The Burden of Security in Software Maintenance

Open at Intel

Player FM - Internet Radio Done Right

הוסף לפני two שנים

תוכן מסופק על ידי open.intel. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי open.intel או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

TED Business

1
The trick to powerful public speaking | Lawrence Bernstein 17:27

לפני 20 weeks17:27

הפעל מאוחר יותר

רשימות

לייק

אהבתי

17:27

Why do so many of us get nervous when public speaking? Communication expert Lawrence Bernstein says the key to dealing with the pressure is as simple as having a casual chat. He introduces the "coffee shop test" as a way to help you overcome nerves, connect with your audience and deliver a message that truly resonates. After the talk, Modupe explains a similar approach in academia called the "Grandma test," and how public speaking can be as simple as a conversation with grandma. Want to help shape TED’s shows going forward? Fill out our survey ! Become a TED Member today at https://ted.com/join Learn more about TED Next at ted.com/futureyou Hosted on Acast. See acast.com/privacy for more information.…

לפני שנה 26:37

MP3•בית הפרקים

In this episode, John Kjell, Director of Open Source at TestifySec, discusses his involvement in various open source projects and the intricacies of maintaining such projects. John sheds light on his work with the CNCF and OpenSSF, and the impact of tools like Witness, Archivista, and SLSA. He outlines the challenges maintainers face, especially around security, and offers insights into balancing professional and personal responsibilities. John also explores the significance of community, inclusivity, and a secure developer identity in open source ecosystems.

00:00 Introduction and Guest Background
01:20 Maintainer Burnout and Security Challenges
04:41 Balancing Multiple Projects and Personal Life
07:15 Security Risks in Smaller Projects
10:13 Developer Identity and Reputation
19:37 Open Source Origin Story and Community Involvement
24:11 Optimism for the Future of Open Source Security

Resources:

Enhancing Open Source Security: Introducing Siren by OpenSSF – Open Source Security Foundation

Security at Every Step: Why Software Supply Chains Are Critical

Guest: John Kjell is responsible for open source at TestifySec, a software supply chain security startup. He is a maintainer for the Witness and Archivista sub-projects under in-toto. Additionally, John is an active contributor to CNCF's TAG Security and multiple projects within the OpenSSF. Before TestifySec, John was an engineering leader at VMware, helping to bring supply chain security features to the Tanzu Application Platform.

100 פרקים

#Tech #Open At Intel

The Burden of Security in Software Maintenance

Open at Intel

published לפני שנה

שתפו

MP3•בית הפרקים

Resources:

Enhancing Open Source Security: Introducing Siren by OpenSSF – Open Source Security Foundation

Security at Every Step: Why Software Supply Chains Are Critical

100 פרקים

#Tech #Open At Intel

כל הפרקים

Open at Intel

1
Building Innovation with Open Source AI 24:19

לפני 9 ימים24:19

24:19

In this episode, we hear from Melissa McKay, Head of Developer Relations, who discusses her involvement in open source communities, especially Jenkins and OPEA. She highlights the significance of AI in today's technology landscape, touching on its increasing prevalence and integration into various processes. The discussion also covers the challenges and opportunities AI brings, including security concerns and the need for standardization through projects like the Open Platform for Enterprise AI (OPEA). Melissa provides insights into learning and adapting to new technological trends, emphasizing the importance of having a safe environment for experimentation and continuous learning. 00:00 Introduction and Welcome 02:39 Involvement with Jenkins and Community Support 03:58 AI and Its Growing Impact 07:52 Challenges and Security in AI 09:24 Adapting to New Technologies 21:06 Encouragement for Community Involvement Guest: Melissa McKay is passionate about Java, DevOps and Continuous Delivery. She is currently Head of Developer Relations for JFrog and a member of the Technical Steering Committee of the Open Platform for Enterprise AI (OPEA). Melissa has been recognized as a Java Champion and a Docker Captain, is an international speaker, and is co-author of the O'Reilly title, DevOps Tools for Java Developers.…

Open at Intel

1
Democratizing Kubernetes for AI and ML with Kubeflow 20:54

לפני 16 ימים20:54

20:54

In this episode, we hear from Andrey Velichkevich, a key contributor to the Kubeflow project, an ecosystem of open source projects to streamline the AI and ML lifecycle on Kubernetes. Andrey shares his extensive experience with the project, explains the various components and their use cases, and discusses the community's focus on accessibility and collaboration. They cover the project's evolution, the unique challenges and solutions offered, and the importance of engaging new contributors through initiatives like Google Summer of Code. The conversation highlights the future roadmap for Kubeflow, the significance of cross-project collaboration, and the key to creating a supportive and rewarding contributor environment. 00:00 Introduction and Greetings 00:14 Overview of the Kubeflow Project 01:20 Kubeflow's Ecosystem and Components 02:54 Target Audience and Use Cases 05:12 Future Roadmap and Goals 09:38 Community Engagement and Contributions 19:09 Conclusion and Final Thoughts Guest: Andrey Velichkevich is a member of Kubeflow Steering Committee and a co-chair of Kubeflow AutoML and Training WG. Additionally, Andrey is an active member of the CNCF WG AI. He is one of the authors of the CNCF AI white paper and he is helping with various AI initiatives from the CNCF community.…

Open at Intel

1
AI Agents and Developer Evolution: Bridging Human and Machine 24:16

לפני 17 ימים24:16

24:16

In this episode, we hear from Janikiram MSV, an industry analyst and advisor based in Hyderabad, India, who specializes in AI agents and cloud native technology. We spoke about the evolution of AI agents, from chatbots to personalized AI assistants, and their advancement to AI agents that can access data, utilize APIs, and perform tasks autonomously. The discussion also covers the impact of these technologies on various fields, especially for developers, through examples like app modernization and AI-driven tools. We address important considerations such as authentication, authorization, and the future role of junior developers in an AI-augmented world. This episode sheds light on how AI agents can significantly transform workflow efficiency across multiple domains. 00:00 Introduction 00:56 Evolution of AI Agents 06:10 Impact on Developers and IT Operations 07:17 Authentication and Authorization Challenges 09:41 Future of AI in Development 20:19 Advice for Junior Developers 22:23 Conclusion and Future Discussions Guest: Janakiram MSV is an an industry analyst, strategic advisor, and a practicing architect. Through his speaking, writing, and analysis, he helps businesses take advantage of emerging technologies.…

Open at Intel

1
Challenges and Triumphs in Kubernetes Security 23:42

לפני 23 ימים23:42

23:42

In this episode recorded at KubeCon in London, Cailyn Edwards, a security engineer at Okta, shares her unique journey from a rough guide and farmer to a security professional. Based in Canada, she discusses her dual life of securing platforms in her day job and co-chairing Kubernetes SIG Security in her community role. Cailyn emphasizes the importance of diverse backgrounds in the security field for better risk evaluation and shares tips on entering this realm, regardless of one's starting point. The conversation also touches on challenges like open source sustainability, economic pressures, and leveraging AI in coding, along with practical advice for new contributors to cloud-native technologies. 00:00 Welcome 00:31 Meet Kaylin: From Farmer to Security Engineer 03:35 The Importance of Diverse Perspectives in Security Risk Assessment 05:07 Understanding SIG Security in Kubernetes 09:24 Challenges in Open Source Contributions 17:03 Identity and Security in the Cloud Native World 21:35 Final Thoughts…

Open at Intel

1
Flatcar Linux: Made for Containers 22:24

לפני 4 weeks22:24

22:24

In this episode, Danielle Tal and Thilo Fromm join us to discuss Flatcar Linux. They introduce Flatcar as a Linux operating system designed specifically for containers and Kubernetes workloads, highlighting its automation, self-healing capabilities, and security features. They emphasize how Flatcar simplifies operations for startups and large companies alike by automating OS provisioning and maintenance. We discussed contributor engagement and the project's involvement with the CNCF. They also share intriguing use cases, like a Kubernetes cluster running on a tractor fleet, and stress the importance of community contributions, not just in code but in evangelism and documentation. 00:00 Introduction 01:05 What is Flatcar? 02:01 Flatcar's Automation and Self-Healing Capabilities 04:10 User Experience and Testing 05:06 Ideal Users and Use Cases 10:36 Community and Contributions 13:38 Getting Started with Contributions 16:59 Impact and Future Directions 19:58 Conclusion and Final Thoughts Guest: Danielle Tal is a Program Manager at Microsoft and an integral part of the team responsible for maintaining Flatcar Container Linux. The team is contributes to Linux OS distributions and Linux Security within Azure and other upstream projects. With a background in supporting diverse enterprise cloud applications as a support engineer, Danielle has transitioned into a management role, overseeing Docker EMEA support before joining the Flatcar team. Thilo Fromm is an engineering manager and works on Community Linux distributions and Linux Security at Azure. Thilo's team helps maintaining Flatcar Container Linux. He has given talks at FOSDEM, FrOSCon, KubeCon, Open Source Summit, Cloud-Native Rejekts, and various meetups like Kubernetes Community Days. Thilo started his career in embedded systems with hardware design and roll-your-own /from scratch embedded Linux, kernel and plumbing level development, and later virtualisation. After working for various cloud providers in engineering and management positions, he went full cloud native in 2019. Nowadays Thilo works on operating systems for cloud-native environments with a special focus on Flatcar Container Linux.…

Open at Intel

1
Demystifying Cyber Resilience and the Tools That Help 21:16

לפני 5 weeks21:16

21:16

In this episode, Michael Lieberman, Co-founder and CTO of Kusari, walks us through the intersection of open source software and security. We discuss Mike's extensive involvement in OpenSSF projects like SLSA and GUAC, which provide essential frameworks for securing the software development life cycle (SDLC) and managing software supply chains. He explains how these tools help verify software provenance and manage vulnerabilities. Additionally, we explore regulatory concerns such as the Cyber Resilience Act (CRA) and the vital role of the recently released Open SSF Security Baseline (OSPS Baseline) in helping organizations comply with such regulations. Mike also shares insights into the evolution of open source security practices, the importance of reducing complexity for developers, and the potential benefits of orchestrating security similarly to Kubernetes. We conclude with a look at upcoming projects and current pilots aiming to simplify and enhance open source security. 00:00 Introduction and Guest Welcome 00:19 Mike's Background and Role in Open Source 01:35 Exploring SLSA and GUAC Projects 04:57 Cyber Resiliency Act Overview 06:54 OpenSSF Security Baseline 11:29 Encouraging Community Involvement 18:39 Final Thoughts Resources: OpenSSF's OSPS Baseline GUAC SLSA KubeCon Keynote: Cutting Through the Fog: Clarifying CRA Compliance in C... Eddie Knight & Michael Lieberman Guest: Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF’s Secure Software Factory Reference Architecture whitepaper. He is an elected member of the OpenSSF Governing Board and Technical Advisory Council along with CNCF TAG Security Lead and an SLSA steering committee member.…

Open at Intel

1
Project Sylva and the Future of Telecom 24:07

לפני 6 weeks24:07

24:07

Tim Irnich from SUSE shares his work with Edge computing, focusing on the telecommunications industry. He highlights the importance of standardization and interoperability across the industry, specifically focusing on the widespread adoption of Linux and Kubernetes. Tim also elaborates on Project Sylva, an initiative under the Linux Foundation, aimed at creating a standardized stack for the European telco operators. We also discuss challenges and opportunities presented by the vast array of open source projects within the CNCF landscape and the potential for AI to enhance network efficiency and reliability. The episode provides a comprehensive look into the collaborative efforts and technological advancements shaping the telecom sector. 00:00 Welcome 01:14 Open Source Adoption in the Telco Industry 02:14 Challenges and Standardization in Telco Networks 04:35 Curating Reliable Stacks for Telco 06:11 Project Silva: An Open Source Initiative 18:55 AI in the Telecom Industry 22:11 Conclusion and Final Thoughts Tim Irnich is the product manager for SUSE Edge for Telco, an open source based horizontal telco cloud solution. He is also a member of the Board of Directors at the LF Europe Sylva Project. Tim has been active in telco related open source communities such as LF Networking, OPNFV, OpenDaylight, OpenStack/OpenInfra for over a decade and held positions on several committees including the LFN TAC, TSC and Board of Directors in OPNFV and OpenDaylight. Before joining SUSE in 2018, Tim worked at Ericsson, where he ran the open source and ecosystem program for Ericsson's cloud business unit and helped found Ericsson's open source development arm that is today known as Ericsson Software Technologies.…

Open at Intel

1
Data Privacy and Efficiency with Bacalhau Compute Over Data 23:10

לפני 7 weeks23:10

23:10

In this episode, David Aronchick, CEO and Co-founder of Expanso discusses his experiences and insights from working with Kubernetes since its early days at Google. David shares his journey from working on Kubernetes to co-founding Kubeflow and his latest project, Bacalhau, which focuses on combining compute and data management in distributed systems. Highlighting the challenges of data processing and privacy, particularly in edge computing and regulated environments, David emphasizes cost-saving benefits and the importance of local data processing. Throughout, privacy and regulatory concerns are underscored along with solutions for efficient and secure data handling. 00:00 Introduction and Welcome 00:23 Early Days of Kubernetes 01:05 Kubernetes Community and Evolution 02:23 AI, ML, and KubeFlow 03:40 Current Work and Data Challenges 08:20 Privacy and Security Concerns 14:21 Real-World Applications and Benefits 20:42 Conclusion Learn more about Intel® Liftoff for Startups: https://www.intel.com/content/www/us/en/developer/tools/oneapi/liftoff.html Learn more about our collaboration with Expanso in the Open Platform for Enterprise AI (OPEA) project: https://opea.dev Guest: David Aronchick, Founder and CEO at Expanso, formerly led open source machine learning strategy at Azure, managed Kubernetes product development at Google, and co-founded Kubeflow. Previous roles at Microsoft, Amazon, and Chef.…

Open at Intel

1
Evolving Software Deployment With GitLab 20:55

לפני 7 weeks20:55

20:55

In this episode, we sit down with Victor Nagy of GitLab to discuss his role and GitLab's initiatives. Victor details the transition from using a custom solution to integrating Flux for smoother application deployment. Victor also talks about GitLab's commitment to the open source community, contributions to Flux, and becoming a potential maintainer. We also touch on what makes developer tools great, developer experience, and developments in AI and security, highlighting the rapid pace of innovation in these fields. 00:00 Introduction and Guest Introduction 00:36 Key Open Source Projects: Flux and GitLab 01:17 Choosing Flux 03:42 Community Contributions and Future Plans 05:35 Deployment and Product Management 12:31 GitLab's Comprehensive Platform and Differentiators 18:38 Security and AI 19:43 Conclusion and Final Thoughts…

Open at Intel

1
The Future of AI Workloads with Slinky 18:51

לפני 8 weeks18:51

18:51

In this episode, Marlow Warnicke, lead for the Slinky project, and Tim Wickberg, CTO of SchedMD, join us to discuss their work integrating HPC scheduler Slurm with Kubernetes. They provide background on Slurm's origins, its open source nature, and its evolution into Slinky to address Kubernetes's limitations in scheduling AI and HPC workloads. The discussion touches on the unique challenges in the MLOps space, the need for fine-grained resource control, and their collaborative efforts with various communities to enhance Kubernetes's efficiency. They also share the roadmap for Slinky and avenues for community collaboration and contribution. 00:00 Introduction and Guest Introductions 00:39 Overview of Slurm and Its Evolution 01:44 The Fusion of Slurm and Kubernetes: Slinky 04:14 Challenges in Kubernetes Scheduling 09:07 Unique Challenges in MLOps 12:58 Community Collaboration and Future Plans 16:41 Getting Involved and Final Thoughts…

Open at Intel

1
Open Source Maintainership: The Highs, Lows, and Everything In Between 23:38

לפני 9 weeks23:38

23:38

Katherine Druckman sat down with Sarah Christoph, lead maintainer of Porter, and Karen Chu, community manager for Helm, to discuss the realities of maintaining open source projects. We discussed the challenges maintainers face, including burnout, community building, and the importance of human interactions in sustaining projects. The conversation highlights strategies for creating sustainable workflows, such as documentation and contributor ladders, and the essential role of positive feedback and community support in maintaining morale. The episode also underscores the protective and inclusive nature of the open source community, shining a light on mentorship and the personal growth it fosters. 00:00 Introduction 02:30 Challenges in Open Source Maintenance 03:43 Maintainer Burnout and Coping Strategies 08:10 Building Sustainable Open Source Projects 10:37 The Importance of Community and Mentorship 12:41 Recognizing and Crediting Contributors 14:14 The Human Connection in Open Source 21:22 Final Thoughts Guests: Karen Chu Sarah Christoff…

Open at Intel

1
The Human Side of Code 20:46

לפני 10 weeks20:46

20:46

In this episode, we hear from Megan Knight, Director of Software Communities at Arm. Megan shares her experiences with open source projects, particularly focusing on the Yocto project which helps build custom Linux distributions. She discusses the challenges of community management, maintaining contributor motivation, and the impact of policy changes on open source projects. The discussion also touches on the importance of corporate support in sustaining open source contributions. 00:00 Introduction and Welcome 00:52 The Yocto Project: Building Custom Linux Distributions 01:33 Managing Open Source Communities 04:20 Motivations and Challenges in Open Source Contributions 05:18 Conflict Resolution in Open Source Projects 06:59 Unexpected Use Cases in Open Source 10:03 Sustainability and Training in Open Source 18:07 The Future of Open Source in Automotive 19:18 Conclusion Guest: Megan Knight is the Director of Software Communities at Arm where she delightfully works with the upstream. She holds various positions on project boards including Yocto Project, UXL Foundation, Zephyr Project, and OpenSSF. Prior to Arm, she led the IoT and Automotive open source engagement portfolio at Amazon Web Services and served as the Amazon representative on critical dependency open source project boards. She got her start in open source working at The Linux Foundation with the Linux Kernel and Linux Plumbers communities.…

Open at Intel

1
Understanding Observability with OpenTelemetry 21:50

לפני 11 weeks21:50

21:50

Join us as we sit down with Austin Parker, Director of Open Source at Honeycomb.io to discuss observability with OpenTelemetry, explaining its importance in cloud native software and discussing the OpenTelemetry project's growth and community contributions. He shares insights on the evolution and adoption of Open Telemetry, its impact on the software industry, and the collaborative nature of its development. 00:00 Introduction 00:45 Understanding OpenTelemetry 02:48 The Importance of Observability 05:01 Challenges and Innovations in Observability 09:36 The OpenTelemetry Community 12:12 Challenges with Vendor Lock-In 14:29 Encouraging New Contributions 18:07 Recognizing Community Contributions 20:24 Final Thoughts Guest: Austin Parker is Director of Open Source at honeycomb.io, an OpenTelemetry maintainer and governance member, author of several books, and all around great person.…

Open at Intel

1
AI and MLOps with Kubernetes 20:37

לפני 11 weeks20:37

20:37

In this episode, we caught up with Abdel Sghiouar, a Developer Advocate at Google and the co-host of The Kubernetes Podcast. Abdel shared the latest developments in Kubernetes and AI applications, highlighting the unique challenges of running machine learning models on Kubernetes, particularly focusing on scalability and the context window in large language models. We also discussed the importance of working groups in overcoming these challenges and emerging concerns in AI security. 00:00 Introduction and Welcome Back 00:20 Abdel's Role and Podcast 00:36 Kubernetes and Cloud Native Space 01:14 AI and MLOps Discussion 02:20 Challenges with Large Language Models 04:48 Kubernetes Working Groups 05:55 Security Concerns in MLOps 09:48 Exploring Solutions and Community Interaction 18:23 Conclusion Guest: Abdel Sghiouar is a Cloud Developer Advocate @Google Cloud. His focus areas are GKE/Kubernetes, Service Mesh and Serverless. Abdel started his career in datacenters and infrastructure in Morocco before moving to Google's largest EU datacenter in Belgium. Then in Sweden he joined Google Cloud Professional Services and spent 5 years working with Google Cloud customers on architecting and designing large scale distributed systems before turning to advocacy and community work. You can follow him at @boredabdel .…

Open at Intel

1
Positioning and Strategy with Open Source 20:10

לפני 12 weeks20:10

20:10

Consultant Emily Omier discusses her work with open source companies on product strategy and positioning. She explains the unique challenges and opportunities such companies face, particularly the tension between commercial offerings and open source projects. Emily highlights the importance of solid product strategy, shares her process from customer interviews to leadership workshops, and addresses common misconceptions and struggles companies encounter. Additionally, she touches upon the strategic reasons for open-sourcing software. 00:00 Introduction and Guest Background 00:16 Understanding Product Strategy in Open Source 01:58 Engaging with Companies at Different Stages 03:10 Workshop and Internal Knowledge Surfacing 04:16 Differentiating Open Source and Commercial Offerings 07:09 Common Struggles and Misunderstandings 10:35 Community Building and Its Importance 14:21 Open Sourcing Projects: Reasons and Benefits 17:28 Experience at All Things Open 18:07 Conclusion and Upcoming Events Guest: Emily Omier is a consultant who helps open source startups accelerate growth with killer positioning. She also hosts The Business of Open Source, a podcast about building open source companies and is the founder of Open Source Founders Summit, a business-focused conference for leadership of open source companies.…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.