>>Good afternoon, brilliant humans, and welcome back to the Cube. We're live in Detroit, Michigan at Cub Con, and I'm joined by John Furrier. John three exciting days buzzing. How you doing? >>That's great. I mean, we're coming down to the third day. We're keeping the energy going, but this segment's gonna be awesome. The CD foundation's doing amazing work. Developers are gonna be running businesses and workflows are changing. Productivity's the top conversation, and you're gonna start to see a coalescing of the communities who are continuous delivery, and it's gonna be awesome. >>And, and our next guess is an outstanding person to talk about this. We are joined by Stephen Chin, the chair of the CD Foundation. Steven, thanks so much for being here. >>No, no, my pleasure. I mean, this has been an amazing week quote that CubeCon with all of the announcements, all of the people who came out here to Detroit and, you know, fantastic. Like just walking around, you bump into all the right people here. Plus we held a CD summit zero day events, and had a lot of really exciting announcements this week. >>Gotta love the shirt. I gotta say, it's one of my favorites. Love the logos. Love the love the branding. That project got traction. What's the news in the CD foundation? I tried to sneak in the back. I got a little laid into your co-located event. It was packed. Everyone's engaged. It was really looked, look really cool. Give us the update. >>What's the news? Yeah, I know. So we, we had a really, really powerful event. All the key practitioners, the open source leads and folks were there. And one of, one of the things which I think we've done a really good job in the past six months with the CD foundation is getting back to the roots and focusing on technical innovation, right? This is what drives foundations, having strong projects, having people who are building innovation, and also bringing in a new innovation. So one of the projects which we added to the CD foundation this week is called Persia. So it's a, it's a decentralized package repository for getting open source libraries. And it solves a lot of the problems which you get when you have centralized infrastructure. You don't have the right security certificates, you don't have the right verification libraries. And these, these are all things which large companies provision and build out inside of their infrastructure. But the open source communities don't have the benefit of the same sort of really, really strong architecture. A lot of, a lot of the systems we depend upon. It's >>A good point, yeah. >>Yeah. I mean, if you think about the systems that developers depend upon, we depend upon, you know, npm, ruby Gems, Mayn Central, and these systems been around for a while. Like they serve the community well, right? They're, they're well supported by the companies and it's, it's, it's really a great contribution that they give us. But every time there's an outage or there's a security issue, guess, guess how many security issues that our, our research team found at npm? Just ballpark. >>74. >>So there're >>It's gotta be thousands. I mean, it's gotta be a lot of tons >>Of Yeah, >>They, they're currently up to 60,000 >>Whoa. >>Vulnerable, malicious packages in NPM and >>Oh my gosh. So that's a super, that's a jar number even. I know it was gonna be huge, but Holy mo. >>Yeah. So that's a software supply chain in actually right there. So that's, that's open source. Everything's out there. What's, how do, how does, how do you guys fix that? >>Yeah, so per peria kind of shifts the whole model. So when, when you think about a system that can be sustained, it has to be something which, which is not just one company. It has to be a, a, a set of companies, be vendor neutral and be decentralized. So that's why we donated it to the Continuous Delivery Foundation. So that can be that governance body, which, which makes sure it's not a single company, it is to use modern technologies. So you, you, you just need something which is immutable, so it can't be changed. So you can rely on it. It has to have a strong transaction ledger so you can see all of the history of it. You can build up your software, build materials off of it, and it, it has to have a strong peer-to-peer architecture, so it can be sustained long term. >>Steven, you mentioned something I want to just get back to. You mentioned outages and disruption. I, you didn't, you didn't say just the outages, but this whole disruption angle is interesting if something happens. Talk about the impact of the developer. They stalled, inefficiencies create basically disruption. >>No, I mean, if, if, so, so if you think about most DevOps teams in big companies, they support hundreds or thousands of teams and an hour of outage. All those developers, they, they can't program, they can't work. And that's, that's a huge loss of productivity for the company. Now, if you, if you take that up a level when MPM goes down for an hour, how many millions of man hours are wasted by not being able to get your builds working by not being able to get your codes to compile. Like it's, it's >>Like, yeah, I mean, it's almost hard to fathom. I mean, everyone's, It's stopped. Exactly. It's literally like having the plug pulled >>Exactly on whenever you're working on, That's, that's the fundamental problem we're trying to solve. Is it, it needs to be on a, like a well supported, well architected peer to peer network with some strong backing from big companies. So the company is working on Persia, include J Frog, which who I work for, Docker, Oracle. We have Deploy hub, Huawei, a whole bunch of other folks who are also helping out. And when you look at all of those folks, they all have different interests, but it's designed in a way where no single party has control over the network. So really it's, it's a system system. You, you're not relying upon one company or one logo. You're relying upon a well-architected open source implementation that everyone can rely >>On. That's shared software, but it's kind of a fault tolerant feature too. It's like, okay, if something happens here, you have a distributed piece of it, decentralized, you're not gonna go down. You can remediate. All right, so where's this go next? I mean, cuz we've been talking about the role of developer. This needs to be a modern, I won't say modern upgrade, but like a modern workflow or value chain. What's your vision? How do you see that? Cuz you're the center of the CD foundation coming together. People are gonna be coalescing multiple groups. Yeah. >>What's the, No, I think this is a good point. So there, there's a, a lot of different continuous delivery, continuous integration technologies. We're actually, from a Linux Foundation standpoint, we're coalescing all the continued delivery events into one big conference >>Next. You just made an announcement about this earlier this week. Tell us about CD events. What's going on, what's in, what's in the cooker? >>Yeah, and I think one of the big announcements we had was the 0.1 release of CD events. And CD events allows you to take all these systems and connect them in an event scalable, event oriented architecture. The first integration is between Tecton and Capin. So now you can get CD events flowing cleanly between your, your continuous delivery and your observability. And this extends through your entire DevOps pipeline. We all, we all need a standards based framework Yep. For how we get all the disparate continuous integration, continuous delivery, observability systems to, to work together. That's also high performance. It scales with our needs and it, it kind of gives you a future architecture to build on top of. So a lot of the companies I was talking with at the CD summit Yeah. They were very excited about not only using this with the projects we announced, but using this internally as an architecture to build their own DevOps pipelines on. >>I bet that feels good to hear. >>Yeah, absolutely. Yeah. >>Yeah. You mentioned Teton, they just graduated. I saw how many projects have graduated? >>So we have two graduated projects right now. We have Jenkins, which is the first graduated project. Now Tecton is also graduated. And I think this shows that for Tecton it was, it was time, the very mature project, great support, getting a lot of users and having them join the set of graduated projects. And the continuous delivery foundation is a really strong portfolio. And we have a bunch of other projects which also are on their way towards graduation. >>Feels like a moment of social proof I bet. >>For you all. Yeah, yeah. Yeah. No, it's really good. Yeah. >>How long has the CD Foundation been around? >>The CD foundation has been around for, i, I won't wanna say the exact number of years, a few years now. >>Okay. >>But I, I think that it, it was formed because what we wanted is we wanted a foundation which was purpose built. So CNCF is a great foundation. It has a very large umbrella of projects and it takes kind of that big umbrella approach where a lot of different efforts are joining it, a lot of things are happening and you can get good traction, but it produces its own bottlenecks in process. Having a foundation which is just about continuous delivery caters to more of a DevOps, professional DevOps audience. I think this, this gives a good platform for best practices. We're working on a new CDF best practices Yeah. Guide. We're working when use cases with all the member companies. And it, it gives that thought leadership platform for continuous delivery, which you need to be an expert in that area >>And the best practices too. And to identify the issues. Because at the end of the day, with the big thing that's coming out of this is velocity and more developers coming on board. I mean, this is the big thing. More people doing more. Yeah. Well yeah, I mean you take this open source continuous thunder away, you have more developers coming in, they be more productive and then people are gonna even either on the DevOps side or on the straight AP upside. And this is gonna be a huge issue. And the other thing that comes out that I wanna get your thoughts on is the supply chain issue you talked about is hot verifications and certifications of code is such big issue. Can you share your thoughts on that? Because Yeah, this is become, I won't say a business model for some companies, but it's also becoming critical for security that codes verified. >>Yeah. Okay. So I, I think one of, one of the things which we're specifically doing with the Peria project, which is unique, is rather than distributing, for example, libraries that you developed on your laptop and compiled there, or maybe they were built on, you know, a runner somewhere like Travis CI or GitHub actions, all the libraries being distributed on Persia are built by the authorized nodes in the network. And then they're, they're verified across all of the authorized nodes. So you nice, you have a, a gar, the basic guarantee we're giving you is when you download something from the Peria network, you'll get exactly the same binary as if you built it yourself from source. >>So there's a lot of trust >>And, and transparency. Yeah, exactly. And if you remember back to like kind of the seminal project, which kicked off this whole supply chain security like, like whirlwind it was SolarWinds. Yeah. Yeah. And the exact problem they hit was the build ran, it produced a result, they modified the code of the bill of the resulting binary and then they signed it. So if you built with the same source and then you went through that same process a second time, you would've gotten a different result, which was a malicious pre right. Yeah. And it's very hard to risk take, to take a binary file Yep. And determine if there's malicious code in it. Cuz it's not like source code. You can't inspect it, you can't do a code audit. It's totally different. So I think we're solving a key part of this with Persia, where you're freeing open source projects from the possibility of having their binaries, their packages, their end reduces, tampered with. And also upstream from this, you do want to have verification of prs, people doing code reviews, making sure that they're looking at the source code. And I think there's a lot of good efforts going on in the open source security foundation. So I'm also on the governing board of Open ssf >>To Do you sleep? You have three jobs you've said on camera? No, I can't even imagine. Yeah. Didn't >>You just spin that out from this open source security? Is that the new one they >>Spun out? Yeah, So the Open Source Security foundation is one of the new Linux Foundation projects. They, they have been around for a couple years, but they did a big reboot last year around this time. And I think what they really did a good job of now is bringing all the industry players to the table, having dialogue with government agencies, figuring out like, what do we need to do to support open source projects? Is it more investment in memory, safe languages? Do we need to have more investment in, in code audits or like security reviews of opensource projects. Lot of things. And all of those things require money investments. And that's what all the companies, including Jay Frogger doing to advance open source supply chain security. I >>Mean, it's, it's really kind of interesting to watch some different demographics of the developers and the vendors and the customers. On one hand, if you're a hardware person company, you have, you talk zero trust your software, your top trust, so your trusted code, and you got zero trust. It's interesting, depending on where you're coming from, they're all trying to achieve the same thing. It means zero trust. Makes sense. But then also I got code, I I want trust. Trust and verified. So security is in everything now. So code. So how do you see that traversing over? Is it just semantics or what's your view on that? >>The, the right way of looking at security is from the standpoint of the hacker, because they're always looking for >>Well said, very well said, New >>Loop, hope, new loopholes, new exploits. And they're, they're very, very smart people. And I think when you, when you look some >>Of the smartest >>Yeah, yeah, yeah. I, I, I work with, well former hackers now, security researchers, >>They converted, they're >>Recruited. But when you look at them, there's like two main classes of like, like types of exploits. So some, some attacker groups. What they're looking for is they're looking for pulse zero days, CVEs, like existing vulnerabilities that they can exploit to break into systems. But there's an increasing number of attackers who are now on the opposite end of the spectrum. And what they're doing is they're creating their own exploits. So, oh, they're for example, putting malicious code into open source projects. Little >>Trojan horse status. Yeah. >>They're they're getting their little Trojan horses in. Yeah. Or they're finding supply chain attacks by maybe uploading a malicious library to NPM or to pii. And by creating these attacks, especially ones that start at the top of the supply chain, you have such a large reach. >>I was just gonna say, it could be a whole, almost gives me chills as we're talking about it, the systemic, So this is this >>Gnarly nation state attackers, like people who wanted serious >>Damages. Engineered hack just said they're high, highly funded. Highly skilled. Exactly. Highly agile, highly focused. >>Yes. >>Teams, team. Not in the teams. >>Yeah. And so, so one, one example of this, which actually netted quite a lot of money for the, for the hacker who exposed it was, you guys probably heard about this, but it was a, an attack where they uploaded a malicious library to npm with the same exact namespace as a corporate library and clever, >>Creepy. >>It's called a dependency injection attack. And what happens is if you, if you don't have the right sort of security package management guidelines inside your company, and it's just looking for the latest version of merging multiple repositories as like a, like a single view. A lot of companies were accidentally picking up the latest version, which was out in npm uploaded by Alex Spearson was the one who did the, the attack. And he simultaneously reported bug bounties on like a dozen different companies and netted 130 k. Wow. So like these sort of attacks that they're real Yep. They're exploitable. And the, the hackers >>Complex >>Are finding these sort of attacks now in our supply chain are the ones who really are the most dangerous. That's the biggest threat to us. >>Yeah. And we have stacker ones out there. You got a bunch of other services, the white hat hackers get the bounties. That's really important. All right. What's next? What's your vision of this show as we end Coan? What's the most important story coming outta Coan in your opinion? And what are you guys doing next? >>Well, I, I actually think this is, this is probably not what most hooks would say is the most exciting story to con, but I find this personally the best is >>I can't wait for this now. >>So, on, on Sunday, the CNCF ran the first kids' day. >>Oh. >>And so they had a, a free kids workshop for, you know, underprivileged kids for >>About, That's >>Detroit area. It was, it was taught by some of the folks from the CNCF community. So Arro, Eric hen my, my older daughter, Cassandra's also an instructor. So she also was teaching a raspberry pie workshop. >>Amazing. And she's >>Here and Yeah, Yeah. She's also here at the show. And when you think about it, you know, there's always, there's, there's, you know, hundreds of announcements this week, A lot of exciting technologies, some of which we've talked about. Yeah. But it's, it's really what matters is the community. >>It this is a community first event >>And the people, and like, if we're giving back to the community and helping Detroit's kids to get better at technology, to get educated, I think that it's a worthwhile for all of us to be here. >>What a beautiful way to close it. That is such, I'm so glad you brought that up and brought that to our attention. I wasn't aware of that. Did you know that was >>Happening, John? No, I know about that. Yeah. No, that was, And that's next generation too. And what we need, we need to get down into the elementary schools. We gotta get to the kids. They're all doing robotics club anyway in high school. Computer science is now, now a >>Sport, in my opinion. Well, I think that if you're in a privileged community, though, I don't think that every school's doing robotics. And >>That's why Well, Cal Poly, Cal Poly and the universities are stepping up and I think CNCF leadership is amazing here. And we need more of it. I mean, I'm, I'm bullish on this. I love it. And I think that's a really great story. No, >>I, I am. Absolutely. And, and it just goes to show how committed CNF is to community, Putting community first and Detroit. There has been such a celebration of Detroit this whole week. Stephen, thank you so much for joining us on the show. Best Wishes with the CD Foundation. John, thanks for the banter as always. And thank you for tuning in to us here live on the cube in Detroit, Michigan. I'm Savannah Peterson and we are having the best day. I hope you are too.

>>Hello and welcome back to the live coverage of the Cube here. Live in Detroit, Michigan for Cub Con, our seventh year covering all seven years. The cube has been here. M John Fur, host of the Cube, co-founder of the Cube. I'm here with Lisa Mart, my co-host, and our new host, Savannah Peterson. Great to see you guys. We're wrapping up day one of three days of coverage, and our guest analyst is Sario Wall, who's the cube analyst who's gonna give us his report. He's been out all day, ear to the ground in the sessions, peeking in, sneaking in, crashing him, getting all the data. Great to see you, Sarvi. Lisa Savannah, let's wrap this puppy up. >>I am so excited to be here. My first coupon with the cube and being here with you and Lisa has just been a treat. I can't wait to hear what you have to say in on the report side. And I mean, I have just been reflecting, it was last year's coupon that brought me to you, so I feel so lucky. So much can change in a year, folks. You never know where you're be. Wherever you're sitting today, you could be living your dreams in just a few >>Months. Lisa, so much has changed. I mean, just look at the past this year. Events we're back in person. Yeah. Yep. This is a big team here. They're still wearing masks, although we can take 'em off with a cube. But mask requirement. Tech has changed. Conversations are upleveling, skill gaps still there. So much has changed. >>So much has changed. There's so much evolution and so much innovation that we've also seen. You know, we started out the keynote this morning, standing room. Only thousands of people are here. Even though there's a mass requirement, the community that is CNCF Co Con is stronger than I, stronger than I saw it last year. This is only my second co con. But the collaboration, what they've done, their devotion to the maintainers, their devotion to really finding mentors for mentees was really a strong message this morning. And we heard a >>Lot of that today. And it's going beyond Kubernetes, even though it's called co con. I also call it cloud native con, which I think we'll probably end up being the name because at the end of day, the cloud native scaling, you're starting to see the pressure points. You're start to see where things are breaking, where automation's coming in, breaking in a good way. And we're gonna break it all down Again. So much going on again, I've overs gonna be in charge. Digital is transformation. If you take it to its conclusion, then you will see that the developers are running the business. It isn't a department, it's not serving the business, it is the business. If that's the case, everything has to change. And we're, we're happy to have Sarib here with us Cube analysts on the badge. I saw that with the press pass. Well, >>Thank you. Thanks for getting me that badge. So I'm here with you guys and >>Well, you got a rapport. Let's get into it. You, I >>Know. Let's hear what you gotta say. I'm excited. >>Yeah. Went around, actually attend some sessions and, and with the analysts were sitting in, in the media slash press, and I spoke to some people at their booth and the, there are a few, few patterns, you know, which are, some are the exaggeration of existing patterns or some are kind of new patterns emerging. So things are getting complex in open source. The lawn more projects, right. They have, the CNCF has graduated some projects even after graduation, they're, they're exploring, right? Kubernetes is one of those projects which has graduated. And on that front, just a side note, the new projects where, which are entering the cncf, they're the, we, we gotta see that process and the three stages and all that stuff. I tweeted all day long, if you wanna know what it is, you can look at my tweets. But when I will look, actually write right on that actually after, after the show ends, what, what I saw there, these new projects need to be curated properly. >>I think they need to be weed. There's a lot of noise in these projects. There's a lot of overlap. So the, the work is cut out for CNCF folks, by the way. They're sort of managerial committee or whatever you call that. The, the people who are leading it, they're try, I think they're doing their best and they're doing a good job of that. And another thing actually, I really liked in the morning's keynote was that lot of women on the stage and minorities represented. I loved it, to be honest with you. So believe me, I'm a minority even though I'm Indian, but from India, I'm a minority. So people who have Punjab either know that I'm a minority, so I, I understand their pain and how hard it is to, to break through the ceiling and all that. So I love that part as well. Yeah, the >>Activity is clear. Yeah. From day one. It's in the, it's in the dna. I mean, they'll reject anything that the opposite >>Representation too. I mean, it's not just that everyone's invited, it's they're celebrated and that's a very big difference. Yeah. It's, you see conferences offer discounts for women for tickets or minorities, but you don't necessarily see them put them running where their mouth is actually recruit the right women to be on stage. Right. Something you know a little bit about John >>Diversity brings better outcomes, better product perspectives. The product is better with all the perspectives involved. Percent, it might go a little slower, maybe a little debates, but it's all good. I mean, it's, to me, the better product comes when everyone's in. >>I hope you didn't just imply that women would make society. So >>I think John men, like slower means a slower, >>More diversity, more debate, >>The worst. Bringing the diversity into picture >>Wine. That's, that's how good groups, which is, which is >>Great. I mean, yeah, yeah, >>Yeah, yeah. I, I take that mulligan back and say, hey, you knows >>That's >>Just, it's gonna go so much faster and better and cheaper, but that not diversity. Absolutely. >>Yes. Well, you make better products faster because you have a variety >>Of perspectives. The bigger the group, there's more debate. More debate is key. But the key to success is aligning and committing. Absolutely. Once you have that, and that's what open sources has been about for. Oh God, yeah. Generations >>Has been a huge theme in the >>Show generations. All right, so, so, >>So you have to add another, like another important, so observation if you will, is that the security is, is paramount right. Requirement, especially for open source. There was a stat which was presented in the morning that 60% of the projects in under CNCF have more vulnerabilities today than they had last year. So that was, That's shocking actually. It's a big jump. It's a big jump. Like big jump means jump, jump means like it can be from from 40 to 60 or or 50 or 60. But still that percentage is high. What, what that means is that lot more people are contributing. It's very sort of di carmic or ironic that we say like, Oh this project has 10,000 contributors. Is that a good thing? Right. We do. Do we know the quality of that, where they're coming from? Are there any back doors being, you know, open there? How stringent is the process of rolling those things, which are being checked in, into production? You know, who is doing that? I've >>Wondered about that. Yeah. The quantity, quality, efficacy game. Yes. And what a balance that must be for someone like CNCF putting in the structure to try and >>That's >>Hard. Curate and regulate and, and you know, provide some bumpers on the bowling lane, so to speak, of, of all of these projects. Yeah. >>Yeah. We thought if anybody thought that the innovation coming from, or the number of services coming from AWS or Google Cloud or likes of them is overwhelming, look at open source, it's even more >>Overwhelming. What's your take on the supply chain discussion? More code more happening. What are you hearing there? >>The supply chain from the software? Yeah. >>Supply chain software, supply chain security pays. Are people talking about that? What are you >>Seeing? Yeah, actually people are talking about that. The creation, the curation, not creation. Curation of suppliers of software I think is best done in the cloud. Marketplaces Ive call biased or what, you know, but curation of open source is hard. It's hard to know which project to pick. It's hard to know which project will pan out. Many of the good projects don't see the day light of the day, but some decent ones like it becomes >>A marketing problem. Exactly. The more you have out there. Exactly. The more you gotta get above the noise. Exactly. And the noise echo that. And you got, you got GitHub stars, you got contributors, you have vanity metrics now coming in to this that are influencing what's real. But sometimes the best project could have smaller groups. >>Yeah, exactly. And another controversial thing a little bit I will say that is that there's a economics of the practitioner, right? I usually talk about that and economics of the, the enterprise, right? So practitioners in our world, in software world especially right in systems world, practitioners are changing jobs every two to three years. And number of developers doubles every three years. That's the stat I've seen from Uncle Bob. He's authority on that software side of things. Wow. So that means there's a lot more new entrance that means a lot of churn. So who is watching out for the enterprise enterprises economics, You know, like are we creating stable enterprises? How stable are our operations? On a side note to that, most of us see the software as like one band, which is not true. When we talk about all these roles and personas, somebody's writing software for, for core layer, which is the infrastructure part. Somebody's writing business applications, somebody's writing, you know, systems of bracket, some somebody's writing systems of differentiation. We talk about those things. We need to distinguish between those and have principle based technology consumption, which I usually write about in our Oh, >>So bottom line in Europe about it, in your opinion. Yeah. What's the top story here at coupon? >>Top story is >>Headline. Yeah, >>The, the headline. Okay. The open source cannot be ignored. That's a headline. >>And what should people be paying attention to if there's a trend coming out? See any kind of trends coming out or any kind of signal, What, what do you see that people should pay attention to here? The put top >>Two, three things. The signal is that, that if you are a big shop, like you'd need to assess your like capacity to absorb open source. You need to be certain size to absorb the open source. If you are below that threshold, I mean we can talk about that at some other time. Like what is that threshold? I will suggest you to go with the managed services from somebody, whoever is providing those managed services around open source. So manage es, right? So from, take it from aws, Google Cloud or Azure or IBM or anybody, right? So use open source as managed offering rather than doing it yourself. Because doing it yourself is a lot more heavy lifting. >>I I, >>There's so many thoughts coming, right? >>Mind it's, >>So I gotta ask you, what's your rapport? You have some swag, What's the swag look >>Like to you? I do. Just as serious of a report as you do on the to floor, but I do, so you know, I come from a marketing background and as I, I know that Lisa does as well. And one of the things that I think about that we touched on in this is, is you know, canceling the noise or standing out from the noise and, and on a show floor, that's actually a huge challenge for these startups, especially when you're up against a rancher or companies or a Cisco with a very large budget. And let's say you've only got a couple grand for an activation here. Like most of my clients, that's how I ended up in the CU County ecosystem, was here with the A client before. So there actually was a booth over there and I, they didn't quite catch me enough, but they had noise canceling headphones. >>So if you just wanted to take a minute on the show floor and just not hear anything, which I thought was a little bit clever, but gonna take you through some of my favorite swag from today and to all the vendors, you know, this is why you should really put some thought into your swag. You never know when you're gonna end up on the cube. So since most swag is injection molded plastic that's gonna end up in the landfill, I really appreciate that garden has given all of us a potable plant. And even the packaging is plantable, which is very exciting. So most sustainable swag goes to garden. Well done >>Rep replicated, I believe is their name. They do a really good job every year. They had some very funny pins that say a word that, I'm not gonna say live on television, but they have created, they brought two things for us, yet it's replicated little etch sketch for your inner child, which is very nice. And given that we are in Detroit, we are in Motor City, we are in the home of Ford. We had Ford on the show. I love that they have done the custom K eight s key chains in the blue oval logo. Like >>Fords right behind us by the way, and are on you >>Interviewed, we had 'em on earlier GitLab taking it one level more personal and actually giving out digital portraits today. Nice. Cool. Which is quite fun. Get lap house multiple booths here. They actually IPOed while they were on the show floor at CubeCon 2021, which is fun to see that whole gang again. And then last but not least, really embracing the ship wheel logo of a Kubernetes is the robusta accrue that is giving out bucket hats. And if you check out my Twitter at sabba Savvy, you can see me holding the ship wheel that they're letting everyone pose with. So we are all in on Kubernetes. That cove gone 2022, that's for sure. Yeah. >>And this is something, day one guys, we've got three. >>I wanna get one of those >>Hats. We we need to, we need a group photo >>By the end of Friday we will have a beverage and hats on to sign off. That's, that's my word. If I can convince John, >>Don, what's your takeaway? You guys did a great kind of kickoff about last week or so about what you were excited about, what your thoughts were going to be. We're only on day one, There's been thousands of people here, we've had great conversations with contributors, the community. What's your take on day one? What's your, what's your tagline? >>Well, Savannah and I had at we up, we, we were talking about what we might see and I think we, we were right. I think we had it right. There's gonna be a lot more people than there were last year. Okay, check. That's definitely true. We're in >>Person, which >>Is refreshing. I was very surprised about the mask mandate that kind of caught me up guard. I was major. Yeah. Cause I've been comfortable without the mask. I'm not a mask person, but I had to wear it and I was like, ah, mask. But I understand I support that. But whatever. It's >>Corporate travel policy. So you know, that's what it is. >>And then, you know, they, I thought that they did an okay job with the gates, but they wasn't slow like last time. But on the content side, definitely Kubernetes security, top line headline, Kubernetes at scale security, that's, that's to me the bumper sticker top things to pay attention to the supply chain and the role of docker and the web assembly was a surprise. You're starting to see containers ecosystem coming back to, I won't say tension growth in the functionality of containers cuz they have to solve the security problem in the container images. Okay, you got scanning technology so it's a little bit in the weeds, but there's a huge movement going on to fix that problem to scale it so it's not a problem area contain. And then Dr sent a great job with productivity interviews. Scott Johnston over a hundred million in revenue so far. That's my number. They have not publicly said that. That's what I'm reporting from sources extremely well financially. And they, and they love their business model. They make productivity for developers. That's a scoop. That's new >>Information. That's a nice scoop we just dropped there on the co casually. >>You're watching that. Pay attention to that. But that, that's proof. But guess what, Red Hat's got developers too. Yes. Other people have to, So developers gonna go where it's the best. Yeah. Developers are voting with their code, they're voting with their feet. You will see the winners with the developers and that's what we've talked about. >>Well and the companies are catering to the developers. Savannah and I had a great conversation with Ford. Yeah. You saw, you showed their fantastic swag was an E for Ev right behind us. They were talking about the, all the cultural changes that they've really focused on to cater towards the developers. The developers becoming the influencers as you say. But to see a company that is as, as historied as Ford Motor Company and what they're doing to attract and retain developer talent was impressive. And honestly that surprised me. Yeah. >>And their head of deb relations has been working for, for, for 29 years. Which I mean first of all, most companies on the show floor haven't been around for 29 years. Right. But what I love is when you put community first, you get employees to stick around. And I think community is one of the biggest themes here at Cuco. >>Great. My, my favorite story that surprised me and was cool was the Red Hat Lockheed Martin interview where they had edge deployments with micro edge, >>Micro shift, >>Micro >>Shift, new projects under, there's, there are three new projects under, >>Under that was so, so cool because it was an edge story in deployment for the military where lives are on the line, they actually had it working. That is a real world example of Kubernetes and tech orchestrating to deploy the industrial edge. And I think that's proof in my mind that Kubernetes and this ecosystem is gonna move faster through this next wave of growth. Because once things start clicking, you get hybrid on premise to super cloud and edge. That was, that was my favorite cause it was real. That was real >>Story that it can make is literally life and death on the battlefield. Yeah, that was amazing. With what they're doing and what >>They're talking check out the Lockheed Martin Red Hat edge story on Silicon Angle and then a press release all pillar. >>Yeah. Another actually it's impressive, which we knew this which is happening, but I didn't know that it was happening at this scale is the finops. The finops is, I saw your is a discipline which most companies are adopting bigger companies, which are spending like hundreds of millions dollars in cloud average. Si a team size of finops for finops is seven people. And average number of tools is I think 3.5 or around 3.7 or something like that. Average number of tools they use to control the cost. So finops is a very generic term for years. It's not financial operations, it's the financial operations for the cloud cost, you know, containing the cloud costs. So that's a finops that is a very emerging sort of discipline >>To keep an eye on. And well, not only is that important, I talked to, well one of the principles over there, it's growing and they have real big players in that foundation. Their, their events are highly attended. It's super important. It's just, it's the cost side of cloud. And, and of course, you know, everyone wants to know what's going on. No one wants to leave there. Their Amazon on Yeah, you wanna leave the lights on the cloud, as we always say, you never know what the bill's gonna look like. >>The cloud is gonna reach $3 billion in next few years. So we might as well control the cost there. Yeah, >>It was, it was funny to get the reaction I found, I don't know if I was, how I react, I dunno how I felt. But we, we did introduce Super Cloud to a couple of guests and a, there were a couple reactions, a couple drawn. There was a couple, right. There was a couple, couple reactions. And what I love about the super cloud is that some people are like, oh, cringing. And some people are like, yeah, go. So it's a, it's a solid debate. It is solid. I saw more in the segments that I did with you together. People leaning in. Yeah. Super fun. We had a couple sum up, we had a couple, we had a couple cringes, I'll say their names, but I'll go back and make sure I, >>I think people >>Get 'em later. I think people, >>I think people cringe on the, on the term not on the idea. Yeah. You know, so the whole idea is that we are building top of the cloud >>And then so I mean you're gonna like this, I did successfully introduce here on the cube, a new term called architectural list. He did? That's right. Okay. And I wanna thank Charles Fitzgerald for that cuz he called super cloud architectural list. And that's exactly the point of super cloud. If you have a great coding environment, you shouldn't have to do an architecture to do. You should code and let the architecture of the Super cloud make it happen. And of course Brian Gracely, who will be on tomorrow at his cloud cast said Super Cloud enables super services. Super Cloud enables what Super services, super service. The microservices underneath the covers have to be different. High performing, automated. So again, the debate and Susan, the goal is to keep it open. And that's our, that's our goal. But we had a lot of fun with that. It was fun to poke the bear a little bit. So >>What is interesting to see just how people respond to it too, with you throwing it out there so consistently, >>You wanna poke the bear, get a conversation going, you know, let let it go. We'll see, it's been positive so far. >>There, there I had a discussion outside somebody who is from Ford but not attending this conference and they have been there for a while. I, I just some moment hit like me, like I said, people, okay, technologists are horizontal, the codes are horizontal. They will go from four to GM to Chrysler to Bank of America to, you know, GE whatever, you know, like cross vertical within vertical different vendors. So, but the culture of a company is local, right? Right. Ford has been building cars for forever. They sort of democratize it. They commercialize it, right? But they have some intense culture. It's hard to change those cultures. And how do we bring in the new thinking? What is, what approach that should be? Is it a sandbox approach for like putting new sensors on the car? They have to compete with te likes our Tesla, right? Yeah. But they cannot, if they are afraid of deluding their existing market or they're afraid of failure there, right? So it's very >>Tricky. Great stuff. Sorry. Great to have you on as our cube analyst breaking down the stories. We'll document that, that we'll roll out a post on it. Lisa Savannah, let's wrap up the show for day one. We got day two and three. We'll start with you. What's your summary? Quick bumper sticker. What's today's show all about? >>I'm a community first gal and this entire experience is about community and it's really nice to see the community come together, celebrate that, share ideas, and to have our community together on stage. >>Yeah. To me, to me it was all real. It's happening. Kubernetes cloud native at scale, it's happening, it's real. And we see proof points and we're gonna have faster time to value. It's gonna accelerate faster from here. >>The proof points, the impact is real. And we saw that in some amazing stories. And this is just a one of the cubes >>Coverage. Ib final word on this segment was well >>Said Lisa. Yeah, I, I think I, I would repeat what I said. I got eight, nine years back at a rack space conference. Open source is amazing for one biggest reason. It gives the ability to the developing nations to be at somewhat at par where the dev develop nations and, and those people to lift up their masses through the automation. Cuz when automation happens, the corruption goes down and the economy blossoms. And I think it's great and, and we need to do more in it, but we have to be careful about the supply chains around the software so that, so our systems are secure and they are robust. Yeah, >>That's it. Okay. To me for SAR B and my two great co-host, Lisa Martin, Savannah Peterson. I'm John Furry. You're watching the Cube Day one in, in the Books. We'll see you tomorrow, day two Cuban Cloud Native live in Detroit. Thanks for watching.

>>Good afternoon everyone, and welcome back to Cuan where my cohost John Farer and I are broadcasting live, along with Lisa Martin from Cuan Detroit, Michigan. We are joined this afternoon by two very interesting gentlemen who also happen to be legends on the cube. John, how long have you known the next few? They've, >>They've made their mark on the cube with Jerry Chen from Greylock was one of our most attended cube guests. He's a VC partner at Greylock and an investor and this company that just launched their new cloud observability platform should be a great segment. >>Well, I'm excited. I are. Are you excited? Should I string this out just a little bit longer? No, I won't. I won't do that to you. Please welcome Martin and Jeff from Chronosphere Martin. Jeff, thank you so much for being >>Here. Thank you for having us. Thank you. >>I noticed right away that you have raised a mammoth series C. Yeah. 200 million if I'm not mistaken. >>That is correct. >>Where's the company at? >>Yeah, so we raised that series C a year ago. In fact, we were just talking about it a year ago at Cub Con. Since then, at the time we're about 80 employees or so. Since then, we've tripled the headcount, so we're over 200 people. Casual, triple casual, triple of the headcount. Yeah. Luckily it was the support of business, which is also tripled in the last year. So we're very lucky from that perspective as well. And a couple of other things we're pretty proud of last year. We've had a hundred percent customer retention, which is always a great thing to have as a SaaS platform there. >>Real metric if you've had a hundred percent. I'm >>Kidding. It's a good metric to, to put out there if you had a hundred percent. I would say for sure. It's an A for sure and exactly welcome to meet >>Anyone else who's had a hundred percent >>Customer attention here at coupon this week and 90% of our customers are using more of the service and, and you know, therefore paying more for the service as well. So those are great science for us and I think it shows that we're clearly doing something right on the product side. I would say. And >>Last and last time you're on the cube. We're talking about about the right data. Not so much a lot of data, if I remember correctly. Yeah, a hundred percent. And that was a unique approach. Yeah, it's a data world on relative observability. And you guys just launched a new release of your platform, cloud native platform. What's new in the platform? Can you share an update on what you guys release? >>Yeah, well we did and, and you, you bring up a great point. You know, like it's not just in observably but overall data is exploding. Alright, so three things there. It's like, hey, can your platform even handle the explosion of data? Can it control it over time and make sure that as your business grows, the data doesn't continue explode at the same time. And then for the end users, can they make sense of all this data? Cuz what's the point of having it if the end users can't make sense of it? So actually our product announcement this time is a pretty big refresh of, of a lot of features in our, in our platform. And it actually tackles all three of these particular components. And I'll let Jeff, our head of product, Doug, >>You, you run product, you get the keys to the kingdom, I do product roadmap. People saying, Hey this, take this out. You're under a lot of pressure. What makes the platform platform a great observability product? >>So the keystone of what we do that's different is helping you control the data, right? As we're talking about there's an infinite amount of data. These systems are getting more and more and more complicated. A lot of what we do is help you understand the utility of the telemetry so that you can optimize for keeping and storing and paying for the data that's actually helpful as opposed to the stuff that isn't. >>What's the benefit now with observability, with all the noise out in the marketplace, there's been a shift over the past couple years. Cloud native at scale, you're seeing a lot more automation, almost a set to support the growth for more application development. We had a Docker CEO on earlier today, he said there are more applications being deployed in the past year than in the history of open source. So more and more apps are being deployed, more data's being generated. What's the key to observability right now that's gonna separate the winners from the losers? >>Yeah, I think, you know, not only are there more applications being deployed, but there are smaller and small applications being deployed mostly on containers these days more than if they, hence this conference gets larger and larger every year. Right? So, you know, I think the key is a can your system handle this data explosion is, is the first thing. Not only can it handle the data explosion, but you know, APM solutions have been around for a very long time and those were really introspecting into an application. Whereas these days what's more important is, well how is your application interfacing with every other application in your distributed architecture there, right? So the use case is slightly different there. And then to what Jeff was saying is like once the data is there, not only making use of what is actually useful to you, but then having the end user make sense of it. >>Because we, we, we always think about the technology changes. We forget that the end users are different now we used to have IT operations team operating everything and the developers would write the application, just throw it over the wall. These days the developers have to actually operate this thing in production. So the end users of these systems are very different as well. And you can imagine these are folks, your average developer as maybe not operated things for many years in production before. So they need to, that they need to pick up a new skill set, they need to use new tooling in order to, to do that. So yeah, it's, it's, >>And you got the developer persona, you got a developer that's building products for builders and developers that are building products to be consumed. So they're not, they're not really infrastructure builders, they're just app developers. >>Exactly. Exactly. That's right. And that's what a lot of the new functionality that we're introducing here at the show is all about is helping developers who build software by day and are on call by night, actually get in context. There's so much data chances of when that, when one of those pages goes off and your number comes up, that the problem happens to be in the part of the system that you know a lot about are pretty low, chances are you're gonna get bothered about something else. So we've built a feature, we call it collections that's about putting you in the right context and connecting you into the piece of the system where the problem is to orient you and to get you started. So instead of waiting through, through hundreds of millions of things, you're waiting through the stuff that's in the immediate neighborhood of where the >>Problem is. Yeah. To your point about data, you can't let it go unchecked. That's right. You gotta gotta understand that. And we were talking about containers again with, again with docker, you know, nuance point, but oh, scan your container. But not everyone's scanning the containers security nightmare, right? I mean, >>Well I think one of the things that I, I loved in reading the notes in preparation for you coming up is you've actually created cloud native observability with the goal of eliminating engineering burnout. And what you're talking about there is actually the cognitive burden of when things happen. Yeah, for sure. We we're, you know, we're not just designing for when everything goes right, You need to be prepared for when everything goes wrong and that poor lonely individual in the middle of the night has, it's >>A tough job. >>Has to navigate that >>And, and observability is just one thing you gotta mean like security is another thing. So, so many more things have been piled on top of the developer in addition to actually creating the application. Right? It is. There is a lot. And you know, observably is one of those key things you need to do your job. So as much as, as much as we can make that easier, that's a better bit. Like there are so many things being piled on right now. >>That's the holy grail right there. Because they don't want to be doing exactly >>The work. Exactly. They're not observability experts. >>Exactly. And automating that in. So where do you guys weigh in on the automation wave? Everything's automation. Yeah. Is that kind of a hand waving or what's going on? What's the reality? What's actually happening? >>Yeah, I think automation I think is key. You hear a lot of ai ml ops there. I, I don't know if I really believe in that or having a machine self heal itself or anything like that. But I think automation is key because there are a lot of repeatable tasks in a lot of what you're doing. So once you detect that something goes wrong, generally if you've seen it before, you know what the fix is. So I think automation plays a key on the sense that once it's detected again the second time, the third time, okay, I know what I did the previous time, let, let's make sure we can do that again. So automation I think is key. I think it helps a lot with the burnout. I dunno if I'd go as far as the >>Same burnout's a big deal. >>Well there's an example again in the, in the stuff we're releasing this week, a new feature we call query accelerator. That's a form of automation. Problem is you got all this data, mountain of data, put you in the right context so you're at least in the right neighborhood, but now you need to query it. You gotta get the data to actually inform the specific problem you're trying to solve. And the burden on the developer in that situation is really high. You have to know what you're looking for and you have to know how to efficiently ask for it. So you're not waiting for a long time and >>We >>Built a feature, you tell us what you want, we will figure out how to get it for you efficiently. That's the kind of automation that we're focused on. That's actually a good service. How can we, it >>Sounds >>Blissful. How can we accelerate and optimize what you were gonna do anyway, rather than trying to read your mind or predict the future. >>Yes, >>Savannah, some community forward. Yeah, I, I'm, so I'm curious, you, you clearly lead with a lot of empathy, both of you and, and putting your, well you probably have experience with this as well, but putting your mind or putting yourself in the mind to the developer are, what's that like for you from a product development standpoint? Are you doing a lot of community engagement? Are you talking to developers to try and anticipate what they're gonna be needing next in terms of, of your offering? Or how has that work >>For you? Oh, for sure. So, so I run product, I have a lot of product managers who work for me. Somebody that I used to work with, she was accusing me, but what she called, she called me an anthropologist of a product manager. I >>Get these kind of you, the very good design school vibes from you both of you, which >>Is, and the reason why she said the way you do this, you go and you live with them in order to figure out what a day in their life is really like, what the job is really like, what's easy, what's hard. And that's what we try to aim at and try to optimize for. So that's very much the way that we do all of >>Our work. And that's really also highlights the fact that we're in a market that requires acute realtime data from the customer. Cause it's, and it's all new data. Well >>Yeah, it's all changing. The tools change every day. I mean if we're not watching how, and >>So to your point, you need it in real time as well. The whole point of moving to cloud native is you have a reliable product or service there. And like if you need to wait a few minutes to even know that something's wrong, like you've already lost at that point, you've already lost a ton of customers, potentially. You've already lost a ton of business. You know, to your point about the, the community earlier, one other thing we're trying to do is also give back to the community a little bit. So actually two days ago we just announced the open source of a tool that we've been using in our product for a very long time. But of course our product is, is a paid product, right? But actually open source a part of that tool thus that the broader community can benefit as well. And that tool which, which tool is that? It's, it's called Prom lens. And it's actually the Prometheus project is the open sourced metrics project that everybody uses. So this is a query builder that helps developers understand how to create queries in a much more efficient way. We've had in our product for a long time, but we're like, let's give that back to the community so that the broader community of developers out there can have a much easier time creating these queries as well. What's >>Been the feedback? >>We only now it's two days ago so I'm not, I'm not exactly sure. I imagine >>It's great. They're probably playing with it right now. >>Exactly. Exactly. Exactly. For sure. I imagine. Great. >>Yeah, you guys mentioned burnout before and we heard this a lot now you mentioned in terms of data we've been hearing and reporting about Insta security world, which is also data specific observability ties right into security. Yep. How does a company figure out, first of all, burnout's a big problem. It's more and more data coming. It's like, it's like doesn't stop and the breaches are coming too. How does a company know when they need that their observability strategy is broken? Is there sig signs of you know, burnout? Is there signs of breaches? I mean, what are some of the tell signs that if I'm a CSO I go, you know what, maybe I should check out promisee. When do, when do you guys match in and go we're a perfect fit to solve that problem? >>Yeah, I, I would say, you know, because we're focused on the observability side, less so on the security side, some of those signals are like how many incidents do you have? How many outages do you have? What's the occurrence of these things and how long does it take to recover from from from these particular incidents? How >>Upsetting are we finding customers? >>Upsetting are >>Customer. Exactly. >>And and one trend was seeing >>Not churn happening. Exactly. >>And one trend we're seeing in the industry is that 68% of companies are saying that they're having more incidents over time. Right. And if you have more incidents, you can imagine more engineers are being paid, are being woken up and they're being put under more stress. And one thing you said that very interesting is, you know, I think generally in the observability world, you ideally actually don't want to figure out the problem when it goes wrong. Ideally what you want to do these days is figure out how do I remediate this and get the business back to a running state as quickly as I can. And then when the business isn't burning, let me go and figure out what the underlying root cause is. So the strategy there is changed as well from the APM days where like I don't want to figure out the problem in real time. I wanna make sure my business and my service is running as it should be. And then separately from that, once it is then I wanna go >>Under understand that assume it's gonna happen, be ready to close that isolate >>The >>Fire. Exactly. Exactly. And, and you know, you can imagine, you know the whole movement towards C I C D, like generally when you don't touch a system, nothing goes wrong. You deploy change, first thing you do is not figure out why you change break thing. Get that back like underplay that change roll that change back, get your business back to a estate and then take the time where you're not under pressure, you're not gonna be burnt out to figure out what was it about my change that that broke everything. So, yeah. Got >>It. >>Well it's not surprising that you've added some new exciting customers to the roster. We have. We have. You want to tell the audience who they might >>Be? Yes. It's been a few big names in the last year we're pretty excited about. One is Snapchat, I think everybody knows, knows that application And one is Robin Hood. So you know, you can imagine very large, I'll say tech forward companies that have completed their migrations to, to cloud native or a wallet on their way to Cloudnative and, and we like helping those customers for sure. We also like helping a lot of startups out there cause they start off in the cloud native world. Like if you're gonna build a business today, you're gonna use Kubernetes from day one. Right? But we're actually interestingly seeing more and more of is traditional enterprises who are just early, pretty early on in their cloudnative migration then now starting to adopt cloud native at scale and now they're running to the same problems. As well >>Said, the Gartner data last year was something like 85% of companies had not made that transformation. Right. So, and that, I mean that's looking at larger scale companies, obviously >>A hundred, you're >>Right on the pulse. They >>Have finished it, but a lot of them are starting it now. So we're seeing pilot >>Projects, testing and cadence. And I imagine it's a bit of a different pace when you're working with some of those transforming companies versus those startups that are, are just getting rolling. I >>Love and you know, you have a lot of legacy use case you have to, like, if you're a startup, you can imagine there's no baggage, there's no legacy. You're just starting brand new, right? If you're a large enterprise, you have to really think about, okay, well how do I get my active business moved over? But yeah. >>Yeah. And how do you guys see the whole cloud native scale moving with the hyper scales? Like aws? You've got a lot of multi-cloud conversation. We call it super cloud in our narrative, but there's now this new, we're gonna get some of common services being identified. We're seeing a, we're seeing a lot more people recognize and with Kubernetes that hey, you know what, you could get some common services maybe across clouds with SOS doing storage. We got Min iOS doing some storage. Yeah. Cloud flare, I mean starting to see a lot more non-hyper scale systems. >>Yeah, I mean I, and I think that's the pattern there and I think it, it's, especially for enterprise at the top end, right? You see a, a lot of companies are trying to de-risk by saying, Hey, I, I don't want to bet maybe on one cloud provider, I sort of need to hedge my bets a little bit. And Kubernetes is a great tool to go do that. You can imagine some of these other tools you mentioned is a great way to do that. Observability is another great way to do that. Or the cloud providers have their observability or monitoring tooling, but it's really optimized just for that cloud provider, just for those services there. So if you're really trying to run either your custom applications or a multi-cloud approach, you really can't use one cloud providers solution to go solve that problem. Do you >>Guys see yourselves with that unifying >>Layer? We, we, we are a little bit as that lay because it's agnostic to each of the cloud providers. And the other thing is we actually like to understand where our customers run and then try to run their observability stack on a different cloud provider. Cuz we use the cloud ourselves. We're not running our own data centers of course, but it's an interesting thing where everybody has a common dependency on the cloud provider. So when us e one ofs hate to call them out, but when us E one ofs goes down, imagine half the internet goes down, right? And that's the time that you actually need observability. Right? Seriously. And every other tooling there. So we try to find out where do you run and then we try to actually run you elsewhere. But yeah, >>I like that. And nobody wants to see the ugly bits anyway. Exactly. And we all know who when we're all using someone when everything >>Exactly. Exactly, exactly. >>People off the internet. So it's very, I, I really love that. Martin, Jeff, thank you so much for being here with us. Thank you. What's next? What, how do people find out, how do they get one of the jobs since three Xing your >>Employee growth? We're hiring a lot. I think the best thing is to go check out our website chronosphere.io. You'll find out a lot about our, our, our careers, our job openings, the culture we're trying to build here. Find out a lot about the product as well. If you do have an observability problem, like that's the best place to go to find out about that as well. Right. >>Fantastic. Well if you want to join a quarter billion, a quarter of a billion dollar rocket ship over here and certainly a unicorn, get in touch with Martin and Jeff. John, thank you so much for joining me for this very special edition and thank all of you for tuning in to the Cube live here from Motor City. My name's Savannah Peterson and we'll see you in a little bit. >>Robert Herbeck. People obviously know you from Shark Tanks, but the Herbeck group has been really laser focused on cyber security. So I actually helped to bring my.