Tag Archives: Cloud2030

Software Supply Chains [#Log4Shell]

Our scheduled topic was supply chains generally, but the Log4Shell vulnerability dominated the discussion. We dove into the challenge of patching and fixing a library that is literally in nearly every device or service for years and years.

That led us to supply chains in the context of software, and specifically Java Log4j. This is a critical topic and our conversation about it was very thoughtful. We really covered the angles of what it takes to produce and maintain a supply chain for software. Then we discussed alternatives and things to consider when you building anything: software products or physical products in which embedded systems and components impact your designs.

Transcript: otter.ai/u/CJ8pYF1La6tetFasqZhEojo_zoY
Image: www.pexels.com/photo/carton-cont…-in-rows-6294430/

Rob’s Hot Take:

Rob Hirschfeld, CEO and co-founder of RackN and host of the Cloud 2030 Podcast, reflects on the December 16th discussion centered around the supply chain, particularly focusing on Log4j and software components. He underscores the importance of understanding the provenance of software components and emphasizes the necessity of maintaining a robust patch and update process, especially considering embedded systems like Java. Hirschfeld advocates for a shift in mindset towards viewing software as an ongoing process rather than a static deliverable, inviting listeners to explore the insightful discussion further at the2030.cloud.

Broader Impacts of AWS Outage

We discussed the Amazon outage of December 7. Instead of simply blaming Amazon, we went looking for how the outage impacted people globally. We considered how hyper scalars are being treated and how these outages can be avoided or understood. We focused on who is impacted and what companies who are building on top of Cloud providers can do going forward.

We really took a classic Cloud 2030 approach for a very important and timely topic. Enjoy our discussion about the business impacts, understanding of the market and forward looking approach.

Transcript: otter.ai/u/cY4fk8mWIovIfkwfT4LDw2uy4QY
Image: www.pexels.com/photo/a-person-ho…ked-eggs-7719168/

Rob’s Hot Take:


Rob Hirschfeld, CEO and co-founder of RackN and host of the Cloud 2030 Podcast, provides insights on the December 9th discussion regarding the Amazon outage on December 7th. Fresh from the outage’s impact, Hirschfeld highlights the industry’s reliance on cloud providers as utilities and underscores the need to acknowledge their business interests, which may not always align with customer needs during disruptions. He advocates for building resilience both at the provider and consumer levels, emphasizing the importance of understanding and mitigating the risks associated with hyperscale infrastructures. Hirschfeld invites listeners to explore the comprehensive conversation at the2030.cloud, focusing on industry-wide reflections rather than attributing blame to specific providers.

What is Platform Engineering?

What is platform engineering? And why is it necessary and how to make it work compared to DevOps.

In this conversation, we really hit on the challenges of creating automation teams for building automation in scalable ways. Frustratingly, we never really came up with a particularly good answer to “what is a platform team” and why you should care. Strangely, your organization is probably building one.

Transcript otter.ai/u/zJeQbqXIyD8kZUxfKQdvQAfQGog
Image: www.pexels.com/photo/building-co…chnology-9617733/

Rob’s Hot Take:

Rob Hirschfeld, CEO and co-founder of RackN and host of the Cloud 2030 Podcast, reflects on the November 9th DevOps Lunch and Learn session focused on platform engineering. He highlights the challenge of executing platform engineering initiatives despite the straightforward concept of improving automation and tooling at an architectural level. Hirschfeld emphasizes the importance of defining success metrics, empowering teams to enforce standards, and adopting consistent, repeatable patterns and practices to advance the industry’s maturity. He encourages listeners to explore the insightful discussion at the2030.cloud for a deeper understanding of platform engineering’s significance.

A Path for Cloud Standardization?

We discuss standards, de facto standards, and cloud standards. It comes down to how we are creating repeatable results for the cloud marketplace.

Ideally, we’re creating marketplaces where standards can be shared. We’d consider Amazon as the primary example, but we also talk about hardware and Kubernetes which have their own marketplaces.

Ultimately, we asked if we are creating standardized cloud infrastructure? The short answer is no.

Transcript: otter.ai/u/kGT8pGfbslZRgFktM0pE3AifwWI
Image: www.pexels.com/photo/measuring-g…tar-pick-3988555/

Rob’s Hot Take:

Rob Hirschfeld, CEO and co-founder of RackN and host of the Cloud 2030 Podcast, reflects on the November 30th DevOps Lunch and Learn session focused on standards and vendors’ attempts to establish standard operating processes. He highlights the market’s lack of convergence or trust in vendor-driven standards, emphasizing the durability of certain influential standards in the industry compared to vendor-specific APIs. Hirschfeld underscores the ongoing need for standard operating models and APIs to address market complexity, encouraging listeners to explore the insightful discussion at the2030.cloud for deeper insights into standardization efforts within the industry.

Securing Software Supply Chains

Today we talked about supply chains, but mainly security and the security aspects of supply chains because we have a very serious challenges here.

We have made software and on boarding software for developers so easy, but haven’t put the same efforts in how to manage production systems! The team really talked about what it takes to build production systems that respect security, supply chains, dependency graphs, and inclusion in a way that cross teams.

It’s an incredibly important topic, and it is the foundation of any successful supply chain hardening effort.

Transcript: otter.ai/u/6zfld2gBpZMSGT8Vk_1Ka3pWtN0
Image: www.pexels.com/photo/light-city-…traffic-10390684/

Serverless At The Edge

Serverless at the edge, part one. This is a dynamic and engaged conversation with key questions like:

What is serverless?
Do we need serverless?
How is edge serverless different than cloud serverless?

We see edge environments as collecting data from sensors that needs to be heterogeneous, multi vendor, dynamic and centralized. But where centralized?

I think that the serverless aspect of this really drives home the idea that we need to be able to make small, quick, easy updates into an edge environment into a sensor environment. But how we accomplish that is still to be defined.

Transcript: otter.ai/u/XOOi-HhvbqC6NG16-7ns6j_hPLE
Image: www.pexels.com/photo/man-in-whit…ing-tray-3772524/

Rob’s Hot Take:

In the November 11th episode of the Cloud 2030 podcast, the discussion centered around the concept of serverless at the edge, a topic not widely understood. Distinct from traditional cloud-based serverless systems like Lambda, serverless at the edge involves diverse sensors and input sources, requiring different architectures. The conversation emphasized the critical role of serverless at the edge but highlighted the need for unique definitions and platforms, shaping the future of this technology.

Ops Research and Mapping

We explored Operations Value mapping. This lead to an a very interesting discussions of complexity budgets and how to measure complexity budgets. This includes managing supply chain, and value pipelines, and system coupling.

Complexity budgets could be a very powerful measuring tool for understanding operations value In an organization. Overall, this helps you explain the cost of complexity to organizational leadership.

Transcript: otter.ai/u/T1jXorfZO6Yc7fovBEXKgxSnxao
Image: www.pexels.com/photo/old-map-of-…-on-wall-4338273/

Can we Secure SaaS? RE: facebook & Twitch

During this 20 minute check-in we dive security and SaaS infrastructure.

Can we protect the secrets that people are trusting to SaaS providers to store for us? The topic was inspired by the Twitch leak where a lot of sensitive information was exposed exposed to the public. That comes on the heels of all sorts of other leaks, compromises and down time on systems.

Overall, it seems like bad news is coming faster and faster for operators. The fundamental question is NOT can we trust a SaaS provider to secure information. We know the answer is NO. But what to do about it?

Transcript: otter.ai/u/bHe8mibvYE4vTIjWleOfJ2Z7iwI
Photo by Joy Marino from Pexels [ID 3054158]

You need an IaC Pipeline! [KubeCon & VMworld retro]

We talk about Infrastructure as Code through a Kubernetes filter. We started with a check in on KubeCon and VMworld, both of which had just ended. Both of those shows are very relevant in our IaC discussion and considerations because we dig into how we build on those platforms.

Ultimately, that lead to the idea of pipelines and processes for building sustainable automation and operations. That got into very interesting places!

Transcript: otter.ai/u/O1UZds25tjCKUr0337HHOo-hxu4
Photo by Evan Velez Saxer from Pexels [ID 7417579]