience nodded along, I was mystified. That’s not a big deal in that case as I was just an observer, but I wonder how it felt for those in the audience who were new to the organisation and were potentially reluctant to ask what the sea of TLAs (or Three Letter Acronyms) meant. And jargon happens across cultures too. On my first business trip to the USA I naively thought it would be pretty similar to Australia given our shared language and cultural heritage. I quickly figured out that a slide deck was code for a PowerPoint presentation - a term that has now made its way around the world. At the local department store it took me a little while longer to work out that the “men’s personal furnishings” area was where the underpants were sold, and not a department specialising in replacing pants with credenzas. But then a colleague described a service offering as being “from soup to nuts”. Given the context, I correctly assumed this meant from start to finish, but I couldn’t picture a meal that started with soup and ended with nuts. When I asked him about the phrase he had no idea where it came from either. It turns out “soup to nuts” is a uniquely United States expression that is rarely used in other parts of the world. In fact it refers to a fairly typical 1800s multiple course meal which did indeed start with soup and end with port and nuts. On a side note, the phrase originally goes back to a similar Latin phrase meaning “from eggs to apples”. But the use of the term made me feel like an outsider in a strange land. Saying the service covered everything from start to finish would have been easier on us both. But then again I come from a country that calls traffic cones “witch’s hats”, so I’m not really one to pass cultural judgement. In leadership there’s always a risk of information being lost in translation and people being made to feel excluded. Using jargon just makes the situation worse. Research published just last month reconfirms that jargon reduces the ability for people to process information. It’s as if jargon makes information harder to hear. That’s not overly surprising and replicates previous studies. What’s interesting is their finding that the impact on processing information persists even if definitions of terms are included. So even if I explain what the jargon means, I’m still losing my audience in the process. The research shows that using jargon has three main impacts: People understand less People identify with the message and messenger less People are less interested in finding out more about the topic I’ve talked before about the importance of building connections with others through warmth and competence (episode 14 if you want to listen again). People who use jargon in an attempt to demonstrate competence might reduce their ability to build connection. Leaders play a significant role in helping others to feel like they belong. This research demonstrates that if you want them to belong faster, cut down the jargon. So how do we reduce the use of jargon in the workplace? One technique I’ve seen is a jargon jar. You may have come across swear jars in the past, where people add a small amount of money each time they swear. It’s a light hearted way of making them more aware of their behaviour. Well, you can do the same for jargon. As a leader, model it yourself and get those coins ready - you may need them. Okay - I think we’ve covered the subject of jargon from soup to nuts, or indeed from eggs to apples. Now you just need to figure out what jargon is being used in your workplace and make an effort to reduce it. A big shout out to those who have provided a rating of the podcast over the past few weeks. That always pushes up the podcast charts and helps new people to find us. Have a great week. Reference Hillary C. Shulman, Graham N. Dixon, Olivia M. Bullock, Daniel Colón Amill. The Effects of Jargon on Processing Fluency, Self-Perceptions, and Scientific Engagement. Journal of Language and Social Psychology, 2020; 0261927X2090217 DOI: 10.1177/0261927X20902177
Copyright 2019 - The Energy Show, Barry Cinnamon Hold onto your seats because this is going to be the most exciting Energy Show I've ever done. This week we are talking about … DRUMROLL … your PG&E electric bill. Modern utility bills are a masterwork of corporate obfuscation (Wikipedia: the obscuring of the intended meaning of communication by making the message difficult to understand, usually with confusing and ambiguous language). Indeed, there should be a picture of a PG&E electric bill on Wikipedia for illustration purposes. Rather than trying to figure out their electric bill, most people's eyes glaze over — they just write a check or click on Bill Pay to get the offending document out of their inbox. Almost every one of us could be paying an extra $10 or more a month and we would never know. Fortunately, the PUC (that's a Three Letter Acronym for Public Utility Commission) tries to ride herd on overzealous utility rate makers. Most mortals can understand charges per kWh — and solar customers understand NEM. But it helps to have a Master's Degree in TLAs to understand the meaning of charges such as NBC, IOU, CTC, PCIA, CCA, DWR and PPP. As well as the myriad of whacky charges, confusing terminology, cross billing, negative credits, random taxes and alphanumeric rate soup. Here is a summary of my handy Utility Bill Dictionary to aid in explaining some of these TLAs: NBC – not the peacock network, but charges that solar customers pay because everybody does not have solar IOU – big, profitable utilities that should be renamed U owe Them. CTC – charges to all customers because utilities built power plants that are no longer needed PCIA – charges to certain customers because utilities signed contracts for power at above market rates CCA – efficient and low-overhead municipal-type utilities that sell electricity for much less than IOUs DWR – charges to customers to cover PG&E's first bankruptcy in 2001. These charges should end in 2020 at about the time PG&E's new bankruptcy charges will hit our bills. PPP – charges to fund public benefits, including solar incentives, low income assistance, and utility ads telling us to get a flashlight when they cut off our power So be sure to listen to this week's Energy Show as we delve into a typical solar customer's PG&E electric bill and attempt to explain it on a page-by-page basis.
Primer episodio disponible el 25 de Septiembre de 2019. César (@heycesr) y Marcos (@thewarcos) presentan Lo de Producto, un Podcast enfocado al diseño y desarrollo de producto, todo en Español. Bueno, usaremos anglicismos a diestro y siniestro, como por ejemplo: Product Design, Product Management, Deadline, Launch Day, Wireframe, o Hypnotize. Y un montón de TLAs como: MRR, NPS, CTA, SEO, o BIG. Seguidnos en Twitter (o en Instagram si tenéis un perfil más millennial): @lodeproducto --- Send in a voice message: https://anchor.fm/lodeproducto/message
According to the 2019 Direct-to-Consumer Wine Shipping Report by Sovos and Wines Vines Analytics, the value of the DTC shipping channel reached $3 billion in 2018, up from $2.69 billion in 2017. Volume was up by 9% to 6.3 million cases, and the average price per bottle increased to $39.70. All this means is that DTC sales and marketing is big business and continues to grow. On today’s episode, we interview an expert in the field of DTC wine marketing, whose agency works with wineries in the U.S., Canada, and Australia; Emma and I lead a discussion on how the DTC and PR departments can work more closely together; and our tip of the week is one suggestion on using CRM to capture and nurture DTC leads. Notes from the show: Direct to Consumer Wine Shipping Report - https://www.shipcompliant.com/dtcreport19/ Sandra Hess - https://dtcwineworkshops.com/ Sarah Horner – https://www.montinore.com/ Susan DeMatei – https://www.wineglassmarketing.com/ Balzac Communicatons – https://www.balzac.com --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/htbpodcast/support
Your Hosts: Howard, Mary Robinette, and Dan, with special guests Bart Smith and Ben Hewett When we talk about space travel we're usually talking about rocket scientists and astronauts. In this episode we spoke with our guests Bart Smith and Ben Hewett, about the "unsexy" (read: possibly boring but don't be deceived) side of the space program—budgeting, logistics, and procurement. RFI and RFP, with toilets, hammers, and business cards; that's this episode. (For those unfamiliar with the above TLAs [three letter acronyms], RFI and RFP stand for Request for Information and Request for Proposal.)
“The best marketing books aren’t about marketing - they just have some marketing stuff in them.” This quote comes from Dan Calladine Head of Media Futures at Carat this week on the Shiny New Object Podcast. This insight is typical of Dan who has a knack of telling us something obvious that we hadn’t realised. In the course of an hour we find out that “older people are the most valuable marketing audience” and that “you can read any marketing book in four hours.” But it’s not all high-level stuff. As well as being one of the most influential innovation people in town he’s also influential in food. His @londonpopups profiles on instagram and twitter are sizeable audiences. What makes Dan so intriguing is his interest in the nuances of the social platforms but also the mastery of the macro. Dan’s shiny new object is ‘programmatic’ which he manages to beautifully describes without using any TLAs (three letter acronyms). There’s a lot to learn in this podcast from this articulate and engaging thinker and doer that I was proud to spend an hour with.
The crew discuss Australia's ODI tour of England, FTP and JLT and a few other TLAs. Canada T20 too.
July 12, 2017 The Last Aid Station Show Page THIS EPISODE IS BROUGHT TO YOU BY WAUSAU24. USE CODE RAD20 AT CHECKOUT FOR 20% OFF YOUR ENTRY ABOUT THIS EPISODE: Mark lays out where TLAS is going before launching into an interview with Rose Grant. Mark talks with Rose about her trajectory from a collegiate soccer player transitioning to distance running and not touching her bike for a decade. Rose gives us the lowdown on how returning to the bike and rising to the pro ranks happened so quickly, with the birth of a child and injury sprinkled in along the way. Tune in to here how Rose overcame setbacks and grew stronger in the face of adversity to rise to her level of dominance today. If you are a race director or racer who would like to hear your race report on an episode of The Last Aid Station, please contact Mark at Mark@Mountainbikeradio.com. ------------ RELATED SHOW LINKS This episode brought to you by Wausau 24 Shop through our Amazon Affiliate Link Go to the Mountain Bike Radio Store Rose's Team/Sponsors Rose Grant Website Rose Grant Instagram Stan's No Tubes Pivot Cycles Shimano Castelli Maxxis Clif Bike Flights Pro Kask Fox Shox Osprey Cassette Creative National Ultra Endurance Series The Last Aid Station is on Twitter Support The Last Aid Station The Last Aid Station The Last Aid Station Facebook Page Mountain Bike Radio Endurance Calendar Email Mark Email Ben BECOME A MOUNTAIN BIKE RADIO MEMBER
Episode 012 TLA Part 5 Happy Book Day Ya’ll!! A special part of TLA is getting to meet your favorite authors in person, or discover your NEW favorite author. Megan interviews author Casey Lyall about her “Howard Wallace P.I.” series as well as finds out what her current favorite reads are. (Hint- they all sound amazing!) As a bonus, Megan got to speak to the dynamic Heather Lamb from A.V. Cato Elementry. Heather has pretty much done it all in the library world and she was one to TLAs experts and even taught a special hands on seminar that Megan attened. Find out what books she recommends for the summer. Books discussed in this episode of the Bee Cave Book Haul Howard Wallace, P.I. by Casey Lyall The Voyage to Magical North by Claire Fayers The Gauntlet by Karuna Riazi Whoosh!: Lonnie Johnson's Super-Soaking Stream of Inventions by Chris Barton and Don Tate The One and Only Ivan by Katherine Applegate The Lemonade War by Jacqueline Davies Start With Why by Simon Sinek Intro and Outtro Music from http://www.purple-planet.com/ For more about the Texas Library Association check out TXLA.org Check out Caseys first “Howard Wallce P.I.” book on OverDrive, and learn more about her on her website https://www.caseylyall.com You can follow Heather Lamb via twitter @heatherlamb08 or visit her libraries website http://avc.castleberryisd.net/avc_library/
It’s the Big Five-Oh for Alan and Brent. For our golden anniversary, we talk about TLAs, PMs gone wild, the Concierge MVP, and Brent takes a scrum master quiz. --- Support this podcast: https://anchor.fm/abtesting/support
It’s the Big Five-Oh for Alan and Brent. For our golden anniversary, we talk about TLAs, PMs gone wild, the Concierge MVP, and Brent takes a scrum master quiz.
The regular thunder::cast crew is joined by thunder::tech's Senior Director of Development Department, Bruce Williams, to discuss his recent blog post entitled “How to Get the Most Out of Your CRM.” Bruce outlines some useful tips for anyone considering investing in a customer relationship management (CRM) system or those who already have one up and running. Businesses big and small can maximize their investment and benefit greatly from a CRM to increase leads, boost closing rates and deliver superior customer service. A CRM is a unanimous purchase for most operations, so you should make every effort to get the entire team on board with your CRM and ensure that it's customized to suit the needs of everyone from the legacy sales force to brand new customer service reps. You don't want to miss this conversation covering CRM, ROI and other exciting TLAs (three-letter acronyms).
Ahhh….it's almost springtime. The weather is getting warmer, the trees are starting to bud, and people are starting to think about their next home improvement project. And along with the warming weather, the solar salespeople are starting to swarm on unsuspecting homeowners like locusts from the plagues of Egypt. You may be interested in rooftop solar. But solar products, systems and terminology are confusing. As you do your research you'll be inundated with TLAs (three letter acronyms)...and the more installers you talk to, the more you'll get confused. On this week's Energy Show we'll review a Four Step Process that you can use to compare different home solar proposals. Step One: Compare Installers. Consider local installers, check references from friends and neighbors, and read online reviews. You will almost always get better service and faster installation turn around with a local company. When hiring someone to work on my house, for accountability purposes I always prefer contractors that have their own trained crews (not subcontractors or temporary works). Step Two: Determine the Cash Price of the Installed System on a Per Watt Basis. Just as buying a car, you always want to shop for the best cash price -- keeping financing out of the picture. Get a quote for the total installed system (no deductions yet for incentives or tax credits). Then determine the total number of DC watts of the system (number of panels times watts per panel). Divide the watts into the dollars to get a $/watt price for your system. Pricing can range from the low $3/watt to over $5/watt. For example, a system priced at $20,000 for 20 panels, each with a rating of 270 watts, will cost $3.70/watt. Don't get distracted with varying claims about equipment reliability, inverter efficiency or panel degradation -- they are all about the same. Regardless of manufacturer or installer, every system will put out about the same amount of energy (and annual dollar savings) if it has the same DC watt system size. Step Three: Compare Equipment and Services. Solar panels are commodities, but you will pay more for higher efficiency and more well known brand names. All panels have 25 year warranties, and will operate maintenance-free (except for an occasional cleaning if they get very dirty). The only time you need higher efficiency is when you have limited roof space. Nevertheless, you may prefer solar panels that look all black and are mounted flush to the roof, or micro-inverters and optimizers that have built-in safety features, or a system that has monitoring that you can view on your cell phone. Step Four: Compare Financing. There are so many assumptions involved in financing, system output, energy rates and output “guarantees” that it is almost impossible to compare the total savings numbers. That is why it is easiest to compare cash prices or, if you are considering a lone, comparing interest rates. Watch out for escalation rates applied to energy prices (escalation rates will inflate your savings) and monthly payments (escalation rates will increase your repayment costs). Rooftop solar has never been more cost effective and reliable as it is now. Favorable tax policies, local incentives and net metering combine to make solar a great long term investment. So if you're considering rooftop solar, Listen Up to this week's Energy Show on Renewable Energy World.
Why aren’t there ant sized elephants? Or, why aren’t there elephant sized ants? What is small, large or infinite? Are there theoretical limits to size for living & physical bodies? Was the Universe infinite in size even at Big Bang, & how? Is there a center of the Universe? Are there different kinds of infinity? Do different infinities have different cardinalities? What is countably or uncountably infinite? Can there be an infinity ‘smaller’ than Aleph-naught? How is infinitely small (infinitesimal) different from infinitely large? Would the smallest interesting living bodies be about 3,000 Angstroms in size, & why is this dependent on the size of DNA? Is there a reason why whales are larger than elephants? What is the reciprocal of infinity? How can point-like elementary particles be massy? How large is the (yet unknown) elementary particle comprising dark matter likely to be? For natural evolution, over very long time scales, does it pay to be small? Are we equally incapable of seeing the nothingness from which we emerge and the infinity by which we are engulfed? SynTalk thinks about these & more questions using concepts from evolutionary & developmental biology (Prof. Vidyanand Nanjundiah, Center for Genetic Studies, Bangalore), mathematics (Prof. Sujatha Ramdorai, University of British Columbia, Vancouver, Canada), & cosmology and particle physics (Prof. Raghavan Rangarajan, PRL, Ahmedabad). Listen in....
This week Dave and Gunnar talk with Mohana Ravindranath about CIA, 18F, and other TLAs. Welcome Mohana Ravindranath! CIA Social Media Team: We Use Twitter to ‘Explain Our Mission’ The Informers 18F Takes on ‘Micropurchasing’ Experiment Dave and Gunnar encourage everyone to check out Nextgov! We Give Thanks Mohana Ravindranath for being our special guest star! Camille Tuutti for introducing us to Mohana! Special Guest: Mohana Ravindranath.
On the Cryptographic Uses of TLAs; by Dash Ŋ. Ooba-Nuhd; From Volume CLXXIII, Number 3, of Speculative Grammarian, July 2015 — Claude SPP in his angry screed, “TLAs DOA? TBD!” entirely missed the point of BizSpeak, as do most speakers of BizSpeak. (Read by Trey Jones.)
TLAs DOA? TBD!; by Claude Searsplainpockets; From Volume CLII, Number 2, of Speculative Grammarian, March 2007 — In the course of several months of anthropological and linguistic data collection among native speakers of BizSpeak, a degraded and virulent offshoot of English used by mentally deficient holders of MBAs and their ilk, I noted several disturbing trends. (Read by Claude Searsplainpockets.)
In this episode, I speak with special guest, David Wiens (Business Development Manager, System Design Division at Mentor Graphics) about PCB industry trends and the 26th annual Technology Leadership Awards (TLAs). The longest running competition of its kind, the TLAs recognize engineers and CAD designers who use innovative technology to address today’s complex PCB systems design challenges. Dave and I talk about various aspects of the competition as well as the trends that are revealed through the new submissions each year. So, listen in for details and then gather up your best designs from the past year. Oh, and tell your friends who you know created some impressive work too. A little healthy competition amongst friends is a good thing, right? Plus, there are some great prizes for the winners. Contest categories: Computers, blade and servers, memory systems Consumer electronics and handheld Industrial control, instrumentation, security and medical Military and aerospace Semiconductor packaging Telecom, network controllers, line cards Transportation and automotive Trust me, you don't want to don't talk yourself out of submitting your design(s) because you think they may not be technically complex enough to submit. The judging criteria spans beyond size and density. Who knows, you could be among the next set of winners! Where to go next: Learn more and watch the TLA video on the TLA page Start the entry process Check out the previous winners Read Vern Wnek’s blog posts about the TLAs Have questions, topics of interest, or a guest recommendation? Send them to pcb_techtalk@mentor.com so that we can feature them in future episodes. Guest Bio: David Wiens joined Mentor Graphics in 1999 through the acquisition of VeriBest. Over the past 25 years, he has held various engineering, marketing and management positions within the EDA industry. His focus areas have included advanced packaging, high-speed design, routing technology and integrated systems design. He holds a B.S. in computer science from the University of Kansas.
Scott talks to accessibility advocate Steve Lee about today's accessible web. We've all added alt tags around images (or we should) but what does a modern AND accessible application require? Steve educates Scott on ARIA, WCAG, WAI and other TLAs (three letter acronyms) and gives us practical actionable advice on how we can make the web available to everyone.
Law & Business - the podcast about legal issues and how they affect your business.
Episode 13 of the "Law & Business" podcast welcomes Oz Sultan again. Oz Sultan In this episode, Oz and Anthony talk about three internet policy thoughts. Domain Name Issues Management and Enforcement of Intellectual Property Economic Rationals for Enforcement Also - was .sucks a good idea or a bad idea and can registering a .sucks domain name bring legal action? Here is a lightly-edited transcript of the podcast episode: Anthony Verna: So welcome again to the Law and Business podcast. I'm here again with Oz Sultan. And how you doing? Oz Sultan: Hello. Good to be catching up. Anthony Verna: So let's start here. Plug yourself once again for those who may have missed your previous appearance. Oz Sultan: Sure. I am Oz Sultan and I focus on digital strategy, brand management, the execution and development of social campaigns and lead generation. And we have a new analytics dashboard product. So if you have a big data problem or a social digital data problem or a brand problem, SCM, that kind of stuff, we can probably help you develop your KPIs and look at all of that stuff in a simple way that your executives will love. Anthony Verna: What is a KPI? I do advertising law and I never heard that phrase before. Oz Sultan: Key Performance Indicator. It's basically what are your metrics? It's like what's important to you? Anthony Verna: I can't keep up with the TLAs today. Oz Sultan: I know. At least that's better than, than trying to keep up with the TLDs. Anthony Verna: Those I can keep up with. Oz Sultan: And the TMCs… Anthony Verna: Quick aside, speaking of TLS… Oz Sultan: What's your P's and Q's? Anthony Verna: Yes, exactly. Speaking of top level domains, there are some issues because apparently I can allow the .sucks. And, of course, a lot of companies are up in arms because who wants to… Oz Sultan: Let's talk about the most important person who is up in arms, Taylor Swift. Anthony Verna: Why? Did somebody register TaylorSwift.sucks? Oz Sultan: No, as soon as the TLDs came out, Taylor Swift went out and registered a lot of those for herself and it kind of hearkens back to in 2000 going back to yesteryear or going back to a 2001- 2002 When I was running, fye.com, which had to be purchased from the Fye family of Australia. And that was a Trans World property back when Trans World was a $3 billion company, and had all of the music stores in the country and then bought Tower and Warehouse and sort of imploded like a flan in the cupboard. I had to sit there with this much older than I woman and explain to her in graphic detail why we had to buy swear word permutations of the domain. She was sitting there basically just ghost faced with the list I gave her, cause there was about 75 different permutations, but it was basically F a F coconuts, F FYE because they owned every single music store back then. Anthony Verna: Right. I understand. Oz Sultan: So one of the things that you know, that harkens back to is reputation management and piracy and some of the things I guess you want to discuss today. Anthony Verna: Sure, we can easily slide into that because talking about management of intellectual property, and that's one way of managing trademarks and managing brands. And as many brand owners will tell you, you have to make sure that people can can't come at you in other ways. And having all those, owning all those domain names, regardless of the permutations, is one way of getting people to not, not talk about. Oz Sultan: Just out of curiosity, how much are the dot sex domains? Anthony Verna: Dot sex? Oz Sultan: Dot sucks. Anthony Verna: Sorry. Some were going for $2,500. Let's take a look cause I know some are going for really high numbers here, but, Joel Wilcox. sucks. So, whoever owns that now with selling it for about $4,000. Wow. Yeah. So, some people are buying domains like ADP. Dot sucks. Applecare.sucks and you know, eharmony.sucks. But, I'll go and do something that I did a long time ago and I...
May 30 - Stage 6 of the Trans-Sylvania Mountain Bike Epic. We are bringing you updates on the 2014 Trans-Sylvania Mountain Bike Epic Stage Race. Sue George is writing great, daily press releases for all media that provides readers some great insight and information into the daily races. Instead of just reproducing those results onto another website, we wanted to share those with you in an easy format that you could take with you, listen to while you're at work, on the train, or anywhere else sitting down to read an article for 15 minutes isn't convenient. Sue and Trans-Sylvania Mountain Bike Epic are gracious enough to let us produce their press releases into audio for you! Stage 6 is the "Tussey" stage. Perhaps the most awesome stage of the week, this route is one of the favorites. The 2014 version is a mix of what has come before, combining courses and trails from the first four years of trips through Rothrock State Forest. New enduro segments on Long Mountain Trail and the never before included Hessick Trail augment the enduro segment count to three. Rocky singletrack lovers will love the scenic Tussey Ridge Trail. 42 miles with 4,883 feet of climbing.
We are bringing you updates on the 2014 Trans-Sylvania Mountain Bike Epic Stage Race. Sue George is writing great, daily press releases for all media that provides readers some great insight and information into the daily races. Instead of just reproducing those results onto another website, we wanted to share those with you in an easy format that you could take with you, listen to while you're at work, on the train, or anywhere else sitting down to read an article for 15 minutes isn't convenient. Sue and Trans-Sylvania Mountain Bike Epic are gracious enough to let us produce their press releases into audio for you! Stage 5 is the "R.B. Winter" stage. This stage travels through a lightly used area that is among the most picturesque riding in Pennsylvania, and old tram trails from early 20th century logging cuts will leave riders with a new understanding of baby-head rocks. Black Gap Trail is hard for riders to forget and for those who've experienced it and White Deer Creek Trail ranks among the top 10 trails in Pennsylvania. R.B. Winter State Park is a beautiful park with a cold, spring-fed lake at the finish. It includes four enduro segments with a wide variety in features. For more information about the race, head over to the race website.
We are bringing you updates on the 2014 Trans-Sylvania Mountain Bike Epic Stage Race. Sue George is writing great, daily press releases for all media that provides readers some great insight and information into the daily races. Instead of just reproducing those results onto another website, we wanted to share those with you in an easy format that you could take with you, listen to while you're at work, on the train, or anywhere else sitting down to read an article for 15 minutes isn't convenient. Sue and Trans-Sylvania Mountain Bike Epic are gracious enough to let us produce their press releases into audio for you! Stage 1, "Bald Eagle Time Trial", on Sunday gave racers a short and intense opportunity to kick things off with a time trial. Stage 2, "Coopers Gap," went right after riders with relentless climbing and technically challenging trails.
We are bringing you updates on the 2014 Trans-Sylvania Mountain Bike Epic Stage Race. Sue George is writing great, daily press releases for all media that provides readers some great insight and information into the daily races. Instead of just reproducing those results onto another website, we wanted to share those with you in an easy format that you could take with you, listen to while you're at work, on the train, or anywhere else sitting down to read an article for 15 minutes isn't convenient. Sue and Trans-Sylvania Mountain Bike Epic are gracious enough to let us produce their press releases into audio for you! Stage 3 is the "Gailbraith Enduro" stage. Racers compete over five separate enduro segments with no timed racing in between segments - pedal on to the next segment and go. The timed segments are then added to the overall general classification and the enduro category. Stage 4 is the "Coburn" stage. This stage may have been the most exciting stage in 2013, as many of the top riders attacked in attempts to make moves in the race general classification. For more information, results, and pictures go to the TSE Website
Download Audio File What?!? Don't you love acronyms? I personally get along with TLAs (three-letter acronyms), but FLAs? It is a bit much. TWOSD, or Tensioned Web Over Slot Die, is a coating technique that has some unique advantages. The concept behind TWOSD is that when a slot die is [...]