The New Stack Podcast

Hoi Europe and beyond!Once again it is time for cloud native enthusiasts and professionals to converge and discuss cloud native computing in all its efficiency and complexity. The Cloud Native Computing Foundation's KubeCon+CloudNativeCon 2023 is being held later this month in Amsterdam, April 18 - 21, at the Rai Convention Centre.In this latest edition of The New Stack podcast, we spoke with two of the event's co-chairs who helped define this year's themes for the show, which is expected to draw over 9,000 attendees: Aparna Subramanian, Shopify's Director of Production Engineering for Infrastructure; and Cloud Native Infra and Security Enterprise Architect Frederick Kautz.  Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

s the end of programming nigh?If you ask Matt Welsh, he'd say yes. As Richard McManus wrote on The New Stack, Welsh is a former professor of computer science at Harvard who spoke at a virtual meetup of the Chicago Association for Computing Machinery (ACM), explaining his thesis that ChatGPT and GitHub Copilot represent the beginning of the end of programming.Welsh joined us on The New Stack Makers to discuss his perspectives about the end of programming and answer questions about the future of computer science, distributed computing, and more.Welsh is now the founder of fixie.ai, a platform they are building to let companies develop applications on top of large language models to extend with different capabilities.For 40 to 50 years, programming language design has had one goal. Make it easier to write programs, Welsh said in the interview.Still, programming languages are complex, Welsh said. And no amount of work is going to make it simple.  Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Speed is a recurring theme in this episode of The Tech Founder Odyssey. Also, timing.Eilon Elhadad and Eylam Milner, who met while serving in the Israeli military, discovered that source code leak was a hazardous side effect of businesses’ need to move fast and break things in order to stay competitive.“Every new business challenge leads to a new technological solution,” said Elhadad in this episode of The New Stack's podcast series. “The business challenge was to deliver product faster to the business; the solution was to build off the supply chain. And then it leads to a new security attack surface.”Discovering this problem, and finding a solution to it, put Milner and Elhadad in the right place at the right time — just as the tech industry was beginning to rally itself to deal with this issue and give it a name: software supply chain security.It led them to co-found Argon Security, which was acquired by Aqua Security in late 2021, Elhadad told The New Stack, a year after Argon started. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Given the vulnerability of so many systems, it’s not surprising that cyberattacks on applications and APIs increased 82% in 2022 compared to the previous year, according to a report released this year by Imperva’s global threat researchers.What might rattle even the most experienced technologists is the sheer scale of those attacks. Digging into the data, Imperva, an application and data security company, found that the largest layer seven, distributed denial of service (DDoS) attack it mitigated during 2022 involved — you might want to sit down for this — more than 3.9 million API requests per second.“Most developers, when they think about their APIs, they’re usually dealing with traffic that’s maybe 1,000 requests per second, not too much more than that. Twenty thousand, for a larger API,” said Peter Klimek, director of technology at Imperva, in this episode of The New Stack Makers podcast. “So, to get to 3.9 million, it’s really staggering.”Klimek spoke to Heather Joslyn of TNS about the special challenges of APIs and cybersecurity and steps organizations can take to keep their APIs safe.The episode was sponsored by Imperva. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The 20th Annual Southern California Linux Expo (SCALE) runs Thursday through Sunday at the Pasadena Convention Center in Pasadena, Ca., featuring keynotes from notables such as Ken Thompson, the creator of Unix, said Ilan Rabinovich, one of the co-founders and conference chair for the conference on this week's edition of The New Stack Makers.  "Honestly, most of the speakers we've had, you know, we got at SCALE in the early days, we just, we, we emailed them and said: 'Would you come to speak at the event?' We ran a call for proposals, and some of them came in as submissions, but a lot of it was just cold outreach. I don't know if that succeeded, because that's the state of where the community was at the time and there wasn't as much demand or just because or out of sheer dumb luck. I assure you, it wasn't skill or any sort of network that we like, we just, you know, we just we managed to, we managed to do that. And that's continued through today. When we do our call for papers, we get hundreds and hundreds of submissions, and that makes it really hard to choose from."  Rethinking Web Application Firewalls  Thompson, who turned 80 on February 4 (Happy Birthday, Mr. Thompson), created Unix at Bell Labs. He worked with people like Robert Griesemer and Rob Pike on developing the Go programming language and other projects over the years, including Plan 9, UTF-8, and more. Rabinovich is pretty humble about the keynote speakers that the conference attracts. He and the conference organizers scoured the Internet and found Thompson's email, who said he'd love to join them. That's how they attracted Lawrence Lessig, the creator of the Creative Commons license, who spoke at SCALE12x in 2014 about the legal sides of open source, content sharing, and free software. "I wish I could say, we have this very deep network of connections," Rabinovich said. "It's just, these folks are surprisingly approachable, despite, you know, even after years and years of doing amazing work." SCALE is the largest community-run open-source and free software conference in North America, with roots befitting an event that started with a group of college students wanting to share their learnings about Linux. Rabinovitch was one of those college students attending UCSB, the University of California, Santa Barbara. "A lot of the history of SCALE comes from the LA area back when open source was still relatively new and Linux was still fairly hard to get up and running," Rabinovitch said. "There were LUGS (Linux User Groups) on every corner. I think we had like 25 LUGS in the LA area at one point. And so so there was a vibrant open source community.' Los Angeles's freeways and traffic made it difficult to get the open source community together. So they started LUGFest. They held the day-long event at a Nortel building until the telco went belly up. So, as open source people tend to do, they decided to scale, so to speak, the community gatherings. And so SCALE came to be – led by students like Rabinovitch. The conference started with a healthy community of 200 to 250 people. By the pandemic, 3,500 people were attending. For more about SCALE, listen to the full episode of The New Stack Makers wherever you get your podcasts. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When she was a student in her native Israel, Shira Shamban was a self-proclaimed “geek.” But, unusually for a tech company founder and CEO, not a computer geek. Shamban was a science nerd, with her sights set on becoming a doctor. But first, she had to do her state-mandated military service. And that’s where her path diverged. In the military, she was not only immersed in computers but spent years working in intelligence; she stayed in the service for more than a decade, eventually rising to become head of an intelligence sector for the Israeli Defense Forces. At home, she began building her own projects to experiment with ideas that could help her team. “So that kind of helped me not to be intimidated by technology, to learn that I can learn anything I want by myself,” said Shamban, co-founder of Solvo, a company focused on data and cloud infrastructure security. “And the most important thing is to just try out things that you learn.” To date, Solvo has raised about $11 million through investors like Surround Ventures, Magenta Venture Partners, TLV Partners and others. In this episode of The New Stack Makers podcast series The Tech Founder Odyssey, Shamban talked to Heather Joslyn and Colleen Coll of TNS about her journey.In-Person TeamworkShamban opted to stay in the technology world, nurturing a desire to eventually start her own company. It was during a stint at Dome9, a cloud security company, that she met her future Solvo co-founder, David Hendri — and built a foundation for entrepreneurship. “After that episode, I got the guts,” she said. “Or I got stupid enough.” Hendri, now Solvo’s chief technology officer, struck Shamban as having the right sensibility to be a partner in a startup. At Dome9, she said, “very often, I used to stay up late in the office, and I would see him as well. So we'd grab something to eat.” Their casual conversations quickly revealed that Hendri was often staying late to troubleshoot issues that were not his or his team’s responsibility, but simply things that someone needed to fix. That sense of ownership, she realized, “is exactly the kind of approach one would need to bring to the table in a startup.” The mealtime chats that started Solvo have carried over into its current organizational culture. The company employs 20 people; workers based in Tel Aviv are expected to come to the office four days a week. Hendri and Shamban started their company in the auspicious month of March 2020, just as the Covid-19 pandemic started. While many companies have moved to all-remote work, Solvo never did. “We knew we wanted to sit together in the same room, because the conversations you have over a cup of coffee are not the same ones that you have on a chat, and on Slack,” the CEO said. “So that was our decision. And for a long time, it was an unpopular decision.” As the company scales, finding employees who align with its culture can make recruiting tricky, Shamban said. It's not only about your technical expertise, it's also about what kind of person you are,” she said. “Sometimes we found very professional people that we didn't think would make a good fit to the culture that we want to build. So we did not hire them. And in the boom times, when it was really hard to hire engineers. “These were tough decisions. But we had to make them because we knew that building a culture is easier in a way than fixing a culture. Listen to the full episode to hear more about Shamban's journey. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At Cloud Native Security Con, we sat down with Solo.io's Marino Wijay and Jim Barton, who discussed how service mesh technologies have matured, especially now with the removal of sidecars in Ambient Mesh that it developed with Google. Ambient Mesh is "a new proxy architecture that, according to the Solo.io site, "moves the proxy to the node level for mTLS and identity. It also allows a policy-enforcement policy to manage Layer 7 security filters and policies. A sidecar is a mini-proxy, a mini-firewall, like an all-in-one router, said Wijay, who does developer relations and advocacy for Solo. A sidecar receives instructions from an upstream control plane. "Now, one of the things that we started to realize with different workloads and different patterns of communication is that not all these workloads need a sidecar or can take advantage of the sidecar," Wijay said. "Some better operate without the sidecar." Ambient Mesh reflects the maturity of service mesh and the difference between day one and day two operations, said Barton, a field engineer with Solo. "Day one operations are a lot about understanding concepts, enabling developers, initial configurations, that sort of thing," Barton said. "The community is really much more focused and Ambient Mesh is a good example of this on day two concerns. How do I scale this? How do I make it perform in large environments? How can I expand this across clusters, clusters in multiple zones in multiple regions, that sort of thing? Those are the kinds of initiatives that we're really seeing come to the forefront at this point." With the maturity of service mesh comes the users. In the context of security, that means the developer security operations person, Barton said. It's not the developer's job to connect services. Their job is to build out the services. "It's up to the platform operator, or DevSecOps engineers to create that, that fundamental plane or foundation for where you can deploy your services, and then provide the security on top of it," Barton said. The engineers then have to configure it and think it through. "How do I know who's doing what and who's talking to who, so that I can start forming my zero trust posture?," Barton said. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Here's a breakdown of what we cover: Cloud IDEs will mature as GitHub's Codespaces platform gains acceptance through its integration into the GitHub service. Other factors include new startups in the space, such as GitPod, which offers a secure, cloud-based IDE, and Uptycs, which uses telemetry data to lock-down developer environments. "So I think you'll, you're just gonna see more people exposed to it, and they're gonna be like, 'holy crap, this makes my life a lot easier '." FinOps reflects the more stringent views on managing costs, focusing on the efficiency of resources that a company provides for developers. The focus also translates to the GreenOps movement with its emphasis on efficiency. Software bill of materials (SBOMs) will continue to mature with Sigstore as the project with the fastest expected adoption. Witness, from Telemetry Project, is another project. The SPDX community has been at the center of the movement for over a decade now before people cared about it.  GitOps and Open Telemetry: This year, KubeCon submissions topics on GitOps were super high. OpenTelemetry is the second most popular project in the CNCF, behind Kubernetes. Platform engineering is hot. Anisczyk cites Backstage, a CNCF project, as one he is watching. It has a healthy plugin extension ecosystem and a corresponding large community. People make fun of Jenkins, but Jenkins is likely going to be around as long as Linux because of the plugin community. Backstage is going along that same route. WebAssembly: "You will probably see an uptick in edge cases, like smaller deployments as opposed to full-blown cloud-based workloads. Web Assembly will mix with containers and VMs. "It's just the way that software works." Kubernetes is part of today's distributed fabric. Linux is now everywhere. Kubernetes is going through the same evolution. Kubernetes is going into airplanes, cars, and fast-food restaurants. "People are going to focus on the layers up top, not necessarily like, the core Kubernetes project itself. It's going to be all the cool stuff built on top."  Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Everyone in the community was surprised by ChatGPT last year, which a web service responded to any and all user questions with a surprising fluidity. ChatGPT is a variant of the powerful GPT-3 large language model created by OpenAI, a company owned by Microsoft. It is still a demo though it is pretty clear that this type of generative AI will be rapidly commercialized. Indeed Microsoft is embedding the generative AI in its Bing Search service, and Google is building a rival offering. So what are smaller businesses to do to ensure their messages are heard to these machine learning giants? For this latest podcast from The New Stack, we discussed these issues with Ryan Johnston, chief marketing officer for Writer. Writer has enjoyed an early success in generative AI technologies. The company's service is dedicated to a single mission: making sure its customers' content adheres to the guidelines set in place. This can include features such as ensuring the language in the copy matches the company's own designated terminology, or making sure that a piece of content covers all the required topic points, or even that a press release has quotes that are not out of scope with the project mission itself. In short, the service promises "consistently on-brand content at scale," Johnston said. "It's not taking away my creativity. But it is doing a great job of figuring out how to create content for me at a faster pace, [content] that actually sounds like what I want it to sound like." For our conversation, we first delved into how the company was started, its value proposition ("what is it used for?") and what role that AI plays in the company's offering. We also delve a bit into the technology stack Writer deploys to offer these services, as well as what material the Writer may require from their customers themselves to make the service work. For the second part of our conversation, we turn our attention to how other companies (that are not search giants) can get their message across in the land of large language models, and maybe even find a few new sources of AI-generated value along the way. And, for those public-facing businesses dealing with Google and Bing, we chat about how they should they refine their own search engine optimization (SEO) strategies to be best represented in these large models? One point to consider: While AI can generate a lot of pretty convincing text, you still need a human in the loop to oversee the results, Johnston advised. "We are augmenting content teams copywriters to do what they do best, just even better. So we're scaling the mundane parts of the process that you may not love. We are helping you get a first draft on paper when you've got writer's block," Johnston said. "But at the end of the day, our belief is there needs to be a great writer in the driver's seat. [You] should never just be fully reliant on AI to produce things that you're going to immediately take to market." Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The story goes something like this: There's this marketing manager who is trying to time a launch. She asks the developer team when the service will be ready. The dev team says maybe a few months. Let's say three months from now in April. The marketing manager begins prepping for the release. The dev team releases the services the following week. It's not an uncommon occurrence. Edith Harbaugh is the co-founder and CEO of LaunchDarkly, a company she launched in 2014 with John Kodumal to solve these problems with software releases that affect organizations worldwide. Today, LaunchDarkly has 4,000 customers and an annual return revenue rate of $100 million. We interviewed Harbaugh for our Tech Founder Odyssey series on The New Stack Makers about her journey and LaunchDarkly's work. The interview starts with this question about the timing of dev releases and the relationship between developers and other constituencies, particularly the marketing organization. LaunchDarkly is the number one feature management company, Harbaugh said. "Their mission is to provide services to launch software in a measured, controlled fashion. Harbaugh and Kodumal, CTO, founded the company on the premise that software development and releasing software is arduous. "You wonder whether you're building the right thing," Harbaugh said, who has worked as both an engineer and a product manager. "Once you get it out to the market, it often is not quite right. And then you just run this huge risk of how do you fix things on the fly." Feature flagging was a technique that a lot of software companies did. Harbaugh worked at Tripit, a travel service, where they used feature flags as did companies such as Atlassian, where Kodumal had developed software. "So the kernel of LaunchDarkly, when we started in 2014, was to make this technique of feature flagging into a movement called feature management, to allow everybody to build better software faster, in a safer way." LaunchDarkly allows companies to release features however granular an organization wants, allowing a developer to push a release into production in different pieces at different times, Harbaugh said. So, a marketing organization can send a release out even after the developer team has released it into production. "So, for example, if, we were running a release, and we wanted somebody from The New Stack to see it first, the marketing person could turn it on just for you." Harbaugh describes herself as a huge geek. But she also gets it in a rare way for geeks and non-geeks alike. She and Kodumal took a concept used effectively by develops, transforming it into a service that provides feature management for a broader customer base, like the marketer wanting to push releases out in a granular way for a launch on the East Coast that is pre-programmed with feature flags in advance from the company office the previous day in San Francisco. The idea is novel, but like many intelligent, technical founders, Harbaugh's journey reflects her place today. She's a leader in the space, and a fun person to talk to, so we hope you enjoy this latest episode in our tech founder series from The New Stack Makers. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.