This Week in Enterprise Tech 525 Trancript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
Louis Maresca (00:00:00):
On this week, enterprise tech, we have Mr. Brian Chee. Mr. Curtis Franklin, back on the show. Happy New Year to all of you. Now, did you know that Circle C had a breach? Well, they're asking to change all of your secrets. Do you know how to secure your APIs? Well, we'll go through some basic and advanced ways. Plus, today we have a great guest, William Morgan. He's creator of Link d and c E of Buoyant. We're gonna talk about the state of service mesh and just where it's headed. Definitely shouldn't miss it. TW on the set
Announcer (00:00:29):
Podcasts you love from people you trust.
Louis Maresca (00:00:42):
This is twt. This week in Enterprise Tech episode 525 recorded January 6th, 2023. Old infrastructure locked in the closet. This episode of this week in Enterprise Tech is brought to you by decisions. Don't let complexity block your company's growth decisions. No code rules driven process automation software provides every tool needed to build caustom workflows, empowering you to modernize legacy systems, ensure regulatory compliance, and renew the customer experience. Visit decisions.com/twit to learn how automating anything can change everything. And by bit Warden, get the password manager that offers a robust and cost effective solution that can drastically increase your chances of staying safe online. Get started with a free trial of a teams or enterprise plan, or get started for free across all devices as an individual user at bit warden.com/twit.
(00:01:44):
Welcome to twt this week at Enterprise Tech, the show that is dedicated to you, the enterprise professional, the it pro geek who just wants to know how the school is connected. I'm your host, Lewis Mareka. Happy New Year to you. From all of us at TWIT and twt, we have a packed show for you today, but I can't guide you by myself. I need to bring in the professionals and the experts start on their very own. Mr. Brian Chee net architect at Sky Fiber Network expert all around Tech Geek Cheever. Happy New Year, my friend. 2020 threes here. Have any tech goals this
Brian Chee (00:02:17):
Year? Actually I've been named to the board of directors for the Central Florida fairground, and one of my goals is within the realm of reality to try and upgrade their backbone so they have enough bandwidth so they can move video around, security connections, you name it. All without breaking the bank. So that's gonna be a challenge. And if people have long spools, a single mold fiber laying around that you want a tax break on, drop me a line.
Louis Maresca (00:02:51):
There you go, reusability. Very nice, very nice. Thank you. Cheaper for being here. It's always great to have you. But we also have to bring in the man of many talents. The man has puls the enterprise world. He is Mr. Curtis Franklin, senior analyst at amia. Curtis Hackney year to you as well. How about how about you? Any tech goals or enterprise goals for this year?
Curtis Franklin (00:03:10):
Oh, the very happiest of New Year's to you, Lou. We let's see what kind of goals, actually I do. I've got some cool stuff that I'm gonna be working on. Gonna be looking at how we quantify risk in the enterprise, and then how that quantified risk ties into little things like cyber insurance. So lot, lots of good stuff going on in in my professional research. And on other things. I'm hoping to get some more work done on SDR in the amateur radio bands. And I have a whole bunch of 3D printing on my plate. So there, there's all of that. And even more coming up. It should be a very busy and fun-filled 2023.
Louis Maresca (00:04:01):
Looking forward to it. Looking forward to it. Well, speaking of new year, we have a new year of the enterprise tech and a deck enterprise tech news, and it definitely has it slowed down. So what are some of the ways you can better secure your APIs? Well, we're gonna get you take you through that and take you through a good list of those. Plus today we have a great guest, William Morgan Morgans, creator of Linker D and c e o of Buoyant. He's gonna talk about the state of service mesh and where it might be headed. So lots of exciting stuff to talk about, definitely stick around. But first, let's start the year with this week's enterprise news blips. The new year has started with a charge of new targets from threat actors. It's almost like they wanted to start off the New Year's Strong. Some of you may use Circle CI for your continuous integration and delivery platform.
(00:04:45):
It's great for building and testing code anytime you wanna push a new version of your code. Now, even if, even if it's just to run static analysis on your code for check for security vulnerabilities. But you know, can you actually smell supply chain attack here? Well, this week's Circle CI has been informing customers and disclosing a security incident and it's urging users to rotate their secrets. And now let's talk about the facts coming from Circle CI directly. Now, the secrets they're asking customers to rotate are not only their account access secrets, but also those stored as project environment variables or in context. Now. In addition, it's also calling for customers using API tokens to validate those tokens and replace them with new ones. Now, security reachers, including Daniel Huffman report that they see unknown IP addresses accessing their a w s credentials through Circle ci. It seems there's actually real world impact here.
(00:05:34):
The the DevOps company advises users to audit their internal logs for unauthorized access occurring between December 21st, 2022 and January 4th, 2022. Oddly, this may not be a new Year hack, as I thought. Ironically, the wording in the post suggests that Circle CI was breached on December 21st, the same day it published a reliability update reinforcing its commitment to bettering its service on a mid 2019 circle. AI was also hit by a data breach resulting from the compromise of a third party vendor. This actually led to the compromise of user data, including usernames and emails associated with the user GitHub Bitbucket accounts and their IP addresses, organization names or repo URLs. Now in 2022, threat actors were caught stealing GitHub accounts via Circle, fake Circle CI email notification sent to users. Now, if it isn't proof that supply chain attacks are real and target you and your organization, I don't know what could be. If you use Circle ci, take a pause and update your secrets right now.
Curtis Franklin (00:06:37):
Well, I suppose it's nice to know that even criminals can work on improving their craft, but a threat group called Automated Libra is keeping Security Pros up at night with their increasing use of up to date modern software development techniques. According to an article from Dark Reading, a campaign called Purple Urchin is using DevOps and continuous integration and continuous deployment, or C I C D practices to mine cryptocurrency on cloud platforms using free trial accounts. Now this campaign isn't new. It's been going on since August, 2019, and it's mainly targeted platforms like GitHub, Heroku, and Toggle Box. The real worry for the cybersecurity pros is that while crypto mining is the current goal of the campaign, the infrastructure is flexible and could easily be put to other uses later. Palo Alto Network's Unit 42 threat hunting team has shown that Automated Libra has created some 180,000 free trial accounts on various cloud platforms using an automated container-based approach for spinning them up quickly.
(00:07:45):
The impressive thing is just how quickly those accounts can be created at its peak. Last November, the group was spinning up between three and five new accounts on GitHub every minute in this every component of purple urchin script mining operation from user account creation to coin mining and trading shipped inside a container and deployed in a highly automated way. According to Unit 42, automated Libra adopted the DevOps and C I C D approaches to optimize its ability to utilize the very limited resources available to them under the free trial programs. The key takeaway for enterprise organizations is that threat actors will increasingly use containers for malicious infrastructure employment in coming years. Trusted sources like cloud providers, cloud storage services, and public services hosted on clouds will be leveraged for launching attacks and it's gonna be difficult and prevalent to detect word for you get ready. So welcome to 2023,
Brian Chee (00:08:55):
And I'd like to say thank you to ours technical for this article, which is very timely. The Biden administration has been trying desperately to end a two year deadlock on the fcc. So the other day, president Joe Biden Renominated Giggi son of to the long empty fifth spot on the Federal Communications Commission, in hopes that the Senate will finally give Democrats a three to two FCC majority. The FCC has been deadlocked with two Democrats and two Republicans for Biden's entire presidency so far. He nominated soon a longtime consumer advocate and former FCC official on October 26th, 2021. Now, what really bothers me about this article's topic is that the fccs mandate is supposed to protect the airwaves in the US and territories and really shouldn't be stuck on partisan politics. It's no wonder that my colleagues outside the US have nearly given up hope to actually get real innovation from the United States. Sadly, I don't know how to fix the FCC or the Supreme Court for that matter. As long as partisan politics are more important than the public good, I fear the US will continue to see our technological lead further erode away.
Louis Maresca (00:10:23):
You may be surprised if you expect the usual suspects and threat actors to be causing havoc this year. In fact, the well-known British newspaper, the Guardian, has hit a new security breach after a ransomware attack before Christmas. So this register article talks about it here. In fact, it's telling their staff to continue working from home until later this year. Now, on December 21st, it broke the news that it had a serious IT incident that impacted its infrastructure and told staff to work from home. And according to the ICOs rules, organizations must notify the government agency within 72 hours of a discovering a ransomware attack. Now, even though the Guardian wasn't certain it was a ransomware attack, they notified them anyway. So they have been able to work vigorously to ensure that they still have digital publishing in their content printing well, but no one's claimed responsibility yet.
(00:11:12):
But gangs like Lock Bitt have been busy already this year, including Canada's largest children's hospital in Los Angeles's, public housing authority for ransomware attacks. Now, you might have thought that ransomware attacks have slowed down because they really haven't been in the news that much. Well, don't let your guard down at least 219. Local governments, healthcare providers, colleges, universities, and school districts in the US alone, where victims of ransomware attacks last year. And remember some good measures to protect yourself against ransomware. Ensure you back up your data regularly, keep your software and systems up to date. We talk about that all the time. Train your employees against phishing attacks and opening unknown attachments and links. Don't click the links, implement access controls as well as use a firewall. And even think about using ransomware protection software blocking unknown encryption of critical data. Well, folks, that does it for the blips.
(00:12:04):
Next up the bites. But before we get to the bites, we have to thank a really great sponsor of this week in enterprise tech. And that's decisions that have always been the goal of allowing anyone in an organization to automate things without being a coding expert. While it looks like decisions might be close to the perfect platform for you, because I was able to create custom workflows plus convert a lot of custom code and logic into enterprise rules, right, with decisions. And I was very impressed by how easy it was to do. Now, decision gives IT and business experts the tools to automate anything in your company, all within one no code platform. It's proven to fix any business process and prepare you to withstand economic uncertainty. Now, recession resilience requires a deliberate management of resources and the flexibility to adapt at the flip of a coin.
(00:12:53):
Now, the decisions, no code environment makes it easy for your team to collaborate, to build, adjust workflows. You can have dynamic forms and decision processes that fit your in unique and ever-changing business needs. Now, this is especially important with today's IT talent shortage. Now, decisions processes, automation software is a complete toolkit. That means it allows developers and business users alike to build applications and automations with no code required. Now, there are no code platform is powerful and includes robust rules and workflow engines and a host of pre-built integrations that connect to any legacy system via api, all within a simple drag and drop visual interface design that can be deployed on-prem or even in the cloud. Now, companies were caught flatfooted on the onset of the pandemic, but decisions customers were fully equipped to respond. Here. Now, one of the country's largest private banks built an entire P p P loan application process for small businesses affected by covid 19.
(00:13:55):
In just two days. Two days, they were the first to market in issuing a 1 billion in loans before their competitors even got started. Now decisions that you customize workflows to automate the small decisions, producing faster results with greater accuracy, allowing your team to really focus on the important decisions. Now, scale your business to better serve your customers while reducing those operational costs and saving your time and money and your team time and money. Now here's a great example of how decisions automation software can help Otis Elevators. You know, them, one of the most well-known in the world, implemented decisions to run daily pulse checks across their 2 million units operating globally. Now, by finding potential problems before they occur, they avoid downtime and manage their service technicians efficiently. You have it arrive, be riding on an Otis elevator, you can rest assure you'll arrive safely to your destination.
(00:14:49):
Now, as a potential recession approaches, the durability of a businesses foundation will directly impact its performance and ability to survive. Now, how strong is your foundation decisions? Automation platform provides the solution to any business challenge. Automating anything can change everything to improve your company's speed to market financial growth and operational success. They help industry leaders alleviate bottlenecks and automate pain points in their business. So you can do what you do best and then change the world. To learn more about decisions, no-code automation platform and scope, your free proof of concept visit decisions.com/twit. That's decisions.com/twit. And we thank decisions for their support of this week in enterprise tech. Well, folks, it's time for the bites. Now, APIs, they continue to be the targets of many organizations by threat actors. And the question is, what's some of the ways that you can actually make your APIs more secure?
(00:15:55):
It's a really great question. There's, there's lots of ways to do it. In fact, this dark reading article actually has a great list. Now, the f in the fact that the day they, they found actually, they put a, a list in here. They put it actually a, a research findings by SALT labs that says the API tax have actually increased by 681%. That's just proof in the pudding. Now, the list that they have here is a step beyond the basic set of calls and the basic set of best practices, but it really has a, a good set of adoptions that you might wanna take on. In fact, number one, adopt risk-based authentication. Now that's a you know, you have a trusted API client already. He might have a good track record that that that might not have to go through the same rigor of authentication as maybe a new client.
(00:16:38):
And that's really kind of adopting risk-based authentication. It really helps kind of reduce increase usability, but still increase the security. Adding biometrics to your auth. Now you can add B M F A or, or whatnot. Fingerprint scanning, that kind of thing can definitely increase your security and lower your risk. You can also enforce authentication externally. Now this is the one that I'm a stronger belief believer of because it, it means that you start using an API gateway. It really helps enforce a bunch of things. It actually includes, you can enforce security requirements governance, that kind of thing. In fact you can even enforce compliance. Lastly on their list, they have of course, API security with, with balance of usability. Now that's the really hard one. If you think about it. Now you probably many of you home have, have dealt with MFA or having to deal with additional security layers and things.
(00:17:32):
And that can sometimes impose maybe unnecessary requirements that might require some additional kind of, you know, delays or impedance in your pipeline to maybe get using your software. Get using the API makes it harder. You don't wanna impose unnecessary security requirements or in, you really wanna ensure your security rules are strict only when they need to be. That's a really hard thing to do. Now, this list focus a lot, focuses a lot on authentication, but there's a lot to talk about from just a set of best practices. Let's just talk about a couple of them cuz it's a long list. Number one, use API keys. There's secret tokens that once you authenticate, you can send down to the client and they can be used. They're short-lived. They allow for very specific and scoped amount of security, obviously, but they want you to use yo OAuth because it's a open standard for authentication authorization.
(00:18:22):
It's a framework, obviously encrypt things using HTPs s you wanna make sure you use, again, short-lived tokens for things implement rate limiting and governance that you can get with an API gateway. You wanna make sure you perform in input validation, right? When you, when you get input through your api, you wanna make sure that you're not open to any type of vulnerability there. Or malicious attack or SQL injection. Of course, you wanna use modern security protocols, right? You don't want, you wanna make sure that the latest and greatest you're using like TLS 1.3. And of course you wanna monitor and log your activity. And again, you, a lot of this you can get with things like API gateways. So I wanna bring my co-host back in cheaper. I wanna, I'm actually, Chris, I wanna throw this to you first because you know, I'm seeing a lot of web apps, single page application services. They use APIs today, obviously, but are you seeing that there's actually a big gap in people's security plans when it comes to just standard APIs?
Curtis Franklin (00:19:20):
You know, there really is because so many people tend to think that because APIs are not something that are touched by the fingers of users on a regular basis, they are somehow inherently more secure than human facing components. And I think that anytime we start to believe that something is inherently secure, now that puts a big flashing neon welcome sign over the door for attackers. Some of the things that Lou mentioned are being used more and more by security teams because they're beginning to recognize the problems that can happen in APIs. You know, remember that just like mechanical systems everywhere you have a coupling or a joining or a joint, you have a potential weakness that's true in software as much as hardware. So b you know, companies, organizations as whole should be looking at this and should be finding ways to specifically protect APIs from both automated and hands-on attacks.
Louis Maresca (00:20:40):
Agreed, agreed. Now cheaper. The, the list here is pretty interesting. How are, just like the last item on the list, you know, obviously the more security you add, sometimes the harder it is to maintain good usability. Is there a really happy medium here?
Brian Chee (00:20:54):
Well, one of, one of the things that I do definitely wanna bring up is, yeah, VPNs aren't gone yet. They're a nice way that if you have out of date APIs run a vpn, you know, it's a stop gap. But more importantly this is something that came out of a past life. The documentation I think is actually an even more basic problem. Apis are typically written by folks that don't see the light of day very often, <laugh>. They tend, they tend to be your better programmers, the ones that are clever the ones that can eek out the best performance. Well, there's a problem with that. Those folks, as talented as they are, typically aren't very good at communicating. So at a couple of big corporations one of the things I really found out is I started forcing some of the junior programmers to work with the A P I team for one reason and one reason only.
(00:22:03):
Typically, the junior programmers still remembered composition English. So I think one of the problems is we don't have as good a quality of documentation on APIs as we do on user facing technology. And when you start skimping on documentation I actually saw this on several reviewer guides. It basically said, do this, do that, and so forth. And they don't really spell out the ramifications. And so just to get it working, people start slapping route access or supervisor access or whatever significantly more user rights than they need just to get it working. Because management is always telling us it has to get done, time, time, time, get it done, get it done. And if the documentation stinks there's a lot of opportunities to take shortcuts. So I think number five on this list really ought to be better. A p i documentation. What are the ramifications? Why are you asking for this particular set of user rights? Don't just say do it, explain why, and what are the ramifications? I think that might go a long way towards letting the people just learning how to use these APIs to make a lot less mistakes.
Louis Maresca (00:23:39):
Now, you know, one thing we've seen a lot is the trend towards the microservices architecture. A lot of organizations use it. And one of the suggestions here is obviously to use an API gateway, Curtis, is this, is this like a good, is, is this like a silver bullet? What, what does it help organizations with from an API gateway perspective? I talked about a couple of them, but it's not necessarily clear whether organizations should just jump on it.
Curtis Franklin (00:24:03):
Well, I'm hesitant to call it a a silver bullet because nothing really is. But for organizations that are looking for ways to protect their APIs without going back and doing massive re-architecting of their solutions or pounding on suppliers who might or might not be willing to make changes, a p i gateways can provide some valuable security as an overlay. Now we all talk about how an overlaid security is less desirable than builtin security. And it is, but when built-in security is difficult or impossible to achieve, the layover may be your best solution. And I think for a lot of organizations, the gateway is going to be just that.
Louis Maresca (00:24:59):
Agreed. It is agreed. It's, you know, I think one last thing about just an API security is the fact that you see a lot of organizations, not security, not secure it, not secure APIs. And this is just because that the API might be producing data that's not necessarily customer critical or whatnot. It might be like, let's say information about a particular catalog that they have cheaper. Does, is this something, is this something that's recommended? Like if you have a very simple API that just produces indexable data, catalog data should you have some layers of security in there? Or should you just make it show that it's really easy for people to use and call?
Brian Chee (00:25:38):
In
Louis Maresca (00:25:39):
Weather data is
Brian Chee (00:25:40):
Probably an example too. Yeah, yeah. It's gotta be, let's use even more prevalent example. I've been dealing a lot with networked audio visual equipment where you have speakers in the ceiling, you have all kinds of stuff. You might have smart monitors that are displaying meeting room availability. The problem that I've been seeing with a lot of these is so many of those APIs are still based on something simple like Telnet. They haven't even migrated to an encrypted technology like, you know, s s h or even doing something as simple as an encrypted wrapper. There's a lot of problem with when the industry is just trying to migrate to this new technology. I I'm gonna point a direct finger at the networked AV industry cuz so many of those tools are still unencrypted and those APIs can do some really amazing things.
(00:26:48):
You know, you could actually, you know, intercept the connection for a video wall and move things around. And sadly that's, that's an invitation for problems. So there needs to be more, even if it's something simple, even if it's only say controlling the volume of the mu in the elevator what's to say that Musak can't be redirected and do something nefarious? I'd rather see it designed and stop design it in from the beginning. Don't go slap dash putting patches over things because you're going to miss something. And I'd, I'd really like to see people to, you know, avoid that type of thing and design it in from the beginning. And personally this is a plug for our friends at Microsoft. A lot of their tools design in the encrypted connections, whereas some of the open source toolkits assume that you know how to do it already,
Louis Maresca (00:27:56):
Right? Right. I mean, just to call out too, obviously if we're talking about simple APIs that might have data that doesn't necessarily need to be secured, I would say at the very minimum it should have some kind of rate limiting or governance just to ensure that there is no denial service or whatnot to really take down the services hosting these things. But in the same sense as reducing that, that amount of requirements for the user and make it more usable is definitely a a positive in some scenarios. So definitely agree with you. Thanks Brian. Well, I think that definitely puts that to bed. Next up we have our guests, but before we get to our guests, we do have to take another great sponsor of this weekend Enterprise Tech and that's bit warden. Now. You may have been following a lot.
(00:28:37):
What's going on in the world of passwords and security lately? Having switched to Bit Warden personally, it's really an amazing platform to be on. In fact, it's super easy to import all of my passwords, set up biometrics and get it going on all my devices. Plus all my family members found it really easy and satisfying to use. Make it a New Year's resolution for better security. Just use Bit Warden now. Bit Warden is the only open source cross-platform password manager that can be used at home, at work, or on the go and it's trusted by millions. Now with Bit Warren, you can securely store credentials across personal and business worlds. January 22nd route to a 28th is Data Privacy Week leading up to Data Privacy Day bit. Warren would like to remind everyone that your data's valuable and so is your privacy. Now all of your data in your, in your Bit Warden Vault is end-to-end encrypted, not just your passwords and Bit Worn doesn't track your data in the mobile apps.
(00:29:34):
Only crash reporting and even that is removed in the Foid installation. Now Bit Warden is open source and invites anyone to review library implementations at any time on GitHub. And also to review the bit warden privacy policies@bitwarden.com slash privacy to protect your personal data and privacy with Bit Warren by adding security to your passwords with strong randomly generated passwords for each account. Go a step further with that username generator as well as Nate unique usernames for every account as well. And even use any of the five integrated email alias services. Bit Worn offers. Email Alias generation with Simple log on a non Addy Firefox Relay FastMail, and now Duck dot Go. Now these services will allow you to create a massed email address. One that you could use for only one website, for example, and forage any of your emails to your primary email account.
(00:30:30):
Really kind of cool. Now, this keeps your main email address out of the databases of the services and sites you sign up for. Now, bit Warn is must need for your business. It's fully customizable and adapts your business needs. Their team's organization option is $3 a month per user and their enterprise organization plan is $5 a month per user share private data securely with coworkers across departments or even your entire company. Now individuals can be using their basic free account forever for unlimited number of passwords or upgrade any time anytime their premium account for less than a dollar a month. Now their family organization option, it gives up to six users premium features for only $3 and 33 cents a month. By the way, that's the one I took advantage of right away. I'm gonna be honest, it was super easy to set up. I can share with the users right away, having used it, other competitors in this space, bit worn beats them hands down in Usbi.
(00:31:24):
I tell you, I set up that home organization right away, gave them access and approved my families in just a couple clicks. At twit, we are fans of Password Managers. Bit Worn is the only open source cross platform password manager that can be used at home on the go or at work and is trusted by millions of individuals, teams, and organizations worldwide. Get started with a free trial of a teams or enterprise plan or get started for free across all devices as an individual user at Bit warden.com/twit. That's bit warden.com/twit. And we thank Bit Warden for their support of this week, an enterprise tech. Well folks, it's my favorite part of the show. The first guest of 2023, and today we have William Morgan. He's creator of Linker d and c e o of Buoyant. Welcome to the show and happy New Year. William.
William Morgan (00:32:17):
Thank you very much and happy New Year to you. It's great to be here. Thank
Louis Maresca (00:32:20):
You. It's great to have you. Now, before we get into the super interesting topic of service mes, cause I'd love to talk about this. We have a large audience and they are you know, different points in their careers and a lot of them like to hear about people's origin stories. Can you take us through a journey through tech and what brought you to Buoyant?
William Morgan (00:32:37):
Sure, yeah. So, you know, a little bit of a winding road, but I guess I was fortunate in that, you know, even when I was a kid, computers were always really exciting for me. And so when I got into college, you know, what I wanted to study was computer science and I got a little distracted with, you know, some other stuff you know, but eventually ended up in this area, you know, this was a little while ago of, of natural language processing, you know, just kind of like a part of AI as is back before AI was cool and, you know, I thought I really wanted to go to to, to stay in, you know, in school and get, you know, PhD and stuff like that. But I, I liked programming too much. So I ended up, you know, getting involved in kinda the startup world and doing a bunch of N L P startups and AI startups and things like that.
(00:33:25):
Finally, I got into I started working at Twitter, which is a very small company at the time. You know, and, and the thing that happened to me there was like you know, I I was getting a little frustrated with kind of the stuff I was working on, but every, all my friends who were working on infrastructure, you know, infrastructure software were having a lot of fun and, and, and were having like this really immediate and kind of profound effect on everyone else in the company. So I kind of gravitated towards that and, you know eventually left Twitter to, to start buoyant, which is now, you know, pure software infrastructure. So that's you know, that's kind of how I ended up here.
Louis Maresca (00:34:02):
Love those types of stories. Well, you know, boys in, in linker d are very specific. They talk about a little bit, obviously maintain and focus on service mesh. Now I already the all over the IT and enterprise sectors. I wanna start really foundationally, what is, what is service mesh and what is that actually do?
William Morgan (00:34:21):
Yeah, yeah. So to get into that, we kind of have to go to you know, some should actually take a step back to like, what, what is the cloud, right? Which is kind of like, you know, where this all, where this all comes from. So the way I think about it is, you know, in the olden days, back when I was young and before we had the cloud, right? We, we had our machines and data centers and, you know, the, the, the data centers gave us a lot of guarantees, right? Like, these were our machines. We bought them, we ran them, we owned the wires that connected them. We owned, you know, the racks and like the locks on the racks. So we had all these guarantees kind of around reliability and security. And now of course, as we move into the cloud, like a lot of those guarantees are no longer there, right?
(00:35:03):
We don't own the hardware, we don't really have a lot of control over it. We don't own the network. It's owned, it's operated by someone else. There's other people running things on that network that we don't know about. Might be competitors, could be anything, right? So you know, all of those guarantees that we used to have at the hardware level, we now basically need to replicate in, in, in software, right? That's, that's kind of the move to the cloud. And so what Linky does, linker D'S a service mesh, that's a tiny part of this broader space of like Kubernetes, which is a tiny part of this broader space, maybe not so tiny part of this broader space of cloud native. And the idea here, you know, the theme through all of this is if we are building our software to run in the cloud, right? Where we don't have any of those guarantees, how do we do that? How do we do it in a predictable way, in a reliable way, in a scalable way, in a secure way, right? A lot of this is down to like, hey, all those locks on the, you know, that we used to have on the cages and the data center, those are long gone. So how do we have those security guarantees in this new world?
Louis Maresca (00:36:03):
Now let's talk a little bit about the current state of service mesh, because I think the fact that it's kind of had a very interesting roadmap traditionally, where, where do you, where's the, what's the current state of service mesh in the enterprise world?
William Morgan (00:36:14):
Yeah, yeah. So, you know, I think we've been fortunate in linky land. This was the first ServiceMesh project, and this was a project to kind of coin the term, you know, and, and when we created linky, we were actually basing it off of some ideas, you know, and, and early on some of the actual code that we had used at Twitter, cuz Twitter at that point, this was, you know, 2015, right? Had just gone through this massive transformation from this monolithic rubion rails, you know application that was kind of falling notorious for falling over right into microservices, basically orchestrated microservices. We didn't really have that word at the time. We called it s o a, you know, but what it was doing, we were running it in Mesos, not in, not in Kubernetes, but those ideas all went into into Linky.
(00:37:00):
And so from those humble or not so humble origins, you know, where things are today, I think is the service measure is largely tied to Kubernetes adoption. And that's for a couple reasons, you know? But you know, if you are, if you as an organization are adopting Kubernetes today, then service mesh is definitely in your vocabulary and probably in your software stack already. And if it's not, then like it's on the roadmap to get there. If you're not adopting Kubernetes, then the equation is a little, little different because the way that the, you know that the service mesh works like any software, there's a trade off, right? There's like what we get and then there's like, what do we, you know, what are we paying, right? What are you paying in complexity? What are you paying in operational overhead? Those, those tradeoffs are very different in the world of Kubernetes versus outside of it.
Louis Maresca (00:37:51):
Now we, we've heard a little bit about the track record and leaving up to now what the state of things that, what I'm actually interested in is what do you see for service mesh, let's say this year, since we're in new year episode, I'm very curious what you see will be happening with service mesh.
William Morgan (00:38:05):
Yeah. Yeah. So, you know, the reason why anyone adopts the service mesh <laugh> reason why this technology exists is because you want to add features around reliability and around OB observability and around, I think most importantly, security. You wanna add those to your application in a way that doesn't involve changing the code of the application, right? And, and that's kind of the, the, the promise of the service message is we can give you these features and we can give them to you in a way where you don't have to go nag the developers or get things onto their roadmap. They can stay focused on the business logic that they're trying to build, right? And the service mesh kind of sits at the platform later. And in fact, the audience for the service mesh is platform owners, right? It's sre, it's DevOps folks, it's Kubernetes operators, right?
(00:38:55):
And I think if you do this right, the developers don't even know what's going on there. So kind of those, those sets of, you know, you know, it's kind of three buckets of features, observability, reliability, and security. Those are the foundations. And I see the, see those being kind of continuing the foundation kind of the, the foundational reasons why anyone adopts the service mesh, whether that was last year or, or you know, five years in the future. Now, what's changing this year? Well, you know, I think there's a continued kind of evolution of how the service mesh is implemented. You know, in in, in the, the way the service mesh works under the hood, you know is maybe horrifying if you're a network engineer or if you're a kernel engineer, cuz it adds lots and lots of user space proxies everywhere, right?
(00:39:41):
Like that's kind of the fundamental operations. Like, you know, next to you know, every instance of every application, right? Gets a little proxy next to it, right? And that proxy mediates the communication between those microservices and, you know, that's, that can be very expensive if those proxies are large and complicated and hard to operate or it can be very cheap if those proxies are very, you know, well defined. And in Lindy's case you know how we, we have this very specific proxy that we've built in the rust programming language, which gives us all sorts of interesting security advantages. You can sidestep, you know, buffer overflow exploits and like all these other CPEs that are kinda endemic to languages like C or c plus plus. And you know, so we avoid a lot of those complications. There's other ServiceMesh implementations that are now struggling with the fact that, okay, the underlying proxy that you're implement, that you're adding, you know, is large and it's complicated and, you know, had a lot of features, that's good.
(00:40:36):
But now we have to go and revisit, okay, well what is the actual trade off here? Right? We're getting all these features, but what is the trade off in terms of resource consumption and what's the trade off? I think most importantly in my mind in terms of the amount of energy that our organization or that our team that our, you know, platform team or our DevOps team needs to spend thinking about this thing and worrying about it and monitoring it and caring for feeding it. So that trade off continues to be, I think is that's, that's probably the gonna be the biggest focus in in 2023.
Louis Maresca (00:41:10):
I want to take just a moment because I, I think that there was an interesting thing that Google was publishing over the last probably pub couple years in, in general, just maybe including in like presentations I watched in the Linux Foundation that they were saying you might not want to use service mesh. And why were they saying that? What was, what was their, what was their beef with it?
William Morgan (00:41:29):
<Laugh>, that's what Google was saying. <Laugh>, that's a little ironic because they also make a, make a service mesh. Yeah, I don't, I don't know. Honestly, that's the, I I think the criticisms of the service mesh, you know, early on certainly were, hey, this was a complicated thing, you know, and it looks scary and I don't want to add 10,000 user space proxies to my Kubernetes cluster, you know, just because someone told me to. And I think that is a very valid, you know, and reasonable point of view. I think, you know, if you fast forward, you know, to, gosh, that was 2015 to now, you know, 2023. I've been at this for eight years, you know, the tradeoffs are pretty well understood and, and certainly from the linky perspective you know, we actually doubled an adoption last year. That's impressive alone. Yeah. Right. And this is a pretty late stage project, you know, this is, we're part of the Cloud native computing foundation, which is the same open source foundation that Kubernetes, you know, owns Kubernetes and Prometheus and a bunch of the other st you know, kind of pillars of, of cloud native computing.
(00:42:30):
And, you know, we're a graduated tier project, so we're already, you know, kinda at the most mature level of ca of, of most the highest level of project maturity, I guess. And despite that, you know, we're still doubling year over year <laugh>. So I think adoption is just you know, if anything it's just gonna keep increasing.
Louis Maresca (00:42:47):
I'm glad you brought up the C N C F cuz I think you guys were the first service message just graduate from that recently, right? Is that
William Morgan (00:42:54):
Yeah, first and only mm-hmm. <Affirmative>. That's right. Yeah. Yeah. And you know, the CMC f I think does a pretty good job at kind of assessing the maturity of projects and they look at, you know, what's the adoption rate? Who's a contributor base, how, you know, what are the practices around this open source project? O open sources, you know, can range wildly from like, oh, this is a, a hobby project that one person does nights and weekends, and if they get bored, then like your so l all the way to, oh, this is open source, but you know, the, I I'm this massive enterprise and I'm having my engineers spend their time on that and we're gonna keep maintaining it or not. You know, <laugh>, like there's a, there's a, there's a wide spectrum of, of possible projects. So the C ntf kind of disentangles some of that in grades, its projects ar around these three levels of maturity. So yeah, linker duty, I'm happy to say it was the first.
Louis Maresca (00:43:44):
Right, right. One thing is interesting, you know, a lot of open source, the advantages obviously is they get a lot of com community engagement, they get a lot of you know, there's a lot more security researching involved. How do you see that, that that's affected linker d Do you, do you feel like it's definitely an advantage for it over some of the other service meshes that are out there?
William Morgan (00:44:05):
Yeah, I think it is. You know, we, I I, I have a long history in open source, you know, I was running Linux on my home PC and like fighting the man, you know, from a stack of FIEs pass around the, the high school lunchroom. But you know, despite that, I tend to be pretty pragmatic about these things. And I think for us, what we cared about most was Linky adoption, right? That was the thing that was really important to us. And by that metric, there's a, you know, there's a huge advantage for it to be open source, a huge advantage for it to be part of the C nnc f everything else in that ecosystem. You know, if you're adopting Kubernetes, pretty much every tooling, every bit of tooling you're using is open source. So for something not to be open source almost, you know, it sticks out.
(00:44:46):
Like, you're like, ah, that's weird. Why is that happening that way? And that's great, you know, it's great for adoption. It means you can develop a community around this. It means you can be, in our case, you know, the thing that we didn't want to do was we didn't want to have, you know, obviously we're a, we're a company, right? There's a, there's a company called Buoyant Behind, behind Linky that is funding it, and then it's, you know, trying to make money off of it. But the thing we didn't wanna do is we didn't want to have, like, feature withholdings. We didn't want to have like the commercial distribution that just had these features that, you know, once you really got into production, you needed those. But if you were just goofing around you know you could use the open source. We wanted everything to go into the open source and, and to be very wholehearted and, and kind of authentic with our community. And that helped a lot. You know, I think especially early on with the community growth around Linky,
Louis Maresca (00:45:36):
I do wanna bring my cot back in. I I have a sense that maybe Curtis, you might have some security questions.
Curtis Franklin (00:45:43):
It's what I do, how, you know, how, how can I avoid it? You know, my one, my first question is, is going to be kind of broad in that we are seeing more and more software supply chain attacks. People know that if they can attack linker D successfully, then they can reach everyone who's using what you do. How seriously do you take that kind of responsibility and without giving away the store, are there things that you are doing to make sure that you are a secure part of that software supply chain?
William Morgan (00:46:28):
Yeah, yeah, that's a great question. So yeah, we take that completely seriously. You know, I, I think we could say, you know, if if we, if we were very different people, we could say, Hey, look, it's open source. You get what you get. You know, you want the guarantees like, you know, come over here and pay us for the commercial distribution. But that, you know, that really wouldn't sit right with, I don't think with any of us, especially since linker D is fundamentally for many people is a security tool, right? They're using it not for supply chain security, but for things like mutual TLS and, and encryption and transit and stuff like that. So you know, but for that to be a valid use case, I think we have to have all of our, you know, our, our entire kind of security posture needs to be in, in, in extremely good shape.
(00:47:11):
So yeah, we sign all of our packages, everything is developed in the open source for one, right? So we have like an audit log, a public audit log of every change. We sign all the packages. So you have you know the ability to tell whether this is like an official container image or, or not. We have public security audits, so the C ntf actually funds these. We go through this process publicly. We post the results, we address the issues if there are any issues. We have, you know, a security mailing list and the ability to report CBEs if we encounter them and, and things like that. So yeah, we, you know, supply chain security, like every other aspect of running a, a security focused project is a big deal for us.
Curtis Franklin (00:47:53):
I, I'm glad to hear that. And I, I've got a follow up on the open source aspect specifically. You know, we've seen not a huge number, but, but a handful of well-publicized cases where there were breaches of what we'll call the open source development model. Someone came in as a maintainer they were malicious in intent and usually on projects that had a single or small number of maintainers, there was a problem. Can you talk to people about what Linker D is doing to show that it is a secure, stable, responsible open source project versus some of the ones that, as you say are hobbyists or even worse?
William Morgan (00:48:50):
Yeah, and you know, I don't want to denigrate hobbyists at all. Like I was a hobbyist open source producer myself for, for years. But I think there is, you know, a very real difference in your ability to put some of these safeguards in place when your open source project is, you know, the, the maintainers are paid by a company to do this full-time and are expected to, you know, have a certain level of professionalism and to adhere to a certain set of security procedures versus like, Hey, I'm just doing this, you know, on, on my own. So, you know, one, one thing that we do is every line of code that gets into lengthy, you know, undergoes code review from least two other maintainers. And so we have two, you know, experts at this, you know, and that, you know, that even that includes code from anyone.
(00:49:39):
You know, it doesn't matter whether you were the, you know Oliver Gould for example, is our, you know, basically our B D F L of of linky, right? He's the one who wrote the proxy, who, who is kind of the, you know, the, the ultimate authority. But even his code gets reviewed by at least two other maintainers who are paid to not only maintain lakey, but to make sure that every line of code that goes in there is defensible. I'd say that's, you know, in terms of kind of protecting against a malicious actor trying to insert naughty code into the system, that's probably the most direct line of defense course of security audits and things like that that happen after the fact. But probably code review is the most direct way to address that.
Curtis Franklin (00:50:25):
So I,
Brian Chee (00:50:26):
I think I'm gonna jump in I'm gonna show my age here, <laugh>. And one of the old tricks that we used to do when things were just getting started and things like squid didn't even exist. We used to use layer, layer four load balancers so that we could hide weak machines, shall we say. We had our bite today we're talking about APIs and how shall we say some APIs are a lot weaker than others. So if I'm one of the old timers scratching my head going how can I fix this when I don't have the budget? Could something like linker D and so forth help me hide some of the old stuff until I actually have budget to go and improve things?
William Morgan (00:51:22):
Yeah. Yeah. There's actually a whole bunch of mechanisms. So I talked about the three values of linky being, you know, observability, reliability, and security. I think what we're talking about now is reliability, right? How do I make it so that, you know, even though I have kind of fundamentally a, a, a weak backing <laugh> to this application, you know, how, how can we add reliability to that system? And so Linky has a couple different mechanisms in play. One is, of course, as you pointed out, load balancing. A really important part of any distributed system is choosing where do we send that, you know, when, where do we send this traffic to here? Linky gets very sophisticated. So you know, it will maintain a load balancing pool with all the possible destinations that Kubernetes says it's available for this service. And then when it sends requests, it's gonna establish HTP two connection to the linker D proxy on the other side.
(00:52:12):
So we only have one TCP connection open, so we don't have to worry about, you know, overloading you know, kind of like contract or whatever, like we might with HTP one. And then we're gonna measure the latency of every request, and we're gonna throw that into an algorithm called umma, exponentially weighted moving average. And that's gonna give us the fastest performing endpoints, and we're gonna shift our traffic so that we hit those endpoints a little bit more. So if you have one endpoint that's slow, and even if it's temporarily slow, like it's going through some kind of garbage collection cycle and you know, for 300 milliseconds it can't do anything, blinky will shift all the traffic away from that, and then we'll sample it and kind of slowly shift traffic back as it comes more online. So that's one automatic automatic mechanism. Of course, we've got other things you can do too.
(00:52:57):
We've got failover mechanics in there, so you can say, this service here, you know, if this starts failing, I want you to automatically shift traffic to the same service, but on this cluster over here, something that's across the zones or something. So if you're running like an active, active setup, you can actually automatically shift traffic, you know, if an individual service fails. And then we've got a bunch of kind of more configurable mechanisms where you can say, I actually want this class of traffic to go over here, you know, even though the client is, you know, expecting one thing. We're actually gonna shift it over here because I have to patch this like issue over here. So there's a variety of mechanisms ranging from the, like fully automatic all the way to you know, the, the manual one. Another big one, which I should, I would be remiss if I didn't point out, is retries and timeouts.
(00:53:44):
So if you are sending a request in this destination, can't handle it in time, then you cut it off and then you can retry and maybe you retry to that same pod, or maybe you retry to one of its peers and you get a certain budget that's allocated to do that. So you're allowed to retry, you know, 10% of your requests. And after that budget then, okay, sorry, the system is like failing on top of that. They're circuit breaking, you know, there, there's a <laugh> Yeah, there's a lot of techniques that linker D brings and that's part of its mission, right? It's like, you know, this is stuff that should not be an application code because it's really complicated to get right, and it's not really specific to your application, right? This is like, this should be part of the underlying platform.
Brian Chee (00:54:26):
Let me, let me ask yet another new question. Yeah. So we're hopefully our viewers are, are staggering in the deployment of their systems. Are there some mechanism as instrumentation so that I could say roll out the new version and not touch the old ones and put some instrumentation there so I could say, oh, it's broke. Roll back please. Yeah,
William Morgan (00:54:52):
Yeah, yeah, exactly. So this is called, you know, sometimes a bluegreen deploy, sometimes a canary deploy. Yeah. So Linky has some, you know, a mechanism by which you can, you've got your existing service, you launched the new version of it, but it's not taking any traffic. And then you slowly shift traffic from the old one to the new one. Linky is also monitoring, you know, so it's giving you, here's your mm-hmm. <Affirmative>, HTP error codes, you know, here's your success rate, here's your latency, and then you can make a decision, okay, we do add a little bit more. Oh, no, no, no, it's going bad. Like <laugh> undo that, right? And in fact, you can add automation on top of that. So you can have an automated system that's doing that gradual progressive rollout based on actual system health metrics. And you can get very sophisticated with these systems, so, yeah. Yeah, absolutely.
Brian Chee (00:55:42):
All right. Last newbie question for you. I'm a corporation or an organization, this sounds good. You're, you're saying a lot of the right things. What kind of homework should I be doing so that we can nudge the process along so that I could go and think about doing some work with buoyant or Linky?
William Morgan (00:56:08):
Yeah. So you know, there's these are not newbie questions by the way, <laugh>. These are excellent questions that, you know I think you know, are, are definitely easy to ask. So I would say you know, o one way, you know, so certainly everything we have about Link, almost everything we have about Linky is out there online, right? The linky to IO has all the docs and, and it's easy to download and get started. If you have access to a functioning Kubernetes cluster, you know, and you know how to use it, you can get linky running in like, you know, probably under five minutes. That's, so that's one side is you can just self-educate. The other extreme of that is you can, you know, you can come talk to us at Buoyant, and we, we will help you as we've helped many other organizations adopt the service mesh.
(00:56:55):
You know, we'll help you, we'll, we'll help you understand exactly which pieces you do need and which pieces you don't, and you know, what parts of your application we can help with and, and so on. And you know, I, I'd say the thing to watch for, the thing to be wary of is the service mesh continues to be a very buzzy space, you know, with that buzz and with that hype means that there's a lot of nonsense out there, frankly. So you have to be very clear when you're reading through all the material and, you know, you start service mesh and there's like, first thing you see is like eight ads. Okay? That's already a sign that like, you know, you're entering, you know, murky waters here. So you have to be very judicious when you're reading through this material, okay, is this marketing or is this real, right? Is this an engineer saying this, or is this like a product marketer saying this? And, but I think if you have that, you know, if you see it through those lens, you can quickly kind of discover what the salient features are on the salient projects and which ones, you know, have, which capabilities. And of course, worst case, download it and, and, and try it yourself, right? That's the beauty of, of open source. There's nothing that really stands between you and the harsh reality of running this thing on your own cluster.
Louis Maresca (00:58:04):
Always try things out. I agree. Thank you, William. Well, it's amazing how time flies when you're having fun. It's great having you on the show. Since we're running low on time though, we wanted to give you a chance to tell the folks so where they can learn more about buoyant, maybe how they get started on some of your cloud offerings.
William Morgan (00:58:18):
Yeah, absolutely. Yeah. So please <laugh> head on over to buoyant.io, or it's B u o y a n t. That's a regular spelling of a regular word, but it is, you know, it's kind of a weird word. We have an automation set of automation software called Buoyant Cloud that will make linky basically a breeze for you to operate. Or of course you can just run linky yourself, see how it goes. You're welcome to, you know, run it without or help, depends whether you wanna be in charge or, you know, whether you wanna feel the pain of running software. Whether you want us to feel the pain of running software, I'm happy either way, as long as you're running Linky.
Louis Maresca (00:58:52):
Thanks, Ken, William. Well, folks, you've done it. Again. You've sat through another o the best dang enterprise podcast in the universe, so def definitely tune your pod catcher. Dwight, I wanna thank everyone who makes this show possible, especially by co-host. Mr. Brian. She Sheever, thanks for being here. What are you doing in the coming weeks? Where could people find you?
Brian Chee (00:59:13):
Not sure actually, <laugh>, I, I seem to have been volunteered somehow to represent our maker space at the central Florida fair. It's actually a 10 day event, so I'm probably gonna be tired. But I also want to go and start making some nice art deco lawn lights, you know, put some art deco over a frosted plastic panel and then put RGB LEDs in there and run it off a solar cell. And that ought to make some very nice little driveway lights. And maybe next year it'll be Christmas presents from my friends. Who knows, right? But anyway, I want to hear from you. I want to hear from our friends and viewers. And the best way actually is Twitter, still Twitter for now, I haven't really made too much of a move to ma on, but I am A D V N E T L A B advanced net lab.
(01:00:16):
I will tend to post a lot of my oceanographic research stuff there. Also my tinkering, and I would love to hear your show ideas. Now, you don't have to throw it on Twitter, you know, especially if you have made the migration to Macedon you're welcome to throw me an email and I am cheaper spelled C H E E D E R T twit tv. Or if you send it to twit twit tv, it'll hit all the hosts. Would love to hear from you, would love to hear your show ideas. And who knows, maybe if you ping me, I might reply with a show date of the topic you are asking for. Who knows. Thanks
Louis Maresca (01:01:03):
Jiver. Appreciate, appreciate you being here. Well, folks, we also have to thank our veryo, Mr. Curtis Franklin. Curtis, what about you? What's coming up for you in the coming weeks? Where could people find you?
Curtis Franklin (01:01:12):
Well as I said earlier, I've got a bunch of research going on and in addition to that Carol and I are both learning l e d programming using Arduino family chips. And that's, that's fun. We got 3D printing going on, we gave each other a pottery wheel for Christmas. So lots and lots of stuff going on and it's gonna be fun to see how we can jam it all together. In addition to that, there are lots of activities for the maker, effects maker space that both Brian and I are members of down here in central Florida. It's fun to be part of a group that promotes STEM education and the arts in central Florida. So between all of that, I think it's gonna keep me off street corners now to pool halls at night and we'll call that a good thing.
Louis Maresca (01:02:02):
Thanks Curtis, for being here. Well, folks, we also have to thank you as well. You're the person who drops in each and every week to listen and to watch our show. And you get your enterprise and it goodness who wanna make it easy for you, listen and catch up on your enterprise and IT news. Go to our show page right now, twit tv slash twi that you'll find all of our amazing back episodes, the show notes, the co-host and info information, of course the guest information and the links of the stories that we do during the show. But more importantly, right there next to those videos, you'll get those helpful. Subscribe and download links. Support the show by getting your audio version video version of your choice. And listen on any one of your devices or your podcast applications, cuz we're on all of them.
(01:02:42):
Definitely subscribe to them and support the show. Now another way to support the show is, and also support twit is Club Twit. That's right. It's a members only ad free podcast service with a bonus TWIT plus fee that you can't get anywhere else. And it's only $7 a month. And I'll tell you, there's a lot of things that are a part of this club twit that give you a lot of advantages. One thing is exclusive access to a members only Discord server. It's a lot of fun on there. Chat with the host, the producers, separate discussion channels, plus they have special events on there. So lots of fun stuff. Definitely join Club twit, be part of that movement. Go to twit.tv/club twit. Now you gotta also remember they also have corporate group group plans as well. That's right for your organization. It's a great way to give access to your, to our Ad Free Tech podcast over there.
(01:03:27):
And plans start with five members at a discounted rate of $6 each per month. And you can add as many seats as you'd like there. It's really a great way for your IT department, your sales department, your developers, any one of them to get access to all of our podcasts. And just like the regular memberships, they can help, they can also join the Discord server and get that TWI plus bonus feed as well. So definitely join club twit, TWIT TV slash club twit. Now also it's time, it's that time of the year. That's right for the twit audience survey. That's what the annual survey helps us understand our audience so we can make your listening experience even better. And this only takes a couple minutes, so definitely check that out. It's twit tv slash survey 23 TWIT TV slash survey 23. Don't wait. The last day to take the survey is January 23rd.
(01:04:12):
Just takes a couple minutes head out there right now if you're listening and check that out and answer those questions. So thank you for your support there. And after you subscribe, definitely impress your family members, your coworkers, your friends with the gift of twit because we, we talk a lot about fun, fun tech topics on this show and I guarantee they will find it fun and interesting as well. And if you've already subscribed that's right, we do this show live on 1:30 PM Pacific on Fridays. You can watch us live on the streams at live dot twi tv, we were on all those streams. We on YouTube live, all those different streams that are out there. Come see how the pizza's made, the behind the scenes, all the fun stuff and the banter that we hear do here on twit Plus, if you're gonna watch the show live, you might as well, you might as well jump into the live chat room as well.
(01:04:53):
We have an IRC chat at, just go to irc dot twit tv, they'll pop you right into the twit live channel right there. We got a lot of great people in the channel there. You can see some of 'em right there on the, on the stream loquacious River, Mike co-ops, a lot of great people in there. So definitely check out the channel and be part of that Tech Dinos in there as well. And also, you know, talk about some topics, send some questions our way. So definitely check out IRC Twitter tv. Definitely hit it. Hit me up at twitter.com/lum. Of course, I post my enterprise tidbits on there. Little things that come up in my life. Of course, I also post on LinkedIn a lot more now, so definitely check me out on there. Hit me up on Louis Moke LinkedIn and oh, my pictures are not showing up there.
(01:05:35):
That's interesting. <Laugh> definitely hit me up there anyways, even though my picture's not there. I, that's me for sure. And you know, if you wanna know what I do during my normal work week at Microsoft, definitely hit me up@developersmicrosoft.com slash office. There we post all the latest and greatest ways to help you customize your office experience to make more powerful for you. I can definitely tell you a lot of organizations out there are starting to take advantage of this to really make their workflows and their processes better and automation. So definitely check out developers.microsoft.com/office now if I wanna make sure, sure. I thank everyone who makes this show possible, especially to Leo and Lisa. Happy new year to them and thank you for all support over the years cuz we couldn't do this weekend enterprise tech without them. And of course, thank you to all the staff and twit engineers because you know what we, again, we couldn't do this show without them as well.
(01:06:24):
I wanna thank also Mr. Brian Chee one more time. He's not only our co-host, but he's also our tireless producer and he does all the show bookings and of course the plannings for the show. So we couldn't do the show without him. So thank you Chiefer, for all your support. And of course, before we sign out, we have to thank our editor for today because they make us look good after the fact. They cut out all my blubbering stuff that I say during the show. So thank you for all of that. And of course, thank you to our TD for today, the talented Mr an Pruitt and he does an amazing cook show called HandsOn Photography and what's going on this week in hands-on photography.
Ant Pruitt (01:06:59):
Well, thank you Mr. Lou. just go around. We decided to amp up your product photography game by grabbing a couple tube lights and implementing some long exposure to really make your product photography shine. So yeah, if you wanna see me look like I'm waving a lightsaber, go check out twit.tv/hop. That's twit tv slash o p for hands on photography.
Louis Maresca (01:07:28):
Love it. Thank you Anne, for being here. Well, until next time, I'm Lewis Mareka just reminding you, if you want to know what's going on in enterprise, just keep quiet.
Announcer (01:07:38):
Hey,
Mikah Sargent (01:07:39):
I, is that an iPhone in your hand? Wait a second. Is that an Apple watch on your wrist? And do I, do I see an iPad sitting there on the table? Oh my goodness. You are the perfect person to be watching iOS today. The show where Rosemary Orchard and I, Mikah Sargent talk all things iOS tv o s watch os, home pod os it's all the OSS that Apple has on offer, and we show you how to make the most of those gadgets. Just head to twit tv slash iOS to check it out.
