>>from Las >>Vegas. It's the cues covering quality security Conference 2019 by quality. Hey, welcome back already, Jefe Rick here with the Cube were in Las Vegas at the Bellagio at the Kuala Security Conference. It's the 19th year they've been doing this. It's our first year here, and we're excited to be here. And it's great to have a veteran who's been in this space for so long to give a little bit more of historical perspective as to what happened in the past. Where we are now, what can we look forward to in the future? So coming right off its keynote is Felipe Quarto, the chairman and CEO of Qualities felt great. See, >>Thank you. Same. Same same for me. >>Absolutely. So you touched on so many great topics in your conversation about kind of the shifts of of modern computing, from the mainframe to the mini. We've heard it over and over and over. But the key message was really about architecture. If you don't have the right architecture, you can't have the right solution. How is the evolution of architects of architectures impacted your ability to deliver security solutions for your clients >>So no That's a very good question. And in fact, you know what happened is that we started in 1999 with the vision that we could use exactly like Salesforce. They'll come this nascent Internet technologies and apply that to security. And s and Marc Benioff applied that essentially changing the way serum was essentially used and deployed in enterprises and with a fantastic success as we know. So for us, the I can't say today that 19 years later the vision was right. It took a significant longer because the security people are not really, uh, warm at the idea of Senate Lee, uh, having the data interview which was in place that they could not control. And the i t people, they didn't really like a toll. The fact that certainly they were not in control anymore of the infrastructure. So whether a lot of resistance, I wever, we always I always believe, absolutely believe that the cloud will be the architecture to go back. A lot of people make the confusion That was part of the confusion that for people it was a cloud, that kind of magical things someplace would you don't know where and when I was trying to explain, and I've been saying that so many times that well, you need to look at the club like a computer that can architecture which distribute the computing power for more efficiently than the previous one, which was Clyde Server, which was distributing the computing power for better then, of course, the mainframes and minicomputers. And so if you look at their architecture's so the mainframe were essentially big data centers in in Fort Knox, like setting private lines of communication to damn terminal. And of course, security was not really an issue then, because it's a gritty was building by the IBM said company simply with the minicomputer, which then was, instead of just providing the computing power to the large, very large company could afford it. Now 70 the minicomputer through the advance and say, My conductor technology could reduce the food frank. And then I'll bring the company power to the labs and to the departments. And that was then the new era of the dish, your equipment, the primes, that General et cetera, Uh, and then conservative. So what client service did again? If you look at the architecture, different architectures now, incidently servers LAN or the Internet network and the PC, and that was now allowing to distribute the computing power to the people in the company. And so, but then you needed to so everybody. Nobody paid attention to security because then you were inside of the enterprise. So it starts inside the wars of the castle if you prefer. So nobody paid attention to that. It was more complex because now you have multiple actors instead of having one IBM or one desert equipped. But its center said, You have the people manufacturing the servers. The software that that obeys the PC is an unannounced excellently there was the complexity increased significantly, but nobody paid attention to security because it was not needed. Until suddenly we realized that viruses could come in through the front door being installed innocent. You were absolutely, absolutely compromised. And of course, that's the era of the anti VARS, which came in and then because of the need to communicate more more. Now, Senator, you could not stay only in your castle. You need to go and communicate your customers to your suppliers, et cetera, et cetera. And now you were starting to up and up your your castle to the word and a low now so that the bad guy could come in and start to steal your information. And that's what the new era of the far wall. Now you make sure that those who come in But of course, that was a bit naive because there were so many other doors and windows that people could come in, you know, create tunnels and these and over that transfer, insure your custard. Because the day I was becoming more, more rich and more more important, more value. So whatever this value, of course, the bad guys are coming in to try to sell it. And that was that new era off a win. Each of attention to security. The problem is being is because you have so many different actors. There was nothing really central there. Now. I just suddenly had Maura and more solutions, and now absolutely like 800 vendors. Boarding on security and boating on anything is shortly at the end of the day because you put more more weight, and then you also increasing complexity in all these different solutions. Didn't they need to talk together? So you have a better context, but they weren't designed to talk together. So now you need to put other system where they could communicate that information. So you complicated, complicated, complicated the solution. And that's the problem of today. So now cloud computing comes in and again. If you look at the architecture of cloud computing, it's again Data centers, which not today, have become, thanks to the technology, having infinite, almost company power and storage capabilities. And like the previous data center, there are much more fracture because you just once gave and they become essentially a bit easier to secure. And by the way, it's your fewer vendors now doing that. And then, of course, the access can be controlled better on then. Of course, the second component is that the land and the one it's now the Internet and the Internet, of course, eyes the Web communications extremely cheap, and it brings you in every place on the planet and soon in Morse. Why no so and so now. The issue today is that still the Internet needs to be secure, and today how are you going to secure the Internet? Which is very important thing today because you see today that you can spoof your image, you can spoof your website. You could attack the Deanna's who? Yes, there's a lot of things that the bad guy still do in fact, themselves that ever is the Internet, of course, to access everywhere, so they take advantage of it. So now this is obviously, you know, I created the trustworthy movement many years ago to try to really address that. Unfortunately, qualities was too small, and it was not really our place. Today there's all the Google, the Facebook, the big guys which contract their business, depend on the Internet. Now need to do that and I upload will be been criticised very much so. Google was the 1st 1 to essentially have a big initiative. I was trying to Bush SSL, which everybody understands secret encryption, if you prefer and to everybody. So they did a fantastic job, really push it. So now today's society is becoming like okay, it's a said. You want to have this a settle on your communication, but that's not enough. And now they're pushing and some people criticize them, and I absolutely applaud them to say we need to change the Internet protocols which were created at the time when security you were transferring information from universities. And so for these was a hay days, you know, if everything was fine, there's no bad guys. No, The heebie day is if you like arranging that everybody was free, Everybody was up in fantastic. Okay. And now, of course, today, these poor cold this to be a graded, which is a lot of work. But today I really believe that if you put Google Amazon Facebook altogether and they can fix these internet for records so we could forget about the spoofing and we forget about all these fishing and all this thing this is there responsibility. So and then you have now on the other side, you have now a very intelligent devices from in a very simple sensors and, you know, too sophisticated devices the phone, et cetera, and Maura and more Maur devices interconnected and for people to understand what is being so This is the new environment. And whether we always believe is that if you adopt an architecture which is exactly which fits which is similar, then we could instead of bolting security in, we can also have the build security in voting signal on. We could be in security in. And we have been very proud of the work that went down with my car itself, which we announce, in fact, reluctantly recently, very recently, that, in fact, our agent technologies now it's banned erred in Microsoft. So we have been security with Microsoft in So from a security perspective today, if you go to the Microsoft as your security center, you click on a link, and now you have the view. If you're in tar, is your environment courtesy of record? It's agent. You click on a second link, and now you have the view of your secret cameras. First year, crazy of the same qualities agent. And then you click on the third inning with us. Nothing to do with quite it's It's old Mike ourself you create your playbook and Yuri mediates The security in this environment has become quickly, quick, nothing to in store, nothing to update, and the only thing you bring. All your policies saying I don't want to have this kind of machine exposed on the Internet on what this is what I want and you can continuously owed it essentially in real time, right? So, as you can see, totally different than putting boxes and boxes and so many things. And then I think for you, so very big game changer. So the analogy that I want you that I give to people it's so people understand that paradigm shift. It's already happening in the way we secure our homes. You put sensors everywhere, your cameras of detection, approximately detection. Essentially, when somebody tried to enter your home all that day, that's continuously pumped up into an incident response system. And then from your phone again across the Internet, you can change the temperature of your rooms. You can do it. You can see the person who knocks on the door. You can see its face. You can open the door, close the door, the garage door. You can do all of that remotely and automatically. And then, if there's a burglar, then in your house, who's raking immediately that the incidence response system called the cops or the farmer shirt? If good far. And that's the new paradigm. So security has to follow that product, and then you have interesting of the problem today that we see with all the current security systems incidents Original system developed for a positive force. Positive and negative are the enemy reedy off security? Because if you have forced positive, you cannot automate the response because then you're going to try to respond to something that is that true? So you are. You could create a lot of damage. And the example. I give you that today in the if you leave your dog in your house and if you don't have the ability the dog would bark would move, and then the senses will say intruder alert. So that's become the force. Pretty. So how do you eliminate that? By having more context, you can eliminate automatically again this false positives, like now you, I think a fingerprint of fuel dog and of his voice. And now the camera and this and the sensors on the voice can pick up and say, Oh, this is my dog. So then, of course, you eliminate that forces right now, if if another dog managed to return your home through a window which was open or whatever for so what do we know? A window was open, but you know you can't necessarily fix it on the dog weapons, then you will know it. Sze, not yours. So that's what securities avoiding such a huge sea of change which is happening because of all that injured that end today Companies today after leverages nuclear technology which are coming, there's so much new to college. What people understand is where's that technology coming from? How come silently we have doctors cybernetics a ll these solutions today which are available at almost no cost because it's all open source So what happened is that which is unlike the enterprise software which were Maur the oracle, et cetera, the manufacturer of that software today is in fact the cloud bubbly club Sanders, the Amazon, the Google, the Facebook, the macro self which shouldn't be needed to have to develop new technology so they could scale at the size of the planet. And that very shrewdly realized that if I keep the technology for me, I'm essentially going to imprison. The technology is not going to evolve. And then I need other technologies that I'm not developing. So they realize that they totally changed that open source movement, which in the early days of happens offers more controlled by people who had more purity. If you prefer no commercial interests, it was all for the good, off the civilization and humankind. And they say they're licensing Modern was very complex or the simplified all of that. And then Nelson and you had all this technology coming at you extremely fast. And we have leverage that technology, which was not existing in the early days when when such was not come started with the eunuchs, the lamb, pork or what's called leaks. Apache mice Fewer than Petri limiting Announcer Tiel This technology, like elasticsearch, was coming. We index today now back and three trillion points or less excerpts, clusters, and we return information in 100 minutes seconds and then on the calf campus, which is again something that open source way Baker Now today, five million messages a day and on and on and on. So the word is changing. And of course, if that's what it's called now, the dish transformation now enterprises to be essentially a joy to reach out to the customers better and Maur, they need to embrace the cloud as well, >>right? I >>do retool their entire right infrastructure, and it's such A. It's a huge sea of change, and that's what we see even the market of security just to finish now, evolving in a totally different ways than the way it has Bean, which in the positive market of security was essentially the market for the enterprise. And I'm bringing you might my board, my board, towns, traditions that you have to go in installed and make work. And then you had the the anti virus, essentially for all the consumers and so forth. So today, when we see the marketplace, which is fragmenting in four different segments, which is one is the large enterprise which are going to essentially constantly data start moving to the transformation. Leveraging absolutely develops, which isn't becoming the new buyer. And, of course, so they could improve their I t. For to reach out to more customers and more effectively than the current providers. As I mentioned earlier, which are building security in the knife, you use them. You don't have to worry about infrastructure about how many servers you need, amenities. It's all done for you and something about security. The third market is going to be in an emergence of a new generation of managed Grannie service providers which are going to take all these companies. We don't have enough resources. Okay, Don't worry. I'm going to help you, you know, duel that digital transformation and help you build the security. And then there's a totally new market of all these devices, including the phone, et cetera, which connects and that you essentially I want to all these i, o t and I ot devices that are or now connected, which, of course, present security risk. So I need to also secure them. But you also need to be able to also not only check their health to make sure that okay, because you cannot send people read anymore. So you tournament simply on security. If you find that that phone is compromised, you need to make to be able to make immediate decisions about Should I kill that phone? Destroyed everything in it. Should I Now don't let that phone connect any more to my networks. What should I do? Should I, by the way, detected that they've done with the application which another loud Because what we see is more and more companies are giving tablets to their users and in doing so now, today's the company property so they could say, OK, you use these tablets and you're not allowed to do that so you could check all of that and then automatically. But that again requires full visibility in what you are. And that's why just to finish, we make a big decision about the few three months ago that were We build the ability for any company on the planet to automatically build their targetable itis it eventually, which nobody knows what they have. That old networking environment. You don't know what connects to have the view of the known and the unknown totally free of charge across on premise and pawned crowd continues Web obligations or to united devices to come. So now that's the cornerstone of securities with that totally free. So and then, of course, you have all these additional solutions, and we're being very scalable up in platform where we can take data, a passel data as well. So we really need to be and want to be good citizen here because security at the end of it, it's almost like we used to say, like the doctors, you have to have that kind of feeble court oath that you can do no arms. So if you keep if you try to take the data that you have, keep it with you, that's all.

>> Live from Barcelona, Spain it's theCUBE, covering KubeCon, CloudNativeCon, Europe 2019. Brought to you by Red Hat, the Cloud Native Computing Foundation and Ecosystem Partners. >> Welcome back. This is theCUBE's coverage of KubeCon, CloudNativeCon 2019. I'm Stu Miniman, my co-host for two days wall-to-wall coverage is Corey Quinn. Happy to welcome back to the program first Ben Sigelman, who is the co-founder and CEO of LightStep. And welcome to the program a first time Morgan McLean, who's a product manager at Google Cloud Platform. Gentlemen, thanks so much for joining us. >> Thanks for having us. >> Yeah. >> All right so, this was a last minute ad for us because you guys had some interesting news in the keynote. I think the feedback everybody's heard is there's too many projects and everything's overlapping, and how do I make a decision, but interesting piece is OpenCensus, which Morgan was doing, and OpenTracing, which Ben and LightStep were doing are now moving together for OpenTelemetry if I got it right. >> Yup. >> So, is it just everybody's holding hands and singing Kumbaya around the Kubernetes campfire, or is there something more to this? >> Well I mean, it started when the CNCF locked us in a room and told us there were too many projects. (Stu and Ben laughing) Really wouldn't let us leave. No, to be fair they did actually take us to a room and really start the ball rolling, but conversations have picked up for the last few months and personally I'm just really excited that it's gone so well. Initially if you told me six or nine months ago that this would happen, I would've been, given just the way the projects were going, both were growing very quickly, I would've been a little skeptical. But seriously, this merger's gone beyond my wildest dreams. It's awesome, both to unite the communities, it's awesome to unite the projects together. >> What has the response been from the communities on this merger? >> Very positive. >> Yeah. >> Very positive. I mean OpenTracing and OpenCensus are both projects with healthy user bases that are growing quickly and all that, but the reason people adopt them is to future-proof their own software. Because they want to adopt something that's going to be here to stay. And by having these two things out in the world that are both successful, and were overlapping in terms of their goals, I think the presence of two projects was actually really problematic for people. So, the fact that they're merging is net positive, absolutely for the end user community, also for the vendor community, it's a similar, it's almost exactly the same parallel thought process. When we met, the CNCF did broker an in-person meeting where they gave us some space and we all got together and, I don't know how many people were there, like 20 or 30 people in that room. >> They did let us leave the room though, yesterday, yeah that was nice. >> They did let us leave the room, that's true. We were not locked in there, (Morgan laughing) but they asked us in the beginning, essentially they asked everyone to state what their goals were. And almost all of us really had the same goal, which is just to try and make it easy for end users to adopt a telemetry project that they can stick with for the long haul. And so when you think of it in that respect, the merger seems completely obvious. It is true that it doesn't happen very often, and we could speculate about why that is. But I think in this case it was enabled by the fact that we had pretty good social relationships with OpenCensus people. I think Twitter tends to amplify negativity in the world in general, as I'm sure people, not a controversial statement. >> News alert, wait, absolutely the negatives are, it's something in the algorithm I think. >> Yeah, yeah. >> Maybe they should fix that. >> Yeah, yeah (laughs) exactly. And it was funny, there was a lot of perceived animosity between OpenTracing and OpenCensus a year ago, nine months ago, but when you actually talk to the principals in the projects and even just the general purpose developers who are doing a huge amount of work for both projects, that wasn't a sentiment that was widely held or widely felt I think. So, it has been a very kind of happy, it's a huge relief frankly, this whole thing has been a huge relief for all of us I think. >> Yeah it feels like the general ask has always been that, for tracing that doesn't suck. And that tends to be a bit of a tall order. The way that they have seemed to have responded to it is a credit to the maturity of the community. And I think it also speaks to a growing realization that no one wants to have a monoculture of just one option, any color you want so long as it's black. (Ben laughing) Versus there's 500 different things you can pick that all stand in that same spot, and at that point analysis paralysis kicks in. So this feels like it's a net positive for, absolutely everyone involved. >> Definitely. Yeah, one of the anecdotes that Ben and I have shared throughout a lot of these interviews is there were a lot of projects that wanted to include distributed tracing in them. So various web frameworks, I think, was it Hadoop or HBase was-- >> HBase and HDFS were jointly deciding what to do about instrumentation. >> Yeah, and so they would publish an issue on GitHub and someone from OpenTracing would respond saying hey, OpenTracing does this. And they'd be like oh, that's interesting, we can go build an implementation file and issue, someone from OpenCensus would respond and say, no wait, you should use OpenCensus. And with these being very similar yet incompatible APIs, these groups like HBase would sit it and be like, this isn't mature enough, I don't want to deal with this, I've got more important things to focus on right now. And rather than even picking one and ignoring the other, they just ignored tracing, right? With things moving to microservices with Kubernetes being so popular, I mean just look at this conference. Distributed tracing is no longer this kind of nice to have when you're a big company, you need it to understand how your app works and understand the cause of an outage, the cause of a problem. And when you had organizations like this that were looking at tracing instrumentation saying this is a bit of joke with two competing projects, no one was being served well. >> All right, so you talked about there were incompatible APIs, so how do we get from where we were to where we're going? >> So I can talk about that a little bit. The APIs are conceptually incredibly similar. And the part of the criteria for any new language, for OpenTelemetry, are that we are able to build a software bridge to both OpenTracing and OpenCensus that will translate existing instrumentation alongside OpenTelemetry instrumentation, and omit the correct data at the end. And we've built that out in Java already and then starting working a few other languages. It's not a tremendously difficult thing to do if that's your goal. I've worked on this stuff, I started working on Dapper in 2004, so it's been 15 years that I've been working in this space, and I have a lot of regrets about what we did to OpenTracing. And I had this unbelievably tempting thing to start Greenfield like, let's do it right this time, and I'm suppressing every last impulse to do that. And the only goal for this project technically is backwards compatibility. >> Yeah. >> 100% backwards compatibility. There's the famous XKCD comic where you have 14 standards and someone says, we need to create a new standard that will unify across all 14 standards, and now you have 15 standards. So, we don't want to follow that pattern. And by having the leadership from OpenTracing and OpenCensus involved wholesale in this new effort, as well as having these compatibility bridges, we can avoid the fate of IPv6, of Python 3 and things like that. Where the new thing is very appealing but it's so far from the old thing that you literally can't get there incrementally. So that's, our entire design constraint is make sure that backwards compatibility works, get to one project and then we can think about the grand unifying theory of a provability-- >> Ben you are ruining the best thing about standards is that there is so many of them to choose from. (everyone laughing) >> There's still plenty more growing in other areas (laughs) just in this particular space it's smaller. >> One could argue that your approach is nonstandard in its own right. (Ben laughing) And in my own experiments with distributed tracing it seems like step one is, first you have to go back and instrument everything you've built. And step two, hey come back here, because that's a lot of work. The idea of an organization going back and reinstrumenting everything they've already instrumented the first time. >> It's unlikely. >> Unless they build things very modularly and very portably to do exactly that, it's a bit of a heavy lift. >> I agree, yeah, yeah. >> So going forward, are people who have deployed one or the other of your projects going to have to go back and do a reinstrumentation, or will they unify and continue to work as they are? >> So, I would pause at the, I don't know, I would be making up the statistic, so I shouldn't. But let's say a vast majority, I'm thinking like 95, 98% of instrumentation is actually embedded in frameworks and libraries that people depend on. So you need to get Dropwizard, and Spring, and Django, and Flask, and Kafka, things like that need to be instrumented. The application code, the instrumentation, that burden is a bit lower. We announced something called SpecialAgent at LightStep last week, separate to all of this. It's kind of a funny combination, a typical APM agent will interpose on individual function calls, which is a very complicated and heavyweight thing. This doesn't do any of that, but it takes, it basically surveys what you have in your process, it looks for OpenTracing, and in the future OpenTelemetry instrumentation that matches that, and then installs it for you. So you don't have to do any manual work, just basically gluing tab A into slot B or whatever, you don't have to do any of that stuff which is what most OpenTracing instrumentation actually looks like these days. And you can get off the ground without doing any code modifications. So, I think that direction, which is totally portable and vendor neutral as well, as a layer on top of telemetry makes a ton of sense. There are also data translation efforts that are part of OpenCensus that are being ported in to OpenTelemetry that also serve to repurpose existing sources of correlated data. So, all these things are ways to take existing software and get it into the new world without requiring any code changes or redeploys. >> The long-term goal of this has always been that because web framework and client library providers will go and build the instrumentation into those, that when you're writing your own service that you're deploying in Kubernetes or somewhere else, that by linking one of the OpenTelemetry implementations that you get all of that tracing and context propagation, everything out of the box. You as a sort of individual developer are only using the APIs to define custom metrics, custom spans, things that are specific to your business. >> So Ben, you didn't name LightStep the same as your project. But that being said, a major piece of your business is going through a change here, what does this mean for LightStep? >> That's actually not the way I see it for what it's worth. LightStep as a product, since you're giving me an opportunity to talk about it, (laughs) foolish move on your part. No, I'm just kidding. But LightStep as a product is totally omnivorous, we don't really care where the data comes from. And translating any source of data that has a correlation ID and a timestamp is a pretty trivial exercise for us. So we do support OpenTracing, we also support OpenCensus for what it's worth. We'll support OpenTelemetry, we support a bunch of weird in-house things people have already built. We don't care about that at all. The reason that we're pursuing OpenTelemetry is two-fold, one is that we do want to see high quality data coming out of projects. We said at the keynote this morning, but observability literally cannot be better than your telemetry. If your telemetry sucks, your observability will also suck. It's just definitionally true, if you go back to the definition of observability from the '60s. And so we want high quality telemetry so our product can be awesome. Also, just as an individual, I'm a nerd about this stuff and I just like it. I mean a lot of my motivation for working on this is that I personally find it gratifying. It's not really a commercial thing, I just like it. >> Do you find that, as you start talking about this more and more with companies that are becoming cloud-native rapidly, either through digital transformation or from springing fully formed from the forehead of some God, however these born in the cloud companies tend to be, that they intuitively are starting to grasp the value of tracing? Or does this wind up being a much heavier lift as you start, showing them the golden path as it were? >> It's definitely grown like I-- >> Well I think the value of tracing, you see that after you see the negative value of a really catastrophic outage. >> Yes. >> I mean I was just talking to a bank, I won't name the bank but a bank at this conference, and they were talking about their own adoption of tracing, which was pretty slow, until they had a really bad outage where they couldn't transact for an hour and they didn't know which of the 200 services was responsible for the issue. And that really put some muscle behind their tracing initiative. So, typically it's inspired by an incident like that, and then, it's a bit reactive. Sometimes it's not but either way you end up in that place eventually. >> I'm a strong proponent of distributed tracing and I feel very seen by your last answer. (Ben laughing) >> But it's definitely made a big impact. If you came to conferences like this two years ago you'd have Adrian, or Yuri or someone doing a talk on distributed tracing. And they would always start by asking the 100 to 200 person audience, who here knows what distributed tracing is? And like five people would raise their hand and everyone else would be like no, that's why I'm here at the talk, I want to find out about it. And you go to ones now, or even last year, and now they have 400 people at the talk and you ask, who knows what distributed tracing is? And last year over half the people would raise their hand, now it's going to be even higher. And I think just beyond even anecdotes, clearly businesses are finding the value because they're implementing it. And you can see that through the number of companies that have an interest in OpenTracing, OpenTelemetry, OpenCensus. You can see that in the growth of startups in this space, LightStep and others. >> The other thing I like about OpenTelemetry as a name, it's a bit of a mouthful but that's, it's important for people to understand the distinction between telemetry and tracing data and actual solutions. I mean OpenTelemetry stops when the correct data is being omitted. And then what you do with that data is your own business. And I also think that people are realizing that tracing is more than just visualizing a single distributed trace. >> Yeah. >> The traces have an enormous amount of information in there about resource usage, security patterns, access patterns, large-scale performance patterns that are embedded in thousands of traces, that sort of data is making its way into products as well. And I really like that OpenTelemetry has clearly delineated that it stops with the telemetry. OpenTracing was confusing for people, where they'd want tracing and they'd adopt OpenTracing, and then be like, where's my UI? And it's like well no, it's not that kind of project. With OpenTelemetry I think we've been very clear, this is about getting >> The name is more clear yeah. >> very high quality data in a portable way with minimal effort. And then you can use that in any number of ways, and I like that distinction, I think it's important. >> Okay so, how do we make sure that the combination of these two doesn't just get watered-down to the least common denominator, or that Ben just doesn't get upset and say, forget it, I'm going to start from scratch and do it right this time? (Ben laughing) >> I'm not sure I see either of those two happening. To your comment about the least common denominator, we're starting from what I was just commenting about like two years ago, from very little prior art. Like yeah, you had projects like Zipkin, and Zipkin had its own instrumentation, but it was just for tracing, it was just for Zipkin. And you had Jaeger with its own. And so, I think we're so far away, in a few years the least common denominator will be dramatically better than what we have today. (laughs) And so at this stage, I'm not even remotely worried about that. And secondly to some vendor, I know, because Ben had just exampled this, >> Some vendor, some vendor. >> that's probably not, probably not the best one. But for vendor interference in this projects, I really don't see it. Both because of what we talked about earlier where the vendors right now want more telemetry. I meet with them, Ben meets with 'em, we all meet with 'em all the time, we work with them. And the biggest challenge we have is just the data we get is bad, right? Either we don't support certain platforms, we'll get traces that dead end at certain places, we don't get metrics with the same name for certain types of telemetry. And so this project is going to fix that and it's going to solve this problem for a lot of vendors who have this, frankly, a really strong economic incentive to play ball, and to contribute to it. >> Do you see that this, I guess merging of the two projects, is offering an opportunity to either of you to fix some, or revisit if not fix, some of the mistakes, as they were, of the past? I know every time I build something I look back and it was frankly terrible because that's the kind of developer I am. But are you seeing this, as someone who's probably, presumably much better at developing than I've ever been, as the opportunity to unwind some of the decisions you made earlier on, out of either ignorance or it didn't work out as well as you hoped? >> There are a couple of things about each project that we see an opportunity to correct here without doing any damage to the compatibility story. For OpenTracing it was just a bit too narrow. I mean I would talk a lot about how we want to describe the software, not the tracing system. But we kind of made a mistake in that we called it OpenTracing. Really people want, if a request comes in, they want to describe that request and then have it go to their tracing system, but also to their metric system, and to their logging stack, and to anywhere else, their security system. You should only have to instrument that once. So, OpenTracing was a bit too narrow. OpenCensus, we've talked about this a lot, built a really high quality reference implementation into the product, if OpenCensus, the product I mean. And that coupling created problems for vendors to adopt and it was a bit thick for some end users as well. So we are still keeping the reference implementation, but it's now cleanly decoupled. >> Yeah. >> So we have loose coupling, a la OpenTracing, but wider scope a la OpenCensus. And in that aspect, I think philosophically, this OpenTelemetry effort has taken the best of both worlds from these two projects that it started with. >> All right well, Ben and Morgan thank you so much for sharing. Best of luck and let us know if CNCF needs to pull you guys in a room a little bit more to help work through any of the issues. (Ben laughing) But thanks again for joining us. >> Thank you so much. >> Thanks for having us, it's been a pleasure. >> Yeah. >> All right for Corey Quinn, I'm Stu Miniman we'll be back to wrap up our day one of two days live coverage here from KubeCon, CloudNativeCon 2019, Barcelona, Spain. Thanks for watching theCUBE. (soft instrumental music)

>> Announcer: Live from Las Vegas, it's theCUBE, covering InterConnect 2017. Brought to you by IBM. >> Okay, welcome back, everyone. We're live here at the Mandalay Bay in Las Vegas for the wrap-up of IBM InterConnect 2017. I'm John Furrier. My co-host this week, my partner in crime, co-CEO, co-founder of SiliconANGLE Media Inc. with myself, Dave Vellante. Dave, it's been a great week. I just feel like I have been Watsonized and Blockchained and cloud all week. As we wrap up InterConnect, I want to get your thoughts on IBM, the cloud business, the big data marketplace, some of the things that we're seeing at the 100 of events we go to. We've got our events coming up, we're going to be in Munich next month, we got DockerCon, but a lot of developer events coming up, but in general, we get to see the landscape, in some cases, that others don't see. Let's talk about that, so before we get into the landscape, let's about IBM, IBM's prospects. This show, just quick stat, almost double the online traffic we're seeing on IBMGO than World of Watson, which was the biggest show we've ever done with theCUBE that we've seen. So, an interest, it's a data point. Unpack the data, you can see that there's a lot of global interest in what IBM is doing right now with the cloud and with Watson, and certainly with Blockchain you add another disruptive enabler potentially to what will either be a brilliant IBM strategy or a complete crash and burn. I think this is an IBM go big or go home moment with Ginni Rometty. I love her messaging, I love her three pillars, enterprise strong, data first, cognitive to the core. That is solid messaging, all three pillars. To me, it's clear. IBM is at a reinvention moment, it's all coming together, but it's a go big or go home moment for them. >> Well, you know, John, I mean, Ginni when she took over, sorry, she was running strategy before she became CEO, I mean, IBM had a choice, they could go double down on infrastructure and go knock it out with Dell and EMC and HP, or they could go up the value chain. And my ongoing joke is Dell bought EMC, IBM buys some other company, and that to me underscores the differentiation in thinking. Oracle, I think, is a little different, but Oracle and IBM are somewhat similar, I think you'd agree, in that they've got a big SaaS portfolio, they're trying to vertically integrate, they're trying to drive high value margin businesses. The difference is IBM's much more services oriented than, say, an Oracle, and that's still, as I say, a big challenge for IBM. But I'm more, I'm a bull on IBM. >> Why is that? >> I think the strategy is, number one, they're relevant. We talked for years about how we weren't that excited about Microsoft because they weren't relevant. Satya Nadella came in, all of a sudden, they're relevant again. I think IBM is highly relevant in the minds of CEOs, CIOs, CCOs, CDOs, all the C-suite, IBM is super relevant there, just as are Accenture and Ernie Young and all the big SIs. But IBM's got tons of products beneath it, number one. Number two, despite the fact that, you called it out several years ago, they bought software for 2.4 billion, it was a bare metal hosting company, alright, but IBM's turning that into >> Bluemix. >> a cloud business with Bluemix, right. And they're building, bringing in acquisitions like Cleversafe, like Aspera, like Ustream, and others, where they're bringing services that are differentiated. You can only get Watson on IBM's cloud, you can only get IBM's Blockchain on IBM's cloud, so they're bringing in value-added services, and there's only one place you can get them, and I think that's a viable strategy that's going to throw off a lot of cash, and it's going to lead to success. >> And by the way, they're also continuing to invest in open source. So, again, that's-- >> That's the other piece. I wanted to talk to you, and this is your wheelhouse. IBM's open source mojo is not just lip service, alright. They have deep-rooted DNA in open source and their strategy around it, and they've proven that they can monetize open source. What's their model, I mean, explain the model because I think it's instructive. >> I mean, open source, there's a lot of different models. Red Hat-- >> For IBM, I mean. >> IBM's model of open source is very clear. If you look at what they've done with just Blockchain as a great example, they have mobilized their company, and they did it with Bluemix as well with the cloud, once they said, "We want to get in the cloud game," once, "We want to do Blockchain," they go open source at the core, then they get their entire brain trust workin' on it. It's not just a hand wave, some division, they're kind of reorganizing on the fly, they're kind of agile organization, which some may read as chaotic, but to me, I think that's just good management practice in this day and age. They get an open source project, and they drive that home, and they have people contributing and giving that to the community, and then adding value on top and differentiating. It's just classic 101, create some value, and create some differentiation with your products, and by the way, if you don't want to use our products, build your own, or hey, use the open source code. That's pretty much an over-simplified version of open source. >> But Blockchain's a great example of this, right? So, they see the leverage in open source project, they put all these resources in, and they say, okay, now let's build our product on top of that, let's get the open source community leverage and this is, let me ask you this, does IBM, so several years ago when IBM announced Bluemix, you were pretty critical. >> John: I was very critical. >> IBM has to win the developer audience or it's cooked in this game. >> That's what I said. >> How is it done, how would you grade them? >> I think they're doing very well. I think IBM is, again, to use your word, they're not putting lip service in it. So, I was joking with Meg Swanson last night, I saw Adam Gunther when they interviewed on theCUBE, and I was critical. I didn't say that their cloud was bad, I was just saying it's just not as, just got a lot of work to do, Amazon's kickin' ass, which we now know that happened, right. But they've done well. They've done well, they've ran hard, they've gone the table stakes on the enterprise. I still think they got some more work to do, we can analyze, I'm putting out my cloud ratings matrix, I'm going to put IBM on that list, I have Google and Amazon done. I'm going to add Microsoft Azure and IBM onto the mix in the comparison matrix. But IBM has done good with the developers. They've just invested 10 million in this announcement, and they're ramping up. I wouldn't say they're throwing just money at it, they got people, so I would give them, I'd give them a B-plus, A-minus score because they're hustlin', they're doing it. Are they totally blowing it out of the water? No, I don't think they're pushing hard enough there. I think they could give it some more gas, I think they could do more with it, personally thinking. But you know, Dr. Angel Diaz was on earlier today. They're going at their own pace. >> But you agree they're in the game. >> Oh, totally. >> Making good progress. >> They're totally, IBM is totally in the cloud game, and they don't get a lot of credit for it. Either does Oracle, by the way. Somehow, people seem to talk about Azure and Google. Google is so far behind, in my opinion, they're not even close. I think it's Amazon, Azure, IBM and Oracle and Google all kind of in that-- >> Juxtapose Oracle's developer cred, even though it owns Java, with IBM's. How would you compare the two? >> Very similar, I think. Different approaches, but again, to your point, IBM's relevant, Oracle's relevant. We had this question about VMware when they did the deal with AWS. They have customers and they have cash, so they're not going anywhere. It's not like IBM's a sinking ship. It's not like Oracle's a sinking ship. Now, that being said, there's a huge shift in the business, and I would say in that scenario, Google is in a very good position, so I've been very critical on Google only because they're trying to be acting like they're an enterprise flag. They're not, I mean, Google's got great tech, TensorFlow, machine learning. Google has great cloud tech, but in that game, they're up in the number one, two spot. But in the enterprise side, they're not close. They're workin' on that. So, that's my critique of Google. Microsoft has got the DNA for the enterprise, so Microsoft and Oracle to me are more similar than comparing IBM and Oracle. I'd say IBM is a lot more like Google and Amazon, kind of in-between, but Oracle and Microsoft look the same to me. Big install base, highly differentiated, stacks aren't perfect, but it looks good on paper, and they're gettin' business. And Oracle's earnings, by the way, were very explosive due to the cloud growth. >> Another question I like to ask sometimes is, okay, what would you have done differently if you had a choice? Like when Gerstner was running IBM, he chose to consolidate the company, essentially, not consolidate, but focus on services, one throat to choke, single-faced IBM. Great customer service and build the services business, buy-in, PWC, et cetera, that was the key. What could you have done differently that could've said, well-- >> John: For IBM? >> Yeah, at the time, you could have said, "We're spin out different product groups. "We're going to be the best at microprocessors, "or disk drives, or database, or software." >> I think IBM moved too slow. >> That's a historical example. Given what IBM's doing today, what would you have done differently if you were Ginni Rometty five or six years ago? >> I would've done what they're doing now three years ago. We were, when we started working with them with CUBE, IOD events, and Pulse. >> Dave: Information on Demand. >> You had a lot of silence. I think, if I had to go back and get a mulligan, if I was Ginni Rometty, I would've moved faster. >> Dave: Done that faster. >> Hindsight's 20-20 on that, but it wasn't that clear. But again, it's the big aircraft carrier, it can only move so fast. I think what they're doing now is good strategy, and they're price strong, data force, cognitive to the core is a good strategy. Now, cognitive is words for AI, and that's their word, cognitive 'cause of Watson, but essentially, machine learning and AI is going to be a big pillar there, and then, the data first is more of an architectural component that's very good. But in general, Dave, the cloud is, this is what's going on in my find. It's so obvious to me. The big data marketplace that was we defined by Cloudera and Hadoop and Hortonworks just never panned out. It morphed into a bigger picture, and so, Hadoop is part of, now, a bigger ecosystem. Cloud was growing very fast. Those two worlds are coming together and growing very rapidly independent with big data, with machine learning, AI, and IOT. They're coming together. The intersection of the big data and the cloud. >> Cloud-mapping data. That was Yuri Burton from 2005. >> But it's coming together really fast, and the IOT is the real business driver. I know there's not a lot of stuff shipping yet in the sim stuff out there, but merging IOT into IT into business process and into developer mindset, whether it's an Indiegogo up to full-on developers is the accelerant that's going to fuel the AI value. To me, that's the intersection point of big data and cloud, and that is the home run, that's the holy grail, and that's going to be disrupting some preexisting decisions by big vendors who made bets, and I'm talkin' about bets made in the past five years, not like bets made 20 years ago or 10 years ago. I think the IOT is going to really shape the game. The other thing I worry about now, in my opinion, is a lot of AI-washing. People say, "Oh, AI." You see people on the stage, "Oh, we did this with AI." There's no AI, it's augmented intelligence, which is basically predictive analytics. You know, true AI is not yet here, it's a little bit hyped up, not that I mind that. I think that the machine learning is the real meat on the bone right now, I think that's the core enabler. Machine learning is by far the most important trend in the computer science world today as it relates to integrating that capability into cloud native, microservices, and overall application. >> I agree, I mean, AI is still a heavy lift, but to me, the key, I go back to something you were saying, is developers. That's the lever that's going to give you the ability to move large mountains. If you don't have that developer community, and you don't have open source chops, you're going to struggle a little bit. You're going to be either in a swim lane like Oracle with its database and its red stack, and maybe you can break out of that, but I'm not sure it wants to. Or you're going to be stuck in infrastructure lane. >> Yeah, but the developers are driving all the action right now. My point about machine learning, if you look at the shows just recently, and certainly we have the history of the past year, machine learning is the sexiest trend in every show. Last show was Google Next, machine learning with TensorFlow, both open source. Machine learning's not new, it's just now accelerating the developer. The developers want to move faster, and I think things like machine learning, things like cognitive that IBM puts out there, are great catalysts. That's going to be a big thing we're going to watch, obviously, we have a big developer community at SiliconANGLE, so something to watch. >> What's next? We've got a chief data scientist summit next week in Silicon Valley, we're going to be at the-- >> Let's look at my Friday show this week. Every Friday I do the Silicon Valley Friday show with me and guests, we got that goin' on, so always check that out on soundcloud.com/johnfurrier, or check out my Facebook feed, facebook.com/johnfurrier. But in terms of CUBE events, we've got DataWorks in Munich on April 2nd, DockerCon in Austin, Oracle Marketing Sum Experience, Red Hat, Dell EMC World, Service Now, Open Stack, Big Data in London. >> It's going to be a busy spring. >> Lot of stuff going on. Great stuff. >> Deb, we'll see you in July. >> In bumper sticker, Dave, this show, encapsulate your thoughts. >> Well, I think it's all about cloud, data, and cognitive coming together in a way that allows business value and differentiation through the end customer. That's what this show is about to me. It's not about infrastructure, cloud and infrastructure, that's kind of table stakes. It's all about differentiation up the stack, creating, enabling new business models. >> My encapsulation is the enterprise strong, data first, cognitive to the core message that Ginni said, that translates into IBM's shoring up their base products and putting an innovation strategy around Blockchain and soon to be cognitive computing at a whole 'nother level, and I think they're going to have a real innovation strategy and continue to use what they did with Watson, the winning formula. Put something out there that's a guiding principle and draft the company behind it. I think that, to me, is my big walk away, and I think Blockchain will potentially level, has game-changing capabilities, and if that plays out like Watson's playing out, then IBM could be in great shape on both shoring up the base in cloud and their business and having an innovation strategy that extends them out. That to me is the reason why I'm bullish on them. So, great show, Dave Vellante. Thanks to the guys, thanks for everyone watching. That's it for us here in theCUBE. I'm John Furrier, Dave Vellante wrapping up IBM InterConnect 2017. Thanks for watching, stay with us, and follow us at theCUBE on Twitter and siliconangle.tv on the web. Thanks for watching. (electronic keyboard music)