While we would like to think that security is baked in from the start by developers, this is not always the case. Furthermore, security engineers and developers are not always on the same page when it comes to security testing. Code Intelligence aims to tackle this problem with CI Spark, a tool that harnesses AI to help write test code. In this episode of TFiR: Let’s Talk, Sergej Dechand, CEO and Co-Founder of Code Intelligence, talks about the company and the problem they are trying to solve. He talks about the role of AI in security and how it is being used for fuzz testing. He talks about CI Spark and how it is analyzing code and automating fuzz tests and he takes us through some of the key trends he is seeing in the industry.
While there are a lot of managed Kubernetes services nowadays, one company is differentiating itself by focusing on offering a small-footprint Kubernetes-managed service that can be deployed on the edge. Zededa has partnered with SUSE using EVE-OS and K3s in an effort to help tackle some of the challenges of deploying Kubernetes on the edge. In this episode of TFiR: Let’s Talk, Michael Maxey, Vice President of Business Development at Zededa, talks about how the company is helping customers deploy workloads to edge devices. He talks about their key focus on small-footprint Kubernetes and how they are helping to tackle some of the challenges associated with this. Since the company has just announced a managed Kubernetes service, he also discusses the benefits of offering customers this option.
In this episode of TFiR: Let’s Talk, Shaun O’Meara, Field CTO at Mirantis, talks about the company’s new open source project k0smotron, and how it is helping enterprises deploy and manage control planes.
In this episode of TFiR: Let’s Talk, Mona Rakibe, Co-Founder and CEO at Telmai, talks about the company and how it is helping companies improve their data quality and investigate anomalies. They go on to talk about the company’s journey so far, some of the key capabilities of the platform, and what sets them apart from competitors.
In this episode of TFiR: Let’s Talk, Martin Phan, Field CTO at CloudCasa by Catalogic, talks about how the company is helping organizations with their data protection needs. He goes on to discuss some of the challenges customers are experiencing and how CloudCasa is helping to address these problems.
In this episode of TFiR: Let’s Talk, Ryan Taylor, VP of Customer Success and Solutions Engineering at Transposit, talks about their new announcement about adding on-call capabilities. He also takes us through the evolution of incident management and what sets Transposit apart from its competitors.
With the growing adoption of Kubernetes, many technologies, including Cloud Foundry, are evolving to embrace this tectonic shift in the industry. Cloud Foundry Foundation (CFF) has been going through a major transformation to embrace this change. However, this change doesn’t necessarily mean that Cloud Foundry is on its way out. On the contrary, like many major technologies, it will continue to serve a wide range of users and customers. What really matters is how Cloud Foundry leaders, including the foundation and companies sponsoring the project, look at this change; how committed they are to the users of this open source project. In this episode of TFiR Let’s Talk, Swapnil Bhartiya sits down with Catherine McGarvey, Vice President of Software Engineering at VMware and Chris Clark, Program Manager at the Cloud Foundry Foundation, to discuss the state of Cloud Foundry today and how it is evolving as the momentum continues towards Kubernetes. They also discuss VMware’s continued commitment to the project and McGarvey’s recent appointment to the Cloud Foundry’s governing board.
Salt Security recently released the findings of their latest API Security Report, Q3 2022, which the company conducts every six months in line with the shifting currents of the market. In this episode of Let’s Talk, Michelle McLean, VP of Marketing at Salt Security, joins me to deep dive into the report. When she looks back at previous reports, she finds that one thing remains consistent — “We are still seeing a fairly high percentage of folks getting impacted or having at least some form of API security incident in the past 12 months.” Over 94% of companies experienced security incidents in production APIs, even though nothing catastrophic happened to them, with over 20% of companies reporting some sort of data breach as a result of security gaps in APIs.
In this episode of TFiR Let’s Talk from KubeCon + CloudNativeCon EU, Swapnil Bhartiya sits down with Sanjeev Mohan, Principal Analyst at SanjMo, to discuss the key trends he is seeing with data and Kubernetes. Mohan is amazed at how Kubernetes is enabling companies to deploy databases more effectively and efficiently. “A few years ago, if I were to deploy a database on hundreds of nodes, it would take me days. What if a node went down and I had to reinstall it? Today, what I'm seeing is an extreme scale of databases provisioned literally within hours,” he said. Observability was one of the hottest topics of discussion at KubeCon this year. Mohan shares his views on its challenges and why he feels organizations need to change how they see the role observability plays in the pipeline.
Jetstack helps businesses to build and operate cloud-native infrastructure with Kubernetes. The company was formed back in 2015, just a year after the Kubernetes open source project was started. Matthew Bates, CTO of Jetstack, sits down with Swapnil Bhartiya in this episode of Let’s Talk from KubeCon + CloudNativeCon EU to introduce the company and its mission. Jetstack recently released a comprehensive toolkit to help development and security teams secure the software supply chain. Bates feels that this is something we need to take seriously and people need to be made aware of the sophistication of the risks in the attacks they are seeing. He discusses what Jetstack is doing to provide a digestible means to better understand this topic. On discussing why he thought Kubernetes was such a game changer when it was first released, Bates says, “We felt that this presented a really interesting opportunity to be able to build those systems, and also for enterprises to rethink the way that they develop, build and ship software as well. We thought it was the start of a real shift.” Besides the opportunities Kubernetes brings, Bates gives some insights into the challenges enterprises face as they try to navigate Kubernetes and cloud-native technologies. One of those challenges, security, continues to be a critical factor to handle. However, Bates feels that security is increasingly being made a priority earlier in the life cycle. Key highlights from this video interview are: Bates describes what motivated him to form Jetstack and how the introduction of Kubernetes presented many opportunities for building complex, potentially stateful systems. He discusses what challenges enterprises faced as they looked to understand and embrace the new technology and how Jetstack has been helping. Bates explains that Jetstack is an advisory and a product company. He goes into depth about the customers they are helping, particularly with very large banks and how Jetstack is helping them understand the challenges and the breadth of the tools in The Cloud Native Computing Foundation (CNCF) to help address them. The cloud-native ecosystem is evolving, which compared to traditional IT is considerably more complex. Bates discusses the evolution over time they have seen in people consuming Kubernetes and how the ecosystem is maturing. Security continues to be a critical consideration for cloud with zero-trust remaining complicated to implement. Bates feels that DevSecOps is prioritizing security rather than it being an afterthought. He explains the benefits Kubernetes brings for having the ability to have security built into the platform.
The Amazon EKS community has added support for Loft Labs’ open source project vcluster, which enables you to spin up lightweight, virtual Kubernetes clusters inside the namespaces of an underlying Kubernetes cluster. In this episode of Newsroom, Swapnil Bhartiya sits down with Lukas Gentele, Co-Founder and CEO of Loft Labs, to talk about how the idea of adding support for EKS with vcluster came about and how it is fostering further collaborations and supporting the open source community.
Summary: FlexiDAO provides software solutions and advisory to help companies achieve their net-zero goals by eliminating the carbon emissions from the electricity that they buy. The company helps organizations by monitoring and certifying the origin of their power, and its carbon emissions every hour of the day. The company uses blockchain technology as a certification enabler to ensure credibility to their claims.
Summary: Ondat is a Kubernetes-native platform for running stateful applications, anywhere, at scale. The company recently announced Trousseau, an open source project for the encryption of resources and in particular, the encryption of Kubernetes Secret. We sat down with Nic Vermande, Principal Developer Advocate at Ondat to learn more about the project.
Slim.AI, a company focused on building better containerized apps with less friction, has raised $31M Series A financing led by Insight Partners and StepStone Group with participation by boldstart Ventures, Decibel Partners, FXP, Knollwood and TechAviv Founder Partners. John Amaral, Co-Founder and CEO of Slim.AI, says, "I believe in two principles for a company at our stage: Build a great product that developers love and make sure they all know about it. So we will be doing a lot of the first thing, which is developing a lot of energy and investment in building something that developers love." Amaral continues, "So we'll be investing some in the ability to learn from developers, in product management, and even community. But the predominance of this is going towards R&D, building great software."
Salt Labs was created in 2021 to help the industry with tackling the increase in API threats. The research division of Salt Security focuses on not only finding API vulnerabilities, but also increasing awareness about API security and offering solutions to help mitigate such risks.
I sat down with Philbert Shih, Managing Director at Structure Research, to explore the factors that help Small and Medium Enterprises (SMEs) & Small and Medium Businesses (SMBs) select their cloud providers. Structure Research was founded 10 years ago in Toronto Canada as a research firm of analysts focused on the infrastructure services space. Their organization has seen, during the 18-month long pandemic, an acceleration of cloud infrastructure. Such an acceleration has led to faster deployment and the removal of barriers. To that end, Philbert Shih, Managing Director at Structure Research, says, "We follow the results coming from the public markets and not just the hyperscale guys, but also the SMB-oriented providers. Providers targeting SMBs are all showing tremendous growth and, in fact, are positioning for accelerated growth throughout '21 and into '22." This has led analysts, like Shih, to conclude that the cloud has become mainstream and will be a mainstay going forward.
FireHydrant is a purpose-built tool for reliability. With FireHydrant, businesses can better manage and learn from incidents, work with their legal and marketing teams, and all the way through customer service. This is a tool for the entire reliability lifecycle.
Guest: Cole Potrocky Company: Kintaba Show: Let's Talk Cole Potrocky, CTO and co-founder of Kintaba, talks with Swapnil Bhartiya about incident management. Kintaba is dedicated to modern incident management, enabling companies to better respond to major incidents and outages. The company got into this space because they considered it a learning problem. According to Potrocky, "We figured failure is sort of a constant theme, whether you're a one-person company or whether you're a thousand-person company. You learn through getting to the periphery of what failure is, and then you reflect on that failure."
In this episode of Dirk & Swap: Conversations on Open Source, we talk about Open Core. What is it? How different is it from Open Source or Closed Source software? What are the pros and cons of Open Core? Is it better than proprietary software as at least something is open there? How to do Open Core in the right way (if there is one)... We tackle many such complicated questions in this show. I hope you will enjoy it. We have also published a transcript of the recording so you can read it if you want to!
Cassandra Database reaches 4.0. Nearly six years on from the release of Apache Cassandra 3.0, the community behind the popular open-source distributed database has announced the release of v4.0 of Apache Cassandra. Patrick McFadin, VP of Developer Relations at DataStax, and Ben Bromhead, CTO of Instaclustr, are with Swapnil Bhartiya to talk about it. The first issue to be addressed is the importance Cassandra holds in the modern world. McFadin starts off by talking about what workloads Cassandra is focused on, which are websites and mobile applications. McFadin says, "When you use a mobile app on your phone, you're probably using Cassandra." Since its inception, Cassandra has developed into a "really awesome, general-purpose database," adds Bromhead. More importantly, he makes mention of scalability when he says, "As people reach the limits of scalability or availability when it comes to some of the other databases out there (such as MySQL and PostgreSQL), we see developers reaching for Apache Cassandra." The discussion then shifts to the new features available in Cassandra v4.0. Bromhead talks about structural changes based around the Netty networking framework, which has enabled several really cool features, such as zero-copy streaming which allows an Apache Cassandra node to stream the data it's responsible for and leads to wire-level streaming speeds between nodes. Practically speaking, that means users can now run denser nodes. The 4.0 release also saw the deprecation of the Thrift protocol, in favor of the CQL protocol, which was a major change. As far as the upgrade process is concerned, version 4.0 should be considerably easier than previous releases. "If you had been upgrading Cassandra, before, like in the three and twos, there was always a long list of intermediate patches that you had to put into place, or you had to do some extra work mid-upgrade. Because of that, the developers decided it was of utmost importance to make it simple," explains McFadin. Bromhead calls out to developers and admins to "not stress too much about this one. Still run through all the track checks and the standard processes you do. But again, this has been pretty well battle-tested." To further highlight the upgrade process, McFadin mentions that the maintainers had a lot of discussion about the project and how improvements to the upgrade start at the developer level. McFadin says, "Instead of just having someone drop code in and ask everyone what they think, we have a proposal process. So you outline the change that you want to make, we have good discussions about it, and make some changes before there's actual code." Processes like this certainly go a long way in making a project more stable over time.