A software bill of materials is the idea that we can define and document exactly what goes into a system. We look at governance today and SBOMs as we put it together, both from a software and an operation side.
Tag Archives: Automation
Advanced SSH [TechOps]
SSH and Secure Shell is one of those topics that people take for granted because it is a ubiquitous way to log in and access systems. True to form for the TechOps series, though, we break that down into much more detailed and granular components.
We talk about how to secure it and what best practices are. We also discuss how to use it for tunneling, or, more specifically, not use it for tunneling, and why all of this matters to your operations environment. Listen to what new things we’re doing that avoid having to have network access at all.
Transcript: otter.ai/u/XSRBfnifZOF0-nlNU5…?utm_source=copy_url
UEFI Trust & Secure Boot Issue
We explore the UEFI certificate issue in which secure boot is potentially compromised. Certificates that are included in most UEFI BIOSes have been compromised in ways that could easily be used as an attack vector, a very significant flaw and something that should be on your purview and radar to fix and patch.
We’re going to talk about what the issue is, why it’s important, how secure boot works, and what you can do to mitigate this problem in your own infrastructure. An important episode for anybody running or managing desktops, data centers or any infrastructure of any type.
Transcript: otter.ai/u/H15Z2NZDom8Hta8gHJ…?utm_source=copy_url
Compliance Death Curve [Working Session 1]
The compliance death curve is something I’ve been working on as an evolving concept that tries to explain how companies fight compliance governance and standardization efforts, something that is critical to platform team and infrastructure operations.
Today we try to decompose some of the mathematics that I’ve been using into more universal, more easily understood components. We built a compliance flywheel that I found really fascinating which you can see an example of that work in our podcast description.
It could also be helpful to check out my previously recorded compliance death curve talk that has been released.
Resources:
www.youtube.com/watch?v=4RUKsakKZI0
Transcript: otter.ai/u/k9q5ZZ81Hm-EAAtfkV…?utm_source=copy_url
Data Ops Platforms [Does DevOps work in AI?]
We dive into data operations in today’s episode! We cover the idea that with all of the work we’re doing in AI and ML data analytics analysis, you actually have to steward your data.
We also cover processes controls, like what we have with DevOps in infrastructure, but with similar types of concepts (governance controls automation) around how your data is flowing in your system.
Transcript: otter.ai/u/pesotDnHCCD5lyPVx7…?utm_source=copy_url
Image by DALL-E
Broadcom Creates Chaos & Opportunity
We dive into the chaos created by Broadcom’s acquisition of VMware. In this episode, we discuss what Broadcom is doing, why it’s a problem, how enterprises are reacting, and what alternatives are on the market.
We cover the whole mess in all its glory, and even provide some love for Broadcom.
Resources:
www.thestack.technology/vmware-is-kil…isor-and-nsx/
www.siderolabs.com/platform/saas-for-kubernetes/
Transcript: otter.ai/u/SO8PD-p8AHwwsKfGsN…?utm_source=copy_url
Image by DALL-E
DevOps and Legacy Buildings
Departing from our typical podcast format, today’s episode is part of a presentation that I’ve been preparing about comparing 125 year old house building architecture to modern DevOps. We also analyze as things that work and don’t work.
There are a lot of home maintenance stories and comparison notes. Particularly in the back half of the episode we get into how this type of challenge relates to Operations Management.
Refereces: nationalpost.com/news/canada/afte…oard-sewer-pipes
Transcript: otter.ai/u/jf8at50nf0KKQG7Drl…?utm_source=copy_url
Image by DALLE: Victorian house with the second floor redesigned in a modern style, featuring extensive use of glass. Each image also includes the porch with rockers and a poodle.
Time for SBOMS? What’s Ahead for 2024?
After a brief hiatus, thecloud2030 group is back and deep in tech, talking about things that we think are going to come on the tech front, sans AI.
In this episode, we take some time to go through Kubernetes, hardware, software, bill of materials, and some governance. This includes a smattering of predictions to get your year started off with a bang.
From there, we are going to be moving into our tech-ops series. Find more details about that in today’s outro!
Resources:
www.theregister.com/2023/12/27/bruc…erens_post_open
developersalliance.org/open-source-l…ty-is-coming/
Transcript: otter.ai/u/UQyqHKJ9oNd1SquAWW…?utm_source=copy_url
Image by DALLE: cartoon images of a robot reviewing a long bill of materials on a scroll of paper.
Cloud20302024SBOMCloudAutomationInfrastructureOSSOpen Source
Predicting Innovation: Three Horizons Model
What is innovation? Today we continue this discussion, specifically drilling into the three horizons model for creating growth and value.
We spend a lot of time talking about how companies innovate using that model, what it means and what are examples of it? How does that spark take place? We bridge you further down the innovation learning process in this meeting.
Transcript: otter.ai/u/He9h2NVxazKMDN9a13…?utm_source=copy_url
Image by Dall-E prompt “please create a close up picture of a flock of birds navigating between three different horizons. the birds are smart and know which why they need to go”
Compliance is Fun! (and why you care)
We dive deep into the technical subject of governance and policy enforcement, including the tools, techniques and processes that you need to be aware of to do a good job with policy and governance enforcement.
We cover how to get started, what to think about, what to be aware of, and chip away at your governance and policy challenges including developer development portals, infrastructure pipelines and DevSecOps.
Transcript: otter.ai/u/ND90jKHwbklUBOAwT1…?utm_source=copy_url
Image by Dall-E prompt “please make a carton that shows a regulator who is managing cloud and IT assets using impractical tools”
Rob’s Hot Take:
Rob Hirschfeld, CEO and co-founder of RackN and host of the Cloud 2030 Podcast, discusses the October 19th conversation about limiting large language models (LLMs) and AI. The discussion focused on creating legal limitations for artificial intelligence and technology, highlighting the potential impact of regulations such as Section 230, which governs internet service providers’ moderation of content. Hirschfeld suggests that changes to Section 230 could be a critical component in controlling emerging technologies, inviting listeners to explore the insightful conversation at the2030.cloud.