(energetic music) >> Announcer: From our studios in the heart of Silicon Valley, Palo Alto, California, this is a Cube Conversation. >> Hi, welcome to our Palo Alto, California studios for another Cube Conversation, where we go in depth with thought leaders about some of the most pressing topics of the day in business and technology. I'm your host Peter Burris. One of the biggest challenges that any company faces is how to get more out of their people, even though we are increasingly distributed, we are increasingly utilizing digital means to interact and work together, and we are increasingly trying to do this with customers and with other third parties that are crucial to making business work, profitable, and grow revenue. A number of things have occurred in the last few years that are actually making it possible to envision how we can be more distributed and yet be more productive. And one of the most important ones is the use of video as a basis for connecting people. How're we going to to do that? Well, to have that conversation, we're here with David Maldow who's the CEO of, Let's Do Video. David, welcome to theCUBE. >> Hey, thanks for having me Peter, appreciate it. >> So, tell us a little bit about, very quickly, about, Let's Do Video, and then let's jump into it. >> Sure. Let's Do Video's, a boutique analyst blog on www.letsdovideo.com. We cover everything having to do with remote technology, anything that allows teams to be more productive whether they're working together or working across the country. >> All right, so in your name is, "video." Let's identify some of the key trends. What really is making it possible to utilize video in this way today where it really was nothing more than a promise made, put forward by a lot of companies 10 years ago. >> I think, well, there's been a lot of factors, but big part of that has been the cloud. A few years ago we had the big cloud software revolution in video conferencing. Before then you had to buy these expensive video appliances to have them at your workplace, and you really needed a team of experts to run them. By running the video in the cloud, all we need is our apps on our phones, and apps in our meeting rooms. And it makes it a lot easier, and it made it a lot more affordable. So, now it's available for everyone, and it was just a matter of whether we were ready for it, and appears that we are. >> So, we're getting the service that we need without having to worry about the technology that's required, the formats that are being employed, the operational complexities associated with video. Have I got that right? >> Yeah, actually there was a long list of reasons we weren't using video. Analyst like myself looked at the video conferencing industry and said, "Guys, you need to fix all of these things "or no one's going to use it. "It needs to be easier, one click to join. "It needs to be more affordable." The stuff was expensive. Needs to be reliable. Balls were dropping. It needs to use less bandwidth. It was taking over our networks. All of these things it needed to be, and they fixed all of that. And we promised if they fixed all of that, people would start to use it. Now we are seeing an absolute explosion in the market of people taking these apps into the workplace and actually using them. >> It seems to me, David, I want to get your take on this. That some of the early suppliers of some of these video related services were treating it largely as a means to an end, and typically that end was, what type of things can we put in the marketplace that's going to increase the amount of network bandwidth that's required so we can sell more networking equipment, or sell more networking services? Let me ask you a question. Because that has been fixed by utilizing the cloud. Does it now mean that we are getting a whole bunch of new technology companies that are stepping into the market place to provide video services as the end itself? And that's leading to better engineering, better innovation, and better customer experience? >> That's exactly what happened. We went from a top-down adoption model, to a ground-up adoption model. And what I mean by that is. It used to be a top-down thing, where these video conferencing companies would go talk to the CEO or CTO of a big company and do an amazing demo in the meeting room, and say, "look at this amazing video quality that you get." And they would show these studies that people like me help write (laughs), showing that if you do use video you'll be more productive. If you do use video you'll have more impact, and if you do use video you'll get all these benefits. So, buy this expensive stuff and then force your people to use them. And that didn't work 'cause they bought the stuff, and they tried to force people to use them. But, like we talked about, it was complicated. it was inconvenient. Now what's happening is, instead of the top-down we're getting the bottom-up. We're getting people walking into the workplace saying, "I'm using this app. I'm using this app. "I need video to talk to my teammates." And the boss CEO has to say, "Okay, okay, we'll accommodate that. "Don't use the consumer apps, though. "Let us find a nice business app that's secure for you." So instead of having, "You should use this "'cause we were sold on it." We're having a great new cloud video industry that's saying, "oh, let's give you what you want." >> So, when adoption happens from a bottom-up stand point, it means that the benefits have to be that much more obvious to everybody, otherwise, you don't get the adoption. So, what are some of the key productivity measures that this rank and file, this ground swell of interest in these technologies, are utilizing to evaluate and to judge how they want to use video within their business lives, workflows, engaging the customers, etc. >> For a long time it was just anecdotal. It just seemed obvious, if you, we all know that when you have a face-to-face meeting you get the work done. If it's a phone call, "oh, I'll explain to them why it's not done." We all know things get done more effectively in meetings. We all know a face-to-face meeting can last 20 minutes and get the work done. While a phone call can go on for hours. But now that we are starting to use it, instead of anecdotal, we're actually getting real data. Companies are reporting that they use to have a... Their web app development team used to take eight weeks before every release. Now they're doing it every six weeks. We're seeing real results. Frost & Sullivan, a big analyst firm in the space recently came out with some statistics. A survey of CEOs, CTOs, and they reported that using video among their team accelerated decision making. 86% of them agreed with that, 83% that agree, that it improves productivity, that's massive. 79% said it boosts innovation. So not only people getting more work done, more leading work, getting ahead of the competition, coming up with new things. And this is a huge one, 79%, this is self-reporting, believe that it improved their customer experience. We know, you know, the customer relationship is everything in sales. >> Why? >> Now we're actually measuring the results. >> Why is that, what is it about video that is so important to allowing us to not only accelerate workflows and achieve the outcomes, but also as we take on more complex workflows, even as we distribute work greater, what is it about video that makes the difference? >> There's a lot to it. I think a lot of it is that human connection. It's really hard to focus on a phone call. You lose track, I mean, you know, one of the reasons that my I named my company "Let's Do Video" is 'cause I'd be on the phone with a partner, a colleague, a teammate, and I'm like, "is he or she checking her email? "Did you hear, do I have to repeat what I just said?" We need to get work done, let's do video. And I think teams across all industries are finding that out now. Once they get on video, the work just gets done. >> But it's not just that they're on video, it's that they're utilizing video as a way of connecting with each other. That you can see whether or not somebody's paying attention to you at the most simple level. You can also register whether or not someone is a little bit agitated with what you're saying, even though you may not hear that on the phone. But video is being utilized as a way of adding to how other work gets done. It's not like we're suddenly, you know, putting a whole bunch of presentations up in the video. We're looking at faces, we're listening to people. We're having a connection as we work in other medium. Have I got that right? >> Exactly, yeah. I used to... When video conferencing first hit the scene 20 years ago, we were marketing it as a replacement for travel. Instead of flying across the country for that big meeting, you do it over a video. And what we realized is you still need to travel for that really, really big meeting once or twice a year, you still get on a plane. Video conferencing isn't getting rid of that niche meeting. It's not fixing that one big meeting, It's not cutting your travel costs. It's upgrading the phone call. It's upgrading the text message, the imChat. It's upgrading the e-mail. It's becoming, like you're saying, a part of how we're normally working. And it's changing the way remote workers see their teams. Let's Do Video, my team is completely remote. I've never met one of my teammates in person till we were two or three years in. We met up at an airport and said, "oh my God, I actually get to see you in three dimensions! "It's amazing!" And if we had started this company 10 years ago, I would say, I don't really have a team. I'm a sole guy, it's all me, I have some contractors. I send them an email, and a month later, they send me the result. But with video, I have a team, there's accountability. We're friends, we know what's going on with each other's lives. And there's a lot more motivation there, because instead of just, "Hey, you're my graphics person, "get this graphics for me. "You're my web person, fix the thing on the site." My colleagues, they're part of the team, and they want the company to succeed, 'cause they look at me in the face and they say, "I got this project done!" They feel good about it. It's a lot more of an investment, and it sounds like happy fluffy stuff, but it affects your bottom line. I don't think my... I know my company would not be as successful if I did not regularly meet with my team over video. >> Well, who doesn't want (laughing) a little bit of happy fluffy stuff every now and then? It's nice to bring a smile to your job. Let's pivot a little bit and just talk about the difference between internally to now externally. Because one of the other things that a lot of these video conferencing solutions offered, was they offered the opportunity to connect with video on a single network, your company's network with specialized end points. Now we're talking about trying to find new ways to enhance the experience that sales people have, service people have. Utilizing video to engage customers, to drive new types of experience, to drive new forms of revenue. How is video starting to alter the way we engage not just internally but also externally? >> That's more starting to happen than already happening. I think video in the workplace is becoming just a normal thing. I meet with my team over video. We're still finding ways to engage our externals. But the drive is definitely there, because we're seeing the results from working with our teams, and we know the impact. I think anyone in sales, they'll do anything to get that face-to-face meeting. They'll do anything to get you to come into their office or let you into their office to sit down. If you give a salesperson a choice between face-to-face or a phone call. That salesperson wants to be face-to-face. So, as we're getting the technology to make it easier for customers to get face-to-face with us, and partners, and externals. The demand will be there, and what's great is that the cloud enables that. The real problem is, like you said, they were on our own network. So, if I wanted to talk to a customer or a partner, I had to open a hole in my firewall, and let someone else into my network, and my IT people would go crazy. Now, the call's hosted up on whatever video conferencing company's cloud, it's safe. So, we're ready for that sort of thing. >> Lot of changes, lot of opportunities, tremendous potential. The types of changes we see in five years are going to dwarf the changes we've seen in the last five years. Again, as folks get used to using video internally, they're going to start demanding it as they engage each other externally as well. David Maldow, CEO of, Let's Do Video. Thanks for being on theCUBE. >> Thanks so much, this was fun. >> And once again, I'm Peter Burris. Until next time, thanks for watching. (upbeat music)

>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019 brought to you by Amazon Web service is and its ecosystem partners. >> Hey, welcome back, everyone to Cubes. Live coverage here in Boston, Massachusetts for eight of us reinforced Amazon Web service is inaugural event around Cloud Security. I'm Jeffrey Day Volante. Two days of coverage. We're winding down Day two. We're excited to have a year in The Cube Special guest, part of Big and that one of the big announcements. Well, I think it's big. Nerdy Announcement is the automated reasoning. Byron Cook, director of the Automated Reasoning Group within AWS. Again, this is part of the team that's gonna help figure out security use automation to augment humans. Great to have you on big part of show here. Thanks very much to explain the automated reasoning group. Verner Vogel had a great block post on All things distributed applies formal verification techniques in an innovative way to cloud security and compliance for our customers. For our own there's developers. What does that mean? Your math? >> Yeah, let me try. I'll give you one explanation, and if I puzzle, you all try to explain a different way. 300 So do you know the Pythagorean Theorem? Yeah, sure, Yeah. So? So that the path I agree in theory is about all triangles that was proved in approximately B. C. It's the proof is a finite description in logic as to why it's true and holds for all possible triangles. So we're basically using This same approach is to prove properties of policies of networks of programs, for example, crypto virtualization, the storage, et cetera. So we write software. This finds proofs in mathematics and this the proofs are the same as what you could found for thuggery and should apply into >> solve problems that become these mundane tasks of checking config files, making sure things are that worries kind of that's I'll give you an example. So so that's two in which is the T. L s implementation used, for example, in history. But the large majority >> of AWS has approximately 12,000 state holding elements, so that with if you include the stack of the heat usage, so the number >> of possible >> states it could reach us to to the 12,000. And if you wanted to show that the T. L s handshake Implementation is correct or the H Mac implementation is correct. Deterministic random bit generator implementation is correct, which is what we do using conventional methods like trying to run tests on it. So you would need, if you have, like, 1,000,000 has, well, microprocessors and you would need many more lifetimes in the sun is gonna admit light at 3.4 $4,000,000,000 a year to test to exhaustively test the system. So what we do is we rather than just running a bunch of inputs on the code, we we represent that as the mathematical system and then we use proof techniques, auto automatically search for a proof and with our tools, we in about 10 minutes or able to prove all those properties of s two in the way of your intimidates. And then we apply that to pieces of s three pieces of easy to virtual ization infrastructure on. Then, uh, what we've done is we've realized that customers had a lot of questions about their networks and their policies. So, for example, they have a complicated network worldwide different different availability zones, different regions on. They want to ask. Hey, does there exist away for this machine to connect to this other machine. Oh, are you know, to do all this all SS H traffic coming in that eventually gets to my Web server, go through a bastion host, which is the best, best practice. And then we can answer that question again, using logic. So we take the representation that semantics of easy to networking the policy, the network from the customer, and then the question we're asking, expressing logic. And we throw a big through their call ifthere improver, get the answer back. And then same for policy. >> So you're analyzing policies, >> policies, networks, programs, >> networks, connections. Yeah, right. And it to the tooling is sell cova. Eso >> eso eso basically way come with We come with an approach and then we have many tools that implement the approach on different, different problems. That's how you apply Volkova all underneath. It's all uses of a kind of tool called SMT inside. So there's a south's over, uh, proves theorems about formula and proposition. A logic and SMT is sat modular theories. Those tools can prove properties of problems expressed in first order logic. And so what we do is we take the, for example, if you have a question about your policies answering, answering semantic level questions about policies is actually a piece space problem. So that's harder than NP complete. We express the question in logic and then call the silvery and they get their answer back on Marshall it back. And that's what Volkova does. So that's calling a tool called CVC four, which is which is an open source. Prove er and we wenzel Koval. We take the policy three question encoded to logic. Call a Silver and Marshall answer back. >> What's the What's the root of this? I mean, presumably there's some academic research that was done. You guys were applying it for your specific use case, But can you share with this kind of He's the origination of this. >> So the first Impey complete problem was discovered by a cook and not not me. Another cook the early seventies on. So he proved that the proposition a ll satisfy ability problem is impeccably and meanwhile, there's been a lot of research from the sixties. So Davis and Putnam, for example, I think a paper from the mid sixties where they were, we're trying to answer the question of can we efficiently solved this NP complete problem proposition will satisfy ability on that. Researchers continue. There have been a bunch of breakthroughs, and so now we're really starting to see very from. There's a big breakthrough in 2001 on, then some and then some further breakthroughs in the 5 4008 range. So what we're seeing is that the solvers air getting better and better. So there's an international competition of Let's Save, usually about 30 silvers. And there's a study recently where they took all of the winners from this competition each year 2001 5 4008 30 2002 to 2011 and compared them on the same bench marks and hardware, and the 2002 silver is able to solve 1/4 of the benchmarks in the 2011 solved practically all of them and then the the 2019 silvers, or even better. Nowadays they can take problems and logic that have many tens of millions of variables and solve them very efficiently. So we're really using the power of those underlying solvers and marshaling the questions to those to those overs, codifying thinking math. And that's the math. The hour is you gave a talk in one sessions around provable security. Kind of the title proves provable. >> What's what is that? What is that? Intel. Can you just explain that concept and sure, in the top surfaces. So, uh, uh, >> so mathematical logic. You know, it's 2000 years old, right? So and has refined Sobule, for example, made logic less of a philosophical thing and more of a mathematical thing. Uh, and and then automated reasoning was sort of developed in the sixties, where you take algorithms and apply algorithms to find proofs and mathematical logic. And then provable security is the application of automated reasoning to questions and security and compliance. So we you wanna prove absence of memory, corruption errors and C code You won't approve termination of of event handling routines that are supposed to handle security events. All of those questions, their properties of your program. And you can use these tools to automatically or uh oh, our find proofs and then check The proofs have been found manually. That's what that's >> where approvable security fix. What was the makeup of the attendee list where people dropping this where people excited was all bunch of math geeks. You have a cross section of great security people here, and they're deep dive conversations Not like reinvent this show. This is really deep security. What was some of the feedback and makeup of the attendees? >> Give you two answers because I actually gave to talks. And the and the answers are a little bit different because the subject of the talk So there was one unprovable security, which was a basically the foundation of logic And how we how Cheers since Volkova and our program, because we also prove correctness of crypto and so on. So those tools and so that was largely a, uh uh, folks who had heard about it. And we're wanting to know more, and we're and we're going to know how we're using it and trying to learn there was a second talk, which was about the application of it to compliance. So that was with Tomic, Andrew, who is the CEO of Coal Fire, one of the third party auditors that AWS uses in a lot of customers used and also Chad Wolf, who's vice president of security, focused on compliance. And so the three of us spoke about how we're using it internally within eight of us to automate, >> uh, >> certification compliance, sort of a commission on. So that crowd was really interesting mixture of people interested in automated reasoning and people interested in compliance, which are two communities you wouldn't think normally hang together. But that's sort of like chocolate and peanut butter. It turns out to be a really great application, >> and they need to work together to, because it is the world. The action is they don't get stuck in the compliance and auditing fools engineering teams emerging with old school compliance nerds. So there's a really interesting, uh, sort of dynamic to proof that has a like the perfect use casing compliance. So the problem of like proving termination of programs is undecided ble proving problems and proposition a logic is np complete as all that sounds very hard, difficult and you use dearest six to solve this problem. But the thing is that once you've found a proof replaying, the proof is linear and size of the proof, so actually you could do extremely efficiently, and that has application and compliance. So one could imagine that you have, for example, PC I hip fed ramp. You have certain controls that you want to prove that the property like, for example, within a W s. We have a control that all data dressed must be encrypted. So we are using program verification tools, too. Show that of the code base. But now, once we've run that tool that constructs a proof like Euclid founded the sectarian serum that you can package up in a file hand to an auditor. And then a very simple, easy to understand third party open source tool could replay that proof. And so that becomes audit evidence. It's a scale of total examples >> wth e engineering problem. You're solving a security at scale. The business problem. You're solving it. Yeah. His customers are struggling. Just implementing There just >> aren't enough security professionals to hire right? So the old day is, the talk explains. It's out there all on YouTube's. The people watching the show can go check it out. But I am by the way I should I should make a plug for if you Google a W s provable security. There's a Web page on eight of us that has papers and videos and lots of information, so you might wanna check that out. I can't remember what I was answering now, but >> it's got links to the academic as >> well. Oh, yes. Oh, yes. That was the point that Tommy Kendra is pointing out, as in the old days, you would do an audit would come in to be a couple minutes box that we win this box. You check a few things to be a little network. Great. But now you have machines across the world, extremely complex networks, interaction between policies, networks, crypto, etcetera. And so there's There's no way a human or even a team of human could come in and have any reasonable chance of actually deeply understanding the system. So they just sort of check some stuff and then they call it success. And these tools really allow you to actually understand the entire system buyer and you guys doing some cutting edge work, >> folks watching and want to know how math translates into the real world with all your high school kids out their parents. This is stuff you learn in school like you could be played great work. I think I think this is cutting edge. I think math and the confidence of math intersects with groups. The compliance example audited example shows that world's gonna come together with math. I think this is a big mega trend. It's gonna not eliminate the human element. It's going augment that so great stuff, its final question just randomly. And while you're here, since your math guru we're always interested, we always covering our favorite topic of Blockchain, huh? We believe that a security conference is gonna soon have a Blockchain component because because of the mutability of it, there's a lot of math behind it. So as that starts to mature certainly Facebook entering him at their own currency. Whole nother conversation you don't want to have here is bring a lot of attention. So we see the intersection of security being a supply chain problem in the future. Your thoughts on that just generally. So So the problem of proving programs is undecided, and that means that you can't build a general solution. What you're gonna have to do is look >> for niche areas like device drivers, networks, policies, AP, I used to dream crypto et cetera, and then make the tools work for that area, and you will have to be comfortable with the idea that occasionally the tools aren't gonna be able to find an answer. And so the Amazon culture of being customer obsessed and working as closely as possible with the customer has been really helpful to my community of of logic, uh, full methods, practitioners, because they were really forced to work with a customer, understand the problem. So what I've been doing is listening to the customer on finding out what the problems with concerns. They are focusing my attention on that. And I haven't yet heard of, uh, of customers asking for mathematical proof on crypto currency Blockchain sorts of stuff. But I'm I I await further and you're intrigued. Yeah, I'm s I always like mathematics, but where we have been hearing customers asked for help is for Temple. We're working on free Our toss s o i o T applications Understand the networks that are connecting up the coyote to the cloud, understanding the correctness of machine learning. So why, why So I reused. I've done some machine learning. I've constructed a model. How do I know what it does? And is it compliant? Does it respect hip fed ramp PC, i et cetera, and some other issues like that. >> There's a lot of talk in the industry about quantum computing and creating nightmares for guys like you. How much thought given that you have any thing that you can share with us? >> Yes. Oh, there's there's work in the AWS crypto team preparing for the post quantum world. So imagine Adversary has quantum computer. And so there are proposals on eight of us has a number of proposals, and we've and those proposals have been implemented. So their standards and we've our team has been doing proof on the correctness of those. So, actually, in the one of my talks, I think the talk not with Chad and Tom. I show a demo of our work to prove the correctness of someplace quantum code. >> So, Byron, thank you for coming on the inside. Congratulations on the automated reason. Good to see it put in the practice and appreciate the commentary. Thank you very much. Thank you. Here for the first inaugural security cloud security event reinforced AWS is putting on cube coverage. I'm John Fairy with Day Volonte. Thanks for watching

>> Narrator: From Austin, Texas. It's theCUBE, covering KubeKon and CloudNativeCon 2017. Brought to you by Red Hat, the Linux Foundation, and theCUBE's ecosystem partners. >> Hello everyone, welcome back to our live exclusive coverage of the CloudNative Conference and KubeKon, put on by the Linux Foundation. I'm John Furrier, the co-founder of SiliconAngle Media. My co-host Stu Miniman, we're here breaking down all the action in the tsunami of open source developers, a renaissance of software development. As you know I've been talking about our next guest. We're excited to have Kelsey Hightower, who's the co-chair of the committee here for the program for this awesome conference that's exploding, but is also a staff engineer at Google, known in the industry as a very active participant. Kelsey, great to have you on. >> Awesome, happy to be here, feel like I've made it now. >> Well, not really, you make it every day on Twitter, we follow you, I mean, you've been an active voice, and it's been fun to watch this community. We've been present at the creation of KubeKon, and we've been watching the evolution, really kind of, the, it's like jello that kind of forms in the refrigerator. A couple years ago, you saw it come together, containers, microservices, the drive or the tailwind for now Kubernetes orchestration opportunity, it's changed the game. What is the bottom line? How is Kubernetes, because, everything was all about containerization, that was going to change the world, but it kind of did, but it's evolving. What's so important about Kubernetes? >> I think Kubernetes is really an actual thing you can use that takes all the ideas we've been working on for the last 20 years, and just gives us a new starting point. So, less about changing the game, but actually making the game available to everybody, right. So, we always talk about containers as this revolution, but you think about containers as more like, let's take VMs and make them faster to use, shrink them down, and then the configuration management world of deploying those things, Kubernetes wraps all that hard-to work into a single thing, and if you start there it feels like you just leapfrog where you were. >> Kelsey, I want to ask on that, so much we get excited about, you know, the cool little tool, but it's about the patterns, it's about what I can build with it. When I look at this community, you know, that boring infrastructure stuff is important, but it's about building the applications and what I can do with it that we seem to really see coming out of this event. >> Yeah, Kubernetes represents the experience of like the Red Hats, the CoreOS's, the Googles of the world into a thing you use. So when I talk about Kubernetes, is like when we solve a new problem, just like in Linux, it rolls back into the platform, but it covers this big problem set that almost anyone writing software has, and I think this is why the traction of Kubernetes is so big so fast. >> So many successes, I mean, I just love watching the tech evolution. Uber, Lyft, Netflix, building scale software on open source. And there are a lot of success stories. Two things jumped out at me in the keynote. Pluggable architectures and service meshes, two dynamics that are pretty instrumental and part of it. It sounds intoxicating and it's cool, but then if I'm just a practitioner out there, and like, all the other stuff I'm used to is hard, what about security and storage? So, there is a lot of other things that are important to customers, the blocking and tackling, storage networking, whatever, and then new things are coming to the table. So you've got new vocabulary, new concepts, combined with the existing, pre-existing, old guard concepts like storage, networking. How does that, how do you connect that? So, for the person who's running IT, or the CIO or the person doing technical architecture in a large, big IT department or company, they got to grok this. How do they figure it out, how do you dissect it? >> So the problems didn't change. Your app takes input, does something, produces output. About 30 years in the making now, that doesn't change. Kubernetes doesn't change that, containers doesn't change that. So I think all this stuff, if you look at what you've been building your whole career, all the bash scripts, all the tools that you brought in, their whole goal was to let you focus on building those applications. We've taken all of those things, realized what the patterns were, so if you look at Kubernetes and you lay out OS on top of all the storage, the compute and the networking and just says hey, here's a new set of primitives, and we're going to make it easy to consume those. And then the next level on top of that, security, is inherently baked in for the most part. So, I used to work in finance. When you look it and say, what's running? Most people can't answer that question. Not easily, or with a straight face. In Kubernetes, we have a declarative object that tells you, these are the things running, they were started at this time by this person. That's what you get by default, even though we don't talk about it as a security primitive, it totally is. >> How, hold on, so declarative continues innovation and integration, how is, why is that important? Does that speak to the distributed nature of it? I mean, why is declarative piece so important? >> So, distributed, I think a lot of times people have been dealing with distributed systems for a long time without understanding how to actually deal with the patterns. So we've just been doing it badly. Once you add more than one machine to your stack, you now have a distributed system. But we've been able to deal with this with like the meet cloud, through a bunch of people at it, right. And everyone just deals with their subsection of the servers. Now we're just laying a thing that lets you treat it like one, single machine, that's how we now start to think about this new problem. So, once you start to have that kind of, those primitives at your disposal, it just changes the way you tackle this particular problem. So, I'm not sure that this is like a whole new mind shift required. It's just that now you can just rebase, right. Like with the mobile phone, you're not necessarily writing apps at the very low level anymore, you're writing way up here with a bunch of new abstractions. >> So you brought up security hits. You know, one of the hot button topics, you know there's the low level, like, wait, do I put it in a VM, or do I do it at the container level, you know, what do you see as kind of the state of security in this space. What do we still need to do? >> There's two levels of this, right. There's the security in my app, so no matter how great Kubernetes gets, no matter how great we do at the very low level of like, this container shouldn't do these things, you still have this layer where your app will set requests from your users, and more than likely, that's where your problems are going to be. No one's doing brute force anymore, I'm just going to come in, on the port that your security team opened, and I'm going to abuse your app, because there's probably some hidden behavior that you are unaware of. So that level of security, we hope that that industry starts to have more people focus at that real value layer, than the stuff down here. So Kubernetes may take care of this down here, so we talk about the declarative piece. I know that this is what's running on these machines, and I can be assured of it, you can actually assert things, and that's part of security. Is it working the way you intended it to work? >> So it decouples security, is what you're saying. Do it, keep it at the declarative level, infrastructure, let the app guys fend for themselves, or is that. >> It's more it's like, let's make it easy to do the right thing. Kubernetes doesn't solve all the problems, but the problems it does solve we make security just be a built-in primitive. >> That's a good argument, it should solve its own problem, not try to do too much. >> But the pattern's now, we start talking about security, if you think about Istio, that goes a little bit higher up the security stack, it also takes a declarative approach. So when you say only these apps can talk to each other, you can declare that, and let the system do the enforcement rather than people. >> Okay I got to give you kind of the question on demographics shift in the developer community here. Obviously the growth is big, the numbers are here, better than all the other events combined. How do you break down the, if you had to draw a line in the sand, kind of infrastructure developers, configuration management, provisioning, all that stuff, to kind of pure app developers who say, hey, I'm devops, I don't really, I'm just want serverless, I want a full pool of resources, all that stuff's taken care of. How would you kind of, 60 40, 30 to 70, how would you, because we've got a lot of new people in here. What's the numbers in your mind? Just guess. >> In my mind I would probably say, this movement has about 70% of people who identify themselves as I'm a developer, I really want a different set of primitives so I can move on. If you look at the last maybe five to ten years where you've been brought into devops, you now have been exposed to infrastructure, and if you're going to be exposed to infrastructure, you want this kind of infrastructure, and not what you had before. And I think the ops people took a little longer. They were like, ah, I don't know, this just looks like something that doesn't solve my problems, or it's only for startups. Now we're starting to see that it'll work for almost any workload, if you understand what Kubernetes is trying to do >> It's hard to parse through the developer definition. >> Well, I mean, look it's 4,000 people here this time, right. We started with 300 people, maybe 500, and now we're at 4,000. You're starting to see everyone say all right, Kubernetes has a spot for me, here's how I contribute and leverage the platform. >> Kelsey, what do you say to people that look at this environment and say it's too complex. There's layers and layers, and I learn one piece, and it's changing constantly. This opportunity, threat, you know-- >> Here's the thing, everything is life is too complex. Anything you don't understand is too complex, okay. But if I go to your company and say, how long will it take me to learn all of your systems? Years, probably. Not everyone knows everything, so I think all these things by their very nature are complex. But if you think about what Kubernetes does, it at least takes all that complexity and gives it an API. You can now reason about it. So if you take the time to learn Kubernetes, all of this stuff from how do I deploy my app, to how we manage the hardware, at least has a defined API for the first time. It isn't going to be random from corporation to corporation, we're now aggregating the complexity and giving it a name. >> In your mind, how you would you define a high-quality pluggable architecture to leverages the goodness of Kubernetes. What does that look like, how should someone kind of check their, checksum their code, if you will, look at it and say okay, that's a pluggable architecture? What does it look like? >> So Kubernetes, if you think about it, the whole thing is extensible. So when people talk about the complexity, it's because there are a lot of moving pieces. So it was designed to leverage its own API since day one. So if you want to add a new scheduler, the thing that does, where does this application run, our current scheduler uses the Kubernetes API to do that, you can bring in your own, and Univa's a good example from two years ago, adding their own scheduler to Kubernetes. If you want like a TLS certificate from Let's Encrypt, there's a very obvious way that you would do that in Kubernetes. So our whole platform is API-driven from the outset. >> John: And the benefit of that is integration, right? >> Integration, extensibility, like, one thing that has always plagued our industry is, you buy this big software package, you want to do something custom, and now you're screwed. Now what you have is, we expect it to be extended, and your technology partner of choice will be able to extend it in a way that you can actually upgrade the thing. >> All right, so slightly different area. Kubernetes now, there's what, 42 certified partners out there. Will anybody make money on it? I come in saying, I don't think it's directly, I think it more like the cloud platforms, the other platforms. What's your take on the whole business aspect of this? >> I think it's kind of like Linux. How many people make money on Linux. I think even the people that do make money on Linux, it's the support, it's the service, and I think Kubernetes sets the stage for technology partners. You can't just sell me Kubernetes and walk away. You have to give me Kubernetes and envision how my business will extend on top of it. So, I want to do machine learning. Kubernetes is a great platform for doing machine learning. The value is above that, with the machine learning and all that other stuff. What's your take on the dynamic of all contributors here. I know joining Google, one of the reasons if I remember right from reading, you know, it's just, their participation in open source. Microsoft, big on open source, Adrian Cockcroft was in the keynote this morning, talking about AWS's participation. What your take? >> Honestly if you're a big provider, the value is not proprietary software for you. I'm in a cloud provider, we sell CPU cycles. If you want to use Mesos to spin those CPU cycles, that's great. We happen to believe in Kubernetes, so we provide that based on our experience. So to me, Kubernetes is much more part of our experience, than it is something just, we're all here trying to compete in the market. So, that's why I think people find it valuable, it solves problems that you have and share amongst your peers. >> What's your advice to app developers? Because the impact seems to be obviously to the value creation is going to be on solving problems in a way, new creative way, and again, we're predicting in theCUBE that we're going to see a swing back to the craftsmanship of software development. I mean Agile's great, and it kind of took that craftsmanship, but it de-risked it because you could make it run faster. But we're seeing a renaissance around craft, artisanship. Not just UI, I'm talking about real value. Style change, cultural impact, that's in a value opportunity. Your thoughts? >> When you talk about craftsmanship, the thing that we always look at when craftsmanship, we always talk about how long it takes to do something. I made this by hand. This was aged for 50 years before we drink it. And I think what we're doing now in the enterprises, we don't have time now to focus on the craft, I need it by Friday. And I also got to figure out the infrastructure first. So when you get things like Kubernetes, and then you layer on platforms like serverless and these PaaS's that sit on top, now you can actually focus on craftsmanship. Let me get this library right. Or, if there's another company that has already figured it out, and they've taken 10 years to get that library perfect, I get to actually use their hand-crafted piece in my hand-crafted piece, and then we start to get to the actual visions. So, I think the key missing element today is time. These platforms get you your time back, then you can actually invest in that craftsmanship. >> All that heavy lifting around redundant stuff that you shouldn't have to do, I mean, hell, I'm old, I remember how we used to have to do our own graphics libraries, now it's like, the artisanship is coming back. I 100% agree with you, but this is an opportunity that no one's yet monetized because it had never existed before, at this level of speed, reliability. >> They're monetizing, you're seeing the business monetizes. So remember, I don't necessary think that the vendors, the traditional IT vendors will be the one that monetize this, it's going to be the Netflixes of the world, the people that have an idea and they to market and then within two years, they have this large control of the market, because now they look at it and say, start with Kubernetes, grab Prometheus, grab these pieces that have been handcrafted by a large community that cares, and we're just going to focus on my business piece. That's who's cashing in. >> The value is shifting, the value is shifting. >> Kelsey, you mentioned time. First of all I want to say thank you for giving us some time and this community. I've seen so many examples, people are like, Kelsey Hightower gave me a call and talked to me for 10 15 minutes, you know, I'm nobody, podcasts, writing, everything else. How do you keep on about it, how do you look and see kind of this community continue to grow? >> Honestly you got to be, I'm a people person. And people are like, no, no, you work at a vendor, you're super biased. It's like, no, I am actually a people person >> You work at a vendor? >> Yeah, exactly. So for me, the people are first, because these people helped me get to where I am today, and I'm super appreciative of it. So when I get a chance, someone DMs me on Twitter and says, hey, Kelsey, I'm trying to reinvent my career. If I'm busy, I say call me. And I pick up the phone and say hey, how are you doing? Here's what worked for me. I'll listen for a while and say hey, here's my professional opinion, and I don't actually mind when other people do well. And I think a lot of times you want to shine by ourselves so much that we don't want to give away the secret sauce too early, because then I might be able to shine. I actually find it very enjoyable if I helped you with your talk, and you go and you rock the stage, and you go back to work and you get promoted, and then you tell me, hey, I really appreciate that. I found the ability to say you know what, you win, I win. >> You know, pay it forward in community is critical, that is a great example. More people should do it, congratulations. Paying it forward is all about selflessness. >> But it feels good when you do it. People don't understand, it feels good when you're around people that also feel good. >> You're so selfish with your selflessness. >> There you go (laughs). >> All right, final question for you. By the way, everyone should be like that because that's what communities do, good, thriving, robust communities help each other, they might be a little bit cocky but that's swagger, I like that, but, helping people's key. You have some good swagger, we appreciate your work on Twitter. My final question, your talk. What are you going to be talking about?6 What's the keynote like? Give a preview. >> So the preview is that I was going through the release notes of Kubernetes, and it's actually boring. 1.9, if you look at what we're shipping, it's all about stability, it's all about delivering the promises we made years ago, they're finally becoming V1 now. That's about it. There's nothing that I'm going to change in my cluster because of 1.9, and that's the major feature. We've been talking about getting infrastructure to become boring, and when I can look at a new release of Kubernetes and not freak out that I have to go change a bunch of stuff, we've finally done it. We've done the part that we're designed to do. So what I want to do is say hey, if Kubernetes is boring, where does the excitement live, and what does it look like? So I'm going do a lot of live demos of here's what it looks like when you're doing it correctly from my point of view, based on experience. >> Boring is calm, boring is reliable, the action is on top >> There you go. >> All right. Kelsey Hightower, thank you so much, it's been a time. Appreciate you coming on theCUBE, and sharing your insights and commentary. You'd be a great CUBE analyst, we'd love to have you on anytime. I'm John Furrier, Stu Miniman here at CloudNativeCon KubeKon live in Austin, Texas. Back with more live coverage after this short break.