>>Good afternoon, brilliant humans, and welcome back to the Cube. We're live in Detroit, Michigan at Cub Con, and I'm joined by John Furrier. John three exciting days buzzing. How you doing? >>That's great. I mean, we're coming down to the third day. We're keeping the energy going, but this segment's gonna be awesome. The CD foundation's doing amazing work. Developers are gonna be running businesses and workflows are changing. Productivity's the top conversation, and you're gonna start to see a coalescing of the communities who are continuous delivery, and it's gonna be awesome. >>And, and our next guess is an outstanding person to talk about this. We are joined by Stephen Chin, the chair of the CD Foundation. Steven, thanks so much for being here. >>No, no, my pleasure. I mean, this has been an amazing week quote that CubeCon with all of the announcements, all of the people who came out here to Detroit and, you know, fantastic. Like just walking around, you bump into all the right people here. Plus we held a CD summit zero day events, and had a lot of really exciting announcements this week. >>Gotta love the shirt. I gotta say, it's one of my favorites. Love the logos. Love the love the branding. That project got traction. What's the news in the CD foundation? I tried to sneak in the back. I got a little laid into your co-located event. It was packed. Everyone's engaged. It was really looked, look really cool. Give us the update. >>What's the news? Yeah, I know. So we, we had a really, really powerful event. All the key practitioners, the open source leads and folks were there. And one of, one of the things which I think we've done a really good job in the past six months with the CD foundation is getting back to the roots and focusing on technical innovation, right? This is what drives foundations, having strong projects, having people who are building innovation, and also bringing in a new innovation. So one of the projects which we added to the CD foundation this week is called Persia. So it's a, it's a decentralized package repository for getting open source libraries. And it solves a lot of the problems which you get when you have centralized infrastructure. You don't have the right security certificates, you don't have the right verification libraries. And these, these are all things which large companies provision and build out inside of their infrastructure. But the open source communities don't have the benefit of the same sort of really, really strong architecture. A lot of, a lot of the systems we depend upon. It's >>A good point, yeah. >>Yeah. I mean, if you think about the systems that developers depend upon, we depend upon, you know, npm, ruby Gems, Mayn Central, and these systems been around for a while. Like they serve the community well, right? They're, they're well supported by the companies and it's, it's, it's really a great contribution that they give us. But every time there's an outage or there's a security issue, guess, guess how many security issues that our, our research team found at npm? Just ballpark. >>74. >>So there're >>It's gotta be thousands. I mean, it's gotta be a lot of tons >>Of Yeah, >>They, they're currently up to 60,000 >>Whoa. >>Vulnerable, malicious packages in NPM and >>Oh my gosh. So that's a super, that's a jar number even. I know it was gonna be huge, but Holy mo. >>Yeah. So that's a software supply chain in actually right there. So that's, that's open source. Everything's out there. What's, how do, how does, how do you guys fix that? >>Yeah, so per peria kind of shifts the whole model. So when, when you think about a system that can be sustained, it has to be something which, which is not just one company. It has to be a, a, a set of companies, be vendor neutral and be decentralized. So that's why we donated it to the Continuous Delivery Foundation. So that can be that governance body, which, which makes sure it's not a single company, it is to use modern technologies. So you, you, you just need something which is immutable, so it can't be changed. So you can rely on it. It has to have a strong transaction ledger so you can see all of the history of it. You can build up your software, build materials off of it, and it, it has to have a strong peer-to-peer architecture, so it can be sustained long term. >>Steven, you mentioned something I want to just get back to. You mentioned outages and disruption. I, you didn't, you didn't say just the outages, but this whole disruption angle is interesting if something happens. Talk about the impact of the developer. They stalled, inefficiencies create basically disruption. >>No, I mean, if, if, so, so if you think about most DevOps teams in big companies, they support hundreds or thousands of teams and an hour of outage. All those developers, they, they can't program, they can't work. And that's, that's a huge loss of productivity for the company. Now, if you, if you take that up a level when MPM goes down for an hour, how many millions of man hours are wasted by not being able to get your builds working by not being able to get your codes to compile. Like it's, it's >>Like, yeah, I mean, it's almost hard to fathom. I mean, everyone's, It's stopped. Exactly. It's literally like having the plug pulled >>Exactly on whenever you're working on, That's, that's the fundamental problem we're trying to solve. Is it, it needs to be on a, like a well supported, well architected peer to peer network with some strong backing from big companies. So the company is working on Persia, include J Frog, which who I work for, Docker, Oracle. We have Deploy hub, Huawei, a whole bunch of other folks who are also helping out. And when you look at all of those folks, they all have different interests, but it's designed in a way where no single party has control over the network. So really it's, it's a system system. You, you're not relying upon one company or one logo. You're relying upon a well-architected open source implementation that everyone can rely >>On. That's shared software, but it's kind of a fault tolerant feature too. It's like, okay, if something happens here, you have a distributed piece of it, decentralized, you're not gonna go down. You can remediate. All right, so where's this go next? I mean, cuz we've been talking about the role of developer. This needs to be a modern, I won't say modern upgrade, but like a modern workflow or value chain. What's your vision? How do you see that? Cuz you're the center of the CD foundation coming together. People are gonna be coalescing multiple groups. Yeah. >>What's the, No, I think this is a good point. So there, there's a, a lot of different continuous delivery, continuous integration technologies. We're actually, from a Linux Foundation standpoint, we're coalescing all the continued delivery events into one big conference >>Next. You just made an announcement about this earlier this week. Tell us about CD events. What's going on, what's in, what's in the cooker? >>Yeah, and I think one of the big announcements we had was the 0.1 release of CD events. And CD events allows you to take all these systems and connect them in an event scalable, event oriented architecture. The first integration is between Tecton and Capin. So now you can get CD events flowing cleanly between your, your continuous delivery and your observability. And this extends through your entire DevOps pipeline. We all, we all need a standards based framework Yep. For how we get all the disparate continuous integration, continuous delivery, observability systems to, to work together. That's also high performance. It scales with our needs and it, it kind of gives you a future architecture to build on top of. So a lot of the companies I was talking with at the CD summit Yeah. They were very excited about not only using this with the projects we announced, but using this internally as an architecture to build their own DevOps pipelines on. >>I bet that feels good to hear. >>Yeah, absolutely. Yeah. >>Yeah. You mentioned Teton, they just graduated. I saw how many projects have graduated? >>So we have two graduated projects right now. We have Jenkins, which is the first graduated project. Now Tecton is also graduated. And I think this shows that for Tecton it was, it was time, the very mature project, great support, getting a lot of users and having them join the set of graduated projects. And the continuous delivery foundation is a really strong portfolio. And we have a bunch of other projects which also are on their way towards graduation. >>Feels like a moment of social proof I bet. >>For you all. Yeah, yeah. Yeah. No, it's really good. Yeah. >>How long has the CD Foundation been around? >>The CD foundation has been around for, i, I won't wanna say the exact number of years, a few years now. >>Okay. >>But I, I think that it, it was formed because what we wanted is we wanted a foundation which was purpose built. So CNCF is a great foundation. It has a very large umbrella of projects and it takes kind of that big umbrella approach where a lot of different efforts are joining it, a lot of things are happening and you can get good traction, but it produces its own bottlenecks in process. Having a foundation which is just about continuous delivery caters to more of a DevOps, professional DevOps audience. I think this, this gives a good platform for best practices. We're working on a new CDF best practices Yeah. Guide. We're working when use cases with all the member companies. And it, it gives that thought leadership platform for continuous delivery, which you need to be an expert in that area >>And the best practices too. And to identify the issues. Because at the end of the day, with the big thing that's coming out of this is velocity and more developers coming on board. I mean, this is the big thing. More people doing more. Yeah. Well yeah, I mean you take this open source continuous thunder away, you have more developers coming in, they be more productive and then people are gonna even either on the DevOps side or on the straight AP upside. And this is gonna be a huge issue. And the other thing that comes out that I wanna get your thoughts on is the supply chain issue you talked about is hot verifications and certifications of code is such big issue. Can you share your thoughts on that? Because Yeah, this is become, I won't say a business model for some companies, but it's also becoming critical for security that codes verified. >>Yeah. Okay. So I, I think one of, one of the things which we're specifically doing with the Peria project, which is unique, is rather than distributing, for example, libraries that you developed on your laptop and compiled there, or maybe they were built on, you know, a runner somewhere like Travis CI or GitHub actions, all the libraries being distributed on Persia are built by the authorized nodes in the network. And then they're, they're verified across all of the authorized nodes. So you nice, you have a, a gar, the basic guarantee we're giving you is when you download something from the Peria network, you'll get exactly the same binary as if you built it yourself from source. >>So there's a lot of trust >>And, and transparency. Yeah, exactly. And if you remember back to like kind of the seminal project, which kicked off this whole supply chain security like, like whirlwind it was SolarWinds. Yeah. Yeah. And the exact problem they hit was the build ran, it produced a result, they modified the code of the bill of the resulting binary and then they signed it. So if you built with the same source and then you went through that same process a second time, you would've gotten a different result, which was a malicious pre right. Yeah. And it's very hard to risk take, to take a binary file Yep. And determine if there's malicious code in it. Cuz it's not like source code. You can't inspect it, you can't do a code audit. It's totally different. So I think we're solving a key part of this with Persia, where you're freeing open source projects from the possibility of having their binaries, their packages, their end reduces, tampered with. And also upstream from this, you do want to have verification of prs, people doing code reviews, making sure that they're looking at the source code. And I think there's a lot of good efforts going on in the open source security foundation. So I'm also on the governing board of Open ssf >>To Do you sleep? You have three jobs you've said on camera? No, I can't even imagine. Yeah. Didn't >>You just spin that out from this open source security? Is that the new one they >>Spun out? Yeah, So the Open Source Security foundation is one of the new Linux Foundation projects. They, they have been around for a couple years, but they did a big reboot last year around this time. And I think what they really did a good job of now is bringing all the industry players to the table, having dialogue with government agencies, figuring out like, what do we need to do to support open source projects? Is it more investment in memory, safe languages? Do we need to have more investment in, in code audits or like security reviews of opensource projects. Lot of things. And all of those things require money investments. And that's what all the companies, including Jay Frogger doing to advance open source supply chain security. I >>Mean, it's, it's really kind of interesting to watch some different demographics of the developers and the vendors and the customers. On one hand, if you're a hardware person company, you have, you talk zero trust your software, your top trust, so your trusted code, and you got zero trust. It's interesting, depending on where you're coming from, they're all trying to achieve the same thing. It means zero trust. Makes sense. But then also I got code, I I want trust. Trust and verified. So security is in everything now. So code. So how do you see that traversing over? Is it just semantics or what's your view on that? >>The, the right way of looking at security is from the standpoint of the hacker, because they're always looking for >>Well said, very well said, New >>Loop, hope, new loopholes, new exploits. And they're, they're very, very smart people. And I think when you, when you look some >>Of the smartest >>Yeah, yeah, yeah. I, I, I work with, well former hackers now, security researchers, >>They converted, they're >>Recruited. But when you look at them, there's like two main classes of like, like types of exploits. So some, some attacker groups. What they're looking for is they're looking for pulse zero days, CVEs, like existing vulnerabilities that they can exploit to break into systems. But there's an increasing number of attackers who are now on the opposite end of the spectrum. And what they're doing is they're creating their own exploits. So, oh, they're for example, putting malicious code into open source projects. Little >>Trojan horse status. Yeah. >>They're they're getting their little Trojan horses in. Yeah. Or they're finding supply chain attacks by maybe uploading a malicious library to NPM or to pii. And by creating these attacks, especially ones that start at the top of the supply chain, you have such a large reach. >>I was just gonna say, it could be a whole, almost gives me chills as we're talking about it, the systemic, So this is this >>Gnarly nation state attackers, like people who wanted serious >>Damages. Engineered hack just said they're high, highly funded. Highly skilled. Exactly. Highly agile, highly focused. >>Yes. >>Teams, team. Not in the teams. >>Yeah. And so, so one, one example of this, which actually netted quite a lot of money for the, for the hacker who exposed it was, you guys probably heard about this, but it was a, an attack where they uploaded a malicious library to npm with the same exact namespace as a corporate library and clever, >>Creepy. >>It's called a dependency injection attack. And what happens is if you, if you don't have the right sort of security package management guidelines inside your company, and it's just looking for the latest version of merging multiple repositories as like a, like a single view. A lot of companies were accidentally picking up the latest version, which was out in npm uploaded by Alex Spearson was the one who did the, the attack. And he simultaneously reported bug bounties on like a dozen different companies and netted 130 k. Wow. So like these sort of attacks that they're real Yep. They're exploitable. And the, the hackers >>Complex >>Are finding these sort of attacks now in our supply chain are the ones who really are the most dangerous. That's the biggest threat to us. >>Yeah. And we have stacker ones out there. You got a bunch of other services, the white hat hackers get the bounties. That's really important. All right. What's next? What's your vision of this show as we end Coan? What's the most important story coming outta Coan in your opinion? And what are you guys doing next? >>Well, I, I actually think this is, this is probably not what most hooks would say is the most exciting story to con, but I find this personally the best is >>I can't wait for this now. >>So, on, on Sunday, the CNCF ran the first kids' day. >>Oh. >>And so they had a, a free kids workshop for, you know, underprivileged kids for >>About, That's >>Detroit area. It was, it was taught by some of the folks from the CNCF community. So Arro, Eric hen my, my older daughter, Cassandra's also an instructor. So she also was teaching a raspberry pie workshop. >>Amazing. And she's >>Here and Yeah, Yeah. She's also here at the show. And when you think about it, you know, there's always, there's, there's, you know, hundreds of announcements this week, A lot of exciting technologies, some of which we've talked about. Yeah. But it's, it's really what matters is the community. >>It this is a community first event >>And the people, and like, if we're giving back to the community and helping Detroit's kids to get better at technology, to get educated, I think that it's a worthwhile for all of us to be here. >>What a beautiful way to close it. That is such, I'm so glad you brought that up and brought that to our attention. I wasn't aware of that. Did you know that was >>Happening, John? No, I know about that. Yeah. No, that was, And that's next generation too. And what we need, we need to get down into the elementary schools. We gotta get to the kids. They're all doing robotics club anyway in high school. Computer science is now, now a >>Sport, in my opinion. Well, I think that if you're in a privileged community, though, I don't think that every school's doing robotics. And >>That's why Well, Cal Poly, Cal Poly and the universities are stepping up and I think CNCF leadership is amazing here. And we need more of it. I mean, I'm, I'm bullish on this. I love it. And I think that's a really great story. No, >>I, I am. Absolutely. And, and it just goes to show how committed CNF is to community, Putting community first and Detroit. There has been such a celebration of Detroit this whole week. Stephen, thank you so much for joining us on the show. Best Wishes with the CD Foundation. John, thanks for the banter as always. And thank you for tuning in to us here live on the cube in Detroit, Michigan. I'm Savannah Peterson and we are having the best day. I hope you are too.

(upbeat music) >> Welcome to this CUBE Conversation. This is part of the second season of the AWS startup showcase, season two, episode one. I'm Dave Nicholson, and I am joined with a very special guest, CEO and co-founder of Tidelift, Mr. Donald Fischer. Donald, welcome to the CUBE. >> Thanks David. Really glad to be here. >> So, first and foremost, tell us about Tidelift. >> Happy to, yeah, so, at Tidelift we're on a mission. Our mission is to make open source software work better for everyone, and when we say that, we mean, make it work better for all the organizations and governments and everybody that depends on open source software to build the applications that we all rely on. But also part of our mission, is making open source work better for the creators of open source. The independent open source maintainers, who are behind so many of those building blocks, technology building blocks that our commerce industry and society is comprised of these days. They've got a hard task to hold up all of that stuff and make sure that it meets, you know, professional grade standards and that we can all rely on it. And so, we want to do our part to help both sides of that equation. >> Fantastic, well, I want to double click on a few of the things that you said, but I think I want to format this by starting out with a little role play between the two of us, if you don't mind. I know you're CEO, but for the sake of this, you're going to be the CIO and I'm going to be the CEO, and we're going to play off some recent events here. So, hey Donald, come on in, sit down. Listen, I want to talk to you about this whole log shell, log for something, or another thing that's going on. So, let me get this straight. Our multinational Fortune 500 company is dependent upon software, that's free, and somehow we've been running this and the people who maintain it, do it for free, we don't pay for it, but somehow this has opened us up to a threat from people who can log into a system we're using to keep track of stuff, and then, what's going on? By the way, you're fired, but I want to know if, I want to know if you can stay on for the next 90 days to train your replacement, but, explain to me what's going on with this whole open-source nonsense? >> Yeah. Don't panic boss. Only about 70 or 80% of the software in our enterprise that is third-party open source software. So, there's definitely, like 20 or 30% that's not, and we're on top of it. Now, yeah, I think it's a, you know, you're right to say, we are completely dependent on this software, that's being created by these, you know, amazing folks on the internet. Boss, you told me that we had to have a global corporation here with modern digital customer experience. We're not going to be able to do it using Microsoft front page from 1997, and there's no other path to take than to build with modern building blocks. And today in, you know, the modern era, that means building on open source packages and technologies across a whole slew of language, ecosystems, like JavaScript and Java PHP, Ruby, Python, .NET, Rust, Go, we use all of it here, boss, and, we don't get to have a business unless we do. >> Okay, so, I didn't understand a word that you just said, but it was enough to convince me to let you keep your job. So, end-scene, we're not getting paid scale wages to do this, Donald, so I think we can go back to our normal personas. So, how does Tidelift play into all of this? I'd really want to hear about this concept of what an open source maintainer is, because these are largely volunteers, aren't they, in terms of the maintenance that they're doing? >> Yeah, so, I mean, open source, there's a lot of different models for open source software development. There certainly are a number of foundational open source projects, certainly at the infrastructure level, like operating systems, databases and things like that, that tend to be, you know, predominantly driven by vendors, software vendors, you know, like you can think of Red Hat, VMware organizations like that. But when you get up to the application development world, teams, building, you know, websites, web applications, mobile applications, most of the building blocks at that tier in these a programming language ecosystems, most of the software there is actually being created, that enterprise organizations use, is being created by individual, independent, open source maintainers, where it's not their day job, it's a side hustle for them. And it's a really interesting question, like, how did we get here? You know, why are these folks doing it? It sort of rhymes with the question I asked myself years ago, like, who's typing all this stuff into Wikipedia, and why? Like, it's amazing resource, I'm so glad it's there, but why are they doing this, right? And it turns out that there's a bunch of motivations there's some cynical motivations for the open source maintainers that people attribute that are practical too, you know, people say your GitHub repository is your resume in as a modern developer, things like that helps you get a reputation, you can use that to get a job. But, when we've talked to the maintainers of the most widely used open source packages, and by that, I mean, thousands of packages that every major organization that builds software relies on, the main reason why they do it is actually impact. We find we've actually done direct surveys of this audience and the reason why they spend their nights and weekends and carve out time, where they could be, you know, getting paid to do something else or going skiing or going to the beach, is it really feels good to have this activity that they put out into the world, and, you know, they know that folks use this stuff and rely on it, and there's a pride in their work and the impact that they're making. But the challenge with this model is that when it's only an impact and pride, and sort of a, you know, a good feeling driven effort, it means that maybe all of the things that organizations might want their standards that organizations might want their software to meet doesn't get done, right? Like it's one thing, if you've got a job as a software engineer, building corporate software, or even as a, you know, a maintainer at a corporate open source company, and you have a checklist of, you know, standard enterprise software development, commercial grade software development tasks that you need to be completing, if you're doing it as a side hustle for good reasons, like impact and, you know, releasing your creative juice, you might not get to some of the more boring aspects of commercial software engineering, like security engineering and some of the documentation and release engineering and, you know, making sure there's structured metadata around all the elements of it. And then that's the gap that we're really trying to fill at Tidelift, by connecting these two audiences. >> Yeah. How? How? You want to fill the gap, you want to connect the audiences, but, how do you do that? >> Yeah, perfect, so, we do it by paying the maintainers, paying the open source maintainers, actual dollars, or the currency of their preference, and what we're paying them for is not just to sort of hack on their projects, or hack on their projects more, we're asking them to help us ensure that the software that the organizations that we work with depend on meets certain specific concrete enterprise standards, and those standards fall into three categories, security, licensing, and maintenance. So, on the security front, you know, a baseline standard, there is making sure that we have known versions of the open source packages that are free of known defects, right? So there's like a catalog of known security defects that the industry uses called the National Vulnerability Database, you may have seen the terminology CVE referred to in passing, that's the identifier for these things. So, we work with the open-source maintainers to make sure that we've figured out, mapped out, which versions of software packages are impacted by known security vulnerabilities. And then we also look forward and make sure that we have a plan in place for what happens in the future when there are security vulnerabilities. So, you know, traditional commercial software, there's a security response team, who's kind of standing by 24/7, ready to respond, and then there's a defined protocol of what's going to happen, in terms of what's called responsible disclosure, telling the right folks in the right sequence, that there is a vulnerability causing there to be a patch version of the software available, communicating that through, you know, traditional commercial software vendors for, you know, years have been doing that internally, that doesn't exist by default for volunteer, you know, part-time open source, independent open source maintainers. So we fill that gap and we pre-wire that with them to make sure that that first track security is can be buttoned up. >> So, you're paying them, are you and your co-founders wealthy philanthropists that are just doing this, or what's the business model here? Now you're pulling these people who were doing it for free, they're happy, but how does that translate into a business model for Tidelift. >> Perfect, so, the work that they're doing, you know, I talked a little bit about security, we also do similar things on those other attributes, like licensing, making sure that the licenses are completely accurate, and we kind of know who wrote the software, et cetera, and then maintenance, is it being proactively cared for going forward? Is somebody still on the case with these projects? Now, the result of all of that work, is we create a vetted catalog of known good open source releases that we've vetted with the experts, often the individuals and teams that wrote the code in the first place, usually, we vet that it meets these enterprise standards. That's a really useful tool for organizations that are building with that. So, the way that we convey that to organizations that are building software in a useful way is we have a SAS service software, that as a service platform, that's what Tidelift is, and basically, the teams that use this stuff, they plug us into their software development process, typically alongside other tools that they might have, like CI/CD tools that are running tests on their application logic, they'll plug in Tidelift into their release process to ensure that those, the 70 or 80% of the software that they ship, that comes from GitHub, comes from the Python package index, or NPM, or the Maven Central Repository for Java, we're vetting that that meets their enterprise standards and ensuring that the ingredients, the building blocks that go into their applications are known good and vetted to these concrete standards. And they are, you know, this is an unsolved problem for almost every serious organization. There's a couple of, you know, over-performing organizations, like Google has done some amazing internal work on this, Amazon has an incredible dedicated team that does this internally for Amazon developers, very few other organizations, even some of the largest multinational companies have a dedicated internal function doing this comprehensively and systematically. Tidelift is that function that these organizations can use. They can work with us and our network, our unique network of hundreds of these independent open source maintainers, to ensure that there is a feed of known good vetted packages to go into their applications. >> So, were maintainers going in and auditing, and editing, and vetting software that was essentially created by others? That's one question, and then the other question that kind of goes along with that is, are you vetting a gold copy of something and saying, this software meets certain criteria, you should feel okay using it, that's one thing. Validating that the actual distribution, you know, the actual code that's being executed in their enterprise is secure and hasn't been tampered with is another thing. So where do you sit in that distribution channel or that supply chain? >> Sure, so, on the distribution front, you can think of us, we're sort of a GPS system that your application developers can use to know which versions of software are going to meet your enterprise standards. We don't create a separate world where we have our own, you know, side copy of the entire development ecosystem. It's not what these organizations want. They don't want to use some weird enterprise world set of open source packages, they want to just, you know, type NPM install have the, you know, software flow into their organization, but they also want it to not have no insecurity vulnerabilities in it, and they don't want to get bitten two weeks or two years later with a license violation, because there was kind of fuzzy, or incomplete data around the open source license. So what we do is, we help them consume the open source software, you know, knowing that it's been vetted to these standards. And then we also work with the open source community to cause the software to be changed to meet those standards, right? So back to the first part of your question, We work with a lot of projects with the prime maintainers, often the authors, as I said, and we've actually been extending our model over the years to work with these open source maintainers to cover not just their own project, but, some of those neighboring projects, right? Like the core projects that their project depends on, other projects that are co-used with them, they have a lot of expertise, and also, you know, relationships with the surrounding open source community there. So, they're working with us as curators, if you will, our ambassadors that help us get on the community and cover as much of the landscape as possible. >> And, so, what's the relationship with AWS? This is, you know, we're talking here as part of the AWS startup showcase season two, episode one, which is, that's actually pretty cool. So we need to, you know, the challenge here is, season one was awesome, much like Ted Lasso, season two, we have big shoes to fill here, Donald. So, what's the-- >> We got to up our game. >> (laughs) What's the relationship with AWS? And, I mean, why would they call you out as someone interesting for us to talk to? >> Yeah, so, we've had a great relationship that we've been investing in, and working on together with AWS. So, every one of AWS's customers faces this challenge around the software workloads that they're deploying on AWS. You know, it's just, you can't argue against the fact that the vast majority of the application software in the modern world is comprised majority of this third-party open source software. And so, it's really important whether it's running on a device, you know, an Edge device, or whether it's running in a Cloud data center, that those applications meet these standards, especially on the security front. So, AWS recognizes this need and opportunity for their customers, and so we've been working really well jointly with them. We're glad to say that we're an ISV, and AWS ISV accelerate partner now, which gives us the ability to co-engage with AWS and work together to solve mutual customers challenges, and we've had a great time working with the AWS team to help scale up our efforts to get the word word out around this important area, and then more importantly, give organizations the tools to address it and make sure that they have a comprehensive strategy for managing their open source in place. >> Fantastic, Donald, we're up against time, but I do have a 10 second answer I'd like from you. Tidelift, is that a reference to a rising tide lifting all boats, or is it an admonishment not to build a house on the beach in Malibu? >> It's the former, you know, think about this network of independent open source maintainers, working together, a rising tide lifts all boats. >> Eight seconds, that was like four seconds. Perfect. Donald Fischer, from Tidelift, thank you so much. For me, Dave Nicholson here at the CUBE. This has been a CUBE Conversation, as part of AWS's startup showcase, season two, episode one. Come to the CUBE for the best in tech coverage. (soft music)

(water running) (upbeat music) (electric buzzing) >> Fuel up! (upbeat music) (audience clapping) (upbeat music) >> Announcer: From around the globe. It's the queue with digital coverage of DockerCon live 2020, brought to you by Docker and its ecosystem partners. >> Hello everyone, welcome to DockerCon 2020. I'm John Furrier with theCUBE I'm in our Palo Alto studios with our quarantine crew. We have a great lineup here for DockerCon 2020. Virtual event, normally it was in person face to face. I'll be with you throughout the day from an amazing lineup of content, over 50 different sessions, cube tracks, keynotes, and we've got two great co-hosts here with Docker, Jenny Burcio and Bret Fisher. We'll be with you all day today, taking you through the program, helping you navigate the sessions. I'm so excited. Jenny, this is a virtual event. We talk about this. Can you believe it? Maybe the internet gods be with us today and hope everyone's having-- >> Yes. >> Easy time getting in. Jenny, Bret, thank you for-- >> Hello. >> Being here. >> Hey. >> Hi everyone, so great to see everyone chatting and telling us where they're from. Welcome to the Docker community. We have a great day planned for you. >> Guys great job getting this all together. I know how hard it is. These virtual events are hard to pull off. I'm blown away by the community at Docker. The amount of sessions that are coming in the sponsor support has been amazing. Just the overall excitement around the brand and the opportunities given this tough times where we're in. It's super exciting again, made the internet gods be with us throughout the day, but there's plenty of content. Bret's got an amazing all day marathon group of people coming in and chatting. Jenny, this has been an amazing journey and it's a great opportunity. Tell us about the virtual event. Why DockerCon virtual. Obviously everyone's canceling their events, but this is special to you guys. Talk about DockerCon virtual this year. >> The Docker community shows up at DockerCon every year, and even though we didn't have the opportunity to do an in person event this year, we didn't want to lose the time that we all come together at DockerCon. The conversations, the amazing content and learning opportunities. So we decided back in December to make DockerCon a virtual event. And of course when we did that, there was no quarantine we didn't expect, you know, I certainly didn't expect to be delivering it from my living room, but we were just, I mean we were completely blown away. There's nearly 70,000 people across the globe that have registered for DockerCon today. And when you look at DockerCon of past right live events, really and we're learning are just the tip of the iceberg and so thrilled to be able to deliver a more inclusive global event today. And we have so much planned I think. Bret, you want to tell us some of the things that you have planned? >> Well, I'm sure I'm going to forget something 'cause there's a lot going on. But, we've obviously got interviews all day today on this channel with John and the crew. Jenny has put together an amazing set of all these speakers, and then you have the captain's on deck, which is essentially the YouTube live hangout where we just basically talk shop. It's all engineers, all day long. Captains and special guests. And we're going to be in chat talking to you about answering your questions. Maybe we'll dig into some stuff based on the problems you're having or the questions you have. Maybe there'll be some random demos, but it's basically not scripted, it's an all day long unscripted event. So I'm sure it's going to be a lot of fun hanging out in there. >> Well guys, I want to just say it's been amazing how you structured this so everyone has a chance to ask questions, whether it's informal laid back in the captain's channel or in the sessions, where the speakers will be there with their presentations. But Jenny, I want to get your thoughts because we have a site out there that's structured a certain way for the folks watching. If you're on your desktop, there's a main stage hero. There's then tracks and Bret's running the captain's tracks. You can click on that link and jump into his session all day long. He's got an amazing set of line of sleet, leaning back, having a good time. And then each of the tracks, you can jump into those sessions. It's on a clock, it'll be available on demand. All that content is available if you're on your desktop. If you're on your mobile, it's the same thing. Look at the calendar, find the session that you want. If you're interested in it, you could watch it live and chat with the participants in real time or watch it on demand. So there's plenty of content to navigate through. We do have it on a clock and we'll be streaming sessions as they happen. So you're in the moment and that's a great time to chat in real time. But there's more, Jenny, getting more out of this event. You guys try to bring together the stimulation of community. How does the participants get more out of the the event besides just consuming some of the content all day today? >> Yes, so first set up your profile, put your picture next to your chat handle and then chat. John said we have various setups today to help you get the most out of your experience are breakout sessions. The content is prerecorded, so you get quality content and the speakers and chat so you can ask questions the whole time. If you're looking for the hallway track, then definitely check out the captain's on deck channel. And then we have some great interviews all day on the queue. So set up your profile, join the conversation and be kind, right? This is a community event. Code of conduct is linked on every page at the top, and just have a great day. >> And Bret, you guys have an amazing lineup on the captain, so you have a great YouTube channel that you have your stream on. So the folks who were familiar with that can get that either on YouTube or on the site. The chat is integrated in, So you're set up, what do you got going on? Give us the highlights. What are you excited about throughout your day? Take us through your program on the captains. That's going to be probably pretty dynamic in the chat too. >> Yeah, so I'm sure we're going to have lots of, stuff going on in chat. So no cLancaerns there about, having crickets in the chat. But we're going to be basically starting the day with two of my good Docker captain friends, (murmurs) and Laura Taco. And we're going to basically start you out and at the end of this keynote, at the end of this hour and we're going to get you going and then you can maybe jump out and go to take some sessions. Maybe there's some stuff you want to check out and other sessions that you want to chat and talk with the instructors, the speakers there, and then you're going to come back to us, right? Or go over, check out the interviews. So the idea is you're hopping back and forth and throughout the day we're basically changing out every hour. We're not just changing out the guests basically, but we're also changing out the topics that we can cover because different guests will have different expertise. We're going to have some special guests in from Microsoft, talk about some of the cool stuff going on there, and basically it's captains all day long. And if you've been on my YouTube live show you've watched that, you've seen a lot of the guests we have on there. I'm lucky to just hang out with all these really awesome people around the world, so it's going to be fun. >> Awesome and the content again has been preserved. You guys had a great session on call for paper sessions. Jenny, this is good stuff. What other things can people do to make it interesting? Obviously we're looking for suggestions. Feel free to chirp on Twitter about ideas that can be new. But you guys got some surprises. There's some selfies, what else? What's going on? Any secret, surprises throughout the day. >> There are secret surprises throughout the day. You'll need to pay attention to the keynotes. Bret will have giveaways. I know our wonderful sponsors have giveaways planned as well in their sessions. Hopefully right you feel conflicted about what you're going to attend. So do know that everything is recorded and will be available on demand afterwards so you can catch anything that you miss. Most of them will be available right after they stream the initial time. >> All right, great stuff, so they've got the Docker selfie. So the Docker selfies, the hashtag is just DockerCon hashtag DockerCon. If you feel like you want to add some of the hashtag no problem, check out the sessions. You can pop in and out of the captains is kind of the cool kids are going to be hanging out with Bret and then all they'll knowledge and learning. Don't miss the keynote, the keynote should be solid. We've got chain Governor from red monk delivering a keynote. I'll be interviewing him live after his keynote. So stay with us. And again, check out the interactive calendar. All you got to do is look at the calendar and click on the session you want. You'll jump right in. Hop around, give us feedback. We're doing our best. Bret, any final thoughts on what you want to share to the community around, what you got going on the virtual event, just random thoughts? >> Yeah, so sorry we can't all be together in the same physical place. But the coolest thing about as business online, is that we actually get to involve everyone, so as long as you have a computer and internet, you can actually attend DockerCon if you've never been to one before. So we're trying to recreate that experience online. Like Jenny said, the code of conduct is important. So, we're all in this together with the chat, so try to be nice in there. These are all real humans that, have feelings just like me. So let's try to keep it cool. And, over in the Catherine's channel we'll be taking your questions and maybe playing some music, playing some games, giving away some free stuff, while you're, in between sessions learning, oh yeah. >> And I got to say props to your rig. You've got an amazing setup there, Bret. I love what your show, you do. It's really bad ass and kick ass. So great stuff. Jenny sponsors ecosystem response to this event has been phenomenal. The attendance 67,000. We're seeing a surge of people hitting the site now. So if you're not getting in, just, Wade's going, we're going to crank through the queue, but the sponsors on the ecosystem really delivered on the content side and also the sport. You want to share a few shout outs on the sponsors who really kind of helped make this happen. >> Yeah, so definitely make sure you check out the sponsor pages and you go, each page is the actual content that they will be delivering. So they are delivering great content to you. So you can learn and a huge thank you to our platinum and gold authors. >> Awesome, well I got to say, I'm super impressed. I'm looking forward to the Microsoft Amazon sessions, which are going to be good. And there's a couple of great customer sessions there. I tweeted this out last night and let them get you guys' reaction to this because there's been a lot of talk around the COVID crisis that we're in, but there's also a positive upshot to this is Cambridge and explosion of developers that are going to be building new apps. And I said, you know, apps aren't going to just change the world, they're going to save the world. So a lot of the theme here is the impact that developers are having right now in the current situation. If we get the goodness of compose and all the things going on in Docker and the relationships, this real impact happening with the developer community. And it's pretty evident in the program and some of the talks and some of the examples. how containers and microservices are certainly changing the world and helping save the world, your thoughts. >> Like you said, a number of sessions and interviews in the program today that really dive into that. And even particularly around COVID, Clement Beyondo is sharing his company's experience, from being able to continue operations in Italy when they were completely shut down beginning of March. We have also in theCUBE channel several interviews about from the national Institute of health and precision cancer medicine at the end of the day. And you just can really see how containerization and developers are moving in industry and really humanity forward because of what they're able to build and create, with advances in technology. >> Yeah and the first responders and these days is developers. Bret compose is getting a lot of traction on Twitter. I can see some buzz already building up. There's huge traction with compose, just the ease of use and almost a call for arms for integrating into all the system language libraries, I mean, what's going on with compose? I mean, what's the captain say about this? I mean, it seems to be really tracking in terms of demand and interest. >> I think we're over 700,000 composed files on GitHub. So it's definitely beyond just the standard Docker run commands. It's definitely the next tool that people use to run containers. Just by having that we just buy, and that's not even counting. I mean that's just counting the files that are named Docker compose YAML. So I'm sure a lot of you out there have created a YAML file to manage your local containers or even on a server with Docker compose. And the nice thing is is Docker is doubling down on that. So we've gotten some news recently, from them about what they want to do with opening the spec up, getting more companies involved because compose is already gathered so much interest from the community. You know, AWS has importers, there's Kubernetes importers for it. So there's more stuff coming and we might just see something here in a few minutes. >> All right, well let's get into the keynote guys, jump into the keynote. If you missing anything, come back to the stream, check out the sessions, check out the calendar. Let's go, let's have a great time. Have some fun, thanks and enjoy the rest of the day we'll see you soon. (upbeat music) (upbeat music) >> Okay, what is the name of that Whale? >> Molly. >> And what is the name of this Whale? >> Mobby. >> That's right, dad's got to go, thanks bud. >> Bye. >> Bye. Hi, I'm Scott Johnson, CEO of Docker and welcome to DockerCon 2020. This year DockerCon is an all virtual event with more than 60,000 members of the Docker Community joining from around the world. And with the global shelter in place policies, we're excited to offer a unifying, inclusive virtual community event in which anyone and everyone can participate from their home. As a company, Docker has been through a lot of changes since our last DockerCon last year. The most important starting last November, is our refocusing 100% on developers and development teams. As part of that refocusing, one of the big challenges we've been working on, is how to help development teams quickly and efficiently get their app from code to cloud And wouldn't it be cool, if developers could quickly deploy to the cloud right from their local environment with the commands and workflow they already know. We're excited to give you a sneak preview of what we've been working on. And rather than slides, we thought we jumped right into the product. And joining me demonstrate some of these cool new features, is enclave your DACA. One of our engineers here at Docker working on Docker compose. Hello Lanca. >> Hello. >> We're going to show how an application development team collaborates using Docker desktop and Docker hub. And then deploys the app directly from the Docker command line to the clouds in just two commands. A development team would use this to quickly share functional changes of their app with the product management team, with beta testers or other development teams. Let's go ahead and take a look at our app. Now, this is a web app, that randomly pulls words from the database, and assembles them into sentences. You can see it's a pretty typical three tier application with each tier implemented in its own container. We have a front end web service, a middle tier, which implements the logic to randomly pull the words from the database and assemble them and a backend database. And here you can see the database uses the Postgres official image from Docker hub. Now let's first run the app locally using Docker command line and the Docker engine in Docker desktop. We'll do a Doc compose up and you can see that it's pulling the containers from our Docker organization account. Wordsmith, inc. Now that it's up. Let's go ahead and look at local host and we'll confirm that the application is functioning as desired. So there's one sentence, let's pull and now you and you can indeed see that we are pulling random words and assembling into sentences. Now you can also see though that the look and feel is a bit dated. And so Lanca is going to show us how easy it is to make changes and share them with the rest of the team. Lanca, over to you. >> Thank you, so I have, the source code of our application on my machine and I have updated it with the latest team from DockerCon 2020. So before committing the code, I'm going to build the application locally and run it, to verify that indeed the changes are good. So I'm going to build with Docker compose the image for the web service. Now that the image has been built, I'm going to deploy it locally. Wait to compose up. We can now check the dashboard in a Docker desktop that indeed our containers are up and running, and we can access, we can open in the web browser, the end point for the web service. So as we can see, we have the latest changes in for our application. So as you can see, the application has been updated successfully. So now, I'm going to push the image that I have just built to my organization's shared repository on Docker hub. So I can do this with Docker compose push web. Now that the image has been updated in the Docker hub repository, or my teammates can access it and check the changes. >> Excellent, well, thank you Lanca. Now of course, in these times, video conferencing is the new normal, and as great as it is, video conferencing does not allow users to actually test the application. And so, to allow us to have our app be accessible by others outside organizations such as beta testers or others, let's go ahead and deploy to the cloud. >> Sure we, can do this by employing a context. A Docker context, is a mechanism that we can use to target different platforms for deploying containers. The context we hold, information as the endpoint for the platform, and also how to authenticate to it. So I'm going to list the context that I have set locally. As you can see, I'm currently using the default context that is pointing to my local Docker engine. So all the commands that I have issued so far, we're targeting my local engine. Now, in order to deploy the application on a cloud. I have an account in the Azure Cloud, where I have no resource running currently, and I have created for this account, dedicated context that will hold the information on how to connect it to it. So now all I need to do, is to switch to this context, with Docker context use, and the name of my cloud context. So all the commands that I'm going to run, from now on, are going to target the cloud platform. So we can also check very, more simpler, in a simpler way we can check the running containers with Docker PS. So as we see no container is running in my cloud account. Now to deploy the application, all I need to do is to run a Docker compose up. And this will trigger the deployment of my application. >> Thanks Lanca. Now notice that Lanca did not have to move the composed file from Docker desktop to Azure. Notice you have to make any changes to the Docker compose file, and nor did she change any of the containers that she and I were using locally in our local environments. So the same composed file, same images, run locally and upon Azure without changes. While the app is deploying to Azure, let's highlight some of the features in Docker hub that helps teams with remote first collaboration. So first, here's our team's account where it (murmurs) and you can see the updated container sentences web that Lanca just pushed a couple of minutes ago. As far as collaboration, we can add members using their Docker ID or their email, and then we can organize them into different teams depending on their role in the application development process. So and then Lancae they're organized into different teams, we can assign them permissions, so that teams can work in parallel without stepping on each other's changes accidentally. For example, we'll give the engineering team full read, write access, whereas the product management team will go ahead and just give read only access. So this role based access controls, is just one of the many features in Docker hub that allows teams to collaboratively and quickly develop applications. Okay Lanca, how's our app doing? >> Our app has been successfully deployed to the cloud. So, we can easily check either the Azure portal to verify the containers running for it or simpler we can run a Docker PS again to get the list with the containers that have been deployed for it. In the output from the Docker PS, we can see an end point that we can use to access our application in the web browser. So we can see the application running in clouds. It's really up to date and now we can take this particular endpoint and share it within our organization such that anybody can have a look at it. >> That's cool Onka. We showed how we can deploy an app to the cloud in minutes and just two commands, and using commands that Docker users already know, thanks so much. In that sneak preview, you saw a team developing an app collaboratively, with a tool chain that includes Docker desktop and Docker hub. And simply by switching Docker context from their local environment to the cloud, deploy that app to the cloud, to Azure without leaving the command line using Docker commands they already know. And in doing so, really simplifying for development team, getting their app from code to cloud. And just as important, what you did not see, was a lot of complexity. You did not see cloud specific interfaces, user management or security. You did not see us having to provision and configure compute networking and storage resources in the cloud. And you did not see infrastructure specific application changes to either the composed file or the Docker images. And by simplifying a way that complexity, these new features help application DevOps teams, quickly iterate and get their ideas, their apps from code to cloud, and helping development teams, build share and run great applications, is what Docker is all about. A Docker is able to simplify for development teams getting their app from code to cloud quickly as a result of standards, products and ecosystem partners. It starts with open standards for applications and application artifacts, and active open source communities around those standards to ensure portability and choice. Then as you saw in the demo, the Docker experience delivered by Docker desktop and Docker hub, simplifies a team's collaborative development of applications, and together with ecosystem partners provides every stage of an application development tool chain. For example, deploying applications to the cloud in two commands. What you saw on the demo, well that's an extension of our strategic partnership with Microsoft, which we announced yesterday. And you can learn more about our partnership from Amanda Silver from Microsoft later today, right here at DockerCon. Another tool chain stage, the capability to scan applications for security and vulnerabilities, as a result of our partnership with Sneak, which we announced last week. You can learn more about that partnership from Peter McKay, CEO Sneak, again later today, right here at DockerCon. A third example, development team can automate the build of container images upon a simple get push, as a result of Docker hub integrations with GitHub and Alaska and Bitbucket. As a final example of Docker and the ecosystem helping teams quickly build applications, together with our ISV partners. We offer in Docker hub over 500 official and verified publisher images of ready to run Dockerized application components such as databases, load balancers, programming languages, and much more. Of course, none of this happens without people. And I would like to take a moment to thank four groups of people in particular. First, the Docker team, past and present. We've had a challenging 12 months including a restructuring and then a global pandemic, and yet their support for each other, and their passion for the product, this community and our customers has never been stronger. We think our community, Docker wouldn't be Docker without you, and whether you're one of the 50 Docker captains, they're almost 400 meetup organizers, the thousands of contributors and maintainers. Every day you show up, you give back, you teach new support. We thank our users, more than six and a half million developers who have built more than 7 million applications and are then sharing those applications through Docker hub at a rate of more than one and a half billion poles per week. Those apps are then run, are more than 44 million Docker engines. And finally, we thank our customers, the over 18,000 docker subscribers, both individual developers and development teams from startups to large organizations, 60% of which are outside the United States. And they spend every industry vertical, from media, to entertainment to manufacturing. healthcare and much more. Thank you. Now looking forward, given these unprecedented times, we would like to offer a challenge. While it would be easy to feel helpless and miss this global pandemic, the challenge is for us as individuals and as a community to instead see and grasp the tremendous opportunities before us to be forces for good. For starters, look no further than the pandemic itself, in the fight against this global disaster, applications and data are playing a critical role, and the Docker Community quickly recognize this and rose to the challenge. There are over 600 COVID-19 related publicly available projects on Docker hub today, from data processing to genome analytics to data visualization folding at home. The distributed computing project for simulating protein dynamics, is also available on Docker hub, and it uses spirit compute capacity to analyze COVID-19 proteins to aid in the design of new therapies. And right here at DockerCon, you can hear how Clemente Biondo and his company engineering in Gagne area Informatica are using Docker in the fight with COVID-19 in Italy every day. Now, in addition to fighting the pandemic directly, as a community, we also have an opportunity to bridge the disruption the pandemic is wreaking. It's impacting us at work and at home in every country around the world and every aspect of our lives. For example, many of you have a student at home, whose world is going to be very different when they returned to school. As employees, all of us have experienced the stresses from working from home as well as many of the benefits and in fact 75% of us say that going forward, we're going to continue to work from home at least occasionally. And of course one of the biggest disruptions has been job losses, over 35 million in the United States alone. And we know that's affected many of you. And yet your skills are in such demand and so important now more than ever. And that's why here at DockerCon, we want to try to do our part to help, and we're promoting this hashtag on Twitter, hashtag DockerCon jobs, where job seekers and those offering jobs can reach out to one another and connect. Now, pandemics disruption is accelerating the shift of more and more of our time, our priorities, our dollars from offline to online to hybrid, and even online only ways of living. We need to find new ways to collaborate, new approaches to engage customers, new modes for education and much more. And what is going to fill the needs created by this acceleration from offline, online? New applications. And it's this need, this demand for all these new applications that represents a great opportunity for the Docker community of developers. The world needs us, needs you developers now more than ever. So let's seize this moment. Let us in our teams, go build share and run great new applications. Thank you for joining today. And let's have a great DockerCon. >> Okay, welcome back to the DockerCon studio headquarters in your hosts, Jenny Burcio and myself John Furrier. u@farrier on Twitter. If you want to tweet me anything @DockerCon as well, share what you're thinking. Great keynote there from Scott CEO. Jenny, demo DockerCon jobs, some highlights there from Scott. Yeah, I love the intro. It's okay I'm about to do the keynote. The little green room comes on, makes it human. We're all trying to survive-- >> Let me answer the reality of what we are all doing with right now. I had to ask my kids to leave though or they would crash the whole stream but yes, we have a great community, a large community gather gathered here today, and we do want to take the opportunity for those that are looking for jobs, are hiring, to share with the hashtag DockerCon jobs. In addition, we want to support direct health care workers, and Bret Fisher and the captains will be running a all day charity stream on the captain's channel. Go there and you'll get the link to donate to directrelief.org which is a California based nonprofit, delivering and aid and supporting health care workers globally response to the COVID-19 crisis. >> Okay, if you jumping into the stream, I'm John Farrie with Jenny Webby, your hosts all day today throughout DockerCon. It's a packed house of great content. You have a main stream, theCUBE which is the mainstream that we'll be promoting a lot of cube interviews. But check out the 40 plus sessions underneath in the interactive calendar on dockercon.com site. Check it out, they're going to be live on a clock. So if you want to participate in real time in the chat, jump into your session on the track of your choice and participate with the folks in there chatting. If you miss it, it's going to go right on demand right after sort of all content will be immediately be available. So make sure you check it out. Docker selfie is a hashtag. Take a selfie, share it. Docker hashtag Docker jobs. If you're looking for a job or have openings, please share with the community and of course give us feedback on what you can do. We got James Governor, the keynote coming up next. He's with Red monk. Not afraid to share his opinion on open source on what companies should be doing, and also the evolution of this Cambrin explosion of apps that are going to be coming as we come out of this post pandemic world. A lot of people are thinking about this, the crisis and following through. So stay with us for more and more coverage. Jenny, favorite sessions on your mind for people to pay attention to that they should (murmurs)? >> I just want to address a few things that continue to come up in the chat sessions, especially breakout sessions after they play live and the speakers in chat with you, those go on demand, they are recorded, you will be able to access them. Also, if the screen is too small, there is the button to expand full screen, and different quality levels for the video that you can choose on your end. All the breakout sessions also have closed captioning, so please if you would like to read along, turn that on so you can, stay with the sessions. We have some great sessions, kicking off right at 10:00 a.m, getting started with Docker. We have a full track really in the how to enhance on that you should check out devs in action, hear what other people are doing and then of course our sponsors are delivering great content to you all day long. >> Tons of content. It's all available. They'll always be up always on at large scale. Thanks for watching. Now we got James Governor, the keynote. He's with Red Monk, the analyst firm and has been tracking open source for many generations. He's been doing amazing work. Watch his great keynote. I'm going to be interviewing him live right after. So stay with us and enjoy the rest of the day. We'll see you back shortly. (upbeat music) >> Hi, I'm James Governor, one of the co-founders of a company called RedMonk. We're an industry research firm focusing on developer led technology adoption. So that's I guess why Docker invited me to DockerCon 2020 to talk about some trends that we're seeing in the world of work and software development. So Monk Chips, that's who I am. I spent a lot of time on Twitter. It's a great research tool. It's a great way to find out what's going on with keep track of, as I say, there's people that we value so highly software developers, engineers and practitioners. So when I started talking to Docker about this event and it was pre Rhona, should we say, the idea of a crowd wasn't a scary thing, but today you see something like this, it makes you feel uncomfortable. This is not a place that I want to be. I'm pretty sure it's a place you don't want to be. And you know, to that end, I think it's interesting quote by Ellen Powell, she says, "Work from home is now just work" And we're going to see more and more of that. Organizations aren't feeling the same way they did about work before. Who all these people? Who is my cLancaern? So GitHub says has 50 million developers right on its network. Now, one of the things I think is most interesting, it's not that it has 50 million developers. Perhaps that's a proxy for number of developers worldwide. But quite frankly, a lot of those accounts, there's all kinds of people there. They're just Selena's. There are data engineers, there are data scientists, there are product managers, there were tech marketers. It's a big, big community and it goes way beyond just software developers itself. Frankly for me, I'd probably be saying there's more like 20 to 25 million developers worldwide, but GitHub knows a lot about the world of code. So what else do they know? One of the things they know is that world of code software and opensource, is becoming increasingly global. I get so excited about this stuff. The idea that there are these different software communities around the planet where we're seeing massive expansions in terms of things like open source. Great example is Nigeria. So Nigeria more than 200 million people, right? The energy there in terms of events, in terms of learning, in terms of teaching, in terms of the desire to code, the desire to launch businesses, desire to be part of a global software community is just so exciting. And you know, these, this sort of energy is not just in Nigeria, it's in other countries in Africa, it's happening in Egypt. It's happening around the world. This energy is something that's super interesting to me. We need to think about that. We've got global that we need to solve. And software is going to be a big part of that. At the moment, we can talk about other countries, but what about frankly the gender gap, the gender issue that, you know, from 1984 onwards, the number of women taking computer science degrees began to, not track but to create in comparison to what men were doing. The tech industry is way too male focused, there are men that are dominant, it's not welcoming, we haven't found ways to have those pathways and frankly to drive inclusion. And the women I know in tech, have to deal with the massively disproportionate amount of stress and things like online networks. But talking about online networks and talking about a better way of living, I was really excited by get up satellite recently, was a fantastic demo by Alison McMillan and she did a demo of a code spaces. So code spaces is Microsoft online ID, new platform that they've built. And online IDs, we're never quite sure, you know, plenty of people still out there just using the max. But, visual studio code has been a big success. And so this idea of moving to one online IDE, it's been around that for awhile. What they did was just make really tight integration. So you're in your GitHub repo and just be able to create a development environment with effectively one click, getting rid of all of the act shaving, making it super easy. And what I loved was it the demo, what Ali's like, yeah cause this is great. One of my kids are having a nap, I can just start (murmurs) and I don't have to sort out all the rest of it. And to me that was amazing. It was like productivity as inclusion. I'm here was a senior director at GitHub. They're doing this amazing work and then making this clear statement about being a parent. And I think that was fantastic. Because that's what, to me, importantly just working from home, which has been so challenging for so many of us, began to open up new possibilities, and frankly exciting possibilities. So Alley's also got a podcast parent-driven development, which I think is super important. Because this is about men and women rule in this together show parenting is a team sport, same as software development. And the idea that we should be thinking about, how to be more productive, is super important to me. So I want to talk a bit about developer culture and how it led to social media. Because you know, your social media, we're in this ad bomb stage now. It's TikTok, it's like exercise, people doing incredible back flips and stuff like that. Doing a bunch of dancing. We've had the world of sharing cat gifts, Facebook, we sort of see social media is I think a phenomenon in its own right. Whereas the me, I think it's interesting because it's its progenitors, where did it come from? So here's (murmurs) So 1971, one of the features in the emergency management information system, that he built, which it's topical, it was for medical tracking medical information as well, medical emergencies, included a bulletin board system. So that it could keep track of what people were doing on a team and make sure that they were collaborating effectively, boom! That was the start of something big, obviously. Another day I think is worth looking at 1983, Sorania Pullman, spanning tree protocol. So at DEC, they were very good at distributed systems. And the idea was that you can have a distributed system and so much of the internet working that we do today was based on radius work. And then it showed that basically, you could span out a huge network so that everyone could collaborate. That is incredibly exciting in terms of the trends, that I'm talking about. So then let's look at 1988, you've got IRC. IRC what developer has not used IRC, right. Well, I guess maybe some of the other ones might not have. But I don't know if we're post IRC yet, but (murmurs) at a finished university, really nailed it with IRC as a platform that people could communicate effectively with. And then we go into like 1991. So we've had IRC, we've had finished universities, doing a lot of really fantastic work about collaboration. And I don't think it was necessarily an accident that this is where the line is twofold, announced Linux. So Linux was a wonderfully packaged, idea in terms of we're going to take this Unix thing. And when I say package, what a package was the idea that we could collaborate on software. So, it may have just been the work of one person, but clearly what made it important, made it interesting, was finding a social networking pattern, for software development so that everybody could work on something at scale. That was really, I think, fundamental and foundational. Now I think it's important, We're going to talk about Linus, to talk about some things that are not good about software culture, not good about open source culture, not good about hacker culture. And that's where I'm going to talk about code of conduct. We have not been welcoming to new people. We got the acronyms, JFTI, We call people news, that's super unhelpful. We've got to find ways to be more welcoming and more self-sustaining in our communities, because otherwise communities will fail. And I'd like to thank everyone that has a code of conduct and has encouraged others to have codes of conduct. We need to have codes of conduct that are enforced to ensure that we have better diversity at our events. And that's what women, underrepresented minorities, all different kinds of people need to be well looked off to and be in safe and inclusive spaces. And that's the online events. But of course it's also for all of our activities offline. So Linus, as I say, I'm not the most charming of characters at all time, but he has done some amazing technology. So we got to like 2005 the creation of GIT. Not necessarily the distributed version control system that would win. But there was some interesting principles there, and they'd come out of the work that he had done in terms of trying to build and sustain the Linux code base. So it was very much based on experience. He had an itch that he needed to scratch and there was a community that was this building, this thing. So what was going to be the option, came up with Git foundational to another huge wave of social change, frankly get to logical awesome. April 20 April, 2008 GitHub, right? GiHub comes up, they've looked at Git, they've packaged it up, they found a way to make it consumable so the teams could use it and really begin to take advantage of the power of that distributed version control model. Now, ironically enough, of course they centralized the service in doing so. So we have a single point of failure on GitHub. But on the other hand, the notion of the poll request, the primitives that they established and made usable by people, that changed everything in terms of software development. I think another one that I'd really like to look at is Slack. So Slack is a huge success used by all different kinds of businesses. But it began specifically as a pivot from a company called Glitch. It was a game company and they still wanted, a tool internally that was better than IRC. So they built out something that later became Slack. So Slack 2014, is established as a company and basically it was this Slack fit software engineering. The focus on automation, the conversational aspects, the asynchronous aspects. It really pulled things together in a way that was interesting to software developers. And I think we've seen this pattern in the world, frankly, of the last few years. Software developers are influences. So Slack first used by the engineering teams, later used by everybody. And arguably you could say the same thing actually happened with Apple. Apple was mainstreamed by developers adopting that platform. Get to 2013, boom again, Solomon Hikes, Docker, right? So Docker was, I mean containers were not new, they were just super hard to use. People found it difficult technology, it was Easter Terek. It wasn't something that they could fully understand. Solomon did an incredible job of understanding how containers could fit into modern developer workflows. So if we think about immutable images, if we think about the ability to have everything required in the package where you are, it really tied into what people were trying to do with CICD, tied into microservices. And certainly the notion of sort of display usability Docker nailed that, and I guess from this conference, at least the rest is history. So I want to talk a little bit about, scratching the itch. And particularly what has become, I call it the developer authentic. So let's go into dark mode now. I've talked about developers laying out these foundations and frameworks that, the mainstream, frankly now my son, he's 14, he (murmurs) at me if I don't have dark mode on in an application. And it's this notion that developers, they have an aesthetic, it does get adopted I mean it's quite often jokey. One of the things we've seen in the really successful platforms like GitHub, Docker, NPM, let's look at GitHub. Let's look at over that Playfulness. I think was really interesting. And that changes the world of work, right? So we've got the world of work which can be buttoned up, which can be somewhat tight. I think both of those companies were really influential, in thinking that software development, which is a profession, it's also something that can and is fun. And I think about how can we make it more fun? How can we develop better applications together? Takes me to, if we think about Docker talking about build, share and run, for me the key word is share, because development has to be a team sport. It needs to be sharing. It needs to be kind and it needs to bring together people to do more effective work. Because that's what it's all about, doing effective work. If you think about zoom, it's a proxy for collaboration in terms of its value. So we've got all of these airlines and frankly, add up that their share that add up their total value. It's currently less than Zoom. So video conferencing has become so much of how we live now on a consumer basis. But certainly from a business to business perspective. I want to talk about how we live now. I want to think about like, what will come out all of this traumatic and it is incredibly traumatic time? I'd like to say I'm very privileged. I can work from home. So thank you to all the frontline workers that are out there that they're not in that position. But overall what I'm really thinking about, there's some things that will come out of this that will benefit us as a culture. Looking at cities like Paris, Milan, London, New York, putting a new cycling infrastructure, so that people can social distance and travel outside because they don't feel comfortable on public transport. I think sort of amazing widening pavements or we can't do that. All these cities have done it literally overnight. This sort of changes is exciting. And what does come off that like, oh there are some positive aspects of the current issues that we face. So I've got a conference or I've got a community that may and some of those, I've been working on. So Katie from HashiCorp and Carla from container solutions basically about, look, what will the world look like in developer relations? Can we have developer relations without the air miles? 'Cause developer advocates, they do too much travel ends up, you know, burning them out, develop relations. People don't like to say no. They may have bosses that say, you know, I was like, Oh that corporates went great. Now we're going to roll it out worldwide to 47 cities. That's stuff is terrible. It's terrible from a personal perspective, it's really terrible from an environmental perspective. We need to travel less. Virtual events are crushing it. Microsoft just at build, right? Normally that'd be just over 10,000 people, they had 245,000 plus registrations. 40,000 of them in the last day, right? Red Hat summit, 80,000 people, IBM think 90,000 people, GitHub Crushed it as well. Like this is a more inclusive way people can dip in. They can be from all around the world. I mentioned Nigeria and how fantastic it is. Very often Nigerian developers and advocates find it hard to get visas. Why should they be shut out of events? Events are going to start to become remote first because frankly, look at it, if you're turning in those kinds of numbers, and Microsoft was already doing great online events, but they absolutely nailed it. They're going to have to ask some serious questions about why everybody should get back on a plane again. So if you're going to do remote, you've got to be intentional about it. It's one thing I've learned some exciting about GitLab. GitLab's culture is amazing. Everything is documented, everything is public, everything is transparent. Think that really clear and if you look at their principles, everything, you can't have implicit collaboration models. Everything needs to be documented and explicit, so that anyone can work anywhere and they can still be part of the team. Remote first is where we're at now, Coinbase, Shopify, even Barkley says the not going to go back to having everybody in offices in the way they used to. This is a fundamental shift. And I think it's got significant implications for all industries, but definitely for software development. Here's the thing, the last 20 years were about distributed computing, microservices, the cloud, we've got pretty good at that. The next 20 years will be about distributed work. We can't have everybody living in San Francisco and London and Berlin. The talent is distributed, the talent is elsewhere. So how are we going to build tools? Who is going to scratch that itch to build tools to make them more effective? Who's building the next generation of apps, you are, thanks.

>> from San Francisco. It's the Cube covering the M Wear Radio twenty nineteen. Brought to you by the M >> where >> Hi. Welcome to the Cube. Lisa Martin with John Farrier at the fifteenth annual Veum, Where radio, which is there are anti innovation summit. Pleased to welcome back one of the Cube alumni extraordinaire CEO Being where hot girl singer. Hey, Pat. Good morning. >> Good morning. Great to be with you guys today. Thanks >> so much Right to be here. So this this is the fifteenth radio your internal innovation summit that really has been very influential. NPM wears development over the last fifteen or so years About eighteen hundred engineers here. So each year growing Mohr and Mohr interest, excitement cross collaboration with India More talk to us about how this is really worthy of the CEOs. Time to come here. And with this geek fest, >> well, it is, in many ways, just one of these pieces of the VM wear R and D culture is a research and development innovation off site. And it's something, you know, long preceded me. But when I got here, it's like I'm going to keep doing it. Of course we are. You know this is sort of like the party for the top engineers, right? You know, they get to come geek out, share their best ideas, interact with each other. So it's become one of those unique pieces of our of our development culture and ultimately is, I say, bm where well to do two things right, developed great, breakthrough, innovative, disrupt the products and make our customers successful with those products. So everything that we do sort of centers around those two things. And obviously, if the products are great, we don't have that. We know what to do So to us, keeping that culture of innovation and giving our engineers time to really just geek out, see what each others are doing, challenge each other. It's really pretty special. And yeah, it deserves the CEO's time. >> And you've got You just had your sales president's club without top performers. On the sales side, this is the technical version. It hasn't been that organic piece of the VM were culture, engineering, leadership. But you also have acquisitions, just acquired it. Nami. Yes, you've had a few other you cloud health big time moves relationship with a ws azure. The cloud foundation stuff. How is lending it together? Because you have all this organic innovation. I see cloud management, networking, security outside suffer to find data center is playing out. As you you guys had predicted. How does the acquisitions fit into the culture and the radio? >> Well, you know, part of it is when we talked to many of the engineers about the acquisitions, we say, Hey, we do radio. They're like, huh? All right, this is well, it's this opportunity for us to see what everybody is doing interactive that level and good engineers are almost always part of the decision with respect acquisitions. So they just take to it like, you know, fish and water, right? They just jump in, right, start interacting with their peers. And it is such a, you know, open, diverse pool that all of sudden ideas air being a bounced off each other, homogenize challenged and, you know, people seeing how they can connect with people. So tow us. Many of the acquisitions just find us to be so beneficial to how they come into the company. And they quite appreciate it, you know, just getting back from sales club hate sales leaders >> and he was pretty good. I like this, you >> know, for many of those acquisitions. But the engineers, this is even better for you >> guys aren't just buying stuff up. You guys are very specific in your acquisitions. Cloud Health again is a great example. Scene. No air watch going with further back. Why? Bit, Nami, What was so big and important about it, Nami to acquire them? >> Well, you know, we saw a couple of things. One is that, you know, it's a company. They definitely had this ability, this respect. We're poor with the open source community, you know, and being able to cross between open source and enterprise credibility. That's exactly where I am, where seas and wants to be able to position ourselves so they fit exactly into that space. This idea of being able to bring enterprise packages is the cool open source applications space. And we already had a multiple set of marketplace efforts internally where we saw that we needed that ecosystem play for activities so they just snap so perfectly into the middle of that and very much hybrid will take cloud, uh, aspects to it. And as we do for every one of our acquisitions and I personally meet with every CEO before we do the deal Are they going to fit our culture? And you know, there aren't that many of our acquisitions where I have people saying no, no I'll i'll be the executive sponsor for this one. No, no, no, I will, I will. I will be No, no, no, please. I'll do this one. And you know, of course, the fact that it's in Seville, Spain, right? You know, I think I think if you it was just driven by vacation plans. But it's >> all well, of course, Erica Cube alumni. And we have a whole cube alumni thing going on here. There's no emanate work we're doing here just good people of nice. And so >> you're planing the Cube visit to civilly explain. It's >> like love, Teo. Of course, we have international presents. One of the things I always quote from you is Besides, that hybrid cloud reference years ago was a quote. You said I think twenty, twelve or twenty thirteen feet which year it wass seems like yesterday. You said if you're not out on that next wave your driftwood, so I gotta ask you here at radio you got You got all this organic stuff. It's kind of the wave's coming. Is this what wave is? Are you seeing the end? We're riding right now, because business is great. Um, you're pumping on all cylinders. You've kind of gone through your ten years that through the early days of and you got CEO and you know it. Everything's normal life now and you're on a good run. What waiver? You're going to be surfing on the business side of all this stuff behind you. What's what? When is this all fit in? >> Well, you know, one of the things that I think is so critical for us now and particularly with the, you know, the, um, war cloud on eight of us. Go now with the relationships with Azure and IBM. Alibaba are four thousand BC PP partners. So that's, you know, really starting to take off our BM or Cloud Foundation on premise. We have a big customer saying Okay, I get it right. Don't look down the stack. Look up. Rely on you guys to be the infrastructure. Bring that together for the hybrid infrastructure is a service. And to me You know, part of what I'm looking for for this from the conference is putting all those pieces together because our customers don't want to be doing it. They want us to do it, but we have to make it so consumable, so compelling that just sort of like the sphere. Was it our beginning? They just sort of say, the M where your hybrid cloud, That's what I want, right? And be ableto operationalize at a scale. And if we get that really working well for customers, the management, the automation, the security operations of that boy. Now we do have the opportunity to ride the Cuban eighties wife right into me. It really is. We have to straddle those two over the next several years, >> so make you know, super nice party stand, >> that embracing that next major trend, >> which is up on top of the stack program ability. >> Yeah. You know, when the aside describe Coburn at ease and containers, it's like Java was twenty years ago. You know, what was the last major software abstraction that the industry agreed upon? Jonah, It's almost exactly twenty years ago, and it defined middleware abstraction for the last twenty years. Containers Cooper, Netease the next middleware abstraction. And we see Cooper. Nate is becoming the next native a P I that thie VM where infrastructure, STD see will support and will deliver. And we're going to make containers and cue bernetti so seamless with regard to the core bm infrastructure that a customer never needs to decide. >> What impact will this have? I mean, I see you've been involved many ways talked about the Pentium in the Intel side of your career, I'll see and and what that enabled in terms of inflection, point and growth and creation of value. Where do you see this Cooper Netease Abstraction. If this is going to be one of those inflection points as you as you point out, how do you envision the impact to the industry? What's gonna happen? >> We see that Cuban eighties layer impacting down as well as impacting up, and that's why we see it. It's so critical to get it right. You know, it becomes the consumption a p I infrastructure, and we've talked about, you know, infrastructure is code or, you know, a P. I ittle dismiss a displace open stack. As an AP, I becomes the middle, where a pea eye of choice, but also that defines the middle where abstraction of choice. So all of your Web spheres, Web logics, Java communities, they're going to get displaced as well as they are re factored into this automated containerized, the scale out world. That's exactly where we're sitting. And that's another piece of the bit Nami acquisition that we just announce because you know, being ableto package containerized, open source applications packages exactly fits into that strategy as well. And if we do those two things, I think VM where is going to be extraordinarily well positioned for decades to come way past me? >> So let's talk about customers. Here we are at radio twenty, nineteen, fifteen years I mentioned you guys, This is a really competitive event. Engineers want to be here. You probably had well over a thousand projects. Submissions. How do customers one benefit from the innovations that are discussed here at radio, but also how to customers influence some of the projects of the exciting things that engineers want to put together? >> Well, one of the things that we really enjoy about the whole BM where R D community is you know engineers are leaving with customers all the time. We push him out into those places, you know, we selectively bring customers in and have them in Iraq. Tear a radio. We have other mechanisms, like flings, right? Yeah. These open source lightweight things that customers could be giving us code. We could be giving them code. We you regularly, you know, bring them into our campus for, you know, their participation and different advance programs. So it really is a very constant, ongoing and somewhat end and dialogue that we're having weather. That's from an early product concept that we might be seeing for the first time here at Radio Teo Act The part, this patient and beta activities before we roll them out broadly. So it really is having them participate in the end, the end roll of innovation. And sometimes Hey, it sounds like a good idea. And it sort of sucked right when we tried to do it. Other times they're like, Oh, wow, some of these things, really. I've taken off and gain legs while beyond what we would have dreamed of. >> What have you seen that this year's event? Project Wise featured project. Why's that really kind of caught your attention, Like you. That's a really good idea. >> Well, I must admit, I just landed last night, So today is my first day at radios. So I just got back from our sales club, as John mentioned earlier. So I think I'm gonna have to take a buy on that question here because I got to go do my homework here. >> We'LL ask the questions. I have attracted talent, engineering, talent That's also the best of the best elite forces. This is a challenge in the streets of retain talent on engineers. Love to work on a hard problem. I gotta ask you what, Some of the hard problems at the end where is trying to tackle that would attract the elite engineering forces to the company. Because again, you're talking about something really big is going on with software. What are some of the big problems? >> Yeah, well, a couple of them that, you know, I'm pretty focused on for our team, and one is we said, you know, we said it's a software defined data center. Right? Going forward. It's the self driving data center. How do we bring so much telemetry? and automation that we truly are running the data center on customers behalf. And if I, you know, build on the Del Technologies World announcement of'em were cloud on Delhi emcee. You know, we're now managing their on premise data center from our cloud. You know what? If we can put more machine learning a I into the middle of that, it's not just that I wantto do it instead of them. I want to do it dramatically better than they ever could write. Using the greatest algorithms telemetry, learning, etcetera that the infrastructure becomes more reliable, right, it becomes higher performance. It becomes increasingly predicted right of its behavior and adjusting to those things. So the self driving data center's pretty high on the list for us. You know this idea then of a true multi cloud operational plane. We're customers. Just say, Here's there's my working. Would you figure out where to run it here? My policies. Here's the work will take care of it for me today. I was running it on this cloud the afternoon I brought it back on promise, because you it >> sounds easy, >> Cassidy. Right? Wow, If you could do that, its scale But then you say, boy, You know, if I move it around, where does the day to reside? Right, You know, have I met my policies and compliance requirements? So this a multi cloud operational plane is a >> big problem that you're attracting talent Is that distract complexity away and making it easy? >> Yeah, right, R, that's what we do. It's hard. I know. You know some >> of the cool things, you know, the are blockchain All right, you know, also breaking through reside. Describe blockchain. It's like the public private key encryption breakthroughs of forty years ago. But they're still very raw, right? Their performances crappy. You know, they don't scale very well. You have all sorts of issues associated with audit ability and repute, ability of those mechanisms. So those are some of the new problems and then also attacking entirely new new segments like NFI, right? Hey, we're going to build a five g network. That's not reliant on hard work, right? >> Well, when you're out of the quiet here, we're going to come to your office, will go deeper, dive on the business and some of the cool tech stuff, >> and we're just coming up on the M world in a couple of months. I think this will be the cubes tenth time there and any little teasers that you could give us about the world twenty nineteen. >> Well, we certainly hope that, you know, we're able to bring a lot of these club messages together right and have sort of, you know, connected all the dots. Att VM world This year's >> state When you heard it here on the Q first, some exciting announcements coming from BM, where in just a few months at being World twenty nineteen. Pak Gil Senior Seo Thank you so much for joining Jon and me at Radio twenty nineteen. As a pleasure. Always thank you so much. We want to thank you for watching for John Ferrier. I'm Lisa Martin. You're watching the Cube from Vienna, where Radio twenty nineteen and San Francisco. Thanks for watching

(string music) >> Welcome to the Cube conversation here at the Cube studios in Palo Alto California, I'm John Furrier, cohost of the Cube and cofounder of Slip and Angle Media. We're here with Shlomi Ben Haim who's the founder and CEO of Jfrog, hot startup. I asked him to come in to chat about his business. In the dev/op space, we see him at a lot of shows, your company's doing well, we love the marketing, the frog thing is great, love it, very cool. But there's a lot of real serious action going on in the enterprise and in the cloud and in emerging tech, whether it's AI or machine learning, whether its innovative things, developers are front and center in the marketplace and there's a boatload of noise out there, there's like this approach, this approach, there's a lot of different approaches, but at the end of the day, the devs are driving a lot of innovation. You guys are at the center of it so welcome to the Cube. >> Thank you. >> First question for you, just take a minute to talk about what you guys do, Jfrog, what's your company, what's your business, what are you guys up to, what's your deal? >> The way I think that the community will describe us would be that we are the binaries people, we are taking care of your binaries. As you know in the dev/ops world, everything you do you do with your binaries, with your software artifacts, so I heard some of the community members call us the database of dev/ops and we are the providers of artifactory, bintray, xray and mission control which take care of your binaries, managing them, host them, distribute them and secure them. >> Open source event we were at, we saw you guys because I was doing all the interviews and you guys were right on the edge there, then you guys got some nice background images off the Cube videos, but it was really interesting. The trend is your friend as the saying goes and the number of open source projects is increasing, the actual lines of code is exponentially going to grow from 22 million to 200, 400 million lines of code over the next couple of years, that's hockey stick. More developers are coming in, not old school like me that built their own stuff from scratch, there's a lot of lego blocks in fact Jim Samlin said that 10% of the code will probably be original ideas and differentiation, 90% of most of the code will be a code sandwich, which I believe, I think that's the legit direction. How do you guys fit into that trend and what does that mean for your business because I can imagine, there's a ton of Git Hub stuff going on, tons of forking, tons of projects, you got block chain catching the world by storm, there is a massive developer tsunami going on. How do you guys help them? >> It's very interesting, when we started Jfrog, actually my co-founder Yoav Landman started by providing developers with a very dummy, basic solution to proxy, public repositories like Maven central and it was not about the code for the first time, it was about the binaries. Code is great and the line of code, as you said, it's going to go enormous but what happened is that when you need to automate, when you need to rebuild, when you need to release faster, you go down to the binary level, to the software artifact level and guess what, no one took care of your binaries before, you were just throwing your binaries to your version controller or file store, maybe you were hosting them. >> They were messy, it's like a kid with their room, all the stuff spread around all over the place, where's that binary, no one keeps track of it. >> Nobody care about that, but this is the one thing that you keep consuming, keep building with, keep recompiling and in the era of dev/ops, is the one asset that you need to automate and reuse. This is where we, >> The core problem if I get this right, is that compiling is going to be, if you think of dev/ops, it's infrastructure as code, as the phrase goes as we always say and programming infrastructure is what dev guys want to do, they don't want to be in the business of switching configurations, getting in the routers and the network. They want it to be just one layer of resource, serverless is a great trend for you, more and more developers are going to love this. They want to program, so when you're programming, the inherent next step is where's the code, who's compiling it, does it need to be compiled? Is that the core problem, that there's more and more stuff going on under the hood that needs to be managed? Is that growing part of your business solution or is the problem just lost binaries, what's the core problem? >> It's a perfect question. First of all, we are providers, we are the providers of the only universal solution. Binaries are not just for java developers, they are not just for python developers, they are not just for dot net developers, they are not just for docker users and the way you package it, binaries happens between your get and your CI server, let's say Jenkins, get and Jenkins and your Kubernetes. Something happens between those two sites. Your orchestration tool and your code repository tool. In this land is where binaries play a very significant role and this is where we are a major player. >> Is the problem error prone in that zone, in that zone it's like the wild west, it's like a black hole if you will, think about what you're saying, if I get it right. There's a lot of stuff that goes on in there, is it mismanagement, what's the core thing that you guys got to do there? >> Tons of binaries, too much public repositories that the community cannot rely on. You need to manage and host your own binaries, the ones that you create yourself, and to provide and this is the last strength we see in the market, big organization need to provide dev/ops as a service to their own developers, so they need to ask this very important asset that we call software artifact and binaries or darker images or whatever you want to call it. >> Yeah a lot of great trends going on, obviously containers and Kubernetes you mentioned. Let's get into those, that's driving a lot of change. Certainly containers has been around for a while, whether you call it wrappers or whatever, it's a great magical thing, we love containers, Kubernetes really gets the trend right, if you look at the google trend, you see Kubernetes has got so much more traction than containers, although I'm not saying one's more relevant than the other, certainly orchestration's important, linking and loading all these containers together. Why is Kubernetes accelerating the binary conversation? Is it because more rapid development is going on, more programmability's going on, why is Kubernetes impacting the binaries components more now than ever? >> Putting aside the need for automating and integrating, this whole orchestration solution requires some work on the binary level but if you think about what Kubernetes is trying to solve, or what the containers are all trying to solve is a better, faster release, better, faster deployment, better, faster delivery and then you can do it only if you will combine the power of the developers and the power of the machine and release faster. This is what we say in Jfrog, release fast or die because it's all about how fast can you release? >> Before we get into some of the product specific stuff, I want to ask you some pointed questions on that. I want to ask you about automation. AI is obviously hot, I love AI, even though it's hyped up, it still promotes great software development, machine learning really is where the meat on the bone is there, so machine learning and automation bots, whatever you want to look at it, is an opportunity to actually to create adaptive code. How did that new software paradigm affect binaries because I can almost imagine that if you got a bot going wild, it could screw up the binaries. >> Completely. >> So can you comment on that, that area. Obviously we want more bots, automation is a good thing on one level, but how do you guys look at that market as an opportunity, as a challenge, what's that whole AI thing look like? >> Well if we take a step back, I think the dev/ops started with the need to automate and release faster. It was like the playground of developers, we need a better integration, we need a continuous integration, we need better delivery, we need continuous delivery. If you think about it now, in 20/20 perspective, you understand that this was all milestones. The next big challenge is continuous updates. People like me, people like you, just want their devices and machines to be updated. >> And secure, look at Equifax. Equifax is a great example, they didn't update the code. >> Absolutely and it's flowing and just happening and secure and in the world of automation, the world of AI, I think that the big challenge or the next big challenge of dev/ops is how can I create a continuous update machine which is also secure and software update will just flow. It will not be something that you press I agree, I reboot and do any kind of crazy stuff in order just to get your software update. It's more about the user experience of all of us. It's not just developers and dev/ops companies anymore. >> That's a great vision by the way, I love that. It should work like that and programmable infrastructure for dev/ops should be programmable and always available and highly reliable. Mark Zuckerberg used to have the saying, move fast, break stuff, that's not a dev/ops ethos by the way, they built their own dev/ops, but then he kind of quickly waffled back to move fast, be reliable, because he got some religion on ops. Totally get that, let's go into today's world. That gives us a little future view, what is a use case for a customer? Take me through the day and the life of a customer that's using Jfrog, what are their problems, what are some of the things that are burning in their office? Where's the smoke, what's the problem that they have that they need to take care of the binaries? Sprawl of code, just mismanagement, what are some of the signals? Share with your view there. >> It starts with the fact that it's not your developer anymore that builds software. You have a CI server there that never goes to a lunch break, never take a break with Facebook, which by the way, it's a great company but sometimes it stop giving the time during the work time and you keep building and building like crazy. Your CI server keep producing binaries. >> It's an always on code machine basically. >> It's a binaries machine and it's being built 24 by seven and yes, you use just a portion of it but you have to host and manage all of it and if you will host it in your version controller, it will explode, if you will put it in a file store, it will not be something, >> Explode because of capacity? >> Because you cannot do any cleanups on the version controller, not get or subversion or the false or any of them, you don't do cleanups on version control. >> Hygiene is an issue. >> Yes, plus integration. You need to integrate with your records system, plus promotion, you need to allow and automate promotion of the specific bites that you build. >> So that's why people call you the database or I would even say the brains of binaries, you got to keep track of the goods if you will, it's like the crown jewel is the binary. >> Right. >> If I get that right, okay let's take it to the next level. You have good hygiene, you have good stuff going on, what are you guys doing specifically that gives you a differentiation of the market because is it software, is it hardware, what is the Jfrog differentiation? >> I think that the first thing that happened to us was that we realized that binaries is for everyone. If you remember Jfrog's slogans from 2010, it was binaries for the people. We felt like we are leading the revolution of taking care of your binaries and therefore, we decided that whatever we build, our philosophy base, our concept will be universal. We started with the Java community, Maven and Gradel and then the dot net community with Nougat and then when it came to be more like a dev/ops industry in 2013 or '14 was it, >> Roughly, 2008 to 2014 was really the cloud errati and then it grew and then it matured a little bit. >> And the combination of dev and ops and IT and then we started to support packages like Debian and RPM, beyond repositories, docker registry, we were the first docker registry in the market. >> You were riding the wave from the beginning. >> Yes. >> You were right there riding the binary wave with the native cloud growth, public cloud growth big time which by the way had a lot of iterations quickly. >> Which is also one of our differentiators, we are the only hybrid providers for your binary solution. We have it in the cloud, any cloud or on prem. >> Who's the competition? >> It's a very good question, on a niche level, we have companies like docker that provide a docker registry we have Cores that provide docker registry, by the way, anyone in the market now that want to have a docker registry, a container registry. On the Java Maven domains, Sonotype provide a nexus which is a binary repository manager for Java for Maven builds. NPM provide a solution for NPM but if you think about the universal solution that supports other, >> Those are siloed platform specific binaries. >> Yes. >> You're taking much more of a wholistic, horizontally scalable, any binary any time management. >> Exactly, we don't do the before and after, but in the binaries world, we want to be one solution for all. >> I get the whole registry thing, love that positioning. Just a dumb question, when someone's coming in and managing intermittently in the registry, how do you guys handle that piece? How do you know that a Java request coming in from a Java registry, you guys have a front end to this thing, is it your software, how do you guys manage the integration of requests to and from the binaries. >> The read and write to the repository you mean? >> Yes. >> Artifactor is a very sophisticated repository if I may say it's built more like a database, it's based on a check sum mechanism and not just a basic file store. >> You verify it coming in on the front end. >> Right, the parts and machine caching, managing, hosting and distributing, it's all happening in artifactor. >> And performance is as good? No problems with performance? >> Well we are the only provider that has a highly available solution with over 4000 customers, so I guess it is. >> You got a smile yeah, I see you at the shows. You got a good reputation so it's great to have you come in. I want to just take a minute to pause because I know we're having a great conversation, I could talk about CI servers til the cows come home, one of my favorite topics dev/ops, as people who have been following me since 2008 know, I love the cloud, cloud native vision from day one. There's a lot of people out there who don't know what the hell a binary is, so take a minute and explain, what is a binary and why is it such an important thing right now in context to open source growth, more developers coming in, context to enterprises trying to be cloud like and just for the general purpose, why are binaries important? Why should the general public, how would you talk about what is a binary? >> I'll try. I think that the main difference is that binaries are more like, maybe it's a basic metaphor, but binaries are more like fresh food, unlike freeze food. Your source code is freezed, you're not allowed to touch it, you're not allowed to clean it, you're not allowed to change it. Your one dot seal would be my one dot seal. It's kind of freeze food, this is why in dev for get and other player in this market are so important. We see how bit bucket with the class in and Git Hub are growing and still playing a significant role binaries are different, binaries is the fresh food. Something that you keep changing, any minute and you build with a specific binary something and then something else and it become another binary if I may say so. I think that the flexibility that you need to gain when you go on full automation and full integration is the flexibility that you can get on the binary level. You cannot get it on the code level. Therefore, binaries playing a very significant role in the cloud era and in the dev/ops era. >> Sure it allows for extensibility of source code. In a way what you're saying. You can eat the frozen food or you can chop up your own organic meal yourself. >> Exactly. >> Okay I get that, final question for you, thanks for coming in, appreciate the one on one on binaries there. People can always just go on Wikipedia and look at other definitions on stack overflow and whatnot. What is the customer value proposition for Jfrog? Why should I work with you, what's the main reason for you to have 4000 customers? What's driving them to use you? Is it just convenience? Is it scalability, all of the above? Just take a minute to explain why customers go to you and if people don't work with you, why should they work with you? >> I think that the biggest challenge today is that you want to treat binaries as first level citizens and instead of having an NPM repository, docker registry, Maven repository, python repository and there is no single organization that will have just one repository, you can have it all with Jfrog. The second thing we are the providers of highly available solution to protect your data centers so if you don't want your 1000 developers sitting down, waiting for the binary repository to be up and running and to allow the environment, then you probably want to, >> Productivity right there is one. >> Productivity and efficiency, absolutely. We are also providing it to secure your binary flow and the platform that distributes your binaries. We take binaries very seriously, over two billion downloads a month on bintray, our distribution hub and we work with the community and for the community, we are developers ourself, coming from the open source community so it's all bottom up and community friendly. >> Shlomi, great commentary, I want to just get a personal, take your Jfrog hat off for a minute, put your developer, executive, industry expert hat on. Share with the audience your view on the developer market. There's been a lot of negative press around the brogrammer lately and all these things, but trends are clear that you have massive growth in open source, comment on the role open source plays as it goes into some argue fifth generation, fourth, fifth generation, I remember when the first generation I was coding on. Those were the days but different, it's changed. You have so much code, it's really a party right now in open source, there's so much good stuff happening. Google's donating tensorflow, all these people putting real big libraries out there to code on. Kubernetes is just so awesome, system guys specifically love what's going on in the cloud. But cloud is exploding a lot of opportunities, IoT and AI, what's the developer market like right now, just share your thoughts, what's the sentiment, what's the excitement, what are the young kids doing? What are some of the big things that you see happening? >> From business perspective, what we see in the market is developers first of all taking decisions. They hear their managers coming with the pain and expect it to solve it and the bottom up process is something we never saw in the market. The last five, six years, we see more and more developers kind of educating their managers with how to do it and how to do it faster. The second thing and this is, >> So bottom up's happening now you're saying. >> Happening for the last five years and it's growing. The second thing we see in the cloud, you see it more than I am, Google and Amazon and Microsoft and Red Hat, everyone want a piece of the cloud, Orca now just announced two days ago, three days ago. Everyone want a piece of the cloud and everybody understand that data traffic comes from developers, it's not individuals, it's communities, the open source community is giant and it's a very, there's a very important player in the data traffic of what we call the cloud highway. >> And the communities are very most important piece, you would agree with that, right? We're very community focused, that's the key, right? >> Yes, absolutely. >> I think the world will be developer indoctrinated with basically developer premises across all business, so it's not a department anymore, it's permeating all through organizations. >> Right and also impact our user experience. People like simple people that doesn't understand code, they're not contributing to the open source world still need software updates and competitive analysis are talking about that, how fast can you release? >> Well Stu Miniman and Dave Alante and Peter Burris and I always talk about community is the key in open source, you guys have been very successful in the community. Congratulations, obviously we're very community focused with our content, with the Cube. If you like the Cube, check us out at cube.net, give us a call, come in the studio if you're a thought leader, love to chat with you. I'm John Furrier with the Cube, more thought leadership coverage in Palo Alto here inside the Cube. We'll be right back, thanks for watching. (electronic music)