>>mhm. Hello and welcome to the cubes Ducker con coverage. I'm John Ferry, host of the Cube. We've got a great segment here with slim dot AI CEO John Amaral. Stealth mode, SAS Company. Start up in the devops space with tools today and open source around. Supply chain security with containers closed beta with developers. John, Thanks for coming on. Congratulations for being platinum sponsor here, Dr Khan. Thanks for coming on The Cube. >>Thanks so much on my pleasure. >>You know, container analysis, management optimisation. You know, that's super important. But security is at the centre of all the action we're seeing with containers. We've been talking shift left on a lot of cube conversations. What that means? Is it an outcome? Is that the product software supply chain? You seek them? A secure where malware. All these things are part of now the new normal in cloud Native. You guys at the centre of this, the surface areas change. All these things are important. Take a minute to explain what you guys are doing as a as a tools and open source. Some of the things you're doing, I know you got a stealth mode product. You probably can't talk about. But you gotta close, Beta. Can you give us a little bit of a teaser? What slim dot ai about >>sure. So someday I is about helping developers build secure containers fast, and that really plays to a few trends in the marketplace that are really apparent and important right now in a federal mandate and a bunch of really highly publicised breaches that have all been caused by software supply, chain risks and security and software supply, chain security has become a really top of mind concept for people who secure things and people who develop software and runs. SAS so slim that AI has built a bunch of capabilities and tools that allow software developers at their desks to better understand and build secure containers that really reduce software supply. Chain risk as you think about containers being run in production. And we do three things to help developers one, as we help them know everything about their software. It's a kind of a core concept of suffering supply chain security. Just know what software is in your containers to. Another core concept is only ship to production. What you need to run. That's all about risk surface and the ability for you to easily make a container small that has as much a software reduction in it as possible. And three, it's removed as many vulnerabilities as possible to Slim Toolset. Both are open source and our SAS data platform make that easy for developers to do >>so. Basically, you have a nice, clean, secure environment. Know what's in there. Don't only put in production was needed and make sure it's tight and it's trimmed down perfectly. So you're kind of teasing out this concept of slimming, which is in the name of the company. But it really is about surface area of attack around containers and super important as it becomes more and more prominent in the environment these days. What is container slimming and why is it important for supply chain security? >>Sure. So in the in the in the realm of software supply chain security, best practises right, there are three core concepts. One is the idea of an S bahn that you should know the inventory of all the software that runs in your world to its security posture, signing containers, making sure that the authenticity of the software that you use and production is well understood. And the third is, well, managing exactly what shopper you ship. The first two things I said are simply just inventory and basics about knowing what software you have. But no one answers the question. What software do I need? So I run a container and say, It's a gig and it's got all these packages in. It comes from the operating system from note, etcetera. It's got all this stuff in it. I know the parts that I write my code to. But all that other stuff, what is it? Why is it there? What's the risk in it? That slimming part is all about managing the list of things you actually shipped to the absolute minimum and with confidence that you know that that code will actually work when it gets production but be as small as possible. That's what slimming is all about, and it really reduces supply chain risk by lowering the attack surface in your container, but also trimming your supply chain to only the minimum pieces you need, which really causes a lot of improvements in in the operational overhead of having software supply chain security >>It's interesting as you get more more volume and velocity around containers, uh, and automation kicks in. Sometimes things are turning on and off you don't even know. And shift left has been a great trend for getting in the CI CD pipeline for developer productivity. Really cool. What are some of the consequences that's going on with this? Because then you start to get into some of these areas like some stuff happens that the developers have to come shift back and can take care of stuff. So, you know, C. Tus and CSOs are really worried about this container dynamic. What's the What's the new thing that's causing the problems here? What's the issue around the management that CDOs and CDOs care about? >>Sure. And I'll talk about the shift left implications as well for that exact point. So as you start to worry about software supply, chain security and get a handle on all the software you ship to prod well, part of that is knowledge is power. But it's also, um, risk and work as soon as I know about problems with my containers or the risk surface, and I got to do something about it so we're really getting into the age where everyone has to know about the software they ship. As soon as you know about that, say there's a vulnerability or a package that's a little risky or some surface area you don't really understand. The only place that can be evaded is by going back to the developers and asking them. What is that? How do I remove it? Please do that work. So the software supply chain security knowledge turns into developer security work. Now the problem is, is that historically, the knowledge was imperfect, and the developer, you know, involvement in that was, I'd say, at Hawk, meaning that developers had best practises that did the best they could. But the scrutiny we have now on minimising this kind of risk is really high. The beautiful part about containers is their portable, and it's an easily transferrable piece of software. So you have a lot of producers and a lot of consumers of containers. Consumers of containers that care about supply chain risk are now starting to push back on, producers saying, Take those vulnerabilities out, move those packages, make this thing more secure, lower the risk profile this works its way all the way back to the developers who don't really have the tools, capabilities and automation is to do the work I just described easily, and that's an opportunity that Slim is really addressing, making it easy for developers to remove risk. >>And that's really the consequences of shifting left without having the slimming. Because what you're saying is your shift left and that's kind of annulled out because you've got to go back and fix it. The work comes, >>that's right. And yeah, and it's not an easy task for a developer to understand the code that they didn't intentionally put in the container. It's like, Okay, there's a package in that operating system. What does it do? I don't know. Do I even use it? I don't know. So there's like tonnes of analytic and I would say even optimisation questions and work to be done, but they're just not equipped to, because the tooling for that is really immature Slims on a mission to make that really easy for them and do it automatically so they don't have to think about it. We just automatically remove stuff you don't use and voila! You've got this like perfectly pre optimised capability. >>You know, this suffer supply chain is huge, and I remember when open source started when I remember when I was breaking into the business. Now it's such a height in such an escalation of new developers. This it's a real issue that that's going to be resolved. It has to be because supply chain is part of open source, right? As more code comes in, you got to verify. You gotta make sure it's it's slimming where it needs to be slim and optimised. There needs to be optimised, huge trend. Um and so I just love this area. I think it's really innovative and needed. So congratulations on that, you know, have one more question for you before we get into to close out. Um, you guys are part of the Docker Extensions launch and your partner, >>Why >>is this important to participate in this programme and and what do you guys hope to hope it does for slim dot ai, >>First of all, doctors, the ubiquitous platform, their hub has millions and millions of containers. We've got millions and millions of developers using Docker desktop to actually build and work on containers. It's like literally the sandbox for all local work for building containers. It's a fair statement. So inclusion in Dr Khan and the relationship we're building with Docker is really important for developers and that we're bringing these capabilities to the place where developers work and live every day. It's where all the containers live in the world. So we want to have our technology be easy to use with docker tools. We want to keep developers workflows and systems and and tools of record be the same. We just want to help them use those tools better and optimist outputs. From that we've we've worked since our inception to make our tools really, really friendly for darker and darker environments to, um, we are building a doctor extension. Uh, they have, uh, in this darker con. They're launching their doctor extensions programme to the worldwide audience. We have been one of the lucky Cos that's been selected to build one of the early Dr desktop plug ins. It's derived from our capabilities and our Saas platform and an open source, and it's it's effectively an MRI machine, an awesome analytic tool that allows any developer to really understand the composition, security and profile of any container they work with. So it's giving the sight to the blind, so to speak, that it's this new tool to make container analysis easy. >>Well, John, you guys got a great opportunity. Container analysis, management, optimisation key to security, enabling it and maintaining and sustaining it. And it's changing. I know you guys. Your co founder also did a doctor Slim. So you guys are deep in the open source. I Congratulations on that. We'll see a Q. Khan for the remaining time. We have give a plug for the company, obviously in stealth mode price going to come out later this year. You got a developer preview? What's What's the company all about? What's the most important story here? Dr. Khan? >>Sure, just to playback. So we help developers do three important things. Know everything about the software in their containers to only ship stuff to production that you need, and and and three remove as many vulnerabilities as possible. That's really about managing and understanding the risk surface. It ties right back to software supply chain security, and any developer can use these tools today to emit and build containers that are more secure and better production grade containers, and it's easy to do. We have an open source project called Dioxin. Go check it out. Uh, it's not. It's on git Hub. It's easy to find if you go to w w w dot slim that ai you can find access to that. We have tens of thousands of developers, 500,000 plus downloads. We have developers everywhere using those tools today and open source to do the objectives. I just said You can also easily sign up for our data for our Saas platform, you can use the doctor extension, go ahead and do that and really get on your journey to make those outcomes reality for you. And really kind of make those SEC ops people downstream not have to shift anything left. It's super easy for you to be a great participant in software slash insecurity. >>All right. John Amaral, CEO slim dot ai Stealth. Most thanks for coming The Cube Cube coverage of Dr Khan. Thanks for watching. I'm John Kerry hosted the Cube back to more Dr Khan after the short break. Mhm mhm

>>Welcome back to the cubes coverage of dr khan 2021. I'm john for your host of the cube. We're here with Amanda Silver, corporate vice president, product developer division at Microsoft. Amanda, Great to see you you were on last year, Dr khan. Great to see you again a full year later were remote. Thanks for coming on. I know you're super busy with build happening this week as well. Thanks for making the time to come on the cube for Dr khan. >>Thank you so much for having me. Yeah, I'm joining you like many developers around the globe from my personal home office, >>developers really didn't skip a beat during the pandemic and again, it was not a good situation but developers, as you talked about last year on the front lines, first responders to creating value quite frankly, looking back you were pretty accurate in your prediction, developers did have an impact this year. They did create the kind of change that really changed the game for people's lives, whether it was developing solutions from a medical standpoint or even keeping systems running from call centres to making sure people got their their their goods or services and checks and and and kept sanity together. So. >>Yeah absolutely. I mean I think I think developers you know get the M. V. P. Award for this year because you know at the end of the day they are the digital first responders to the first responders and the pivot that we've had to make over the past year in terms of supporting remote telehealth, supporting you know online retail, curbside pickup. All of these things were done through developers being the ones pushing the way forward remote learning. You know my kids are learning at home right behind me right now so you might hear them during the interview that's happening because developers made that happen. >>I don't think mom please stop hogging the band with, they've got a gigabit. Stop it. Don't be streaming. My kids are all game anyway, Hey, great to have you on and you have to get the great keynote, exciting to see you guys continue the collaboration with Docker uh with GIT hub and Microsoft, A great combination, it's a 123 power punch of value. You guys are really kind of killing it. We heard from scott and dan has been on the cube. What's your thoughts on the partnership with the developer division team at Microsoft with Doctor, What's it all about this year? What's the next level? >>Well, I mean, I think, I think what's really awesome about this partnership is that we all have, we all are basically sharing a common mission. What we want to do is make sure that we're empowering developers, that we're focused on their productivity and that we're delivering value to them so they can do their job better so that they can help others. So that's really kind of what drives us day in and day out. So what we focus on is developer productivity. And I think that's a lot of what dana was talking about in her session, the developer division. Specifically, we really try to make sure that we're improving the state of the art from modern developers. So we want to make sure that every keystroke that they take, every mouse move that they make, it sounds like a song but every every one of those matter because we want to make sure that every developers writing the code that only they can write and in terms of the partnership and how that's going. You know my team and the darker team have been collaborating a ton on things like dr desktop and the Doctor Cli tool integrations. And one of the things that we do is we think about pain points and various workflows. We want to make sure that we're shaving off the edges of all of the user experience is the developers have to go through to piece all of these applications together. So one of the big pain points that we have heard from developers is that signing into the Azure cloud and especially our sovereign clouds was challenging. So we contributed back to uh back to doctor to actually make it easier to sign into these clouds. And so dr developers can now use dr desktop and the Doctor Cli to actually change the doctor context so that its Azure. So that makes it a lot easier to connect the other. Oh, sorry, go ahead. No, I was just >>going to say, I love the reference of the police song. Every breath you take, every >>mouth moving. Great, >>great line there. Uh, but I want to ask you while you're on this modern cloud um, discussion, what is I mean we have a lot of developers here at dr khan. As you know, you guys know developers in your ecosystem in core competency. From Microsoft, Kublai khan is a very operator like focus developed. This is a developer conference. You guys have build, what is the state of the art for a modern cloud developer? Could you just share your thoughts because this comes up a lot. You know, what's through the art? What's next jan new guard guard? It's his legacy. What is the state of the art for a modern cloud developer? >>Fantastic question. And extraordinarily relevant to this particular conference. You know what I think about often times it's really what is the inner loop and the outer loop look like in terms of cycle times? Because at the end of the day, what matters is the time that it takes for you to make that code change, to be able to see it in your test environment and to be able to deploy it to production and have the confidence that it's delivering the feature set that you need it to. And it's, you know, it's secure, it's reliable, it's performance, that's what a developer cares about at the end of the day. Um, at the same time, we also need to make sure that we're growing our team to meet our demand, which means we're constantly on boarding new developers. And so what I take inspiration from our, some of the tech elite who have been able to invest significant amounts in, in tuning their engineering systems, they've been able to make it so that a new developer can join a team in just a couple of minutes or less that they can actually make a code change, see that be reflected in their application in just a few seconds and deploy with confidence within hours. And so our goal is to actually be able to take that state of the art metric and democratize that actually bring it to as many of our customers as we possibly can. >>You mentioned supply chain earlier in securing that. What are you guys doing with Docker and how to make that partnership better with registries? Is there any update there in terms of the container registry on Azure? >>Yeah, I mean, you know, we, we we have definitely seen recent events and and it almost seems like a never ending attacks that that you know, increasingly are getting more and more focused on developer watering holes is how we think about it. Kind of developers being a primary target um for these malicious hackers. And so what it's more important than ever that every developer um and Microsoft especially uh really take security extraordinarily seriously. Our engineers are working around the clock to make sure that we are responding to every security incident that we hear about and partnering with our customers to make sure that we're supporting them as well. One of the things that we announced earlier this week at Microsoft build is that we've actually taken, get have actions and we've now integrated that into the Azure Security Center. And so what this means is that, you know, we can now do things like scan for vulnerabilities. Um look at things like who is logging in, where things like that and actually have that be tracked in the Azure security center so that not just your developers get that notification but also your I. T. Operations. Um In terms of the partnership with dR you know, this is actually an ongoing partnership to make sure that we can provide more guidance to developers to make sure that they are following best practices like pulling from a private registry like Docker hub or at your container registry. So I expect that as time goes on will continue to more in partnership in this space >>and that's going to give a lot of confidence. Actually, productivity wise is going to be a big help for developers. Great stuff is always good, good progress. They're moving the needle. >>Last time we >>spoke we talked about tools and setting Azure as the doctor context duty tooling updates here at dot com this year. That's notable. >>Yeah, I mean, I think, you know, there's one major thing that we've been working on which has a big dependency on docker is get help. Code space is now one of the biggest pain points that developers have is setting up a new DEV box, which they often have to do when they are on boarding a new employee or when they're starting a new project or even if they're just kicking the tires on a new technology that they want to be able to evaluate and sometimes creating a developer environment can actually take hours um and especially when you're trying to create a developer environment that matches somebody else's developer environment that can take like a half a day and you can spend all of your time just debugging the differences in environment variables, for example, um, containers actually makes that much easier. So what you can do with this, this services, you can actually create death environment spun up in the cloud and you can access it in seconds and you get from there are working coding environment and a runtime environment and this is repeatable via containers. So it means that there's no inadvertent differences introduced by each DEV. And you might be interested to know that underneath this is actually using Docker files and dr composed to orchestrate the debits and the runtime bits for a whole bunch of different stacks. And so this is something that we're actually working on in collaboration with the with the doctor team to have a common the animal format. And in fact this week we actually introduced a couple of app templates so that everybody can see this all in action. So if you check out a ca dot m s forward slash app template, you can see this in action yourself. >>You guys have always had such a strong developer community and one thing I love about cloud as it brings more agility, as we always talk about. But when you start to see the enterprise grow into, the direction is going now, it's almost like the developer communities are emerging, it's no longer about all the Lennox folks here and the dot net folks there, you've got windows, you've got cloud, >>it's almost >>the the the solidification of everyone kind of coming together. Um and visual studio, for instance, last year, I think you were talking about that to having to be interrogated dr composed, et cetera. >>How do you see >>this melting pot emerging? Because at the end of the day, you pick the language you love and you got devops, which is infrastructure as code doesn't matter. So give us your take on where we are with that whole progress of of making that happen. >>Well, I mean I definitely think that, you know, developer environments and and kind of, you know, our approach to them don't need to be as dogmatic as they've been in the past. I really think that, you know, you can pick the right tool and language and stand developer stack for your team, for your experience and you can be productive and that's really our goal. And Microsoft is to make sure that we have tools for every developer and every team so that they can build any app that they want to want to create. Even if that means that they're actually going to end up ultimately deploying that not to our cloud, they're going to end up deploying it to AWS or another another competitive cloud. And so, you know, there's a lot of things that we've been doing to make that really much easier. We have integrated container tools in visual studio and visual studio code and better cli integrations like with the doctor context that we had talked about a little bit earlier. We continue to try to make it easier to build applications that are targeting containers and then once you create those containers it's much easier to take it to another environment. One of the examples of this kind of work is now that we have WsL and the Windows subsystem for Lennox. This makes it a lot easier for developers who prefer a Windows operating system as their environment and maybe some tools like Visual Studio that run on Windows, but they can still target Lennox with as their production environment without any impedance mismatch. They can actually be as productive as they would be if they had a Linux box as their Os >>I noticed on this session, I got to call this out. I want to get your reaction to it interesting. Selection of Microsoft talks, the container based development. Visual studio code is one that's where you're going to show some some some container action going on with note and Visual Studio code. And then you get the machine learning with Azure uh containers in the V. S. Code. Interesting how you got, you know, containers with V. S. And now you've got machine learning. What does that tell the world about where Microsoft's at? Because in a way you got the cutting edge container management on one side with the doctor integration. Now you get the machine learning which everyone's talking about shifting, left more automation. Why are these sessions so important? Why should people attend? And what's the what's the bottom line? >>Well, like I said, like containers basically empower developer productivity. Um that's what creates the reputable environments, that's what allows us to make sure that, you know, we're productive as soon as we possibly can be with any text act that we want to be able to target. Um and so that's kind of almost the ecosystem play. Um it's how every developer can contribute to the success of others and we can amor ties the kinds of work that we do to set up an environment. So that's what I would say about the container based development that we're doing with both visual studio and visual studio code. Um in terms of the machine learning development, uh you know, the number of machine learning developers in the world is relatively small, but it's growing and it's obviously a very important set of developers because to train a machine learning uh to train an ml model, it actually requires a significant amount of compute resources, and so that's a perfect opportunity to bring in the research that are in a public cloud. Um What's actually really interesting about that particular develop developer stack is that it commonly runs on things like python. And for those of you who have developed in python, you know, just how difficult it is to actually set up a python environment with the right interpreter, with the right run time, with the right libraries that can actually get going super quickly, um and you can be productive as a developer. And so it's actually one of the hardest, most challenging developer stacks to actually set up. And so this allows you to become a machine learning developer without having to spend all of your time just setting up the python runtime environment. >>Yeah, it's a nice, nice little call out on python, it's a double edged sword. It's easier to sling code around on one hand, when you start getting working then you gotta it gets complicated can get well. Um Well the great, great call out there on the island, but good, good, good project. Let me get your thoughts on this other tool that you guys are talking about project tie. Uh This is interesting because this is a trend that we're seeing a lot of conversations here on the cube about around more too many control planes. Too many services. You know, I no longer have that monolithic application. I got micro micro applications with microservices. What the hell is going on with my services? >>Yeah, I mean, I think, you know, containers brought an incredible amount of productivity in terms of having repeatable environments, both for dev environments, which we talked about a lot on this interview already, but also obviously in production and test environments. Super important. Um and with that a lot of times comes the microservices architecture that we're also moving to and the way that I view it is the microservices architecture is actually accompanied by businesses being more focused on the value that they can actually deliver to customers. And so they're trying to kind of create separations of concerns in terms of the different services that they're offering, so they can actually version and and kind of, you know, actually improve each of these services independently. But what happens when you start to have many microservices working together in a SAS or in some kind of aggregate um service environment or kind of application environment is it starts to get unwieldy, it's really hard to make it so that one micro service can actually address another micro service. They can pass information back and forth. And you know what used to be maybe easy if you were just building a client server application because, you know, within the server tear all of your code was basically contained in the same runtime environment. That's no longer the case when every microservices actually running inside of its own container. So the question is, how can we improve program ability by making it easier for one micro service that's being used in an application environment, be to be able to access another another service and kind of all of that context. Um and so, you know, you want to be able to access the service is the the api endpoint, the containers, the ingress is everything, make everything work together as though it felt just as easy as as um you know, server application development. Um And so what this means as well is that you also oftentimes need to get all of these different containers running at the same time and that can actually be a challenge in the developer and test loop as well. So what project tie does is it improves the program ability and it actually allows you to just write a command like thai run so that you can actually in stan she ate all of these containers and get them up and running and basically deploy and run your application in that environment and ultimately make the dev testing or loop much faster >>than productivity gain. Right. They're making it simple to stand up. Great, great stuff. Let me ask you a question as we kind of wrap down here for the folks here at Dakar Con, are >>there any >>special things you'd like to talk about the development you think are important for the developers here within this space? It's very dynamic. A lot of change happening in a good way. Um, but >>sometimes it's hard to keep >>track of all the cool stuff happening. Could you take a minute to, to share your thoughts on what you think are the most important develops developments in this space? That that might be interesting to ducker con attendees. >>I think the most important things are to recognize that developer environments are moving to containerized uh, environments themselves so that they can be repeated, they can be shared, the work, configuring them can be amortized across many developers. That's important thing. Number one important thing. Number two is it doesn't matter as much what operating system you're running as your chrome, you know, desktop. What matters is ultimately the production environment that you're targeting. And so I think now we're in a world where all of those things can be mixed and matched together. Um and then I think the next thing is how can we actually improve microservices, uh programming development together um so that it's easier to be able to target multiple micro services that are working in aggregate uh to create a single service experience or a single application. And how do we improve the program ability for that? >>You know, you guys have been great supporters of DACA and the community and open source and software developers as they transform and become quite frankly the superheroes for the transformation, which is re factoring businesses. So this has been a big thing. I'd love to get your thoughts on how this is all coming together inside Microsoft, you've got your division, you get the developer division, you got GIT hub, got Azure. Um, and then just historically, and he put this up last year army of an ecosystem. People who have been contributing encoding with Microsoft and the partners for many, many decades. >>Yes. The >>heart Microsoft now, how's it all working? What's the news? I get Lincoln, Lincoln, but there's no yet developer model there yet, but probably is soon. >>Um Yeah, I mean, I think that's a pretty broad question, but in some ways I think it's interesting to put it in the context of Microsoft's history. You know, I think when I think back to the beginning of my career, it was kind of a one stack shop, you know, we was all about dot net and you know, of course we want to dot net to be the best developer environment that it can possibly be. We still actually want that. We still want that need to be the most productive developer environment. It could we could possibly build. Um but at the same time, I think we have to recognize that not all developers or dot net developers and we want to make sure that Azure is the most productive cloud for developers and so to do that, we have to make sure that we're building fantastic tools and platforms to host java applications, javascript applications, no Js applications, python applications, all of those things, you know, all of these developers in the world, we want to make sure it can be productive on our tools and our platforms and so, you know, I think that's really kind of the key of you know what you're speaking of because you know, when I think about the partnership that I have with the GIT hub team or with the Azure team or with the Azure Machine learning team or the Lincoln team, um A lot of it actually comes down to helping empower developers, improving their productivity, helping them find new developers to collaborate with, um making sure that they can do that securely and confidently and they can basically respond to their customers as quickly as they possibly can. Um and when, when we think about partnering inside of Microsoft with folks like linkedin or office as an example, a lot of our partnership with them actually comes down to improving their colleagues efficiency. We build the developer tools that office and lengthen are built on top of and so every once in a while we will make an improvement that has, you know, 5% here, 3% there and it turns into an incredible amount of impact in terms of operations, costs for running these services. >>It's interesting. You mentioned earlier, I think there's a time now we're living in a time where you don't have to be dogmatic anymore, you can pick what you like and go with it. Also that you also mentioned just now this idea of distributed applications, distributed computing. You know, distributed applications and microservices go really well together. Especially with doctor. >>Can you share >>your thoughts on the framework that you guys released called Dapper? >>Yeah, yeah. We recently released Dapper. It's called D A P R. You can look it up on GIT hub and it's a programming model for common microservices pattern, two common microservices patterns that make it really easy and automatic to create those kinds of microservices. So you can choose to work with your favorite state stores or databases or pub sub components and get things like cloud events for free. You can choose either http or g R B C so that you can get mesh capabilities like service discovery and re tries and you can bring your own secret store and easily be able to call it from any environment variable. It's also like I was talking about earlier, multi lingual. Um so you don't need to embrace dot net, for example, as you're programming language to be able to benefit from Dapper, it actually supports many programming languages and Dapper itself is actually written and go. Um and so, you know, all developers can benefit from something like Dapper to make it easier to create microservices applications. >>I mean, always great to have you on great update. Take a minute to give an update on what's going on with your division. I know you had to build conference this week. V. S has got the new preview title. We just talked about what are the things you want to get to plug in for? Take a minute to get to plug in for what you're working on, your goals, your objectives hiring, give us the update. >>Yeah, sure. I mean, you know, we we built integrated container tools in visual studio uh and the Doctor extension and Visual Studio code and cli extensions. Uh and you know, even in this most recent release of our Visual Studio product, Visual Studio 16 10, we added some features to make it easier to use DR composed better. So one of the examples of this is that you can actually have uh Oftentimes you need to be able to use multiple doctor composed files together so that you can actually configure various different container environments for a single single application. But it's hard sometimes to create the right Yeah. My file so that you can actually invoke it and invoke the the container and the micro services that you need. And so what this allows you to do is to actually have just a menu of the different doctor composed files so that you can select the runtime and test environment that you need for the subset of the portion of the application that you're working on at the end of the day. This is always about developer productivity. You know, like I said, every keystroke matters. Um and we want to make sure that you as a developer can focus on the code that only you can Right. >>Amanda Silver, corporate vice president product development division of Microsoft. Always great to see you and chat with you remotely soon. We'll be back in in real life with real events soon as we come out of the pandemic and thanks for sharing your insight and congratulations on your success this year and and congratulations on your announcement here at Dakar Gone. >>Thank you so much for having me. >>Okay Cube coverage for Dunkirk on 2021. I'm John for your host of the Cube. Thanks for watching. Mhm

>>Okay, welcome back to the Cube coverage of Dr Khan 2021. I'm John for your host. Had a great guest here. Dana Lawson. Vice president. Engineering and technology partnerships that get up dana. Welcome to the cube. You're leading the engineering team over at GIT hub. Been been around the block in the cloud enterprise area. Congratulations. Welcome to the cube. >>Well, thanks for having me. Don, I am super excited. Dr. 2021 Wow. I can't believe it's been that long. Right. >>Got the keynote coverage automation. The top trend here in the world. DevoPS DEP sec apps, developer productivity, modern errors here, a lot of action uh and dr conscious more attendance every year, containers setting up the cloud native. You know the tsunami of new ways that people are programming. New way teams are formed new way people are being super productive with the pandemic. We've seen developers really lead the charge in the virtual work environment. So a lot of action. So first tell us what's going on in the developer community right now, give us your take, >>I mean, my take on it is the developer teams are just working closer than ever before. You know, we see this across all industries, whether you're going through your own digital transformation and trying to streamline your workflow, um you know, we have this concept of devops now for about a decade and and we all were hopeful I was one of those early adopters that like, yes, this will change the world, as you can imagine, and like we're seeing it materialized and I feel like in this historic year, uh it's on steroids, we see teams working across the aisle doing things we've never experienced before with this concept of interconnected tools. And so we're seeing really the, I would say the practice of devops really going across every member of the team and not being just a practice that maybe one person on your team did. You know, this trend has been ongoing for a while. But with these new key technologies out there, it's really on fire in my opinion, >>outside of just the whole cloud native awesomeness that's happening. You see kubernetes enabling a lot of new things, the virtual work environment with the pandemic developers, just like just the way we've been working a long time. Finally, it just got standardized for the rest of the world, the world. Um they didn't really miss a beat and, and combined again with the cloud scale and we saw the earnings from all the big companies, the developers have been super productive this year. Do you see um that continuing and what, how is it going to change in your opinion as the pandemic kind of lifts a little bit and now the new normal gets back to real life. Certainly those benefits came out is what's your take on this engineering dynamic going on. >>I mean you said it they're like this is a common kind of workflow that people had pre pandemic, especially in the open source community where it's literally a bunch of random people around the world that don't obviously get to talk as as quickly and as uh you know, synchronously and so a saint communications gone up in what we've seen there is teams really tuning in their automation, right? So whereas you may have had it in your backlog to say, you know what, I should probably go automate that workflow now that we have been forced. Even even companies that haven't haven't thought about in the past to say, okay, how do I get code from A to B. Seamlessly? There's spending time on those workflows. and I think that we're seeing that naturally, you know, in the keynote where I mentioned some of the Research that we've done is we're seeing developers work more but we're seeing them work more on open source projects and the things that they want to work on not necessarily going and saying I'm going to go and spend 20 hours at work. But really it's that that continuation of like hey instead of automation being an afterthought we're gonna make it something that is at the forethought of what we're doing. And so what it's really done is just increase the time spent on writing great code and hopefully having a better up time. I am a I am a DEvops SRE sys admin, whatever you wanna call it at heart forever will be. Um and so you know, getting to have more time to spend on S. L. O. S. And really the, you know like I call it the safety guards, the rails of your system so that you can just really go in there and allow everybody to contribute. And that's what I think we're seeing and we're going to continue to see that as things just get easier as stuff happens out of the virtual box. >>I mean simple or easy. It's always a good strategy. I was just reporting for our team on the cube con and cloud native con. There's more cloud native con going on than cube con because kubernetes got kind of boring. Um, and enabled more cloud native development. And then the other trend that we've been reporting on is end user contribution to open sores. You're starting to see end users, not just the usual suspects like lift and whatnot. You're seeing like real enterprises like having teams contributing into open source in a big way. This is a kind of a new, interesting dynamic. What's your take on that? Is that a signal of simplicity? What does it mean? >>I'm going to tell you, I think that companies and big names that realized they were using open source and they have been all along, um, it's been around for a minute. Some of our most favorite libraries and frameworks have been open source from the beginning. You hear me talking about Java and Tomcat that's open source. And so it's really this understanding of the workflow. So I want to say that what we see now is there should be an investment because the world's team of open source developers are powering our technology and why shouldn't we as companies embrace and actually get back and spend that quality time because us innovating together on open source privately and publicly just makes everything better for everybody. And so I I think we're going to continue to see this trim. I'm excited about it. GIT hub has done some amazing work in this space by with get up sponsors because we want open source to continue to enable the innovation and having people participate. And now we're seeing it with businesses alike. And so I think we're going to see this practice continue on and really take a look not only of the technology they're using, but the open source practices like how do these maintainers and these open source teams shit reliable quality code that is changing the world. And how can we put those practices within our own development teams on what we're building for our customers? So you're just going to continue to see this. And I think also with that being said because the barrier of entry has has lowered some by the advancement. What we're seeing the rise of the citizen developer as well. So we're seeing you know people all within the company and some that are much more further along with their transformations participate in a way they never have before. Whether it's like you know the design part in the design thinking of it to like how do you curate and have a great experience for your customers. We're just seeing participation at all levels of development stack and that also is the stuff outside of the actual code being written because it's so interconnected and so I I don't know I'm excited. I'm excited to see what we're going to unlock by having people participate more so than ever and then having companies invest in that participation. >>I love your enthusiasm. I agree. I think it's a great time for open source because it has democratized, it is bringing in new people. The aperture of the personas coming in >>is not >>just computer science and engineering. This hybrid SRE rolls developing and then you've got creative. There's a creativity aspect coming back and I've been riffing on this for a few years but I'm kind of seeing this development, love to get your thoughts used to be like craftsmanship was involved in building software and then Agile came in ship fast and iterate. Um and now craft is coming back. You're starting to see creativity and the developer experience through collaboration tools and kind of this democratization. What's your thoughts on this? And no, I know you I know you think about this as an engineering leader. Um Craft agile bring them both together. Speed and quality is craft coming back. >>Craft is definitely coming back and I think it is because we we melt the mundane stuff, right? Like, you know, we're all hyper focused on like you want to be the bush out there, you gotta ship immediately agile, agile, agile. But what we know is like you can ship a bunch of stuff, nobody wants very fast, you can ship a bunch of stuff that hasn't been curated to really, you know, solve the problem now, you'll be fast but will be awesome. I think people demand more. And I really believe that because we've embraced some of these frameworks, workflows and tool sets, that we get a focus on the craft and that's what we're trying to do, right? Ultimately we want every person that builds to be an innovator and not just an innovator for innovation state, but because they're changing and affecting somebody's life, right? And so when we dig deep and focusing on the craft, and we still have these expertise, we're just gonna be applying that in a very intentional way versus okay, hurry up. Bill, Bill Bill, hurry up, hurry up. Bill Bill, Bill, go, go, go, because now it's connected. And so we're seeing the rise of that craft and what I think is going to in turn happen is we're all going to have a better experience, we're all going to reap the benefits of having that expertise. You know, there's a spirit sometimes when we talk about automation and devops and, you know, interconnected tool systems that maybe you're taking somebody's job that they were doing before the daily task. No way. All we're doing is saying like, cool, take the repeatable thing that you're doing over and over and over, and let's focus on that craft, lets you know if your security person and you want to get down and deep and understand where vulnerabilities are going to come from and things that people haven't even thought of. Cool, let's take away some of the other things that we know can be caught and solved without you paying attention in some aspects. I think we just need along the whole stack. So it's pretty exciting times. >>Yeah, I did it and we call that different, undifferentiated heavy lifting, you know, just get it out of the way since you brought that up. Let's take automation down that road of experience. What does it mean for the developer? Because this is really an opportunity. Right. So the phrase I've heard is if you do it more than a few times, just automated away. So when is the right time to automate where this automation play into the developer experience? When does it make it more productive? Where's the innovation angle you share your thoughts on when people look through the prism of automation productivity versus innovation? What's the what's the automation view there? >>I mean, you know it is it is a good like, you know, little metric could be done it five times and it's the same thing over and over and over. Your question is now like do you have to be doing that? I mean you should because you're doing it. So I think it's about finding and defining your own boundary for what you need, right? I mean it's hard to get out there and say every workflow like we can go and apply the stamp. We already tried that with agile frameworks for like everybody you're gonna do scrum, we're going to combine, you know what? It doesn't work. What we really need to do is have teams understand their workflows, right, understand and do some diagnosis and saying like we're in the system and I think that's powerful metrics and insights of going like where are we having a slowdown? Where are people spending their time if people are spending their time doing break fix or they're spending their time continuously trying to jam something into a certain pipeline, you have to ask yourself, is this something that we should be spending that time on? What if we had that time freed up? And so I do think you can go and put some good boundaries in there, whatever yours may be. I love I love some of those rule sets but really you know, deadlocks and automation starts with the process, right? We think about it and when I developed software always think about it through that design. Thinking lands of how will this work when I get to it. And so if we're focusing on the design aspect and the user experience, then we start looking at the pieces in between from that code to having people use it and say what do I need to do? And sometimes you know depending on your industry, you may have these other needs that not everybody has. So it's hard to say there's a one size fits all. But there is a good rule like if you've done the same repeatable thing over every every day, uh numerous days like you probably should just go spend the time to automate that. And I think it's the convincing point, right? Like if we go and and a lot of us are are nerds and engineers at heart and I love freaking math. So it's that like okay if we spend two hours building maybe a hub action for a doctor one time instead of somebody happened to repeat this process no matter what it is. Like you're giving that time back in that time is mental capacity, mental capacity that can be applied to something that's more important and hopefully the more important thing is the user experience. Um So yeah, I mean you know we all have those little systems out there. I say use them but take a step back. I think the bigger, the harder part is like yes, you will have to slow down for a minute, which is scary to go and build something repeatable so that you can speed back up. You know, >>it's awesome. Great, great inside love, love the energy a lot to ask you while you're here because this is something I've been thinking about. I'm hearing a lot of developers talking about, understand the workflow you mentioned that's a key thing. I love that. Getting in and understanding the customer experience working backwards, but that brings up the whole. How do you form the teams? How do you think about team formation? Because at cloud scale with cloud native, you can use building blocks, You have automation, you can easily compose and then build intellectual property around things. Use containers, make things easier. So as you start thinking about teams, is it better to have teams focus on, say workflows and then decoupled teams? Is there a strategy for general purpose teams or how do you look at the team formation from the developer perspective to make the experience great, high quality. Is there a state of the art in your opinion, given the compose ability and all the ease of use going on? I mean, what's the ideal way to think this through? What's your thoughts? >>Oh, you know, there's, I'm going to say there's not one team team to rule them all, there's not one team kind of foundation that's gonna be able to be applicable, it's all different, right? Like even within the same company, especially at scale, you may have these different compositions of your team and I think it comes down to like, what problems are you trying to solve within your workflow? What are you trying to accomplish? I think when we, when we step back and we think about our Ci cd pipelines and really code from idea into cloud that I believe in a unified system, because I don't want developers worrying about it and doing one offs, I'm like, you don't need to know that, and that's been an argument that's going on, you know, I'm a huge kubernetes fan and so it's been like, should, should, should the feature developers understand the entrance of kubernetes? I'm gonna say something controversial, I'm gonna say no, I'm gonna say they don't need to know, they need to know how to monitor alert and how to have smart rollbacks and have a system that does it for them. That's why we have Orchestration, that's why we have dr containers, that's why we have world class eight PM and monitoring systems in place because we've done that, we've done that hard work. So I would say no, they don't need to know that, so, but you still need these needs, right? Depending upon where you are in this transformation, right? Maybe you're still like, you know, integrating some of these cloud needed principles and toolsets and so you need some smes I do really love the SRE embedded model, not embedded, like on your, you know, like embedded, like a chip set, but embedded in the team, because that person really should be a mentor and should be a force multiplier. You don't want to fall in the trap and be like oh we have an SRE on the team. They're going to do all the devops stuff. No no no no they're going to go and help you think about your product through a customer lens right there. They're the experts going like whoa maybe we should have an S. L. A. Because this is a tier one feature lets go and make sure we build that automation so that we curate this feature with the highest level availability but then teach the team how to do that. So now you have this practice as a part right? Like you're honing your craft, you have this practice now. Does that mean they need to go learn everything about like the monitoring sweet and tools are used. No, but they should understand how to read the output of that. And so there's not one team size to rule them all. Unfortunately, I personally, I'll tell you what I'm a fan of is like I think that you should have flexibility. Like once again think about the points where you need to have the connective unified system, right? And then you have this opportunity for developers to have some agency and creative freedom because maybe you've been on a team that's been working on, I don't know, let's say your audit service. I think every every software has some component of audit uh, you know, in some ability because you want to know what he was using one well after they've done their tour of duty because most of the cool stuff, they've already fixed and made a feature set. Let them go roll into something else because then you have that connective tissue on the inner points of your system that are always the same, right? We want really repeatability. We want them just to focus on writing the code. And I think because of these advancements we are unlocking opportunity for developers to think broader, right? Like maybe you've been on the platform team and you want to go dip your toes into writing features well, 90 okay, maybe not 90 but also 80% of that, you know, every day repeatable task, like focus on that and get that shit out. But then you have the sme and you're really thinking holistically as a customer obsessed team of what you're building and why. So I love that. No one way. >>Yeah, I love the idea of the platform person just having more flex out because that brings a platform mindset to the other pieces, but also feature acceleration versus product strategy. Thinking through the arc of why you're building in the first place, Right? So and then the embedded SRE great point there, great call out there because everything's cloud scale now, you gotta have pen tests built in automation, >>who's gonna >>design that. So I think it's really interesting how you're putting that together and I think that's very relevant. Um and any um new things that you see happening now with with cloud Native, you mentioned cabernets, I think you know the story that we've been telling is kubernetes got boring and that's good. Right? So, >>meaning its meaning it's working >>and people like it, it's interoperability or frustration. It feels like a unifying connective tissue between under the hood and above at the application layer. So it's nice but the consequence of that is there's more cloud native going on, so that means more services are going to be connected and torn down. You mentioned observe ability and monitoring. That's important too. So as an engineering leader, that's not another department. Right? That's gonna be core to the developers. What's your thoughts on how to integrate observe ability now there's a zillion companies doing it now but is that you know >>there is a zillion. My thoughts are like heck yeah. Like conservative observe ability isn't at the end of the stack. Right, observe ability is apart just like qualities apart. Just like when we think about agile, let me just throw it this way right? Like when dr came right, we had it basically have this maybe this baby os encompassed on servers. So you can have multiple, multiple, multiple, multiple distributed. Right? I think of like let's let's say that like your team is that Docker container man, you want everything in their right? It is a part of the practice. You want your learning, you want your logging, you want it all wrapped up in this nice little bow and you want lots of them all working together harmoniously. The same thing can be said about our teams. We want them to be their own little micro operating system where they have all the resources available for them to go and do the thing that they are intending to do and not have to worry about that subset. But it also gives them that control. Right? So it's building in that layer of abstraction that's needed but also understanding why it's important. So it's a little bit of both. Right? We're not going to curate deep subject matter experts. You know, I'm, you know the Oh yes, I model and every aspect right? Like we're not going to turn a friend and engineer necessarily into a network engineer. But utilizing the tool sets, having a playbook where it is controlled, maintained in a part of your culture. All that's gonna do is allow you to move faster and it's allow you to see what's really running out there in the wild. And I see these trends happening. I think we're continuing to see the rise of cloud native technologies because applications now are really a set of a P. I. S. That go across the world and in and out. And so the way that we develop is slightly different. And so we need to think about, well, how is it orchestrated and deployed? Well, if you have a repeatable pattern once again, if we go back to that and think of our team and I promise nobody asked me to come up with this as like a little darker, a little docker container itself. You know, you're gonna write that image into what makes sense for you and have all the resources available and you're gonna rinse and repeat that over and over and over again. And so I mean, we're just seeing, seeing this continue this continuation of, you know, monitoring devops? S sorry, it's not a problem. It's a culture, right? It's not one person's job or a role. It's a part of how you build great software. It's just a practice. >>You mentioned abstraction layer used to be conventional wisdom that they were good. But there's trade offs whose performance tradeoffs or some overhead. Not anymore. It's good. You can basically build an abstraction layer and say, hey, I don't want to deal with networking anymore. It's gonna make it programmable. >>That's cool. No >>problem. So you start to see these new innovation patterns. Right. So what are you most excited about when you start to see these new kinds of things of being brought on that were limited years ago? Like you start an abstraction layers, you see the role of the SRE you're seeing um the democratization of new developers coming in that are bringing new perspectives. She's seeing all these new kinds of ways that's re factoring how people write code. But what are you seeing is the most exciting >>for me? Honestly, it's like the opportunity for anybody to really be a builder maker developer, right? You don't have to have a traditional CS degree if you do that's awesome, Like come and teach us awesome stuff that we probably should know. That's foundational. I don't have a CS degree. You know, we're moving on from these opportunities where it's self taught to where you actually 100% can go and learn and build and create. We're seeing the rise in these communities. I feel like these toolsets are really just lowering the barrier of entry for those people that don't have advantage to go to like a four year school and get a degree for people that are just like have a great idea what excites me is that next developer, You know, we talk about the 100 million developer sitting somewhere in the world, just going, I have a great idea and I'm gonna change the world and I don't know how to get started, but they do, they have it at their hands now. You know, if you can go onto a website, get a little bit dangerous with these tool sets, you can go and get your idea to the masses and what we're going to end up doing is like you said, democratizing tech, it's going to bring in new ways to think it's going to change how we interact with systems. We get we get our blinders on sometimes, especially, you know, I live in Portland on the West Coast, the US, we know that the world is vast, majorly huge, dynamic, awesome place. The things that work for me may not work for somebody on the other side of the world. The things that I do may not be relevant. But we're going to find that human connection. We're going to continue to say, well, wait a minute. How can we optimize for any human anywhere? How can we help take all these differences but doing them in a repeatable pattern. So like for me that's exciting is these toolsets that we've been working on for years, are now going to put put in people's hands that never thought they could. And that is exciting. And like to see to see the rise of just creativity is what really makes humans special because we build and make >>and the fact that it's more inclusive now becoming more inclusive on all aspects of inclusive whether it's individuals and coders types of code. So uh integration is the new normal right integrating in uh data control planes, all that goodness coming in because of the ease of use of developer experience. Super awesome. Um dana you're awesome. Great to have you on the cube and sharing your energy and insight. Great call outs on many topics. A lot of gems being dropped. Their thanks for coming on the cube. >>Well thanks for having me. It's been awesome and doctor comes been great. I can't wait to see the rest of the show. >>Dr khan 2021 Virtual real life coming back maybe in physical next year or hybrid for sure. Just the cube coverage of Dr khan 2021. I'm sean for your host. Thanks for watching

>>from around the globe. It's the Cube presenting Cuban cloud brought to you by Silicon Angle. Hi, I'm stupid, man. And welcome back to the Cube on Cloud. We're talking about developers. And while so many people remember the mean from 2010 of Steve Balmer jumping around on stage development developers and developers, uh, many people know what really important is really important about developers. They probably read the 2013 book called The New King Makers by Stephen O. Grady. And I'm really happy to welcome to the program. Rachel Stevens, who is an industry analyst with Red Monk who was co founded by the aforementioned Stephen O. Grady. Rachel, Great to see you. Thank you so much for joining us. >>Thank you so much for having me. I'm excited to be here. >>Well, I've had the opportunity, Thio read some of what you've done. We've interacted on social media. We've got to talk events back when we used to do those in people. And >>I'm so >>glad that you get to come on the program especially. You were the ones I reached out. When we have this developer track, um, if you could just give our audience a little bit about your background. You know, that developer cred that you have Because as I joke, I've got a closet full of hoodies. But, you know, I'm an infrastructure guy by training I've been learning about, you know, containers and serverless and all this stuff for years. But I'm not myself much of developer. I've touched a thing or two in the years. >>Yeah. So happy to be here. Red Monk has been around since 2002 and have kind of been beating that developer drum ever since then, kind of as the company, The founder, Stephen James, notice that the decision making that developers was really a driver for what was actually ending up in the Enterprise. And as even more true, as cloud came onto, the scene is open source exploded, and I think it's become a lot more of a common view now. But in those early days, it was probably a little bit more of a controversial opinion, but I have been with the firm for coming up on five years now. My work is an industry analyst. We kind of help people understand, bottoms up technology, adoption trends, so that that's where I spend my time focusing is what's getting used in the enterprise. Why, what kind of trends are happening? So, yeah, that's where we all come from. That's the history of Red Monk in 30 seconds. >>Awesome. Rachel, you talk about the enterprise and developers For the longest time. I just said there was this huge gap you talk about. Bottoms up. It's like, well, developers use the tools that they want If they don't have to, they don't pay for anything. And the general I t. And the business sides of the house were like, I don't know, We don't know what those people in the corner we're doing, you know, it's important and things like that. But today it feels like that that's closed a bunch. Where are we? In your estimation, you know, our developers do they have a clear seat at the table? The title we have for this is whether the Enterprise Developer is its enterprise development oxymoron. In 2020 and 2021 >>I think enterprise developers have a lot more practical authority than people give them credit for, especially if you're kind of looking at that old view of the world where everything is driven by a buyer decision or kind of this top down purchasing motion. And we've really seen that authority of what is getting used and why change a lot in the last year. In the last decade, even more of people who are able to choose the tools that meet the job bring in tools, regardless of whether they maybe have that official approval through the right channels because of the convenience of trying to get things up and running. We are asking developers to do so much right now and to go faster and thio shifting things left. And so the things that they are responsible for incorporating into the way they are building APS is growing. And so, as we are asking developers to do more and to do more quickly, um, the tools that they need to do those, um, tasks to get these APS built is that the decision making us fall into them? This is what I need. This is what needs to come in, and so we're seeing. Basically, the tools that enterprise is air using are the tools that developers want to be using, and they kind of just find their way into the enterprise. >>Now I want to key off what you were talking about. Just developers were being asked to do Mawr and Mawr. We've seen these pendulum swings in technology. There was a time where it was like, Well, I'll outsource it because that'll be easier and maybe it'll be less expensive. And number one we found it necessarily. It wasn't necessarily cheaper. And number two, I couldn't make changes, and I didn't understand what was happening. So when when I talked to Enterprises today, absolutely. I need to have skills that's internally. I need to be able to respond to things fast, and therefore I need skills that I need people that can build what they have. What what do you see? What are those skill sets that are so important today? Uh, you know, we've talked so many times over the years is to you know, there's there's the skills gap. We don't have enough data scientists. We don't have enough developers way. We don't have any of these things. So what do we have and where things trending? >>Yeah, it's It's one of those things for developers where they both have probably the most full tool set that we've seen in this industry in terms of things that are available to them. But it's also really hard because it also indicates that there is just this fragmentation at every level of the stack. And there's this explosion of choice and decisions that is happening up and down the stack of how are we going to build things? And so it's really tricky to be a developer these days and that you are making a lot of decisions and you are wiring a lot of things together and you have to be able to navigate a lot of things. E think. One of the things that is interesting here is that we have seen the phrase like Full stack developer really carried a lot of panache, maybe earlier this decade and has kind of fallen away. Just because we've realized that it's impossible for anybody to be ableto spanned this whole broad spectrum of all of the things we're asking people to dio. So we're seeing this explosion of choice, which is meaning that there is a little bit more focused and where developers are trying to actually figure out what is my niche. What is it that I'm supposed to focus on. And so it's really just this balancing of act of trying to see this big picture of how to get this all put together and also have this focused area realizing that you have to specialize at some point. >>Rachel is such a great point there. We've actually seen that Cambrian explosion of developer tools that are out there. If you go to the CFCF landscape and look at everything out there or goto any of your public cloud providers, there's no way that anybody even working for those companies no good portion of the tools that are out there so nobody could be a master of everything. How about from a cloud standpoint, you know, there is the discussion of, you know what do I shift? Left What? You know, Can I just say, Okay, this piece of it, it could be a manage service. I don't need to think about it versus what skills that I need to have in house. What is it that's important. And obviously, you know, a zoo analyst. We know it varies greatly across companies, but you know what? What are some of those top things that we need to make sure that enterprises have skill set and the tools in house that they should understand. And what can they push off to their platform of choice? >>Yeah, I think your comment about managed services is really pressing because one of the trends that we're watching closely, it's just this rise of manage services. And it kind of ties back into the concept you had before about like, what an I team. That's they have, like the Nicholas Carr. I t doesn't matter, and we're pushing this all the way. And then we realized, Oh, we've got to bring that all back. Um, but we also realize that we really want as enterprises want to be spending our time doing differentiated work and wiring together, your entire infrastructure isn't necessarily differentiated for a lot of companies. And so it's trying to find this mix of where can I push my abstraction higher or to find a manage service that can do something for me? And we're seeing that happen in all levels of the stack. And so what we're seeing is this rise of composite APS where we're going to say, Okay, I'm gonna pull in back end AP ice from a whole bunch of tools like twilio or stripe or all zero where algo Leah, all of those things are great tools that I can incorporate into my app. And I can have this great user, um, interface that I can use. And then I don't have to worry quite so much about building it all myself. But I am responsible for wiring at all together. So I think it's that wire together set of interest that is happening for developers as the tool set that they are spending a lot of time with. So we see the manage services being important. Um played an important role in how absent composed, and it's the composition of that APs that is happening internally. >>What one of the one of the regular research items that I see a red monk is you know what languages you know. Where are the trends going? There's been relative stability, but then something's changed. You know, I look at the tools that you mentioned Full stack developer. I talked to a full stack developer a couple of years ago, and he's like like like terror form is my life and I love everything and I've used it forever. And that was 18 months, Andi. I kind of laugh because it's like, OK, I managed. I measure a lot of the technology that I used in the decades. Um, not that await. This came out six months ago and it's kind of mature. And of course, you know, C I C d. Come on. If it's six weeks old, it's probably gone through a lot of generations. So what do you see? Do you have any research that you can share as to looking forward? What are the You know what the skill sets we need? How should we be training our force? What do >>we need to >>be looking at in this kind of next decade of cloud? >>Yeah. So when when you spoke about languages, we dio a semi annual review of language usage as a sign on get hub and in discussion as seen on stack overflow, which we fully recognize is not a perfect representation of how these languages are used in the broader world. But those air data sets that we have access to that are relatively large and open eso just before anyone writes me angry letters that that's not the way that we should be doing it, Um, but one of the things that we've seen over time is that there is a lot of relative stability in those top tier languages in terms of how they are used, and there's some movement at the bottom. But the trends we're seeing where the languages are moving is type safety and having a safer language and the communities that are building upon other communities. So things like, um, we're seeing Scotland that is able to kind of piggyback off of being a jvm based language and having that support from Google. Or we're seeing typescript where it can piggyback off of the breath of deployment of JavaScript, things like that. So those things where were combining together multiple trends that developers are interested in the same time combined with an ecosystem that's already rich and full. And so we're seeing that there's definitely still movement in languages that people are interested in, but also, language on its own is probably pretty stable. So, like as you start to make language choices as a developer, that's not where we're seeing a ton of like turnover language frameworks on the other hand, like if you're a JavaScript developer and all of a sudden there's just explosion of frameworks that you need to choose from, that may be a different story, a lot more turnover there and harder to predict. But language trends are a little bit more stable over >>time, changing over time. You know, Boy, I I got to dig into, you know, relatively Recently I went down like the jam stack. Uh, ecosystem. I've been digging into a serverless for a number of years. What's your take on that? There's certain people. I talked to him. They're like, I don't even need to be a code. Or I could be a marketing person. And I can get things done when I talked to some developers there like a citizen developers. They're not developers. Come on, you know, I really need to be able to do this, so I'll give you your choices, toe. You know, serverless and some of these trends to kind of ext fan. You know who can you know? Code and development. >>Yeah. So for both translate jam stack and serve Ellis, One of the things that we see kind of early in the iteration of a technology is that it is definitely not going to be the right tool for every app. And the number of APS that they approach will fit for will grow as the tool develops. And you add more functionality over time and all of these platforms expand the capability, but definitely not the correct tool choice in every case. That said, we do watch both of those areas with extreme interest in terms of what this next generation of APS can look like and probably will look like in a lot of cases. And I think that it is super interesting to think about who gets to build these APs, because I e. I think one of the things that we probably haven't landed on the right language yet is what that what we should call these people because I don't think anyone associates themselves as a low code person. Like if you're someone from marketing and all of a sudden you can build something technical, that's really cool, and you're excited about that. Nobody else on your team could build. You're not walking around saying I am a low code marketing person like that, that that's that's that's demeaning. Like you're like. No, I'm technical. I'm a technical market, or look what I just did. And if you're someone who codes professionally for a living like and you use a low code tool to get something out the door quickly and >>you don't >>wanna demean and said, Oh, that was I did a low code that just like everybody, is just trying to solve problems. And everybody, um, is trying to figure out how to do things in the most effective way possible and making trade offs all the time. And so I don't think that the language of low code really is anything that resonates with any of the actual users of low code tools. And so I think that's something that we as an industry need toe work on finding the correct language because it doesn't feel like we've landed there yet. >>Yeah, Rachel, what? Want to get your take on just careers for developers now to think about in 2020 everyone is distributed. Lots of conversations about where we work. Can we bring the remote? Many of the developers I talked to already were remote. I had the chance that interview that the head of remote. Forget lab. They're over 1000 people and they're fully remote. So, you know, remote. Absolutely a thing for developers. But if you talk about careers, it is no longer, you know. Oh, hey, here's my CV. It's I'm on git Hub. You can see the code I've done. We haven't talked about open source yet, so give us your take on kind of developers today. Career paths. Andi. Kind of the the online community there. >>Yeah, this could be a whole own conversation. We'll try to figure out my points. Um, so I think one of the things that we are trying to figure out in terms of balance is how much are we expecting people to have done on the side? It's like a side project Hustle versus doing, exclusively getting your job done and not worrying too much about how many green squares you have on your get hub profile. And I think it's a really emotional and fraught discussion and a lot of quarters because it can be exclusionary for people saying that you you need to be spending your time on the side working on this open source project because there are people who have very different life circumstances, like if you're someone who already has kids or you're doing elder care or you are working another job and trying to transition into becoming a developer, it's a lot to ask. These people toe also have a side hustle. That said, it is probably working on open source, having an understanding of how tools are done. Having this, um, this experience and skills that you can point to and contributions you can point Teoh is probably one of the cleaner ways that you can start to move in the industry and break through to the industry because you can show your skills two other employers you can kind of maybe make your way in is a junior developer because you worked on a project and you make those connections. And so it's really still again. It's one of those balancing act things where there's not a perfect answer because there really is to correct sides of this argument. And both of those things are true. At the same time where it's it's hard to figure out what that early career path maybe looks like, or even advancing in a career path If you're already a developer, it's It's tricky. >>Well, I want to get your take on something to you know, I think back to you know, I go back a decade or two I started working with about 20 years ago. Back in the crazy days were just Colonel Daughter Warg and, you know, patches everywhere and lots of different companies trying to figure out what they would be doing on most of the people contributing to the free software before we're calling it open source. Most of the time, it was their side Hustle was the thing they're doing. What was their passion? Project? I've seen some research in the last year or so that says the majority of people that are contributing to open source are doing it for their day job. Obviously, there's a lot of big companies. There's plenty of small companies. When I goto the Linux Foundation shows. I mean, you've got whole companies that are you know, that that's their whole business. So I want to get your take on, you know, you know, governance, you know, contribution from the individual versus companies. You know, there's a lot of change going on there. The public cloud their impact on what's happening open source. What are you seeing there? And you know what's good? What's bad? What do we need to do better as a community? >>Yeah. E think the governance of open source projects is definitely a live conversation that we're having right now about what does this need to look like? What role do companies need to be having and how things are put together is a contribution or leadership position in the name of the individual or the name of the company. Like all of these air live conversations that are ongoing and a lot of communities e think one of the things that is interesting overall, though, is just watching if you're if you're taking a really zoomed out view of what open source looks like where it was at one point, um, deemed a cancer by one of the vendors in the space, and now it is something that is just absolutely an inherent part of most well tech vendors and and users is an important part of how they are building and using software today, like open source is really an integral tool. And what is happening in the enterprise and what's being built in the enterprise. And so I think that it is a natural thing that this conversation is evolving in terms of what is the enterprises role here and how are we supposed to govern for that? And e don't think that we have landed on all the correct answers yet. But I think that just looking at that long view, it makes sense that this is an area where we are spending some time focusing >>So Rachel without giving away state secrets. We know read Monk, you do lots of consulting out there. What advice do you give to the industry? We said we're making progress. There's good things there. But if we say okay, I wanna at 2030 look back and say, Boy, this is wonderful for developers. You know, everything is going good. What things have we done along the way? Where have we made progress? >>Yeah, I think I think it kind of ties back to the earlier discussion we were having around composite APS and thinking about what that developer experience looks like. I think that right now it is incredibly difficult for developers to be wiring everything together and There's just so much for developers to dio to actually get all of these APs from source to production. So when we talk with our customers, a lot of our time is spent thinking, How can you not only solve this individual piece of the puzzle, but how can you figure out how to fit it into this broader picture of what it is the developers air trying to accomplish? How can you think about where your ATF, It's not on your tool or you your project? Whatever it is that you are working on, how does this fit? Not only in terms of your one unique problem space, but where does this problem space fit in the broader landscape? Because I think that's going to be a really key element of what the developer experience looks like in the next decade. Is trying to help people actually get everything wired together in a coherent way. >>Rachel. No shortage of work to do there really appreciate you joining us. Thrilled to have you finally as a cube. Alumni. Thanks so much for joining. >>Thank you for having me. I appreciate it. >>All right. Thank you for joining us. This is the developer content for the cube on cloud, I'm stew minimum, and as always, thank you for watching the Cube.

>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020 Special coverage sponsored by AWS Worldwide Public sector Welcome back to the cubes coverage. This is the Cube virtual in our coverage of AWS reinvent with special coverage of the worldwide public sector day. I'm your host, John Firrea. We are the Cube, and I'm joined by Trayvon's hyper scaler partner. Leave with Red Hat. Trey, Welcome to the Cube. >>Thank you. Great to be here, John. Very happy to be at my first virtual reinvent, but probably my third in a row reinvented itself. >>You know, it's super exciting and usually were in person, as you mentioned. But the Cube virtual your virtual. We gotta do it virtual this year, but the game is still the same. It's about learning is about getting updates on what's relevant for customers with the pandemic. A lot of things have been highlighted, and this has been the big fun of reinvent because you mentioned three years. This is our eighth year. We've been there every year since the since the except for the first year, but you just look at the growth right, but it's still the same cadence of more news, more announcements, more higher level services, you know, with with open shift We've been following that with kubernetes and containers Service meshes. You're seeing micro services. All this coming together around open source and public sector is the main benefit of that. Right now, if you look at most interviews that I've done, the mandate for change in public sector is multifold in every vertical education to military, right. So So there's a need to get off your butt and get going with cloud if you're in public sector, um, tell us more about Red hat and the partnership around public sector, because I think that's really what we want to dig into. >>Absolutely. And there definitely have been, uh, changes this year that have inspired innovation. Uh, Red hat native us have been on a path for innovation for quite a while. Red hat in working with the open source community and taking an iterative approach to what we call upstream first, which is essentially, uh, to develop, uh, in the open source communities to mature those into enterprise grade products and then thio iterative Lee, take those findings back to the open source community. So Red Hat and eight of us have had a long history of collaboration. Starting all the way back in 2007 with Red Hat Enterprise Linux being available within the AWS console continue on to things like AWS Quick starts, which are reference architectures for how to deploy products that you're managing yourself on then, More recently, recent being the last say, four years, Uh, Thio offer a open shift managed service within a W s. And now continuing that with a joint offering that's gonna be forthcoming. That's the Red had open shift service on AWS, which will be the first native offering and joint offering with a W s by A by a third party such as ourselves. So there's a history of innovation there in a history of collaboration, and I think we'll talk a little bit later on in the interview specifically about how that relates to public sector and their unique needs. >>Yeah, well, let's just get in there. What are the some of the unique needs? Because there's value in your partnership with AWS. You laid out a bunch of those services, so certainly there's customers that are in need. What specific requirements are there. Can you tell us how Red Hat and A W s work together to meet these challenges? >>Sure. So the public sector group is composed of many organizations and agencies both. When I think of public sector, I think of the federal civilian space. I think about the D. O. D uh, the state and local and education. All of those elements of public sector have different needs. But there are some standards that are very pervasive in the public sector, things like Phipps and how you articulate your compliance with particular validated cryptographic modules or with how you express a control statement using something like the uh minus 853 which is critically important for cloud service offerings. And so those are some of the things that Red Hat native us have a heritage of working together on also providing deep explanations for those organizations and their mission so that they can comfortably move into the cloud, do digital transformation by taking applications that maybe on Prem today and having the confidence to move those into the cloud with security and compliance at the forefront. So when I think about the overall mission of government and then the threats to that mission, whether they be state actors, you know, individuals there are serious. They're serious solutions that have been developed both in the open source community to provide greater visibility into security. And there are things that the government has done to kind of create frameworks for compliance. And those are things that we work with, uh, in the open. So we have, ah, process that we call Compliance is code which can be found both inside of repositories like git Hub. But also on our website, where we articulate how our products actually work with those compliance frameworks, uh, the cryptographic a while authorizations and some of the certifications for technology that the government's put forward. >>So if it's compliance, is code like infrastructure is code, which is Dev Ops. What do you call it? Gov. Dev Ops or Gove ops Compliant ops. It's kind of get a little Dev ops vibe there. I mean, this is a really real question. I mean, you're talking about making compliance, automated. This is what Dev ops is all about, right? And this is this is kind of where it's going. How do you how do you expand more on that? Take a minute to explain. >>Sure. So it's a red hat. Over the last 20 plus years has been doing things that are now called Dev Ops or Dev SEC ops any number of combinations of those words. But the reality is that we've worked in in things like small teams. We've worked to make things like micro services, where you have a very well defined and discreet service that could be scaled up and then that's been incorporated into our products. But not only that, we release those things back Thio the open source community to make the broader Linux platform, for example, the broader kubernetes platform to make those things, uh stronger onto also get more visibility to some of those security items. So that there is a level of trust that you can have in the software supply chain is being created not only with ease, but the things that the customers of building based on these solutions. >>Yeah, that's a good point. Trust and all that compliance is, too. But also when you have that trust, now you have a product you wanna actually deploy it or have customers consume it. Um, it hasn't always been easy trade and cover. You got Fed ramp. I mean, I talked to Teresa cross about this all the time at a W s. You know, there's all kinds of, you know, things. You got hoops you gotta jump through. How are you guys making that? Easier, Because again, that's another concern you got. You guys got a great channel. You got the upstream. First, you've got the open source. Um, you know, enterprises certainly do great. And now you're doing great in public sector. How you guys making it easier for partners to on Ram Pinto. All these Fed programs? >>Yeah. So what I think about the application transformation that organizations are going through we have, especially in the open shift environment. We have what we call the operator framework, which allows operational knowledge to be used as code on. That's gonna be a kind of a running theme for us, but to be able to do these things as code, uh, whether it's things like our compliance operator, which allow you to do testing of a production environment, uh, testing of operational elements of your infrastructure to be able to test them for compliance is Phipps enabled our cryptographic libraries being used, and at what levels are they being used by simply the operating system where they're being used in the kubernetes environment? Are they even being used toe access AWS services? So one of the big things that is important for redhead customers that are moving into the cloud is the depth at which we can leverage the cloud provider services such as the AWS services, but also bring new application services that the customer may be familiar with on Prem, bring those into the environment and then be able to test. So you trust. But you verify on you provide that visibility and ultimately that accountability to the customer that is interested in using your solution in the cloud. And that's what one of those success criterias is gonna bay. >>Yeah, and speed to is a big theme. We're hearing speed agility. I mean, Julie has been talked about all time with Dev ops deficit cops, and you know all these ops automation, but speed deployment. This brings up to the point about we kind of teed up a little bit of the top of the interview, but there's been a big year for disruption, pandemic uncertainty, polarized political environment. Geopolitical. You got stuff in space congestion contention. There you got the edge of the network exploding. So we all new paradigm shifting going on everywhere, right? So, you know, and all the all the turmoil pandemic specifically has been driving a lot of change. How has all this disruption accelerated the public sector cloud journey? Because we were talking earlier, You know, the public sector and didn't have a big I T budget that was never super funded. Like enterprises, they're not flush with cash on board. The motivation was to kind of go slow. Not anymore. Sure anymore, >>I think. Ah, lot of organizations have drawn inspiration from those factors, right? So you have these factors that say that you have a limited budget on that necessity brings out the innovation right, And the especially for government organizations, the the the spirit of the innovation is something that runs deep in the culture. And when faced with those kinds of things, they actually rise to the occasion. And so I think about things like the US Navy's compiled to combat 24 program which were part of and that program is leveraging things like automation, dep, SEC ops and the agile methods to create new capabilities and new software on, as the program name says, it's compiled to combat in 24 hours. So the idea is that you can have software that is created a new capability deployed and in theater, uh, within a short period of time. That's very agile, and it's also ah, very innovative thing, and that's all leveraging red hats portfolio of products. But it's also their vision that and their methodology to actually bring that toe life. So we're very fortunate and very glad to be a part of that and continue to iterating that that way. >>It's nice to be on the road map of the product requirements that are needed now. They're never because the speed is super important and the role of data and all the things that you're doing and open source drives that trade Great to have you on sharing your insight. What? Just a personal question. Hyper scale partner leaders, your title. What does that mean? It means you're going to hyper scales. You're hyper scale who your partner is. Just take a minute to explain what you do it. It's fascinating. It >>definitely means that I'm hyper scale 100% thea Other thing It means we view the cloud service providers as hyper scale er's right. They have capacity on demand pay As you go this very elastic nature to what they do, they offer infrastructure a za service that you can then use for the foundations of your solutions. So as a hyper scale partner leader, what I do is I worked very closely with the AWS team. I actually super long story short. I came from a W S after spending about three years there, so understand it pretty well on, uh, in this particular case, I am working with them to bring the whole portfolio of red hat products, uh, not only onto the cloud for customers to consume in a self directed manner, but also as we build out more of these managed services across application services A i m l A Z you mentioned with things like co vid, uh, there are discrete examples of things like business process, management decision making, that air used in hospitals and inside of, uh, places within the government. You know, uh, that are really wrestling with these decisions. So I'm very pleased with, you know, the relationship that we have with a W s. They're great partner. It's a great opportunity to talk. Especially now it reinvent So these are all really good things and really excited Thio be the hyper scale partner leader. >>That's great that you have that they had the DNA from the best. You know how to do the working backwards stuff. You know, the cultures, both technical cultures. So very customer centric. So nice fit. Thank you for sharing that. And thanks for the insight into, uh, reinvent and red hat. Thank you. >>All right, that was great to be here and look forward to learning a lot. This reinvent >>great. We'll see on the interwebs throughout the next couple of weeks. Trayvon's hyper scale partner manager Really putting in the cloud to Red Hat and customers and public sector. This is our special coverage of the public sector day here at reinvent and ongoing coverage Cube virtual throughout the next couple weeks. John, for your host. Thanks for watching. Yeah,

(string music) >> Welcome to the Cube conversation here at the Cube studios in Palo Alto California, I'm John Furrier, cohost of the Cube and cofounder of Slip and Angle Media. We're here with Shlomi Ben Haim who's the founder and CEO of Jfrog, hot startup. I asked him to come in to chat about his business. In the dev/op space, we see him at a lot of shows, your company's doing well, we love the marketing, the frog thing is great, love it, very cool. But there's a lot of real serious action going on in the enterprise and in the cloud and in emerging tech, whether it's AI or machine learning, whether its innovative things, developers are front and center in the marketplace and there's a boatload of noise out there, there's like this approach, this approach, there's a lot of different approaches, but at the end of the day, the devs are driving a lot of innovation. You guys are at the center of it so welcome to the Cube. >> Thank you. >> First question for you, just take a minute to talk about what you guys do, Jfrog, what's your company, what's your business, what are you guys up to, what's your deal? >> The way I think that the community will describe us would be that we are the binaries people, we are taking care of your binaries. As you know in the dev/ops world, everything you do you do with your binaries, with your software artifacts, so I heard some of the community members call us the database of dev/ops and we are the providers of artifactory, bintray, xray and mission control which take care of your binaries, managing them, host them, distribute them and secure them. >> Open source event we were at, we saw you guys because I was doing all the interviews and you guys were right on the edge there, then you guys got some nice background images off the Cube videos, but it was really interesting. The trend is your friend as the saying goes and the number of open source projects is increasing, the actual lines of code is exponentially going to grow from 22 million to 200, 400 million lines of code over the next couple of years, that's hockey stick. More developers are coming in, not old school like me that built their own stuff from scratch, there's a lot of lego blocks in fact Jim Samlin said that 10% of the code will probably be original ideas and differentiation, 90% of most of the code will be a code sandwich, which I believe, I think that's the legit direction. How do you guys fit into that trend and what does that mean for your business because I can imagine, there's a ton of Git Hub stuff going on, tons of forking, tons of projects, you got block chain catching the world by storm, there is a massive developer tsunami going on. How do you guys help them? >> It's very interesting, when we started Jfrog, actually my co-founder Yoav Landman started by providing developers with a very dummy, basic solution to proxy, public repositories like Maven central and it was not about the code for the first time, it was about the binaries. Code is great and the line of code, as you said, it's going to go enormous but what happened is that when you need to automate, when you need to rebuild, when you need to release faster, you go down to the binary level, to the software artifact level and guess what, no one took care of your binaries before, you were just throwing your binaries to your version controller or file store, maybe you were hosting them. >> They were messy, it's like a kid with their room, all the stuff spread around all over the place, where's that binary, no one keeps track of it. >> Nobody care about that, but this is the one thing that you keep consuming, keep building with, keep recompiling and in the era of dev/ops, is the one asset that you need to automate and reuse. This is where we, >> The core problem if I get this right, is that compiling is going to be, if you think of dev/ops, it's infrastructure as code, as the phrase goes as we always say and programming infrastructure is what dev guys want to do, they don't want to be in the business of switching configurations, getting in the routers and the network. They want it to be just one layer of resource, serverless is a great trend for you, more and more developers are going to love this. They want to program, so when you're programming, the inherent next step is where's the code, who's compiling it, does it need to be compiled? Is that the core problem, that there's more and more stuff going on under the hood that needs to be managed? Is that growing part of your business solution or is the problem just lost binaries, what's the core problem? >> It's a perfect question. First of all, we are providers, we are the providers of the only universal solution. Binaries are not just for java developers, they are not just for python developers, they are not just for dot net developers, they are not just for docker users and the way you package it, binaries happens between your get and your CI server, let's say Jenkins, get and Jenkins and your Kubernetes. Something happens between those two sites. Your orchestration tool and your code repository tool. In this land is where binaries play a very significant role and this is where we are a major player. >> Is the problem error prone in that zone, in that zone it's like the wild west, it's like a black hole if you will, think about what you're saying, if I get it right. There's a lot of stuff that goes on in there, is it mismanagement, what's the core thing that you guys got to do there? >> Tons of binaries, too much public repositories that the community cannot rely on. You need to manage and host your own binaries, the ones that you create yourself, and to provide and this is the last strength we see in the market, big organization need to provide dev/ops as a service to their own developers, so they need to ask this very important asset that we call software artifact and binaries or darker images or whatever you want to call it. >> Yeah a lot of great trends going on, obviously containers and Kubernetes you mentioned. Let's get into those, that's driving a lot of change. Certainly containers has been around for a while, whether you call it wrappers or whatever, it's a great magical thing, we love containers, Kubernetes really gets the trend right, if you look at the google trend, you see Kubernetes has got so much more traction than containers, although I'm not saying one's more relevant than the other, certainly orchestration's important, linking and loading all these containers together. Why is Kubernetes accelerating the binary conversation? Is it because more rapid development is going on, more programmability's going on, why is Kubernetes impacting the binaries components more now than ever? >> Putting aside the need for automating and integrating, this whole orchestration solution requires some work on the binary level but if you think about what Kubernetes is trying to solve, or what the containers are all trying to solve is a better, faster release, better, faster deployment, better, faster delivery and then you can do it only if you will combine the power of the developers and the power of the machine and release faster. This is what we say in Jfrog, release fast or die because it's all about how fast can you release? >> Before we get into some of the product specific stuff, I want to ask you some pointed questions on that. I want to ask you about automation. AI is obviously hot, I love AI, even though it's hyped up, it still promotes great software development, machine learning really is where the meat on the bone is there, so machine learning and automation bots, whatever you want to look at it, is an opportunity to actually to create adaptive code. How did that new software paradigm affect binaries because I can almost imagine that if you got a bot going wild, it could screw up the binaries. >> Completely. >> So can you comment on that, that area. Obviously we want more bots, automation is a good thing on one level, but how do you guys look at that market as an opportunity, as a challenge, what's that whole AI thing look like? >> Well if we take a step back, I think the dev/ops started with the need to automate and release faster. It was like the playground of developers, we need a better integration, we need a continuous integration, we need better delivery, we need continuous delivery. If you think about it now, in 20/20 perspective, you understand that this was all milestones. The next big challenge is continuous updates. People like me, people like you, just want their devices and machines to be updated. >> And secure, look at Equifax. Equifax is a great example, they didn't update the code. >> Absolutely and it's flowing and just happening and secure and in the world of automation, the world of AI, I think that the big challenge or the next big challenge of dev/ops is how can I create a continuous update machine which is also secure and software update will just flow. It will not be something that you press I agree, I reboot and do any kind of crazy stuff in order just to get your software update. It's more about the user experience of all of us. It's not just developers and dev/ops companies anymore. >> That's a great vision by the way, I love that. It should work like that and programmable infrastructure for dev/ops should be programmable and always available and highly reliable. Mark Zuckerberg used to have the saying, move fast, break stuff, that's not a dev/ops ethos by the way, they built their own dev/ops, but then he kind of quickly waffled back to move fast, be reliable, because he got some religion on ops. Totally get that, let's go into today's world. That gives us a little future view, what is a use case for a customer? Take me through the day and the life of a customer that's using Jfrog, what are their problems, what are some of the things that are burning in their office? Where's the smoke, what's the problem that they have that they need to take care of the binaries? Sprawl of code, just mismanagement, what are some of the signals? Share with your view there. >> It starts with the fact that it's not your developer anymore that builds software. You have a CI server there that never goes to a lunch break, never take a break with Facebook, which by the way, it's a great company but sometimes it stop giving the time during the work time and you keep building and building like crazy. Your CI server keep producing binaries. >> It's an always on code machine basically. >> It's a binaries machine and it's being built 24 by seven and yes, you use just a portion of it but you have to host and manage all of it and if you will host it in your version controller, it will explode, if you will put it in a file store, it will not be something, >> Explode because of capacity? >> Because you cannot do any cleanups on the version controller, not get or subversion or the false or any of them, you don't do cleanups on version control. >> Hygiene is an issue. >> Yes, plus integration. You need to integrate with your records system, plus promotion, you need to allow and automate promotion of the specific bites that you build. >> So that's why people call you the database or I would even say the brains of binaries, you got to keep track of the goods if you will, it's like the crown jewel is the binary. >> Right. >> If I get that right, okay let's take it to the next level. You have good hygiene, you have good stuff going on, what are you guys doing specifically that gives you a differentiation of the market because is it software, is it hardware, what is the Jfrog differentiation? >> I think that the first thing that happened to us was that we realized that binaries is for everyone. If you remember Jfrog's slogans from 2010, it was binaries for the people. We felt like we are leading the revolution of taking care of your binaries and therefore, we decided that whatever we build, our philosophy base, our concept will be universal. We started with the Java community, Maven and Gradel and then the dot net community with Nougat and then when it came to be more like a dev/ops industry in 2013 or '14 was it, >> Roughly, 2008 to 2014 was really the cloud errati and then it grew and then it matured a little bit. >> And the combination of dev and ops and IT and then we started to support packages like Debian and RPM, beyond repositories, docker registry, we were the first docker registry in the market. >> You were riding the wave from the beginning. >> Yes. >> You were right there riding the binary wave with the native cloud growth, public cloud growth big time which by the way had a lot of iterations quickly. >> Which is also one of our differentiators, we are the only hybrid providers for your binary solution. We have it in the cloud, any cloud or on prem. >> Who's the competition? >> It's a very good question, on a niche level, we have companies like docker that provide a docker registry we have Cores that provide docker registry, by the way, anyone in the market now that want to have a docker registry, a container registry. On the Java Maven domains, Sonotype provide a nexus which is a binary repository manager for Java for Maven builds. NPM provide a solution for NPM but if you think about the universal solution that supports other, >> Those are siloed platform specific binaries. >> Yes. >> You're taking much more of a wholistic, horizontally scalable, any binary any time management. >> Exactly, we don't do the before and after, but in the binaries world, we want to be one solution for all. >> I get the whole registry thing, love that positioning. Just a dumb question, when someone's coming in and managing intermittently in the registry, how do you guys handle that piece? How do you know that a Java request coming in from a Java registry, you guys have a front end to this thing, is it your software, how do you guys manage the integration of requests to and from the binaries. >> The read and write to the repository you mean? >> Yes. >> Artifactor is a very sophisticated repository if I may say it's built more like a database, it's based on a check sum mechanism and not just a basic file store. >> You verify it coming in on the front end. >> Right, the parts and machine caching, managing, hosting and distributing, it's all happening in artifactor. >> And performance is as good? No problems with performance? >> Well we are the only provider that has a highly available solution with over 4000 customers, so I guess it is. >> You got a smile yeah, I see you at the shows. You got a good reputation so it's great to have you come in. I want to just take a minute to pause because I know we're having a great conversation, I could talk about CI servers til the cows come home, one of my favorite topics dev/ops, as people who have been following me since 2008 know, I love the cloud, cloud native vision from day one. There's a lot of people out there who don't know what the hell a binary is, so take a minute and explain, what is a binary and why is it such an important thing right now in context to open source growth, more developers coming in, context to enterprises trying to be cloud like and just for the general purpose, why are binaries important? Why should the general public, how would you talk about what is a binary? >> I'll try. I think that the main difference is that binaries are more like, maybe it's a basic metaphor, but binaries are more like fresh food, unlike freeze food. Your source code is freezed, you're not allowed to touch it, you're not allowed to clean it, you're not allowed to change it. Your one dot seal would be my one dot seal. It's kind of freeze food, this is why in dev for get and other player in this market are so important. We see how bit bucket with the class in and Git Hub are growing and still playing a significant role binaries are different, binaries is the fresh food. Something that you keep changing, any minute and you build with a specific binary something and then something else and it become another binary if I may say so. I think that the flexibility that you need to gain when you go on full automation and full integration is the flexibility that you can get on the binary level. You cannot get it on the code level. Therefore, binaries playing a very significant role in the cloud era and in the dev/ops era. >> Sure it allows for extensibility of source code. In a way what you're saying. You can eat the frozen food or you can chop up your own organic meal yourself. >> Exactly. >> Okay I get that, final question for you, thanks for coming in, appreciate the one on one on binaries there. People can always just go on Wikipedia and look at other definitions on stack overflow and whatnot. What is the customer value proposition for Jfrog? Why should I work with you, what's the main reason for you to have 4000 customers? What's driving them to use you? Is it just convenience? Is it scalability, all of the above? Just take a minute to explain why customers go to you and if people don't work with you, why should they work with you? >> I think that the biggest challenge today is that you want to treat binaries as first level citizens and instead of having an NPM repository, docker registry, Maven repository, python repository and there is no single organization that will have just one repository, you can have it all with Jfrog. The second thing we are the providers of highly available solution to protect your data centers so if you don't want your 1000 developers sitting down, waiting for the binary repository to be up and running and to allow the environment, then you probably want to, >> Productivity right there is one. >> Productivity and efficiency, absolutely. We are also providing it to secure your binary flow and the platform that distributes your binaries. We take binaries very seriously, over two billion downloads a month on bintray, our distribution hub and we work with the community and for the community, we are developers ourself, coming from the open source community so it's all bottom up and community friendly. >> Shlomi, great commentary, I want to just get a personal, take your Jfrog hat off for a minute, put your developer, executive, industry expert hat on. Share with the audience your view on the developer market. There's been a lot of negative press around the brogrammer lately and all these things, but trends are clear that you have massive growth in open source, comment on the role open source plays as it goes into some argue fifth generation, fourth, fifth generation, I remember when the first generation I was coding on. Those were the days but different, it's changed. You have so much code, it's really a party right now in open source, there's so much good stuff happening. Google's donating tensorflow, all these people putting real big libraries out there to code on. Kubernetes is just so awesome, system guys specifically love what's going on in the cloud. But cloud is exploding a lot of opportunities, IoT and AI, what's the developer market like right now, just share your thoughts, what's the sentiment, what's the excitement, what are the young kids doing? What are some of the big things that you see happening? >> From business perspective, what we see in the market is developers first of all taking decisions. They hear their managers coming with the pain and expect it to solve it and the bottom up process is something we never saw in the market. The last five, six years, we see more and more developers kind of educating their managers with how to do it and how to do it faster. The second thing and this is, >> So bottom up's happening now you're saying. >> Happening for the last five years and it's growing. The second thing we see in the cloud, you see it more than I am, Google and Amazon and Microsoft and Red Hat, everyone want a piece of the cloud, Orca now just announced two days ago, three days ago. Everyone want a piece of the cloud and everybody understand that data traffic comes from developers, it's not individuals, it's communities, the open source community is giant and it's a very, there's a very important player in the data traffic of what we call the cloud highway. >> And the communities are very most important piece, you would agree with that, right? We're very community focused, that's the key, right? >> Yes, absolutely. >> I think the world will be developer indoctrinated with basically developer premises across all business, so it's not a department anymore, it's permeating all through organizations. >> Right and also impact our user experience. People like simple people that doesn't understand code, they're not contributing to the open source world still need software updates and competitive analysis are talking about that, how fast can you release? >> Well Stu Miniman and Dave Alante and Peter Burris and I always talk about community is the key in open source, you guys have been very successful in the community. Congratulations, obviously we're very community focused with our content, with the Cube. If you like the Cube, check us out at cube.net, give us a call, come in the studio if you're a thought leader, love to chat with you. I'm John Furrier with the Cube, more thought leadership coverage in Palo Alto here inside the Cube. We'll be right back, thanks for watching. (electronic music)

>> Welcome back everybody, Jeff Frick here with theCUBE. We're at Node Summit 2017 in downtown San Francisco Mission Bay Conference Center, we've been coming here for years. The vibe is growing and exciting and some really interesting use cases in earlier sessions about how fast a Node adoption is happening in some of these enterprises and we're excited to have Michael Dawson. He's a software developer, but more importantly, he's a Node.js community lead for IBM. Michael welcome. >> Alright, thank you. It's great to be here. Nice to be able to talk to you and talk about Node.js and what's going on in the community. >> Just to get your impressions in terms of a temporal perspective, of how this has changed and evolved over time. A lot of talk about the community. I think the facility here only holds like 800 people. I think it's full to the capacity. You know, how has it been growing and kind of what's your perspective from a little bit of a higher point of view. >> It's really great, you know I was at Node Summit three years ago, and other conferences, and it's great to see that over the years how we get more and more people involved. Different constituencies, you know, more people who are deploying Node.js. And even just, you know, day-to-day we see a larger and larger number of collaborators who are getting involved in contributing to make the success of Node really grow and the functionality and all that great stuff. >> Jeff: Right. So what's your function inside of IBM as being kind of a Node advocate for the community I assume outside the walls of IBM, but then also inside the walls of IBM? >> So, I really have sort of the pleasure to be able to work out in the community. That's the large part of my job. But I also work very closely with our internal teams with a focus on Node.js, supporting it for our bundling products. IBM has about 50-60 products that bundle Node.js. We also support it through our platforms like Bluemix, and so I work with the team who supports those. You know if you're running Bluemix in Node it's the code that we've contributed and built. And our development approach is very much do that out in the community, so if a particular product needs some sort of feature we'll go out and work in the community to do that and then pull that back in to use it. So you see we have about 10 collaborators. I'm one of them and the great thing is that I get to be involved in a lot of the working group efforts like the N-API, the build work groups, the LTS work groups. And, you know, so my role is really to sort of bridge the community work that we do there to our internal needs and consumers as well. >> Right, so how is the uptake in the IBM world of this technology within all the different stats that you guys have? >> I work in the run time technologies team and we were called the Java Technology Center for a number of years, we're now called the Run Time Technology Center because we see it's a polyglot world with Node.js being one of the three key run times you know, it's Node.js, Java and Swift. [Jeff] - Right. >> And, we see that because we see our costumers as well as our products, you know, really embracing Node and using it in all sorts of places. They've mentioned earlier that Bluemix ARPAs is a very heavy user of Node.js in terms of the implementation of the UIs and the backend services, as well as Node.js is the biggest run time in terms of deployments in that environment as well. >> So it's interesting, we had Monica on earlier from Intel. I think you're going to be on a panel with her later today about benchmarking. >> Yeah. >> And she talked about that there's some unique challenges in trying to figure out how to benchmark these types of applications against kind of the benchmark standards of old. I wondered if you could share some of your thoughts on this challenge, and for the folks that aren't going to be here watching the panel, what are some of the topics that you want to make sure that get exposed in that panel. >> So, you know, I've been working with the benchmarking work group. I actually kicked it off a number of years back. The approach that we're following is we want to document the key use cases for Node, as well as the key attributes of the run time, like you know, like starting up fast, being small, the things that have made it successful. [Jeff] - Right. >> As well as the key use cases like a web front end, backend services for mobile, and then fill in that matrix with important benchmarks. I mean that's where one of the challenges comes in; other languages have a more mature and established set of benchmarks that different vendors and different people can use. >> Right. >> Whereas the work in the working group is to try and either find benchmarks and encourage people to write those benchmarks, and pull together a more comprehensive suite that we can use because performance is important to people, and as a community, we really want to make sure that we encourage a rapid pace of change, but be able to have a good handle on what's going on on the other side. >> Jeff: Right. >> And, having the benchmarks in place should be an enabler, in that if we can easily and quickly find out what a change impact has, a positive or negative, that'll help us move things forward as opposed to if you're uncertain it's a lot harder to make the decision as to which way you should go. >> It's funny on benchmarking, right, because on one hand, people can just poo-poo benchmarks because I'm writing my benchmark so that it beats your product and my benchmark, and you can write a benchmark the other way. But I think what you've just touched on is really important; it's really for optimization of what you're doing for improving your own performance over time. That's really the key to the benchmarks. >> Yeah, absolutely, the focus of the work in the benchmarking work group has been on a framework for like regression testing, and letting us make the right decision, not competition. >> Jeff: Right. >> I think that some of the pieces that we develop will perhaps factor into that, but the core focus is to get a good established set, and other individual companies can then maybe use it for other purposes as well. >> Jeff: Right. So Michael before I let you go I just wanted to get your perspective. You work for a big company. >> Michael: Yep. >> I don't think it's this as much anymore; there used to be a lot of opened source conferences people like oh we don't want the big people coming in, they're going to take it over. And to get your perspective of being kind of that liaison between kind of this really organic open source community with Node and big Blue back behind you, and how you kind of navigate that and in your experience of the acceptance of IBM into this community as well as your ability to bring some of that open source essos back into IBM. >> Right. You know, I found that it's been really great. I love this community, they've been very welcoming. I've had no issues at all, you know, getting involved. I think IBM is respected in the way that we've contributed. We're trying to contribute in a very constructive and collaborative way, you know, nothing that we do, do we really do on our own. If you look at the N-API, we're working with other individuals. People from different companies or just individual contributors to come to a consensus on what it should be, and to basically move things forward. So yeah, in terms of a big company coming in, you do hear some concerns, but I haven't seen any on the ground impediments or problems. You know, it's been very welcoming and it's been a great experience. >> Alright, very good. Alright, well, before I let you go, kind of final thoughts on this event where we are. >> It's a great event, I always enjoy being able to come and meet people. A lot of time you work on Git Hub you know somebody's handle, but there's nothing like making that personal connection to be able to like put the face to the name, and I think it affects your ongoing sort of interactions when you're not face-to-face. >> Jeff: Absolutely. >> So it's a really important thing to do, and that's why I like to come to a lot of these events. >> Alright, well Michael Dawson, we'll let you get back to meeting some more developers. Thanks for taking a few minutes out of your day. >> Thank you very much, bye. >> Absolutely, he's Michael Dawson from IBM. I'm Jeff Frick, you're watching theCUBE. Thanks for watching, we'll catch you next time.