The New Stack Podcast

In the early 2000s, Charity Majors was a homeschooled kid who’d gotten a scholarship to study classical piano performance at the University of Idaho. “I realized, over the course of that first year, that music majors tended to still be hanging around the music department in their 30s and 40s,” she said. “And nobody really had very much money, and they were all doing it for the love of the game. And I was just like, I don't want to be poor for the rest of my life.” Fortunately, she said, it was pretty easy at that time to jump into the much more lucrative tech world. “It was buzzing, they were willing to take anyone who knew what Unix was,” she said of her first tech job, running computer systems for the university. Eventually, she dropped out of college, she said, “made my way to Silicon Valley, and I’ve been here ever since.” Majors, co-founder and chief technology officer of the six-year-old Honeycomb.io, an observability platform company, told her story for The New Stack’s podcast series, The Tech Founder Odyssey, which spotlights the personal journeys of some of the most interesting technical startup creators in the cloud native industry. It’s been a busy year for her and the company she co-founded with Christine Yen, a colleague from Parse, a mobile application development company that was bought by Facebook. In May, O’Reilly published “Observability Engineering,” which Majors co-wrote with George Miranda and Liz Fong-Jones. In June, Gartner named Honeycomb.io as a Leader in the Magic Quadrant for Application Performance Monitoring and Observability. Thus far Honeycomb.io, now employing about 200 people, has raised just under $97 million, including a $50 million Series C funding round it closed in October, led by Insight Partners (which owns The New Stack). This Tech Founder Odyssey conversation was co-hosted by Colleen Coll and Heather Joslyn of TNS. ‘Rage-Driven Development’ Honeycomb.io grew from efforts at Parse to solve a stubborn observability problem: systems crashed frequently, and rarely for the same reasons each time. “We invested a lot in the last generation of monitoring technology, we had all these dashboards, we have all these graphs,” Majors said. “But in order to figure out what's going on, you kind of had to know in advance what was going to break.” Once Parse was acquired by Facebook, Majors, Yen and their teams began piping data into a Facebook tool called Scuba, which ”was aggressively hostile to users,” she recalled. But, “it did one thing really well, which is let you slice and dice in real time on dimensions that have very high cardinality,” meaning those that contain lots of unique terms. This set it apart from the then-current monitoring technologies, which were built around assessing low cardinality dimensions. Scuba allowed Majors’ organization to gain more control over its reliability problem. And it got her and Yen thinking about how a platform tool that could analyze high cardinality data about system health in real time. “Everything is a high cardinality dimension now,” Majors said. “And [with] the old generation of tools, you hit a wall really fast and really hard.” And so, Honeycomb.io was created to build that platform. “My entire career has been rage-driven development,” she said. “Like: sounds cool, I'm gonna go play with that. This isn't working — I'm gonna go fix it from anger.” A Reluctant CEO Yen now holds the CEO role at Honeycomb.io, but Majors wound up with the job for roughly the first half of the company’s life. Did Majors like being the boss? “Hated it,” she said. “Constitutionally what you want in a CEO is someone who is reliable, predictable, dependable, someone who doesn't mind showing up every Tuesday at 10:30 to talk to the same people. “I am not structured. I really chafe against that stuff.” However, she acknowledged, she may have been the right leader in the startup’s beginning: “It was a state of chaos, like we didn't think we were going to survive. And that's where I thrive.” Fortunately, in Honeycomb.io’s early days, raising money wasn’t a huge challenge, due to its founders’ background at Facebook. “There were people who were coming to us, like, do you want $2 million for a seed thing? Which is good, because I've seen the slides that we put together, and they are laughable. If I had seen those slides as an investor, I would have run the other way.” The “pedigree” conferred on her by investors due to her association with Facebook didn’t sit comfortably with her. “I really hated it,” she said. “Because I did not learn to be a better engineer at Facebook. And part of me kind of wanted to just reject it. But I also felt this like responsibility on behalf of all dropouts, and queer women everywhere, to take the money and do something with it. So that worked out.” Majors, a frequent speaker at tech conferences, has established herself as a thought leader in not only observability but also engineering management. For other women, people of color, or people in the tech field with an unconventional story, she advised “investing a little bit in your public speaking skills, and making yourself a bit of a profile. Being externally known for what you do is really helpful because it counterbalances the default assumptions that you're not technical or that you're not as good.” She added, “if someone can Google your name plus a technology, and something comes up, you're assumed to be an expert. And I think that that really works to people's advantage.“ Majors had a lot more to say about how her outsider perspective has shaped the way she approaches hiring, leadership and scaling up her organization. Check out this latest episode of the Tech Founder Odyssey. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Idit Levine’s tech journey originated in an unexpected place: a basketball court. As a seventh grader in Israel, playing in hoops  tournaments definitely sparked her competitive side. “I was basically going to compete with all my international friends for two minutes without parents, without anything,” Levine said. “I think it made me who I am today. It’s really giving you a lot of confidence to teach you how to handle situations … stay calm and still focus.” Developing that calm and focus proved an asset during Levine’s subsequent career in professional basketball in Israel, and when she later started her own company. In this episode of The Tech Founder Odyssey podcast series, Levine, founder and CEO of Solo.io, an application networking company with a $1 billion valuation, shared her startup story. The conversation was co-hosted by Colleen Coll and Heather Joslyn of The New Stack After finishing school and service in the Israeli Army, Levine was still unsure of what she wanted to do. She noticed her brother and sister’s fascination with computers. Soon enough, she recalled,  “I picked up a book to teach myself how to program.” It was only a matter of time before she found her true love: the cloud native ecosystem. “It's so dynamic, there's always something new coming. So it's not boring, right? You can assess it, and it's very innovative.” Moving from one startup company to the next, then on to bigger companies including Dell EMC where she was chief technology officer of the cloud management division, Levine was happy seeking experiences that challenged her technically. “And at one point, I said to myself, maybe I should stop looking and create one.”Learning How to PitchWinning support for Solo.io demanded that the former hoops player acquire an unfamiliar skill: how to pitch. Levine’s company started in her current home of Boston, and she found raising money in that environment more of a challenge than it would be in, say, Silicon Valley. It was difficult to get an introduction without a connection, she said:  “I didn't understand what pitches even were but I learned how … to tell the story. That helped out a lot.” Founding Solo.io was not about coming up with an idea to solve a problem at first. “The main thing at Solo.io, and I think this is the biggest point, is that it's a place for amazing technologists, to deal with technology, and, beyond the top of innovation, figure out how to change the world, honestly,” said Levine. Even when the focus is software, she believes it’s eventually always about people. “You need to understand what's driving them and make sure that they're there, they are happy. And this is true in your own company. But this is also [true] in the ecosystem in general.” Levine credits the company’s success with its ability to establish amazing relationships with customers – Solo.io has a renewal rate of 98.9% – using a very different customer engagement model that is similar to users in the open source community. “We’re working together to build the product.” Throughout her journey, she has carried the idea of a team: in her early beginnings in basketball, in how she established a “no politics” office culture, and even in the way she involves her family with Solo.io. As for the ever-elusive work/life balance, Levine called herself a workaholic, but suggested that her journey has prepared her for it:  “I trained really well. Chaos is a part of my personal life.” She elaborated, “I think that one way to do this is to basically bring the company to [my] personal life.  My family was really involved from the beginning and my daughter chose the logos. They’re all very knowledgeable and part of it.” Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Aerospike Founder Srini Srinivasan had just finished his Ph.D. at the University of Wisconsin when he joined IBM and worked under Don Haderle, the creator of DB2, the first commercial relational database management system. Haderle became a major influencer on Srinivasan when he started Aerospike, a real-time data platform. To this day, Haderle is an advisor to Aerospike. "He was the first one I went back to for advice as to how to succeed," Srinivasan said in the most recent episode of The New Stack Maker series, "The Tech Founder Odyssey." A young, ambitious engineer, Srinivasan left IBM to join a startup. Impatient with the pace he considered slow, Srinivasan met with Haderle, who told him to go, challenge himself, and try new things that might be uncomfortable. Today, Srinivasan seeks a balance between research and product development, similar to the approach at IBM that he learned -- the balance between what is very hard and what's impossible. Technical startup founders find themselves with complex technical problems all the time. Srinivasan talked about inspiration to solve those problems, but what does inspiration mean at all? Inspiration is a complex topic to parse. It can be thought of as almost trivial or superficial to discuss. Srinivasan said inspiration becomes relevant when it is part of the work and how one honestly faces that work. Inspiration is honesty. "Because once one is honest, you're able to get the trust of the people you're working with," Srinivasan said. "So honesty leads to trust. Once you have trust, I think there can be a collaboration because now people don't have to worry about watching their back. You can make mistakes, and then you know that it's a trusted group of people. And they will, you know, watch your back. And then, with a team like that, you can now set goals that seem impossible. But with the combination of honesty and trust and collaboration, you can lead the team to essentially solve those hard problems. And in some cases, you have to be honest enough to realize that you don't have all the skills required to solve the problem, and you should be willing to go out and get somebody new to help you with that." Srinivasan uses the principles of honesty in Aerospike's software development. How does that manifest in the work Aerospike does? It leads to all kinds of insights about Unix, Linux, systems technologies, and everything built on top of the infrastructure. And that's the work Srinivasan enjoys so much – building foundational technology that may take years to build but over time, establishes the work that's important, scalable, and has great performance. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Ask a developer about how they got into programming, and you learn so much about them. In this week's episode of The New Stack Makers, Chainguard founder Dan Lorenc said he got into programming halfway through college while studying mechanical engineering. "I got into programming because we had to do simulations and stuff in MATLAB," Lorenc said. And then I switched over to Python because it was similar. And we didn't need those licenses or whatever that we needed. And then I was like, Oh, this is much faster than you know, ordering parts and going to the machine shop and reserving time, so I got into it that way." It was three or four years ago that Lorenc got into the field of open source security. "Open source security and supply chain security weren't buzzwords back then," Lorenc said. "Nobody was talking about it. And I kind of got paranoid about it." Lorenc worked on the Minikube open source project at Google where he first saw how insecure it could be to work on open source projects. In the interview, he talks about the threats he saw in that work. It was so odd for Lorenc. State of art for open source security was not state of the art at all. It was the stone age. Lorenc said it felt weird for him to build the first release in MiniKube that did not raise questions about security. "But I mean, this is like a 200 megabyte Go binary that people were just running as root on their laptops across the Kubernetes community," Lorenc said. "And nobody had any idea what I put in there if it matched the source on GitHub or anything. So that was pretty terrifying. And that got me paranoid about the space and kind of went down this long rabbit hole that eventually resulted in starting Chainguard. Today, the world is burning down, and that's good for a security startup like Chainguard. "Yeah, we've got a mess of an industry to tackle here," Lorenc said. "If you've been following the news at all, it might seem like the software industry is burning on fire or falling down or anything because of all of these security problems. It's bad news for a lot of folks, but it's good news if you're in the security space." Good news, yes ,but how does it fit into a larger story? "Right now, one of our big focuses is figuring out how do we explain where we fit into the bigger landscape," Lorenc. said. "Because the security market is massive and confusing and full of vendors, putting buzzwords on their websites, like zero trust and stuff like that. And it's pretty easy to get lost in that mess. And so figuring out how we position ourselves, how we handle the branding, the marketing, and making it clear to prospective customers and community members, everything exactly what it is we do and what threats our products mitigate, to make sure we're being accurate there. And conveying that to our customers. That's my big focus right now." Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In the early 1990s, many kids got into programming video games. Tina Huang enjoyed developing her GeoCities site but not making games. Huang loved automating her website. "It is not a lie to say that what got me excited about coding was automation," said Huang, co-founder of Transposit, in this week's episode of The New Stack Makers as part of our Tech Founder Series. "Now, you're probably going to think to yourself: 'what middle school kid likes automation?' " Huang loved the idea of automating mundane tasks with a bit of code, so she did not have to hand type – just like the Jetsons and Rosie the Robot -- the robot people want. There to fold your laundry but not take the joy away from what people like to do. Huang is like many of the founders we interview. Her job can be what she wants it to be. But Huang also has to take care of everything that needs to get done. All the work comes down to what the Transposit site says on the home page: Bring calm to the chaos. Through connected workflows, give TechOps and SREs visibility, context, and actionability across people, processes, and APIs. The statements reflect on her own experience in using automation to provide high-quality information. "I've always been swimming upstream against the tide when I worked at companies like Google and Twitter, where, you know, the tagline for Google News back then was "News by Robots," Huang said. "The ideal in their mind was how do you get robots to do all the news reporting. And that is funny because now I think we have a different opinion. But at the time, it was popular to think news by robots would be more factual, more Democratic." Huang worked on a project at Google exploring how to use algorithms to curate the first pass of curation for human editors to go in and then add that human touch to the news. The work reflected her love for long-form journalism and that human touch to information. Transport offers a similar next level of integration. Any RSS fans out there? Huang has a love/hate relationship with RSS. She loves it for what it can feed, but if the feed is not filtered, then it becomes overwhelming. Getting inundated with information happens when multiple integrations start to layer from Slack, for example, and other sources. "And suddenly, you're inundated with information because it was information designed for the consumption by machines, not at the human scale," Huang said. "You need that next layer of curation on top of it. Like how do you allow people to annotate that information? " Providing a choice in subscriptions can help. But at what level? And that's one of the areas that Huang hopes to tackle with Transposit." Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Welcome to the first in our series on The New Stack Makers about technical founders, those engineers who have moved from engineering jobs to running a company of their own. What we want to know is what that's like for the founder. How is it to be an engineer turned entrepreneur? We like to ask technologists about their first computer or when they started programming. We always find a connection to what the engineer does today. It's these kinds of questions you will hear us ask in the series to get more insight into everything that happens when the engineer is responsible for the entire organization. We've listened to feedback about what people want from this series. Here are a few of the replies we received to my tweet asking for feedback about the new series.If they have kids, how much work is taken on by their SO? Lots of technical founders are only able to do what they do because their partner is lifting a lot in the background — they hardly ever get the credits tho— Anaïs Urlichs ☀️ (@urlichsanais) August 4, 2022 I host the first four interviews. The New Stack's Colleen Coll and Heather Joslyn will co-host the following shows we run in the series. We interviewed Cycle.io Founder Jake Warner for the first episode in the series about how he went from downloading a virus on an inherited Windows 95 machine as a 10-year-old to leading a startup. "You know, I had to apologize to my Dad for needing to do a full reinstall on the family computer," Warner said. "But it was the fact that someone through just the use of a file could cause that much damage that started making me wonder, wow, there's a lot more to this than I thought." Warner was never much of a gamer. He preferred the chat rooms and conversation more so than playing Starcraft, the game he liked to talk about more than play. Warner met people in those chat rooms who preferred to talk about the game instead of playing it. He became friends with a group that liked playing games over the network hosted by Starcraft. Games that kids play all the time. They were learning about firewalls to attack each other virtually, between chat rooms, for example. "And because of that, that got me interested in all kinds of firewalls and security things, which led to getting into programming," Warner said. "And so it was, I guess, the point the to get back to your question, it started with a game, but very quickly went from a lot more than that. And now Warner is leading Cycle, which he and his colleagues have built from the ground up. For a long time, they marketed Cycle as a container orchestrator. Now they call Cycle a platform for building platforms – ironically similar to the story of a kid playing a game in a game. Warner has been leading a company that he described as a container orchestrator for some time. There is one orchestrator that enterprise engineers know well. And that's Kubernetes. Warner and his team realized that Cycle is different than a container orchestrator. So how to change the message? Knowing what to do is the challenge of any founder. And that's a big aspect of what we will explore in our series on technical founders. We hope you enjoy the interviews. Please provide feedback and your questions. They are always invaluable and serve as a way to draw thoughtful perspectives from the founders we interview. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Web Application Firewalls (WAF) first emerged in the late 1990s as Web server attacks became more common. Today, in the context of cloud native technologies, there’s an ongoing rethinking of how a WAF should be applied. No longer is it solely static applications sitting behind a WAF, said Tigera CEO Ratan Tipirneni, President & CEO of Tigera in this episode of The New Stack Makers. “With cloud native applications and a microservices distributed architecture, you have to assume that something inside your cluster has been compromised,” Tipirneni said. “So just sitting behind a WAF doesn't give you adequate protection; you have to assume that every single microservice container is almost open to the Internet, metaphorically speaking. So then the question is how do you apply WAF controls? Today’s WAF has to be workload-centric, Tiperneni said. In his view, every workload has to have its own WAF. When a container launches, the WAF control is automatically spun up. So that way, even if something inside a cluster is compromised or exposes some of the services to the Internet, it doesn't matter because the workload is protected, Tiperneni said. So how do you apply this level of security? You have to think in terms of a workload-centric WAF.The Scenario The vulnerabilities are so numerous now and cloud native applications have larger attack surfaces with no way to mitigate vulnerabilities using traditional means, Tiperneni “It's no longer sufficient to throw out a report that tells you about all the vulnerabilities in your system,” Tiperneni said. “Because that report is not actionable. People operating the services are discovering that the amount of time and effort it takes to remediate all these vulnerabilities is incredible, right? So they're looking for some level of prioritization in terms of where to start.” And the onus is on the user to mitigate the problem, Tiperneni said. Those customers have to think about the blast radius of the vulnerability and its context in the system. The second part: how to manage the attack surface. In this world of cloud native applications, customers are discovering very quickly, that trying to protect every single thing, when everything has access to everything else is an almost impossible task, Tiperneni said. What’s needed is a way for users to control how microservices talk to each with permissions set for intercommunciation. In some cases, specific microservices should not be talking to each other at all. “So that is a highly leveraged activity and security control that can stop many of these attacks,” Tiperneni said. Even after all of that, the user still has to assume that attacks will happen, mainly because there's always the threat of an insider attack. And in that situation, the search is for patterns of anomalous behavior at the process level, at the file system level or the system call level to determine the baseline for standard behavior that can then tell the user how to identify deviations, Tiperneni said. Then it’s a matter of trying to tease out some signals, which are indicators of either an attack or of a compromise. “Maybe a simpler use case of that is to constantly be able to monitor and monitor at run time for known bad hashes or files or binaries, that are known to be bad,” Tipirneni said. The real challenge for companies is setting up the architecture to make microservices secure. There are a number of vectors the market may take. In the recording, Tipirneni talks about the evolution of WAF, the importance of observability and better ways to establish context with the services a company has deployed and the overall systems that companies have architected. “There is no single silver bullet,” Tipirneni said. “You have to be able to do multiple things to keep your application safe inside cloud native architectures.” Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Passage adds device native biometric authorization to web sites to allow passwordless security on devices with or without Touch ID. In this episode of The New Stack Makers, Passage Co-Founders Cole Hecht and Anna Pobletts talk about how the service works for developers to offer users its biometric service. Hecht and Pobletts have worked in product security for many years and the recurring problem is always password-based security. But there really is no great solution, Pobletts said. Multi-factor authentication adds security but the user experience is lacking. Magic links, adaptive MFA, and other techniques add a bit of improvement but are not a great balance of user experience and security. “Whereas biometrics is the only option we've ever seen that gives you both great security and great user experience right out of the box,” Pobletts. The goal for Hecht and Pobletts: offer developers what is challenging to implement themselves: a passwordless service with a high security level and a great user experience. Passage is built on WebAuthn, a Web protocol that allows a developer to connect Web sites with browsers and various devices through the authenticators on those devices, Pobletts said. “So that could be anything right now,” Pobletts said. “It's things like fingerprint readers and face identification. But in the future, it could be voice identification, or it could be, you know, your presence and things like that like it could be all sorts of stuff in the future. But ultimately, your device is generating a cryptographic key pair and storing the private key in the TPM of your device. The cool thing about this protocol is that your biometric data never leaves your device, it's a huge win for privacy. In that passage, your browser, no one ever actually sees your fingerprint data in any way.” It’s cryptographically secure under the hood with Passage as the platform on top, Pobletts said. WebAuthn is designed for single devices, Pobletts said. A developer authenticated one fingerprint, for example, to one device. But that does not work well on the Internet where a user may have a phone, a tablet, and a computer. Passage coordinates and orchestrates between different devices to give an easy experience. “So in my case, I have an iPhone, I do face ID,” said Hecht showing the service. “And then I'm going to be signed in on both devices automatically. So that's a great way to kind of give every user access to the site no matter what device they're on.” With Passage, the biometric is added to any device a user adds, Hecht said. Passage handles the multidevice orchestration. Use cases? “FinTech people like the security properties of it, they kind of like that cool, shiny user experience that they want to deliver to their end users,” Hecht said. And then any website or business that cares about conversions is kind of a general term. People who want signups, who are trying to measure success by the number of people registering and creating accounts, are signing up. “Passage has a really nice story for that because we cut out so much friction around those conversion points.”   Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of The New Stack’s On the Road show at Open Source Summit in Austin, Webb Brown, CEO and co-founder of KubeCost, talked with The New Stack about opening up the black box on how much Kubernetes is really costing. Whether we’re talking about cloud costs in general or the costs specifically associated with Kubernetes, the problem teams complain about is lack of visibility. This is a cliche complaint about AWS, but it gets even more complicated once Kubernetes enters the picture. “Now everything’s distributed, everything’s shared,” Brown said. “It becomes much harder to understand and break down these costs. And things just tend to be way more dynamic.” The ability of pods to spin up and down is a key advantage of Kubernetes and brings resilience, but it also makes it harder to understand how much it costs to run a specific feature. And costs aren’t just about money, either. Even with unlimited money, looking at cost information can provide important information about performance issues, reliability or availability. “Our founding team was at Google working on infrastructure monitoring, we view costs as a really important part of this equation, but only one part of the equation, which is you’re really looking at the relationship between performance and cost,” Brown said. “Even with unlimited budged, you would still care about resourcing and configuration, because it can really impact reliability and availability of your services.” Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of The New Stack’s On the Road show at Open Source Summit in Austin, Amanda Brock, CEO and founder of OpenUK, talked with The New Stack about revenue models for open source and how those fit into building a sustainable project.Funding an open source project has to be part of the sustainability question — open source requires humans to contribute, and those humans have bills to pay and risk burnout if the open source project is a side gig after their full time job. That’s not the only expenses a project might accrue, either — there might be cloud costs, for example. Brock says there are essentially eight categories of funding models for open source, of which really two or three have been proven successful. They are support, subscription and open core.So how do we define open core, exactly? “You get different kinds of open core businesses, one that is driven very much by the needs of the company, and one that is driven by the needs of the open source project and community,” Brock said. In other words, sometimes the project exists to drive revenue, sometime the revenue exists to support the project — a subtle distinction, but it’s easy to see how one or the other orientation could change a company’s relationship with open source.Are both types really open source? For Brock, it all comes down to community. “It’s the companies that have proper community that are really open source to me,” she said. “That’s where you’ve got a proper project with a real community, the community is not entirely based off of your employees.” Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.