The New Stack Makers

It wasn’t that long ago when Kevin Xu, general manager of global strategy and operations at PingCAP, remembers walking into what he described as a “dark and dingy” basement at an internet cafe to play World of Warcraft and eat noodles in his native China. “Those days did exist, but not so much anymore — there are many mobile phone vendors now and [almost] everything is being done on your smartphone,” Xu said. But after attending Stanford University Law School from 2014 until 2017 — when he took advanced computer science classes at the campus because he thought law school was “boring” — the Chinese Internet economy has become a much different place. “The interesting thing about the Chinese internet economy is that, number one, it has the largest number of Internet users in the world of about 800 million people since my last count, which is like two and a half times the entire population of the United States and is probably more now,” Xu said. “And not only are they internet users, but they are also mostly mobile users.” KubeCon + CloudNativeCon Open Source Summit China 2019 in Shanghai served as the perfect backdrop to record this latest edition of The New Stack Makers podcast with Xu.

In today’s episode of The New Stack Makers, TC Currie is joined by Tameika Reed, whose day gig is as a  Senior Infrastructure Engineer at EXPANSIA, a company providing full spectrum services for IT migration and integration.  After 16 years in infrastructure, she got tired of not seeing anyone like her. So three years ago she decided to be the change she wanted to see in the world, and founded Women In Linux. This group provides free on-line training in the wide variety of ways in which Linux is used, along with job boards and career advice. Within 30 minutes of the decision to found Women in Linux, Reed’s friend had her set up with an LLC, started paperwork to become a non-profit, and set up the Women in Linux Meetup page.  The goal of the group is to introduce infrastructure newbies to Linux and other tech useful for those looking at infrastructure careers.  Most of her talks are very technical. “We talk about getting women and under-represented minorities into tech,” Reed said, “but those conversations revolve around teaching women to code.  They’re missing out on a huge market with cloud, security in general, embedded Linux.”  Along the way she started dispensing career advice during her meetups and manages a job board.

In this latest episode of The New Stack Makers podcast, we sit down with Alex Ellis, creator of OpenFaaS, to discuss the latest update to his open source serverless platform, what this new concept "Serverless 2.0" means, and the difficulties of supporting an open source project. Ellis created OpenFaaS a few years back after wanting to extend the functionality offered by Amazon Web Services' function-as-a-service Lambda to any containerized computing environment, a feature that has since been emulated by other serverless offerings. The idea is that you can package not only your application, but all the supporting libraries and dependencies as well, so they can run as serverless. You are not limited to one cloud provider, or one language runtime.  "I wanted a way to combine my love with Docker with my love of coding," Ellis said. With serverless 2.0, "you can run any code, whether binary or an HTTP server, anyway you like — your laptop, on premises, on OpenShift, in the cloud," Ellis said.  Kubernetes provides the common substrate. Watch on YouTube: https://www.youtube.com/watch?v=LmBG2X7b1Zg

The Continuous Delivery Foundation (CDF) was created to help introduce processes, standards and other support and stewardship for DevOps teams that now face what some say is the Wild West of open source tools and platforms for deployments on Jenkins and coud native platforms. While there have been concerns expressed about potential overlap with the Cloud Native Computing Foundation (CNCF) — a sibling Linux Foundation-managed project — the concept is certainly attractive, especially for those teams that plan to or already rely on Jenkins, Jenkins X, Spinnaker and Tekton for their production pipelines. However, there is one catch: the CDF has yet to release any specifications and primitives after the initiative was announced a few months ago. During a podcast hosted by Alex Williams, The New Stack founder and editor in chief, questions were put to Dan Lorenc, a software engineer for Google and Kohsuke Kawaguchi, the CDF’s technical oversight committee (TOC) chair and CTO for CloudBees, about the CDF’s immediate plans, as well as what the oversight committee hopes to achieve.

In this episode of The New Stack Makers, host Jack Wallen chats with two members of the Docker staff, engineer Christopher Crone and marketing specialist Jim Armstrong, about certain best practices (for both developers and enterprise users) when using Docker containers. Anyone from developers and enterprise users trusted with deploying containers will gain some insight into this agile technology. Out of the gate, the interview opens with a definition of containers and what makes this rising star technology so crucial to developers and important to businesses. But this isn’t a Wikipedia definition of a container, these definitions come from those who help create the technology charged with deployment of containers. According to Crone, “A container is a technology for isolating applications … you can start by running it on a physical machine or you can otherwise virtualize it … and finally there’s containers where you use kernel notions like namespaces to isolate processes inside the kernel.” Jim Armstrong adds, “Docker … created the tools (such as Docker Desktop) that took the underlying operating system parts … and made those tools easy to use.”

When asked what makes a solid leader in today’s open source communities, the answer often varies depending on who you ask. In this podcast hosted by TNS Podcast Producer Kiran Oliver, the topic of leadership expanded beyond the basic, “What makes for a competent leader in today’s OSS community?” to encompass the ways in which we as a community can and should do to better help underrepresented minorities become leaders in open source. CNCF Director of Ecosystem Cheryl Hung, Microsoft Director of Open Source Initiatives Ashley McNamara, Aqua Security Technology Evangelist Liz Rice, and Two Sigma Engineer Leah Petersen all started their journeys in open source at different times, with very different goals in mind. Rice noted that, “For me, I was a developer for a long part of my career doing not open source software. At some point, more and more things, particularly in the infrastructure work and the distributed systems world were being done open source, and it just seemed like a natural progression. I don’t really remember ever making a conscious decision. Suddenly everything I was doing pretty much was in the open.” Watch on YouTube: https://youtu.be/vYxkJX2H4Ls

What takes an open source project from a hobby to international codebase that the world’s top companies rely on? How do you balance the wishes of the individual, creative contributor with that of corporate-backed finance and governance? How do you make the open source community a welcoming one? Open source sustainability and all these questions were on the table when The New Stack Editor in Chief Alex Williams sat down at our first Makers broadcast from Shanghai, China, at the Open Source Summit. For senior staff engineer at VMWare, Bryan Liles, this sustainability is all about the intersection of different open source projects within broader ecosystems that have a strong balance of governance and motivated community. Dan Kohn, executive director of the Cloud Native Computing Foundation (CNCF), says open source sustainability relies on commitment to continue building, supporting and stabilizing core infrastructure and critical libraries for important upstream dependencies. He says the whole purpose of CNCF is that, when organizations recognize there’s open source infrastructure that matters, there is a way to build a community that can financially and publicly support it moving forward. Watch on YouTube: https://youtu.be/4ZFlprmD7YA

One can reasonably assume container security will undergo many changes in the near term, especially considering the recent widely publicized security breaches (not to mention the ones we do not already know about). But Maya Kaczorowski, a Google product manager, begs to disagree. When it comes to responsibilities organizations share with cloud and tool providers, Kaczorowski, says the model isn't changing, per se. Instead, “people are becoming less and less worried about the pieces that they don't have to manage, or the pieces that they used to have to manage — but they are no simpler for whatever reason,” Kaczorowski said. Shared responsibilities, Google’s approach to container security and recently exposed vulnerabilities and other related themes were the subject of a podcast with Kaczorowski, recorded live at KubeCon + CloudNativeCon in Barcelona in May.

Kubernetes is not everything for everybody, as DevOps teams know. And while Kubernetes  can, of course, offer amazing power- and resource-savings and computing-performance advantages, the platform has also seen its share of controversy, such as during the Docker split in 2016. Many also have an opinion of what is right — and wrong — about Kubernetes. During this podcast recorded live at KubeCon + CloudNativeCon in Barcelona in May, The New Stack posed some of the harder questions about Kubernetes’ past and future to Kubernetes co-founders Tim Hockin, principal SW engineer, Kubernetes, GKE, and Google Cloud, and Craig McLuckie, vice president, VMware. who is one of Kubernetes creators.  The New Stack also solicited thoughts from Gabe Monroy, partner program manager, Microsoft, who is a lead product manager for containers on Microsoft Azure and described himself as  “one of the most engaged early community members. ”While the Kubernetes creators were certainly happy with the results from the outset, Hockin said its popularity was something “you could never have predicted.” “In terms of lessons learned, it’s not something you could have planned for, but then again, we could have tried,” Hockin said. Watch on YouTube: https://youtu.be/fSb5N_OjJ8A

In this episode of The New Stake Makers, TC Currie is joined by Neha Narkhede, CTO and Co-founder of Confluent and one of the co-creators of Apache Kafka.  Narkhede has a passion for streaming data, and for the pasNeha Narkhede, CTO of Confluent and one of the developers of Apache Kafkat couple of years has been working on modernizing Apache Kafka to make it cloud native.With over 60% of the the Fortune 100 relying on Apache Kafka, the service has become both popular and entrenched.  But as cloud technology is expanding, some fundamental changes were necessary to make Apache Kafka truly cloud native. Kafka sits above the operation layer and below the application layer in the stack.  It lives in the data infrastructure layer alongside relational database and/or modern no-SQL databases, and along side data warehouses.  It provides a new foundation for data that can bring data from all those different variety of services in one place so you can consume it at a large scale, she said. “What we know about enterprises is they want to buy the whole car,” said Narkhede. So they took a year or so to build a cloud-native, fully managed service that developers can use in the public cloud.

Kubernetes, Prometheus, Envoy, containerd ... The list of projects managed by the Cloud Native Computing Foundation is quite extensive, and growing by the month it seems. But how does the CNCF manage its expansive collection of open source cloud native software projects? How does it decide when a project move from incubation to graduation. Many of these decisions are made by the CNCF's Technical Oversight Committee (TOC). We wanted to find out more about how the TOC operates. To this end, we invited the TOC chair (and Aqua Security Technology Evangelist) Liz Rice to appear on our newest episode of The New Stack Makers podcast, to discuss all things TOC. We invited Eduardo Silva, who is the core developer for one of the CNCF projects, Fluentd, a multi-platform open source log aggregator.  Silva, who is also a principle engineer for ARM, discussed his experience in agreeing to work with the CNCF. Last month, FluentD had "graduated," within the CNCF, moving up from "incubation status." Watch on YouTube: https://www.youtube.com/watch?v=2fR491tP8nQ

DevOps has been with us for several years now, and is becoming increasingly entrenched within the enterprise. Yet the speed and elevation that the practice offers can be at odds with an organization's security posture, which ensures that systems have no vulnerabilities and meet compliance — work that can take time to complete. Can a business do both? To help answer this question, we assembled a panel of experts at KubeCon + CloudNativeCon EU last month.  Our guests are: Dirk Herrmann, Principal Product Manager, Red Hat, John Morello, Chief Technology Officer, Twistlock, and Murugiah Souppaya, Computer Scientist, National Institute of Standards and Technology. Watch on YouTube: https://www.youtube.com/watch?v=IGwIupSmSEk

The creation of Git by the principal developer behind the Linux kernel Linus Torvalds certainly qualified as a stroke of genius. But while Junio Hamano continues to do an excellent job of maintaining open source Git, organizations looking to make the jump to so-called agile development and deployment cycles must look beyond relying on a Git’s core version control and software repository capabilities. Call it growing pains, if you will — but the next stage in DevOps agility requires much, much more. This especially applies to DevOps teams looking to multiply the cadence of deployments with security embedded at the beginning of the cycle (yes, while easier said than done, it is possible).Getting there requires a rethinking of the traditional software development cycle. This involves doing the necessary so that as soon as code is stored on Git, the code is instantly integrated into the main production pipeline. How to make the jump past using Git mainly as a software repository for version control was the main subject of conversation with Ashish Kuthiala, director of product marketing, GitLab, for this edition of The New Stack Makers podcast recorded during the KubeCon + CloudNativeCon conference held in Barcelona at the end of May. Watch on YouTube: https://www.youtube.com/watch?v=rA7reJ0y1mY

We want to move fast — that's what agile software development and DevOps is all about — but how do we move fast without sacrificing security? Are we mistaking availability for security? This dichotomy and the challenge of security management has only become more severe as enterprises enable developers to release daily, and distributed systems and sophisticated attacks make it all much more complicated. Reuven Harrison, CTO and co-founder of Tufin Technologies, talks on The New Stack Makers podcast about what 16 years in enterprise security policy management looks like. Harrison said this security management has always begun with identifying business processes that enable efficient and effective security. It's just now there are thousands of security venders and hundreds of different tools to address cyber attacks. That's why he argues automation is key, yet security is still lagging in this area.

Why is it every time I'm yelling at self-checkout tills or rolling my eyes at task-based AI, it's always by-default a female voice annoying me? Is that my internal bias against fellow women? Or is it just that I'm frustrated with the beginnings of tech, but all those AI beginners seem to be "feminine?" These are the thoughts that ran through my head as I was listening to Dr. Charlotte Webb's talk "Designing a Feminist Alexa: An Experiment in Feminist Conversation Design" at Skills Matter London's Beyond Tech conference. And it's what we explored when we spoke, following her talk, on this episode of The New Stack Makers. Webb is a co-founder of the Feminist Internet, a non-profit organization on a mission to advance internet equalities for women and other marginalized groups through creative and critical practice. The Feminist Internet blends art and design practices, critical thinking, and creative tech development together with pilot projects and soon AI consulting.