The New Stack Makers

Building a simulation of the human heart. Pooling and crunching data from public transportation and other sources from around the world to determine travel distances and times. These are two projects Alfonso Santiago, researcher at the Barcelona Supercomputing Center and Charlie Davies, co-founder, technology and product director, iGeolise; are actively engaged in building. What they share in common is how they derive immense high-performance computing (HPC) resources on a cloud native platform (which Oracle offers). Santiago and Davies shared details about how HPC has helped to solve many of their respective projects’ struggles during a The New Stack Makers podcast hosted by Joab Jackson, managing editor, during KubeCon + CloudNativeCon in Barcelona. Also on hand was TJ Fontaine, a software engineer and consulting member of technical staff, for Oracle, who offered some context about Oracle’s role in these projects and in HPC on the cloud in general. Watch on YouTube: https://www.youtube.com/watch?v=niuAVbESM4g

The fact that cloud native and container exploits are becoming more attractive targets for attackers as they grow in popularity is obvious. But as of late, some gaping security holes in both platforms have sparked even greater causes for concern. To wit, a security hole was recently revealed — with a sure-fire fix lacking at the time when this article was posted — that detailed how an attacker can gain root access to Docker container hosts. The vulnerability, similar in scope to an symlink-race attack, a SUSE security researcher revealed how the present vulnerability is applicable to any host associated with a Docker engine. Earlier this year, a Docker runtime exploit was revealed that exposed vulnerabilities in  Docker, Kubernetes' and Docker’s runC. It is always an easy bet to make that other Docker and cloud native vulnerabilities exist that have not yet been publicly revealed. And, needless to say, most attackers anyway are looking for easier doors to open — or, more accurately, doors opened for them — by running very easy-to-run password exploits. Watch on YouTube: https://www.youtube.com/watch?v=KJG7dJdu5U8

During a podcast Alex Williams, founder and editor in chief of The New Stack hosted during the KubeCon + CloudNativeCon conference in Barcelona in May, Pulumi CEO Joe Duffy was on hand to discuss just what Pulumi does. He articulated how it serves as a popular way to deploy and manage infrastructure in a range of cloud and on-premise environments with a very wide range of programming languages. Not to say that Duffy’s description of Pulumi is not of interest — I can confirm it is — but what also make this podcast especially interesting is how he put developers’ and operations folks’ relationship with Kubernetes and multi-cloud environments into context. Watch on YouTube: https://www.youtube.com/watch?v=fDKslnUtFjw

Containers have only recently started to go mainstream as an important part of continuous integration and delivery (CICD). This is great for developer autonomy and individual ownership, but what about security? While Docker and Kubernetes have been the main drivers of this rapid container adoption, the ease at which these two orchestrators allow anyone to deploy code can leave security in peril. Does the fact that these are open-source platforms make it even more or less secure? Most importantly, how much do users understand about container security?This is some of what The New Stack Founder Alex Williams was asking when he sat down at DockerCon with Tianon Gravi, senior vice president of operations at InfoSiftr, and Noah Abrahams, Kubernetes engineer at Ticketmaster. At the end of May, the Docker Symlink-Race vulnerability was discovered in all versions of Docker container engines that offers an attacker a way to get to the host itself or any other containers managed by that host to not only read but modify the files. Abrahams sees security as something that falls on a spectrum of passive versus active versus retrospective. Watch on YouTube: https://youtu.be/MZMGIVjKBew

How have open source communities changed over the years? Two decades ago, there were many open source projects, yet much of the code used in business still came from vendors. Those days, most all of the infrastructure — from the network stack to log analysis tools — is mostly open source. No longer is it only individual coders uploading their work, but the largest software companies are sharing their code as well. Some time over the past decade, the network effect kicked in and projects such as Linux or Kubernetes that were developed by communities around the world reached a level of sophistication that would be hard to watch even by the largest proprietary software vendor. Just ask Microsoft and Oracle, which both have been embracing open source for the past decade. In fact we did ask Microsoft and Oracle. For this newest episode of The New Stack Makers podcast, we pow-wowed with Oracle Principal Member of Technical Staff Karthik Gaekwad, Oracle Solutions Architect Kaslin Fields, and Principal Cloud Developer Advocate Microsoft Bridget Kromhout to discuss how to best build and maintain open source software communities today. The podcast was live-streamed last month from Kubecon + CloudNativeConEU, held last month in Barcelona. The secret to open source success? People. Lots of people, doing lots of things, not just coding. Watch on YouTube: https://youtu.be/LEwwCrUvolk

On this episode of The New Stack Makers, TC Currie is joined by Zack Butcher, who has long been involved in and advocating for cloud engineering. He’s a founding engineer at Tetrate, and was an engineer on the Istio team at Google. She caught up with Butcher at the recent Service Mesh Days, where he led a four-hour training on installing & using Envoy, Istio and service meshes. The reason for choosing a service mesh is not connected to how many services you run, or how complicated your system is, Butcher said.  It’s: “I am having pain in a distributed system and I can’t really understand what’s going on.”

What is developer advocacy? Why is it so popular now? We sat down with Microsoft's Chloe Condon on this episode of The New Stack Makers to answer these, as well as how to add a touch of drama into your corporate tech job. Condon says that maybe job titles like hers — developer evangelist — are new, but this role has existed since there have been products marketed to engineers. Developer advocates tend to be more extroverted engineers, who have a tech background instead of just marketers that happen to work in tech. For her, the most important part of the role is the community, which is why she doesn't give a white board interview, but one question she asks all developer relations candidates — What communities are you currently involved in? These don't have to be running big conferences, but can be Meetups or even online communities. It shows you can build communities and you already have some.

Wiebe de Roos, a CI/CD consultant and engineer for ABN Amro, one of The Netherlands largest banks with over 22,000 employees, joined the company when the bank was beginning its shift to CI/CD through its DevOps as well as DevSecOps. The reasons management decided its developer teams needed to make the shift included late deliveries and less-than-stellar innovation on the application front. “The teams were not really mature,” Roos said. Today, Roos says ABN Amro’s CI/CD processes underpinned by its DevOps and DevSecOps. The result: “Automation and compliance is now rolled out as part of the CI/CD processes to cope with the market changes,” Roos said.  “And now we see a big acceleration, because of course of containers, which are now also being adopted.” During this edition of The New Stack Makers podcast during the KubeCon + CloudNativeCon conference held in Barcelona at the end of May, Roos was joined by ABN Amro’s secure coding and AI team lead Dominik de Smit. They spoke with the host, Alex Williams, founder and editor and chief of The New Stack, about ABN Amro’s CI/CD, DevOps and DevSecOps journey. They also discussed the tools the development teams use, such as those Twistlock provides for containers and cloud native security, and how they have also played an essential role in meeting the real-world development, operational and security challenges they face. Watch on YouTube: https://www.youtube.com/watch?v=K_88F11499I

The role of the SRE in DevOps has become that much more crucial as software development covers that much more ground than in the past. Since becoming part of DevOps, SREs have been required to play a very active part throughout the production pipeline environment as well as during the post-deployment stage of software and application rollouts. When cloud native platforms and porting legacy systems to the cloud are added to the mix or deploying applications to on-premise and cloud environments simultaneously, the SRE’s responsibility becomes that much more critical. The SRE also must nimbly assume many of the tasks previously reserved for operations. While gone are the days when a single “operations guy” or team managed a data center, an SRE can still get that dreaded call or page at 3:00 AM when an applications crashes. But at the same time, as we see below, many of those operations-like tasks should become automated in the near future, so SREs can spend more time on what they usually like to do best: working directly with code development. Three SRE and engineering thought leaders from software giant and services provider Oracle obviously had a lot to say about the SRE’s role and DevOps tools at their disposal during a podcast hosted by Libby Clark, editorial director of The New Stack, during the KubeCon + CloudNativeCon conference held in Barcelona at the end of May. The podcasts guests from Oracle included: Dr. Jonathan Reeve, senior director, product management; Mickey Boxell, product manager, SRE; Timothy J. Fontaine, software engineer and consulting member of technical staff.

O'Reilly’s OSCON’s scope this year will remain true to its seminal roots this year as one of the most far-reaching and comprehensive open source conferences of the year, its organizers say. Held July 15-18, 2019 in Portland, OR; OSCON, co-program chair Kelsey Hightower, a developer advocate at Google, described the conference as “the open source family reunion.” As a technologist, Hightower said he plans, among other things, to take advantage of the meet-and-greet and learning opportunities where “all the people who kind of started open source and set the principles of the foundation, all the way to the people who are kind of creating some of the newer projects, things that are on the edge” will be there.  “So, it is my chance to catch up with all the people you collaborate on GitHub or social media,” Hightower said. During a podcast hosted by Alex Williams, founder and editor-in-chief of The New Stack, both Hightower and fellow co-program chair Rachel Roumeliotis, vice president, content strategy at O'Reilly Media, who is one of many people who love conference venue in beautiful Portland, discussed both how OSCON will remain both true to its roots.

Service meshes have emerged as not just as something nice to have, but today, as a quintessential must-have for microservices and Kubernetes management. Given the enormous complexity of these environments, service mesh infrastructure layers offer the management and observability required for cluster visibility and tracing, among other things, that organizations often live and die by. Among several open source options, Linkerd has emerged as a leading service mesh offering. But as William Morgan, CEO for Buoyant, which builds Linkerd, service meshes are more about solving a people problem when attempting to coordinate and management different developers’ work and collaborations. “I was an engineer in a previous life and a lot of the service mesh conversations that we have tend to be very engineering conversations around like well, the feature set and when you're going to support x and y. And in reality, what we found is that Linkerd is very good at solving what is actually a human problem, which is, especially as the company as a company or an organization grows, you have lots of people trying to do things at the same time,” Morgan said. “What Linkerd allows you to do is make the lives of developers easier, especially developers also platform owners, by moving a lot of the functionality that they would otherwise be responsible for down to the platform layer where they don't have to worry about it.”

New services and tools continue to emerge for cloud native deployments, vying for a place among what is already an immensely complex web of choices. During a podcast hosted by Alex Williams, founder and editor in chief of The New Stack, at KubeCon + CloudNativeCon in Barcelona, tools and goals by Oracle and Autom8.Network, which offers a decentralized function as a service (FaaS), were the main topics as a way to make serverless and other environments that much easier and reliaable for organizations to use. Podcast guests Maddie Patrichi, senior software developer for Oracle, and Gregg Altschul, co-founder and CTO, for Autom8.Network, offered their thoughts and described their projects.

How was WordPress created? (That's WordPress.org, the open-source content management system, not WordPress.com, the for-profit hosting platform by Automattic.)At the end of 2002, b2/cafelog or simply B2, an open-source Web news and blogging tool, which generated pages dynamically from the contents of its MySQL database, was abandoned by its creator. Early 2003, Matt Mullenweg posted a couple paragraphs on his blog showing interest in forking that code and building something better. Mike Little was the only one to comment showing interest. And thus Mullenweg and Little became the co-founders of what would become known as WordPress.

In this episode of The New Stack Makers, TC Currie is joined with industry veteran Larry Peterson, now CTO of the Open Networking Foundation (ONF) and Professor Emeritus at Princeton University.  Listeners might recognize his name as co-author of the seminal book Computer Networks: A Systems Approach, which is now open sourced, or as the Director of the PlanetLab Consortium. TC caught up with Dr. Peterson at the recent Service Mesh Days in San Francisco where he was interested in learning how service meshes might be able to help solve the telco industry’s problems as they move, in a slow-as-molasses sort of way, toward microservices architecture. The PlanetLab consortium combined with the ONF and network engineers are represented on the board by the CTOs of AT&T, Deutsche Telekom, and Comcast. Google is also on the board because it’s not just telco, but all network operators. All the ONF partners and their supply chains are are all interested re-organizing around a dis-aggregated solution, as they move to a more cloud-like architecture, said Peterson.

When we talk about accessibility on the Web, we often talk about can someone who is visually or dextrously impaired, but that's not the only bit of it. While meeting these legal accessibility requirements is important, we can't forget that the Web has systematically left groups of people behind, including the elderly, LGBTQ+, women, people still unconnected, and more — basically those that aren't the cis white men most commonly building and running the tech industry. In short, the most vulnerable people are kept from the potential of the Web. This is what we talked about and more when The New Stack Makers podcast spoke to BBC Software Engineer Olu Niyi-Awosusi leading up to her talk at this year's Afrotech Fest. First, the day job. Niyi-Awosusi's work at BBC — which aims to be the most accessible news website in the world — comes with two roles. She builds article webpages using React, and she is an accessibility champion. The latter is a voluntary but official role, probably unique to the BBC, tasked with keeping accessibility at the front of colleagues' minds.