About AndrewI create free cloud certification courses and somehow still make money.Links: ExamPro Training, Inc.: https://www.exampro.co/ PolyWork: https://www.polywork.com/andrewbrown LinkedIn: https://www.linkedin.com/in/andrew-wc-brown Twitter: https://twitter.com/andrewbrown TranscriptAndrew: Hello, and welcome to Screaming in the Cloud with your host, Chief cloud economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at Redis, the company behind the incredibly popular open source database that is not the bind DNS server. If you're tired of managing open source Redis on your own, or you're using one of the vanilla cloud caching services, these folks have you covered with the go to manage Redis service for global caching and primary database capabilities; Redis Enterprise. To learn more and deploy not only a cache but a single operational data platform for one Redis experience, visit redis.com/hero. Thats r-e-d-i-s.com/hero. And my thanks to my friends at Redis for sponsoring my ridiculous non-sense. Corey: This episode is sponsored in part by our friends at Rising Cloud, which I hadn't heard of before, but they're doing something vaguely interesting here. They are using AI, which is usually where my eyes glaze over and I lose attention, but they're using it to help developers be more efficient by reducing repetitive tasks. So, the idea being that you can run stateless things without having to worry about scaling, placement, et cetera, and the rest. They claim significant cost savings, and they're able to wind up taking what you're running as it is in AWS with no changes, and run it inside of their data centers that span multiple regions. I'm somewhat skeptical, but their customers seem to really like them, so that's one of those areas where I really have a hard time being too snarky about it because when you solve a customer's problem and they get out there in public and say, “We're solving a problem,” it's very hard to snark about that. Multus Medical, Construx.ai and Stax have seen significant results by using them. And it's worth exploring. So, if you're looking for a smarter, faster, cheaper alternative to EC2, Lambda, or batch, consider checking them out. Visit risingcloud.com/benefits. That's risingcloud.com/benefits, and be sure to tell them that I said you because watching people wince when you mention my name is one of the guilty pleasures of listening to this podcast.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. My guest today is… well, he's challenging to describe. He's the co-founder and cloud instructor at ExamPro Training, Inc. but everyone knows him better as Andrew Brown because he does so many different things in the AWS ecosystem that it's sometimes challenging—at least for me—to wind up keeping track of them all. Andrew, thanks for joining.Andrew: Hey, thanks for having me on the show, Corey.Corey: How do I even begin describing you? You're an AWS Community Hero and have been for almost two years, I believe; you've done a whole bunch of work as far as training videos; you're, I think, responsible for #100daysofcloud; you recently started showing up on my TikTok feed because I'm pretending that I am 20 years younger than I am and hanging out on TikTok with the kids, and now I feel extremely old. And obviously, you're popping up an awful lot of places.Andrew: Oh, yeah. A few other places like PolyWork, which is an alternative to LinkedIn, so that's a space that I'm starting to build up on there as well. Active in Discord, Slack channels. I'm just kind of everywhere. There's some kind of internet obsession here. My wife gets really mad and says, “Hey, maybe tone down the social media.” But I really enjoy it. So.Corey: You're one of those folks where I have this challenge of I wind up having a bunch of different AWS community Slacks and cloud community, Slacks and Discords and the past, and we DM on Twitter sometimes. And I'm constantly trying to figure out where was that conversational thread that I had with you? And tracking it down is an increasingly large search problem. I really wish that—forget the unified messaging platform. I want a unified search platform for all the different messaging channels that I'm using to talk to people.Andrew: Yeah, it's very hard to keep up with all the channels for myself there. But somehow I do seem to manage it, but just with a bit less sleep than most others.Corey: Oh, yeah. It's like trying to figure out, like, “All right, he said something really useful. What was that? Was that a Twitter DM? Was it on that Slack channel? Was it that Discord? No, it was on that brick that he threw through my window with a note tied to it. There we go.”That's always the baseline stuff of figuring out where things are. So, as I mentioned in the beginning, you are the co-founder and cloud instructor at ExamPro, which is interesting because unlike most of the community stuff that you do and are known for, you don't generally talk about that an awful lot. What's the deal there?Andrew: Yeah, I think a lot of people give me a hard time because they say, Andrew, you should really be promoting yourself more and trying to make more sales, but that's not why I'm out here doing what I'm doing. Of course, I do have a for-profit business called ExamPro, where we create cloud certification study courses for things like AWS, Azure, GCP, Terraform, Kubernetes, but you know, that money just goes to fuel what I really want to do, is just to do community activities to help people change their lives. And I just decided to do that via cloud because that's my domain expertise. At least that's what I say because I've learned up on in the last four or five years. I'm hoping that there's some kind of impact I can make doing that.Corey: I take a somewhat similar approach. I mean, at The Duckbill Group, we fixed the horrifying AWS bill, but I've always found that's not generally a problem that people tend to advertise having. On Twitter, like, “Oh, man, my AWS bill is killing me this month. I've got to do something about it,” and you check where they work, and it's like a Fortune 50. It's, yeah, that moves markets and no one talks about that.So, my approach was always, be out there, be present in the community, talk about this stuff, and the people who genuinely have billing problems will eventually find their way to me. That was always my approach because turning everything I do into a sales pitch doesn't work. It just erodes confidence, it reminds people of the used mattress salesman, and I just don't want to be that person in that community. My approach has always been if I can help someone with a 15-minute call or whatnot, yeah, let's jump on a phone call. I'm not interested in nickel-and-diming folks.Andrew: Yeah. I think that if you're out there doing a lot of hard work, and a lot of it, it becomes undeniable the value you're putting out there, and then people just will want to give you money, right? And for me, I just feel really bad about taking anybody's money, and so even when there's some kind of benefit—like my courses, I could charge for access for them, but I always feel I have to give something in terms of taking somebody's money, but I would never ask anyone to give me their money. So, it's bizarre. [laugh] so.Corey: I had a whole bunch of people a year or so after I started asking, like, “I really find your content helpful. Can I buy you a cup of coffee or something?” And it's, I don't know how to charge people a dollar figure that doesn't have a comma in it because it's easy for me to ask a company for money; that is the currency of effort, work, et cetera, that companies are accustomed to. People view money very differently, and if I ask you personally for money versus your company for money, it's a very different flow. So, my solution to it was to build the annual charity t-shirt drive, where it's, great, spend 35 bucks or whatever on a snarky t-shirt once a year for ten days and all proceeds go to benefit a nonprofit that is, sort of, assuaged that.But one of my business philosophies has always been, “Work for free before you work for cheap.” And dealing with individuals and whatnot, I do not charge them for things. It's, “Oh, can you—I need some advice in my career. Can I pay you to give me some advice?” “No, but you can jump on a Zoom call with me.” Please, the reason I exist at all is because people who didn't have any reason to did me favors, once upon a time, and I feel obligated to pay that forward.Andrew: And I appreciate, you know, there are people out there that you know, do need to charge for their time. Like—Corey: Oh. Oh, yes.Andrew: —I won't judge anybody that wants to. But you know, for me, it's just I can't do it because of the way I was raised. Like, my grandfather was very involved in the community. Like, he was recognized by the city for all of his volunteer work, and doing volunteer work was, like, mandatory for me as a kid. Like, every weekend, and so for me, it's just like, I can't imagine trying to take people's money.Which is not a great thing, but it turns out that the community is very supportive, and they will come beat you down with a stick, to give you money to make sure you keep doing what you're doing. But you know, I could be making lots of money, but it's just not my priority, so I've avoided any kind of funding so like, you know, I don't become a money-driven company, and I will see how long that lasts, but hopefully, a lot longer.Corey: I wish you well. And again, you're right; no shade to anyone who winds up charging for their time to individuals. I get it. I just always had challenges with it, so I decided not to do it. The only time I find myself begrudging people who do that are someone who picked something up six months ago and decided, oh, I'm going to build some video course on how to do this thing. The end. And charge a bunch of money for it and put myself out as an expert in that space.And you look at what the content they're putting out is, and one, it's inaccurate, which just drives me up a wall, and two, there's a lack of awareness that teaching is its own skill. In some areas, I know how to teach certain things, and in other areas, I'm a complete disaster at it. Public speaking is a great example. A lot of what I do on the public speaking stage is something that comes to me somewhat naturally. So, can you teach me to be a good public speaker? Not really, it's like, well, you gave that talk and it was bad. Could you try giving it only make it good? Like, that is not a helpful coaching statement, so I stay out of that mess.Andrew: Yeah, I mean, it's really challenging to know, if you feel like you're authority enough to put something out there. And there's been a few courses where I didn't feel like I was the most knowledgeable, but I produced those courses, and they had done extremely well. But as I was going through the course, I was just like, “Yeah, I don't know how any this stuff works, but this is my best guess translating from here.” And so you know, at least for my content, people have seen me as, like, the lens of AWS on top of other platforms, right? So, I might not know—I'm not an expert in Azure, but I've made a lot of Azure content, and I just translate that over and I talk about the frustrations around, like, using scale sets compared to AWS auto-scaling groups, and that seems to really help people get through the motions of it.I know if I pass, at least they'll pass, but by no means do I ever feel like an expert. Like, right now I'm doing, like, Kubernetes. Like, I have no idea how I'm doing it, but I have, like, help with three other people. And so I'll just be honest about it and say, “Hey, yeah, I'm learning this as well, but at least I know I passed, so you know, you can pass, too.” Whatever that's worth.Corey: Oh, yeah. Back when I was starting out, I felt like a bit of a fraud because I didn't know everything about the AWS billing system and how it worked and all the different things people can do with it, and things they can ask. And now, five years later, when the industry basically acknowledges I'm an expert, I feel like a fraud because I couldn't possibly understand everything about the AWS billing system and how it works. It's one of those things where the more you learn, the more you realize that there is yet to learn. I'm better equipped these days to find the answers to the things I need to know, but I'm still learning things every day. If I ever get to a point of complete and total understanding of a given topic, I'm wrong. You can always go deeper.Andrew: Yeah, I mean, by no means am I even an expert in AWS, though people seem to think that I am just because I have a lot of confidence in there and I produce a lot of content. But that's a lot different from making a course than implementing stuff. And I do implement stuff, but you know, it's just at the scale that I'm doing that. So, just food for thought for people there.Corey: Oh, yeah. Whatever, I implement something. It's great. In my previous engineering life, I would work on large-scale systems, so I know how a thing that works in your test environment is going to blow up in a production scale environment. And I bring those lessons, written on my bones the painful way, through outages, to the way that I build things now.But the stuff that I'm building is mostly to keep my head in the game, as opposed to solving an explicit business need. Could I theoretically build a podcast transcription system on top of Transcribe or something like that for these episodes? Yeah. But I've been paying a person to do this for many years to do it themselves; they know the terms of art, they know how this stuff works, and they're building a glossary as they go, and understanding the nuances of what I say and how I say it. And that is the better business outcome; that's the answer. And if it's production facing, I probably shouldn't be tinkering with it too much, just based upon where the—I don't want to be the bottleneck for the business functioning.Andrew: I've been spending so much time doing the same thing over and over again, but for different cloud providers, and the more I do, the less I want to go deep on these things because I just feel like I'm dumping all this information I'm going to forget, and that I have those broad strokes, and when I need to go deep dive, I have that confidence. So, I'd really prefer people were to build up confidence in saying, “Yes, I think I can do this.” As opposed to being like, “Oh, I have proof that I know every single feature in AWS Systems Manager.” Just because, like, our platform, ExamPro, like, I built it with my co-founder, and it's a quite a system. And so I'm going well, that's all I need to know.And I talk to other CTOs, and there's only so much you need to know. And so I don't know if there's, like, a shift between—or difference between, like, application development where, let's say you're doing React and using Vercel and stuff like that, where you have to have super deep knowledge for that technical stack, whereas cloud is so broad or diverse that maybe just having confidence and hypothesizing the work that you can do and seeing what the outcome is a bit different, right? Not having to prove one hundred percent that you know it inside and out on day one, but have the confidence.Corey: And there's a lot of validity to that and a lot of value to it. It's the magic word I always found in interviewing, on both sides of the interview table, has always been someone who's unsure about something start with, “I'm not sure, but if I had to guess,” and then say whatever it is you were going to say. Because if you get it right, wow, you're really good at figuring this out, and your understanding is pretty decent. If you're wrong, well, you've shown them how you think but you've also called them out because you're allowed to be wrong; you're not allowed to be authoritatively wrong. Because once that happens, I can't trust anything you say.Andrew: Yeah. In terms of, like, how do cloud certifications help you for your career path? I mean, I find that they're really well structured, and they give you a goal to work towards. So, like, passing that exam is your motivation to make sure that you complete it. Do employers care? It depends. I would say mostly no. I mean, for me, like, when I'm hiring, I actually do care about certifications because we make certification courses but—Corey: In your case, you're a very specific expression of this that is not typical.Andrew: Yeah. And there are some, like, cases where, like, if you work for a larger cloud consultancy, you're expected to have a professional certification so that customers feel secure in your ability to execute. But it's not like they were trying to hire you with that requirement, right? And so I hope that people realize that and that they look at showing that practical skills, by building up cloud projects. And so that's usually a strong pairing I'll have, which is like, “Great. Get the certifications to help you just have a structured journey, and then do a Cloud project to prove that you can do what you say you can do.”Corey: One area where I've seen certifications act as an interesting proxy for knowledge is when you have a company that has 5000 folks who work in IT in varying ways, and, “All right. We're doing a big old cloud migration.” The certification program, in many respects, seems to act as a bit of a proxy for gauging where people are on upskilling, how much they have to learn, where they are in that journey. And at that scale, it begins to make some sense to me. Where do you stand on that?Andrew: Yeah. I mean, it's hard because it really depends on how those paths are built. So, when you look at the AWS certification roadmap, they have the Certified Cloud Practitioner, they have three associates, two professionals, and a bunch of specialties. And I think that you might think, “Well, oh, solutions architect must be very popular.” But I think that's because AWS decided to make the most popular, the most generic one called that, and so you might think that's what's most popular.But what they probably should have done is renamed that Solution Architect to be a Cloud Engineer because very few people become Solutions Architect. Like that's more… if there's Junior Solutions Architect, I don't know where they are, but Solutions Architect is more of, like, a senior role where you have strong communications, pre-sales, obviously, the role is going to vary based on what companies decide a Solution Architect is—Corey: Oh, absolutely take a solutions architect, give him a crash course in finance, and we call them a cloud economist.Andrew: Sure. You just add modifiers there, and they're something else. And so I really think that they should have named that one as the cloud engineer, and they should have extracted it out as its own tier. So, you'd have the Fundamental, the Certified Cloud Practitioner, then the Cloud Engineer, and then you could say, “Look, now you could do developer or the sysops.” And so you're creating this path where you have a better trajectory to see where people really want to go.But the problem is, a lot of people come in and they just do the solutions architect, and then they don't even touch the other two because they say, well, I got an associate, so I'll move on the next one. So, I think there's some structuring there that comes into play. You look at Azure, they've really, really caught up to AWS, and may I might even say surpass them in terms of the quality and the way they market them and how they construct their certifications. There's things I don't like about them, but they have, like, all these fundamental certifications. Like, you have Azure Fundamentals, Data Fundamentals, AI Fundamentals, there's a Security Fundamentals.And to me, that's a lot more valuable than going over to an associate. And so I did all those, and you know, I still think, like, should I go translate those over for AWS because you have to wait for a specialty before you pick up security. And they say, like, it's intertwined with all the certifications, but, really isn't. Like—and I feel like that would be a lot better for AWS. But that's just my personal opinion. So.Corey: My experience with AWS certifications has been somewhat minimal. I got the Cloud Practitioner a few years ago, under the working theory of I wanted to get into the certified lounge at some of the events because sometimes I needed to charge things and grab a cup of coffee. I viewed it as a lounge pass with a really strange entrance questionnaire. And in my case, yeah, I passed it relatively easily; if not, I would have some questions about how much I actually know about these things. As I recall, I got one question wrong because I was honest, instead of going by the book answer for, “How long does it take to restore an RDS database from a snapshot?”I've had some edge cases there that give the wrong answer, except that's what happened. And then I wound up having that expire and lapse. And okay, now I'll do it—it was in beta at the time, but I got the sysops associate cert to go with it. And that had a whole bunch of trivia thrown into it, like, “Which of these is the proper syntax for this thing?” And that's the kind of question that's always bothered me because when I'm trying to figure things like that out, I have entire internet at my fingertips. Understanding the exact syntax, or command-line option, or flag that needs to do a thing is a five-second Google search away in most cases. But measuring for people's ability to memorize and retain that has always struck me as a relatively poor proxy for knowledge.Andrew: It's hard across the board. Like Azure, AWS, GCP, they all have different approaches—like, Terraform, all of them, they're all different. And you know, when you go to interview process, you have to kind of extract where the value is. And I would think that the majority of the industry, you know, don't have best practices when hiring, there's, like, a superficial—AWS is like, “Oh, if you do well, in STAR program format, you must speak a communicator.” Like, well, I'm dyslexic, so that stuff is not easy for me, and I will never do well in that.So like, a lot of companies hinge on those kinds of components. And I mean, I'm sure it doesn't matter; if you have a certain scale, you're going to have attrition. There's no perfect system. But when you look at these certifications, and you say, “Well, how much do they match up with the job?” Well, they don't, right? It's just Jeopardy.But you know, I still think there's value for yourself in terms of being able to internalize it. I still think that does prove that you have done something. But taking the AWS certification is not the same as taking Andrew Brown's course. So, like, my certified cloud practitioner was built after I did GCP, Oracle Cloud, Azure Fundamentals, a bunch of other Azure fundamental certifications, cloud-native stuff, and then I brought it over because was missing, right? So like, if you went through my course, and that I had a qualifier, then I could attest to say, like, you are of this skill level, right?But it really depends on what that testament is and whether somebody even cares about what my opinion of, like, your skillset is. But I can't imagine like, when you have a security incident, there's going to be a pop-up that shows you multiple-choice answer to remediate the security incident. Now, we might get there at some point, right, with all the cloud automation, but we're not there yet.Corey: It's been sort of thing we've been chasing and never quite get there. I wish. I hope I live to see it truly I do. My belief is also that the value of a certification changes depending upon what career stage someone is at. Regardless of what level you are at, a hiring manager or a company is looking for more or less a piece of paper that attests that they're to solve the problem that they are hiring to solve.And entry-level, that is often a degree or a certification or something like that in the space that shows you have at least the baseline fundamentals slash know how to learn things. After a few years, I feel like that starts to shift into okay, you've worked in various places solving similar problems on your resume that the type that we have—because the most valuable thing you can hear when you ask someone, “How would we solve this problem?” Is, “Well, the last time I solved it, here's what we learned.” Great. That's experience. There's no compression algorithm for experience? Yes, there is: Hiring people with experience.Then, at some level, you wind up at the very far side of people who are late-career in many cases where the piece of paper that shows that they know what they're doing is have you tried googling their name and looking at the Wikipedia article that spits out, how they built fundamental parts of a system like that. I think that certifications are one of those things that bias for early-career folks. And of course, partners when there are other business reasons to get it. But as people grow in seniority, I feel like the need for those begins to fall off. Do you agree? Disagree? You're much closer to this industry in that aspect of it than I am.Andrew: The more senior you are, and if you have big names under your resume there, no one's going to care if you have certification, right? When I was looking to switch careers—I used to have a consultancy, and I was just tired of building another failed startup for somebody that was willing to pay me. And I'm like—I was not very nice about it. I was like, “Your startup's not going to work out. You really shouldn't be building this.” And they still give me the money and it would fail, and I'd move on to the next one. It was very frustrating.So, closed up shop on that. And I said, “Okay, I got to reenter the market.” I don't have a computer science degree, I don't have big names on my resume, and Toronto is a very competitive market. And so I was feeling friction because people were not valuing my projects. I had, like, full-stack projects, I would show them.And they said, “No, no. Just do these, like, CompSci algorithms and stuff like that.” And so I went, “Okay, well, I really don't want to be doing that. I don't want to spend all my time learning algorithms just so I can get a job to prove that I already have the knowledge I have.” And so I saw a big opportunity in cloud, and I thought certifications would be the proof to say, “I can do these things.”And when I actually ended up going for the interviews, I didn't even have certifications and I was getting those opportunities because the certifications helped me prove it, but nobody cared about the certifications, even then, and that was, like, 2017. But not to say, like, they didn't help me, but it wasn't the fact that people went, “Oh, you have a certification. We'll get you this job.”Corey: Yeah. When I'm talking to consulting clients, I've never once been asked, “Well, do you have the certifications?” Or, “Are you an AWS partner?” In my case, no, neither of those things. The reason that we know what we're doing is because we've done this before. It's the expertise approach.I question whether that would still be true if we were saying, “Oh, yeah, and we're going to drop a dozen engineers on who are going to build things out of your environment.” “Well, are they certified?” is a logical question to ask when you're bringing in an external service provider? Or is this just a bunch of people you found somewhere on Upwork or whatnot, and you're throwing them at it with no quality control? Like, what is the baseline level experience? That's a fair question. People are putting big levels of trust when they bring people in.Andrew: I mean, I could see that as a factor of some clients caring, just because like, when I used to work in startups, I knew customers where it's like their second startup, and they're flush with a lot of money, and they're deciding who they want to partner with, and they're literally looking at what level of SSL certificate they purchased, right? Like now, obviously, they're all free and they're very easy to get to get; there was one point where you had different tiers—as if you would know—and they would look and they would say—Corey: Extended validation certs attend your browser bar green. Remember those?Andrew: Right. Yeah, yeah, yeah. It was just like that, and they're like, “We should partner with them because they were able to afford that and we know, like…” whatever, whatever, right? So, you know, there is that kind of thought process for people at an executive level. I'm not saying it's widespread, but I've seen it.When you talk to people that are in cloud consultancy, like solutions architects, they always tell me they're driven to go get those professional certifications [unintelligible 00:22:19] their customers matter. I don't know if the customers care or not, but they seem to think so. So, I don't know if it's just more driven by those people because it's an expectation because everyone else has it, or it's like a package of things, like, you know, like the green bar in the certifications, SOC 2 compliance, things like that, that kind of wrap it up and say, “Okay, as a package, this looks really good.” So, more of an expectation, but not necessarily matters, it's just superficial; I'm not sure.Corey: This episode is sponsored by our friends at Oracle HeatWave is a new high-performance accelerator for the Oracle MySQL Database Service. Although I insist on calling it “my squirrel.” While MySQL has long been the worlds most popular open source database, shifting from transacting to analytics required way too much overhead and, ya know, work. With HeatWave you can run your OLTP and OLAP, don't ask me to ever say those acronyms again, workloads directly from your MySQL database and eliminate the time consuming data movement and integration work, while also performing 1100X faster than Amazon Aurora, and 2.5X faster than Amazon Redshift, at a third of the cost. My thanks again to Oracle Cloud for sponsoring this ridiculous nonsense.Corey: You've been building out certifications for multiple cloud providers, so I'm curious to get your take on something that Forrest Brazeal, who's now head of content over at Google Cloud, has been talking about lately, the idea that as an engineer is advised to learn more than one cloud provider; even if you have one as a primary, learning how another one works makes you a better engineer. Now, setting aside entirely the idea that well, yeah, if I worked at Google, I probably be saying something fairly similar.Andrew: Yeah.Corey: Do you think there's validity to the idea that most people should be broad across multiple providers, or do you think specialization on one is the right path?Andrew: Sure. Just to contextualize for our listeners, Google Cloud is highly, highly promoting multi-cloud workloads, and one of their flagship products is—well, they say it's a flagship product—is Anthos. And they put a lot of money—I don't know that was subsidized, but they put a lot of money in it because they really want to push multi-cloud, right? And so when we say Forrest works in Google Cloud, it should be no surprise that he's promoting it.But I don't work for Google, and I can tell you, like, learning multi-cloud is, like, way more valuable than just staying in one vertical. It just opened my eyes. When I went from AWS to Azure, it was just like, “Oh, I'm missing out on so much in the industry.” And it really just made me such a more well-rounded person. And I went over to Google Cloud, and it was just like… because you're learning the same thing in different variations, and then you're also poly-filling for things that you will never touch.Or like, I shouldn't say you never touch, but you would never touch if you just stayed in that vertical when you're learning. So, in the industry, Azure Active Directory is, like, widespread, but if you just stayed in your little AWS box, you're not going to notice it on that learning path, right? And so a lot of times, I tell people, “Go get your CLF-C01 and then go get your AZ-900 or AZ-104.” Again, I don't care if people go and sit the exams. I want them to go learn the content because it is a large eye-opener.A lot of people are against multi-cloud from a learning perspective because say, it's too much to learn all at the same time. But a lot of people I don't think have actually gone across the cloud, right? So, they're sitting from their chair, only staying in one vertical saying, “Well, you can't learn them all at the same time.” And I'm going, “I see a way that you could teach them all at the same time.” And I might be the first person that will do it.Corey: And the principles do convey as well. It's, “Oh, well I know how SNS works on AWS, so I would never be able to understand how Google Pub/Sub works.” Those are functionally identical; I don't know that is actually true. It's just different to interface points and different guarantees, but fine. You at least understand the part that it plays.I've built things out on Google Cloud somewhat recently, and for me, every time I do, it's a refreshing eye-opener to oh, this is what developer experience in the cloud could be. And for a lot of customers, it is. But staying too far within the bounds of one ecosystem does lend itself to a loss of perspective, if you're not careful. I agree with that.Andrew: Yeah. Well, I mean, just the paint more of a picture of differences, like, Google Cloud has a lot about digital transformation. They just updated their—I'm not happy that they changed it, but I'm fine that they did that, but they updated their Google Digital Cloud Leader Exam Guide this month, and it like is one hundred percent all about digital transformation. So, they love talking about digital transformation, and those kind of concepts there. They are really good at defining migration strategies, like, at a high level.Over to Azure, they have their own cloud adoption framework, and it's so detailed, in terms of, like, execution, where you go over to AWS and they have, like, the worst cloud adoption framework. It's just the laziest thing I've ever seen produced in my life compared to out of all the providers in that space. I didn't know about zero-trust model until I start using Azure because Azure has Active Directory, and you can do risk-based policy procedures over there. So, you know, like, if you don't go over to these places, you're not going to get covered other places, so you're just going to be missing information till you get the job and, you know, that job has that information requiring you to know it.Corey: I would say that for someone early career—and I don't know where this falls on the list of career advice ranging from, “That is genius,” to, “Okay, Boomer,” but I would argue that figuring out what companies in your geographic area, or the companies that you have connections with what they're using for a cloud provider, I would bias for learning one enough to get hired there and from there, letting what you learn next be dictated by the environment you find yourself in. Because especially larger companies, there's always something that lives in a different provider. My default worst practice is multi-cloud. And I don't say that because multi-cloud doesn't exist, and I'm not saying it because it's a bad idea, but this idea of one workload—to me—that runs across multiple providers is generally a challenge. What I see a lot more, done intelligently, is, “Okay, we're going to use this provider for some things, this other provider for other things, and this third provider for yet more things.” And every company does that.If not, there's something very strange going on. Even Amazon uses—if not Office 365, at least exchange to run their email systems instead of Amazon WorkMail because—Andrew: Yeah.Corey: Let's be serious. That tells me a lot. But I don't generally find myself in a scenario where I want to build this application that is anything more than Hello World, where I want it to run seamlessly and flawlessly across two different cloud providers. That's an awful lot of work that I struggle to identify significant value for most workloads.Andrew: I don't want to think about securing, like, multiple workloads, and that's I think a lot of friction for a lot of companies are ingress-egress costs, which I'm sure you might have some knowledge on there about the ingress-egress costs across providers.Corey: Oh, a little bit, yeah.Andrew: A little bit, probably.Corey: Oh, throwing data between clouds is always expensive.Andrew: Sure. So, I mean, like, I call multi-cloud using multiple providers, but not in tandem. Cross-cloud is when you want to use something like Anthos or Azure Arc or something like that where you extend your data plane or control pla—whatever the plane is, whatever plane across all the providers. But you know, in practice, I don't think many people are doing cross-cloud; they're doing multi-cloud, like, “I use AWS to run my primary workloads, and then I use Microsoft Office Suite, and so we happen to use Azure Active Directory, or, you know, run particular VM machines, like Windows machines for our accounting.” You know?So, it's a mixed bag, but I do think that using more than one thing is becoming more popular just because you want to use the best in breed no matter where you are. So like, I love BigQuery. BigQuery is amazing. So, like, I ingest a lot of our data from, you know, third-party services right into that. I could be doing that in Redshift, which is expensive; I could be doing that in Azure Synapse, which is also expensive. I mean, there's a serverless thing. I don't really get serverless. So, I think that, you know, people are doing multi-cloud.Corey: Yeah. I would agree. I tend to do things like that myself, and whenever I see it generally makes sense. This is my general guidance. When I talk to individuals who say, “Well, we're running multi-cloud like this.” And my response is, “Great. You're probably right.”Because I'm talking in the general sense, someone building something out on day one where they don't know, like, “Everyone's saying multi-cloud. Should I do that?” No, I don't believe you should. Now, if your company has done that intentionally, rather than by accident, there's almost certainly a reason and context that I do not have. “Well, we have to run our SaaS application in multiple cloud providers because that's where our customers are.” “Yeah, you should probably do that.” But your marketing, your billing systems, your back-end reconciliation stuff generally does not live across all of those providers. It lives in one. That's the sort of thing I'm talking about. I think we're in violent agreement here.Andrew: Oh, sure, yeah. I mean, Kubernetes obviously is becoming very popular because people believe that they'll have a lot more mobility, Whereas when you use all the different managed—and I'm still learning Kubernetes myself from the next certification I have coming out, like, study course—but, you know, like, those managed services have all different kind of kinks that are completely different. And so, you know, it's not going to be a smooth process. And you're still leveraging, like, for key things like your database, you're not going to be running that in Kubernetes Cluster. You're going to be using a managed service.And so, those have their own kind of expectations in terms of configuration. So, I don't know, it's tricky to say what to do, but I think that, you know, if you have a need for it, and you don't have a security concern—like, usually it's security or cost, right, for multi-cloud.Corey: For me, at least, the lock-in has always been twofold that people don't talk about. More—less lock-in than buy-in. One is the security model where IAM is super fraught and challenging and tricky, and trying to map a security model to multiple providers is super hard. Then on top of that, you also have the buy-in story of a bunch of engineers who are very good at one cloud provider, and that skill set is not in less demand now than it was a year ago. So okay, you're going to start over and learn a new cloud provider is often something that a lot of engineers won't want to countenance.If your team is dead set against it, there's going to be some friction there and there's going to be a challenge. I mean, for me at least, to say that someone knows a cloud provider is not the naive approach of, “Oh yeah, they know how it works across the board.” They know how it breaks. For me, one of the most valuable reasons to run something on AWS is I know what a failure mode looks like, I know how it degrades, I know how to find out what's going on when I see that degradation. That to me is a very hard barrier to overcome. Alternately, it's entirely possible that I'm just old.Andrew: Oh, I think we're starting to see some wins all over the place in terms of being able to learn one thing and bring it other places, like OpenTelemetry, which I believe is a cloud-native Kubernetes… CNCF. I can't remember what it stands for. It's like Linux Foundation, but for cloud-native. And so OpenTelemetry is just a standardized way of handling your logs, metrics, and traces, right? And so maybe CloudWatch will be the 1.0 of observability in AWS, and then maybe OpenTelemetry will become more of the standard, right, and so maybe we might see more managed services like Prometheus and Grafa—well, obviously, AWS has a managed Prometheus, but other things like that. So, maybe some of those things will melt away. But yeah, it's hard to say what approach to take.Corey: Yeah, I'm wondering, on some level, whether what the things we're talking about today, how well that's going to map forward. Because the industry is constantly changing. The guidance I would give about should you be in cloud five years ago would have been a nuanced, “Mmm, depends. Maybe for yes, maybe for no. Here's the story.” It's a lot less hedge-y and a lot less edge case-y these days when I answer that question. So, I wonder in five years from now when we look back at this podcast episode, how well this discussion about what the future looks like, and certifications, and multi-cloud, how well that's going to reflect?Andrew: Well, when we look at, like, Kubernetes or Web3, we're just seeing kind of like the standardized boilerplate way of doing a bunch of things, right, all over the place. This distributed way of, like, having this generic API across the board. And how well that will take, I have no idea, but we do see a large split between, like, serverless and cloud-natives. So, it's like, what direction? Or we'll just have both? Probably just have both, right?Corey: [Like that 00:33:08]. I hope so. It's been a wild industry ride, and I'm really curious to see what changes as we wind up continuing to grow. But we'll see. That's the nice thing about this is, worst case, if oh, turns out that we were wrong on this whole cloud thing, and everyone starts exodusing back to data centers, well, okay. That's the nice thing about being a small company. It doesn't take either of us that long to address the reality we see in the industry.Andrew: Well, that or these cloud service providers are just going to get better at offering those services within carrier hotels, or data centers, or on your on-premise under your desk, right? So… I don't know, we'll see. It's hard to say what the future will be, but I do believe that cloud is sticking around in one form or another. And it basically is, like, an essential skill or table stakes for anybody that's in the industry. I mean, of course, not everywhere, but like, mostly, I would say. So.Corey: Andrew, I want to thank you for taking the time to speak with me today. If people want to learn more about your opinions, how you view these things, et cetera. Where can they find you?Andrew: You know, I think the best place to find me right now is Twitter. So, if you go to twitter.com/andrewbrown—all lowercase, no spaces, no underscores, no hyphens—you'll find me there. I'm so surprised I was able to get that handle. It's like the only place where I have my handle.Corey: And we will of course put links to that in the [show notes 00:34:25]. Thanks so much for taking the time to speak with me today. I really appreciate it.Andrew: Well, thanks for having me on the show.Corey: Andrew Brown, co-founder and cloud instructor at ExamPro Training and so much more. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry comment telling me that I do not understand certifications at all because you're an accountant, and certifications matter more in that industry.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.
Now that we know the results of the 49ers-Cowboys playoff game, does Sean regret not nailing down a bet with Ian? Also, are the Cowboys the Maple Leafs of the NFL? Then, with the public clash between Leon Draisaitl and Jim Matheson that occurred this week, they compare it to some all-time battles, and also discuss Sean's piece on midseason goalie trades. Then, in "Granger Things", Jesse Granger joins the show to discuss some betting trends for the Avalanche and Pathers, and it is discovered Sean and Jesse have very different memories of the 1996 Stanley Cup Final. To wrap up, the guys answer your mailbag questions, and in "This Week in Hockey History", they discuss two weather-related game delays, one with an exclusive club that doesn't seem to have great benefits. Have a question for Ian and Sean? Email firstname.lastname@example.org, or leave a VM at (845) 445-8459! Learn more about your ad choices. Visit megaphone.fm/adchoices
Our old friend Jeff Hiller joins us today, and not only are we excited to talk to him but we are SO SO SO EXCITED for his new show on HBO Somebody Somewhere, which just debuted last night (we saw it; it's GREAT!). If you frequented UCB-NY at all during its heyday, you definitely know Jeff, but maybe you've also seen him on Unbreakable Kimmy Schmidt, Nightcap or on shows like 30 Rock, Community and Playing House! On today's episode, hear how Jeff knew his husband was the one, how Naomi first met Jeff and also how he then played a role in OUR burgeoning romance! PLUS, of course, we answer YOUR advice questions! If you'd like to ask advice questions, call 323-524-7839 and leave a VM or just DM us on IG or Twitter! Also, support the show on Patreon or with a t-shirt (or a Jewboo shirt) and watch us every once in a while on Twitch or check out clips on YouTube! See acast.com/privacy for privacy and opt-out information.
Death, taxes, and celebrities at Florida Panther games. Ian Mendes and Sean McIndoe discuss a new challenger to this weeks-long discussion as Kodak Black made news with his appearance at a game this week, and the social media storm that followed. Then, they dig into Connor McDavid's tepid comments about Evander Kane potentially joining the Edmonton Oilers, and the market for Kane. Also, do opinions change on the Bruins as a contender with Tuukka Rask making his return, and Bobby Clarke speaks out on Ron Hextall. Next, in "Granger Things", Jesse Granger gives the latest on Jack Eichel, his debut for the Golden Knights on the horizon, and Eichel's thoughts on the NHL pulling out of the Olympics. Also, how the odds have changed for the tournament with the subtraction of NHL players, and Cale Makar's odds for player awards. To wrap up, Ian and Sean discuss the NHL going by a point system in the mailbag, and in "This Week in Hockey History," the Philadelphia Flyers play too rough against the Soviet Red Army team, and Pat Hughes breaks a Wayne Gretzky record. Have a question for Ian and Sean? Email email@example.com or leave a VM at (845) 445-8459! Learn more about your ad choices. Visit megaphone.fm/adchoices
Our dear friend Sasheer has been on the live version of the show with Nicole a few years ago, but we've never sat down with her over Zoom (thanks, Omicron!) and answered listener advice questions before... UNTIL NOW! ANd of course, you know Sasheer from SNL, Home Economics, Woke and a ton of other things, including her podcast with the aforementioned Nicole Byer, Best Friends, but now you get to hear her dole out sage wisdom about dating white guys, interracial anti-vax friendships, and MUCH MORE! If you'd like to ask advice questions, call 323-524-7839 and leave a VM or just DM us on IG or Twitter! Also, support the show on Patreon or with a t-shirt (or a Jewboo shirt) and watch us every once in a while on Twitch or check out clips on YouTube! See acast.com/privacy for privacy and opt-out information.
Die Shownotes: www.naturfotocamp.de Canon EOS 1DX III ist offiziell die letzte professionelle Spiegelreflexkamera von Canon Canon erhöht die Preise für Canon RF Objektive: RF 28-70mm 2,0 L USM - 200€ RF 24-105mm 4.0 L IS USM - 250€ RF 50mm 1,2 L USM - 200€ RF 85mm 1,2 L USM - 200€ RF 85mm 1,2 L USM DS - 200€ RF 600mm 11,0 IS STM - 170€ RF 800mm 11,0 IS STM - 180€ Leica Q2 Reporter 5590€ Voigtländer Cosina 50mm 1.0 für VM 1749€ 479g Laowa Argus 45mm 0.95 835g 72mm Filter 799€ Techchart Contax G auf Nikkor Z Adapter mit Autofokus Nikkor Z 28-75mm 2.8 1049EUR ABM 1:2.9 67mm Filter 565g Entwicklungsankündigung Nikkor Z 800mm 6.3 VR S Ippawards iphone photography awards Film Yukon un reve blanc (Jérémie Villet) Video Richtige Bildauswahl eines Nat Geo Fotografen
In their first show of 2022, Ian Mendes and Sean McIndoe discuss the Oilers hitting a boiling point. What happens next, a coach firing or a trade for a goaltender? For Connor McDavid, is this the biggest waste of generational NHL talent ever? Then, with the Penguins surging, does Tristan Jarry get votes for comeback story of the season, and does he have a shot at the Vezina? Also, Cale Makar enters the goal of the year conversation with his 3-on-3 OT goal vs Chicago. Then, with the mailbag overflowing from over the break, Ian and Sean tackle questions about a coach's challenge in a recent game, the World Cup of Hockey, and a listener comes up with a famous celebrity in a Panther's jersey to de-throne Sean's Walter Cronkite pull. To wrap up, in "This Week in Hockey History", Eddie Shore's epic journey to make it to a game in a blizzard, Wayne Gretzky returns for his 1000th game after missing the first half of the season, and more. Have a question for Ian and Sean? Email firstname.lastname@example.org or leave a VM: (845) 445-8459! Save on a subscription to The Athletic: theathletic.com/hockeyshow Learn more about your ad choices. Visit megaphone.fm/adchoices
Episode 144! The Biz Bites N' More Podcast covers the newest player that wants in on the EV ecosystem, and that is none other than Sony. Walmart will have an option to be in your house, and in true 1984 fashion they'll be filming it all. Finally, Elizabeth Holmes, the disgraced CEO and founder is going to jail for being a fraud. $WMT $SONY #Comedy #Business Blog: bizbitesnmore.com Twitter: @bizbitesnmore Facebook: @bizbitesnmore YouTube: Biz Bites N' More Leave a voice message on anchor or leave a five star review on Apple and we will read it aloud/listen to it on the pod! VM: https://anchor.fm/biz-bites-n-more/message --- Send in a voice message: https://anchor.fm/biz-bites-n-more/message Support this podcast: https://anchor.fm/biz-bites-n-more/support
======================================== ==SUSCRIBETEhttps://www.youtube.com/channel/UCNpffyr-7_zP1x1lS89ByaQ?sub_confirmation=1======================================== == NOTAS DE ELENAMaterial complementario de la escuela Sabática para adultosNarrado por: Patty CuyanDesde: California, Estados UnidosUna cortesía de DR'Ministries y Canaan Seventh-Day Adventist ChurchJUEVES, 06 DE ENEROJESÚS ES MEDIADOR DE UN MEJOR PACTO"Lo principal, pues, entre las cosas que decimos es esto: Tenemos un tal sumo sacerdote que se ha sentado a la diestra del trono de la Majestad en los cielos; ministro del Santuario, y del verdadero tabernáculo, que plantó el Señor, y no el hombre ". Hebreos 8: 1,2 (VM). Aquí tenemos revelado el Santuario del nuevo pacto. El Santuario del primer pacto fue asentado por el hombre, construido por Moisés; este segundo es asentado por el Señor, no por el hombre. En aquel Santuario los sacerdotes terrenales desempeñaban el servicio; en este es Cristo, nuestro gran Sumo Sacerdote, quien ministra a la diestra de Dios. Uno de los Santuarios estaba en la tierra, el otro está en el cielo (El conflicto de los siglos, pp. 408, 409). Cuando Jesús habla de un nuevo corazón, se refiere a la mente, a la vida, a todo el ser. Tener un cambio de corazón quiere decir apartar los afectos de este mundo y aferrarse de Cristo. Tener un nuevo corazón es tener nueva mente, nuevos propósitos, nuevos motivos. ¿Cuál es la señal de un nuevo corazón?: Una vida nueva. Hay una muerte diaria y de cada hora al egoísmo y al orgullo. Entonces se manifestara un espíritu de amabilidad, no intermitente, sino continuamente. Habrá un cambio decidido en la actitud, en el comportamiento, en las palabras y en los actos hacia todos aquellos con quienes os relacionéis. No magnificareis sus debilidades, no las pondréis bajo una luz desfavorable. Obraréis de acuerdo con los métodos de Cristo, manifestando al prójimo el amor que Cristo os manifestó ... Solo el poder de Dios puede cambiar un corazón de piedra por un corazón de carne (Hijos e hijas de Dios, p. 100; parcialmente en Hijos e hijas de Dios, p. 102). Ser perdonados como Cristo perdona no es solo ser perdonados sino ser renovados en el espíritu de nuestra mente. El Señor dice: "Os daré corazón nuevo". Ezequiel 36:26. La imagen de Cristo ha de estar grabada en la mente, el corazón y el alma. El apóstol dice: "Nosotros tenemos la mente de Cristo". 1 Corintios 2:16. Sin el proceso transformador que solo puede producirse por medio del poder divino, las propensiones pecaminosas originales quedan en el corazón con toda su fuerza, para forjar nuevas cadenas, para imponer una esclavitud que nunca puede ser quebrada por el poder humano ... Cuando venga Cristo, la balanza del cielo pesará el carácter y decidirá si es puro, santificado y consagrado ... La felicidad es el resultado de la santidad y de la conformidad con la voluntad de Dios. Los que quieren ser santos en el cielo, primero serán santos en la tierra; porque cuando dejemos esta tierra, llevaremos nuestro carácter con nosotros, y esto será sencillamente llevar con nosotros algunos de los elementos del cielo que nos fueron impartidos por la justicia de Cristo ... La experiencia que sigue a la entrega total de Dios es la justicia, la paz y el gozo en el Espíritu Santo (Reflejemos a Jesús, p. 295). VIERNES, 07 DE ENERO: PARA ESTUDIAR Y MEDITARReflejemos a Jesús, 3 de enero, "Cristo se sacrificó por nosotros", p. 9; Los hechos de los apóstoles, "Corinto", págs. 199, 200.
Happy new year friends! Today I share the good, bad, ugly, and BROKEN things I've come across while migrating our Light Pentest LITE training lab from on-prem VMware ESXi to Azure. It has been a fun and frustrating process, but my hope is that some of the tips in today's episode will save you some time/headaches/money should you setup a pentesting training camp in the cloud. Things I like No longer relying on a single point of failure (Intel NUC, switch, ISP, etc.) You can schedule VMs to auto-shutdown at a certain time each day, and even have Azure send you a notification before the shutdown so you can delay - or suspend altogether - the operation Things I don't like VMs are by default (I believe) joined to Azure AD, which I don't want. Here's how I got machines unjoined from Azure AD and then joined to my pwn.town domain: dsregcmd /leave Add-Computer -DomainName pwn.town -Restart Accidentally provision a VM in the wrong subnet? The fix may be rebuilding the flippin' VM (more info in today's episode). Just about every operation takes for freakin' ever. And it's confusing because if you delete objects out of the portal, sometimes they don't actually disappear from the GUI for like 5-30 minutes. Using backups and snapshots is archaic. You can take a snapshot in the GUI or PowerShell easy-peasy, but if you actually want to restore those snapshots you have to convert them to managed disks, then detach a VM's existing disk, and attach the freshly converted managed disks. This is a nightmare to do with PowerShell. Deleting data is a headache. I understand Azure is probably trying to protect you against deleting stuff and not being able to get it back, but they night a right-click > "I know what I'm doing, DELETE THIS NOW" option. Otherwise you can end up in situations where in order to delete data, you have to disable soft delete, undelete deleted data, then re-delete it to actually make it go away. WTH, you say? This doc will help it make more sense (or not). Things that are broken Promiscuous mode - just plain does not work as far as I can tell. So I can't do protocol poisoning exercises with something like Inveigh. Hashcat - I got CPU-based cracking working in ESXi by installing OpenCL drivers, but try as I may, I cannot get this working in Azure. I even submitted an issue to the hashcat forums but so far no replies. On a personal note, it has been good knowing you because I'm about to spend all my money on a new hobby: indoor skydiving.
Onw - Ep 145 It's the new year and we've missed day one predictions Brock was the right choice Cody wins the tnt title / nows the change to change the name or the belt with it being on Cody Mercedes Martinez Bring back MIRO House of black adding a member on Wednesday, with a third to come Wrestlers that would be great if they had characters Tony Kahn / big swoll Tony storm leaves wwe Your favorite wrestler of the 2021? Mustafa ali v Shinsuke Nakamura for the ic Jeff Jarrett makes a gcw appearance Is a dark/ elevation belt a good idea? Fun fact: jake atlas makes the 100th male member of the aew roster Did you remember? -nikki ash won the raw women's belt -John cena wrestled Roman -the bucks took about 3 months to fully turn heel -baker won her title in may Ple - premium live event ohnowrestling.com ohnomedia.com patreon.com/onrs ohnoradioshow.com Leave a VM at 407-906-6466 Find our FB Group. Ohno Wrestling
Den norske verdensmester i skak Magnus Carlsen har mistet to af sine tre VM-titler til en kun 17-årig spiller: usbeskiske Nodirbek Abdusattorov. Vi tegner et portræt af det fremadstormende skakfænomen. Vært: Tore Leifer.
Megan Gailey's a real one! Perhaps you've seen her Comedy Central Half Hour or on the show she writes for Pause with Sam Jay? Or maybe you've heard her on the podcast she and Naomi do I Love a Lifetime Movie??? Regardless, you're gonna love her after today's episode! We get into her history of dating athletes, the subtle depths of her white womanhood and of course, how she had to disinvite one of her bridesmaids to her wedding! PLUS, of course, we answer YOUR advice questions! If you'd like to ask advice questions, call 323-524-7839 and leave a VM or just DM us on IG or Twitter! Also, support the show on Patreon or with a t-shirt (or a Jewboo shirt) and watch us every once in a while on Twitch or check out clips on YouTube! See acast.com/privacy for privacy and opt-out information.
Enes Kanter levede den amerikanske drøm. Han rejste fra sit hjem i Tyrkiet og blev stjerne i den amerikanske basketball-liga NBA. En feteret millionær, der havde verden for sine store fødder. Indtil han åbnede munden og kaldte Tyrkiets præsident Erdogan for vor tids Hitler. I dag lever han under politibeskyttelse, han har ikke set sin familie i Tyrkiet i årevis, og han tør ikke forlade sit nye hjemland USA. Men Enes Kanter vil ikke tie stille og han har en meget klar opfordring til sportsfolk, som tager til vinter-OL i Kina eller fodbold-Vm i Qatar: Bliv væk, eller tal om problemerne.
I februar 2021 sier Tromsø at Norge bør boikotte VM i Qatar. Det fører til et ekstraordinært møte hvor norsk fotball skal stemme for og imot. Før møtet skriver et utvalg en rapport som hevder at dialog er veien å gå for å skape varige endringer i Qatar. Men blant de viktigste kildene i rapporten, er det én organisasjon som ikke er like nøytral som den fremstår.
Tonight we decided to do something different. No Clips, no segments. We just talk shit about the golden girls, betty white and take a bunch of phone calls. it was a ton of fun. everyone got a bit drunk. happy new year. ohnoradioshow.com ohnowrestling.com ohnomedia.com patreon.com/onrs ohnoradioshow.com Leave a VM at 407-906-6466 Find our FB Group. Ohno Wrestling
Episode 143! The Biz Bites N' More Podcast covers the recent DoorDash employee mandatory fun time where all of HQ gets to deliver, shadow a merchant, or work in customer service, seems harsh but is good. Biogen might be bought by Samsung. Finally, Josh and Grayson cover the tech trends in 2022, what a freaking blast! #Comedy #Business Blog: bizbitesnmore.com Twitter: @bizbitesnmore Facebook: @bizbitesnmore YouTube: Biz Bites N' More Leave a voice message on anchor or leave a five star review on Apple and we will read it aloud/listen to it on the pod! VM: https://anchor.fm/biz-bites-n-more/message --- Send in a voice message: https://anchor.fm/biz-bites-n-more/message Support this podcast: https://anchor.fm/biz-bites-n-more/support
I think we met Janelle when she and Naomi were Just For Laughs New Faces, like, 5 or so years ago, but regardless, this is our first time getting to KNOW Janelle, and what a joy it is! Of course you know her from Black Monday, Abbott Elementary and her and Naomi's half hour stand-up sets in THE STANDUPS SEASON 3 (debuting WEDNESDAY DECEMBER 29TH 2021 on Netflix!!!). But now you can hear Janelle's crazy prom story, her journey from fashion student to stand-up and also about one of her crazy-ass roommates. PLUS, of course, we answer YOUR advice questions! If you'd like to ask advice questions, call 323-524-7839 and leave a VM or just DM us on IG or Twitter! Also, support the show on Patreon or with a t-shirt (or a Jewboo shirt) and watch us every once in a while on Twitch or check out clips on YouTube! See acast.com/privacy for privacy and opt-out information.
Sarah Sjöström är nyss hemkommen från VM i Abu Dhabi med tung resväska! Hon tog nämligen medalj i alla grenar hon ställde upp i. Hon är den största simmaren genom tiderna och vi pratar med henne om hur man håller motivationen uppe, om att pengar kan vara en drivkraft, armbågsskadan som såg ut att sätta käppar i hjulet men som kanske förde något gott med sig. Dessutom snackar vi med Sarah om "Slangbellan" och julklappar. Programledare: Nanna Olasdotter Hallberg, Kodjo Akolor och David Druid
Good morning and welcome to the ride! What do women really look for in a man? We bring you the hot headed crew. The comedians give you the things you've never seen. What are the signs that someone lives at their mom's house? Fool #2 murders another one in the spirit of Donna Summer. Tired of the same old sugar honey iced tea or nah? The Steve Harvey Nation shows holiday cheer in Steve's VM. Today in Closing Remarks, Steve says it straight up. "Don't be anxious for anything." Learn more about your ad-choices at https://www.iheartpodcastnetwork.com
As we bid farewell to 2021 and hope for better and brighter days in the new year, I felt it prudent to send this year off with some folly and Toddies! I didn't want to do it alone. So I got one of my favorite people my Big Sister-Cuz, Bambi Jones, to come sit and chat for another good feels get down Holiday VM&M episode! Last year was so much FUN that we decided to turn the shenanigans all the way up this time! We get into not just what we have, and are currently, binge watching and how it makes us feel, but some heavier chat about the connection between what entertainment we consume and its relevance to our world. Speaking of which, Bambi clues us in on the historic moment that happened when Broadway reopened post pandemic lockdown in NYC. Did you know that seven Plays that were written by seven Black Playwrights, were a major part of that reopening? If not, get ready to be in the know! She gets all into it for us! And you can check out my Blog for additional links and info about all seven of the shows. We had a lot to cover! So much so that this is going up in 2 parts! Yes,we go deep here and there,but we bring more than enough love and laughter to the party as well. Don't believe me? Check out the VM&M Youtube Channel to see our version of "The 12 Days of Christmas!" featured in the Holiday Shenanigans Episode Preview video. You'll be glad you did! So grab those tasty hot beverages, preferable a Hot Toddie, and join us for some Holiday cheer! Happy Holidays & Happy New Year! Jannae Vibes...Moods & Moves - Podcast
Epost: Laernorsknaa@gmail.com Teksten til episoden: https://laernorsknaa.com/94-magnus-carlsen-sjakk Patreon: https://www.patreon.com/laernorsknaa Donasjon (Paypal): https://www.paypal.com/donate?token=-yR0zEJ65wE-69zvoB17FdXGd7Gh1fXTKI5CsvjA2jbcQcV9KgR35SBYpH6JD5ofFImlLCuCuNuinHyh Twitter: https://twitter.com/MariusStangela1 YouTube: https://www.youtube.com/channel/UCxdRJ5lW2QlUNRfff-ZoE-A/videos Når jeg nå spiller inn denne episoden er det romjul her, og romjul i Norge betyr sjakk, nærmere bestemt verdensmesterskap i lyn- og hurtigsjakk. Store deler av Norges befolkning følger med på dette hvert eneste år. Faktisk sendes hele sjakk verdensmesterskapet på NRK, riksdekkende TV, med ekspertkommentatorer og produksjonskvalitet som om det skulle vært en fotballkamp. Hva er grunnen til det? Hvorfor følger så mange i Norge med på sjakk VM? Hvorfor er sjakk så stort i Norge? Vel, det har ikke alltid vært det. Faktisk er det et ganske nytt fenomen. Grunnen er at verdens beste sjakkspiller heter Magnus Carlsen og kommer fra Norge. I dag er Magnus Carlsen verdens beste sjakkspiller. Han har vært verdens høyeste rangerte sjakkspiller siden 2011 med toppnoteringen 2882 som er den høyeste rangeringen i historien. Alireza er rangert som nummer to for øyeblikket med 2804 i rating. I 2011, da Carlen blei den høyest rangerte spilleren, var han bare 21 år gammel. Han blei første gang verdensmester i sjakk i 2013 da han slo den daværende regjerende mesteren Viswanathan Anand fra India. I 2014 vant Magnus Carlsen igjen verdensmesterskapet i langsjakk mot Anand, og samme år vant han også VM i hurtigsjakk og lynsjakk. Med det blei han den første i historien til å vinne alle mesterskapene samme år. Carlsen er altså en svært god sjakkspiller. Kanskje den beste gjennom tidende. Selv om Magnus Carlsen er ung, han er født i 1990, så har han lenge vært blant verdens beste sjakkspillere. Han lærte sjakk som seksåring, men begynte først å spille mye som åtteåring. Det blei tidlig klart at Carlsen hadde noe spesielt. Han var et sjakktalent utenom det vanlige. I 2004 fikk han sitt gjennombrudd som 13-åring i sjakkturneringa Wijk aan Zee i Nederland i C-gruppa. Her spilte han et vakkert offerparti mot stormesteren Sipke Ernst. Carlsen spilte vakkert; han ofra viktige brikker for å få en fordel i stillingen. Det gjorde til slutt at han vant. Seieren gjorde at Carlsen blei kalt for «Sjakkens Mozart» og han blei hylla av sjakkverden. Et halvt år seinere blei Carlsen utnevnt av FIDE, verdens sjakkforbund, som den da yngste stormesteren i verden. Sergej Karjakin hadde derimot blitt stormester i en alder av 12 år, så Carlsen var ikke den yngste i historien.
As we bid farewell to 2021 and hope for better and brighter days in the new year, I felt it prudent to send this year off with some folly and Toddies! I didn't want to do it alone. So I got one of my favorite people my Big Sister-Cuz, Bambi Jones, to come sit and chat for another good feels get down Holiday VM&M episode! Last year was so much FUN that we decided to turn the shenanigans all the way up this time! We get into not just what we have, and are currently, binge watching and how it makes us feel, but some heavier chat about the connection between what entertainment we consume and its relevance to our world. Speaking of which, Bambi clues us in on the historic moment that happened when Broadway reopened post pandemic lockdown in NYC. Did you know that seven Plays that were written by seven Black Playwrights, were a major part of that reopening? If not, get ready to be in the know! She gets all into it for us! And you can check out my Blog for additional links and info about all seven of the shows. We had a lot to cover! So much so that this is going up in 2 parts! Yes,we go deep here and there,but we bring more than enough love and laughter to the party as well. Don't believe me? Check out the VM&M Youtube Channel to see our version of "The 12 Days of Christmas!" featured in the Holiday Shenanigans Episode Preview video. You'll be glad you did! So grab those tasty hot beverages, preferable a Hot Toddie, and join us for some Holiday cheer! Happy Holidays & Happy New Year! Jannae Vibes...Moods & Moves - Podcast
Unsere letzte Folge in diesem Jahr ist eine ganz besondere … ein Jahreshoroskop und ein astrologischer Ausblick für 2022 von und mit Yasemin & Denis von Astrolution. Die beiden haben uns unsere Geburtshoroskope gelesen – und das war einfach unglaublich! Akkurat, überraschend und empowernd. Wir sprechen über unsere Persönlichkeiten, was unsere Stärken und Schwächen sind, wo die meisten Energien bei uns sind, was wir brauchen um wir selbst zu sein und das Leben zu leben, das zu uns passt. Außerdem sprechen wir über den Ausblick für das Jahr 2022. Für uns alle! Veränderung kommt nicht von heute auf morgen, viele Dinge merken wir schon … einiges wird sich also nächstes Jahr noch klarer verfestigen. Hört unbedingt rein – denn uns hat es sehr viel Kraft gegeben und wir hoffen Euch auch. Nun wünschen wir Euch die schönsten Feiertage und einen gesunden Rutsch ins neue Jahr. Es wird großartig! Wir lieben Euch. V + M __________________________________ Unser Werbepartner für diese Folge: Ecco Verde: im größten Onlineshop für Naturkosmetik bekommt ihr mit dem Code KONFETTI-21 15% Rabatt auf das gesamte Sortiment (gültig bis 31.12.2021): www.ecco-verde.de KoRo: Nüsse, Superfoods, Trockenfrüchte oder Snacks in Großverpackungen quasi direkt vom Bauern / Bäuerin kaufen. Mit dem Code KONFETTI bekommt ihr 5% Rabatt auf das gesamte Sortiment unter www.korodrogerie.de Viva con Agua - Sauberes Trinkwasser für alle unterstützen und gleichzeitig den Liebsten eine Freude machen? Dann verschenke eine Spende: geschenke.vivaconagua.org Frohe Weihnachten! __________________________________ Folgt uns gerne auf unseren Social Media Accounts: Instagram: www.instagram.com/schwarzeskonfetti_podcast Vero: www.instagram.com/vero1berlin Maxie: www.instagram.com/maxie_eixam
The NHL's Lake Tahoe game vs. The Sun. Nikita Kucherov's heel turn in his post-Stanley Cup win press conference, the Jack Eichel saga, and much more. Ian Mendes and Sean McIndoe wrap up the year with a look back on 2021 in the NHL and break down the ten weirdest moments. Have a question for Ian and Sean? Email email@example.com or leave a VM at (845) 445-8459! Save on a subscription to The Athletic: theathletic.com/hockeyshow Learn more about your ad choices. Visit megaphone.fm/adchoices
Onw - Ep 144 The Broadway hangman and Brian KO resigns with wwe / no, no cut clause The rock buys wwe/ keeps steph and trips Wardlow is my dark horse for one day jumping to wwe Brock and Roman is interesting again Tbs title victor ROH update Asuka return/ bliss return? Is liv Morgan ready? Send the Viking raiders back to nxt and be dominant Wrestling fantasy porno Roman Steph Trish and the rock Luna gangrel ohnowrestling.com ohnomedia.com patreon.com/onrs ohnoradioshow.com Leave a VM at 407-906-6466 Find our FB Group. Ohno Wrestling
Episode 142! The Biz Bites N' More Podcast covers the right to disconnect aka your boss can't text you after hours, will it come to America? Pfizer teams up with cannabis to get the US stoned. Finally Spiderman is breaking records and giving life back to movie theaters. $PFE $AMC #Comedy #Business Blog: bizbitesnmore.com Twitter: @bizbitesnmore Facebook: @bizbitesnmore YouTube: Biz Bites N' More Leave a voice message on anchor or leave a five star review on Apple and we will read it aloud/listen to it on the pod! VM: https://anchor.fm/biz-bites-n-more/message --- Send in a voice message: https://anchor.fm/biz-bites-n-more/message Support this podcast: https://anchor.fm/biz-bites-n-more/support
Back in the spring, we produced a number of online shows as a way to raise funds for Mabel's VERY EXPENSIVE chemotherapy, and up until now, outside of a few clips we posted on our Insta, you HAD TO BE THERE! But now, as a holiday gift to YOU, our dear listeners, we thought we'd release the audio for the Couples Therapy Quarantine Party: Chemotherapy Mabeline Party, which we did on May 22nd through Dynasty Typewriter Online. Our pals Bryan Safi, Laci Mosley and Ayo Edebiri were kind enough to join us, and we had a blast goofing around and answering viewer's advice questions, which they submitted by video beforehand. Also, if you didn't know, Mabel's been in remission for just about 6 months now!If you'd like to ask advice questions, call 323-524-7839 and leave a VM or just DM us on IG or Twitter! Also, support the show on Patreon or with a t-shirt (or a Jewboo shirt) and watch us every once in a while on Twitch or check out clips on YouTube! See acast.com/privacy for privacy and opt-out information.
Financial Sector CISO Raj Badhwar joins co-host Andy Bonillo on Episode #202 of Task Force 7 Radio to discuss how to mitigate exposure of the Log4J vulnerability. Raj discusses the importance of zero trust implementations, API security, and good security hygiene to help your organization manage the risk of ransomware and vulnerabilities like Log4J. We ended the show with Raj talking about his recently authored books, the one book he is currently authoring, and his advice to security executives to manage up and down. All this and much more on Episode #202 of Task Force 7 Radio.
2021-12-18 1144 [00:00:00] Well, the tech world is all a buzz with this log for J or log for shell. However you want to call it because we are looking at what is probably the biggest security vulnerability the internet has had in a long time. [00:00:16] This is huge, huge, huge to chew. [00:00:19] I don't know how to express it anymore, but there are multiple problems here. And even the patch that was released to fix this problem was broken as being exploited in the last 24 hours. There've been no less than 30 different new. Variations of the exploit. So what is going on? There is a computer language that's used by many programmers, particularly in larger businesses called Java. [00:00:52] You might remember this, I've been following it and using it now, since it first came out very long time ago from sun Microsystems. Java is a language that's designed to have kind of an intimate. CPU processor. So think about it. If you have an Intel chip that is an x86 type chip, what can you use instead of that Intel chip to run that code? [00:01:19] Well, there are some compatible chips made mainly by AMD advanced micro devices, but you're really rather limited. You have problems. Power. Well, you know, guess what you're stuck. You're stuck in that architecture. And then on the other end of the spectrum, you have some of these devices that are designed by companies like apple, Google has their own. [00:01:41] Now that our CPU's their graphics processing units as well. And they completely replaced the Intel architecture. But the Intel code, the programs that are written for the Intel architecture that are compiled for Intel are not going to work on the apple chips and vice versa. So what did apple do? Well, apple, for instance, just moved from Intel over to. [00:02:08] Own chipsets and these chips don't run Intel code. So how can you run your old apple apps? Well, apple has a little translator. They call Rosetta. It sits in the middle and it pretends it's an Intel processor. This really rather simple. And they've done an amazing job on this. And w Rosetta is actually a third party company and they helped apple as well with the transition from the IBM power series chips to the Intel chips. [00:02:41] So how do you move the code around while you either have. Recompile it, you may have to redesign it, rearchitect it for the new type of processor and the new types of computers that are supported by that processor. Or you may do what Apple's done here a couple of times now, and that is having an interpreter in the middle that pretends it's something else pretends as an Intel chip. [00:03:07] And then you can still run your in. Code because it knows, okay. It was designed originally for this apple Intel architecture. So I know how to make all of this work Java steps in and says, well, why are you doing all of that? That's kind of crazy. Isn't it moving all of your code around all of the time. So Java's original claim to fame was what will, will make life easy for? [00:03:33] What you do is you write your code. Using Java in Java is very similar to C plus plus in some of these other languages that are out there. And that language, when you're writing your source code will be compiled into an intermediate. Code. So what happened is sun Microsystems designed this virtual machine? [00:03:56] Now don't think of it like a normal VM, but we're talking about a CPU architecture and CPU instructions. And so what it did for those CPU instructions. Which is really quite clever, as I said, well, we'll come up with what we think are the most useful. And it's a Cisco architecture for those of you who are ultra geeks like myself. [00:04:19] And we will go ahead and implement that. And so the compiler spits out code for this CPU that doesn't actually exist anywhere in the known universe. And then what happened is sun went out and said, okay, well, we'll make an interpreter for. Artificial CPU that'll run on Intel chips and we'll make another one that runs on these chips, that chips and the other chips, beautiful concept, because basically you could write your code once debug it and run it off. [00:04:53] Anything that was kind of one of the original claims to fame for Unix, not so the run at anywhere part of it, but the part that says, well, it doesn't take much work to move your code to different machine, and we're not going to get into Unix and its root I've been around the whole time. It's kind of crazy. [00:05:13] I just finished reading a book and saying, I remember that I remember that. And they were going through all of the history of everything I was in the middle of that. I did that. That was the first one to do this. It was kind of fun. Anyhow, what Java has done now is it's really solidified itself in the larger enterprises. [00:05:34] So basically any software that you might be using, like our website that is particularly with a larger business. Is going to be using Java and that Java language is using libraries. So in programmers, instead of doing what I used to do way back when which is right in assembly code, or even in COBOL, and basically you had to write everything, every part of every program, anything you wanted to have done, you had to write, or maybe you borrowed somebody else's code and you embedded it in. [00:06:08] And mind you, we only had 32 kilobytes of memory in the mainframe back then the 360 30, for those of you who remember those things, but here is where things really changed. You now had the ability to take that code that you wrote and put it on a smart. You could take that exact same code, no recompiling or anything, and take that code and run it on a mainframe on our super computer in a car. [00:06:38] So Java became very popular for that. Very reason in these libraries that Java provided, made it even quicker to program and easier to program. Now there's some problems with languages. Java, which are these object oriented languages where you can, for instance, say one plus one equals two. Right. That will make sense. [00:07:02] But what does it mean when you use a plus sign? When you're talking about words? So you say apple plus oranges, what's that going to eat? Well, that's called overloading an operator, and this is not a course on programming languages, but what happens is a person can write the library and says, oh, well, if the programmer says a non-Apple plus an orange or string plus a string, what I want you to do is concatenate the strings. [00:07:31] Now that programmer who wrote that has to kind of figure out a couple of things, make some assumptions. Oh, well, I should I put a space between apple and. Or not. And what do they really mean? Okay. So this is how I'm going to interpret it. So that, it's a very, very simple example. But the concept is that now with these overloaded opera operations and these libraries that can go deep, deep, deep, you now have the additional problem of people designing and writing the libraries, making assumptions about what the programmer wants and what the programmer needs. [00:08:09] Enter the problem with the log for J vulnerability. This is a very big, big deal because we're talking about a library function that is being used in Java by programmers. Now, you know that I have been warning everybody. Android for years, the biggest problem with Android isn't its user interface. It isn't that it's made by somebody else. [00:08:37] Right? The biggest problem. And of course, this is my opinion is that Android software is provided by Google and. It is given basically to any manufacturer that wants to license it. And then that manufacturer can't just take Google and run it. Right. Have you ever tried to install windows or Linux or free BSD? [00:09:04] It's mainly a windows problem, frankly, but you go on ahead and install that in. What do you need in windows while you get to need driver? Oh, well, wait a minute. This laptop is three years old. So how, how can I find them? And then you go around and you work on it and takes you a day and you finally find everything you need. [00:09:22] And you've got all of the drivers and now it works. But Microsoft provided you with the base operating system. Why do you need drivers? Well, you know the answer to that and it's because every piece of equipment out there is different. Think about this in the smartphone market. Think about it in the more general. [00:09:39] Android market. There are thousands of these devices that are out there and those different devices are using different hardware, which require different drivers. So when Google comes up with a software patch, how well we just fix the log for J issue that patch. Has to be given to the devices manufacturer who then has to talk to the manufacturers of the various components and make sure that the device drivers that they're using by the manufacturer are actually compatible. [00:10:20] They're going to. Got the upgrades, wire it all together, and then test it on all of the different phones that they have and cars because cars are running it. Now you see how complicated this get. And most Android devices will net. Get another update. They will never get a security patch versus apple. [00:10:43] Right now. They're still supporting the apple six S that came out in 2015. If I remember right, it's five or six years old. Now you don't find that in the Android space. You're lucky if you get two years worth of support, we're going to continue this. But this is, uh, this is really, really important. I'm going to talk more about the actual problem. [00:11:06] What is being done about it? What you can do about it as an individual, a home user, and as a business, in fact, keep an eye on your mailboxes. Cause I've got some more links to some sites about what you can do and how to do it and how to test for it. Anyways, stick around. You're listening to Craig Peterson. [00:11:29] We're talking about what is likely to be the biggest set of hacks in internet history right now. It's absolutely incredible what's going on. So we're going to talk about what it means to you and what's really going on. [00:11:45] This whole problem is probably bigger than anybody really realizes because Java, as I explained is a very common computer programming language. [00:12:00] And it has a lot of features that bigger businesses love. They love the ability to have multiple programmers working on something at the same time. They love the inheritance and multiple inheritance and all of these wonderful features of Java. Well, one of the really cool features is that you can, while your program is running, have the program change. [00:12:25] It's. That's effectively what it's doing. It's pulling in libraries and functions in real time. And that's where this particular problem comes in. This has been a nightmare for Java forever. It's one of the reasons I have never migrated to Java for any of the projects that I have. Don, it just gets to be a nightmare. [00:12:49] It kind of reminds me of Adobe flash. It was the biggest security problem that has ever been. And the number two Java and Java is running in the Android operating system. It is the core of the operating system. All of the programs are almost certainly written into. And now we're seeing Java turnip in the, not just entertainment systems in our cars, but in the actual computers that are driving the cars, running the cars. [00:13:22] And I get very concerned about this. We had two major outages just this week before this log for J thing came about over at Amazon. And those two Amazon outages knocked thousands of businesses. Off the air out of business. You couldn't get to them. You remember the big problem with Facebook that we talked about a little while back and in both cases, it looks like they were using some automatic distribution of software sent out the wrong stuff. [00:13:52] Right? And now you are effected. Well, what happens? What happens with the cars? If they push out a bad patch, how are we going to know. Hmm, what's that going to mean? And if your car has Java in it, are you going to be vulnerable to this? Well, you, you wouldn't be vulnerable to log for J if your computer wasn't hooked up to anything, but nowadays the cars are hooked up to the net. [00:14:20] We've had a couple of car dealers for our clients. Who've had the Mercedes we've had Acura Honda and others over the years. And it's interesting going in there now and working with them because they are doing massive downloads of firmware whenever a car comes in. So that car, if they don't have the right kind of networks, that car can take hours to do. [00:14:49] Dates. And I got to tell you, man, I I'm just shocked by so many businesses, not willing to spend the money that it really takes. So the poor technician is sitting there waiting for it to happen. You know, we could make it happen in 15 minutes, but they're stuck there waiting for three or four hours sometimes for some of these downloads, no it's called cash them locally. [00:15:09] Right? These cars, some of them need new and different firmware. Some of them use the same and have. A reliable, fast internet connection. And we've done that for many companies. Anyways, I'm kind of going off on a bit of a tangent here. So forget that let's get back into this with Java. You can have a routine. [00:15:32] Call another routine that was not even necessarily thought of by the programmer. Now, can you imagine that? So you're, you're programming and you're, you're not considering adding something that's going to send email out and yet you could have a log in. That's part of the DNS, uh, and it gets logged that actually causes an email to be sent or causes anything else to happen. [00:16:02] That the exact problem we're seeing right now, it's absolutely crazy patterns in text fields, things like you can put a user desk agent. Right, which is normal for nature. GTP connection. You say, this is, this is usually a guy who was using Chrome version bar or Firefox or safari, but you put the user agent field. [00:16:26] And then after that, you've put in some, a little bit of code that tells Java, Hey, what I want you to do is this. This is a problem because we're finding now that I'm, again, I said the last 24 hours, 30 different exploits over a million companies have been attacked on this. And we're talking about 10. [00:16:51] Companies, absolutely hacked every minute right now. Can you think, let's just think about that. And we're in the middle of what? Right? The big holiday season, we've had some holidays, there's people online, shopping there's businesses that are trying to buy stuff, business stuff, almost every one of those sites is likely to be compromised. [00:17:17] It's that bad. It's absolutely nuts. What's happening here. This is a huge flaw, huge flaw. And by the way, it is flaw. Number this you ready for? This 44,228. In the year 2021. So the written 44,000 flaws that have been discovered and reported, this is the CVE system for those of you who are interested, but this really is a worst case scenario. [00:17:50] Because this log for J library is being pulled in to so many pieces of software out there on so many different platforms. The paths to, uh, to exploit this vulnerability are almost unlimited. And because there's so many dependencies on this particular log for J library, it's going to make it very difficult to patch without breaking other things. [00:18:21] And the fact the exploit itself fits in. Tweet can be injected almost anywhere. So it's going to be a very long weekend for a lot of people, but let me tell you this, it is not going to be solved in a few days, a week a month. We're going to be seen this. Years, because you have to be the person that wrote the program that has the source code to link in the new libraries, distributed out to your customers. [00:18:52] Do you see what a nightmare? This is now? Some people are saying, well, you know, let's blame this on open source. This, this is an open source product. Well, yeah, it is an open source project and it turns out that even though anyone can grab this, these, this library routine or any of these pieces of code, anybody can grab it. [00:19:13] Anybody can look at it. It turns out it's one guy. Who actually maintained this, who has a budget of $2,000 a year to maintain it. Nobody else pitched in. And all of these big companies are all out there grabbing this code that this guy has been working on and not paying much attention to it. Not donating to the product. [00:19:37] Which is saving them millions of dollars, not that one project, but all of these projects collectively in the open source community, it's it is more far reaching than this stretch vulnerability. You might remember this drug vulnerability that's was, that was the root cause of the massive breach at Equifax that Explo exposed all of our personal information. [00:20:05] To the dark web. That's how bad this is. Oh my gosh. So Hey, if you want information, I've got a links, a bunch of links set up here on what to do while you're waiting for the log for J updates from your vendors, how you can find on your servers. If they have the log for J vulnerability, I've got a bunch of information that I've stored up on that. [00:20:32] And some others just email me, just email me. M firstname.lastname@example.org asked for the list of the log for Jay's stuff or the Java's stuff. I'll figure it out. Be glad to send it to anyone that's interested. And if you need to scan to find out yourself and your business, let me know to email@example.com. [00:20:55] Wow. I was just going through a list published by Seesaw, this federal government agency that tracks some of these types of vulnerabilities. And wow, this list is daunting of all of these pieces of software that are vulnerable to this huge hack. [00:21:12] this is now a problem for each and every one of us. [00:21:16] I think I've established the man. This is nasty, nasty, nasty, nasty. So what do you do? First of all, I sent out. Email a list of things have in fact, a few different lists of things that you can do. So I had one for consumers, one for businesses and kind of a general thing as well. And then a bunch of references. [00:21:43] Of course there's even more references and more great information now because I got that email. Pretty early. So I hope hopefully you had a chance to really look through that, but here let's just talk a little bit about this, what to do thing you already know because you guys really are the best and brightest that you need to be careful when you're on. [00:22:07] You cannot be online, Willy nilly, clicking on things. And that includes emails and links. And this time a year, in fact, all year long, we're looking for. Wow, let's see. Is there a great bonus here? Look at they're having a sale, a discount. Oh no. I've only got three hours to respond or the deal's going to go away. [00:22:28] I've usually been of the sort that I just am, not that influenced by some of these deals, but. I do sometimes want to find out what it is. So I find myself this week clicking through on. I'm on a lot of marketing lists because I like to follow what different marketers are doing, right. That's technology. [00:22:51] And it's something I want to keep you guys informed about. And I found myself just crazy amount of double checking to make sure the link was valid. Now I'm sure you guys have, if you're on my email list, you might notice that the from address is not the me at Craig Peterson. Calm email address. You can always send email to firstname.lastname@example.org and it ends up in my email box. [00:23:17] And it might take me a few days, or even as much as a week or two to get back to you. If it's something there's an emergency, you really need to fill out the form on my website, but I will get back with you. But the problem that some people have noticed lately is. It doesn't say return address or sent from email@example.com. [00:23:41] It's got this rather long convoluted, uh, convoluted, uh, URL that has nothing to do with Craig peterson.com, sows a number of people question it, it is a tracking email. When can the idea is if I am going to be able to get back to people and if Karen is going to be able to nudge. I have to have these things tracked. [00:24:06] So the email from address, when you hit reply, it is going to go to the, again, my email list server guys, and it is going to get tracked so I know. Okay. Okay. So now I've got a few minutes or an hour. Let's sit down and go through a lot of these emails so I can get back to people. That's a problem for many people, that's even more of a problem today than it ever has been in the past. [00:24:35] Now there's been a few sites that have done something about tracking because many people don't like to be tracked. Right. My self included, although, as I've always explained on the show, it's kind of a double-edged sword because I would rather see commercials or ads for a Ford F-150 pickup truck. When I'm looking to buy. [00:24:58] Uh, car or certainly a truck. I don't want to see ads for things I don't care about. Right. And you probably don't either. So the tracking, I don't think is a huge deal. The statistics that have come out from apple recently are very interesting because what apple ended up doing is they put some new technology and to stop tracking. [00:25:24] And to stop you from being tracked. And basically what they're doing is a couple of things. One, they've got this new feature where they will download images and emails from their website, so that it's not a, you know, they're, they're not being able to localize where you are and then they're also doing something where you. [00:25:50] Are you, you are, you can't be tracked like you used to be able to be tracked. Let me just put it simply like that applications now have to have that little label warning label in the app store to let you know what they might be tracking, et cetera. So they've been accepting anti tracking behavior that came from our friends from. [00:26:13] Apple now Google, Facebook and others have been very upset about this thinking that they were going to lose a lot of business here in the advertising side, because you wouldn't be able to track them. So if you've got an apple iOS device, you probably noticed, it says, allow app to track your activity across other companies. [00:26:37] And websites, your data will be used to measure advertising efficiency. I don't know that that's such a bad thing. And looking at the stats right now, I'm looking at Google's income. And a lot of that comes from YouTube after. Apple launched its new privacy initiative and it looks like Google really wasn't hit very badly. [00:27:01] What Facebook was worried about that they would just be losing all kinds of revenue. Also didn't turn out to be true. So it's an interesting thing to see and I've got to really compliment apple again. At this time on trying to keep our information private, I read a really great book, uh, this, so this is how the world ends talking about the whole cyber race and where things are likely going. [00:27:32] And it it's frankly impressive. To see what Google has done to try and keep out our government from their networks, as well as foreign government and the whole thing with the Chinese hackers we've talked about before, where I've found them. Active inside our customer's network before. And this is where we get called in because there's a problem. [00:28:00] We look around, we find indications of compromise. We find the Chinese inside. Okay. So it isn't something that we were protecting them, the Chinese got in, but we come in after the fact and have to clean up the mess. But what we have really seen happen here is the largest transfer in. Of wealth, I should say, in history, the largest transfer of wealth in history to. [00:28:27] From us and from other countries, but primarily from us because of what they've stolen. And so Google really has fought hard against it. The Chinese have been in their systems have stolen a lot of stuff. Apple has fire fought hard against it, but we know about the apple stuff. Google's seems to be a little quieter about some of it. [00:28:47] So they may be selling our information to advertisers, but there certainly are trying to keep nation states out. I'm really wondering too, what is Google doing? Moving that artificial intelligence lab to China. It just it's insane. We know we, if we're going to get out of this financial position, we're in as a country, we need to have an amazing new technology. [00:29:11] So people are coming to the United States and we're certainly not seeing that. At least not yet. It's all been stolen. So what to do, man. I started talking about that and we got a little sidetracked. So I will talk about that a little bit more here coming right up and what to do if you're a consumer, if you're a business person. [00:29:35] And of course, as I mentioned earlier, I have. Quite a list. I'm more than glad to send you. If you go ahead and just email me, M firstname.lastname@example.org. I'll keep you up to date, let you know what's happening and give you those links that you can follow to find out exactly what is happening and what you can do, including some tools. There are some tools out there to check to see if that vulnerability exists inside your networks or systems me@ Craig peterson.com. And I'll be glad to reach out, reach back to you. Stick around. [00:30:12] I'm gonna tell you what to do as a consumer because of this massive internet hack that is underway. It is huge, huge, huge. Also going to talk a little bit about apple and what they're doing with their tracker detect app on Android devices. [00:30:29] This will be going on for months and probably years in some cases, because there are many systems that will never. [00:30:40] Patched for this vulnerability. So from now on, you need to be doubly cautious about almost everything, the big targets for this. Then people who tend to be the most valuable. Big businesses. And I can send you a list of devices that are known to be either, uh, immune to this they've been fixed or patched and devices that are known to have this problem. [00:31:08] So. You send me an email. Excuse me. If you have any questions about it. So it's me M email@example.com. I'd be glad to send you that list. Seesaw has it online. You can certainly search for it yourself. If you're interested in. So for you as an individual, it's just extra caution, you know, use these one time, use credit card numbers. [00:31:39] I have talked about this before. And that is, I use fake identities as much as I possibly can online. And I'm not trying to defraud anyone. Of course, that would be legal. What I'm trying to do is not make myself as easy at target. As is frankly, uh, pretty much anybody who uses a computer out there, because if you're always using your, in the same name and email address and having forbid password, then you are a bigger target than you have to be. [00:32:15] And so. I have a whole, uh, index file. I have a spreadsheet that I put together with 5,000 different identities, different names, of course, different sexes, races, origin stories, everything. And the whole idea behind that is why does some company that's providing me with some little website thing, need my real info. [00:32:41] They don't, obviously you give you real info to the banks or. Counts, but you don't need to give it to anybody else. And that's what I do. That's kind of my goal. So if you can do that, do do that. Apple also has a way for you to use random. Email address a suit can set up a different email address for every website you visit. [00:33:07] There are a few services out there that can do it. If you're interested, drop me an email. firstname.lastname@example.org. I'll send you a list of some of them. Uh, I think they're, they're all paid except for the app. But you have to have an apple account in order to use it. One of the things that businesses really need to do is do a scan. [00:33:30] Again, I can send you a list of scanners so that you can look at your network, see if there's any. Obvious that might have huge implications for your business. Uh, again, email@example.com, one of the things apple has come up with that I, I really have turned out to like, and I think I mentioned them before on the air, but it's these news. [00:33:55] Trackers that apple has, that you can put on things. And we spoke a little bit last week about the problem with these trackers being put on to high-end cars, and then being used to track the car. Now apple got around that problem a while ago, by letting you know, Hey, there is a tracker following you isn't that handy. [00:34:17] So, you know, wait a minute, somebody dropped one of these little tags into my purse. Coat my car or whatever it might be. And so now you can have a look and see where is this thing that's following me and get rid of it. Well, of course, in order to know that there's one of these apple tags tracking, you you've needed to have an apple phone. [00:34:43] Because it'll warn you. Apple now has something called tracker detect. If you are using an Android phone, I would highly advise you to get this app tracker detect app on Android. And it's designed to help you Android users from being tracked by apple airtight. 'cause if, if you don't know you're being tracked right, then you can't know if you're being tracked. [00:35:12] If you don't have an iPhone, unless you get this app so good for them, apple has it up now on the Google play store. That's just in the last week or so, and it lets you locate nearby air tags. So let's, uh, I think a very good thing kind of wonder if apple isn't using the Androids also for part of the. [00:35:33] Crowdsourcing for the air tags, but, uh, that's a different conversation. Great article in vice this week by Aaron Gordon, about how car companies want you to keep paying. Features you already have, and they specifically made a call out about a car manufacturer. Toyota. Who's now charging $80 a year for people who bought their car years ago, six years ago, $80 a year. [00:36:09] If you want to keep using the remote start function on your key. Yeah, so you paid for it and life was good. You went a few years, really nice on a cold winter day or a hot summer day, warm up the car or cool it down all automatically. But now Toyota is charging. $80 a year. So people are saying, well, why I bought it? [00:36:34] Why, why would I pay for that? Apple's now claiming that the several first years were merely a free trial period, but this isn't even the big play for these car companies, this $80 a year for marginal features like remote start instead. Is probably going to happen. And I agree with this author as well is we're going to see a, an approach that Elon Musk has used with his Teslas. [00:37:06] They're going to charge extra for performance, for range, for safety upgrades, for electric vehicles that actually make the car better car, a better car. Right? So upgrades used to be difficult or impossible with gas cars. A lot of these are trivial for the electric cars, with the dashboards that have games that you can play while you are charging. [00:37:32] Some of them were complaining about it being for when they're on the road. Of course that's going to happen because frankly, when, once we get a full autonomous car, what are outs are you going to do? Uh, I should also mention this isn't really a, but Mercedes-Benz has been awarded the very first license for the manufacturer sale and distribution of a fully autonomous vehicle. [00:38:00] The very first they are licensed for up to, I think it was 37 miles per hour. On their car and anything beyond that, you still have to retain control, but that's an amazing thing. And it only works on roads that are mapped. And what Mercedes is doing is they have these super high definition maps. So the car knows exactly where it is. [00:38:29] If you are a Tesla owner, you know that a few years ago, Paid, I think it was $2,000 for your Tesla to be able to drive itself. And of course they, they haven't been able to drive themselves. You know, they, yeah, there's been features here and there, but how are you getting those features? How will you going to get that self-driving mode? [00:38:52] We'll test those, calling them over the air upgrades. And they're also saying. Th this is part of the Tesla ownership experience to quote their website. All right. So they've had all kinds of over the air upgrade. They've had some free software. They've had paid ones, Tesla charges, thousands of dollars for its autopilot. [00:39:16] Now a lot of money, I think it was five grand. And now they've got this beta driver assist system as well, and they also have. To others. You might remember the ludicrous speed. Um, long range model three would dual motors is capable of accelerating from zero to 60 in 3.9 seconds. But when you buy the car, the zero to 60 time is a half a second longer. [00:39:48] So pay an extra $2,000 and you get that extra half second and accelerate. Yeah, there's nothing different. They don't even have to change. Really changed the software. There's no hardware differences. It's just, you pay them two grand and they, your cars catheter to the internet and they just unlock a key is not something. [00:40:11] Now, there are some people that hack the way around that paywall, but then Tesla blocked it and reversed the hack as well. A Tesla has sold their cars now for years with the same 75 kilowatt hour battery. But software locked them to 60 and 70 kilowatt hours might remember. We talked about this with a hurricane that came ashore down in Texas, where Tesla, anyone in that area provided them with an automatic upgrade for extra batteries. [00:40:43] So they could go further in order to get out of the zone of their herd. Before them in software lock-in and a 60 and 70 kilowatt hours, unless you paid an additional $3,000 for that extra 30 or 40 miles of range. Isn't that something. Yeah. So Tesla has temporarily unlocked them, but this is where we're going. [00:41:06] You're going to be going into the car dealership while in Tesla's case. It's on the, on the internet, which I think is better. Frankly, dealerships are handy in order to get a repair, but. You can get a repair at some of these little specialty shops it's often better and certainly cheaper than what the dealership sells, but you're not only going to be haggling over the price of the vehicle and delivery times. [00:41:32] You're going to be haggling over all of these different features. And it's never going to end because they're going to keep having software upgrades that you're going to have to pay for. Uh, Pollstar this is an electric vehicle company spun off from Volvo new. Remember Volvo is now Chinese company. Yeah. [00:41:51] Chinese. Yeah. So much for safety, right? Uh, they're going to charge an extra thousand dollars for a slight increase in horsepower and torque, just like Tesla does. So this is the future. Of car companies. Hey, I want to remind everyone, if you go to my website, Craig peterson.com. Right now you can sign up for my weekly newsletter. [00:42:15] It is packed full of great information for you. Every week. We've got some free boot camps coming up after the first of the year, and you need to be on my email list to find out about it. Craig Peter sohn.com/subscribe. [00:42:32] And following my newsletter, you probably saw what I had in the signature line the last few weeks, how to make a fake identity. Well, we're going to take it a little bit differently today and talk about how to stop spam with a fake email. [00:42:49] I think I've told you before I had email way back in the early eighties, late seventies, actually. So, yeah, it's been a while and I get tens of thousands of email every day, uh, sent to my domain, you know, mainstream.net. That's my company. I've had that same domain name for 30 years and, and it just kinda got out of control. [00:43:16] And so we have. Big Cisco server, that exclusively filters email for us and our clients. And so it cuts down the tens of thousands to a very manageable couple of hundred a day. If you think that's manageable and gets sort of almost all of the fishing and a lot of the spam and other things that are coming. [00:43:39] But, you know, there's an easier way to do this. Maybe not quite as effective, but allowing you to track this whole email problem and the spam, I'm going over this in some detail in. Coming bootcamp. So make sure we keep an eye on your emails. So you know about this thing again, it's free, right? I do a lot of the stuff just to help you guys understand it. [00:44:04] I'm not trying to, you know, just be June to submission to buy something. This is a boot camp. My workshops, my boot camps, my emails, they are all about informing you. I try to make them the most valuable piece of email. During the week. So we're going to go into this in some detail in this upcoming bootcamp. [00:44:25] But what we're looking at now is a number of different vendors that have gotten together in order to help prevent some of the spam that you might've been in. Uh, I think that's a very cool idea to have these, these sometimes temporary, sometimes fake email addresses that you can use. There's a company out there called fast to mail. [00:44:50] You might want to check them out. There's another company called apple. And you might might want to check them out. I'll be talking about their solution here as well. But the idea is why not just have one email address? And if you're an apple user, even if you don't have the hardware, you can sign up for an apple account. [00:45:12] And then once you have that account, you can use a new feature. I saw. Oh, in, in fact, in Firefox, if you use Firefox at all, when there's a form and it asks for an email address, Firefox volunteers to help you make a fake ish email address. Now I say fake ish, because it's a real email address that forwards to your normal regular. [00:45:40] Email address. And as part of the bootcamp, I'm also going to be explaining the eight email addresses, minimum eight, that you have to have what they are, how to get them, how to use them. But for now you can just go online to Google and this will get you started and do a search for Apple's new hide. My email feature. [00:46:00] This lets you create random email addresses and those email addresses. And up in your regular, uh, icloud.com or me.com, whatever you might have for your email address, address that apple has set up for you. Isn't that cool. And you can do that by going into your iCloud settings. And it's part of their service that are offering for this iCloud plus thing. [00:46:27] And they've got three different fi privacy focused services, right? So in order to get this from apple, so you can create these unlimited number of rather random looking emails, for instance, a blue one to six underscore cat I cloud.com that doesn't tell anybody. Who you are, and you can put a label in there. [00:46:51] What's the name of the website that, that, or the, the, a URL of the website, the two created this email for, and then a note so that you can look at it later on to try new member and that way. Site that you just created it for in this case, this is an article from CNET. They had an firstname.lastname@example.org. [00:47:15] This is a weekly music magazine subscription that they had. And apple generated this fake email address, blue one to 600 score Canada, cobb.com. Now I can hear you right now. Why would you bother doing that? It sounds like a lot of work. Well, first of all, it's not a whole lot of work, but the main reason to do that, If you get an email address to blue cat, one, email@example.com and it's supposedly from bank of America, you instantly know that is spam. [00:47:53] That is a phishing email because it's not using the email address you gave to TD bank. No it's using the email address that it was created for one website jam wire beats.com. This is an important feature. And that's what I've been doing for decades. Email allows you to have a plus sign. In the email address and Microsoft even supports it. [00:48:23] Now you have to turn it on. So I will use, for instance, Craig, plus a Libsyn as an firstname.lastname@example.org and now emails that Libson wants to send me. I'll go to Craig. Libsyn@craigpeterson.com. Right? So the, the trick here is now if I get an email from someone other than libs, and I know, wait a minute, this isn't Libsyn, and that now flags, it has a phishing attack, right. [00:48:58] Or at the very least as some form of spam. So you've got to keep an eye out for that. So you got to have my called plus, and if. Pay for the premium upgrade, which ranges from a dollar to $10. Uh, you you've got it. Okay. If you already have an iCloud account, your account automatically gets upgraded to iCloud plus as part of iOS 15, that just came out. [00:49:25] All right. So that's one way you can do it. If you're not an apple fan. I already mentioned that Firefox, which is a browser has a similar feature. Uh, Firefox has just been crazy about trying to protect your privacy. Good for them, frankly. Right? So they've been doing a whole lot of stuff to protect your privacy. [00:49:47] However, there you are. They have a couple of features that get around some of the corporate security and good corporate security people have those features block because it makes it impossible for them to monitor bad guys that might hack your account. So that's another thing you can look at as Firefox. [00:50:06] Have a email@example.com. And as I said, we're going to go into this in some detail in the bootcamp, but fast mail lets you have these multiple email accounts. No, they restricted. It's not like apple where it's an infinite number, but depending on how much you pay fast mail is going to help you out there. [00:50:26] And then if you're interested, by the way, just send an email to me, me. Craig peterson.com. Please use that email address firstname.lastname@example.org because that one is the one that's monitored most closely. And just ask for my report on email and I've got a bunch of them, uh, that I'll be glad to send you the gets into some detail here, but proton mail. [00:50:52] Is a mail service that's located in Switzerland? No, I know of in fact, a couple of a high ranking military people. I mean really high ranking military people that are supposedly using proton mail. I have a proton mail account. I don't use it that much because I have so much else going on, but the advantage. [00:51:14] Proton mail is it is in Switzerland. And as a general rule, they do not let people know what your identity is. So it's kind of untraceable. Hence these people high up in the department of defense, right. That are using proton mail. However, it is not completely untraceable. There is a court case that a proton man. [00:51:41] I don't know if you'd say they lost, but proton mail was ordered about a month ago to start logging access and provide it for certain accounts so they can do it. They are doing it. They don't use it in most cases, but proton mail is quite good. They have a little free level. Paid levels. And you can do all kinds of cool stuff with proton mail. [00:52:05] And many of you guys have already switched, uh, particularly people who asked for my special report on email, because I go into some reasons why you want to use different things. Now there's one more I want to bring up. And that is Tempa mail it's temp-mail.org. Don't send anything. That is confidential on this. [00:52:27] Don't include any credit card numbers, nothing. Okay. But temp-mail.org will generate a temporary email address. Part of the problem with this, these temporary email address. Is, they are blocked at some sites that really, really, really want to know what your really mail address is. Okay. But it's quite cool. [00:52:51] It's quite simple. So I'm right there right now. temp-mail.org. And I said, okay, give me email address. So gave me one. email@example.com. Is this temporary email, so you can copy that address. Then you can come back into again, temp-mail.org and read your email for a certain period of time. So it is free. [00:53:18] It's disposable email. It's not particularly private. They have some other things, but I wouldn't use them because I don't know them for some of these other features and services. Stop pesky email stop. Some of these successful phishing attempt by having a unique, not just password, but a unique email for all those accounts. [00:53:42] And as I mentioned, upcoming bootcamp, and I'll announce it in my weekly email, we're going to cover this in some detail. Craig peterson.com. Make sure you subscribe to my newsletter. Stick around. [00:53:57] Well, you've all heard ransomware's up. So what does that mean? Well, okay. It's up 33% since the last two years, really. But what does that amount to, we're going to talk about that. And what do you do after you've been ransomed? [00:54:14] Ransomware is terrible. It's crazy. Much of it comes in via email. [00:54:21] These malicious emails, they are up 600% due to COVID-19. 37% of organizations were affected by ransomware attacks in the last year. That's according to Sofos. 37% more than the third. Isn't that something in 2021, the largest ransomware payout, according to business insider was made by an insurance company at $40 million setting a world record. [00:54:53] The average ransom fee requested increased from 5,020 18 to around 200,000 in 2020. Isn't that something. So in the course of three years, it went from $5,000 to 200,000. That's according to the national security Institute, experts estimate that a ransomware attack will occur every 11 seconds for the rest of the year. [00:55:22] Uh, it's just crazy. Absolutely. Crazy all of these steps. So what does it mean? Or, you know, okay. It's up this much is up that much. Okay. Businesses are paying millions of dollars to get their data back. How about you as an individual? Well, as an individual right now, the average ransom is $11,605. So are you willing to pay more than $11,000 to get your pictures back off of your home computer in order to get your. [00:55:58] Work documents or whatever you have on your home computer. Hopefully you don't have any work information on your home computer over $11,000. Now, by the way, most of the time, these ransoms are actually unaffiliate affair. In other words, there is a company. That is doing the ransom work and they are pain and affiliate who are the, the affiliate in this case. [00:56:27] So the people who infected you and the affiliates are making up to 80% from all of these rents. Payments. It ju it's crazy. Right? So you can see why it's up. You can just go ahead and try and fool somebody into clicking on a link. Maybe it's a friend of yours. You don't predict particularly like some friend, right. [00:56:49] And you can go ahead and send them an email with a link in it. And they click the link and installs ransomware, and you get 80% of them. Well, it is happening. It's happening a lot. So what do you do? This is a great little article over on dark reading and you'll see it on the website. The Craig peterson.com. [00:57:14] But this article goes through. What are some of the steps it's by Daniel Clayton? It's actually quite a good little article. He's the VP of global security services and support over at bit defender bit defender is. Great, uh, software that you've got versions of it for the Mac. You've got versions four of it for window. [00:57:37] You might want to check it out, but he's got a nice little list here of things that you want to do. So number one, Don't panic, right? Scott Adams don't panic. So we're worried because we think we're going to lose our job June. Do you know what? By the way is in the top drawer of the majority of chief information, security officers, two things. [00:58:03] Uh, w one is their resignation letter and the second one is their resume because if they are attacked and it's very common and if they get in trouble, they are leaving. And that's pretty common too. Although I have heard of some companies that understand, Hey, listen, you can't be 100% effective. You got to prioritize your money and play. [00:58:31] It really is kind of like going to Vegas and betting on red or black, right? 50, 50 chance. Now, if you're a higher level organization, like our customers that have to meet these highest compliance standards, these federal government regulations and some of the European regulations, even state regulations, well, then we've got to keep you better than 99% safe and knock on wood over the course of 30 years. [00:58:59] That's a long I've been doing. 30 years. We have never had a single customer get a S uh, a. Type of malware, whether it is ransomware or anything else, including one custom company, that's a multinational. We were taking care of one of their divisions and the whole company got infected with ransomware. They had to shut down globally for. [00:59:25] Two weeks while they tried to recover everything, our little corner of the woods, the offices that we were protecting for that division, however, didn't get hit at all. So it is possible, right? I don't want you guys to think, man. There was nothing I can do. So I'm not going to do anything. One of the ladies in one of my mastermind groups basically said that, right? [00:59:49] Cause I was explaining another member of my mastermind group. Got. And I got hit for, I think it turned out to be $35,000 and, you know, that's a bad thing. Plus you feel just so exposed. I've been robbed before, uh, and it's just a terrible, terrible feeling. So he was just kind of freaking out for good. But I explained, okay, so here's what you do. [01:00:15] And she walked away from it thinking, well, there's nothing I can do. Well, there are things you can do. It is not terribly difficult. And listening here, getting my newsletter, going to my bootcamps and the workshops, which are more involved, you can do it. Okay. It can be done. So I don't want. Panic. I don't want you to think that there's zero. [01:00:41] You can do so that's number one. If you do get ransomware, number two, you got to figure out where did this come from? What happened? I would change this order. So I would say don't panic. And then number two is turn off the system that got rants. Turn it off one or more systems. I might've gotten ransomware. [01:01:04] And remember that the ransomware notification does not come up right. When it starts encrypting your data. It doesn't come up once they've stolen your data. It comes up after they have spread through your organization. So smart money would say shut off every computer, every. Not just pull the plug. I w I'm talking about the ethernet cable, right? [01:01:32] Don't just disconnect from wifi. Turn it off. Immediately. Shut it off. Pull the plug. It might be okay. In some cases, the next thing that has to happen is each one of those machines needs to have its disc drive probably removed and examined to see if it has. Any of that ransomware on it. And if it does have the ransomware, it needs to get cleaned up or replaced. [01:01:57] And in most cases we recommend, Hey, good time. Replace all the machines, upgrade everything. Okay. So that's the bottom line. So that's my mind. Number two. Okay. Um, he has isolated and save, which makes sense. You're trying to minimize the blast radius. So he wants you to isolate him. I want you to turn them off because you do not want. [01:02:22] Any ransomware that's on a machine in the process of encrypting your files. You don't want it to keep continuing to encrypting. Okay. So hopefully you've done the right thing. You are following my 3, 2, 1 backup schedule that I taught last year, too, for free. For anybody that attended, hopefully you've already figured out if you're going to pay. [01:02:43] Pay. I got to say some big companies have driven up the price of Bitcoin because they've been buying it as kind of a hedge against getting ransomware so they can just pay it right away. But you got to figure that out. There's no one size fits all for all of this. And at over $11,000 for an individual. [01:03:06] Ransom, uh, this requires some preparation and some thought stick around, got a lot more coming up. Visit me online, Craig Peterson.com and get my newsletter along with all of the free trainings. [01:03:23] Well, the bad guys have done it again. There is yet another way that they are sneaking in some of this ransomware and it has to do with Q R codes. This is actually kind of cool. [01:03:39] By now you must have seen if not used QR codes. [01:03:44] These are these codes that they're generally in a square and the shape of a square and inside there's these various lines and in a QR code, you can encode almost anything. Usually what it is, is a URL. So it's just like typing in a web address into your phone, into your web browser, whatever you might be using. [01:04:07] And they have been very, very handy. I've used them. I've noticed them even showing up now on television ad down in the corner, you can just scan the QR code in order to apply right away to get your gin Sioux knives. Actually, I haven't seen it on that commercial, but, uh, it's a different one. And we talked last week about some of these stores that are putting QR codes in their windows. [01:04:34] So people who are walking by, we even when the store is closed, can order stuff, can get stuff. It's really rather cool. Very nice technology. Uh, so. There is a new technique to get past the email filters. You know, I provide email filters, these big boxes, I mean, huge machines running Cisco software that are tied into, uh, literally billion end points, plus monitoring tens of hundreds of millions of emails a day. [01:05:11] It's just huge. I don't even. I can ha can't get my head around some of those numbers, but it's looking at all those emails. It is cleaning them up. It's looking at every URL that's embedded in an email says, well, is this a bad guy? It'll even go out and check the URL. It will look at the domain. Say how long has this domain been registered? [01:05:34] What is the spam score overall on the domain? As well as the email, it just does a whole lot of stuff. Well, how can it get around a really great tight filter like that? That's a very good question. How can you and the bottom line answer is, uh, how about, uh, using the QR code? So that's what bad guys are doing right now. [01:05:58] They are using a QR code in side email. Yeah. So the emails that have been caught so far by a company called abnormal security have been saying that, uh, you have a missed voicemail, and if you want to pick it up, then scan this QR. It looks pretty legitimate, obviously designed to bypass enterprise, email gateway scans that are really set up to detect malicious links and attachments. [01:06:33] Right? So all of these QR codes that abnormal detected were created the same day they were sent. So it's unlikely that the QR codes, even that they'd been detected would have been previously. Poured it included in any security blacklist. One of the good things for these bad guys about the QR codes is they can easily change the look of the QR code. [01:06:59] So even if the mail gateway software is scanning for pictures and looking for a specific QR codes, basically, they're still getting them. So the good news is the use of the QR codes in these types of phishing emails is still quite rare. We're not seeing a lot of them yet. We are just starting to see them, uh, hyperlinks to phishing sites, a really common with some of these QR codes. [01:07:30] But this is the first time we've seen an actor embed, a functional QR code into an email is not. Now the better business bureau warned of a recent uptick, ticking complaints from consumers about scams involving QR codes, not just an email here, but because these codes can't really be read by the human eye at all. [01:07:53] The attackers are using them to disguise malicious links so that you know, that vendor that I talked about, that retail establishment that's using the QR codes and hoping people walking by will scan it in order to get some of that information. Well, People are going to be more and more wary of scanning QR codes, right? [01:08:15] Isn't that just make a lot of sense, which is why, again, one of the items in our protection stack that we use filters URLs. Now you can get a free. The filter and I cover this in my workshop, how to do it, but if you go to open DNS, check them out, open DNS, they have a free version. If you're a business, they want you to pay, but we have some business related ones to let you have your own site to. [01:08:47] Based on categories and all that sort of stuff, but the free stuff is pretty generalized. They usually have two types, one for family, which blocks the stuff you might think would be blocked. Uh, and other so that if you scan one of these QR codes and you are using open DNS umbrella, one of these others, you're going to be much, much. [01:09:11] Because it will, most of the time be blocked because again, the umbrella is more up-to-date than open DNS is, but they are constantly monitoring these sites and blocking them as they need to a mobile iron, another security company. I conducted a survey of more than 4,400 people last year. And they found that 84% have used a QR code. [01:09:37] So that's a little better than I thought it was. Twenty-five percent of them said that they had run into situations where a QR code did something they did not expect including taking them to a malicious website. And I don't know, are they like scanning QR codes in the, in the men's room or something in this doll? [01:09:56] I don't know. I've never come across a QR code. That was a malicious that I tried to scan, but maybe I'm a little more cautious. 37% were. Saying that they could spot a malicious QR code. Yeah. Yeah. They can read these things while 70% said they'd be able to spot a URL to a phishing or other malicious website that I can believe. [01:10:23] But part of the problem is when you scan a QR code, it usually comes up and it says, Hey, do you want to open this? And most of that link has invisible is, is not visible because it is on your smartphone and it's not a very big screen. So we'll just show you the very first part of it. And the first part of it, it's going to look pretty darn legit. [01:10:46] So again, that's why you need to make sure you're using open DNS or umbrella. Ideally, you've got it installed right at your edge at your router at whoever's handling DHCP for your organization. Uh, in the phishing campaign at normal had detected with using this QR code, uh, code they're saying the attackers had previously compromised, some outlook, email accounts, belonging to some legitimate organizations. [01:11:15] To send the emails with malicious QR codes. And we've talked about that before they use password stuffing, et cetera. And we're covering all of this stuff in the bootcamp and also, well, some of it in the bootcamp and all of this really in the workshops that are coming up. So keep an eye out for that stuff. [01:11:36] Okay. Soup to nuts here. Uh, it's a, uh, it's a real. Every week, I send out an email and I have been including my show notes in those emails, but I found that most people don't do anything with the show notes. So I'm changing, I'm changing things this week. How some of you have gotten the show notes, some of you haven't gotten the show notes, but what I'm going to be doing is I've got my show notes on my firstname.lastname@example.org. [01:12:07] So you'll find them right. And you can get the links for everything I talk about right here on this. I also now have training in every one of my weekly emails. It's usually a little list that we started calling listicles and it is training on things you can do. It is. And anybody can do this is not high level stuff for people that are in the cybersecurity business, right. [01:12:39] Home users, small businesses, but you got to get the email first, Craig peterson.com and sign. [01:12:46] California is really in trouble with these new environmental laws. And yet, somehow they found a major exception. They're letting the mine lithium in the great salt and sea out in California. We'll tell you why. [01:13:03] There's an Article in the New York times. And this is fantastic. It's just a incredible it talking about the lithium gold rush. [01:13:14] You already know, I'm sure that China has been playing games with some of these minerals. Some of the ones that we really, really need exotic minerals that are used to make. Batteries that are used to power our cars. And now California is banning all small gasoline engine sales. So the, what is it? 55,000 companies out in California that do lawn maintenance are going down. [01:13:45] To drive those big lawnmowers around running on batteries. They're estimating it'll take 30 packs battery packs a day. Now, remember California is one of these places that is having rolling blackouts because they don't have. Power, right. It's not just China. It's not just Europe where they are literally freezing people. [01:14:09] They did it last winter. They expect to do it more. This winter, since we stopped shipping natural gas and oil, they're freezing people middle of winter, turning off electronics. California, at least they're not too likely to freeze unless they're up in the mountains in California. So they don't have enough power to begin with. [01:14:28] And what are they doing there? They're making it mandatory. I think it was by 2035 that every car sold has to be electric. And now they have just gotten rid of all of the small gasoline engines they've already got. Rolling blackouts, come on. People smarten up. So they said, okay, well here's what we're going to do. [01:14:52] We need lithium in order to make these batteries. Right. You've heard of lithium-ion batteries. They're in everything. Now, have you noticed with lithium batteries, you're supposed to take them to a recycling center and I'm sure all of you do. When your battery's dead in your phone, you take it to a recycling center. [01:15:11] Or if you have a battery that you've been using in your Energizer bunny, and it's a lithium battery, of course you take it to the appropriate authorities to be properly disposed of because it's toxic people. It is toxic. So we have to be careful with this. Well, now we're trying to produce lithium in the United States. [01:15:38] There are different projects in different parts of the country, all the way from Maine through of course, California, in order to try and pull the lithium out of the ground and all. Let me tell you, this is not very green at all. So novel. Peppa Northern Nevada. They've started here blasting and digging out a giant pit in this dormant volcano. [01:16:09] That's going to serve as the first large scale, lithium mine in the United States and more than a decade. Well, that's good. Cause we need it. And do you know about the supply chain problems? Right. You've probably heard about that sort of thing, but that's good. This mine is on least federal lands. What does that mean? [01:16:31] Well, that means if Bernie Sanders becomes president with the flick of a pen, just like Joe Biden did on his first day, he could close those leads to federal lands. Yeah. And, uh, we're back in trouble again, because we have a heavy reliance on foreign sources of lithium, right. So this project's known as lithium Americas. [01:16:56] There are some native American tribes, first nation as they're called in Canada. Uh, ranchers environmental groups that are really worried, because guess what? In order to mine, the lithium, and to do the basic processing onsite that needs to be done, they will be using. Billions of gallons of groundwater. [01:17:20] Now think of Nevada. Think of California. Uh, you don't normally think of massive lakes of fresh water to. No. Uh, how about those people that are opposed to fracking? Most of them are opposed to fracking because we're pumping the water and something, various chemicals into the ground in order to crack the rock, to get the gas out. [01:17:43] Right. That's what we're doing. They don't like that. But yet, somehow. Contaminating the water for 300 years and leaving behind a giant mound of waste. Isn't a problem for these so-called Greenies. Yeah. A blowing up visit quote here from max Wilbert. This is a guy who has been living in a tent on this proposed mine site. [01:18:10] He's got a. Lawsuits that are going, trying to block the project. He says blowing up a mountain. Isn't green, no matter how much marketing spend people put on it, what have I been saying forever? We're crazy. We are insane. I love electric cars. If they are coolest. Heck I would drive one. If I had one, no problem. [01:18:29] I'm not going to bother to go out and buy one, but, uh, yeah, it's very cool, but it is anything but green. Electric cars and renewable energy are not green, renewable energy. The solar and the wind do not stop the need for nuclear plants or oil or gas burners, or cold burners, et cetera. Because when the sun isn't shining, we still need electricity. [01:19:01] Where are we getting to get it? When the wind isn't blowing or when the windmills are broken, which happens
Good morning and welcome to the ride! The Chief Love Officer must explain what cheating really is and also what realities are attached to blended families. Fool #2 gives you the games that you can't play during the holiday's. The crew share strategies to minimize the burn of breaking up. Are there therapists out there that help sidepieces cope with being #2? Who here is a fan of man? Have you ever displayed certain signs that show you are smoking something? There is nothing but cellular cheer inside Steve's VM. Today in Closing Remarks, Steve reminds us that success ain't how far you got, it's the distance you travel from where you started. Learn more about your ad-choices at https://www.iheartpodcastnetwork.com
Onrs - Ep 525 Windsurfing maniac Lighthouses are overrated, friends of the moon Would it be annoying to live by a lighthouse? Living on the beach would be boring / no privacy Learning the game spades Sleeping in twin beds Owens lamp breaking ptsd at an Airbnb Pelicans are tough Ohno sexy time: use the truth or dare sex stick game and make us choose what we would prefer Being around super healthy attractive people makes me feel out of place. Do old people watch old people in porn? Eye issues Corporate people in bubble vests Butts In space card game Ohnoradioshow.com ohnomedia.com patreon.com/onrs ohnoradioshow.com Leave a VM at 407-906-6466 Patreon.com/ONRS Twitch.tv/onrslive
Så er det dagen før dagen før dagen før dagen, I ved! Go' Morgen P3 sender for sidste gang, før vi går på juleferie. Mikkel er endelig så rask, at han er i studiet sammen med Andreas, mens JoJo sender hjemme fra sin stue. Vi taler med specialkonsulent Christian Mogensen om den 27-årige mand, der er sigtet for at ville angribe flere folkeskoler med en et gevær. Vi snakker også om den forestående semifinale i VM i kvindehåndbold med tidligere jernhård lady Camilla Andersen. Og så spoiler vi det første afsnit af den nye Sex and the City-serie 'And Just Like That' sammen med førstehjælpsekspert Teis Krag. Vi er tilbage igen 3. januar. Glædelig jul.
Ian and Sean dive into projected Olympic rosters, does Russia have the best top-six? Also, Tom Wilson being projected to make the USA roster, and Canada may have the weakest goalie lineup. Then LeBron James wore a Mario Lemieux jersey to a Lakers game, who is the biggest celebrity spotted wearing a jersey for your team? Then, in "Granger Things" Jesse Granger joins from New York to discuss the Carolina Hurricanes missing a bunch of players due to COVID-19, does it have an effect in the betting world? Ian and Sean discuss the debut of NHL rules court, give a pessimistic Rangers fan some optimism in the mailbag, and in "This Week in Hockey History", Jets rookie Daron Quint scores two goals in four seconds. Have a question for Ian and Sean? Email email@example.com, or leave a VM at (845) 445-8459! Learn more about your ad choices. Visit megaphone.fm/adchoices
Episode 141! The Biz Bites N' More Podcast covers the recent backtracking of Student Loan Forgiveness, probably just killing any chance of the american dream for any borrowers. Metaverse had it's first taste of misinformation and here we go again! Finally Bowling is going public on the markets and this is the only thing the country has needed, thank you Bowlero. $BOWL $FB #Comedy #Business Blog: bizbitesnmore.com Twitter: @bizbitesnmore Facebook: @bizbitesnmore YouTube: Biz Bites N' More Leave a voice message on anchor or leave a five star review on Apple and we will read it aloud/listen to it on the pod! VM: https://anchor.fm/biz-bites-n-more/message --- Send in a voice message: https://anchor.fm/biz-bites-n-more/message Support this podcast: https://anchor.fm/biz-bites-n-more/support
I talk with owner of Silk City Hot Sauce again this week. We have a great long talk all about branding. We also play some VM's from callers giving their thoughts about what I'm doing right and wrong in the branding category. We also discuss the idea of making a comic book about my life and the possibility of going to some Comic Cons and other conventions together and putting my brand out there in non standup comedy arenas. For more info about me, all my social media links, and my tour dates go to https://Linktr.ee/thejoematarese (https://Linktr.ee/thejoematarese) To purchase some of Jeff Levines Silk City Hot Sauce go to https://silkcityhotsauce.com Use Promo Code: Joe at checkout Support this podcast
In order for Z continue to run the world, we need a world around for it to run. Recent efforts in Sustainability are designed to lessen the impact of computing on our own natural resources, as well as making better decisions with regards to modern workloads. There's lots to discuss, and Dustin Demetriou is going to lay it all out for you on this new episode of Terminal Talk.
Log4Shell es el bug del siglo / Un tornado mata a seis empleados de Amazon / Accidente laboral en el hogar / ICANN busca más aceptación de alfabetos / Parchean el fallo del 911 en Android / Google Play Games en Windows Patrocinador: Descubre los nuevos Xiaomi 11T y Xiaomi 11T Pro https://www.mi.com/es/product/xiaomi-11t/, dos móviles de cine que tienen todo lo que necesitas: una pantalla de 120 Hz para el disfrute permanente de tus ojos, y una carga ultra-rápida de 120W que permite recargar tu móvil por completo en tan solo 17 minutos. https://www.mi.com/es/product/xiaomi-11t-pro Log4Shell es el bug del siglo / Un tornado mata a seis empleados de Amazon / Accidente laboral en el hogar / ICANN busca más aceptación de alfabetos / Parchean el fallo del 911 en Android / Google Play Games en Windows
Space out. No, really, go ahead and think of your favorite space themed games, movies, and books, because on this episode of Data Center Therapy, your host Matt “PlexMan” Cozzolino welcomes Ryan Grelck into the virtual studios to talk about 2022 and what fun things are right around the corner. Don't be fooled, however, as the duo also talk about Linux as a desktop operating system, ransomware, and transparent network virtualization technologies all in the same episode! While taking you, our dear listeners, on an intergalactic journey through the greatly anticipated entertainment releases of late 2021 and 2022, Ryan and Matt also discuss: Why manning a Security Operations Center typically requires more people than you'd initially estimate. If Linux gaming is ready for prime-time, and the performance price you might pay to play on it. And why NSX-T's most nifty feature is not the much-vaunted microsegmentation and VM firewalling it's known for. This episode is a whirlwind of topics so there's something for just about everybody. If you're into Dune, Star Wars, Fallout, or the Half-Life series, there's definitely something here for you. Please be sure to like, share and subscribe the Data Center Therapy show wherever finer podcasts are found, and be safe, stretch your Layer 2 network (across the country) if you feel like it (with NSX-T!), be entertained, get excited and we'll catch you on the next episode of Data Center Therapy!
Episode 140! The Biz Bites N' More Podcast covers the company that is about to be the only member of the 3 Trillion Club, must be nice Apple. Harley Davidson is going green by spinning off LiveWire. Finally, the meme stonks are great, but maybe we got rational, you can't have both. $AMC $GME $AAPL #HOG #Comedy #Business Blog: bizbitesnmore.com Twitter: @bizbitesnmore Facebook: @bizbitesnmore YouTube: Biz Bites N' More Leave a voice message on anchor or leave a five star review on Apple and we will read it aloud/listen to it on the pod! VM: https://anchor.fm/biz-bites-n-more/message --- Send in a voice message: https://anchor.fm/biz-bites-n-more/message Support this podcast: https://anchor.fm/biz-bites-n-more/support
Brian Simpson is a new friend, but we think the world of him. We met him when he and Naomi taped their Netflix specials together (As part of season 3 of The Standups debuting December 29th!!!), and he was a nice and warm dude, and as we found out later, also funny as all get out! Brian was also named as one of Vulture's "Comedians You Should and Will Know" this year, and after you hear him on today's episode, you surely *will* know him! We talk about his childhood, his life in the military and how all these things have influenced his romantic life. PLUS, of course, we answer YOUR advice questions! If you'd like to ask advice questions, call 323-524-7839 and leave a VM or just DM us on IG or Twitter! Also, support the show on Patreon or with a t-shirt (or a Jewboo shirt) and watch us every once in a while on Twitch or check out clips on YouTube! See acast.com/privacy for privacy and opt-out information.
It never ends in Arizona. Ian Mendes and Sean McIndoe discuss the news from Wednesday about the City of Glendale threatening to lock the Coyotes out of their arena for failing to pay taxes, and the team citing "human error" as the culprit. Then, as Jason Spezza is handed a six-game suspension, is he the most unlikely player to get an in-person disciplinary hearing? Next, a discussion about hits to the head as Jacob Trouba delivered two massive hits this week, one to Jujhar Kharia of Chicago and the other to Nathan MacKinnon of Colorado. In "Granger Things", Jesse Granger dives into team records this season after a coaching change, and is "Bruce, there it is" the greatest crowd chant ever? Then, the Trevor Zegras assist that was the talk of the hockey world this week, and if Sonny Milano isn't getting enough credit, and in "This Week in Hockey History", Ron Hextall scores the first goalie goal, and more. Have a question for Ian and Sean? Email firstname.lastname@example.org or leave a VM at (845) 445-8459! Learn more about your ad choices. Visit megaphone.fm/adchoices
Good morning and welcome to the ride! Where Suge at? The Chief Love Officer has a possible White Christmas on his plate along with a problem between best friends. CNN has a problem, Baduizm gets blended and prayers for Nick Cannon. Steve's VM was off the chain. Who is the biggest hater on the show? Our girl from The Talk is talking about her own COVID confusion. Would You Rather posed some interesting questions for the fellas. A running problem in Kansas City has been taken into custody. Congrats to Marcus Freeman! Today in Closing Remarks, Steve points out the hater on the show. Learn more about your ad-choices at https://www.iheartpodcastnetwork.com
About AparnaAparna Sinha is Director of Product for Kubernetes and Anthos at Google Cloud. Her teams are focused on transforming the way we work through innovation in platforms. Before Anthos and Kubernetes, Aparna worked on the Android platform. She joined Google from NetApp where she was Director of Product for storage automation and private cloud. Prior to NetApp, Aparna was a leader in McKinsey and Company's business transformation office working with CXOs on IT strategy, pricing, and M&A. Aparna holds a PhD in Electrical Engineering from Stanford and has authored several technical publications. She serves on the Governing Board of the Cloud Native Computing Foundation (CNCF).Links: DevOps Research Report: https://www.devops-research.com/research.html Twitter: https://twitter.com/apbhatnagar TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at Redis, the company behind the incredibly popular open source database that is not the bind DNS server. If you're tired of managing open source Redis on your own, or you're using one of the vanilla cloud caching services, these folks have you covered with the go to manage Redis service for global caching and primary database capabilities; Redis Enterprise. Set up a meeting with a Redis expert during re:Invent, and you'll not only learn how you can become a Redis hero, but also have a chance to win some fun and exciting prizes. To learn more and deploy not only a cache but a single operational data platform for one Redis experience, visit redis.com/hero. Thats r-e-d-i-s.com/hero. And my thanks to my friends at Redis for sponsoring my ridiculous non-sense. Corey: You know how Git works right?Announcer: Sorta, kinda, not really. Please ask someone else.Corey: That's all of us. Git is how we build things, and Netlify is one of the best ways I've found to build those things quickly for the web. Netlify's Git-based workflows mean you don't have to play slap-and-tickle with integrating arcane nonsense and web hooks, which are themselves about as well understood as Git. Give them a try and see what folks ranging from my fake Twitter for Pets startup, to global Fortune 2000 companies are raving about. If you end up talking to them—because you don't have to; they get why self-service is important—but if you do, be sure to tell them that I sent you and watch all of the blood drain from their faces instantly. You can find them in the AWS marketplace or at www.netlify.com. N-E-T-L-I-F-Y dot com.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. We have a bunch of conversations on this show covering a wide gamut of different topics, things that I find personally interesting, usually, and also things I'm noticing in the industry. Fresh on the heels of Google Next, we get to ideally have conversations about both of those things. Today, I'm speaking with the Director of Product Management at Google Cloud, Aparna Sinha. Aparna, thank you so much for joining me today. I appreciate it.Aparna: Thank you, Corey. It's a pleasure to be here.Corey: So, Director of Product Management is one of those interesting titles. We've had a repeat guest here, Director of Outbound Product Management Richard Seroter, which is great. I assume—as I told him—outbound products are the ones that are about to be discontinued. He's been there a year and somehow has failed the discontinue a single thing, so okay, I'm sure that's going to show up on his review. What do you do? The products aren't outbound; they're just products, and you're managing them, but that doesn't tell me much. Titles are always strange.Aparna: Yeah, sure. Richard is one of my favorite people, by the way. I work closely with him. I am the Director of Product for Developer Platform. That's Google Cloud's developer platform.It includes many different products—actually, 30-Plus products—but the primary pieces are usually when a developer comes to Google Cloud, the pieces that they interact with, like our command-line interface, like our Cloud Shell, and all of the SDK pieces that go behind it, and then also our DevOps tooling. So, as you're writing the application in the IDE and as you're deploying it into production, that's all part of the developer platform. And then I also run our serverless platform, which is one of the most developer-friendly capabilities from a compute perspective. It's also integrated into many different services within GCP. So, behind the title, that's really what I work on.Corey: Okay, so you're, I guess, in part responsible for well, I guess, a disappointment of mine a few years ago. I have a habit on Twitter—because I'm a terrible person—of periodically spinning up a new account on various cloud providers and kicking the tires and then live-tweeting the experience, and I was really set to dunk on Google Cloud; I turned this into a whole blog post. And I came away impressed, where the developer experience was pretty close to seamless for getting up and running. It was head and shoulders above what I've seen from other cloud providers, and on the one hand, I want to congratulate you and on the other, it doesn't seem like that's that high of a bar, to be perfectly honest with you because it seems that companies get stuck in their own ways and presuppose that everyone using the product is the same as the people building the product. Google Cloud has been and remains a shining example of great developer experience across the board.If I were starting something net new and did not have deep experience with an existing cloud provider—which let's face it, the most valuable thing about the cloud is knowing how it's going to break because everything breaks—I would be hard-pressed to not pick GCP, if not as the choice, at least a strong number two. So, how did that come to be? I take a look at a lot of Google's consumer apps and, “This is a great user experience,” isn't really something I find myself saying all that often. Google Cloud is sort of its own universe. What happened?Aparna: Well, thank you, first of all, for the praise. We are very humble about it, actually. I think that we're grateful if our developers find the experience to be seamless. It is something that we measure all the time. That may be one of the reasons why you found it to be better than other places. We are continuously trying to improve the time to value for developers, how long it takes them to perform certain actions. And so what you measure is what you improve, right? If you don't measure it, you don't improve it. That's one of our SRE principles.Corey: I wish. I've been measuring certain things for years, and they don't seem to be improving at all. It's like, “Wow, my code is still terrible, but I'm counting the bugs and the number isn't getting smaller.” Turns out there might be additional steps required.Aparna: Yes, you know, we measure it, we look at it, we take active OKRs to improve these things, especially usability. Usability is extremely important for certainly the developer platform, for my group; that's something that's extremely important. I would say, stepping back, you said it's not that common to find a good user experience in the cloud, I think in general—you know, and I've spent the majority of my career, if not all of my career, working on enterprise software. Enterprise software is not always designed in the most user-friendly way; it's not something that people always think about. Some of the enterprise software I've used has been really pretty… pretty bad. Just a list of things.Corey: Oh, yeah. And it seems like their entire philosophy—I did a bit of a dive into this, and I think it was Stripe's Patrick McKenzie who wound up pointing this out originally, though; but the internet is big and people always share and reshare ideas—the actual customer for enterprise software is very often procurement or a business unit that is very organizationally distant from the person who's using it. And I think in a world of a cloud platform, that is no longer true. Yeah, there's a strategic decision of what Cloud do we use, but let's be serious, that decision often comes into play long after there's already been a shadow IT slash groundswell uprising. The sales process starts to look an awful lot less like, “Pick our cloud,” and a lot more like, “You've already picked our cloud. How about we formalize the relationship?”And developer experience with platforms is incredibly important and I'm glad to see that this is a—well, it's bittersweet to me. I am glad to see that this is something that Google is focusing on, and I'm disappointed to admit that it's a differentiator.Aparna: It is a differentiator. It is extremely important. At Google, there are a couple of reasons why this is part of our DNA, and it is actually related to the fact that we are also a consumer products company. We have a very strong user experience team, a very strong measurements-oriented—they measure everything, and they design everything, and they run focus groups. So, we have an extraordinary usability team, and it's actually one of the groups that—just like every other group—is fungible; you can move between consumer and cloud. There's no difference in terms of your training and skill set.And so, I know you said that you're not super impressed with our consumer products, but I think that the practice behind treating the user as king, treating the user as the most important part of your development, is something that we bring over into cloud. And it's just a part of how we do development, and I think that's part of the reason why our products are usable. Again, I shy away from taking any really high credit on these things because I think I always have a very high bar. I want them to be delightful, super delightful, but we do have good usability scores on some of the pieces. I think our command line, I think, is quite good. I think—there's always improvements, by the way, Corey—but I think that there are certain things that are delightful.And a lot of thought goes into it and a lot of multi-functional—meaning across product—user experience and engineering. We have end-developer relations. We have, sort of this four-way communication about—you know, with friction logs and with lots of trials and lots of discussion and measurements, is how we improve the user experience. And I would love to see that in more enterprise software. I think that my experience in the industry is that the user is becoming more important, generally, even in enterprise software, probably because of the migration to cloud.You can't ignore the user anymore. This shouldn't be all about procurement. Anybody can procure a cloud service. It's really about how easily and how quickly can they get to what they want to do as a user, which I think also the definition of what a developer is changing and I think that's one of the most exciting things about our work is that the developer can be anybody; it can be my kids, and it can be anyone across the world. And our goal is to reach those people and to make it easy for them.Corey: If I had to bet on a company not understanding that distinction, on some level, Google's reputation lends itself to that where, oh, great. It's like, I'm a little old to go back to school and join a fraternity and be hazed there, so the second option was, oh, I'll get an interview to be an SRE at Google where, “Oh, great, you've done interesting things, but can you invert a binary tree on a whiteboard?” “No, I cannot. Let's save time and admit that.” So, the concern that I would have had—you just directly contradicted—was the idea that you see at some companies where there's the expectation that all developers are like their developers.Google, for better or worse, has a high technical bar for hiring. A number of companies do not have a similar bar along similar axes, and they're looking for different skill sets to achieve different outcomes, and that's fine. To be clear, I am not saying that, oh, the engineers at Google are all excellent and the engineers all at a bank are all crap. Far from it.That is not true in either direction, but there are differences as far as how they concern themselves with software development, how they frame a lot of these things. And I am surprised that Google is not automatically assuming that developers are the type of developers that you have at Google. Where did that mindset shift come from?Aparna: Oh, absolutely not. I think we would be in trouble if we did that. I studied electrical engineering in school. This would be like assuming that the top of the class is kind of like the kind of people that we want to reach, and it's just absolutely not. Like I said, I want to reach total beginners, I want to reach people who are non-developers with our developer platform.That's our explicit goal, and so we view developers as individuals with a range of superpowers that they've gained throughout their lives, professionally and personally, and people who are always on a path to learn new things, and we want to make it easy for them. We don't treat them as bodies in an employment relationship with some organization, or people with certain minimum bar degrees, or whatever it is. As far as interviewing goes, Corey, in product management, which is the practice that I'm part of, we actually look for, in the interview, that the candidate is not thinking about themselves; they're not imposing themselves on the user base.So, can you think outside of yourself? Can you think of the user base? And are you inquisitive? Are you curious? Do you observe? And how well do you observe differences and diversity, and how well are you able to grasp what might be needed by a particular segment? How well are you able to segment the user base?That's what we look for, certainly in product management, and I'm quite sure also in user experience. You're right, on engineering, of course, we're looking for technical skills, and so on, but that's not how we design our products, that's not how we design the usability of our products.Corey: “If you people were just a little bit smarter slash more like me, then this would work a lot better,” is a common trope. Which brings us, of course, to the current state of serverless. I tend to view serverless as largely a failed initiative so far. And to be clear, I'm viewing this from an AWS-centric lens; that is the… we'll be charitable and call it pool in which I swim. And they announced Lambda in 2015; that's great. “The only code you will ever write in the future is business logic.” Yeah, I might have heard that one before about 15 other technologies dating back to the 60s, but okay.And the expectation was that it was going to take off and set the world on fire. You just needed to learn the constraints of how this worked. And there were a bunch of them, and they were obnoxious, and it didn't have a learning curve so much as a learning cliff. And nowadays, we do see it everywhere, but it's also in small doses. It's mostly used as digital spackle to plaster over the gaps between various AWS services.What I'm not seeing across the board is a radical mindset shift in the way that developers are engaging with cloud platforms that would be heralded by widespread adoption of serverless principles. That said, we are on the heels here of Google Cloud Next, and that you had a bunch of serverless announcements, I'm going to go out on a limb and guess you might not agree with my dismal take on the serverless side of the world?Aparna: Well, I think this is a great question because despite the fact that I like not to be wishy-washy about anything, I actually both agree and disagree [laugh] with what you said. And that's funny.Corey: Well, that's why we're talking about this here instead of on Twitter where two contradictory things can't possibly both be true. Wow, imagine that; nuance, it doesn't fit 280 characters. Please, continue.Aparna: So, what I agree with is that—I agree with you that the former definition of serverless and the constrained way that we are conditioned thinking about serverless is not as expansive as originally hoped, from an adoption perspective. And I think that at Google, serverless is just no longer about only event-driven programming or microservices; it's about running complex workloads at scale while still preserving the delightful developer experience. And this is where the connection to the developer experience comes in. Because the developer experience, in my mind, it's about time to value. How quickly can I achieve the outcome that I need for my business?And what are the things that get in the way of that? Well, setting up infrastructure gets in the way of that, having to scale infrastructure gets in the way of that, having to debug pieces that aren't actually related to the outcome that you're trying to get to gets in the way of that. And the beauty of serverless, it's all in how you define serverless: what does this name actually mean? If serverless only means functions and event-driven applications, then yes, actually, it has a better developer experience, but it is not expansive, and then it is limited, and it's trapped in its skin the way that you mentioned it. [laugh].Corey: And it doesn't lend itself very well to legacy applications—legacy, of course, being condescending engineering-speak for ‘it makes money.' But yeah, that's the stuff that powers the world. We're not going to be redoing all those things as serverless-powered microservices anytime soon, in most cases.Aparna: At Google Cloud, we are redefining serverless. And so what we are taking from Serverless is the delightful user experience and the fact that you don't have to manage the infrastructure, and what we're putting in the serverless is essentially serverless containers. And this is the big revolution in serverless, is that serverless—at least a Google Cloud with serverless containers and our Cloud Run offering—is able to run much bigger varieties of applications and we are seeing large enterprises running legacy applications, like you say, on Cloud Run, which is serverless from a developer experience perspective. There's no cluster, there is no server, there's no VM, there's nothing for you to set up from a scaling perspective. And it essentially scales infinitely.And it is very developer-focused; it's meant for the developer, not for the operator or the infrastructure admin. In reality in enterprise, there is very much a segmentation of roles. And even in smaller companies, there's a segmentation of roles even within the same person. Like, they may have to do some infrastructure work and they may do some development work. And what serverless—at least in the context of Google Cloud—does, is it removes the infrastructure work and maximizes the development work so that you can focus on your application and you can get to that end result, that business value that you're trying to achieve.And with Cloud Run, what we've done is we've preserved that—and I would say, actually, arguably improved that because we've done usability studies that show that we're 22 points above every other serverless offering from a usability perspective. So, it's super important to me that anybody can use this service. Anybody. Maybe even not a developer can use this service. And that's where our focus is.And then what we've done underneath is we've removed many of the restrictions that are traditionally associated with serverless. So, it doesn't have to be event-driven, it is not only a particular set of languages or a particular set of runtimes. It is not only stateless applications, and it's not only request-based billing, it's not only short-running jobs. These are the kinds of things that we have removed and I think we've just redefined serverless.Corey: [unintelligible 00:17:05], on some level, the idea of short-lived functions with a maximum cap feels like a lazy answer to one of the hard problems in computer science, the halting problem. For those not familiar, my layman's understanding of it is, “Okay, you have a program that's running in a loop. How do you deterministically say that it is done executing?” And the functional answer to that is, “Oh, after 15 minutes, it's done. We're killing it.” Which I guess is an answer, but probably not one that's going to get anyone a PhD.It becomes very prescriptive and it leads to really weird patterns trying to work around some of those limitations. And historically, yeah, by working within the constraints of the platform, it works super well. What interests me about Cloud Run is that it doesn't seem to have many of those constraints in quite the same way. It's, “Can you shove whatever monstrosity you've got into a container? You can't? Well, okay, there are ways to get there.”Full disclosure, I was very anti-container; the industry has yet again proven to me that I cannot predict the future. Here we are. “Great, can you shove a container in and hand it to some other place to run it where”—spoiler, people will argue with me on this and they are wrong—“Google engineers are better at running infrastructure to run containers than you are.” Full stop. That is the truism of how this works; economies of scale.I love the idea of being able to take something, throw it over a wall, and not have to think about the rest of it. But everything that I'm thinking about in this context looks certain ways and it's the type of application that I'm working on or that I'm looking at most recently. What are you seeing in Cloud Run as far as interesting customer use cases? What are people doing with it that you didn't expect them to?Aparna: Yeah, I think this is a great time to ask that question because with the pandemic last year—I guess we're still in the pandemic, but with the pandemic, we had developers all over the world become much more important and much more empowered, just because there wasn't really much of an operations team, there wasn't really as much coordination even possible. And so we saw a lot of customers, a lot of developers moving to cloud, and they were looking for the easiest thing that they could use to build their applications. And as a result, serverless and Cloud Run in particular, became extremely popular; I would say hockey stick in terms of usage.And we're seeing everything under the sun. ecobee—this is a home automation company that makes smart thermostats—they're using Cloud Run to launch a new camera product with multi-factor authentication and security built-in, and they had a very tight launch timeline. They were able to very quickly meet that need. Another company—and you talk about, you know, sort of brick and mortar—IKEA, which you and I all like to shop [laugh] at, particularly doing the—Corey: Oh, I love building something from 500 spare parts, badly. It's like basically bringing my AWS architecture experience into my living room. It's great. Please continue.Aparna: Yeah, it's like, yeah—Corey: The Swedish puzzle manufacturer.Aparna: Yes. They're a great company, and I think it just in the downturn and the lockdown, it was actually a very dicey time, very tricky time, particularly for retailers. Of course, everybody was refurbishing their home or [laugh], you know, improving their home environment and their furniture. And IKEA started using serverless containers along with serverless analytics—so with BigQuery, and Cloud Run, and Cloud Functions—and one of the things they did is that they were able to cut their inventory refresh rate from more than three hours to less than three minutes. This meant that when you were going to drive up and do some curbside pickup, you know the order that you placed was actually in stock, which was fantastic for CSAT and everything.But that's the technical piece that they were able to do. When I spoke with them, the other thing that they were able to do with the Cloud Run and Cloud Functions is that they were able to improve the work-life balance of their engineers, which I thought was maybe the biggest accomplishment. Because the platform, they said, was so easy for them to use and so easy for them to accomplish what they needed to accomplish, that they had a better [laugh] better life. And I think that's very meaningful.In other companies, MediaMarktSaturn, we've talked about them before; I don't know if I've spoken to you about them, but we've certainly talked about them publicly. They're a retailer in EMEA, and because of their use of Cloud Run, and they were able to combine the speed of serverless with the flexibility of containers, and their development team was able to go eight times faster while handling 145% increase in digital channel traffic. Again, there are a lot more digital channel traffic during COVID. And perhaps my favorite example is the COVID-19 exposure notifications work that we did with Apple.Corey: An unfortunate example, but a useful one. I—Aparna: Yes.Corey: —we all—I think we all wish it wasn't necessary, but here's the world in which we live. Please, tell me more.Aparna: I have so many friends in engineering and mathematics and these technical fields, and they're always looking at ways that technology can solve these problems. And I think especially something like the pandemic which is so difficult to track, so difficult with the time that it takes for this virus to incubate and so on, so difficult to track these exposures, using the smartphone, using Bluetooth, to have a record of who has it and who they've been in contact with, I think really interesting engineering problem, really interesting human problem. So, we were able to work on that, and of course, when you need a platform that's going to be easy to use, that's going to be something that you can put into production quickly, you're going to use Cloud Run. So, they used Cloud Run, and they also used Cloud Run for Anthos, which is the more hybrid version, for the on-prem piece. And so both of those were used in conjunction to back all of the services that were used in the notifications work.So, those are some of the examples. I think net-net, it's that I think usability, especially in enterprise software is extremely important, and I think that's the direction in which software development is going.Corey: Are you building cloud applications with a distributed team? Check out Teleport, an open source identity-aware access proxy for cloud resources. Teleport provides secure access to anything running somewhere behind NAT: SSH servers, Kubernetes clusters, internal web apps and databases. Teleport gives engineers superpowers! Get access to everything via single sign-on with multi-factor. List and see all SSH servers, kubernetes clusters or databases available to you. Get instant access to them all using tools you already have. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility and ensuring compliance. And best of all, Teleport is open source and a pleasure to use.Download Teleport at https://goteleport.com. That's goteleport.com.Corey: It's easy for me to watch folks—like you—in keynotes at events—like Cloud Next—talk about things and say, “This is how the world is building things, and this is what the future looks like.” And I can sit there and pick to pieces all day, every day. It basically what I do because of deep-seated personality problems with me. It's very different to say that about a customer who has then taken that thing and built it into something that is transformative and solves a very real problem that they have. I may not relate to that problem that they have, but I do not believe that customers are going to have certain problems, find solutions like this and fix them, and the wrong in how they're approaching these things.No one sees the constraints that shape things; no one shows up in the morning hoping to do a crap job today unless you know you're the VP of Integrity at Facebook or something. But there's a very real sense of companies have a bunch of different drivers, and having a tool or a service or a platform that solves it for them, you'd better be very sure before you step up and start saying, “No, you're doing it wrong.” In earlier years, I did not see a whole lot of customer involvement with Cloud Next. It was always a, “Well, a bunch of Googlers are going to tell me how this stuff works, and they'll talk about theoretical things.”That's not the case anymore. You have a whole bunch of highly respectable reference customers out there doing a whole lot of really interesting things. And more to the point, they're willing to go on record talking about this. And I'm not talking about fun startups that are, “Great, it's Twitter, only for pets.” Great. I'm talking banks, companies where mistakes are going to show and leave a mark. It's really hard to reconcile what I'm seeing with Google Cloud in 2021 than what I was seeing in, let's say, five or six years ago. What drove that change?Aparna: Yes, Corey, I think you're definitely correct about that. There's no doubt about it that we have a number of really tremendous customers, we really tremendous enterprise references and so on. I run the Google Cloud Developer Platform, and for me, the developers that I work with and the developers that this platform serves are the inspiration for what we do. And in the last six or seven years that I've worked in Google Cloud, that has always been the case. So, nothing has changed from my perspective, in that regard.If anything, what has changed is that we have far more users, we have been growing exponentially, and we have many more large enterprise customers, but in terms of my journey, I started with the Kubernetes open-source project, I was one of the very early people on that, and I was working with a lot of developers, in that case, in the open-source community, a lot of them became GKE customers, and it just grew. And now we have so many [laugh] customers and so many developers, and we have developed this platform with them. We are very much—it's been a matter of co-innovation, especially on Kubernetes. It has been very much, “Okay, you tell us,” and it's a need-based relationship, you know? Something is not working, we are there and we fix it.Going back to 2017 or whenever it was that Pokemon Go was running on GKE, that was a moment when we realized, “Oh, this platform needs to scale. Okay, let's get at it.” And that's where, Corey, it really helps to have great engineers. For all the pros and cons, I think that's where you want those super-sharp, super-driven, super-intelligent folks because they can make things like that happen, they can make it happen in less than a week, so that—they can make it happen over a Saturday so that Pokemon Go can go live in Japan and everybody can be playing that game. And that's what inspires me.And that's a game, but we have a lot of customers that are running health applications. We have a customer that's running ambulances on the platform. And so this is life-threatening stuff; we have to take that very seriously, and we have to be listening to them and working with them. But I'm inspired, and I think that our roadmap, and the products, and the features that we build are inspired by what they are building on the platform. And they're combining all kinds of different things. They're taking our machine learning capabilities, they're taking our analytics capabilities, they're taking our Maps API, and they're combining it with Cloud Run, they're combining it with GKE. Often they're using both of those.And they're running new services. We've got a customer in Indonesia that's running in a food delivery service; I've got customers that are analyzing the cornfields in the middle of the country to improve crop yield. So, that's the kind of inspiring work, and each of those core, each of those users are coming back to us and saying, “Oh, you know, I need a different type of”—it's very detailed, like, “I need a different type of file system that gives me greater speed or better performance.” We just had a gaming company that was running on GKE that we really won out over a different cloud in terms of performance improvements that we were able to provide on the container startup times. It was just a significant performance improvement. We'll probably publish it in the coming few months.That's the kind of thing that drives it, and I'm very glad that I have a strong engineering team in Google Cloud, and I'm very glad that we have these amazing customers that are trying to do these amazing things, and that they're directly engaging with us and telling us what they need from us because that's what we're here for.Corey: To that end, one more area I want to go into before we call this a show, you've had Cloud Build for a little while, and that's great. Now, at—hot off the presses, you wound up effectively taking that one step further with Cloud Deploy. And I am still mostly someone with terrible build and release practices that people would be ashamed of, struggle to understand the differentiation between what I would do with Cloud Build and what I would do with Cloud Deploy. I understand they're both serverless. I understand that they are things that large companies care about. What is the story there?Aparna: Yeah, it's a journey. As you start to use containers—and these days, like you said, Corey, containers, a lot of people are using them—then you start to have a lot of microservices, and one of the benefits of container usage is that it's really quick to release new versions. You can have different versions of your application, you can test them out, you can roll them out. And so these DevOps practices, they become much more attainable, much more reachable. And we just put out the, I think, the seventh version of the DevOps Research Report—the DORA report—that shows that customers that follow best practices, they achieve their results two times better in terms of business outcomes, and so on.And there's many metrics that show that this kind of thing is important. But I think the most important thing I learned during the pandemic, as we were coming out of the pandemic, is a lot of—and you mentioned enterprises—large banks, large companies' CIOs and CEOs who basically were not prepared for the lockdown, not prepared for the fact that people aren't going to be going into branches, they came to Google Cloud and they said that, “I wish that I had implemented DevOps practices. I wish that I had implemented the capability to roll out changes frequently because I need that now. I need to be able to experiment with a new banking application that's mobile-only. I need to be able to experiment with curbside delivery. And I'm much more dependent on the software than I used to be. And I wish that I had put those DevOps practices.”And so the beginning of 2021, all our conversations were with customers, especially those, you know you said ‘legacy,' I don't think that's the right word, but the traditional companies that have been around for hundreds of years, all of them, they said, “Software is much more important. Yes, if I'm not a software company, at least a large division of my group is now a software group, and I want to put the DevOps practices into play because I know that I need that and that's a better way of working.”By the way, there's a security aspect to that I'd like to come back to because it's really important—especially in banking, financial services, and public sector—as you move to a more agile DevOps workflow, to have security built into that. So, let me come back to that. But with regard to Cloud Build and Cloud Deploy is something I've been wanting to bring into market for a couple of years. And we've been talking about it, we've been working on it actively for more than a year on my team. And I'm very, very excited about this service because what it does is it allows you to essentially put this practice, this DevOps practice into play whereas your artifacts are built and stored in the artifact repository, they can then automatically be deployed into your runtime—which is GKE Cloud Run—in the future, you can deploy them, and you can set how you want to deploy them.Do you want to deploy them to a particular environment that you want to designate the test environment, the environment to which your developers have access in a certain way? Like, it's a test environment, so they can make a lot of changes. And then when do you want to graduate from test to staging, and when do you want to graduate to production and do that gradual rollout? Those are some of the things that Cloud Deploy does.And I think it's high time because how do you manage microservices at scale? How do you really take advantage of container-based development is through this type of tooling. And that's what Cloud Deploy does. It's just the beginning of that, but it's a delightful product. I've been playing around with it; I love it, and we've seen just tremendous reception from our users.Corey: I'm looking forward to kicking the tires on it myself. I want to circle back to talk about the security aspect of it. Increasingly, I'm spending more of my attention looking at cloud security because everyone else has, too, and some of us have jobs that don't include the word security but need to care about it. That's why I have a Thursday edition of my newsletter, now, talking specifically about that. What is the story around security these days from your perspective?And again, it's a huge overall topic, and let's be clear here, I'm not asking, “What does Google Cloud think about security?” That would fill an encyclopedia. What is your take on it? And where do you want to talk about this in the context of Cloud Deploy?Aparna: Yeah, so I think about security from the perspective of the Google Cloud Developer Platform, and specifically from the perspective of the developer. And like you said, security is not often in the title of anybody in the developer organization, so how do we make it seamless? How do we make it such that security is something that is not going to catch you as you're doing your development? That's the critical piece. And at the same time, one of the things we saw during 2020 and 2021 is just the number of cyberattacks just went through the roof. I think there was a 400 to 600% increase in the number of software supply chain attacks. These are attacks where some malicious hacker has come in and inserted some malicious code into your software. [laugh]. Your software, Corey. You know, you the unsuspecting developer is—Corey: Well, it used to be my software; now there's some debate about that.Aparna: Right. That's true because most software is using open-source dependencies; and these open-source dependencies, they have a pretty intricate web of dependencies that they are themselves using. So, it's a transitive problem where you're using a language like Python, or whatever language you're using. And there's a number of—Corey: Crappy bash by default. But yes.Aparna: Well, it was actually a bash script vulnerability, I think, in the Codecov breach that happened, I think it was, in earlier this year, where a malicious bash script was injected into the build system, in fact, of Codecov. And there are all these new attack vectors that are specifically targeting developers. And whether it's nation-states or whoever it is that's causing some of these attacks, it's a problem that is of national and international magnitude. And so I'm really excited that we have the expertise in Google Cloud and beyond Google Cloud.Google, it's a very security-conscious company. This company is a very security-conscious company. [laugh]. And we have built a lot of tooling internally to avoid those kinds of attacks, so what we've done with Cloud Build, and what we're going to do with Cloud Deploy, we're building in the capability for code to be signed, for artifacts to be signed with cryptographic keys, and for that signing, that attestation—we call it an attestation—that attestation to be checked at various points along the software supply chain. So, as you're writing code, as you're submitting the code, as you're building the containers, as you're storing the containers, and then finally as you're deploying them into whatever environment you're deploying them, we check these keys, and we make sure that the software that is going through the system is actually what you intended and that there isn't this malicious code injection that's taking place.And also, we scan the software, we scan the code, we scan the artifacts to check for vulnerabilities, known vulnerabilities as well as unknown vulnerabilities. Known vulnerabilities from a Google perspective; so Google's always a little bit ahead, I would say, in terms of knowing what the vulnerabilities are out there because we do work so much on software across operating systems and programming languages, just across the full gamut of software in the industry, we work on it, and we are constantly securing software. So, we check for those vulnerabilities, we alert you, we help to remediate those vulnerabilities.Those are the type of things that we're doing. And it's all in service of certainly keeping enterprise developers secure, but also just longtail an average, everybody, helping them to be secure so that they don't get hacked and their companies don't get hacked.Corey: It's nice to see people talking about this stuff, who is not directly a security vendor. But by which I mean, you're not using this as the fear, uncertainty, and doubt angle to sell a given service that, “We have to talk about this exploit because otherwise, no one will ever buy this.” Something like Cloud Deploy is very much aligned with a best practices approach to release engineering. It's not, strictly speaking, a security product, but being able to wrap things that are very security-centric around it is valuable.Now, sponsors are always going to do interesting things at various expo halls, and oh, yeah, saw the same product warmed over. This is very much not that, and I don't interpret anything you're saying is trying to sell something via the fear, uncertainty, and doubt model. There are a lot of different areas that I will be skeptical hearing about from different companies; I do take security words from Google extremely seriously because, let's be clear, in the past 20 however many years it has been, you have established a clear track record for caring about these things.Aparna: Yeah. And I have to go back to my initial mission statement, which is to help developers accelerate time to value. And one of the things that will certainly get in the way of accelerating time to value is security breaches, by the nature of them. If you are not running a supply chain that is secure, then it is very difficult for you to empower your developers to do those releases frequently and to update the software frequently because what if the update has an issue? What if the update has a security vulnerability?That's why it's really important to have a toolchain that prevents against that, that checks for those things, that logs those things so that there's an audit trail available, and that has the capability for your security team to set policies to avoid those kinds of things. I think that's how you get speed. You get with security built in, and that's extremely important to developers and especially cloud developers.Corey: I want to thank you for taking the time to speak to me about all the things that you've been working on and how you view this industry unfolding. If people want to learn more about what you're up to, and how you think about these things, where can they find you?Aparna: Well, Corey, I'm available on Twitter, and that may be one of the best ways to reach me. I'm also available at various customer events that we are having, most of them are online now. And so I'll provide you more details on that and I can be reached that way.Corey: Excellent. I will, of course, include links to that in the [show notes 00:38:43]. Thank you so much for being so generous with your time. I appreciate it.Aparna: Thank you so much. I greatly enjoyed speaking with you.Corey: Aparna Sinha, Director of Product Management at Google Cloud. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. And that sentence needed the word ‘cloud' about four more times in it. And if you've enjoyed this episode, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with a loud angry comment telling me that I just don't understand serverless well enough.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.
We've known Jena for years, but it's really in Quar that we became true pals with her, and... wait, you surely know Jena Friedman, right? Of Adult Swim's Soft Focus? Oscar-nominated writer on Borat 2? Creator and host of the new show Indefensible on SundanceTV? Yeah! *That* Jena Friedman! She's great, and on today's episode, we talk a lot about being a private public person and some of the experiences that led her to be cautious. PLUS, of course, we answer YOUR advice questions! If you'd like to ask advice questions, call 323-524-7839 and leave a VM or just DM us on IG or Twitter! Also, support the show on Patreon or with a t-shirt (or a Jewboo shirt) and watch us every once in a while on Twitch or check out clips on YouTube! See acast.com/privacy for privacy and opt-out information.
Well, this is just a delight! Ego Nwodim of SNL (that is Saturday Night Live for the acronym-averse) is on the show today (or if, like Andy, you listen to a million podcasts, maybe you've heard her hilarious characters on Comedy Bang Bang), and she's a real peach! Preach! We talk everything from anxiety to IBS to Ego's first real boyfriend, and as usual, a lot of mozzarella stick talk. Wait, "as usual"??? And, of course, we answer YOUR advice questions! If you'd like to ask advice questions, call 323-524-7839 and leave a VM or just DM us on IG or Twitter! Also, support the show on Patreon or with a t-shirt (or a Jewboo shirt) and watch us every once in a while on Twitch or check out clips on YouTube! See acast.com/privacy for privacy and opt-out information.