>>Good afternoon, brilliant humans, and welcome back to the Cube. We're live in Detroit, Michigan at Cub Con, and I'm joined by John Furrier. John three exciting days buzzing. How you doing? >>That's great. I mean, we're coming down to the third day. We're keeping the energy going, but this segment's gonna be awesome. The CD foundation's doing amazing work. Developers are gonna be running businesses and workflows are changing. Productivity's the top conversation, and you're gonna start to see a coalescing of the communities who are continuous delivery, and it's gonna be awesome. >>And, and our next guess is an outstanding person to talk about this. We are joined by Stephen Chin, the chair of the CD Foundation. Steven, thanks so much for being here. >>No, no, my pleasure. I mean, this has been an amazing week quote that CubeCon with all of the announcements, all of the people who came out here to Detroit and, you know, fantastic. Like just walking around, you bump into all the right people here. Plus we held a CD summit zero day events, and had a lot of really exciting announcements this week. >>Gotta love the shirt. I gotta say, it's one of my favorites. Love the logos. Love the love the branding. That project got traction. What's the news in the CD foundation? I tried to sneak in the back. I got a little laid into your co-located event. It was packed. Everyone's engaged. It was really looked, look really cool. Give us the update. >>What's the news? Yeah, I know. So we, we had a really, really powerful event. All the key practitioners, the open source leads and folks were there. And one of, one of the things which I think we've done a really good job in the past six months with the CD foundation is getting back to the roots and focusing on technical innovation, right? This is what drives foundations, having strong projects, having people who are building innovation, and also bringing in a new innovation. So one of the projects which we added to the CD foundation this week is called Persia. So it's a, it's a decentralized package repository for getting open source libraries. And it solves a lot of the problems which you get when you have centralized infrastructure. You don't have the right security certificates, you don't have the right verification libraries. And these, these are all things which large companies provision and build out inside of their infrastructure. But the open source communities don't have the benefit of the same sort of really, really strong architecture. A lot of, a lot of the systems we depend upon. It's >>A good point, yeah. >>Yeah. I mean, if you think about the systems that developers depend upon, we depend upon, you know, npm, ruby Gems, Mayn Central, and these systems been around for a while. Like they serve the community well, right? They're, they're well supported by the companies and it's, it's, it's really a great contribution that they give us. But every time there's an outage or there's a security issue, guess, guess how many security issues that our, our research team found at npm? Just ballpark. >>74. >>So there're >>It's gotta be thousands. I mean, it's gotta be a lot of tons >>Of Yeah, >>They, they're currently up to 60,000 >>Whoa. >>Vulnerable, malicious packages in NPM and >>Oh my gosh. So that's a super, that's a jar number even. I know it was gonna be huge, but Holy mo. >>Yeah. So that's a software supply chain in actually right there. So that's, that's open source. Everything's out there. What's, how do, how does, how do you guys fix that? >>Yeah, so per peria kind of shifts the whole model. So when, when you think about a system that can be sustained, it has to be something which, which is not just one company. It has to be a, a, a set of companies, be vendor neutral and be decentralized. So that's why we donated it to the Continuous Delivery Foundation. So that can be that governance body, which, which makes sure it's not a single company, it is to use modern technologies. So you, you, you just need something which is immutable, so it can't be changed. So you can rely on it. It has to have a strong transaction ledger so you can see all of the history of it. You can build up your software, build materials off of it, and it, it has to have a strong peer-to-peer architecture, so it can be sustained long term. >>Steven, you mentioned something I want to just get back to. You mentioned outages and disruption. I, you didn't, you didn't say just the outages, but this whole disruption angle is interesting if something happens. Talk about the impact of the developer. They stalled, inefficiencies create basically disruption. >>No, I mean, if, if, so, so if you think about most DevOps teams in big companies, they support hundreds or thousands of teams and an hour of outage. All those developers, they, they can't program, they can't work. And that's, that's a huge loss of productivity for the company. Now, if you, if you take that up a level when MPM goes down for an hour, how many millions of man hours are wasted by not being able to get your builds working by not being able to get your codes to compile. Like it's, it's >>Like, yeah, I mean, it's almost hard to fathom. I mean, everyone's, It's stopped. Exactly. It's literally like having the plug pulled >>Exactly on whenever you're working on, That's, that's the fundamental problem we're trying to solve. Is it, it needs to be on a, like a well supported, well architected peer to peer network with some strong backing from big companies. So the company is working on Persia, include J Frog, which who I work for, Docker, Oracle. We have Deploy hub, Huawei, a whole bunch of other folks who are also helping out. And when you look at all of those folks, they all have different interests, but it's designed in a way where no single party has control over the network. So really it's, it's a system system. You, you're not relying upon one company or one logo. You're relying upon a well-architected open source implementation that everyone can rely >>On. That's shared software, but it's kind of a fault tolerant feature too. It's like, okay, if something happens here, you have a distributed piece of it, decentralized, you're not gonna go down. You can remediate. All right, so where's this go next? I mean, cuz we've been talking about the role of developer. This needs to be a modern, I won't say modern upgrade, but like a modern workflow or value chain. What's your vision? How do you see that? Cuz you're the center of the CD foundation coming together. People are gonna be coalescing multiple groups. Yeah. >>What's the, No, I think this is a good point. So there, there's a, a lot of different continuous delivery, continuous integration technologies. We're actually, from a Linux Foundation standpoint, we're coalescing all the continued delivery events into one big conference >>Next. You just made an announcement about this earlier this week. Tell us about CD events. What's going on, what's in, what's in the cooker? >>Yeah, and I think one of the big announcements we had was the 0.1 release of CD events. And CD events allows you to take all these systems and connect them in an event scalable, event oriented architecture. The first integration is between Tecton and Capin. So now you can get CD events flowing cleanly between your, your continuous delivery and your observability. And this extends through your entire DevOps pipeline. We all, we all need a standards based framework Yep. For how we get all the disparate continuous integration, continuous delivery, observability systems to, to work together. That's also high performance. It scales with our needs and it, it kind of gives you a future architecture to build on top of. So a lot of the companies I was talking with at the CD summit Yeah. They were very excited about not only using this with the projects we announced, but using this internally as an architecture to build their own DevOps pipelines on. >>I bet that feels good to hear. >>Yeah, absolutely. Yeah. >>Yeah. You mentioned Teton, they just graduated. I saw how many projects have graduated? >>So we have two graduated projects right now. We have Jenkins, which is the first graduated project. Now Tecton is also graduated. And I think this shows that for Tecton it was, it was time, the very mature project, great support, getting a lot of users and having them join the set of graduated projects. And the continuous delivery foundation is a really strong portfolio. And we have a bunch of other projects which also are on their way towards graduation. >>Feels like a moment of social proof I bet. >>For you all. Yeah, yeah. Yeah. No, it's really good. Yeah. >>How long has the CD Foundation been around? >>The CD foundation has been around for, i, I won't wanna say the exact number of years, a few years now. >>Okay. >>But I, I think that it, it was formed because what we wanted is we wanted a foundation which was purpose built. So CNCF is a great foundation. It has a very large umbrella of projects and it takes kind of that big umbrella approach where a lot of different efforts are joining it, a lot of things are happening and you can get good traction, but it produces its own bottlenecks in process. Having a foundation which is just about continuous delivery caters to more of a DevOps, professional DevOps audience. I think this, this gives a good platform for best practices. We're working on a new CDF best practices Yeah. Guide. We're working when use cases with all the member companies. And it, it gives that thought leadership platform for continuous delivery, which you need to be an expert in that area >>And the best practices too. And to identify the issues. Because at the end of the day, with the big thing that's coming out of this is velocity and more developers coming on board. I mean, this is the big thing. More people doing more. Yeah. Well yeah, I mean you take this open source continuous thunder away, you have more developers coming in, they be more productive and then people are gonna even either on the DevOps side or on the straight AP upside. And this is gonna be a huge issue. And the other thing that comes out that I wanna get your thoughts on is the supply chain issue you talked about is hot verifications and certifications of code is such big issue. Can you share your thoughts on that? Because Yeah, this is become, I won't say a business model for some companies, but it's also becoming critical for security that codes verified. >>Yeah. Okay. So I, I think one of, one of the things which we're specifically doing with the Peria project, which is unique, is rather than distributing, for example, libraries that you developed on your laptop and compiled there, or maybe they were built on, you know, a runner somewhere like Travis CI or GitHub actions, all the libraries being distributed on Persia are built by the authorized nodes in the network. And then they're, they're verified across all of the authorized nodes. So you nice, you have a, a gar, the basic guarantee we're giving you is when you download something from the Peria network, you'll get exactly the same binary as if you built it yourself from source. >>So there's a lot of trust >>And, and transparency. Yeah, exactly. And if you remember back to like kind of the seminal project, which kicked off this whole supply chain security like, like whirlwind it was SolarWinds. Yeah. Yeah. And the exact problem they hit was the build ran, it produced a result, they modified the code of the bill of the resulting binary and then they signed it. So if you built with the same source and then you went through that same process a second time, you would've gotten a different result, which was a malicious pre right. Yeah. And it's very hard to risk take, to take a binary file Yep. And determine if there's malicious code in it. Cuz it's not like source code. You can't inspect it, you can't do a code audit. It's totally different. So I think we're solving a key part of this with Persia, where you're freeing open source projects from the possibility of having their binaries, their packages, their end reduces, tampered with. And also upstream from this, you do want to have verification of prs, people doing code reviews, making sure that they're looking at the source code. And I think there's a lot of good efforts going on in the open source security foundation. So I'm also on the governing board of Open ssf >>To Do you sleep? You have three jobs you've said on camera? No, I can't even imagine. Yeah. Didn't >>You just spin that out from this open source security? Is that the new one they >>Spun out? Yeah, So the Open Source Security foundation is one of the new Linux Foundation projects. They, they have been around for a couple years, but they did a big reboot last year around this time. And I think what they really did a good job of now is bringing all the industry players to the table, having dialogue with government agencies, figuring out like, what do we need to do to support open source projects? Is it more investment in memory, safe languages? Do we need to have more investment in, in code audits or like security reviews of opensource projects. Lot of things. And all of those things require money investments. And that's what all the companies, including Jay Frogger doing to advance open source supply chain security. I >>Mean, it's, it's really kind of interesting to watch some different demographics of the developers and the vendors and the customers. On one hand, if you're a hardware person company, you have, you talk zero trust your software, your top trust, so your trusted code, and you got zero trust. It's interesting, depending on where you're coming from, they're all trying to achieve the same thing. It means zero trust. Makes sense. But then also I got code, I I want trust. Trust and verified. So security is in everything now. So code. So how do you see that traversing over? Is it just semantics or what's your view on that? >>The, the right way of looking at security is from the standpoint of the hacker, because they're always looking for >>Well said, very well said, New >>Loop, hope, new loopholes, new exploits. And they're, they're very, very smart people. And I think when you, when you look some >>Of the smartest >>Yeah, yeah, yeah. I, I, I work with, well former hackers now, security researchers, >>They converted, they're >>Recruited. But when you look at them, there's like two main classes of like, like types of exploits. So some, some attacker groups. What they're looking for is they're looking for pulse zero days, CVEs, like existing vulnerabilities that they can exploit to break into systems. But there's an increasing number of attackers who are now on the opposite end of the spectrum. And what they're doing is they're creating their own exploits. So, oh, they're for example, putting malicious code into open source projects. Little >>Trojan horse status. Yeah. >>They're they're getting their little Trojan horses in. Yeah. Or they're finding supply chain attacks by maybe uploading a malicious library to NPM or to pii. And by creating these attacks, especially ones that start at the top of the supply chain, you have such a large reach. >>I was just gonna say, it could be a whole, almost gives me chills as we're talking about it, the systemic, So this is this >>Gnarly nation state attackers, like people who wanted serious >>Damages. Engineered hack just said they're high, highly funded. Highly skilled. Exactly. Highly agile, highly focused. >>Yes. >>Teams, team. Not in the teams. >>Yeah. And so, so one, one example of this, which actually netted quite a lot of money for the, for the hacker who exposed it was, you guys probably heard about this, but it was a, an attack where they uploaded a malicious library to npm with the same exact namespace as a corporate library and clever, >>Creepy. >>It's called a dependency injection attack. And what happens is if you, if you don't have the right sort of security package management guidelines inside your company, and it's just looking for the latest version of merging multiple repositories as like a, like a single view. A lot of companies were accidentally picking up the latest version, which was out in npm uploaded by Alex Spearson was the one who did the, the attack. And he simultaneously reported bug bounties on like a dozen different companies and netted 130 k. Wow. So like these sort of attacks that they're real Yep. They're exploitable. And the, the hackers >>Complex >>Are finding these sort of attacks now in our supply chain are the ones who really are the most dangerous. That's the biggest threat to us. >>Yeah. And we have stacker ones out there. You got a bunch of other services, the white hat hackers get the bounties. That's really important. All right. What's next? What's your vision of this show as we end Coan? What's the most important story coming outta Coan in your opinion? And what are you guys doing next? >>Well, I, I actually think this is, this is probably not what most hooks would say is the most exciting story to con, but I find this personally the best is >>I can't wait for this now. >>So, on, on Sunday, the CNCF ran the first kids' day. >>Oh. >>And so they had a, a free kids workshop for, you know, underprivileged kids for >>About, That's >>Detroit area. It was, it was taught by some of the folks from the CNCF community. So Arro, Eric hen my, my older daughter, Cassandra's also an instructor. So she also was teaching a raspberry pie workshop. >>Amazing. And she's >>Here and Yeah, Yeah. She's also here at the show. And when you think about it, you know, there's always, there's, there's, you know, hundreds of announcements this week, A lot of exciting technologies, some of which we've talked about. Yeah. But it's, it's really what matters is the community. >>It this is a community first event >>And the people, and like, if we're giving back to the community and helping Detroit's kids to get better at technology, to get educated, I think that it's a worthwhile for all of us to be here. >>What a beautiful way to close it. That is such, I'm so glad you brought that up and brought that to our attention. I wasn't aware of that. Did you know that was >>Happening, John? No, I know about that. Yeah. No, that was, And that's next generation too. And what we need, we need to get down into the elementary schools. We gotta get to the kids. They're all doing robotics club anyway in high school. Computer science is now, now a >>Sport, in my opinion. Well, I think that if you're in a privileged community, though, I don't think that every school's doing robotics. And >>That's why Well, Cal Poly, Cal Poly and the universities are stepping up and I think CNCF leadership is amazing here. And we need more of it. I mean, I'm, I'm bullish on this. I love it. And I think that's a really great story. No, >>I, I am. Absolutely. And, and it just goes to show how committed CNF is to community, Putting community first and Detroit. There has been such a celebration of Detroit this whole week. Stephen, thank you so much for joining us on the show. Best Wishes with the CD Foundation. John, thanks for the banter as always. And thank you for tuning in to us here live on the cube in Detroit, Michigan. I'm Savannah Peterson and we are having the best day. I hope you are too.

>>from around the globe. It's the Cube with digital coverage of AWS >>reinvent 2020 sponsored >>by Intel, AWS and our community partners. Welcome back to the cubes. Virtual coverage of AWS reinvent 2020. It's virtual this year. We're not in person, so we're doing remote interviews. Part of the three weeks we'll be covering wall to wall a lot of great conversations. News to cover and joining me today Off Fresh off the news off Andy Jackson's keynote, We have two great guests here. Jason Kapoor, senior product manager for Accelerated Computing at A. W S and eight time Medina Chief business officer, Havana Labs, which was recently acquired by Intel Folks. Thanks for coming on, gentlemen. Thank you for spending the time for coming on the key. Appreciate it. >>Thanks for having us. >>J Town. So talk about the news, actually. Uh, computers changing. It's being reinvented. That's the theme from Andy's keynote. What did Andy announced? Could you take a minute to explain the announcement? What services? What ap What's gonna be supported? What's this about? Take a minute to explain. >>Yeah, absolutely. Yeah. So today >>we >>announced our plans to launch and easy to instance based on hardware accelerators from Havana labs. We expect these businesses to be available in the first time from next year. And these air custom designed for accelerating training off deep learning models, a zoo we all know like training of deep learning models is a really competition. Aly extensive task. Oftentimes it takes too long and cost too much. And we're really excited about getting these instances out of the market as we expect for them to provide up to 40% better price performance. Thani on top of the line GPU instances, >>a lot of improvements. Why did anybody do this? Why heaven or what's the what the working backwards document tell you? What is it customers looking for here is or specific use case? >>Yeah, absolutely. So, you know, over the years, uh, the use of machine learning and deep learning has, like, really skyrocketed, right? So we're seeing companies from all the way like 14, 500 to like start ups just reinventing their business models and use using deep learning more pervasively. Right. So we have companies like Pinterest, you know, you'd use deep learning for content recommendations and object detection to Toyota Research Institute that are advancing the science behind autonomous vehicles. And there's a consistent cream from a lot of these customers that are, you know, innovating in the deep learning space that you know the cost it takes to experiment, train and optimize the deep learning models. It's too high. And, you know, they're looking at us as one of their partners to help them optimize their costs, you know, bring them as well as possible while giving them really performing products and enable them to actually bring their markets, their innovations to market as soon as possible. Right? S o. Do you answer your questions straight on your wants? The working backwards. It's a feedback from customers that they want choice on. They want our help Thio lower. Uh, the amount of compute resources and the cost it takes to train the new planning models. >>Hey, Tom, why don't you weigh in here on Havana and now part of intel? What trends are driving this? What's the motivation? Were you guys fit in? What's your view on this? >>Yeah, So Havana was founded in 2016 to deliver a I processors for the data center and cloud for training and inference deep learning models. So while building chips is hard, building, the software and ecosystem is even harder. So joining forces with intel simply helps us connect the dots. Ever since the acquisition last year, we were able to significantly boost our armed. The resource is, and now we're leveraging inter scale in number of customers and ecosystem and partner support. >>So what's the name of the product? Is there a chip name got? Was it Gowdy is the name? >>Yes, the product is man angle. >>Okay. And so it's gonna be hardware. So it's the hardware software. What's involved? Take us through the product. >>Yes. So Gandhi was designed from the ground up to do one task which is training deep learning models. To do that well, we focus the architectural to aspect efficiency and scalability. The computer architectures is a combination of fully programmable TPC tensile process, of course, and a central g M n G. These DPC course are programmable Villa W seen the machines that we designed with custom instruction, set architecture, er and special functions that will developed specifically for a I. The Gandhi cheap integrates also 32 gigabyte off H B M to memory which makes it easy to port to. For GPU developers, Gandhi is unique in integrating 10 parts of 100 gigabit Internet rocky on cheap. And this is opposed to other architectural, which use proprietary interfaces. So overall, improving the cost performance is achieved through efficiency, namely higher utilization off the computer and memory resource is on cheap and the native integration off the rocky interfaces >>J Town. This is actually interesting, as this is the theme for reinvent. We're seeing it right on stage today. Play out again another command performance by Andy Jassy. Slew of announcements. How does Gowdy fit into the AI portfolio or Amazon strategy? Because what a town saying is it sounds like he's doing the heavy lifting on all this training stuff when people want to just get to the outcome. I mean, the theme has been, just let the product do what they do kind of put stuff under the covers and just let it scale. Is that the theme here is this. >>What does this >>all fit in? Take us through how this fits into the A, I strategy for Amazon and also what what what is Havana Intel bring to the table? >>Absolutely. Yeah. So with respect to our overall strategy and portfolio units, it's relatively straightforward, right? So we're laser focused on making sure we have the broadest and deepest portfolio off services for machine learning, right? So these range from infrastructure services specifically compute networking and storage all the way up to, like, managed and all services, which come with pre trained models and customers can simply invoke them using an A P. I call right eso. So from a strategy perspective, you want to make sure that we provide a customer to a choice, uh, enable them to pick the right platform for the right use case, help them get to the Khan structure they actually want, right eso with Havana. And you know, their acquisition with Intel, we finally have access to hardware software and the ability to kind of build out a ecosystem beyond what you know judicially is being used. Which is was a GP used right eso. So the engagement with with Havana, you know, allows us to take their products and capabilities, wrap it around, and easy to instance, which is what customers will be able to launch right on doing so. We're enabling them to tap into the innovation that Teton the rest of the Havana team are working on while having a solution that is integrated with the full AWS stack. Right? So you don't you don't have to rack in stock hard. Bring your data center thes. They're gonna be available standard. Easy to instances. You can just click and launch them. Get access to software that's already pre integrated and big den and ready to go right. Eso so it actually comes down to taking their innovations, coupling it with an AWS solution and making it too easy for customers together. I've been running with the respective training the deepened models. >>Well, here is the question that I want to get to. I think everyone's on everyone's mind is how is it Gowdy different or similar than other GPU? Specifically, you mentioned the software stack on the AWS What you get the software stack inside the chip. How is this different or similar? Two other GP use. And what's the difference between the software stack versus a traditional libraries? >>So from day one, we were focused on the software experience and we were mindful in the need to make it easy for developers to use the innovations we have in the hardware. Most developers, if not all of them, are using deep learning frameworks such as tensile flowing pytorch for building their deep learning models. So God is synapse AI software suite comes integrated and optimized for tensorflow and pilotage, so we expect most developers to be able to take their existing models and with minor changes to the training strips to be able to run them on Gowdy based instances. In addition, expert developers that are familiar with writing their own kernels will be provided with food too sweet for writing their own TPC kernels that can augment the Havana provided library. >>So that's the user experience for the developers, right? That's what you're saying >>exactly, exactly, and we will provide detailed guides for developers. In doing that, Havana will provide open access to documentation library software models and left toe Havana's kita and bi directional communication with the Havana developer community. All these resources will be available concurrently with the AWS Instances launch. >>Okay, so I'm a developer. How did I get involved? It's software on git hub I use the hardware is on Amazon, obviously, in their instances. It's a new instance. Take me through the workflow develop. I'm into this. I wanna I wanna get involved. What I what am I doing? Take me >>through? Yes, I think it s so If the developer is accustomed to using GPS for training the deep learning models three experience is gonna be practically the same, right? So they'll have multiple options to get started. One of them would be, for example, to take our deep learning, Um, it's or Amazon machine images that will come integrated with software from Havana labs. Right. So customers will take the deep Learning Army and launch it on an easy to instance, featuring the gaudy accelerators. Right? So when with that, they'll have, you know, the baseline construct off software and hardware available to get up and running with right, we'll support, you know, all different types of work flows. So if customers want to use containerized solutions, thes instances will be supported R E C s and E s services. Eso using containerized kubernetes you know, thes the solution will just work on. Lastly, we also intend to support these instances through sage maker eso. Just a quick recap on stage maker. That's a manage service that does end to end that provides end to end capabilities for training, debugging, building and deploying machine learning applications. Eso these instances will also be supporting sage maker. So if you're fiddling with sage maker, you can get up and running with this. This is fairly quickly. >>It sounds like it's gonna enable a lot of action and sage maker level. Then can that layer on the use cases? I gotta ask you guys quickly, What's the low hanging fruit use case applications for this product thing? This partnership, Because you know that's gonna be the first Traction said, What are some of these applications gonna be used for? What can we expect to see? >>So typical applications would be image classifications, object detection, natural language processing, the recommendation systems. You'll find reference models in our get up for that and will be growing at least a Z you can imagine. >>Okay, where can people find more info? Give us the data. Take him in to explain. Put a plug in for how What's all the coordinates? U r l sites support how people create, Um, how people get involved. The community. >>Yeah, so customers will be able to access information on AWS websites and also on Havana Labs website. So you will be kicking off a preview early next year. Eso I would highly recommend for customers to find our product pages and signed up for already access and previous information. Utah. >>Yes, and you'll find more information on Havana. A swell a Savannah's get up over time. >>Great announcement. Congratulations. Thanks for sharing the news and some commentary on it. This is really the big theme. You know what Cove in 19 and this pandemic has shown is massive acceleration of digital transformation and having the software and hardware out there that accelerates the heavy lifting and creates value around the data. Super valuable. Thanks for for doing that. Appreciate taking the time. Thank >>you so much. >>Yeah. Thanks for having >>us. Okay, this is the cubes coverage at 80. Best reinvent next three weeks. We're here on the ground. Will remote. We're live inside the studio. We wish we could be there in person, but it's remote this year. But stay tuned. Check out silicon angle dot com. Exclusive interviews with Andy Jassy and Amazon executives and the big news covering. They're all there in one spot. Check it out. We'll be back with more coverage after this break. Thanks for watching. Yeah.