hello and welcome to this cube conversation this is part of our continuing coverage of kubecon cloud nativecon north america 2021 i have a very special guest with us uh from a technology company that on any given day at any given moment has any number of 31 million discrete users coming in looking for a specific item or two out of 22 23 24 million who knows how many items that could be shipped from 15 16 17 000 different locations around the globe and we've got one of the key folks responsible for managing what some of us in tech would refer to by the technical term a nightmare uh gary white from wayfair welcome hey thanks for having me yeah so tell us about wayfair what is wayfair we're all going to pretend like none of us have heard of wayfair before despite billions of dollars in advertising what is wayfair what do you get what do you what do you guys do before we get into the technology and how it actually works yeah uh that's a great question wayfair it uh exists to be the destination for all things home helping everybody and create a feeling of being at home uh so that's like our primary goal from the um overall business objective specifically in the technology uh part of the company we strive to make development of tools that make the shopping process easier uh carrying one of the widest like spaces of items means that we have to have incredible resiliency in our data and access to that data and then we try to build world-class development tools to compete with uh talent market um that is some of the biggest firms in the world okay so so just so we're clear because i want to make sure you came to the right to the right place this isn't furniture con this is cloud native con and you're not an you're not an artisan crafter of bespoke end tables right so you you craft a very different thing which is the uh which is the technical infrastructure behind this tell us about your relationship with uh with cloud native technologies in the open source world oh sure absolutely so my experience at wayfair has mostly consisted of um exposing the release engineering process and making the process of developing tools easier i think most companies invest about or a lot of companies invest a significant amount of their engineering talent into being able to create a platform for their developers to work on top of uh that's the team that i'm a part of where we create a platform for our developers and a large part of how we do that is leveraging technology that comes out of the cncf so we'll be talking about uh automation tools um things that you may run in kubernetes to do batch jobs things that you may run in kubernetes to run uh regular microservices and applications and then ways to automate the building of those applications and the packaging of it so that it can ship to production reliably and so you guys you guys aren't just you know when we go back several decades there were customers and there were vendors and those lines are really blurred in the open source community they have been for a long time but i mean you're you're actually working not only to develop solutions for wayfarer but you're working hand in hand with other people to develop solutions that get propagated across industry tell us about some of those projects that that you're involved with with the open source community or at least where wayfarer is absolutely so uh wayfair has made an investment in the open source community specifically notably with the tremor project you can go to tremor.rs and i'm actually speaking about it at cubecon that's where the topic comes from tremor is a early stage and uh event processing system where you can give it a lot of data for it to be able to ingest and then spit out downstream to other systems you may want to send events and notifications out to multiple systems based on what you see you may want to throttle the amount of data that you have coming in and that was a big topic that i also mentioned at the cloud native con uh and at tremorcon where you can deal with this really massive volume that we have to do at the scale that we exist as a as a business and just um filter it so that it doesn't overwhelm everything downstream in observability's sake well you know that tremor must be cool if it has its own con right yeah that's very cool you know you've arrived when you've had a con eventually i'm i'm i'm working toward dave khan we we'd make it dave and gary khan if we need to but oh absolutely so can you can you take those concepts of events and and data flow and and kind of up level that in terms of the kinds of things that are happening between customers and wayfair on a moment-by-moment basis so so give me an example of like you know what what is an event sure yeah so events if you're familiar with the open telemetry or observability framework you might call them signals where you have something happen on your infrastructure that's processed in a way that you would want to record so you might have a log that you need to be able to trace through later in case there's something happens or you just want to be able to comb your logs you may have uh metrics that you're sending in like how many requests you've gotten or how many bytes you've been processing in your service uh you may have baggage that you associate with that data um so yeah all of these different kinds of signals as defined in the open telemetry spec are things that we support in tremor and we supported before the hotel project really made it a form it was something we did out of necessity and similar products that you might find are like log stash and elastic in that whole stack okay so if so if uh if i'm looking for something for my home office uh although you can see i've got tons of garbage already in my home office um what what happens to me as a customer if all of what you just described goes wrong what happens to my experience that's a great question so as we're talking about tremor if something were to go wrong it shouldn't impact the experience of the service itself because tremor is designed to not create any load on your service as you are executing it you have the option to run it as a standalone server where you give it the resources that it needs by itself uh if that turns out to be too much of a burden for the application and you need to do a sidecar kind of model where you actually deploy it alongside your application directly in the same pod or sometimes even in the same container as a different process it's lightweight enough that you can do that which is part of the reason why we like it and why we built it is that we found that many of the other solutions for processing these signals just simply took up too much compute to be competitive with what we were able to create ourselves how and how long have you been with wayfair uh i've been with wayfair for almost three years uh three years in october or it is october so three years hooray hey hey happy happy anniversary yeah so obviously you couldn't have predicted the you know the the massive shift in all of our lives um and maybe you didn't completely fully appreciate just how well prepared wayfare was for this crazy shift in all of our lives when you entered in um i'm not gonna let you pretend uh that uh that you know that you knew and that your your iq is 20 points higher than it actually is because you decided to go to a place that was actually prepared but what what is share with us what that has been like i mean what is it like to be somewhere where the sky appeared to be falling and then all of a sudden the demands went through the roof what was that like that was a extremely chaotic but ultimately uh successful time for the company obviously um it's shown definitely in what you can find um in our stock and how we've been doing with technology that we did very well during the pandemic we were able to use the technology that we already had and be effective in adopting some more of the cncf portfolio and some more of like cloud native practices to make the um to make our infrastructure run better than it ever did at a time where we were in a crunch to be able to do better than we ever um had as a business and i believe that those two things are related the or this is my personal philosophy for sure that i believe that the adoption of these cloud native practices uh especially being pushed from the platform team that i work on were instrumental in being able to create an environment where developers can deliver value more reliably where then the experience of shopping at wayfair becomes dramatically better and can handle the scale that you see when everybody decides to start shopping everybody decides to start furnishing their home office i was going to make a joke that i bet that at least one of those things behind you was from wakefield you could be right although although some of the things over my shoulder are very strange movie prop type items so but uh but you would be you would be guessing correctly i was very very excited to talk to you um from uh from a technology standpoint because again you guys were prepared for this you you can't respond uh in a way quickly enough that doesn't crush you unless you've prepared and you've got a framework that draws upon cloud native technologies just just as you as you outlined um so against that backdrop what are you seeing in uh from a technology standpoint in retail in general are you are you plugged into that much think of think of legacy uh furniture outlets trying to pivot into the world of cloud native native take your take your wayfarer hat off you know your partisan hat in terms of competition off for a moment and and talk to me about you know if you're advising a fill in the blank legacy retail store that's just dying right now that wanted to have an online presence from a technical standpoint how would you advise them what would you steer them in the direction of i would definitely say that um just in time engineering has actually served wayfarer extremely well where we're not over engineering the solutions and using the big fancy tools until we know that we need them so i think that when we see businesses or we see anybody any organization that decides to adopt everything first and then see whether or not it scales up they don't see the results that they wanted because they're not using something that's appropriate for the size of the problem that they're trying to solve so for example if if an experience that i can share from what we went through uh i was part of and i've spoken and have some posts about um like being able to scale up just the automation infrastructure for wayfair where we were using a solution that worked pretty well but we didn't think about what was going to happen when it grew and we didn't react when it actually did grow and so by instead reassessing okay we're a different size company now we have different size needs for automation and different flexibility requirements to be able to use it effectively we need to be able to adopt containers we need to be able to support deployment into kubernetes how can we get there and then continuing to evaluate that even during the process of building and during the process of making that available to the rest of the company i think that if you're starting that process fresh or even if you're in the middle of that process it's important to right size the solution and consider whether or not it it's if your online business isn't mid-tier but it's enterprise then you need to build a system for that if you have an online system that's actually doing not much of your business don't build for the enterprise yet build for the size and then continue to scale it up as you go um another thing that i i just have to plug about the cncf solutions is that they're incredible at being flexible to that scale that if you pick things that go from low to mid tier then you can hand off from mid to high tier and then from high tier into enterprise scale and i think that those things are available in the cncf landscape and it's part of why we're excited to to be part of it ourselves so if you had a magic wand and you could solve one headache that you experience in your daily life from a technology perspective can you can you think of anything that you would uh you would conjure up absolutely uh i i struggle and have struggled pretty much my entire career uh with being able to get like a good picture of the adoption of any given tool within the company and i know that perhaps not every engineer um that works with technology within a big enterprise firm has to think about whether or not their tool is being used a lot um folks may not think about is the person next to me using python or is the next person next to them using java um being able to have that kind of insight into what people use how frequently they're deploying and how much they use it would be an incredible gain for us to be able to make better decisions about the platform of the company yeah yeah and you know you know the uh potentially the irony there is um at the sort of tip of the spear of your business understanding the customer everything about them you possibly can is so important to give them a really really good experience and sometimes enterprises that have that know all sorts of information about me don't know what their developers are doing in a whole list in a holistic fashion uh with a few clicks i can tell you exactly how many orders i've ordered from get from a given online retailer in the last nine years um but uh but i doubt they could tell me a lot about some of their infrastructure so that's that's interesting uh well what else what else can you share with us about wayfair are there any anything that's not super proprietary and secret that you could share that's an interesting data point we were joking beforehand about yeah what is it is it 8 billion in your sales is it red staplers or uh any kind of factoids that people would be surprised about yeah i i think folks um something that's definitely not proprietary because it's literally on github.com uh we just recently started putting a lot more elbow grease into our open source repositories it's becoming hacktoberfest now and we're very excited to be able to have these kind of more polished products things that we expect people to be able to contribute to where not even a year ago it wasn't uncommon to have teams within the company that would open source their project and then they would completely lose track of it and we had like some um we had to create new organizations to actually maintain them over time so i i feel like a really exciting thing that we're doing now is contributing to open source and earnest and actually getting developers time scheduled to be able to dedicate to that effort um i think a lot of the biggest companies that are the most successful uh make time for their developers to be able to contribute back as well as being able to contribute just to the proprietary code that every company has to maintain absolutely because human as human beings we don't want to be toiling in obscurity right and uh you know at what becomes a soul-killing exercise when you can actually get out there and have that sense of community uh which is you know it's central to uh to open source it's a testament to wayfair that they know that it's in their best interest as a as an organization to nurture that kind of talent uh uh within so uh on that on that very positive note uh i'd like to thank you so much for your time gary um and i appreciate the uh the plug for uh for shoes uh over over over your shoulder uh and uh just just wanna say again thanks a lot uh best of luck with your uh with your talk for q con and with that i will sign off thanks for joining this cube conversation with gary white of wayfair in our continuing coverage of kubecon cloud native con north america 2021 i'm dave nicholson thanks for tuning in you

(upbeat electronic music) >> Hello, welcome back to the Red Hat Summit, 2021 virtual coverage. I'm John Ferez, theCUBE coverage. I'm in Palo Alto with the remote interviews for our virtual conference here. We've got two great guests, CUBE alumnis, Tom Anderson, VP of Ansible Automation Platform, and Robin Bergeron, who's the Senior Manager, Ansible Community, community architect and all the great things involved. Robin, great to see you. Tom, thanks for coming back on Red Hat Summit, here, virtual. Good to see you. >> Thanks for having us. >> So since last summit, what's the updates on the Ansible Community and the Automation Platform? Tom, we'll start with you. Automation Platform, what's the big updates? >> Yeah. So since last Summit a lot has happened in Ansible land, if you will. So last time, I remember talking to you about content collections. Packing distribution format for into the sports. So we put a lot of effort into bringing all the Ansible content collections really, as well as the commercial users. And we launched last year a program certified content, working with our partners, including partners to certify the content collections that they create. Co-certify them, where we work together to make sure that the developed against, and tested against a Proctor spec, so that both of us can provide them to our customer bases with the confidence that they're going to be working and performing properly, and that we at Red Hat, and our partnership, co-support those out in our customer's production parts. That was a big deal. The other thing that we announced, late last fall, was the private automation hub. And that's the idea where our customers, obviously appreciate the idea of being able to go to Ansible galaxy or to the Ansible automation opt, to go and grab these content collections, these integrations, and bring them down in their environment. They wanted a way, they wanted a methodology, or a repository, where they can curate content from different sources, and then the manager across their environment, the automation across the environment. Kind of leaning into a little bit of automation content as code, if you will. And so we launched the automation hub, the private automation hub, where that sits in our customer's infrastructure; whether that's in the cloud, or on premise, or both, and allows them to grab content from galaxy, from the Ansible automation hub, the Ansible, automation hub on call.red hat.com, as well as their internally developed content, and be able to manage and provide that across their organization, governed by a set policies. So lots of stuff that's going on. Really advanced considering the amount of content that we provide. The amount of collections that we provide. Have certified that for our customers. And have the ability to curate and manage that content across the teams. >> I want to do a drill down on some of the unification of teams, which is a big message as well, as operating at scale, cause that's a super value proposition you guys have. And I want to get into that, but Robin, I want to come back to you on the community. So much has gone on. We're now into the pandemic for almost a year and a half now. It's been a productivity boom. Developers have been working at home for a long time, so it's not a new workflow for them, but you've seen a lot more productivity. What it's changed in the community since last summit, again, virtual to virtual again, between the windows here, event windows. You guys have a lot going on. What's new in the community? Gives us an update. >> Yeah, well, I mean, if we go back to summit, you know, this time-ish, you know, last year, we were wrapping up, more or less, the, it was, you know, we used to have everything you would install Ansible. You would get all the modules. You had everything, you know. It was all all altogether, which, you know, it was great for new users, who don't want to have to figure things out. It helps them to really get up and started running quickly. And, but, you know, from a community perspective, trying to manage that level of complexity turned out to be pretty hard. So the move to collections was actually great for, you know, not just, you know, for about user perspective, but also from a community perspective. And we came out with the Ansible 2-10. That was last fall, I believe. And that was the first real release of Ansible where we had, you know, collections were fully instantiated. We, you know, they were available on galaxy, but you could also get them as part of the Ansible community distribution. Fast forward to now, you know, we just had the Ansible 3.0 release, here in February, and we're looking to Ansible 4.0 here in early May. So, you know, there's been a lot of activity. A lot has improved, honestly, as a result of the changes that we've made. It's made it a lot easier for contributors to get in with a smaller group, that's more of their size and, you know, be able to get started and identify, you know, who are their interested peers in the community. So it's been a boom for us, honestly. You know, the pandemic otherwise is, you know, I think taught all of us, you know, certainly you, John, about the amazing things that we can do virtually. So we've had a lot of our meetups pivot to being virtual meetups, and things like that. And it's been great to see how easily the community has been able to pivot around, you know, this sort of event. I hope that we don't have to just keep practicing it for forever, but in the meantime, you know, it's enabled us to continue to get things done. Thank goodness to every video platform on Earth. >> Yeah. Well, we appreciate it. We're going to come back and talk more about that in the future; the best practice, what we all learned, and stories, but I think I want to come back to you on the persona side of Ansible, because one of the things we talked about last time that seems to be gaining a lot of traction, is that multiple personas. So I want to just hold on to that. We'll come back. Tom, back to you. We're at Red Hat summit. You guys have Ansible Fest, which is your own event that you guys drilled down on this. So users watching can know this your own community, but now we're part of Red Hat, part of IBM, which IBM Thinks, also happening soon as well. Red Hat summit still is unique event. How is Ansible fitting into the big picture? Because the value proposition of unifying teams is really consistent now with Red Hat's overall arching thing; which is operating at scale, open shift, Robin just mentioned. Where's the automation platform going this year? What's the story here at Red Hat summit for the automation platform? >> Yeah, no, that's a great question . We've seen so, we got time, just a little bit of the pandemic, and how it has accelerated some existing trends that we already saw. And one of those is really around the democratization of the application to work routines. More people delivering infrastructure and applications, independent of each other. Which is great. Faster and more agile, all those other good words that apply to that. But what that does bring up is the opportunity for patient work. Replication of effort. Not reusing necessarily things that are in existence already that other teams may have. They'd be not complying with all of the policies, if you will, the configuration and clients' policies. And so it's really kind of brought Ansible out into focus even more here. Now, because of the kind of common back lane that Ansible provides; a common language and common automation backplane across these different teams, and across these different personas. The great thing about what we supply for these different personas, whether it's outpatient developers, infrastructure honors, network engineers, SecOps teams, GetOps teams. There's so many of these obstacles out there, who now all want independent access to infrastructure, and deploying infrastructure. And Ansible has the kind of leverage that each of those communities, whether it's APIs or CLIs, or event based automation, or web hooks, et cetera, et cetera, you know? Service catalogs, utilize all of those interfaces, if you will, or modalities are accessible in Ansible automations. So it's really allowed us to be this sort of connective tissue, or glue, across these different silos or manes of the organization. Timing it opens specifically, one of the things that we talked about last fall, at our Ansible Fest, was our integration between the Ansible automation platform, our advanced cluster management product, and our OpenShift platform, that allows native applications, running on OpenShift, be able to talk to a Ansible automation operator that's running on that same platform, to do things off platform for their customers are already using Ansible. So connecting their cloud native platforms with our existing systems and infrastructures. Systems of records, network systems, ticketing systems, you name it. So all of those sorts of integrations, Ansible's become the connected glue across all of these different environments. Tying traditional IT, cloud IT, cloud native, you name it. So it's really been fun, and it's been an exciting time for us inside the portfolio and out. >> That's a great point. Connective tissue is a great way to describe some of these platform benefits, cause you guys have been on this platform for really long time. And the benefits are kind of being seen in the market, certainly as people have to move faster with the agility. Robin, I want to come back to you because he brought up this idea of personas. I mean, we all know DevOps infrastructure has code; it's been our religion for over a decade or more, but now the word DevSecOps is more prevalent in all the conversations. The security's now weaved in here. How are you seeing that play out in the community? And then, Tom, if you can give some color commentary too, on the automation platform, how security fits in? So DevOps, everything's being operationalized at scale, we get that. That's one of the value propositions you have, but DevSecOps has a persona. More people want more sec. Dev is great, more ops and standardization, more developers, agile standards, and then security. DevSecOps. What's your? >> I thought it was DevNetSecOps? (man chuckling) >> Okay. I've forgot net. Put net in there. Well, networks abstracted away, you know, as we say. >> Yeah! Well, you know, from my perspective, you know, they're people in their jobs all over the places, right? Like, they, you know, the more they can feel like they're efficient, and doing great stuff at their work, like, they're happy to bring as many people into the fold as possible. Right? And you know, normally, security's always been this, you know, it's sort of like networking, right? It's always been this sort of isolated, this special group over here, that's the traditional, you know, one of the traditional IT bottlenecks that causes us to not be able to get anything done. But, you know, on a community level, we see folks who are interested in security, you know, all the time. I know we've certainly done quite a bit of work with the some folks at IBM around one of their products; which I assume Tom will get more into here in just a moment. But from, you know, community perspective, I mean, we've seen people who've been writing, you know, playbooks and roles and, you know, now collections for, you know, all of the traditional government testing, you know, is, you know, missed standards, all of that kind of stuff. And, you know, it's one of those, it's part of network effects. And it's a great place for actually automation hub. I think, you know, for folks who were on prem or, you know, any of our customers are really going to start to see lots of value. How it will be able to connect folks inside the organization, you know, organically through just the place where I'm doing my Ansible things, allows them to find each other, really. And build those, you know, take it from being silos of automation everywhere into a really sort of networked, you know, internal network of Ansible friends and Ansible power users that, you know, can work together and collaborate, you know, just the same way that we do in open source. >> Yeah. And Tom, so IT modernization requires security. What's your take on this? Because you know, you got cluster, a lot of cluster, advanced cluster management issues. You got to deal with the modern apps that are coming. IT's got to evolve. What's your take on all this? >> Yeah. Not only does IT have to evolve, but it's the integration of IT into the rest of the environment. To be able to respond. So, one of the areas that we put a lot of effort into advancement of curating and solutions around security automation. And we've talked about that in the past, the idea of connecting SecOps teams that are doing intrusion detection, or threat hunting, and then responding in an automated way to those threat protections. Right? So connect SecOps with my team; which has traditionally been siloed operations and silo teams. And now with this curated, Ansible security automation solution that we brought to market, with our partners, that connects those two teams in a seamless sort of way. And we've got a lot of work with our friends at IBM, around this area because they are digging that security, their facility, the products in their portfolio. So we've done a lot of work with them. We've done a lot of work with lots of our partners; whether it's cyber or Microsoft, or whoever. Those areas are traditionally, Ansible's done a great job on sort of compliance around configuration enforcement, right? Setting configuration. Now we moved into connecting set-mops with IT. Security automation, now of our acquisition of SecOps, along with our advanced cluster management integration with Ansible, we're starting to say, what are the things inside that DevSecOps workflow that may require integration or automation, or package automation with other parts of the environment? So bringing all of those pieces together, as we move forward, which is really exciting for us. >> Okay, I got to ask you guys the number one question that I get all the time, and I see in the marketplace, kind of a combo question, is, how do I accelerate the automation of my cloud native development, with my traditional infrastructure? Because as people put in green, if one of the cloud projects, whether it's, and then integrating with the cloud on premises with the traditional infrastructure, how do I accelerate those two environments? How do I automate, accelerate the automation? >> It's a great short for us, as what we were talking about last Ansible Fest. We are bringing together with our advanced, cluster management product, ownership platform. Ansible is just been widespread use in all of the automation of both traditional, and cloud native, infrastructures. Whether it's cloud infrastructure, on-premise storage, compute network, you name it. Customers are using Ansible, using Ansible to do all kinds of pieces of infrastructure. Being able to tie that to their new, cloud native initiatives, without having to redo all of that work that they've already done, you integrate that, this thing, infrastructure automation, with their cloud native stuff, it accelerates substantially the, what I call, the operationalization of their cloud native platforms, with their existing IT infrastructure in the existing, IT ecosystem. I believe that that's what the Ansible automation platform plays a key role in connecting those pieces together, without having to redo all that work, that's been done and invested. >> Robin, what's your take on this? This is what people are working on in the trenches. They realize cloud benefits. They've got some cloud native action, and also then they got on the traditional environment, and they've got to get them connected and automated. >> Yeah, absolutely. I mean, you know, the beauty of Ansible, you know, from a end user perspective is, you know, how easy it is to learn and how easy the languages to learn. And I think, you know, that portability, you know, it doesn't matter like, how much of a rocket scientist you are, you know? Everybody appreciates simplicity. Everybody appreciates being able to hand something simple to somebody else, and letting other people get done, and having it, be more or less, it's not quite English, but it's definitely, you know, Ansible's quite readable. Right? And you know, when we looked at, when we started to work on all the Ansible operators, you know, one of that, one of the main pieces there was making sure that that simplicity that we have in Ansible, is brought over directly into the operator. So, just because it's cloud native doesn't mean you suddenly have to learn, you know, a whole set of new languages. Ansible's just as portable there, as it is to any other part of the, your IT organization, infrastructure, whatever it is that you have going on. >> Well, there's a lot of action going on here at Red Hat summit, 2021. Things I wanted to bring up, in context of the show, is the success, and the importance, of you guys having Ansible collections. This has come up multiple times, as we talked about those personas, and you've got these new contributors. You've got people contributing content, as open-source continues to grow and be phenomenal. Value proposition. Touch on this concept of collections. What's the updates? Why is it important? Why should folks pay attention to it, and continue to innovate with collections? >> From a commercial perspective, or from a product perspective, collections have made it a lot easier for contributors to create, and deploy, and distribute content. As Robin's mentioned earlier, previous iterations of Ansible have all of that integration. All of those collections, all within one big group. We call the "batteries included" back in the time. Back in the day, right? That that meant that contributors deployed content with the base, Ansible distribution, they had to wait for the next version of Ansible to come out. That's when that content would get redistributed with the next version of Ansible. By de-coupling, on platform, or engine, putting that into collections, individual elements of related integrations, those can move that their own pace. So users, new customers, can get the content they need, based their contributors like and keep up with. So, customers will have to wait for the next version of the shipping products and get a new version of the new integration they really like now. So again, de-coupling those things, it allows them to move at different paces. The engine, or the platform itself, needs to be stable, performance secure. It's going to move at a certain lifecycle. The content itself, all the different content, hub, and network providers, platforms, all of those things can now move at their own pace. Each of those have their own life cycle. Allows us to get more functionality in our customers hands a lot quicker. And then launching our certified program, partners, when we support that content, certified support that content, helps meet the values that we bring to our customers with this subscription. It's that ecosystem of partners that we work with, who certified and support the stuff that we ship and support with our customers. Benefits both from the accessing the technology, as well as to the access to the value added in terms of integration, testing and support. >> Robin, what's your take on the community? I see custom automation with connect here. A lot of action going on with collections. >> Yeah. Absolutely. You know, it's been interesting, you know? Tom just mentioned the, you know, how everything, previously, all had to be released all at once. Right? And if you think about, you know, sure I have Ansible installed, but you know, how often do I have to, you know, just even as a regular, I'm not a system administrator these days, type person, like how often do I have to, you know, click that button to update, you know, my Mac or my Linux machine? Or, you know, my windows machine, or you know, the operating system on my telephone, right? Every time one of these devices that Ansible connects to, or program, or whatever it is, connects to something, those things are all operating and, you know, developing themselves at their own paces. Right? So when a new version of, you know, we'll call it Red Hat, Enterprise Linux. When a new version of Red Hat, Enterprise Linux comes out, if there are new changes, or new features that, you know, we want to be able to connect to, that's not really helpful when we're not releasing for another six months. Right? So it's really helped us, you know, from a community angle, to able to have each of these collections working in concert with, you know, for example, the Lennox subsystems that are actually making things that will turn be turned into collections, right? Like, SE Linux, or a system D, right? Like, those things move at their own pace. We can update those at our own pace in collections, and then people can update those collections without having to wait another six months, or eight months, or whatever it is, for a new version of Ansible to come out. It's really made it easier for all of those, you know, developers of content to work on their content and their, you know, Ansible relationships almost in sync. And make sure that, you know, not, "I'm going to do it over here. And then I'm going to come back over here and fix everything later." It's more of a, you know, continuous development process. >> So, the experience. So the contributor experience is better then? You'd say? >> I'm sorry? >> The contributor experience is better then? >> Oh, absolutely. Yeah. 100%. I mean, it's, you know, there's something to be said for, I wouldn't say it's like, instant satisfaction, but certainly the ability to have a little bit more independence, and be able to release things as you see fit, and not be gated by the entire rest of the project, is amazing for those folks. >> All right. So I'll put you on the spot, Robin. So if I'm a developer, bottom line me, what's in it for me? Why should I pay attention to collections? What's the bottom line? >> Well, you know, Ansible is a platform, and Ansible benefits from network effects. You know, the reason that we've gotten as big as we have, is sort of like the snowball rolling downhill, right? The more people that latch onto what you're doing, the more people benefit and the more, you know, additional folks want to join in. So, you know, if I was working on any other product that I would consider being able to have automated with Ansible, you know, the biggest thing that I would look at is, well, you know, what are those people also using? Are they automating it with Ansible? And I can guarantee you, 99% of the time, everything else that people are using is also being automated with Ansible. So you'd be crazy to not, you know, want to participate, and make sure that you're providing the best, Ansible experience for, you know, your application, cause for every application or, you know, device that we can connect to, there's probably 20 other competitors that also make similar applications that, you know, folks might also consider in lieu of you if you're not using, if you're not providing Ansible content for it. >> Hey, make things easier, simple to use, and you reduce the steps it takes to do things. That's a winning formula, Tom. I mean, when you make things that good, then you get the network effect. But this highlights what you mentioned earlier, about connective tissue. When you were using words like "connective tissue" it implies an organizational's, not a mechanism. It's not just software, it's people. As a people experience here in the automation platform. >> Robin: Yep. >> This seems to be the bottom line. What's your take? What's your bottom line view? I'm a developer, what's in it for me? Why should I pay attention to the automation platform? >> What Robert just said to me is, more people using. Automation platform, crossing those domains, and silos as kind of connective tissue across those teams, and its personas, means those contributors, those developers, creating automation content, getting in the hands of more people across the organization. In a more simplified way by using Ansible automation. They get access, the automation itself, those personas, they get access to the system automation faster, they can have the money quicker, local to local folks. To reinvent the wheel in terms of automation, we're trying to, (man speaking faintly) They don't want to know about the details, and what it takes to configure the network, configure the storage elements. They rely on those automation developers and contributors that review that for them. One powers of the platform. Across those teams, across those others. Okay we're going to talk about SecOps, The ITOps, in SecOps, in networkOps. And to do all of these tasks, with the same language, and same unition content, running faster, and it's monitoring core responsibilities without worrying. >> Robin, you wanted to talk about something in the community, any updates? I think navigator, you mentioned you wanted to mention a plug for that? >> Absolutely! So, you know, much like any other platform in the universe, you know, if you don't have really great tools for developing content, you're kind of, you know, dead in the water, right? Or you're leaving it to fate. So we've been working on a new project, not part of the product yet, but you know, it's sort of in a community, exploratory phrase. A release, early release often, or, you know, minimum viable product, I guess, might be the other way to describe it currently. It's called Ansible navigator. It's a Tooey, which is like a gooey, but it's got a, sort of a terminal, user interface look to it, that allows you to, you know, develop, it's a sort of interface where you can develop content, you know, all in one window. Have your, you know, documentation accessible to you. Have, you know, all of your test results available to you in one window, rather than, I'm going to do something here, And then I'm going to go over here, and now I'm not sure. So now I'm going to go over here and look at docs instead. It's all, you know, it's all in one place. Which we think will actually, but I mean, I know the folks who have seen it already been like, (woman squealing) but you know, it's definitely in early, community stages right now. It's, you know, we can give you the link. It's github.com/Ansible/Ansiblenavigator >> A tooey versus a gooey, versus a command line interface. >> Yeah! >> How do you innovate on the command line? It's a cooey, or a? >> Yeah! >> It's, you know, there are so many IDs out there and I think Tom can probably talk to some of this, you know, how that might relate to VA code or, you know, many of the other, you know, traditional developer IDs that are out there. But, you know, the goal is certainly to be able to integrate with some of those other pieces. But, you know, it's one of those things where, you know, if everybody's using the same tool and we can start to enforce higher levels, quality and standards through that tool, there's benefits for everyone. Tom, I don't know if you want to add on to that in any way? >> Yeah, it's just kind of one of our focus areas here, which is making it as easy as possible for contributors to create Ansible automation content. And so part of that is production, meaning S & K. Remember what happened to S & K for Ansible? That involved developers and contributors to use ID's, build and deploy automation content. So, I'm really focused on making that contributor life their job. >> Well, thanks for coming on Tom and Robin. Thanks for sharing the insight here at Red Hat Summit 21, virtual. So you guys continue to do a great job with the success of the platform, which has been, you know, consistently growing and having great satisfaction with developers, and now ops teams, and sec teams, and net teams. You know, unifying these teams is certainly a huge priority for enterprises because the end of the day, cloud-scale is all about operating. Which means more standards, more operations. That's what you guys are doing. So congratulations on the continued success. Thanks for sharing. >> Thanks for having us. >> Okay. I'm John for here in theCUBE we are remote with CUBE virtual for Red Hat Summit, 2021. Thanks for watching. (upbeat electronic music)

>> announcer: From around the globe. It's the theCUBE with digital coverage of DockerCon live 2020. Brought to you by Docker and its ecosystem partners. >> Welcome back to theCUBE coverage here at the DockerCon virtual headquarters, anchor desks here in the Palo Alto Studios were quarantined in this virtual event of DockerCon. I'm John Furrier, host along with Jenny Bertuccio, John Kreisa, Peter McKee, other folks who are moderating and weaving in and out of the sessions. But here we have a live sessions with Justin Graham, Vice President of the Products group at Docker. Justin, thanks for coming in DockerCon virtual '20. >> Absolutely, happy to be here from my home office in Seattle, Washington where it is almost sunny. >> You had a great backdrop traveler saying in the chat you got a bandwidth, a lot of bandwidth there. Looking good, some island. What a day for Docker global event. 77,000 people registered. It's just been an awesome party. >> It's been great, I could hardly sleep last night. I was up at 5:00 this morning. I was telling my son about it at breakfast. I interrupted his Zoom school. And he talked a little bit about it, so it's been awesome. I've been waiting for this interview slot for the most of the day. >> So yeah, I got to tell the kids to get off, download those gigabytes of new game updates and get off Netflix, I hear you. But you got good bandwidth. Let's get into it, I love your position. VP of Product at a company that's super technical, a lot of software, a lot of cloud. You've got a good view of the landscape of what the current situation is relative to the product, the deals that are going on with this new announced here, sneak Microsoft expansion, multiple clouds as well as the roadmap and community interaction. So you got a lot going on, you've got your fingers in all the action. When you get the keys to the kingdom, as we say in the product side of things, what's the story today from your perspective around DockerCon? What's the most important thing people should know about of what's going on with this new Docker? Obviously, ease of use, we've heard a lot about. What's going on? >> So I'll start with people. We are hyper focused on helping developers and development teams build and ship applications. That's what we're focused on. That's what we wake up every day thinking about. And we double click on that a minute in terms of what that means. If you think about where source control ends and having a running application on some production compute in the Cloud on the other end, there's a whole lot that needs to happen in the middle of those two things. And we hear from our development community and we see from those folks, there's a lot of complexity and choices and options and things in the middle there. And we really want to help streamline the creation of those pipelines to get those apps moving to production as fastly, as quickly as possible. >> And you can see it in some of the results and some of the sessions, one session coming up at around four, around how pipelining with Docker help increase the problem solving around curing cancer, really solving, saving people's lives to the front lines with COVID 19 to business value. So you seeing, again Docker coming back into the fold relative to the simple value proposition of making things super easy for developers, but on top of the mega trend of microservices. So, outside of some of these awesome sessions with his learning, the hardcore sessions here at DockerCon around microservices from monitoring, you name it, not a trivial thing cause you've got stateless and state, all kinds of new things are going on with multiple clouds. So not an easy-- >> No. >> road to kind of grok or understand you have to manage that. What are people paying attention to? What is happening? I think, first off I'll say, one of the things that I'm super passionate about is increasing access to technology, so the greatest and best ideas can get bubbled up to the top and expose no matter where they come from, whom they come from, et cetera. And I think one of the things that makes that harder, that makes that complex is just how much developers need to understand or even emerging developers need to understand. Just to even get started. Languages, IDEs, packaging, building where do you ship to? If you pick a certain powder end point, you have to understand networking and storage and identity models are just so much you have to absorb. So we're hyper focused on how can we make that complex super easy. And these are all the things that we get asked questions on. And we get interacted with on our public roadmap in other places to help with. So that's the biggest things that you're going to see coming out of Docker starting now and moving forward. We'll be serving that end. >> Let's talk about some of the new execution successes you guys had. Honestly, Snyk is security shifting left, that's a major, I think a killer win for Snyk. Obviously, getting access to millions of developers use Docker and vice versa. Into the shifting left, you get to security in that workflow piece. Microsoft expanding relationship's interesting as well because Microsoft's got a robust tech developer ecosystem. They have their own tools. So, you see these symbiotic relationship with Docker, again, coming into the fold where there's a lot of working together going on. Explain that meaning, what does that mean? >> So you're on the back of the refocus Docker in our hyperfocus on developers and development teams, one of the core tenants of the how. So before that was the what. This is the how we're going to go do it. Is by partnering with the ecosystem as much as possible and bringing the best of breed in front of developers in a way that they can most easily consume. So if you take the Snyk partnership that was just a match, a match made in developer dopamine as a Sean Connolly, would say. We're hyper focused on developers and development teams and Snyk is also hyperfocused on making it as easy as possible for developers and development teams to stay secure ship, fast and stay secure. So it really just matched up super well. And then if you think, "Well, how do we even get there in the first place?" Well, we launched our public roadmap a few months ago, which was a first that Docker has ever done. And one of the first things that comes onto that public roadmap is image vulnerability scanning. For Docker, at that time it was really just focused on Docker Hub in terms of how it came through the roadmap. It got up voted a bunch, there has been some interaction and then we thought, "Well, why just like checking that box isn't enough," right? It's just checking the box. What can we do that really brings sort of the promise of the Docker experience to something like this? And Sneak was an immediate thought, in that respect. And we just really got in touch with them and we just saw eye to eye almost immediately. And then off off the rest went. The second piece of it was really around, well why just do it in Docker Hub? What about Docker Desktop? It's downloaded 80,000 times a week and it's got 2.2 million active installations on a weekly basis. What about those folks? So we decided to raise the bar again and say, "Hey, let's make sure that this partnership includes "not only Docker Hub but Docker Desktop, so you'll be able, when we launch this, to scan your images locally on Docker Desktop. >> Awesome, I see getting some phone calls and then you got to hit this, hit the end button real quick. I saw that in there. I've got an interesting chat I want to just kind of lighten things up a little bit from Brian Stevenson. He says, "Justin, what glasses are those?" (Justin laughing) So he wants to know what kind of glasses you're wearing. >> They're glasses that I think signal that I turned 40 last year. >> (laughs) I'd say it's for your gaming environments, the blue light glasses. >> But I'm not going to say where they came from because it's probably not going to engender a bunch of positive good. But they're nice glasses. They help me see the computer screen and make sure that I'm not a bad fingering my CLI commands >> Well as old guys need the glasses, certainly I do. Speaking of old and young, this brought up a conversation since that came up, I'll just quickly riff into this cause I think it's interesting, Kelsey Hightower, during the innovation panel talked about how the developers and people want to just do applications, someone to get under the hood, up and down the stack. I was riffing with John Chrysler, around kind of the new generation, the kids coming in, the young guns, they all this goodness at their disposal. They didn't have to load Linux on a desktop and Rack and Stack servers all that good stuff. So it's so much more capable today. And so this speaks to the modern era and the expansion overall of opensource and the expansion of the people involved, new expectations and new experiences are required. So as a product person, how do you think about that? Because you don't want to just build for the old, you got to build for the new as well as the experience changes and expectations are different. What's your thoughts around that? >> Yeah, I think about sort of my start in this industry as a really good answer to that. I mean, I remember as a kid, I think I asked for a computer for every birthday and Christmas from when I was six, until I got one given to me by a friend's parents in 1994, on my way off to boarding school. And so it took that long just for me to get a computer into my hands. And then when I was in school there wasn't any role sort of Computer Science or coding courses until my senior year. And then I had to go to an Engineering School at Rensselaer city to sort of get that experience at the time. I mean, just to even get into this industry and learn how to code was just, I mean, so many things had to go my way. And then Microsoft hired me out of college. Another thing that sort of fell my way. So this work that we're doing is just so important because I worked hard, but I had a lot of luck. But not everybody's going to have some of that, right? Have that luck. So how can we make it just as easy as possible for folks to get started wherever you are. If you have a family and you're working another full time job, can you spend a few hours at night learning Docker? We can help you with that. Download Docker Desktop. We have tutorials, we have great docs, we have great captains who teach courses. So everything we're doing is sort of in service of that vision and that democratization of getting into the ideas. And I love what Kelsey, said in terms of, let's stop talking about the tech and let's stop talking about what folks can do with the tech. And that's very, very poignant. So we're really working on like, we'll take care of all the complexity behind the scenes and all of the VMs and the launching of containers and the network. We'll try to help take care of all that complexity behind the curtain so that you can just focus on getting your idea built as a developer. >> Yeah, and you mentioned Kelsey, again. He got a great story about his daughter and Serverless and I was joking on Twitter that his daughter convinced them that Serverless is great. Of course we know that Kelsey already loves Serverless. But he's pointing out this developer dopamine. He didn't say that's Shawn's word, but that's really what his daughter wanted to do is show her friends a website that she built, not get into, "Hey look, I just did a Kubernetes cluster." I mean it's not like... But pick your swim lane. This is what it's all about now. >> Yeah, I hope my son never has to understand what a service mesh is or proxy is. Right? >> Yeah. >> I just hope he just learn the language and just learns how to bring an idea to life and all the rest of it is just behind me here. >> When he said I had a parenting moment, I thought he's going to say something like that. Like, "Oh my kid did it." No, I had to describe whether it's a low level data structure or (laughs) just use Serverless. Shifting gears on the product roadmap for Docker, can you share how folks can learn about it and can you give some commentary on what you're thinking right now? I know you guys put on GitHub. Is there a link available-- >> Absolutely, available. Github.com/docker/roadmap. We tried to be very, very poignant about how we named that. So it was as easy as possible. We launched it a few months ago. It was a first in terms of Docker publicly sharing it's roadmap and what we're thinking and what we're working on. And you'll find very clear instructions of how to post issues and get started. What our code of conduct is. And then you can just get started and we even have a template for you to get started and submit an issue and talk to us about it. And internally my team and to many of our engineers as well, we triaged what we see changing and coming into the public roadmap two to three times a week. So for a half an hour to 45 minutes at a time. And then we're on Slack, batting around ideas that are coming in and saying how we can improve those. So for everyone out there, we really do pay attention to this very frequently. And we iterate on it and the image vulnerability scannings one of those great examples you can see some other things that we're working on up there. So I will say this though, there has been some continual asks for our Lennox version of Docker Desktop. So I will commit that, if we get 500 up votes, that we will triage and figure out how to get that done over a period of time. >> You heard 500 up votes to triage-- >> 500 >> You as get that. And is there a shipping date on that if they get the 500 up votes? >> No, no, (John laughs) you went to a shipping date yet, but it's on the public roadmap. So you'll know when we're working on it and when we're getting there. >> I want before I get into your session you had with the capital, which is a very geeky session getting under the hood, I'm more on the business side. The tail wind obviously for Docker is the micro services trend. What containers has enabled is just going to continue to get more awesome and complex but also a lot of value and agility and all the things you guys are talking about. So that obviously is going to be a tailwind for you. But as you guys look at that piece of it, specifically the business value, how is Docker positioned? Because a of the use cases are, no one really starts out microservices from a clean sheet of paper that we heard some talks here DockerCon where the financial services company said, "Hey, it's simple stack," and then it became feature creep, which became a monolith. And then they had to move that technical debt into a much more polyglot system where you have multiple tools and there's a lot of things going on, that seems to be the trend that also speaks to the legacy environment that most enterprises have. Could you share your view on how Docker fits into those worlds? Because you're either coming from a simple stack that more often and got successful and you're going to go microservice or you have legacy, then you want to decouple and make it highly cohesive. So your thoughts. >> So the simple answer is, Docker can help on both ends. So I think as these new technologies sort of gain momentum and get talked about a bunch and sort of get rapid adoption and rapid hype, then they're almost conceived to be this wall that builds up where people start to think, "Well, maybe my thing isn't modern enough," or, "Maybe my team's not modern enough," or, "Maybe I'm not moderate enough to use this." So there's too much of a hurdle to get over. And that we don't see that at all. There's always a way to get started. Even thinking about the other thing, and I'd say, one we can help, let us know, ping us, we'll be happy to chat with you, but start small, right? If you're in a large enterprise and you have a long legacy stack and a bunch of legacy apps, think about the smallest thing that you can start with, then you can begin to break off of that. And as a proof of concept even by just downloading Docker Desktop and visual studio code and just getting started with breaking off a small piece, and improve the model. And I think that's where Docker can be really helpful introducing you to this paradigm and pattern shift of containers and containerized packaging and microservices and production run time. >> And certainly any company coming out of his post pandemic is going to need to have a growth strategy that's going to be based on apps that's going to be based on the projects that they're currently working, double down on those and kind of sunset the ones that aren't or fix the legacy seems to be a major Taylor. >> The second bit is, as a company, you're going to also have to start something new or many new things to innovate for your customers and keep up with the times and the latest technology. So start to think about how you can ensure that the new things that you're doing are starting off in a containerized way using Docker to help you get there. If the legacy pieces may not be able to move as quickly or there's more required there, just think about the new things you're going to do and start new in that respect. >> Well, let's bring some customer scenarios to the table. Pretend I'm a customer, we're talking, "Hey Justin, you're looking good. "Hey, I love Docker. I love the polyglot, blah, blah, blah." Hey, you know what? And I want to get your response to this. And I say, "DevOps won't work here where we are, "it's just not a good fit." What do you say when you hear things like that? >> See my previous comment about the wall that builds up. So the answer is, and I remember hearing this by the way, about Agile years ago, when Agile development and Agile processes began to come in and take hold and take over for sort of waterfall processes, right? What I hear customers really saying is, "Man, this is really hard, this is super hard. "I don't know where to start, it's very hard. "How can you help? "Help me figure out where to start." And that is one of the things that we're very very very clearly working on. So first off we just, our docs team who do great work, just made an unbelievable update to the Docker documentation homepage, docs.docker.com. Before you were sort of met with a wall of text in a long left navigation that if you didn't know what you were doing, I would know where to go. Now you can go there and there's six very clear paths for you to follow. Do you want to get started? Are you looking for a product manual, et cetera. So if you're just looking for where to get started, just click on that. That'll give you a great start. when you download Docker Desktop, there's now an onboarding tutorial that will walk you through getting your first application started. So there are ways for you to help and get started. And then we have a great group of Docker captains Bret Fisher, many others who are also instructors, we can absolutely put you in touch with them or some online coursework that they deliver as well. So there's many resources available to you. Let us help you just get over the hump of getting started. >> And Jenny, and on the community side and Peter McKee, we're talking about some libraries are coming out, some educational stuff's coming around the corner as well. So we'll keep an eye out for that. Question for you, a personal question, can you share a proud devOps Docker moment that you could share with the audience? >> Oh wow, so many to go through. So I think a few things come to mind over the past few weeks. So for everyone that has no... we launched some exciting new pricing plans last week for Docker. So you can now get quite a bit of value for $7 a month in our pro plan. But the amount of work that the team had to do to get there was just an incredible thing. And just watching how the team have a team operated and how the team got there and just how they were turning on a dime with decisions that were being made. And I'm seeing the same thing through some of our teams that are building the image vulnerability scanning feature. I won't quote the number, but there's a very small number of people working on that feature that are creating an incredible thing for customers. So it's just how we think every day. Because we're actually almost trying to productize how we work, right? And bring that to the customer. >> Awesome, and your take on DockerCon virtual, obviously, we're all in this situation. The content's been rich on the site. You would just on the captains program earlier in the day. >> Yes. >> Doctor kept Brett's captain taught like a marathon session. Did they grill you hard or what was your experience on the captain's feed? >> I love the captain's feed. We did a run of that for the Docker birthday a few months ago with my co-worker Justin Cormack. So yes, there are two Justin's that work at Docker. I got the internal Justin Slack handle. He got the external, the community Slack Justin handle. So we split the goods there. But lots of questions about how to get started. I mean, I think there was one really good question there. Someone was saying asking for advice on just how to get started as someone who wants to be a new engineer or get into coding. And I think we're seeing a lot of this. I even have a good friend whose wife was a very successful and still is a very successful person in the marketing field. And is learning how to code and wants to do a career switch. Right? >> Yeah. >> So it's really exciting. >> DockerCon is virtual. We heard Kelsey Hightower, we heard James Governor, talk about events going to be more about group conventions getting together, whether they're small, medium, or large. What's your take on DockerCon virtual, or in general, what makes a great conference these days? Cause we'll soon get back to the physical space. But I think the genie's out of the bottle, that digital space has no boundaries. It's limitless and creativity. We're just scratching the surface. What makes a great event in your mind? >> I think so, I go back to thinking, I've probably flown 600,000 miles in the past three years. Lots of time away from my family, lots of time away from my son. And now that we're all in this situation together in terms of being sheltered in place in the global pandemic and we're executing an event that has 10 times more participation from attendees than we had in our in person event. And I sat back in my chair this morning and I was thinking, "Did I really need to fly that 600,000 miles "in the past three years?" And I think James Governor, brought it up earlier. I really think the world has changed underneath us. It's just going to be really hard to... This will all be over eventually. Hopefully we'll get to a vaccine really soon. And then folks will start to feel like world's a little bit more back to "normal" but man, I'm going to really have to ask myself like, "Do I really need to get on this airplane "and fly wherever it is? "Why can't I just do it from my home office "and give my son breakfast and take them to school, "and then see them in the evening?" Plus second, like I mentioned before in terms of access, no in person event will be able to compete ever with the type of access that this type of a platform provides. There just aren't like fairly or unfairly, lots of people just cannot travel to certain places. For lots of different reasons, monetary probably being primary. And it's not their job to figure out how to get to the thing. It's our job to figure out how to get the tech and the access and the learning to them. Right? >> Yeah (murmurs) >> So I'm super committed to that and I'll be asking the question continually. I think my internal colleagues are probably laughing now because I've been beating the drum of like, "Why do we ever have to do anything in person anymore?" Like, "Let's expand the access." >> Yeah, expand the access. And what's great too is the CEO was in multiple chat streams. So you could literally, it's almost beam in there like Star Trek. And just you can be more places that doesn't require that spatial limitations. >> Yeah. >> I think face to face will be good intimate more a party-like environment, more bonding or where social face to face is more impactful. >> We do have to figure out how to have the attendee party virtually. So, we have to figure out how to get some great electronic, or band, or something to play a virtual show, and like what the ship everybody a beverage, I don't now. >> We'll co-create with Dopper theCUBE pub and have beer for everybody if need they at some point (laughs). Justin, great insight. Thank you for coming on and sharing the roadmap update on the product and your insights into the tech as well as events. Appreciate it, thank you. >> Absolutely, thank you so much. And thanks everyone for attending. >> Congratulations, on all the work on the products Docker going to the next level. Microservices is a tailwind, but it's about productivity, simplicity. Justin, the product, head of the product for Docker, VP of product on here theCUBE, DockerCon 2020. I'm John Furrier. Stay with us for more continuous coverage on theCUBE track we're on now, we're streaming live. These sessions are immediately on demand. Check out the calendar. There's 43 sessions submitted by the community. Jump in there, there are own container of content. Get in there, pun intended, and chat, and meet people, and learn. Thanks for watching. Stay with us for more after this break. (upbeat music)

>> live from Las Vegas it's the cube, covering Magento Imagine 2019. Brought to you by Adobe. >> Hey welcome back to the cube, Lisa Martin with Jeff Frick live at The Wynn Las Vegas for Magento Imagine 2019, with about 3500 people here give or take a few. We're very pleased to welcome Magento evangelist Ben Marks to the Cube, Ben welcome >> Thank you for having me, I appreciate you making time. >> And thanks for bringing the flair to our set. >> I've got to let people know where my allegiances lie, right? >> So this is the first Magento Imagine post adobe acquisition, that was announced about a year ago completed about six or seven months ago. You have a very strong history with Magento the last 10 years, Magento is very much known for their developer community, their open source history and DNA. Talk to us about, how things are now with the community and really the influence that the developers have. >> Well if it's up to me we retain this really strong influence in the business. I mean at the the core of Magento since its inception the very humble beginnings that it had back in back in 2007 has been this this developer ecosystem. And that is what takes the software basically all the output and all of the expertise and intuition that we have that we put into our products and our services, it only goes so far. Now it is a platform that tends to fit in a lot of places but it only goes so far and we have that last mile, that is the most important distance that we cross and we cannot do it without this ecosystem. They are the ones that they know, they understand the merchant requirements, they understand the vertical, they understand the region, they understand cross border concerns, whatever it may be they know our product from an expert perspective and then they take that and they make it make sense. That being the case, Adobe I think so far has shown excellent stewardship in terms of recognizing the value. A big part of that 1.7 billion price tag, they paid for the community. They knew this ecosystem was the real, has always been the x-factor in Magento and so they've been very diligent, well now that I'm an employee we've been very introspective about what that means as part of adobe, is part of this this massive set of opportunities and new addressable market that we have. And we're just all trying to make sure that we look after all of these people who are at the end of the day probably our biggest champions. >> Just curious how you've been able to maintain that culture because to be kind of open source and open source first timer, first isn't the right word but open source neutral or pro, along with your proprietary stuff and to really engage developers it's such a special town and as a special culture because by rule you're saying that there's more smart people outside of our walls than inside of our walls and embracing and loving that. But you guys have gone through all kinds of interesting kind of evolutions on the business side in terms of ownership and management. How've you been able to maintain that? And what is kind of the secret sauce? Why are the developers so passionate to continue to develop a Magento? Because let me tell you we go to a lot of conferences and a lot of people are trying really hard to get that developer to spend that next time working on their platform versus a different one. >> Yeah, well you know it's endemic to our culture that whether it's a developer, someone who's working who's an expert in administering Magento stores, just whatever someone's focus is in this ecosystem, it is interesting we've always had at the underpinning everything has been this open source ethos. So from the very beginnings of Magento, the creators Roy Rubin and Yoav Kutner, they sought out as they announced this Magento thing back in the day. They intentionally made it open-source because they knew that, that had been proved by a previous open-source commerce software and they knew that that was really where they were going to win that was the force multiplier. Again the thing that would get them into markets that they couldn't address with their very small agency that they were walking out of. So through the years that grew and in large part we can thank the Doc community, especially in Germany, the Dutch community, there's just the general open source ethos there. But I learned about open source from Magento, I had someone help me out when I was first starting at my first week working with Magento as a developer there was no documentation, I had to go into a chatroom and ask for help and this guy he actually spent about a couple of hours helping me and we remain close friends to this day. But at the end of it I'm like so should I pay you? And he was this guy this guy from outside of Heidelberg he's just no this is open source, is like just as you learn give it back. And that's a perfect summation for a big part of the spirit here. It helps who are in commerce, there's money kind of flowing all around but at the end of the day we provide options, we provide flexibility where there's nothing wrong with the sass platforms there's nothing wrong with some of the the larger like API driven platforms, it's just at some point if you have a custom requirement that they can't satisfy and that happens regularly, guess what? You got to go with the platform that gives you the extensibility. So they feel a sense of ownership I think because of that and they're sort of proud to take this wherever they can. >> So with the Adobe acquisition being complete around six eight months you mentioned Adobe doing a good job of welcoming this community but you also talked about this core ethos that Magento brings. I believe in the press release, announcing the acquisition last year, Adobe said open source is in our DNA. Have you found that one to be true? And two how much has the Magento open source community been able to sort of open the eyes and maybe open the door to Adobe's ethos of embracing it? >> Let's see how much trouble can I get in to today? >> So I have a good counterpart over Alberto Dobby and it's a stretch for me to call him a counterpart. He's got his JD,he's been big in the open source world for since forever but, Matt Asay probably... >> CUBE alum >> ...if you follow tech online, you've seen this post, you've seen him as an postulating on open source and it was interesting a lot of us were asking the same question from Magento world because a lot of us remembere the eBay days and an eBay had a sort of a different plan and vision for Magento that ultimately, that whole thing they were trying to create just didn't work out. Magento survived, but we're a bit wary we all knew it was coming it's the natural progression from private equity ownership but really, where is this open source that we were told about? And Matt is a kind of a big a piece there but as it turns out he jumped on Twitter immediately when none of us was supposed to be talking about anything of course but that's in Matt's nature. Because there is a lot of open source at Adobe in fact there's a lot of open source technology that underpins even these Enterprise Solutions that they offer. I visited with with several of our team members in the Basel office and there are Apache Software Foundation board members. I mean you want to to talk about the beginnings of open source and the impact its had on the world? These are some of these people and so yes it's there I think it's not a secret to say that Adobe really hasn't done a great job of telling that story. So as I've met and kind of toured around with some of the Adobe vice presidents who've been visiting here and I love that they're engaged. They get this, they want this to expand. It's been it's been really interesting watching them and encounter this and then start to be inspired by us as much as we are inspired by again the opportunities that exist as we all come together. >> It's great, yeah and Matt's been on his Trevi a week cover, CNCF and will be a cube con I think next week and in Barcelona so we're huge advocates, but so it's such a different way of looking at the world again accepting that there's more smart people outside your four walls than are inside your four walls. Which just by rule is the way that it has to be, you can't hire all the smart people. So to use that leverage and really build this develop wrapped advocacy is a really tremendous asset. >> Better together, is what we say, and it could not be true. I mean there there is no way we could know at all, we can't hope to. So what we've done actually in the last couple of years really under some brilliant leadership by Jason Woosley we've been able to double down on our open-source investment and I'd say that was a moment when we truly became an open-source company with through and through because we spun up and we took our best architects and just put them on a project called community engineering that they're dedicated to enabling contribution of fixes improvements and features from our ecosystem. So by doing that we all of a sudden we now have worldwide engineering that is that they're all experts in their individual domains so that line of code that some contributor from somewhere is contributing, he or she has become an expert let's say in something as glamorous like totals calculation like the logic that has to go into that. Because of their real-world experience we get the highest quality code that's just backed up by a lot of trial and tribulation. And from that we basically get to cover all of our bases and they tend to write things in a way that's way more extensible than probably we could ever envision. I don't know of a better formula for having a product that satisfies something so varied and challenging and just constantly evolving as e-commerce. >> Well and I think Jason mentioned this morning that the community engineering program was only launched a couple of years ago. >> Literally a two years ago February. >> So significant impacts in a very short period of time. >> Yeah we were fascinated to see that while we'd had this kind of haphazard almost ad hoc open source engagement up to that point, once we really built machinery around it We've we've managed to build something that is a model for any other company that wants to try to do this. Once we did that we very quickly got to some of our big releases where over 50% of the new lines of code were written externally. And that was cool for about a week and then we realized that that's not even the story the story is everything else I talked about which is just that degree of ownership that degree of informed engineering that we would never come up with on our own. And it was a real signal to this very patient and resilient ecosystem that hey, we're all in this together. And of course we've done that also, we've replicated that with our developer documentation, it's all open source and able to be contributed to and we sort of look at how that can expand and even to the point where our core architecture team now all of their discussions so you can go to github.com/magento, you can see our backlog, you could see where we're discussing features and kind of planning what's coming next. You can also go to our architecture repository and you see all of our core architects having their dialogue with each other in public so that the public is informed and they can be involved and that is literally the highest stage I believe of open source evolution. >> That's a great story now the other great thing though that it don't be brought to you is some really sophisticated marketing tools to drive the commerce in your engine, so I'm just curious your perspective. You've been playing in this for a long time but you guys are really kind of taken over at the transactional level now to have that front-end engagement tools, partners, methodologies, I mean you got to be excited. >> Well really so going back to my, I remember my agency days I remember why some of the Google Analytics code looks the way it does because I remember the product that it was before. Urgent analytics right and I remember when we could first do split tests and one of the first cool projects I ever worked on in Magento 1.1 was sort of parsing Google's cookies to be able to sort of change the interface of Magento and test that for conversion rights. And to think of how far we've come, now we have the power and the mandate really to absolutely know everything about the customer experience, the customer journey and then I'm sitting there in our keynotes you know in the general session yesterday, looking up and I'm looking at the slide and I'm seeing like 14 trillion transactions that are captured in our various apparatus and I think that it's tremendous responsibility, it's tremendous power. And if we if we combine, if we use this insight responsibly, what we do is we continue to do what I think Magento has done all along which has allowed us to be at not just at the forefront of where commerce evolves but really to set the standard that consumers begin to expect. And I know we've all felt it, when you have when you have that experience and it feels very full of friction I know we can do better and I will immediately go away from any website that makes it hard for me to do what I want to do any website that seems like they are kind of a partner on my journey that's where I mean that's we're going to spend my time and my money and that's really what we're trying to really lean into here. >> Which is essential, because as you mentioned if I'm doing something on my phone I expect a really fast transaction and there's friction points, I'm gone. I will be able to find another service or product that meets my need because there is so much choice and there's so much competition for almost every product and service. So being able to leverage the power of advertising, analytics, marketing and commerce to really deliver the fundamentals of the business needs to truly manage the customer experience is a game changer. >> Yap it is so what we're what we're looking to these days you know Magento, just before the acquisition was announced made a tremendous investment to start up it's completely independent trade association called the Magento Association. It's a place for our community to collect under. And and when we're here and Magento is still a big champion of ours a big source of investment and we are you know we are looking and I kind of wear both hats right because I'm a board member of that group as well as being a Magento Adobe employee. But one of the focus that we have is still that collaborative spirit where we start to carry the message and the capabilities of this tooling so that we can ensure that this ecosystem remains and powered to deliver the experiences that our customers and their customers expect. >> Absolutely, well Ben thank you so much for sharing your knowledge and your enthusiasm and passion >> Yeah did that come through I was hoping. >> You could next time dial it up a little bit more. >> Okay good. >> Awesome and bring more flair. >> I'll bring more flair next time. [Lisa Mumbling] >> I'm still wondering what happened to the capes? >> The magician master capes yes. >> I can I can probably go grab you a couple. >> That would be awesome orange is my favorite color. >> Good to know. >> Ben it's been a pleasure having you on the program we look forward to next year. >> Likewise thank you both. >> Our pleasure. For Jeff Rick, I'm Lisa Martin and you are watching theCube live at Magento imagine 2019 from Vegas. Thanks for watching. (upbeatmusic)

(digital music) >> Welcome, everyone. Donald Klein here with CUBE Conversations, coming to you from our studios at theCUBE, here in Palo Alto, California. And today I'm fortunate enough to be joined by Paul Makowski, CTO of PolySwarm. PolySwarm is a fascinating company that plays in the security space, but is also part of this emerging block chain and token economy. Welcome, Paul. >> Thank you, thank you for having me. >> Great, so why don't we just start and give everybody an understanding of what PolySwarm does and how you guys do it? >> Sure, so PolySwarm is a new effort (audio fading in and out) to try to fix the economics around how threat (missing audio) >> Donald: Okay. >> So, we see a lot of shortcomings with (audio fading in and out) I think it's more of a economic concern rather than (missing audio) (laughs) Rather than a concern regarding (missing audio) >> Donald: Okay. >> So, what PolySwarm is (missing audio) and change how (missing audio) >> Okay. >> So, it is a blockchain project (missing audio) will govern tomorrow's threat-intelligence base and perhaps, ideally, generate better incentives (missing audio) >> Okay, so, generally if I'm understanding right, you're playing in this threat-intelligence area, which is commonly know as bug-bounties. Correct, yeah? But you guys have kind of taken this in a new direction. Why don't you just explain to me kind of where this threat-intelligence distributed economy has been and where where you see it going in the future. >> Sure, so bug bounties are, we had spoke earlier about HackerOne, for example. Bug bounties are an effort to identify vulnerabilities, and open vulnerability reports to arbitrary people across the internet. And incentivize people to secure products on behalf of the product owner. >> So, I can be an independent developer, and I find a vulnerability in something, and I submit it to one of these platforms, and then I get paid or rewarded for this. >> Yeah, and so the likes of HackerOne is a player in the space that conducts these bug bounties on behalf of other enterprises. >> Donald: Got it. >> Large enterprises such as Google and Microsoft and Apple, even, run their own bug bounties directly. >> Donald: Interesting. >> But, there's also these centralized middle men, the likes of HackerOne. Now, PolySwarm is a little bit different. We've discussed perhaps distributing the bug bounty space, but what we're focusing on right now at PolySwarm 1.0 is really just determining whether or not files, URLs, network graphics are either malicious or benign. >> Donald: Interesting. >> There's this boolean determination to start with, and then we're going to expand from there to metadata concerning, perhaps, the malware family of an identified malicious file. And then from there we'd also like to get into the bug bounty space. >> Okay. >> So, by PolySwarm being a fully decentralized market, us, as Swarm Technologies, will not be the middle man. We will not be in the middle of these transactions. We think that is going to make everything a bit more efficient for all the players on the market. And will best offer precision reward to be both accurate and timely in threat-intelligence. >> Interesting, okay, alright so I want to talk to you just a little bit more, because not everybody out there may be fully familiar with how a kind of decentralized app works. Talk to us a little bit about how blockchain fits in, how smart contracts fit in, and maybe just a little about, like, if I were to work on the PolySwarm platform, would I set up my own smart contract? Would somebody set it up for me? How would that work? >> Great question. So, in general, we see smart contracts as a new way to literally program a market. And I think this concept is applicable to a lot of different spaces. My background and the PolySwarm team background is in information (missing audio). >> Donald: Okay. >> So, we're applying smart contracts and market design specifically to a problem area that we are experts in. >> Okay, and what kind of smart contracts are these? What platform are you running on? >> We're running on Ethereum. We had previously discussed possibly expanding to Bezos, although there are perhaps some reasons not to do that anymore right now. But yeah, on Ethereum, we've been publishing our proof of concept code for our smart contracts right now which is available on github.com/polyswarm. More directly to your question concerning developing applications that plug into our platform or plug in to any platform, we've also released a opensource framework called Perigord. Which is a framework for developing Ethereum distributed applications using Go, which is a language developed by Google. So, I hope that answers a little bit, but >> So, you're really pioneering this whole world of moving to a decentralized, distributed app framework. >> Yeah, so, we're not the first people in this space, but we are expanding the ease of development to the Go language space, away from strictly programming in JavaScript. A lot distributed applications today are programmed in JavaScript. And there's pros and cons to each language, but we're hoping to get the Go language engaged a little more. >> So, let's go back now around to the people that are going to be participating in this marketplace, right. You were talking about unlocking the economic potential that's latent out there. Talk a little bit more about that. >> Exactly, so we had a spoken a little bit ago about HackerOne, and one of the things that I think is really cool about HackerOne is the fact that it's offered globally. What makes that really cool is that HackerOne gets a lot of great submissions from people in locales that may not indigenously offer sufficient jobs for the amount of talent that the local economies are producing. So, that's a sort of latent talent. HackerOne is particularly popular in India, China, Eastern European countries, we'd like to also direct that talent toward solving the threatened intelligence problem, namely accurately and timely identifying threats in files or graphic files. So, we'd like to-- We are operating in a eight and a half billion dollar per year space, the antivirus space, and we'd like to unlock this latent talent to broaden what threats are detected and how effectively enterprises defend themselves through a crowdsourced contributed manner that will cover more of the threats. >> Interesting, and so why don't you just talk a little about URLs and why those are important. We've seen a lot of hacks in the news recently, people going to sign up for a token sale and then being rerouted to the wrong place, et cetera. So, talk about malicious URLs. I think that might be an interest for people. >> Sure, everyone is trying to determine what URLs are malicious. Google has built into Chrome their safe browsing program that's also present in Firefox, Microsoft in some equivalent. Everyone's trying to determine and prevent people from being phished. You mentioned there were a few ICOs in this space that unfortunately had their websites hacked and their Ethereum contribution address changed, the hackers made off with some money. What PolySwarm does at a base level is it creates a market for security experts, again, around the world, to effectively put their money where their mouth is and say I think to the tune of 10 Nectar, for example, Nectar is the name of the PolySwarm note, that this URL or this file is malicious or benign. And those funds are escrowed directly into the smart contracts that constitute PolySwarm. And at a later time, the security experts who are right, receive the escrowed rewards from the security experts who were wrong. So, it's this feedback loop. >> It sounds like participants are kind of betting on both sides of whether something's malicious or not? >> Yeah, in effect. Legally, I definitely wouldn't say betting. (laughs) But it's >> Donald: Fair enough. >> The correct answer is there, right? The way that PolySwarm works is and enterprise has a suspect file or URL and decides to swarm it and what they do on the backend for that is they can either directly post this file or URL to the network, the network being the Ethereum blockchain. Everyone that's watching it and is cognizant of PolySwarm will be aware that there's a suspect file that perhaps I want to decide whether or not it's malicious as a security expert. Again, around the world, security experts will make that decision. If this is a particular file that I think I have insight into, as a security expert, then I might put up a certain amount of Nectar because I believe it is one way or the other. The reason why I say it's more of a-- The correct answer is in the file, right? It is in fact either malicious or benign. But what PolySwarm's economic reward is both timeliness and accuracy in determining that mal intent, whether or not that file is (missing audio). >> Interesting. And so the use of the smart contract is pretty novel here, right? Because the smart contracts then execute and distribute the bounties directly to the participants based on answer, is that right? >> That's correct. And that's the real key part. That eliminates the middle man in this space. A lot of the talk around blockchain in general is about restlessness, about not having middle men. In PolySwarm the core smart contract, again which are on github.com/polyswarm, they are able to actually hold escrowed upon. Though we're not in the middle and those escrowed funds are release to people who effectively get it right through the cost of people who got it wrong. So, we think >> And this is all automated through the system? >> This is all automated through the system. If I could take a step back real quick here, some of the shortcomings we're trying to address in today's market are if you imagine a Venn diagram, there's a rectangle that has all of the different threats in this space and you have large circles that cover portions of the Venn diagram and those large circles are today's large antivirus companies. Those circles overlap substantially. And the reason for that is pretty straight forward. Did you hear about perhaps WannaCry? It was a ransomware-- >> Absolutely, absolutely. >> If you're an antivirus company and you're not cognizant, you're not detecting WannaCry, then it's real easy to write you off. But the difficulty there is on the backend what that incentivizes is a lot of security companies doing duplicated work trying to detect the same threat. So there's a little bit of a clumpiness, there's a little bit of overlap, in what they detect and further it's very difficult although we've been speaking with people at those companies. They're always interested in the latest threat and uniquely detecting things, but it's sometimes very difficult to make Dell's argument that hey I detect this esoteric family of power >> Donald: Malicious URL, or et cetera. >> Exactly and by the way you're also going to get hit with it. That's a very difficult argument. >> So, you're sort of addressing the under served areas, then, within security. >> Precisely, so the way that PolySwarm will look in that Venn diagram, is instead of large, mostly overlapping ovals, we'll have thousands of micro-engines written by security experts that each find their specialty. And that together this crowdsourced intelligence will cover more. >> Interesting, very good, very good, okay. So, just last question here. Talk around a little bit of the background. How did PolySwarm come together? I know you talked about Narf Industries, et cetera. Why don't you just give us a little of the background here? 'Cause it's impressive. >> Sure, so again my background, and the entire PolySwarm technical team's background, is information security. We also run and work for a computer security consultancy called Narf Industries. Our more public work has been for DARPA, as of late. There was a large competition that DARPA ran called the "Cyber Grand Challenge" that was the-- they were trying to create the autonomous equivalent of a human capture the flag competition, which is a hacking competition. Anyway, we helped develop the challenges for that program and otherwise helped in that phase. So that's a public-facing project. >> And you won part of that competition, is that correct? >> Yeah, so we weren't competing in DARPA's Cyber Grand Challenge, but in the human capture the flags, we have won those. All the members of the core PolySwarm, and also Narf Industries, technical team have won DEF CON's capture the flag competition at least once. And some of us have helped run that competition. That's considered the world series of hacking (laughs). So, that's our background, and we're also all we've all previously worked directly for the U.S. government, so we're very much embedded in the cutting edge of cyber security. And, finally, the last thing I'll say, is Narf was recently awarded a contract with the Department of Homeland Security for investigating how to build confidentiality controls into a blockchain environment. The Department of Homeland Security was concerned about identity management. They wanted to apply a blockchain phase. But part of that, is obviously, you want to protect people's private information. So, how do you do that phase that, by default, is purely public. >> Got it, okay look we're going to have to end there, but let me just say, we would be remiss without mentioning the fact that your ICO's starting. When's that going to happen? >> So, we have an ICO that's going to go live February 6. Right now, we're just trying to generate buzz, talking to great people like yourself. After that lead up to the ICO, we'd like to encourage people to check out our website at polyswarm.io, we have a Telegram group that's growing everyday. And, again, a large part of what we would be funded by this ICO to accomplish is building the community around using PolySwarm. Fortunately, again, this is our space. So, we know a lot of people in this space, but we're always happy to be meeting people, so we'd love for all your viewers to join the conversation and engage with us. Our DMs on Twitter are open, et cetera. >> Okay, we hope they do. Probably just want to make one final point is that you guys are actually publishing all your code on GitHub ahead of the ICO, right? That kind of makes you unique in a very difficult space. >> It, unfortunately, does make us unique. I wish more projects did do that. But, yes, we are publishing our code in advance of the token sale. PolySwarm, if you're familiar with the conversation between securities and utility tokens, PolySwarm is very much a utility token. People will grade Nectar, which is the name of our Token, for threat intelligence. And part of that is we want to have a usable ecosystem on day one when people buy tokens. We want to make sure that you're not investing in some future thing. Obviously we're going to improve on it, but it will be usable from day one (missing audio). >> Alright, fantastic, so thank you, Paul. I appreciate you coming in. Alright, well thanks, everyone. Thank you for watching. This is Donald Klein with CUBE Conversations coming to you from Palo Alto, California. Thank you for watching. (digital music)