POPULARITY
4 episodes with uat
2 episodes with uat
2 episodes with uat
2 episodes with uat
2 episodes with uat
2 episodes with uat
3 episodes with uat
2 episodes with uat
2 episodes with uat
Five Eyes flags active exploitation of Cisco SD-WAN flaws. Ransomware incidents surge, but fewer victims are paying. The FTC eases its stance on COPPA to encourage age verification. Authorities in Poland and Germany charge 11 in a Facebook credential harvesting scheme. Top UK news outlets unite on AI licensing standards, as the UK touts gains in cyber resilience. Researchers say a hacker abused Anthropic's Claude to breach Mexican government networks. Gamers revolt over AI in game development. On our Industry Voices, we are joined by Linda Gray Martin, Chief of Staff and SVP, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2026. In Moscow, a man is accused of impersonating an FSB officer to shake down the Conti ransomware gang. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices, we are joined by Linda Gray Martin, Chief of Staff and SVP, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2026. Selected Reading Cisco SD-WAN Is Actively Exploited by UAT-8616, Five Eyes Alliance Agencies Issue Warning (TechNadu) Ransomware payments dropped in 2025 as attack numbers reached record levels: Chainalysis (The Record) FTC Softens Enforcement of Rule Protecting Children Online, Ostensibly to Protect Children Online (Gizmodo) Poland Cybercrime Unit Uncovers Scheme Stealing 100,000 Facebook Logins (The 420) UK news giants form 'NATO for news' group to control AI scraping (Press Gazette) Government cuts cyber-attack fix times by 84% and launches new profession to protect public services (GOV.UK) Hacker Used Anthropic's Claude to Steal Sensitive Mexican Data (Bloomberg) AI Mistakes Are Infuriating Gamers as Developers Seek Savings (Bloomberg) Moscow man accused of posing as FSB officer to extort Conti ransomware gang (The Record) AIs can't stop recommending nuclear strikes in war game simulations (New Scientist) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
As South Africa approaches the 2026 State of the Nation Address, United Africans Transformation (UAT) is calling on President Cyril Ramaphosa to move beyond repetition and symbolism. UAT says the address must include clear, time‑bound commitments that address weak economic growth, high unemployment, rising violent crime and deteriorating public services. The party also demands a full, transparent report on what the government has delivered since taking office, warning that without accountability, the SONA will remain another exercise in reassurance without results. Elvis Presslin spoke to Dr Wonder Mahlatse President of United Africans Transformation party
CISO Jadee Hanson shares how Vanta "drinks its own champagne," running on NIST CSF with quarterly baseline reviews and using Vanta's GRC platform to turn every release into live UAT for privacy, governance, and compliance. We rethink third-party management—why point-in-time risk scores are fading and how AI drives continuous monitoring and outcome-based assurance. Bottom line: don't just audit—instrument your controls and prove trust in real time. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-221
South African politicians are under fire after getting a 3.8% pay hike, despite many citizens struggling with poverty and unemployment. The United Africans Transformation, UAT party says the increase is an "insult to the poor" and wants it reversed. Critics argue the government's priorities are skewed, with many South Africans struggling to access basic services. The pay hike takes effect on the first of April this year. To elaborate further on the party's concerns, Elvis Presslin spoke to UAT National Spokesperson, Mighty Mabule
This week, we talk about how Microsoft disrupted a long-running, large-scale cybercrime-as-a-service platform called RedVDS that has been active since 2019 and was used in high-volume phishing and BEC scams (1:00), then we discuss the research from Cisco Talos on another (!) Chinese APT called UAT-8837 that is targeting critical infrastructure organizations in North America (6:06), and finally there's the clever new StackWarp vulnerability in AMD processors that was disclosed this week (9:44).RedVDS takedownCisco Talos reportStackWarpSupport the show
What is the role of tape backup in 2026? Should ZFS be used on tape? Steve takes us back to his days at IMAX and gives us some things to think about when using tape. We answer your questions, take your feedback -- During The Show -- 00:50 Immich - Greg Immich (https://immich.app/) feedback Round 1 deployment recap Round 2 deployment recap Latest breakage Things Steve likes about Immich Ente (https://ente.io/) experience Rising tide, iron sharpens iron Everyone hits problems sometimes 11:50 General Show Feedback - Pete Thank You feedback Buying Expedition 33 Noah purchased Expedition 33 "Little Noah" and budget Using external disks for games 16:28 News Wire Curl 8.18 - curl.se (https://curl.se/ch/) Doxygen 1.16 - doxygen.nl (https://www.doxygen.nl/manual/changelog.html) Windowmaker Live 13.3 - wmlive.sourceforge.net (https://wmlive.sourceforge.net) Budgie 10.10 - buddiesofbudgie.org (https://buddiesofbudgie.org/blog/budgie-10-10-released) Pentoo 2026.0 - pentoo.ch (https://pentoo.ch/isos/Release/Pentoo_Core_amd64_hardened/) Nitrix 5.1 - nxos.org (https://nxos.org) Debian 13.3 - debian.org (https://www.debian.org/News/2026/20260110) Linux Mint 22.3 - linuxmint.com (https://www.linuxmint.com/rel_zena.php) Bose Open Sources Speakers - designboom.com (https://www.designboom.com/technology/bose-recycles-discontinued-wireless-speakers-open-source-01-09-2026/) UAT-7290 - thehackernews.com (https://thehackernews.com/2026/01/china-linked-uat-7290-targets-telecoms.html) GoBruteforcer - darkreading.com (https://www.darkreading.com/threat-intelligence/gobruteforcer-botnet-targets-50k-plus-linux-servers) VoidLink - thehackernews.com (https://thehackernews.com/2026/01/new-advanced-linux-voidlink-malware.html) NousCoder-14B - venturebeat.com (https://venturebeat.com/technology/nous-researchs-nouscoder-14b-is-an-open-source-coding-model-landing-right-in) Razer AI Kit - techpowerup.com (https://www.techpowerup.com/344924/razer-intros-aikit-an-open-source-project-for-easier-local-llm-development) 17:55 Caller Btrfs Assistant (https://gitlab.com/btrfs-assistant/btrfs-assistant) Restoring btrfs snapshots Base vs incremental snapshots Framework Knowledge Base (https://knowledgebase.frame.work/en_us/fedora-system-restore-root-snapshots-using-btrfs-assistant-rkHNxajS3) 23:00 Music Production on Linux Started with misconception everything is for Windows and Mac Not many instruments are being made Hybrid pianos Stage pianos Pianoteq (https://www.modartt.com/) Virtual instruments Hammer graded controllers Semi weighted keys Synth Keys Akai Professional MPK Mini Plus Amazon (https://www.amazon.com/dp/B0BFBDT2D2/) VST3 MT Powerdrum (https://www.powerdrumkit.com/) Tal Base Line 101 (https://www.tal-software.com/products/tal-bassline-101) 36:50 Tape Backup Slow but reliable and cheap Tar command Data velocity Burn rate How to use tape Tools for data tapes Failure domain -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/475) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
The new year is here! And so are the attacks. The first full week of 2026 brought us new research from Cisco Talos on a China-nexus APT group called UAT-7290 that is expanding its targeting and serving as an initial access group as well as a cyber espionage team (3:02). There is also some great data from GreyNoise on the attack volume from actors trying to exploit the React2Shell vulnerability from December (8:26). The volume is holding steady at more than 300,000 sessions per day, which is...high.Talos report: https://blog.talosintelligence.com/uat-7290/GreyNoise report: https://www.greynoise.io/blog/cve-2025-55182-react2shell-opportunistic-exploitation-in-the-wild-what-the-greynoise-observation-grid-is-seeing-so-farSupport the show
Die United Africans Transformation sê Suid-Afrikaanse werkgewers sukkel reeds om werkers met basiese vaardighede soos geletterdheid, syfervaardigheid, en probleemoplossing te vind. Die party waarsku die handhawing van 'n slaagsyfer van 30 persent in skole vererger hierdie vaardigheidsgaping, wat leerders onvoorbereid laat vir die eise van die moderne werkplek en hul toekomstige werksgeleenthede beperk. Die woordvoerder van UAT, Mighty Mabule sê die lae drempel verberg sistemiese probleme in onderwys:
The United Africans Transformation, UAT party is calling for the dissolution of the Government of National Unity, citing its inability to function effectively due to internal conflicts and policy disagreements. The party says the GNU is a "coalition in chaos", unable to provide stable leadership or deliver on its promises. Elvis Presslin spoke to Mighty Mabule, UAT National Spokesperson
Send us a textCheck us out at: https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouvA single malicious insider flipped Disney menus to Wingdings and tampered with allergy labels—proof that weak offboarding and sloppy access can turn small privileges into big threats. We take that lesson and translate it into a practical roadmap for secure software: clear requirements, security controls in design, disciplined code reviews, honest UAT, and change management that prevents chaos and rollback roulette.From there, we compare the major development models through a security lens. Waterfall shines when predictability and compliance evidence are non‑negotiable, with strong documentation and defined testing phases. Spiral brings a risk-first mindset, iterating through planning, analysis, engineering, and evaluation so teams can learn early and pivot with purpose. Agile and DevSecOps embed security into user stories, definition of done, and sprint reviews, using short cycles, prioritized backlogs, and continuous testing to catch vulnerabilities before they calcify into technical debt.We also put structure around improvement. The Capability Maturity Model shows how to move from ad hoc heroics to standardized, measurable, and optimized practices that satisfy auditors and reduce incidents. The IDEAL model guides change itself—initiate with sponsorship, diagnose gaps, establish plans and metrics, act through implementation and training, and learn via feedback and retrospectives—so security improvements stick. Throughout, we share practical tips: how to weigh security controls against usability, why executive support unlocks real progress, and how to choose the right lifecycle for your risk, regulation, and release cadence.If you're preparing for the CISSP or leading teams that ship software, this is your playbook for building security into every step without slowing down what matters. Enjoyed the conversation? Subscribe, share with a teammate, and leave a review with your biggest SDLC win—or your most painful lesson.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
The United Africans Transformation, UAT has slammed Eskom's R23.9 billion profit announcement, calling it a stark reflection of South Africa's ongoing inequality and governance crisis. The party says while Eskom celebrates its financial recovery, millions in rural areas, informal settlements and townships face persistent blackouts, disconnections and unreliable electricity. The group is urging immediate public dialogue to address these challenges and push for energy justice. Elvis Presslin spoke to the National Spokesperson for the United Africans Transformation, Mighty Mabule
Dronele, doborâte la ordinul comandantului misiunii (DW) - Coaliția, între presiunea electoratului, măsuri nepopulare și lupte interne. „Ei știu clar că orice instabilitate duce AUR la un procent și mai mare” (Adevărul) - Nu se va putea pe banii europenilor și cu oamenii rușilor (SpotMedia) - Plaha – thrillerul politic care le aduce aminte moldovenilor, înainte de alegeri, cine a tras sforile la Chișinău în ultimii 30 de ani (Europa Liberă) Dronele, doborâte la ordinul comandantului misiunii (DW) CSAT a stabilit protocolul de reacție în cazul unei încălcări a spațiului aerian al României. Distrugerea este soluția de ultimă instanță, a precizat ministrul Apărării. Președintele Dan a convocat CSAT după ce, în urma mai multor incidente aeriene provocate de Rusia în Polonia, România și Estonia, Alianța Nord-Atlantică a anunțat lansarea operațiunii militare ”Santinela Estică”, o misiune flexibilă de supraveghere și protecție a granițelor de răsărit ale NATO în absența unor ”desfășurări fixe” și prin rotirea resurselor în funcție de amenințările punctuale, reamintește DW. Pe de altă parte, președinta Comisiei Europene, Ursula von der Leyen, a vorbit și despre un așa-numit ”zid de drone” care va trebui construit pentru a contracara provocările și atacurile Rusiei și un sistem de supraveghere a flancului estic. Măsurile militare discutate la nivelul celor două mari organizații euro-atlantice vizează și un echilibru financiar: se caută soluții pentru a evita recursul la arme prea costisitoare pentru eliminarea mult mai ieftinelor aparate de zbor autonome. Cele trei scenarii aflate pe masa lucru a Coaliției pentru „reforma” administrației publice locale: de la forma radicală a lui Bolojan la varianta „îndulcită” a PSD (Libertatea) Așa-zisă reformă a administrației publice, în condițiile în care ținta este doar eficientizarea în teritoriu prin concedieri, este tergiversată de aproximativ o lună, iar în prezent Coaliția are trei variante de lucru, care ar putea însemna fie 13.000 de disponibilizări, fie doar în jur de 6.500. Al treilea scenariu este cel avansat de UDMR, potrivit informațiilor Libertatea. Președintele Kelemen Hunor chiar a vorbit public de posibiliatea ca disponibilizările să fie de 7-8% din numărul total de posturi ocupate, în timp ce 2-3% să reprezinte o mai bună drămuire a banului public prin reducerea unor bani de la oprirea investițiile nenecesare, carburant, întreținere etc. Practic, numărul concedierilor ar fi unde de aproximativ 10.000. Sursele Libertatea, inclusiv cele din partidul lui Ilie Bolojan, văd varianta înaintată de UDMR ca pe cea mai acceptabilă și cu cele mai mare șanse de reușită, pentru că reușește și să dea un exemplu prin reducerea cheltuielilor publice în UAT-uri unde au fost angajări excesive, dar nici să nu afecteze sistemic întreaga administrație publică. Coaliția, între presiunea electoratului, măsuri nepopulare și lupte interne. „Ei știu clar că orice instabilitate duce AUR la un procent și mai mare” (Adevărul) Măsura prelungirii plafonǎrii prețurilor la alimentele de bază a fost luată la insistențele PSD, după un compromis făcut de Ilie Bolojan. Măsurile privind reforma administrației stagnează, iar decizia CCR pe tema pensiilor magistraților poate sa șubrezească stabilitatea Guvernul. Mai mult, criticile constante dintre partidele care formează Coaliția tensionează colaborarea din interiorul Executivului. Cu toate astea, atrag atenția analiștii, PSD, PNL și USR și UDMR trebuie sǎ mențină, împreună, stabilitatea țării. Profesorul Radu Carp subliniază că „atâta vreme cât AUR e undeva la 35-40%, coaliția este nevoită să lucreze împreună. Ei știu clar că orice instabilitate duce AUR la un procent și mai mare”. Analistul politic Ion M Ioniță, redactor-șef Historia, subliniază că actuala coaliție nu poate funcționa perfect, însă adoptarea a două pachete de măsuri fiscal-bugetare în Parlament cu asumarea răspunderii Guvernului arată că cele patru partide, deși diferite și într-un moment greu pentru guvernare, pot să ajungă la consens. Integral în ziarul Adevărul. Nu se va putea pe banii europenilor și cu oamenii rușilor (SpotMedia) Acei oameni politici care au trecut la dreapta oligarhilor, la dreapta președinților pro-ruși, dacă vă spun că sunt pro-europeni, nu-i credeți, nu sunt pro-europeni, vor face din Republica Moldova o nouă Georgia. Federația Rusă știe că acum este ultima șansă de a opri integrarea europeană a Republicii Moldova. Mai mult, cu o Moldova pro-rusă, Rusia ar putea face mult deranj în Ucraina. Dacă în Republica Moldova am avea un guvern care nu ar respecta reguli europene, nu ar respecta legi europene, nu ar respecta valori europene, atunci Uniunea Europeană nu va mai avea legal posibilitatea de a ajuta Republica Moldova, avertizează europarlamentarul Siegfried Mureșan (PNL/PPE), într-un interviu acordat Spotmedia, pe tema alegerilor de duminică, din Republica Moldova. Plaha – thrillerul politic care le aduce aminte moldovenilor, înainte de alegeri, cine a tras sforile la Chișinău în ultimii 30 de ani (Europa Liberă) Un serial puternic inspirat din evenimentele care au traumatizat Republica Moldova în ultimii treizeci de ani face furori la Chișinău înaintea alegerilor parlamentare vitale de pe 28 septembrie. Cum a apărut „Plaha” și de ce acum? Europa Liberă a vorbit cu regizorul Igor Cobileanski și cu doi dintre actorii principali – ambii români. Serialul TV prezintă ascensiunea oligarhului moldovean Vladimir Plahotniuc, unul dintre personajele care au influențat cel mai mult Republica Moldova în deceniile de după prăbușirea Uniunii Sovietice. A costat peste 30 de milioane de lei moldovenești (în jur de 1,6 milioane de euro), spun producătorii. Serialul are 10 episoade. Este disponibil și pe YouTube.
Hakeem Adebiyi and Jason Bryll (Parable Associates) unpack how to turn scattered data into usable insight that speeds decisions, aligns KPIs across teams, and drives real ROI. We cover BI vs. stock EMR/CRM charts, culture and UAT champions, common mistakes, costs/tools for SMEs, and what AI will realistically change next.Still running on gut feel? Learn BI tactics that speed decisions and prove ROI—without a massive team.EMR charts aren't strategy. Build BI that aligns KPIs, fixes bottlenecks, and grows your practice.
This week we talk about the ethical use of Ai and the blurring between humans and code. We take your feedback and answer some questions about VoIP & SIP. -- During The Show -- 00:55 Dangers of AI AI ethics Leveraging AI responsibly Humans take the easiest path Noah's kid's and AI ANS AI adventure Notebook LM Ask Noah Show AI summary AI is only getting better Guard rails Effects of AI on the brain Guy who leaves his wife for AI Politeness and AI 23:54 News Wire Cmake 4.1 - cmake.org (https://cmake.org/download) Rust 1.89 - releases.rs (https://releases.rs/docs/1.89.0) GCC 15.2 - gcc.gnu.org (https://gcc.gnu.org/pipermail/gcc-announce/2025/000189.html) Peazip 10.6 - github.com (https://github.com/peazip/PeaZip/releases/tag/10.6.0) Handbrake 1.10 - handbrake.fr (https://handbrake.fr/news.php?article=59) Audacity 3.7.5 - audacityteam.org (https://support.audacityteam.org/additional-resources/changelog/audacity-3.7.5) Calibre 8.8 - calibre-ebook.com (https://calibre-ebook.com/whats-new) KDE Frameworks 6.17.0 - kde.org (https://kde.org/announcements/frameworks/6/6.17.0) KDE 6.4.4 - kde.org (https://kde.org/announcements/plasma/6/6.4.4) MESA 25.2 - ubuntu.com (https://fridge.ubuntu.com/2025/08/08/ubuntu-24-04-3-lts-released) Windows 11 Native UI Framework - windowscentral.com (https://www.windowscentral.com/microsoft/windows-11/microsoft-confirms-windows-app-sdk-winui-open-source) Debian 13 - debian.org (https://www.debian.org/News/2025/20250809) Ubuntu 24.04.3 - ubuntu.com (https://fridge.ubuntu.com/2025/08/08/ubuntu-24-04-3-lts-released) Proxmox 9.0 - proxmox.com (https://www.proxmox.com/en/about/company-details/press-releases/proxmox-virtual-environment-9-0) Linuxmint 22.2 linuxmint.com (https://www.linuxmint.com/rel_zara.php) Extix 25.8 - extix.se (https://www.extix.se/extix-deepin-25-8-live-based-on-deepin-25-0-1-stable-latest-with-refracta-snapshot-and-kernel-6-16-0-amd64-exton-build-250806) Tails 7.0 RC - torproject.org (https://blog.torproject.org/tails-7_0-rc1-testing) Alma Linux and Native Nvidia GPUs - almalinux.org (https://almalinux.org/blog/2025-08-06-announcing-native-nvidia-suport) BadCam - securityweek.com (https://www.securityweek.com/badcam-new-badusb-attack-turns-linux-webcams-into-persistent-threats) Big Sleep - techzine.eu (https://www.techzine.eu/news/security/133674/googles-ai-big-sleep-discovers-twenty-new-security-vulnerabilities-in-open-source) Grok 2 Going Open Source - reuters.com (https://www.reuters.com/business/musk-says-xai-will-open-source-grok-2-chatbot-2025-08-06) Roblox AI - abcnews.go.com (https://abcnews.go.com/Technology/wireStory/roblox-rolls-open-source-ai-system-protect-kids-124443058) NVIDIA 580 Drivers - phoronix.com (https://www.phoronix.com/news/NVIDIA-580.76.05-Linux) Gnome 48.4 - gnome.org (https://discourse.gnome.org/t/gnome-48-4-released/30706) Virtualbox 7.2 - virtualbox.org (https://www.virtualbox.org/wiki/Changelog-7.2) Podman 5.6 - github.com (https://github.com/containers/podman/releases) Mabox Linux 25.08 - maboxlinux.org (https://maboxlinux.org/mabox-25-08-chinese-japanese-and-korean-fonts) EasyOS 7.0 - bkhome.org (https://bkhome.org/news/202508/easyos-excalibur-series-version-70-released.html) Bluestar Linux 6.16 - sourceforge.net (https://sourceforge.net/projects/bluestarlinux) Zephix 8.0 - zephix-linux.sourceforge.io (https://zephix-linux.sourceforge.io) EasyOS 7.0 - bkhome.org (https://bkhome.org/news/202508/easyos-excalibur-series-version-70-released.html) ASMI Linux 13 - theregister.com (https://www.theregister.com/2025/08/15/asmi_13_debian_edition) UAT-7237 - thehackernews.com (https://thehackernews.com/2025/08/taiwan-web-servers-breached-by-uat-7237.html) Plague Malware - latesthackingnews.com (https://latesthackingnews.com/2025/08/13/newly-discovered-plague-linux-backdoor-malware-remained-undetected-for-a-year) Dropbox & 2 Year Old Apache Vulnerability - zdnet.com (https://www.zdnet.com/article/dripdropper-linux-malware-cleans-up-after-itself) Netfilter Flaw - gbhackers.com (https://gbhackers.com/linux-kernel-netfilter-flaw) CrossC2 - phoronix.com (https://www.phoronix.com/news/Linux-Bhyve-Detection) FireWood Backdoor - gbhackers.com (https://gbhackers.com/firewood-malware-targets-linux-systems) ASI Revived - webpronews.com (https://www.webpronews.com/google-revives-linux-asi-overhead-slashed-to-13-for-enhanced-security) Buttercup AI - helpnetsecurity.com (https://www.helpnetsecurity.com/2025/08/18/buttercup-ai-vulnerability-scanner-open-source) CANN Toolkit - artificialintelligence-news.com (https://www.artificialintelligence-news.com/news/huawei-nvidia-cann-cuda-open-source-challenge) 28:03 JMP Chat - Jordan Out going calls Reset sip credentials Use an asterisks Wizard Problem with binding things to phone numbers 33:14 SIP and Switches - Michael Mikrotik pros and cons Flashing alternative software 37:37 OpenWRT on Unifi - Fred OpenWRT Table of Hardware (https://toh.openwrt.org/?view=normal) UniFi AC Page (https://openwrt.org/toh/ubiquiti/unifiac) UniFi AC Pro Image (https://downloads.openwrt.org/releases/24.10.0/targets/ath79/generic/openwrt-24.10.0-ath79-generic-ubnt_unifiac-pro-squashfs-sysupgrade.bin) Noah already flashed a UniFi AP Fixing Steve's WiFi SCALE WiFi 49:24 Email Server Recommendations - Joshua Viability of self hosted email Mail in a Box & Nextcloud Mail cow -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/456) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
In this episode of Actualizing Success, we delve into the dynamic and often underserved agricultural finance market. Our experts from Actualize Consulting—Partner Matt Seu, Director John Pomeranski, Senior Manager Jon Cooper, and Senior Consultant Caroline Pickering—share their extensive experience and insights into this crucial sector. The conversation looks at the intricacies of the Farm Credit System and its pivotal role in supporting farmers, ranchers, and rural communities through a network of borrower-owned financial institutions. They explore how entities like the USDA and Farmer Mac interconnect within this ecosystem and examine the challenges of market fragmentation and the diverse needs of agricultural financing. With a focus on innovation and the increasing relevance of younger generations in agriculture, this episode highlights opportunities for growth and improvement in ag finance, emphasizing Actualize Consulting's commitment to making significant strides in the ag finance market.Listen to learn more about:The structure and purpose of the Farm Credit SystemThe role of the USDA and Farmer Mac in agricultural financeSpecific challenges within the ag finance market, including fragmentation and varying lending needsOpportunities for innovation in the sectorThe impact of an aging workforce and outreach initiatives for young farmers About Matt Seu Matt is a Partner at Actualize Consulting, managing the Mortgage & Fixed Income practice. With three decades of experience in the mortgage industry, Matt is a wealth of information and a true thought leader committed to moving the industry forward through digital transformation and standardizing how the mortgage industry communicates. Matt is a two-time winner of MISMO's prestigious Outstanding Contribution Award and the 2023 Industry Titans Award. Email: mseu@actualizeconsulting.com About John Pomaranski: John is a Director at Actualize Consulting with over 19 years of experience. His expertise includes project management, business requirements, and UAT for accounting system implementations. He specializes in financial system implementations, mortgage loan accounting and communication, and software development life cycle standards. He is a member of MISMO's Community of Practice. Email: jpomaranski@actualizeconsulting.com About Jon Cooper Jon is a Senior Manager at Actualize Consulting with extensive experience in requirements analysis, project management, process modeling/redesign, and systems conversions. He has in-depth knowledge of the mortgage industry from originations through Servicing, Securitization, and REO/default management. Email: jcooper@actualizeconsulting.com About Caroline Pickering:Caroline is a Senior Consultant at Actualize Consulting with a strong track record in digital transformation, project management, and process optimization. She has experience in rural lending, affordable housing, and loan origination. With experience managing risk logs and defect reporting, Caroline effectively oversees cross-functional teams to resolve issues and ensure project success. Email: cpickering@actualizeconsulting.com Get in touch with Actualize at www.actualizeconsulting.com. If you have any questions, comments, or would like to collaborate on a future episode, contact us at podcast@actualizeconsulting.com.
The United Africans Transformation party is taking the Department of Basic Education to court over what it calls a failure to eliminate deadly pit toilets in schools. The party says despite promises and deadlines, thousands of learners still face daily risks. UAT demands urgent action, saying enough is enough children deserve dignity and safety, not bureaucratic excuses. The party says they are taking legal action to hold the government accountable. For more on this Elvis Presslin spoke to United Africans Transformation party leader, Dr. Bantu Mahlatsi
In this episode of the Building Better Developers podcast, Rob Broadhead and Michael Meloche dive deep into a critical—but often misunderstood—element of project management: setting deadlines. This episode goes beyond the basics of timelines and introduces the psychology, strategy, and communication needed to make deadlines effective, not stressful. Why Setting Deadlines Matters for Business Projects Deadlines define a project's rhythm. As Rob puts it, “the deadline is the finish line.” It's not just about when code is complete—it's about when the product is ready for delivery, after testing, packaging, training, and documentation. Deadlines force prioritization. Without them, projects risk becoming endless cycles of scope creep and perfectionism. But setting arbitrary or unrealistic deadlines can just as easily derail progress.
Ryan and Ben go over the new and updated UAT subclasses, give their first impressions on the 2024 Monster Manual, and discuss ongoing comfortability in your campaign. Community Pages: Forgotten Realms Subclass video; Forgotten Realms Subclass UAT; Dungeon Master Essentials miniatures and scenery humble bundle. Socials: Discord; Bluesky; Ryan's Bluesky; Ben's Bluesky
Save Family Farming's Executive Director, Ben Tindall says their Urban Advisory Team helps them decide what's agricultural topics are important and who should hear them.
Save Family Farming's Executive Director, Ben Tindall says their Urban Advisory Team helps them decide what's agricultural topics are important and who should hear them.
Summary: In this episode, James Gurd and Paul Rogers discuss the evolving landscape of technology change in ecommerce, focusing on the shift from tactical solutions to strategic decision-making. They explore the importance of ecosystems in technology selection, the changing roles in project management, and the critical need for customer leads to oversee ecommerce projects. The conversation also highlights the significance of understanding commercial considerations, managing risks, and ensuring thorough UAT processes to achieve successful technology migrations. Key takeaways: The market has shifted towards strategic decision-making in technology change. Ecosystems are now a critical consideration in technology selection. Project management roles are evolving to include more strategic oversight. There is a need for independent due diligence in technology selection. Technical discovery should not be rushed; it requires thorough exploration. Customer leads are essential for bridging the gap between agencies and clients. Understanding the timing of license fees is crucial for budgeting. UAT processes need to be well-managed to avoid surprises Agencies have become more capable in handling complex projects Contingency planning is vital for successful project execution.
¡Vótame en los Premios iVoox 2024! Jack Bauer vuelve con este segundo y último monográfico de la serie 24. Rafa Pajis, Alvaro Gekko, Manuel Callejo y Antonio Runa serán los agentes de campo de la UAT encargados de la misión de analizar la sexta temporada hasta la final, Vive Otro Día, incluyendo alguna que otra película, videojuegos, cómics y un breve pero intenso vistazo a la lista de chistes con Jack Bauer como protagonista. Escucha el único podcast que transcurre en tiempo real. Escucha LODE, La Órbita de Endor. Escucha el episodio completo en la app de iVoox, o descubre todo el catálogo de iVoox Originals
¡Vótame en los Premios iVoox 2024! Jack Bauer nos interroga a todos en este especial sobre la serie de acción que revolucionó la televisión en su día y que, temporada tras temporada, subió el listón hasta límites difíciles de superar: 24. En este primer especial de dos sobre 24, los agentes de campo Rafa Pajis, Alvaro Gekko, Manuel Callejo y Antonio Runa, analizarán las primeras cinco temporadas de la saga. No seas un topo de la UAT y escucha el monográfico. Escucha el episodio completo en la app de iVoox, o descubre todo el catálogo de iVoox Originals
In this episode of Actualizing Success, Actualize Consulting's Partner Matt Seu, Director John Pomaranski, and Capital Markets/Mortgage Expert Mark Hanson, discuss the importance of ESG (Environmental, Social, and Governance) in the mortgage and securities market. Our experts delve into the challenges and growth opportunities of implementing ESG principles in bond issuance, strategies and processes that increase affordability and sustainability in mortgage lending, and the importance of continued learning in defining ESG standards to measure social impact. Join us for an engaging conversation about the evolving landscape of ESG in the mortgage industry and the exciting progress in ESG development.Listen to learn more about: Understanding ESG: legal aspects, different avenues, and relevance in the mortgage industry Challenges and opportunities of implementing ESG principles in bond issuance and valuation Impact of politics and privacy concerns, particularly in states with oil or gas-related economies Potential for new technologies and building processes to improve sustainability in the housing industry The crucial role of accurate data to avoid "greenwashing" and stakeholder collaboration in advancing ESG initiatives, including the MISMO community of practice and upcoming projectsAbout Matt Seu Matt is a Partner at Actualize Consulting, managing the Mortgage & Fixed Income practice. With three decades of experience in the mortgage industry, Matt is a wealth of information and a true thought leader committed to moving the industry forward through digital transformation and standardizing how the mortgage industry communicates. Before his time at Actualize, he served as a Vice President for Freddie Mac, focusing on large-scale business and technology change efforts. Matt is a two-time winner of MISMO's prestigious Outstanding Contribution Award and the 2023 Industry Titans Award. Email: mseu@actualizeconsulting.com About John Pomaranski: John is a Director at Actualize Consulting with over 19 years of experience. John's expertise includes project management, business requirements, and UAT for accounting system implementations. He specializes in financial system implementations, mortgage loan accounting and communication, and software development life cycle standards. He is the Facilitator of MISMO's ESG Community of Practice. Email: jpomaranski@actualizeconsulting.com About Mark Hanson: Mark spent over 37 years in the capital markets, primarily the mortgage-backed securities market. Over the last 12 years, Mark served as Senior Vice President of Securitization for Freddie Mac, where he led the development and implementation of the $4 trillion UMBS Single Security, joining the Freddie Mac and Fannie Mae MBS markets. Over the last 3 years Mark stood-up and advised Freddie Mac's Corporate Sustainability Office in addition to his securitization responsibilities. Thanks for listening to this episode of the Actualizing Success Podcast! We hope you enjoyed the discussion and come back for more. In the meantime, don't forget to rate this episode and leave a review to let us know how you like it. Website: www.actualizeconsulting.com If you have any questions or comments, we'd love to hear from you. You can contact us at podcast@actualizeconsulting.com.
Learn more about Michael Wenderoth, Executive Coach: www.changwenderoth.comSHOW NOTES:Create powerful resources to elevate others, your causes – and yourself. In this episode of 97% Effective, Michael Wenderoth shares how three guests created resources to power their missions and themselves – and the critical lessons you can learn from them. We look at venture capitalist Leesa Soulodre, General Partner at R3i Capital, on the communities she has created to level the playing field for underrepresented global entrepreneurs; Joy Chen, CEO of the Multicultural Leadership Institute (MLI), on how “UAT” has benefited others and taken her to the top of three industries without ever applying for those jobs; and Jewel Love, Founder of Executive Black Men, who created a powerful professional network to help Black men crack the code in corporate America. You'll leave this episode inspired. What powerful resources will you create?How most people give up their powerCreating resources to build power and serve multiple goalsGuest #1: Leesa Soulodre, General Parter at R3i Capital, on the power of creating communityWays that communities serve us: co-creation, belonging and making us smarterCreate resources that provide unique value to othersGuest #2: Joy Chen, CEO of the Multicultural Leadership Insitute (MLI), on the power of UAF (Useful Amazing Free)How a blog post catapulted her careerPowerful resources get you invitedWork at intersections that matter to become the “go to”Guest #3: Jewel Edward Love, CEO of Black Executive Men, on the power of creating a vetted networkPowerful resources and platforms grow exponentially in value over timeLessons on how to create powerful resourcesExamples of resources created by Michael's clients BIO AND LINKS:Michael Wenderoth is an Executive Coach that helps executives re-examine their assumptions about power, politics, and authenticity to get promoted, become more effective at work, and break glass ceilings holding them back. Having served 20 years in senior roles with companies across the globe, and then 7 years as a professional coach, he has helped accelerated the careers of clients from diverse industries, backgrounds, and levels of seniority, helping them get ahead – without having to sell their souls in the process. Michael is the award-winning author of Get Promoted, host of the 97% Effective career acceleration podcast, and a frequent speaker and media contributor on career advancement, leadership and navigating power and politics. His work has been featured in Harvard Business Review, Forbes, Stanford Business School Executive Education and IE Business School, where he collaborates with renowned professors, coaches, executives and experts. Michael holds an MBA from Stanford and trained as an executive coach at Columbia University (3CP). Michael on LinkedIn: https://www.linkedin.com/in/michaelchangwenderoth/Episode #45 - Leesa Soulodre, Founder and General Partner at R3i Capital: Community & The Working Mother Advantage: The Rise of Women in VC - https://redcircle.com/shows/86fcd90d-083e-4af2-9bc8-6d52fb981ae1/ep/d449d27e-ea2b-4bad-b28f-5d43fa5586ceEpisode #40 - Joy Chen, CEO at the Multicultural Leadership Institute: How "UAF" Can Increase Your Influence and Shatter Glass Ceilings - https://redcircle.com/shows/86fcd90d-083e-4af2-9bc8-6d52fb981ae1/ep/226d8209-d2db-4abb-b5a2-a1662454f725Episode #27 - Jewel Edward Love, Jr, Founder at Black Executive Men: Cracking the Code for Black Men in Corporate America - https://redcircle.com/shows/86fcd90d-083e-4af2-9bc8-6d52fb981ae1/ep/1dd24514-0311-4d09-9caa-4c3a819178ccMichael's Book, Get Promoted: https://changwenderoth.com/#tve-jump-180481ecea3Michael on X/Twitter: https://twitter.com/mcwenderothMichael on Instagram: https://www.instagram.com/wenderoth.michael/NEW: 97% Effective, now on Youtube! https://tinyurl.com/bdz53mc5NEW: Get Promoted, now on Audiobook: https://tinyurl.com/mwf2s28yAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy
Renuncia el secretario de administración de la UAT por acoso Vecinos de Ecatepec bloquean la México-Pachuca por falta de agua Las iglesias pueden alejar a los jóvenes de la violencia: Sheinbaum
【00941】全台首檔鎖定半導體上游設備與材料廠的ETF,2/26稱王募集! 半導體不是只有護國神山,想投資真正的隱形英雄,力爭「上游」就對了!中信上游半導體(00941),帶你與科技王者中的王者同行:https://bit.ly/3Umqe2r ----以上訊息由 SoundOn 動態廣告贊助商提供---- ◎今日主題:Will教練的新菜單/UAT的居家體育課 ◎今日來賓:健身教練鄭鈺咨Will 運動清單:青春健身教室開課了! 今天Will教練帶來新菜單!:UAT的居家體育課 Will教練今天要帶大家繼續來運動! UAT訓練計畫 UAT介紹-目標設定 練就更好movebetter10鐘 練就更強move strone35 練就更好move鐘 1.站姿腿前側 4組 1.掌稱彈力帶穩定4 1.高跪姿腿前側+側彎3 2.站姿腿後側 2.橋式彈力帶開合 40秒休20秒 2.坐姿屈後側 3.站姿外旋 4組 3.彈力帶划船 40秒休20秒 3.天鵝式 左右各30秒 左右各30秒 4.手爬式 4組 4.深蹲(過頂舉手) 40秒休20秒 4.跪趴式 左右各30秒 5.跑者轉體伸展 4組 5.雙人勾腿捲腹 40秒休20秒 5.側躺胸旋轉 左右各30秒 6.躺臥腳踏車側腹 40秒休20秒 4組 練就更快movee 1.垂直小跳15休3 2.左右三步跳15休5秒3組 3.側向單腳跳15秒休5秒3組 4.小碎步跑步15秒休5秒3組 練就更久movelonger鐘 1.快腳in&out30休3 2.深蹲跳 30秒休30秒2組 教練IG:Ironpowerwill ▶朱衛茵粉專:https://reurl.cc/OG73jy ▶歡迎下載飛碟新 APP IOS:https://reurl.cc/3jYQMV Android:https://reurl.cc/5GpNbR ▶網路線上收聽(飛碟官網右下角直接按play) http://www.uforadio.com.tw/ ▶ Podcast SoundOn : https://bit.ly/30Ia8Ti Apple Podcasts : https://apple.co/3jFpP6x Spotify : https://spoti.fi/2CPzneD Google 播客:https://bit.ly/3gCTb3G KKBOX:https://reurl.cc/MZR0K4 ♫ 空中的夢想家 就愛電你UFO ♫ ‼️大臺北地區:FM92.1 ‼️竹苗、花東地區:FM91.3 ‼️中彰投、宜蘭地區:FM89.9 ‼️雲嘉地區:FM90.5 ‼️高屏地區:FM103.9 ‼️澎湖地區:FM89.7 本次飛碟小子片頭 影片製作:“邱士軒先生” 影片配樂:“BLUCOLh”創作歌曲『Bang Bang』
While working with a customer recently, they mentioned that they have certain standards for their objects. They require a PK, and it's the name of the table with _PK added. They also have some standards, like CustomerName vs. CustomerNames for various data items. In fact, they have enough that they built a tool to scan their database code to ensure that changes to the QA and UAT environments adhere to these modeling standards. I wonder how many organizations have formal standards. While I've often tried to set some naming guidelines, I often haven't seen anything (or created anything) formal enough to build a tool around. I would like to, and I think it's a good idea, but it's often something that isn't handled in advance. Read the rest of Having Data Modeling Standards
Ryan and Ben summarize the new UAT 7 and 8 playtests and talk about a player character changing classes. Links: Playtest 7; Playtest 7 summary; Playtest 8; Playtest 8 summary; Introducing maps video; Maps on D&D Beyond; Claim Lightning Keep; How to build glitch characters in Planescape; Claim Lost Mine of Phandelver.
The Software Process and Measurement Cast 774 is a re-release of SPaMCAST 436. We are on our annual holiday and will be back with new programs on October 22nd. For the next four weeks, we will feature shows from our archives. Today SPaMCAST 436 - Incrementalism, UAT and Agile, and Systems Thinking was released originally on April 3, 2017. I hope you will enjoy today's show! The original introduction - The Software Process and Measurement Cast 436 features our essay titled, , in which we answer the question of whether the state and culture of the organization or team, can have a large impact on whether a Big Bang approach or an incremental approach makes sense to change. Our second column is from Jeremy Berriault. Jeremy discusses user acceptance testing and Agile. There are lots of different ways to accomplish user acceptance testing in an Agile environment. The only wrong way is not to do UAT in Agile. Jeremy can be found at https://www.berriaultandassociates.com/ Jon M Quigley brings his column, The Alpha and Omega of Product Development, to the Cast. This week Jon puts all the pieces together and discusses systems thinking. One of the places you can find Jon is at .
The Software Process and Measurement Cast 773 will feature our essay on why as professionals we should strive to grow a little every day. I overheard a team lead complaining that their team did not need to do a retrospective, they were “darn near perfect.” The inference was that their time would be better spent doing rather than reflecting and thinking. Fixed mindsets (Review our re-read of Mindsets by Carol Dweck) are foreign to the philosophy of agile and quality. The comment hurt my heart. We will also have a visit from Jon M. Quigley who brings his Alpha and Omega of Product Development column to the podcast! Jon and I use the learning to play a new bass as a metaphor for learning technology. Re-Read Saturday News This week begin a new book on Re-read Saturday, this week! Ten years ago we started our Re-read Saturday journey. The first installment featured . We have read and re-read a lot of books. The book we begin our next ten years is L. David Marquet's, . This is not Mr. Marquet's first time in our re-read queue. In 2018 we re-read Turn the Ship Around! I think that book is universally seen as a game changer. Here is the kicker, I think Leadership is Language is more important and useful on a day-to-day basis. I can't tell how many times I have used ideas from the book in the short time I have owned it. Buy a copy of and begin reading along. Week 1: Logistics, Foreword, Introduction - Next SPaMCAST The Software Process and Measurement Cast 774 will feature a re-release of SPaMCAST 436. We are on our annual holiday and will be back with new programs on October 22nd. For the next four weeks, we will feature shows from our archives. Today SPaMCAST 436 - Incrementalism, UAT and Agile, Systems Thinking from April 3, 2017. I hope you will enjoy the show!
Because of how valuable your data is, protecting it against theft and unauthorized use is perhaps your biggest challenge. Databases need more security than the bare minimum. In this episode, Lois Houston and Nikita Abraham, along with Greg Genovese, talk about how Oracle's data-driven security features work together to create a maximum security architecture. Oracle MyLearn: https://mylearn.oracle.com/ Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ Twitter: https://twitter.com/Oracle_Edu Special thanks to Arijit Ghosh, David Wright, Ranbir Singh, and the OU Studio Team for helping us create this episode. --------------------------------------------------------- Episode Transcript: 00;00;00;00 - 00;00;38;18 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started. Hello and welcome to the Oracle University Podcast. I'm Lois Houston, Director of Product Innovation and Go to Market Programs with Oracle University, and with me is Nikita Abraham, Principal Technical Editor. 00;00;38;20 - 00;01;01;20 Hello again! In today's episode, we're going to talk with Oracle Database Specialist Greg Genovese about Oracle's Maximum Security Architecture. Hi, Greg. Thanks for joining us today. We have so much sensitive information in our databases so I get why a data thief would try to attack and steal data. But how do they actually do it? Databases don't just operate in a vacuum. 00;01;01;23 - 00;01;26;01 A database is accessed often through a firewall by users and applications. Speaking of those firewalls, if an attacker has managed to penetrate into the internal network, they may choose to go after data traveling over that network. This type of attack is much less likely to be detected than attempts to access the database directly. Another popular attack is against the underlying data files, database backups, or database exports. 00;01;26;04 - 00;01;49;19 Here again, if the attacker is successful, they may be able to steal the entire database without even having to try to log in. Oh my goodness! That sounds terrible. If none of those options work, perhaps the database has an unpatched vulnerability. In many cases, there are automated attack toolkits that help exploit these vulnerabilities. 00;01;49;21 - 00;02;18;29 And let's not forget those non-production copies of the database. What's a non-production copy of a database? In many systems, the test and development instances are effectively just clones of production and are hardly ever monitored as closely as production databases. In most cases, there are copies of database for test, development, stage, and user acceptance testing or UAT. Databases persist data into a storage medium and run on servers with operating systems and peripherals. 00;02;19;02 - 00;02;49;16 All of these are managed by administrators. And administrators are a hacker's favorite point of attack. If they can compromise an admin account, they are in with elevated privileges and in most cases zero controls over what they can do. If the attackers can't compromise an admin account, they can often compromise an end user account. Lower privileges, but often still with access to the data or able to be used as a stepping stone to get that access. 00;02;49;19 - 00;03;20;20 Also, applications make an attractive target too. They are frequently more exposed than a database or database server and often even available from outside of the corporate firewall. That's a lot, Greg. There are just so many points of attack. So then how do I keep my database safe? Securing an Oracle Database is much like securing any other system. You are protecting your data, which could be intellectual property, financial data, personal data about your customers or your staff, or most likely a combination of all three of these things. 00;03;20;22 - 00;03;44;06 Because data is valuable, you need to guard against its theft and misuse. This data is used for business purposes and that means users and applications connect to the database and you need to safeguard that data with security controls that restrict access to the data according to your corporate policy. To do this, you'll need to do three things: assess, detect, and prevent. 00;03;44;06 - 00;04;17;01 Assess, detect, prevent. Okay. But how do you assess and what are you actually assessing? Assess the system to determine its current state and develop a remediation plan. Is the system configured properly? Are patches applied regularly? How are user privileges managed? And are you enforcing these privileges? What types and how much sensitive data is the system holding? Your existing investment in the Oracle Database gives you the features and utilities you need to assess your database and identify areas for improvement and risk reduction. 00;04;17;01 - 00;04;53;21 And how do you detect and prevent? Detect attempts to access data outside of policy and identify anomalies in data access. Almost all database activity is repetitive, so anomalies are frequently a leading-edge indicator of attempted data theft. Prevent access to the data that doesn't go through the database control mechanisms, sniffing traffic over the network, reading the underlying data storage layer, or misuse of database exports and backups. Block inappropriate access to data through control mechanisms that consider the context of the access, not just the identity of the account accessing the data. 00;04;53;21 - 00;05;10;23 Oracle provides industry-leading capabilities for each of these security control objectives. Our team can help you identify the right technical enforcement for virtually any control objective. 00;05;10;25 - 00;05;40;14 Have you been wanting to earn an Oracle certification? Well, there's never been a better time than the present. Now through August 31st, you can choose from over 20 different Oracle certifications and take up to four exams for free, including foundation, associate, and professional level Oracle Cloud Infrastructure certifications. You can also learn and get certified on Oracle Cloud Applications Business Processes for Human Capital Management, Financials, Customer Experience, Supply Chain, and Procurement. 00;05;40;17 - 00;06;07;09 And did I mention this was all free? Oracle Cloud training and certifications empower you to explore limitless possibilities in the cloud landscape. Gain the knowledge and skills needed to design, deploy, secure, and operate modern cloud infrastructure and applications with confidence. You can go to education.oracle.com for more details. What are you waiting for? Get certified today. 00;06;07;12 - 00;06;34;19 Welcome back! Greg, I'm sure every database has a basic level of security, right? There are some things we expect to always be done. What we call the baseline security posture. Establishing the baseline security posture involves several types of different controls. We'll assess the system state, prevent unauthorized activity, and detect activity that is relevant to our security controls. Our first control is assessing the database configuration. 00;06;34;22 - 00;06;59;08 We want to ensure that we haven't made configuration decisions that introduce unnecessary risk into the environment. We'll also check to make sure that the database is current on all security patches. And how do we check this? For this, we have two tools available to us: Database Security Assessment tool or DBSAT and Data Safe. DBSAT is a free utility available for download via My Oracle Support. 00;06;59;08 - 00;07;23;28 Data Safe is a cloud service that is included at no additional cost with Oracle Cloud Database Services. Data Safe is also available for on-prem databases, but there is an additional cost for those. Users and applications connect to the database. We want to ensure that if they are connecting with username and password, we're practicing good password discipline. We also want to consider the use of strong authentication. 00;07;24;00 - 00;07;50;10 Your Oracle database supports Kerberos, TKI certificate, and multi-factor authentication. We'll want to make sure that those users are really able to connect to the database, identifying dormant accounts and checking to be sure we haven't granted privileges that don't make sense in our environment. Here again, DBSAT and Data Safe help by pointing out the use of such things like select any table privileges or grants of the DBA roles. 00;07;50;12 - 00;08;15;06 We should also check that database accounts are actually using the privileges we grant. Is there any way to monitor the privileges we grant? Privilege analysis monitors privilege usage, and can report on privileges that an account has which are not being used. We can then remove those unnecessary privileges, reducing the attack surface presented by those users. Note that privilege analysis is only available for Oracle Enterprise Edition Database. 00;08;15;09 - 00;08;47;03 It is not present in Oracle Standard Edition. Users are inserting and updating data and also retrieving data. That data is traveling over the network, and in most cases, we want you to encrypt the data to reduce the chances that an attacker can simply sniff the network to steal data. And are there different types of encryption? The Oracle database supports two different types of network encryption, native network encryption, which is certificate lists and usually requiring zero change to the applications to implement. And industry standard certificate-based TLS. 00;08;47;05 - 00;09;12;12 Depending on how many users connect to our database and how many databases we have, we may want to implement centralized authentication. Your Oracle database supports two types of centralized user management. One feature, Enterprise User Security, is available on all currently-supported database versions and allows the Oracle database to consult an Oracle LDAP directory for users and role membership. 00;09;12;14 - 00;09;46;13 The other feature, centrally managed users, was new in Oracle 18c and allows the Oracle database to connect to Microsoft Active Directory for users and role membership. Is there a way for us to know what users are doing? For this, we use database auditing. The Oracle database offers a comprehensive auditing capability, and you will usually want to audit database connections, especially failed logins, as well as data control language, including creation of users and privilege grants, and data definition language like creation of stored procedures, database links, and more. 00;09;46;16 - 00;10;16;06 All of these are fairly rare in most databases, so this level of auditing presents minimal performance impact. Finally, we want to make sure that we know what sensitive data resides in the database. Is the baseline security posture appropriate for the level of risk presented by the data? Or should we do more to protect our data? Here we return to DBSAT or Data Safe, which allow us to scan the database for sensitive data reporting on what types of data are found and how much of it there is. 00;10;16;06 - 00;10;41;24 All of the controls we've talked about so far are baseline. These are things we think any database should do and everything we've discussed so far can be done without additional costs, products, or options. But what if I want more than normal baseline security? Maybe my database contains personal information, financial information, intellectual property, or something else that requires more than just basic security. 00;10;41;25 - 00;11;08;13 Since that data is eventually being persisted on disk, in backups, and in exports, we'll want to protect it from attack there. Here is where transparent data encryption comes into play. If we encrypt data, that means there is an encryption key that we need to protect and distribute securely. For this, we can use Oracle Key Vault. Remember, those administrators with privileges and access to special data? We'll want to protect against them as well. 00;11;08;15 - 00;11;40;17 And for this, we'll use Database Vault. Could you tell us more about Database Vault? Database Vault lets us separate the duties of database administration from access to the data within the database. Database Vault also protects against a compromised application server, locking down application accounts so they can only access data from within the normal context of the application. When data is accessed from outside of the application, we may want to provide additional protection for high value data columns like credit card numbers or taxpayer IDs. 00;11;40;19 - 00;12;07;01 For this, we can use data redaction to hide sensitive data on the fly as it leaves the database. And for those non-production clones, the database we talked about, we'll simply remove sensitive data from them, replacing it with realistic looking "safe data" that does not present a security risk, but still allows application development and testing to continue. We can either use Data Safe or Enterprise Manager's data masking and subsetting pack. 00;12;07;03 - 00;12;30;02 We seem to have done a lot to protect the database, but is there a way to detect attempts to break in and steal data? For that, we'll configure auditing within the database and feed audit events to a centralized audit vault for analysis, reporting, and even alert generation. We'll also use database firewall to examine incoming connections and SQL statements for anomalies and violation of policy. 00;12;30;04 - 00;13;00;15 And if we choose to, we can go one step further and actually block out policy activity with the firewall. And of course, events from the database firewall flow into the audit vault server for analysis, reporting and again, alert generation. We've talked about assessing security, detecting inappropriate activity, and preventing unauthorized access to data. But there is a fourth type of database security control that is unique to databases called database-driven security. 00;13;00;17 - 00;13;27;15 These controls are used to provide fine-grained access control at the data row or column levels. Oracle database provides a variety of data-driven security features, including Real Application Security and Label Security. All these controls, working together, create the maximum security architecture or MSA. Not every database requires the full MSA, but many databases require something much more than just standard baseline security protocols. 00;13;27;17 - 00;13;52;13 Thanks, Greg, for joining us today. To learn more about Oracle's Maximum Security Architecture, visit mylearn.oracle.com and head over to the Oracle Cloud Data Management Foundations Workshop. That brings us to the end of this episode. Join us next week for a discussion on Oracle Cloud Infrastructure's Maximum Availability Architecture. Until then, this is Lois Houston and Nikita Abraham signing off. 00;13;52;15 - 00;16;33;21 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.
Episode 30 | Customer Learnings on Software Implementation ProjectsThe Big Themes:Oracle: As it relates to Oracle, customers have expressed on ravenintel.com that a particular challenge was around user acceptance testing (UAT). Specifically, one customer noted to "ensure ample time is built in for UAT and assume there will be errors and fixes that need to be done." Another customer noted that "it's essential that all key stakeholders at the operations level are included."SAP: A top challenge shared by customers who have implemented SAP software is to "challenge assumptions, and do not rely solely on your partner or vendors solution...don't assume the partner always has the right answer." It's critical that if customers don't feel confident in the assumptions being presented by the partner, they challenge it.Workday: Cusotmers have expressed that relating to implementing Workday software, a seasoned project manager is mandatory. From a project perspective, it is critical to have a system integrator (SI) involved who has "earned their stripes" with this specific implementation. Additionally, the leading SI/project manager should have the correct industry expertise, too.The Big Quote: "I think with these three softwares, the nature of them is that they offer a broad set of solutions. So we're not just looking at, you know, a single, you know, stream of implementation. Typically, these implementations are global rollouts with multiple different, you know, product functions, whether it's HCM, financials, supply chain, and things like that. So these are complex implementations that we're evaluating. They're not the, you know, 30 days up and running sort of rapid implementations that smaller software packages have. So I think there's a lot of lessons learned that we can glean from these."
Ready to elevate your cybersecurity knowledge and pass the CISSP exam? This episode is packed with insights on software development, diving into the crucial phase of integrating security into the software development lifecycle (SDLC). We uncover the secrets of design and architecture, as well as static and dynamic application security testing (SAST and DAST) to help you identify vulnerabilities and ensure compliance with coding guidelines and policies. Plus, we explore the open-source OWASP project - a game-changing initiative to improve security within software applications.But that's not all! User acceptance testing (UAT) is essential for integrating security into the SDLC, and we're here to break it down for you. Learn how UAT empowers stakeholders to validate security controls and assess the effectiveness of software security features. Together, we'll examine secure coding guidelines, standards, and threat modeling - giving you the tools to write secure and robust code. Don't miss this informative episode, and get ready to become a cybersecurity superstar!Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.
#141. On this episode of Amazing Apps, podcast host Neil Benson is joined by Allan de Castro, a senior technical consultant for the Power Platform at Avanade France.They discuss their experience applying Scrum to recent projects, including the role of an architect in the Scrum framework. The episode covers key challenges such as the importance of ensuring clarity in the backlog, prioritization of sprints, and addressing technical requirements while focusing on business and added value. [00:06:23] Allan, an architect and technical lead, discusses the challenge of finding their place in a team using the Scrum framework for the first time, and navigating discussions related to technical requirements and architecture while also focusing on business requirements and added value. [00:10:15] Focus on delivering continuous testing value during sprints, even if it means sacrificing some business value.[00:11:56] Agile and Scrum framework used for new project, integrating systems and iterating for development. Customer familiarity with Agile important.[00:13:12] Capture project requirements early to avoid issues in development.[00:16:36] Business analyst helps product owner with basic questions on application building, including object lifecycle. Dynamics 365 provides out-of-the-box features, such as bulk edit mode, without development needed. It can be demonstrated in demo instead of user story.[00:19:10] To successfully execute a Dynamics 365 project using Scrum framework, it is important to ensure technical requirements are included in the backlog and fully estimated. It is also important to train the customer on Dynamics 365 and focus on prioritization during sprints. Custom development must fit into the security models provided by Dynamics. Workshops may be needed to refine new business requirements.[00:24:06] Team delivers daily or every two days into the UAT environment, with testing by a quality insurance person and a dual check by the project owner or business analyst before marking as done. UAT phases were conducted initially, but now testing is continuous without UAT phases.[00:26:13] The architecture and requirements were complicated due to unclear data sources and ongoing system construction. Agile methodology requires clear definitions before development, and cultural differences affect analysis phases. Workshop and design are necessary for identifying potential risks and managing sales territory was a major concern.[00:31:14] Ensure clear backlog, communicate dynamics to team and stakeholders, define sprint process, architect advisory role, avoid influencing sprints.[00:32:34] Dev team used Azure DevOps for backlog management, linking work items to pull requests and builds for easy tracking and communication with end users. They also suggest creating automatic task generation for consistent task patterns.I've just registered for Microsoft Power Platform Conference in Las Vegas from 3-5 October. I'd love to see you there. Visit customery.com/mppc for a $150 discount voucher to register.Support the showCONNECT
We have a secret for you. You can build the best possible tool for your end users, but they won't know how to effectively use it without adequate training. Technology tools need to be intuitive, but training on these tools still needs to be comprehensive enough so your users know where to go as soon as they access the tool for the first time. In our last episode, we hinted (ahem, declared) that UAT is not training, and in this episode we discuss what training means and how to empower your end users with effective training. Spoiler alert - this is another topic that we're all very passionate about!
User Acceptance Testing (UAT) can be ran in many different ways - from small single feature tests, to gigantic enterprise platform releases. We discuss how there are many different views on how to plan and execute successful UAT sessions, and highlight important aspects regardless of your project size. There's so much more to UAT than just identifying bugs vs. features, though sometimes that can be the most difficult part! Visit https://www.dynamicshotdish.com for more information!
Poprvé Test Managerem aneb despotický vůdce Petr Fifka je zakladatel vzdělávací společnosti Tredgate a také aktivní člen komunity [pro:]TEST!. V QA působí už 10 let a prošel si rolemi od UAT testera, přes test leada, test automation engineera až k dnešní roli Test Managera. V dnešní epizodě Petr sdílel svou první zkušenost v roli Test Managera. O tom, jak se technicky vše relativně dařilo, ale soft skillově / organizačně byl považován za despotického vůdce. Co konkrétně dělal Petr špatně, jak sám se sebou pracoval a co by dnes doporučil všem, kteří do leaderské pozice rostou nebo v ní začínají? To vše v dnešní epizodě. Příjemný poslech.
With all of the headlines about the pending death of writing at the hands of artificial intelligence like ChatGPT, I thought it would be useful to talk about the value of reading and writing and how we inspire kids to do both. My guest to help explore these issues is Sharon Lynn. Sharon teaches writing at UAT, a technology university where the students and faculty are very familiar with chat bots. She and I discuss strategies for engaging students and her own experience writing and finding a publisher for her wonderful new book, Death Takes a Bath: A Cotswolds Crimes Mystery. More information about Sharon and her book can be found at www.TalkingAboutKids.com.
Today's guest is Aashish Atrey, ServiceNow Developer MVP & Technical Specialist at HCLTech. HCLTech is a global technology company, home to 222,000+ people across 60 countries, delivering industry-leading capabilities centered around digital, engineering and cloud, powered by a broad portfolio of technology services and products. They work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Public Services and more. Aashish is a passionate ServiceNow Professional with over six years of experience in the implementation of all phases of the application lifecycle and best practices, including Requirement Gathering, Design, Development, Testing, UAT, and Deployment. He is responsible to develop ITSM/ITIL process and tools solutions which include customized responses to RFPs/RFIs for ITIL-based process consulting, process operations, and ITSM tools implementations. Aashish was a ServiceNow Developer MVP for 2021 and 2022. In the episode, Aashish will discuss: How he adds value to the community, The Tokyo release and new features that excite him, Benefits that ServiceNow are bringing to customers, What the future holds for ServiceNow, Why he loves his role and Advice on mentoring within the ServiceNow community
Lori is a Chef, Supermom, Innovator, and Founder of Black-ology Coffee Company. She graduated from Johnson & Wales University with an Associates Degree in Culinary Arts in 2006 and is currently pursuing her Bachelor's Degree in Food & Beverage Entrepreneurship. She also has experience working with startup companies across different industries focusing on process improvement, process documentation, UAT test and her overall favorite Customer Service. Visit Show Notes
thoughtbotter Stephanie Minn joins The Bike Shed as co-host!
Sinergeticos!
Hello And Welcome to the 27th Tech@Lunch Full Episode. The full-length episodes are 30 minutes in length that span the duration of a lunch break. This week's Lunch topic is User testing or Testing with the User. This week's episode talks about Software Testing with the User, where we talk about how you execute user testing or UATs when it comes to software testing. We look at the different ways you can accomplish this and how it can bring benefits to your software development. UAT testing is one of the pillars of software testing and will continue to be one in the years to come. So join us as we dive into UAT testing.
Daryl and Scott shared horror stories about things that did not go quite as planned and the pranks they have pulled on their colleagues. Some of the highlights: If you were an interviewer, would you hire someone who answers "I have never done anything wrong in my career" Battle scars of Daryl and Scott Two Concurrent Publish All actions could make the server hang in the early days of CRM online Daryl attached a debugger to the process on the on-prem server and everyone complained that the Dev instance was not working Using the same service principal across multiple environments and hitting API limit affects all environments Daryl almost truncated one of the tables in the UAT environment with millions of records Daryl's home renovation horror stories The worst sinking feeling that Scott had Daryl's car buying experience Inheriting a project with JavaScript without namespaces and the web resource files without extensions What do you do when you inherit the project with no source code for the plugin or the source code does not match the functionality? What is worse than having no error message for an error? What is your error handling approach for plugin development? The disadvantage of deploying the PCF Code Component or assembly compiled in debug mode to a Production environment Testing as a system administrator Things to look out for before reparenting the business unit What is the worst auto-numbering solution that you have seen? A bug in Retrieve plugin for systemuser table locked everyone out of the system Pranks that Daryl has pulled on his colleagues Be careful what you encourage by giving badges when you gamify the system Less code, fewer horror stories Got questions? Have your own tool you'd like to share? Have a suggestion for a future episode? Contact Daryl and Scott at cast@xrmtoolbox.com. Follow us on LinkedIn and @XrmToolCast for updates on future episodes. Do you want to see us too? Subscribe to our YouTube channel to view the last episodes. Don't forget to rate and leave a review for this show at Podchaser. Your hosts: Daryl LaBar: https://www.linkedin.com/in/daryllabar | @ddlabar Scott Durow: https://www.linkedin.com/in/scottdurow | @ScottDurow Editor: Linn Zaw Win: https://www.linkedin.com/in/linnzawwin | @LinnZawWin Music: https://www.purple-planet.com
How do I get good user requirements? How do I ensure that they are comprehensive? Then, how do I get them to sign off on user acceptance testing (UAT)? These are the questions we are going to answer in today's episode of Dev Questions.Website: https://iamtimcorey.com/Patreon: https://www.patreon.com/IAmTimCoreyAsk Your Question: https://suggestions.iamtimcorey.com/Sign Up to Get More Great Developer Content in Your Inbox: https://signup.iamtimcorey.com/
01:09 - Jenna's Superpower: Being Super Human: Deeply rooted in what is human in tech * The User is Everything 04:30 - Keeping Focus on the User * Building For Themself * Bother(!!) Users * Walking A Mile In Your Users Shoes - Jamey Hampton (https://www.youtube.com/watch?v=w-zYKo8f7nM) 09:09 - Interviewing Users (Testing) * Preparation * Identifying Bias * Getting Things Wrong * Gamifying/Winning (Developer Dogs & Testing Cats) * Overtesting 23:15 - Working With ADHD * Alerts & Alarms * Medication * Underdiagnosis / Misdiagnosis * Presentation * Medical Misogyny and Socialization * Masking * Finding a Good Clinician Reflections: John: Being a super human. Jacob: Forgetting how to mask. Jamey: Talking about topics that are Greater Than Code. Jenna: Talking about what feels stream-of-consciousness. Having human spaces is important. Support your testers! This episode was brought to you by @therubyrep (https://twitter.com/therubyrep) of DevReps, LLC (http://www.devreps.com/). To pledge your support and to join our awesome Slack community, visit patreon.com/greaterthancode (https://www.patreon.com/greaterthancode) To make a one-time donation so that we can continue to bring you more content and transcripts like this, please do so at paypal.me/devreps (https://www.paypal.me/devreps). You will also get an invitation to our Slack community this way as well. Transcript: JAMEY: Hi, everyone and thanks for tuning in to Episode 276 of Greater Than Code. I'm one of your hosts, Jamey Hampton, and I'm here with my friend, Jacob Stoebel. JACOB: Hello, like to be here. I'm with my friend, John Sawers. JOHN: Thanks, Jacob. And I'm here with our guest, Jenna Charlton. Jenna is a software tester and product owner with over a decade of experience. They've spoken at a number of dev and test conferences and is passionate about risk-based testing, building community within agile teams, developing the next generation of testers, and accessibility. When not testing, Jenna loves to go to punk rock shows and live pro wrestling events with their husband Bob, traveling, and cats. Their favorite of which are the two that share their home, Maka and Excalipurr. Welcome to the show, Jenna! [chuckles] JENNA: Hi, everybody! I'm excited to be here with all the J's. [laughter] JAMEY: We're so excited to have you. JOHN: And we will start with the question we always start with, which is what is your superpower and how did you acquire it? JENNA: On a less serious note, I have a couple of superpowers. One I discovered when I was a teenager. I can find Legally Blonde on TV [laughter] any kind of day [laughs] somewhere. It's a less valuable superpower than it used to be. But boy, was it a great superpower when you would be scrolling and I'm like, “Legally Blonde, I found it!” [laughter] JAMEY: I was going to ask if one of your superpowers was cat naming, because Excalipurr is very good. It's very good. [laughs] JENNA: I wish I could take credit for that. [laughter] Bob is definitely the one responsible. JAMEY: So it's your husband superpower, cat naming and yours is Legally Blonde. Got it. JENNA: Mine is Legally Blonde. [laughter] I also can find a way to relate anything to pro wrestling. JAMEY: I've seen that one in action, actually. Yes. [laughter] JENNA: But no, my real superpower, or at least as far as tech goes is that I am super human. Not in that I am a supremely powerful human, it's that I am deeply rooted in what is human in tech and that's what matters to me and the user is my everything. I'm not one of those people who nerds out about the latest advancement. Although, I enjoy talking about it. What I care about, what gets me excited, and gets me out of bed every day in tech is thinking about how I can solve a deeply human problem in a way that is empathetic, centers the user, and what matters to them. JAMEY: Do you feel like you were always like that naturally, or do you feel like that was a skill that you fostered over your career? JENNA: I think it's who I am, but I think I had to learn how to harness it to make it useful. I am one of those people who has the negative trait of empathy and when I say negative trait, there's that tipping point on empathy where it goes from being a powerful, positive thing to being something that invades your life. So I am one of those people who sitting in a conference room, I can feel the temperature change and it makes me wiggle in my seat, feel uncomfortable, get really awkward, and then default to things like people pleasing, which is a terrible, terrible trait [laughs] that I fight every day against. It's actually why remote work has saved me. But I've had to learn how to take caring about people and turn it into something that's valuable and useful and delivers because we can talk about the user all day and take no action on it. It's one thing to care about the user and to care about people. It's another thing to understand how to translate that care into something useful. When I learned how to do that in testing, my career changed and then when I learned how to translate that to product, things really started to change. JAMEY: That's amazing. JENNA: Thank you. [laughs] JACOB: I feel like so often at work I sit down at 9:00 AM and I'm like, “Okay, what do our users need in this feature, or how could this potentially go wrong and hurt our users?” And then by 9:20, everything's off the rails. [laughter] As work happens and here's a million fires to put out and it's all about things in the weeds that if I could just get them to work, then I could go back to thinking about to use it. You know what I mean? How do you keep that focus? JENNA: So part it is, I don't want to say the luck, but is the benefit of where I landed. I work for a company that does AI/ML driven test automation. I design and build experiences for myself. I'm building for what I, as a tester, needed when I was testing and let's be honest, I still test. I just test more from a UAT perspective. I get to build for myself, which means that I understand the need of my user. If I was building something for devs, I wouldn't even know where to begin because that's not my frame of reference. I feel like we make a mistake when we are designing things that we take for granted that we know what a user's shoes look like, but I know what my user's shoes look like because I filled them. But I don't know what a dev shoes look like. I don't know what an everyday low-tech user shoes look like. I kind of do because I've worked with those users and I always use my grandmother as an example. She's my frame of reference. She's fairly highly skilled for being 91 years old, but she is 91 years old. She didn't start using computers until 20 years ago and at that point, she was in her 70s. Very, very different starting point. But I have the benefit that that's where I start so I've got to leg up. But I think when we start to think about how do I build this for someone else and that someone isn't yourself, the best place to start is by going to them and interviewing them. What do you need? Talk to me about what your barriers are right now. Talk to me about what hurts you today. Talk to me about what really works for you today. I always tell people that one of the most beneficial things I did when I worked for Progressive was that my users were agents. So I could reach out to them and say like, “Hey, I want to see your workflow.” And I could do that because I was an agent, not a customer. They can show me that and it changed the way I would test because now I could test like them. So I don't have a great answer other than go bother them. Get a user community and go bug the heck out of them all the time. [laughs] Like, what do you mean? How do you do this today? What are your stumbling blocks? How do I remove them for you? Because they've got the answer; they just don't know it. JAMEY: That was really gratifying for me to listen to actually. [laughter] It's not a show about me. It's a show about you. So I don't want to make it about me, but I have a talk called Walking a Mile In Your Users' Shoes and basically, the takeaway from it is meet them where they are. So when I heard you say that, I was like, “Yes, I totally agree!” [laughs] JENNA: But I also learned so much from you on this because I don't remember if it's that talk, or a different one, but you did the talk about a user experience mistake, or a development mistake thinking about greenhouses. JAMEY: Yes. That's the talk I'm talking about. [laughs] JENNA: Yeah. So I learned so much from you in that talk and I've actually referenced it a number times. Even things when I talk to testers and talk about misunderstandings around the size of a unit and that that may not necessarily be global information. That that was actually siloed to the users and you guys didn't have that and had to create a frame of reference because it was a mess. So I reference that talk all the time. [laughs] JAMEY: I'm going to cry. There's nothing better to hear than you helped someone learn something. [laughter] So I'm so happy. [chuckles] JENNA: You're one of my favorite speakers. I'm not going to lie. [chuckles] JOHN: Aw. JAMEY: You're one of my favorite speakers too, which is why I invited you to come on the show. [laughs] JENNA: Oh, thank you. [laughter] Big warm hugs. [laughs] JOHN: I'm actually lacking in the whole user interviewing process. I haven't really done that much because usually there's a product organization that's handling most of that. Although, I think it would be useful for me as a developer, but I can imagine there are pitfalls you can fall into when you're interviewing users that either force your frame of reference onto them and then they don't really know what you're talking about, or you don't actually get the answer from them that shows you what their pain points are. You get what maybe they think you should build, or something else. So do you have anything specifically that you do to make sure you find out what's really going on for them? JENNA: The first thing is preparation. So I have a list of questions and that time with that user isn't over until I've answered them. If it turns out that I walked into that room and those questions were wrong, then we stop and time to regenerate questions because I can bias them, they can bias me, we can wind up building something totally different than we set out to do, which is fine if that's the direction we went end up going. But I need to go into that time with them with that particular experience being the goal. So if I got it wrong, we stop and we start over. Now, not everybody has to do that. Some people can think faster on their feet. Part of being ADHD is I fall into the moment and don't remember like, “Oh, I wrote myself a note, but there's also” – I just read a Twitter thread about this today. I wrote myself a note, but also to remember to go back and read that note. So [laughs] all of those little things, which are why I really hold to, “I got it wrong. We're going to put a pin in this and come. Let's schedule for 2 days from now,” or next week, or whatever the appropriate amount of time is. There have been times – and I'm really lucky because my boss is so good at interviewing users so I've really gotten to learn from her, but there have been times when she'll interview a user and then it totally turns the other direction and she goes, “Well, yes, we're not building this thing we said we were going to build. I'm going to call you again in six months when I'm ready to build this thing we started talking about.” Because now the roadmap's changed. Now my plan has changed. We're going to put a pin in this because in six months, it may not be the same requirement, or the same need. There might be a new solution, or you may have moved past that this may be a temporary requirement. So when we're ready to do it, we'll talk again. But the biggest thing for me is preparation. JAMEY: I have a question about something specific you said during that near the beginning. You said, “They can bias me and I can bias them,” and I wonder if you have any advice on identifying when that is happening. JENNA: When it feels like one of you is being sold? JAMEY: Mm. JENNA: So early in my career, before I got into tech, I worked in sales like everybody who doesn't have a college degree and doesn't know what they want to do with their life does. Both of my grandfathers and my father were in sales. I have a long line of salespeople running through my blood. If I realize that I feel like, and I have a specific way that I feel when I'm selling somebody something because I like to win. So you get this kind of adrenal rush and everything when I realize I'm feeling that. That's when I know ooh, I'm going to bias them because I'm selling them on my idea and it's not my job today to sell them on my idea. I know they're biasing me when I realize that I'm feeling like I'm purchasing something. It's like, oh, okay. So now I'm talking to somebody who's selling me something and while I want to buy their vision, I also want to make sure that it makes sense for the company because I have to balance that. Like I'm all about the user, but there's a bottom line [laughs] and we still have to make sure that's not red. JOHN: So you're talking about a situation where they maybe have a strong idea about what they want you to build and so, their whole deal is focused on this is the thing, this is the thing, you've got to do it this way because this would make my life the most amazing, or whatever. JENNA: Yeah, exactly. Or their use case is super, super narrow and all they're focused on is making sure that fits their exact use case and they don't have to make any shifts, or changes so that it's more global. Because that's a big one that you run into, especially when you're like building tools. We have to build it for the majority, but the minority oftentimes has a really good use case, but it's really unique to them. JOHN: What's the most surprising thing you've taken away from a user interview? JENNA: I wouldn't say it's a surprise, but probably the most jarring thing was when I got it wrong the first time and when I got it wrong, I was really wrong. Like not even the wrong side of the stadium, a different city. [chuckles] Like a different stadium in a different city wrong. [laughs] It caught me off guard because I really thought that what I had read and what I understood about the company that I was working with, the customer that I was working with. I thought I understood their business better. I thought I understood what they did and what their needs would be better. I thought I understood their user better. But I missed all of it, all of it. [laughs] So I think that was the most surprising, but it was really valuable. It was the most surprising because I was so off base, but it was probably the most valuable because it showed me how much I let my bias influence before I even step into the conversation. JOHN: Is there a difference between how you think about the user when you have your product hat on versus when you have your tester hat on? JENNA: Oh, absolutely. When I have my product hat on, I have to play a balancing game because it's about everybody's needs. It's about the user's needs. It's about the business' needs. It's about the shareholders' need. Well, we don't really have shareholders, but the board's needs, the investors' needs. And when I'm testing, I get to just be a tester and think about what do I need when I'm doing this job? What solves my problem and what doesn't? What's interesting about testing and not every tester is like this, but I certainly am. I mentioned that I like to win. Testing feels like winning when you find bugs. So I get to fill that need to win a little bit because I'm like, “Oh, found one. Oh, found another one. Yes, this is awesome!” I get really excited and I don't get to be that way when I'm product person, but when I'm testing person, I get to be all about it. [laughs] JAMEY: I love that. That's so interesting because to me as a developer, I get a similar feeling when I fix bugs. I feel crappy when I find bugs, [chuckles] but I get that feeling when I fix them. So it's really interesting to hear you talk about that side in that way. I like it. JENNA: Have I ever shared with you that I think developers are like dogs and testers are like cats? JAMEY: Elaborate. JACOB: Let's hear it. [laughs] JENNA: Okay. So I like dogs and cats. That's not what this is about. JAMEY: I like dogs and cats, too. So I'm ready to hear it. [laughs] JENNA: Dogs are very linear. If you teach a dog to do a trick and you reward them in the right way, with the exception of a couple of breeds, for the most part, they'll do that for you on a regular basis. And dogs like to complete their task. If they're a job, because a lot of dogs, they need jobs. They're working animals, it's in their DNA. If their job is to go get you a beer, they're going to go get you a beer because that's their job and they want to finish their job. Cats, on the other hand, with the exception of their job of catching things that move for the most part, they are not task oriented and really, a cat will let a mouse run past it if it's just not in the mood to chase it. It's got to be in the mood and have a prey drive and they don't all. So a cat, you can teach them a trick and if you reward them the right way, sometimes they'll do it and sometimes they won't. Some breeds of cats are more open to doing this than others. But for the most part, cats are much more excited about experimentation. So what happens if I knock on that glass of wall water? What happens if I push on that? What happens if I walk up behind you and whack you in the back of the head? They're not doing it because they're mean, they're doing it because the response is exciting. The reaction to their input in some way is exciting to them as opposed to finishing tasks. Because if you've ever had a cat catch a mouse, they're actually sad after they have caught the mouse. The game is over, the chase is done. It's not fun to give me the mouse; it's fun to chase the mouse. So testers are a lot like that. The chase and the experimentation are a whole lot more fun than the completion. When I find a bug, that's the chase, that's the good part of it. That's like, “Oh yeah, I tracked it down. I figured it out. I found the recreate steps.” After I found the bug, it's not as fun anymore. [chuckles] So I've got to find the next one because now I'm back on the hunt and now that's fun again. Dogs on the other hand, it's like, “Oh, I finished the task. I'm getting my reward. I get to cross this off. My list feels really good” Very different feedback. So I think that's part of it is that devs love to finish things and testers love to experiment with things. JOHN: Yeah. JAMEY: I think that's really insightful. JOHN: Yeah. [laughter] JAMEY: I'm like a I put something that I did on my to-do list so that I could cross it off and it feels like I did something kind of person. [laughter] JACOB: I think we, at least I was, early in my career kind of trained to have that mindset and trained away from no, we're not here to like experiment with the newest and coolest thing. We're just trying to ship features. We're just trying to fix bugs. We're just trying to finish the task. Please do not be overly experimental just for fun, which is an over simplification because everyone needs to be creative at some point. But I totally agree. JENNA: Well, and testers do have to balance that, too because there is such a thing as over testing and you hit this tipping point where it becomes wasteful and you move from I've delivered valuable information to now I'm creating scenarios that will never happen. Yes, a user can do pretty incredible things when they want to, but we can only protect from themselves to a point. Eventually, it's like okay, you've reached that tipping point now it's waste. [laughter] JOHN: Yeah. I remember some research that came out recently that if you call the cat and it doesn't come, it understands what you're asking for and it's like, “Nah.” JENNA: Yeah. Maka not so much. But Excalipurr, when she's sleeping, she'll hear you. That cat is out cold. She has zero interest in what you're saying, or doing. Nothing is going to disturb her well-earned slumber. [chuckles] JACOB: I'm kind of amazed how like my cat is just easily disrupted by the smallest noise when awake and then when he's sleeping, he's dead to the world just like you said. He clearly can't hear it, or if he is, there's something switched off in his brain when he's sleeping, because he's a total spaz when he is awake. [laughter] JENNA: I don't know. I think my vet could explain it better. He actually walked me through what happens in a cat's brain when they were sleeping. I don't remember why. I think we were waiting for a test to come back, or something and he was just killing time with me. But there was this whole neurological thing in their brains that looks for certain inputs and even biochemically, they're wired to certain sounds that are things that they should get awakened by and other things, it's like yeah, that matter. For some reason, though my cats have weird things that they're really tuned into. If you knock on the door, Excalipurr—we call her Purr—will go bananas. She is furious that someone has knocked on the door. Same thing if something beeps like microwave beep, the sound of if I've got a somebody on speaker phone and their car door opens and it beeps, she is mad. She could be dead asleep and she hears that and she is furious. But otherwise, nothing bothers her. She's out cold. [laughs] JAMEY: I also hate when people knock on my door so I can relate to that. JOHN: Yeah. JENNA: Don't come to my door if I'm not expecting you. JACOB: Yeah. JENNA: Also don't call me if I'm not expecting you. [laughs] JAMEY: I have exactly one person I open the door for. His name is Joe and he's our neighborhood person who comes and collects everyone's bottles and cans. But I recognize the cadence of his knocks so that I can answer the door for him and not other people. [laughter] JOHN: So you said earlier that working with ADHD, you had to develop some sort of techniques for how to handle that well in your life. Do you want to talk more about that? JENNA: I don't know if I would say I handle it well, but I handle it. [laughter] Most of the time. Typically, I do you pretty well. So I have lots and lots of alerts for myself. Because as I mentioned, I'll write myself a note, but you still have to have the – somebody said the name of it today and I forgot what it was, but there's a type of memory that tells you to like, “Hey, go look at your notes that you created for yourself,” because you can write the notes, but forget that the notes exist and never go look for them again. So I have lots of like alerts and alarms that tell me like, “Hey, go do this thing. Take your meds. Check to make sure that you have everything you need on the grocery list.” I have a couple of times a day that I have a reminder to go check my to-do list [chuckles] because otherwise, I just won't remember. I'll put the system into place and forget that the system exists and even with those helps, sometimes it'll just slip by especially I'm busy during those alerts. But I try really hard to use those. The most effective thing for me, though is definitely my medication. I was chatting about everybody before we started and I mentioned that because of supply delays and all of the rules around how early you can refill and the rules around not being able to transfer your script from one pharmacy to another and all that kind of stuff, I was without my medication for let's see Friday, Saturday, Sunday, Monday, because I didn't get it until midday yesterday and I was sick. So [chuckles] too many factors at one time that I was just not at all functional over the weekend. I forgot steps in what I was cooking. I forgot things on the grocery list. I couldn't stay awake. That was probably more being sick but. So for me, that's probably the most effective thing. Also, just as a note for those of us assigned female at birth, I that ADHD symptoms get worse [laughs] as we hit 40 and up that all of the hormonal stuff winds up interacting with how our attention is, because I couldn't figure out why my dose had to go up. I was like, “I've been on it forever. Why do we have to raise the dose?” And she's like, “Well, there's some things going on,” and I have a feeling it's all about premenopausal stuff, because for those who don't know, I'll be 40 in June. Not a teenager anymore. [laughs] So all sorts of things that I need to keep it all in balance and things that I'm learning about being in my age group and having ADHD that nobody talks about because of the assumption that ADHD is something only children have and that ADHD is something that you grow out of. When you don't grow out of it; it just kind of changes. And that it's not just men and people who are assigned male at birth that there's a lot of us out there, varying genders. We've got to talk about it more because a lot of us feel like we're wandering the wilderness, trying to figure out what's on in our heads. [laughs] JOHN: Yeah. I remember hearing recently that ADHD and ADD present differently in AFAB people and so, it goes underdiagnosed because of that. It doesn't show up in the classical symptom lists in the same way. JENNA: Yeah. So the classic symptom list was developed around pre-pubescent and puberty age boys and in girls, it doesn't tend to present as not being able to sit still. Although, there's still definitely some of that. It presents more in being like a Chatty Cathy as they say like, “Oh, they talk all the time.” So it presents differently and as we get older and all of the other like stuff starts to factor in, AFAB tend to get identified instead as borderline personality disorder, or bipolar as opposed to ADHD, or even anxiety as opposed to ADHD. Because when you feel like your brain is going a mile a minute, it makes you anxious. So they give you an anti-anxiety medication instead of dealing with the fact that you feel like you can't keep up with your thoughts. There are so many different factors there, but we're learning a lot more about the presentation of ADHD and autism in people who are assigned females at birth. JOHN: Yeah. I don't know a ton about the history of the diagnosis and everything, but I can assume well, because it's the society we live in that there's a giant pile of sexism going on in there, both in who is studied and who they cared about succeeding in classical schooling and the work environment and all sorts of biases up and down the hierarchy. JENNA: Absolutely. There's both, the medical misogyny, but also the socialization because there's an expectation of good girl children and the behavior that girl children should display. So we are socialized to force ourselves to sit even if it means sitting on your hands. You're socialized to doodle instead of wiggling because good girls sit still. So there's all of that kind of stuff that plays into it, too. Even things like if you develop a special interest, which typically people associate with autism, but certainly has some crossover with ADHD because they're very closely related. You learn to either hide that special interest so you just don't talk about it, or you become that person that has the weird quirky thing because ADHD girls are always quirky, right? [chuckles] They're a quirky girl. There's no neurodivergence there. They're just quirky. They're just different. I guess, in many ways, I was kind of lucky because my mom taught autistic, intellectually disabled, and other disabled early childhoods. So she identified early, like kindergarten, that I was probably ADHD. I was dealing with it like really early. Also, she had this kind of belief about raising kids without gender, but also not doing it very well. So I wouldn't say it was a successful thing. [laughs] So let me tell you, we didn't have girl toys and boy toys. We had building blocks and stuff like that. We weren't allowed Barbies. We also weren't allowed Hot Wheels. Very gender in neutral things. But when, as a teenager, I dressed really androgynous, I was told to put on a dress because she is a girl. So I don't know. [laughter] It didn't really work. But I think that a lot of that played into me being identified really early. I'm probably getting off track, but the benefit of is that I learned a lot about it from an early age and I was able to develop systems that work for me from an early age. Most people who are assigned female at birth don't get the benefit of that. My hope is that our kids, I don't have any kids, but to the people my age that have kids, my hope is that their children are being identified earlier so that they are able to get those systems in place and be more successful in the long term. JACOB: I'm autistic and sometimes I think about the fact that I think that my white male privilege let me get away with some of the less great behaviors that came naturally to me and did not force me to develop masking skills until much later in my life. So when you were talking about that, I can sort of relate to that by the opposite that that's making a lot of sense to me, that I could see how all these sort of societal pressures to sit still and behave weren't put on me. I was just encouraged to just be a weird individual and be myself and how that wasn't put on me in places where maybe it probably should have been. So that makes a lot of sense. JENNA: I have to say, though, I think I've forgotten how to mask COVID has definitely killed masking for me. I have completely forgotten how to make small talk. [laughs] JACOB: Yeah, me too. JENNA: [laughs] I can't do it anymore. I've also forgotten how to fix my face. I was never great at fixing my face. Everything I'm thinking, feeling wears on my face, but I'm even worse at it than I used to be. [laughs] JAMEY: I also struggle with fixing my face, but I've actually been finding that I love wearing face masks in public because I can interact with someone without having to worry about what my face is doing and it takes a lot of the pressure off me, I feel. JENNA: I think it does. So I have resting friendly face. [laughter] For those of you who've never met me in person, I am 4' 10”. I'm really short. I'm also kind of wide. I'm fine with it. But little ladies in the grocery store will ask me to help them reach things because I look friendly and approachable. [laughter] But I can't reach them any better than they can! [laughter] Sometimes they're taller than me. So face masks have allowed me to blend in more, which is really nice because I get less of random people coming up to talk to me. People will joke that I make a friend everywhere I go because people just start talking to me and I don't really care. I'll talk to them, that's fine. What I really laugh at is since I can't fix my face, I will put on a plastered-on smile and somebody will be like, “You are really mad at me right now, aren't you?” I'm like, “No, everything's fine. I'm super okay with this,” and they're like, “Yeah, you are furious so we're going to stop.” [laughs] Like I can manage an angry smile without meaning. [laughter] JAMEY: It's interesting what you said about people talking to you randomly, because I also I tend to be that, the kind of person that people talk to randomly in general. I've been having an interesting experience recently where I've been on testosterone for about a year and a half and I'm like finally hitting the point where the way people perceive me in public is different than it used to be. That got cut down dramatically immediately and in a way where people's eyes slide off of me in public. I'm not there in a way that never used to happen to me and it was really interesting realization for me to realize how much of that was the socialization that people think they're entitled to a woman's time and attention. It's not exactly what you were talking about, but it made me think of it and I've been thinking about it a lot lately. [laughs] JENNA: But it's true. It's really true. I think everyone who's perceived as a woman gets it, but gets it in different ways. I tend to get it from people who feel like I'm a safe place to go to. So little old ladies talk to me, little kids talk to me. Now to be fair, bright pink hair, little kids think I'm great. [laughter] Especially when my tattoos are showing, too. The parents are usually like, “Okay, okay. Leave them alone.” [laughter] But I'm also—no offense to anyone who identifies as male in the room—the person that men don't typically stop and talk to, or even notice. I remember I was taking four boxes of nuts to my coworkers and I think it was Fat Tuesday, or something so I was bringing in these special donuts from my favorite donut place around the corner. I had four boxes of donuts and this guy doesn't grab the door, or anything. Just leaves me to try and push the door open with four boxes of donuts. But then granted, she was gorgeous, beautiful blonde starts walking the other direction. He notices her right away, grabs the door, and opens it for her. It's like oh, okay. I've had that happen quite a few times and not to sound dramatic here, but that's part of the reality of living in a fat body that you do get overlooked by others. So the little old ladies tend to tend to gravitate towards me and then other women, men gravitate towards them. I think no matter, what women experience this and people who are perceived as women, because I do identify as non-binary. But let's be honest, people in the broader world perceive me as a woman. We all get it. We just get it very differently and in different ways, but I can't think of a single woman who hasn't experienced it in some way. JAMEY: Definitely. JOHN: Yeah. I've read so many rants frankly from women who have absolutely loved masking well in public because they don't get told to smile and they don't present as female as normal. So they don't fit into that category as much and so, they don't get that same attention. I look very male so no one ever does that to me, but I can imagine what a relief that must be. JENNA: I definitely think it is for some women, especially in super public spaces. JAMEY: I feel like I derailed from ADHD and I want to bring it back. [laughter] I did have a question I was going to ask anyway. So I'm bringing it back to that, which is that I feel like these conversations, like the conversation we're having right now about ADHD, is something that I've been seeing happening more, especially about ADHD and adults. I think it's just something that people have been talking about more the past few years in a way that's positive. I know a lot of people who were like, “Oh, I got diagnosed recently as an adult. I started on medication and I never realized this was what was making my life so hard and my life is so much easier now.” I have several friends that are like really thriving on that currently. So I guess, my question for you is that as someone this whole story you told about being aware of this much younger and being able to make all these coping mechanisms and things like this. What would your advice be to someone who's now, as an adult, realizing this about themselves and then coming to grapple with it? JENNA: Let me preface with this. I'm not one of those people who says medication is the only way; there are lots and lots of ways to manage ADHD symptoms. But I feel like the most beneficial thing you can do for your is to find a clinician that listens to you, that believes you, that doesn't dismiss your experiences because there are as many different presentations of ADHD as there are people who are ADHD. If you've met one ADHD person, you've met one ADHD person; we all have different traits. So finding somebody who is willing to hear you, listen to you, and partner with you, as opposed to try and dictate to you how to manage, how to cope is critical. Part of that is arming yourself with all the information that you can. But the other part of it is being a really, really good self-advocate and if you aren't comfortable with that kind of self-advocacy, finding somebody that's willing to partner with you to help be your advocate. I know a lot of people in the fat community who have personal advocates for medical appointments, because they feel like they're not heard when they go to the doctor. Same thing for us as people who are neurodivergent. We don't get heard all the time and if you feel like your clinician isn't hearing you and because there is a real barrier to getting a new one many times—oftentimes we're stuck with someone. Finding that person that's willing to walk with you is huge. It is really easy to find yourself in a situation where you lose control of your decision-making to a provider who makes the decisions for you, but is clever enough to convince you you're making the decision yourself. That's my biggest advice is don't fall into that trap. If something feels wrong, it's wrong. If a medication doesn't work for you, it doesn't work for you. There are multiple different types of medications, classifications of them, and different brands for a reason is because we all need something different. Like I went through Ritalin, Adderall, finally to Vyvanse because Ritalin and Adderall weren't working for me. Adderall worked, but it raised my heart rate. Ritalin made me feel manic. My provider listened to me when I said I feel manic. I feel out of control, and she's like, “If on the lowest dose you feel out of control, this is not a way to go.” I have a friend who has been pushed off of taking stimulants because she has a history of addiction. She has a history of addiction because she's ADHD and she was self-medicating. It took four different providers to finally get to somebody who said, “Yeah, the stimulants are what worked for you.” The non-stimulant options weren't working, but she had to go and demand and demand and demand and it was the only way to get heard. So I probably got on a tangent there, but self-advocacy, finding someone who will work with you, and getting an advocate if you don't get hurt. JAMEY: I think that advice will be really helpful for people. So thanks. JOHN: Yeah. JENNA: I'm always very worried that I'm going to cross a line and upset somebody, but it just is, right? JACOB: I don't know what line that would be. I feel like everything you said was just really empowering and I wish someone said that to me 10 years ago, honestly. JENNA: I hope it's helpful, but I've had people who haven't realized that even though they're an adult, because they're neurodivergent that they are forever a child. JACOB: Yeah, I know. JENNA: So their opinion, their experience doesn't matter, it's invalid, and those are the folks that sometimes get really upset when I talk about self-advocacy. That's a big personal journey to realize that hey, you are a grown up. You make these decisions. [laughs] You are allowed to be an adult now. In fact, you need to be an adult now. JAMEY: That's also very insightful, I think. JOHN: Yeah, and interestingly, it ties in with – so my company had an event for Black History Month. We're a healthcare company, we have a lot of clinicians of color and they put together a panel discussion about Blackness in a healthcare context and literally one of the panelists was talking about how do you cope with there's still prejudice, there's still people joining medical school right now that believe that Black people don't experience pain as strongly as other people. How do you deal with that? They said almost literally the same thing. You take advocates with you to your medical appointments so that you can have more opinions. You can have someone to help fight for you, someone to help make those arguments, and point out things that you might not be noticing at the moment about how the provider is acting, or just to give you that moral support to actually voice your like, “Hey, what, wait, wait, wait, this is not right. Let's back up and talk about this again.” So I think that advice is important in so many intersections that I'm glad you laid it out like that. JENNA: It's a really interesting conversation that I wound up having. I've had sleep problems my whole life and by the way, if you're ADHD and you have sleep problems, you're not alone. It's a pretty common symptom [chuckles] to have disrupted and disordered sleep partly because our brains get bored and then we wake up. Our brains don't know how to focus on sleep. Interesting study that somebody's undertaking. But my neurologist that I see for sleep asked me to be part of a panel conversation with a team of doctors and they basically asked me questions about being ADHD and having sleep issues. And one of the things that these doctors had never really considered is that I know enough about my own body and my own sleep to know why all of the things that they've suggested haven't worked. One of them was like, “Did you try having more potassium?” I remember I just stopped myself and I said, “Listen, my parents have told me stories of how I wouldn't sleep as an infant.” We're talking about somebody who was sleeping 2, or 3 hours a night as a toddler. This is not a new thing. This is not insomnia. This is not stress related, stress induced sleep loss. This is a chronic medical condition. I said, “If you think that I haven't tried more potassium, having peanut butter at night, turning off devices an hour before bed, not watching TV before bed, not reading before bed, using the sleep training apps, going for a sleep study. If you think I haven't done this stuff, I don't know how to help you, because if you think I've made it this far in my life without trying anything, we have a whole another conversation to have.” It's the same thing. I'm going to say this and it's going to sound really hurtful to providers, but they think that we were born yesterday and until that change, we just have to keep proving them wrong. JAMEY: I think that you won't probably hopefully hurt the feelings of providers who aren't like that. Because my suspicion is that providers who aren't like that are like, “God, I know.” [laughter] JENNA: I hope so. I hope so because they're patients, too. I really wonder what it's like for them to go to a doctor. JAMEY: Yeah. I didn't want to totally derail into a different conversation again, but I just want to kind of note that this all really resonates with me also as a trans person, because I know way more about trans healthcare than doctors do. [chuckles] So I go in and I say, “This is what we're going to do because I know all about this,” and my doctor's pretty good. He listens to me and he works with me, but he says like, “Cool, I don't know anything about that so sounds good,” and it's just wild to me that I have to learn about all of my own healthcare to do healthcare. JENNA: Yeah, which that's a whole another conversation about how important it is to – like we talk about diversifying tech, which is important, but we also have to diversify the community. Until there are trans clinicians, until there are more Black clinicians, until there are more assigned female at birth clinicians, we are going to continue to find ourselves in these situations and we're going to continue to find ourselves in dangerous situations. I think about—getting off track for a second because that's what I do. I live in Cleveland. Well, I don't live in the city of Cleveland, but Cleveland is my nearest metro area. I'm 10 minutes outside of the city. Cleveland has one of the worst infant and maternal mortality rates for Black women in the country. We also have some of the lowest numbers of Black OB-GYNs in the country. There is a direct correlation there. No offense to my white men, friends, but all of these white men sitting here in their ivory tower guessing at how they're going to solve this problem while at the same time women like Serena Williams nearly die in childbirth because they don't listen to her. It's like, so you're going to come up with these solutions when you're not even listening to some of the most educated and informed patients that you have? It's why there's a whole coalition of Black women in Cleveland that have started a doula organization that they're becoming doula to support other Black women in the city because they don't feel like the medical community is here for them. It's the exact same thing. Like until we have this diversity that's so needed and required, and reflects patients, people are going to die. JAMEY: Yeah. On the flip side of that, when you do have a provider that shares your background in that way, it's so empowering. My new endocrinologist is trans and the experience is just so different that I couldn't have even fathom how it was going to be different beforehand. [chuckles] JENNA: That's amazing, though. That transforms your care, right? JAMEY: Yeah. Totally. JENNA: But it all comes back to what I said about how I care deeply about the human [chuckles] because this is all the human stuff. [chuckles] JOHN: Yeah. JAMEY: So what we like to talk about here on Greater Than Code, the human stuff. JENNA: That's why I love Greater Than Code. [laughs] I can't help myself, though. Whenever I say human stuff, or think about human stuff, I think about Human Music from Rick and Morty. [laughter] That whole thing has always stuck out in my mind. [laughs] Just look up Human Music from Rick and Morty and you'll get a giggle. [laughs] JAMEY: I think it's a great time to do reflections. What do you think? JOHN: Yeah, I can start. I think there's probably a ton I'll be taking away from this. But I think what struck me the most is right at the beginning when you were talking about your superpower, you talked about yourself as a super human, not super human, but as a just super human, just you're really human. All of us are, but we don't think of ourselves that way. I just love that framing of it as just that I'm here as a human and I'm leaning into it. I really like thinking that way and I'll probably start using that term. JACOB: I related really hard to the forgetting how to mask situation since COVID. I don't know if that's a full reflection, or not, but I relate really hard to that. JAMEY: I feel like in a way my reflection is so general, I think it's so great to talk about stuff like this. I think that it's really important. Like I was kind of saying about we have more people realizing things about theirselves because people are just more are open about talking about this kind of topics. I think that that's really amazing and I think that when people like Jenna come on shows like Greater Than Code and we can provide this space to have these kind of conversations. That, to me feels like a real a real privilege and I almost can't come up with a more specific reflection because I hope people will listen to the whole show. [chuckles] JENNA: What's been really amazing is getting to talk about whatever just feels stream of consciousness in this conversation has connected a lot of dots for me, which is really neat because outside of tech, for folks who don't know, I'm a deacon at my church, which is also a very human thing because I provide pastoral care to people who are in the hospital, or who are homebound, or who are going through crisis, or in hospice care, or families who have experienced a loss. All of these things interconnect—the way that I care for my community, the way that I care for my broader community because I have my church community, I have my tech community, I have my work community, I have my family. All of these very human spaces are the spaces that are most important to me. If you are my friend, you are my friend and I am bad about phone calls and stuff, but you are still somebody who's on my mind and if something happens, I'm your person. You just message me and I'm there. It all interconnects back to all of these like disparate ideas that have just coalesced in one conversation and I love that and that makes my heart very full. JAMEY: Thank you so much for coming on the show. Is there anything that you want to plug? JENNA: So I have a couple of talks coming up. At InflectraCon, I am doing a risk-based testing talk and Agile Testing Days, I am doing a workshop on test design techniques. If you came to CodeMash, it's that workshop, it's fun. Support your local testers! That's my big plug. Support your testers! [laughter] JAMEY: Think about them as the experimental cats. I think that will be helpful for people. [laughter] JENNA: Yes! [laughter] JAMEY: Thank you so much. This was great! JOHN: Yeah, I loved the last line of your reflection. That was beautiful. JENNA: Aw, thank you. Special Guest: Jenna Charlton.
Chad talks to Benjie De Groot, co-founder, and CEO of Shipyard. Shipyard manages, creates, builds, and deploys ephemeral environments. Benjie talks about how Shipyard became a funded company, discovering who their ideal customers are, and building out the core team so Shipyard can accelerate and figure out their next steps in how to bring it to the masses. Ephemeral Environments (https://ephemeralenvironments.io/) Shipyard (https://shipyard.build/) Follow Benjie on LinkedIn (https://www.linkedin.com/in/bueller/). Follow Shipyard on Twitter (https://twitter.com/shipyardbuild), LinkedIn (https://www.linkedin.com/company/shipyardbuild/), or GitHub (https://github.com/shipyard). Follow thoughtbot on Twitter (https://twitter.com/thoughtbot), or LinkedIn (https://www.linkedin.com/company/150727/). Become a Sponsor (https://thoughtbot.com/sponsorship) of Giant Robots! Transcript: CHAD: This is the Giant Robots Smashing Into Other Giant Robots Podcast, where we explore the design, development, and business of great products. I'm your host, Chad Pytel, and with me today is Benjie De Groot, co-founder, and CEO of Shipyard. Benjie, thanks for joining me. BENJIE: Thanks for having me. CHAD: Why don't we start by if you don't mind sharing a little bit about what Shipyard is and does? BENJIE: Sure. At the core of what Shipyard is working on is ephemeral environments; not everybody knows what that means. That is changing a bit. But essentially, what we're focused on is on every pull request or commit for a feature; Shipyard manages, and creates, and builds, and deploys ephemeral environments. So that's a disposable one-off on-demand environment that any stakeholder in your internal company can use. And we focus on the tooling around that, on build pipeline, and then security around that. And then all kinds of other cool features that are necessary that pop up. CHAD: Cool. So as a developer, I'm familiar with the concept of developing locally, putting up my pull requests. And also, we deploy a lot of stuff to Heroku. So I'm familiar with some of the infrastructure that Heroku might give. How did you arrive at saying like, this is a thing that I want to work on and believe should exist? BENJIE: That's a great question. I actually am also a developer; that's my background. And throughout the course of my career, I've always been on the technical side of the company. And what that's translated to, because of passion, to be honest, is always taking on a DevOps type role, so throughout the course of my career, a lot of responsibility. I mean, I started off writing Bash scripts, went to Puppet, did Chef for a while, did Ansible. Somehow I went back to Bash scripts for a lot of this stuff. Then this company called DoCloud popped up, which obviously became Docker, and I kind of got obsessed with that. And then I had a bunch of friends at Google, and they were telling me about this creepy thing called Borg, and that became Kubernetes. And so, my career has kind of happened throughout that entire process. And throughout, DevOps has kind of been my passion. Along with my co-founder, Peter, I was a high-priced Kubernetes consultant in the New York ecosystem just a few years ago. And a lot of companies were trying to make the transition to Kubernetes. And Peter and myself came in and helped people that were struggling to find DevOps resources. And what that always kind of looked like was there was some bespoke version of a deployment system that was perfect for the person that wrote it. But obviously, it wasn't good enough for me and Peter, for Peter and myself. CHAD: [laughs] BENJIE: And so we would rewrite it, and it would be great. But then, eventually, we'd move on, and someone else would rewrite it. And there were a few instances where we ended up going back to companies and just reimplementing what we had already done. And throughout that process of being this consultant, we kept running into this ephemeral environment thing and building the same tooling over and over and over again. So Peter and I, on a weekend, kind of got, "Oh, let's make a tool for ourselves." So we did that. And we made this exoskeleton to help our consulting business. And as things progressed, we kept just adding features, and it was really fun, and it was great. And then some of our customers or clients saw that. And they were like, "Hey, can we click that button?" And we were like, "I guess." And so slowly, it turned into a product that was very duct tape-y and glued together, but it worked great. And to be frank, I had been through the VC process on the technical side in the past and didn't want to go through that again, the hamster wheel of need to raise more and more money and so very, very averse. And was very set on a really nice lifestyle consulting business, and hell was going to have to freeze over for us to take any VC dollars. And then I don't know if you heard, but in March of 2020, hell froze over, and [laughter] there was a little pandemic. And at the same time, we got some pre-emptive term sheets, yadda, yadda, yadda. Next thing you know, we're a funded company building out a really cool product. So that's the origin story of where Shipyard came from. CHAD: Really cool. I definitely want to come back to what building the product for you has been like, and the funding, and where you go from here. But let's come back to the product itself. As a developer, my normal workflow is I'm working locally. I'm able to run the application that I'm working on locally here on my computer. I put up a pull request on GitHub. I ask my team to review it. Once it gets reviewed from a code perspective or a design perspective and gets a thumbs up, I merge it back into the main branch. And I deploy it to a staging server, at which point I would ask my stakeholder, my client, whatever, "Hey, this thing you're expecting it's on the staging server for you to check out." And everyone else on the team is doing the same thing. So where does Shipyard come in, and why is it better than that? BENJIE: So where Shipyard comes in, it's after the local development but before you get to staging or really before you get to production because, in practicality, a lot of people turn Shipyard into their staging servers. But what happens is through webhooks, we hook into your GitHub. And we see that there's a new commit that comes in. And we automatically build and deploy a fully ephemeral environment for that feature. And what that gets you is a few things. One paradigm that we're seeing a lot of is when you make that PR, a lot of end-to-end test suites are being run automatically using Shipyard ephemeral environments. And what that gives you is, in some instances, before you even have a code review, you're passing the suite of tests. And what that gives you is you save a lot of time. If there's just a dumb migration error or some typo or something like that, you're not wasting human capital or human energy on those environments. And the other instance there that gets really interesting is by bringing up these environments earlier on, product stakeholders and QA stakeholders can do their jobs earlier on in the process. And so you can avoid a lot of merge conflicts. So like, you merge something, and maybe there's an edge case that you hadn't tested for, and the code review didn't pick up. Well, all of a sudden, staging is broken. And some other team member that's using the same process you were now they're blocked. Or the client can't see that environment, and there's some other type of problem. But really, we didn't invent this paradigm. This is what FAANG does. There's a reason why I can't remember the last time that Gmail itself a button broke, or there was bad CSS, or bad HTML, same thing with Facebook, same thing with Netflix. Obviously, we all know about –- CHAD: There's the obvious DNS outages. BENJIE: [laughs] Right. I was going to say we all know about AWS, especially in December of 2021. That was a tough month. But yeah, from a UI/UX and controllable release perspective, this greatly increases your internal stakeholders' ability to get their hands on features earlier, find problems, and then get those back to developers. And the other thing, and maybe this is a question for you. But have you ever been in a situation where you built something, and it doesn't actually get reviewed for a few weeks? And then there is a bug, and you have to go back, and context switch off of what you're working on and go back and put a whole other mental model in place to go back and remember why did I use a switch statement here? That's a bad example but something to that effect. CHAD: [laughs] Yeah. Well, I really try to avoid that scenario by having tight feedback loops, but sometimes it's unavoidable. It might be you finish something right before a holiday or going away or something like that; that can happen. So it's happened to me before, yeah. BENJIE: Right. And how do you get your product people or your UAT teams...when do they get to touch the feature that you're working on? CHAD: It's usually not until after a code review when it's been merged into main and deployed to staging. BENJIE: So that's kind of how we make that feedback loop tighter. And what we've seen in practice actually is a lot faster, more reliable releases. And there's a significant increase in the cadence of releases that can happen and a higher quality of those releases. CHAD: You mentioned that some customers end up even getting rid of staging. And so that's really exciting and interesting to me. When they do that, what does the overall picture look like? Is the code merge manual? Or do you have customers that are doing continuous deployment off of a thumbs up from the person reviewing it in the ephemeral environment and getting that automatically merged, and then maybe canary deploy or something to production? BENJIE: Yeah, that's a great question. The thing to keep in mind here is that the majority of our customers are larger, and they have bigger teams because obviously, this is a collaboration platform ultimately. And so there's more value for the more complex teams and more stakeholders. So we don't have anybody at this moment that I know of; there could be, doing LGTM is good enough. So there's always a manual component. But what it looks like from a staging perspective is that your main branch is actually ostensibly your staging environment, and so all the ephemeral environments are sort of dev environments that are shareable. And then when you merge because a code review passes, and QA checks, and UAT, then it gets automatically built into the main branch and the main environment. And then some people do QA. They'll final pass a QA or a final end-to-end test there. And then there's also a manual promotion to production as well. That's the typical pattern we've seen. CHAD: Cool. One of the things that when I've used...sometimes a problem even with staging. But when I've used or been on projects with some ephemeral environments, getting good data in those environments can sometimes be a challenge. Is that something that Shipyard helps with? Or what's your recommended approach to that problem? BENJIE: So that was one of the biggest problems we had early on. We put a lot of work into that. We apply the same git branch model to data. So the way that we do that is basically if you...oh, by the way, I forgot to mention something. We use Docker Compose as our application definition. So we extrapolate from Docker Compose and transpile into best practice Kubernetes YAMLs. So there is a little bit of inferring and magic we do in certain places. And one of the places we do that is if you have a named volume...sorry, am I getting too technical, or is this --? CHAD: Not for me. And in fact, I have follow-up questions about [laughs] why you have that approach of converting. BENJIE: We will dive into that in a second. And I have a whole bunch of redhead friends that make fun of me about Compose all the time, but I stick to my guns on that one. But I'm happy to talk about that. At high level, if you indicate to Shipyard this is a persistent volume that we want to make sure that child environments get, then we will do an instant snapshot. And we will actually provide that to the generated child ephemeral environment. And ostensibly, what that does is it allows you to test data migrations as well on these ephemeral environments. Now, to go back to your initial question, we encourage...and we're working on some partnerships actually with some interesting companies. But we encourage people to specifically have their main data set on main be ostensibly a copy of whatever the good data set is. But obviously, you're responsible for pulling out your own PII and all the confidential stuff there. But the key thing here is you're maintaining one environment with the right data on it. And then all of the subsequent generated ephemeral environments inherit that and can then change that. CHAD: Yeah, that's cool. That solves a real pain point that I've had in the past when trying to work this way. BENJIE: One company that I think is really interesting around this space is Tonic.ai. And we're actually working on some stuff with them, I think. But we share an investor, so that's why I know them, for disclaimer purposes. But they're great. And they have some really cool tooling around mapping your database to PII and automatic detection of certain types of information that you don't want pushed into your staging servers and to your developers' hands. So that's one to check out, too, if you're looking for data help. CHAD: Cool. So do you want to get back to this Docker question? Why that approach of converting the Docker Compose into YAML for Kubernetes? BENJIE: So this is quite a controversial topic. CHAD: [laughs] BENJIE: But I will tell you where it came from. Hearkening back to our origin story, what we saw was we saw a pattern of a lot of companies going a little bit too all-in in Kubernetes; let's just put it that way, where every single one of the developers is running minikube or even K3s or K3d or whatever. And all of a sudden, the DevOps people and the SRE people in the organization are spending most of their time supporting developers in local development environments. So early on in that consulting game, we realized we don't want to do that. So if you want to work with us, we think you can use Docker Compose for most things. Now, that's obviously not always the case. There are some companies and applications that have hundreds of microservices. So obviously, Docker Compose is not a very realistic fit for those people. But the majority of people can pretty much encapsulate their application in Docker Compose. So that's one thing. The other thing is I mentioned to you that I'm a DevOps engineer for years. I'm sick of new YAML formats or specifications. So I have a saying, "Not another YAML, I say nay." My co-founder, Peter, hates when I say that, but whatever, I like it. CHAD: [laughs] BENJIE: So that's another piece of this. And then the biggest thing here is that we look at Docker Compose as rabbit ears on a television set. So you know, like a 98-year-old grandmother can somehow stand on one foot and hold the antenna the right way, and it's static. The picture is perfect, and they can watch...I don't know why I'm saying Jay Leno. I don't think it's on the air anymore. CHAD: [laughs] BENJIE: Sticking with the grandma reference, humans are really good at figuring out stuff like that. [laughs] And that's kind of what Docker compose is. It's kind of like if you can make it work locally, Shipyard is going to take care of the rest and clean up a bunch of stuff for you. So that's how we look at it. Admittedly, we do have some Helm stuff we're working on and some Kustomize (with a K) stuff. And there are a whole lot of other interesting things out there. But frankly, we haven't run into problems with our current approach. And when we have tried to ingest raw manifests and stuff like that, other issues tend to arise. So we use Compose as a funnel to be very opinionated about our Kubernetes deployments. CHAD: Well, I'm a big believer in, especially in early days having opinions about things. And it sounds like, with this particular opinion, you not only can help people at different stages and say that "This is good enough," but you're also casting a wide net for what people can do. You're not cutting people off because they already use Kustomize or something like that. BENJIE: Yeah. And a lot of it is about accessibility. And so it's proven to be a pretty interesting thing. We didn't think that we were going to go this far with it. [laughs] We really thought that we were going to get in trouble soon. But it's pretty cool how it's going. And also, I will do a shout-out to the Docker Compose community. They're picking up some steam here. I think a lot of people are realizing that it's a pretty good spec for most use cases. So I know that Docker released somewhat recently you don't have to do Docker-Compose anymore. It's just Docker Compose. And there are all kinds of Compose specifications stuff that I think is worth checking out. Mid-roll Ad I wanted to tell you all about something I've been working on quietly for the past year or so, and that's AgencyU. AgencyU is a membership-based program where I work one-on-one with a small group of agency founders and leaders toward their business goals. We do one-on-one coaching sessions and also monthly group meetings. We start with goal setting, advice, and problem-solving based on my experiences over the last 18 years of running thoughtbot. As we progress as a group, we all get to know each other more. And many of the AgencyU members are now working on client projects together and even referring work to each other. Whether you're struggling to grow an agency, taking it to the next level and having growing pains, or a solo founder who just needs someone to talk to, in my 18 years of leading and growing thoughtbot, I've seen and learned from a lot of different situations, and I'd be happy to work with you. Learn more and sign up today at thoughtbot.com/agencyu. That's A-G-E-N-C-Y, the letter U. CHAD: So to get a little bit meta for a minute, how do you use Shipyard on Shipyard? BENJIE: The ultimate dog food. That is one of the biggest selling points to our own engineering team when recruiting. We've got a pretty spectacular team that comes from some pretty awesome companies. And people sometimes ask me, "Hey, how did you get these engineers?" And honestly, I think the answer is dogfooding. Because what we're building is what every DevOps engineer sets out to build every time they start their job, in my opinion. You always want this ephemeral type of elastic environments are only on when you need them to be on. I didn't discuss this, but we also have functionality that we call SLV or Since Last Visit. So we know the last time someone went to one of these environments, and we'll turn it off for you. And then, obviously, it's very quick to turn it back on when needed. So there are cost savings. There are all kinds of stuff there. But ultimately, we're building the ultimate DevOps tool. And so we use Shipyard to run Shipyard. We use it in our QA process. We use it in our end-to-end testing process. And we also use it in our production process as well. We have some of our...we do have a production offering, and we use that ourselves for our stuff. So it's a very recursive conversation around that. And sometimes, when I'm actually doing a demo for various people, the only way to show or the only good demo I have of certain functionality is to actually show the Shipyard organization itself in Shipyard. And I get very recursively tied up, and people get confused. And it's always a bad idea. CHAD: [laughs] Yeah, you have to queue the Inception music. BENJIE: Yeah, exactly. We're at the third level. We're at the ice palace or whatever, ice hideout at this point. That's from the movie Inception for those that don't know what we're talking about. CHAD: [laughs] Yeah, that's really cool. I imagine that...sometimes when I'm working on a project, and you get down to the instrumentation level, to those levels, it can be difficult to run the system on the system. Have there been particular challenges? It's not just a normal web app; I guess is the way of saying that. What Shipyard is isn't just a normal web app. BENJIE: Yeah, one of the things that we do is that we have a pretty robust security posture, so every single one of our customers gets their own cluster. And so our security model is using the hypervisor basically, which, by the way, for anyone looking at Kubernetes, forget Shipyard for a second. Please understand that if you're in a shared namespace anything, our back is great, but don't do it. There's a CVE around on the corner, I promise you. Don't do it. Anyway. CHAD: [laughs] That's a good PSA for people. BENJIE: Yeah, right? [laughs] Yeah. So some of the cool challenges we've had is we early on, we definitely had some stuff where if we did a bad release, we would break our own ability to fix our own releases. So that was that way early on. We figured that one out very early. I think that was even before we were a product even. That was just a few sleepless nights of Peter and myself being like, oh God; we got to fix this so that we don't screw up this client's website. So that's been interesting. I mean, that was really it. And my co-founder, Peter, is listening to this, and he's like, there are 4,000 different things I've fixed over the last few years that were a problem around this, and I can't bring them up. But there's a lot, and I don't know what they are. And Peter is very good at fixing them. So that speaks to my co-founder and the rest of the team. CHAD: So you mentioned that March of 2020 happened, hell froze over. And you found yourself thinking you're going to take a different path and fundraise and become a funded company. How difficult did you find fundraising in that environment, or was it easy? BENJIE: It was real tough at the beginning there. For one, I have no idea what I'm doing. [laughter] That's just the truth. Maybe I should say that in the past tense. I had no idea what I was doing. I still feel like I have no idea what I'm doing. But like I said, I come from a technical side, and I'm a bit of an engineer. So if a VC asked me a question and the answer is yes, but I have to qualify it with some weird edge case that I came up with. That's not a great look for these types of pitch meetings. So I would suggest people not overengineer answers to questions, yes or no works very often. So it was challenging. But also, at the time, I'll say that there was definitely some predatory term sheets going around because this was really early, and we had no idea. And I was a fool...I wasn't a fool, but I had no idea. We're running this consulting company, and I'm like, oh my God, all my customers are funded. They're all going to go away. We had some pretty large customers. It was very irrational looking back. But it was a crazy time. Also, I should mention that we're in New York. So things were heightened a lot more also in March of 2020. It was very intense, and so I had to learn a lot. And basically, the realization like, oh, if the world becomes remote, software is just going to go crazy had not seeped into my brain quite yet in March or April. So did a lot of learning that way. We were very fortunate to have some really helpful people along that path and eventually figured it out. I will say, funny story, I literally didn't have a pitch for three months. I would just do a demo and talk about stuff. And then a friend of mine was like, "Oh, what's your pitch?" And I was like, "I do a demo, and I talk about it." So he's like, "Dude, you got to have a pitch." So that helped a lot once I figured out [laughs] that I needed a pitch. CHAD: It did help. So you recommend people have a pitch. BENJIE: I would say that that is a positive, yes. Having a pitch is helpful. I know that that's a ridiculous statement here, but I literally didn't have...I just didn't think about what's my pitch? CHAD: Well, I think it's simultaneously a ridiculous thing but also there exist in the world things that people do just because that's the way that they're done. And so it's valid, I think to say, "Do we really need that? Can we get by without it?" And if the lesson learned there is actually there's a reason why people do it and it is valuable, that's a valuable lesson. It's too bad you had to go through it to discover it. BENJIE: Well, yeah. I look back fondly at that. And I wouldn't say I was being contrarian. I was just kind of being a jackass, frankly. But I learned a lot. And honestly, in the end, I couldn't be happier. I'm pretty anti-VC. Everyone knows that about me. I like to make fun of them and all these things. But I couldn't be happier with our investors, and they've been unbelievably supportive. And so that's been a super positive. The one thing I would say to anyone listening to this podcast that has to go out and raise money is you got to get really good at letting things roll off your shoulder. As an engineer, it's really hard for me to deal with any level of rejection because I'm like, oh, it works, or it doesn't work. Oh, you found this edge case that I didn't think about? Oh, you got me, but I'll fix it now, and now it's fine. That's not the way that fundraising works. You have certain conversations, and you feel super positive. And then, all of a sudden, you don't hear back from this person for weeks at a time. You have other conversations where you think that it was the worst thing that you've ever done. And the next day, you get a term sheet. I had one pitch...this is when I knew how to do a pitch. This was a few months in. I had this one pitch, and it was all virtual, and it was very early days in our remote world. And there were four partners on this call and a few associates or whatever. And I do the pitch, but everyone is muted on Zoom for 45 minutes. Now, it's pretty clear from our conversation that I talk a lot. So it's not the end of the world. But I had no idea what was going on. And I just thought that I had bombed it. It was horrible, all these things. And the next day, I got an email, and it was three introductions to amazing opportunities. And two of them actually panned out. We didn't end up going with that fund. But I just thought it was hilarious that I was convinced that I shouldn't be doing this, and it was the opposite. So you never know. That's the other thing I learned is you literally can never know what's going to come of any particular meeting in the VC fundraising world. CHAD: So how long did it take you from the point that you decided you were going to do this and you were going to start trying to fundraise to actually getting the investment in the bank? BENJIE: Probably four to six months. We obviously had some opportunities, but as we went through this process, realizing that having the right partner for the next 7 to 10 years was really important. And we ended up with our lead. I can't believe I'm talking positively about a VC on a podcast but whatever. CHAD: [laughs] BENJIE: Our lead, Owen Davis from Contour Venture...Contour is like this New York fund that they do everything, but no one knows their name. Oh, he's going to love that I said that but whatever. CHAD: [laughs] BENJIE: They're great. He's great. And he's the dream investor for us to lead. And then we have other...and I'll mention Shruti over at Array and the folks at Heavybit and Work-Bench as well. They're all in this round, and it all came together. And I was a little picky. So we kind of took our time. And I suggest that if you have that luxury, which we did because we already had a successful consulting business, make sure you know who you're getting into business with for sure. And we got very lucky with that. CHAD: So how much time while you were fundraising did you personally work on that as opposed to other things for the product or the business? BENJIE: I should have probably put a little bit more time to the fundraising. To be honest with you, I would say I probably put 50% to 60% of my energy into the fundraise, and then the 40% was all building product. As an engineer, you have a really frustrating call, or you think you're doing well, and then you're not, or vice versa. So for me, I would retreat into building. And so I probably retreated into building a little more than I should have to be frank, [laughs] but it worked out in the end. CHAD: While you were doing that, you supported yourselves from the consulting revenue. BENJIE: Yeah, for the most part. We still had active clients. So we converted most of those...actually all of those into Shipyard customers. And they were very supportive in that process, by the way, doing due diligence calls for us. They were all very helpful. CHAD: And how did you decide how much money you should be seeking to raise? BENJIE: Ultimately, that was something I struggle with just because I really want to know what I'm going to do and what the plan is. And one of the lessons that I've learned as a CEO now is your job is basically to make unbelievably important, critical decisions with little to no data and just hope you're making the right one and then adjust quickly if you're not. So understanding when you've made the wrong decision. But ultimately, to answer your question, I built out a spreadsheet. I had a wish list of engineers that I knew or positions that we needed to fill, probably underestimated some of the product marketing needs that we would need to do. But built out a model and then figured, hey, how can we get there in 18 to 24 months to get to the next round? Because you really do have to be making sure that you can...I mentioned the hamster wheel early on; maybe that's too negative of an analogy there. But you have to be thinking about your next round. And so you have to get to what metrics you want to hit. And you just work backwards from there. CHAD: At what point along the way...you mentioned earlier that your customers tend to be larger companies. At what point along the way did you discover who your ideal customers were? BENJIE: I think we're still discovering that. We're still figuring that out. But for me, this tool Shipyard, and I've seen it, if you start using a tool like Shipyard from day one, the gains and the benefits are just insane. We had one company that started off from scratch with us. And within two months, they had extremely robust software development lifecycle, production deploys, all kinds of stuff. And they've been going now for years...not years but a year a half or so with us and super successful. So I always wanted to be like, oh, startup X with two engineers you should use us. And the more we talk to them, the more conversations we had. We're just like, this is not a DevOps priority. DevOps is not the priority. CHAD: Especially in those early days, I feel like there's such a tendency, especially from engineers, to say, "Oh, that's not that complicated. I can do that," or "We don't really need that. Let's piece together this." BENJIE: Yeah, that's exactly right. So then, as we started to talk more and more and understand what people were doing, we just fell into this ICP or Initial Customer Profile of more complex teams that are really facing these problems. I mean, specifically, when you get to a certain size, a bad release costs you a lot of money, customer success, customers that are leaving you, frustrated sales execs, frustrated product people, frustrated QA people. So it's when you get to these more complex levels is when you need this type of tooling. Now, one thing Shipyard released actually very, very quietly, but you know, it's released. We released a 30-day free trial. It's kind of like our light tier, so people can start doing it. And we're starting to see some people at the earlier stage companies starting to do this, which is exciting to us. But our goal as a company is absolutely to figure out how to get this to the masses because ephemeral environments is the paradigm of the future. I mean, it's the paradigm of the present with the big tech companies. And it's now coming down to the rest of us. And so instead of having to hire five DevOps people to build the system out for you for six months, you hire one DevOps person, and that DevOps person shifts into an SRE role, not entirely, but their concerns are more about reliability of the actual site rather than reliability for developer environments or QA environments or staging environments. So we think that's really powerful. One thing that I probably should have mentioned way sooner is we have a community site that we've donated, and we're more than happy to have some pull requests come in. We've had a few. ephemeralenvironments.io, yeah, I don't know how to spell ephemeral either, but you can Google it. It will come up. CHAD: [laughs] BENJIE: ephemeralenvironments.io, and it goes through the different use cases of ephemeral environments and where there's value there. So that's kind of the goal with all this. CHAD: So what are you working on now? And what is the next stage for the company, I guess also from a product perspective? But also, you mentioned that hamster wheel. [laughter] You're coming up on 18 months of being on that wheel, right? BENJIE: We are. One thing is we've had some success, so our revenue is pretty solid, but no rest for the weary. But we're probably going to go out and bring in some more capital pretty soon. And the reason for that, because that's always the important thing to me, is that we have some pretty spectacular design partners, some pretty big logos, all these things. The product is there. The product is killing it. I couldn't be more proud of the product and the team. We've also started to build out the core team and couldn't be more proud of that. And so now we need to accelerate and figure out our next steps and how to bring this to the masses. And ultimately, the vision of Shipyard is to make all this stuff move a lot faster, bring velocity to teams, and all that stuff. And we believe that ephemeral environments are a huge component of that. So we're probably in the next few months going to probably go out and look at our financing options. I will say that the market has been a little insane. So I feel like all the education that I got in 2022 is probably out the window because some of these valuations and other stuff seems like it's a frothy market, as they say, but we'll be doing that. And we're really going to probably double down on figuring out what the community needs and where the value is for the community, so both with ephemeralenvironments.io. But also, there are some really cool internal tools that we've built that solve some of the issues within the Kubernetes ecosystem. Okay, that's a strong word. They help a lot. I'm never going to say I've solved anything in Kubernetes. CHAD: [laughs] BENJIE: But they help a lot with understanding why the state of your application is maybe not where you want it to be. And so, we'd like to probably contribute a bit more back to CNCF, in particular, but open source in general. So continue to build the team to work on that. And then, obviously, pushing forward with product and some pretty cool stuff we have on the roadmap that we're really excited about. CHAD: Awesome. Well, I wish you all the best with that. If folks want to find out more about Shipyard, follow along with you, get in touch; where are the best places for them to do that? BENJIE: Really, shipyard.build is our website. And that is probably the best place to try it and also to contact us. Our Twitter is @shipyardbuild twitter.com/shipyardbuild. Personally, I'm not a fan of Twitter. So I personally don't use Twitter, but we do as a company. And I think that our Twitter and our website are probably the best things to reach out to, and obviously, sales@shipyard.build you can send an email there. But I think you'll probably find the information you're looking for on the website. And if not, please let us know what's missing. CHAD: And you mentioned the free trial. So I feel like that's a great thing for people who want to get more into the product; they can give it a try, right? BENJIE: Yeah. And one thing to note about the free trial the reason that it's kind of cool is it's your own cluster. You get your own cluster. It's completely single tenant. It's pretty dope. It's pretty cool. And you can really take it for a spin. I would suggest, I mean, we've had a lot of success with companies that are using Docker Compose already to just dive in there and get their application running. But I would say that we have some pretty cool starter apps as well. They're linked in our docs and our GitHub. Just seeing the power of this through our starter applications has also been a great experience for a lot of people. So I'd suggest taking a look at that. Oh, and I should plug a podcast that I'm a co-host of, Kubelist. I do that with Marc Campbell from Replicated, where we interview CNCF open-source projects all the time. That's why I got to be careful pretending like I'm solving anything. There are a lot of options in the Kubernetes landscape. CHAD: Wonderful. You can subscribe to the show and find notes and a full transcript of this episode at giantrobots.fm. If you have questions or comments, email us at hosts@giantrobots.fm. And you can find me on Twitter @cpytel. This podcast is brought to you by thoughtbot and produced and edited by Mandy Moore. Thanks for listening and see you next time. ANNOUNCER: This podcast was brought to you by thoughtbot. thoughtbot is your expert design and development partner. Let's make your product and team a success. Special Guest: Benjie De Groot.
Today's question is all about User Acceptance Testing (UAT). UAT is an anti-pattern in Scrum. There...we said it. It's just a bad idea. You're creating a phase gate that makes your agile practices look a lot like a waterfall. All of this and more are discussed in today's episode of Your Daily Scrum with Todd Miller and Ryan Ripley. How does your Scrum Team handle UAT concerns? Let us know in the comments! This is one of those Scrum Master interview questions about Scrum that can throw you off. Do you understand how UAT creates a phase gate that slows down your Scrum Team? These Scrum Master day in the life questions can be tricky. Perhaps some Scrum Master training could help? Want to learn more about Scrum? Buy Fixing Your Scrum: Practical Solutions to Common Scrum Problems - https://amzn.to/3fMpH5a Join Ryan and Todd in a Professional Scrum Master course: https://www.scrum.org/agile-humans And make sure you subscribe to the channel! DISCLAIMER: Links included in this description might be affiliate links. If you purchase a product or service with the links that I provide, I may receive a small commission. There is no additional charge for you! Thank you for supporting the channel so we can continue to provide you with free content each week! FTC DISCLAIMER: This video is not sponsored by anyone. Sharing Scrum knowledge to help you grow as a Scrum Practitioner and to solve complex problems. #scrum #agile #professional scrumSee omnystudio.com/listener for privacy information.
© 2020-2026 Ivy Podcast Discovery LLC
