The New Stack Makers

Web Application Firewalls (WAF) first emerged in the late 1990s as Web server attacks became more common. Today, in the context of cloud native technologies, there’s an ongoing rethinking of how a WAF should be applied. No longer is it solely static applications sitting behind a WAF, said Tigera CEO Ratan Tipirneni, President & CEO of Tigera in this episode of The New Stack Makers. “With cloud native applications and a microservices distributed architecture, you have to assume that something inside your cluster has been compromised,” Tipirneni said. “So just sitting behind a WAF doesn't give you adequate protection; you have to assume that every single microservice container is almost open to the Internet, metaphorically speaking. So then the question is how do you apply WAF controls? Today’s WAF has to be workload-centric, Tiperneni said. In his view, every workload has to have its own WAF. When a container launches, the WAF control is automatically spun up. So that way, even if something inside a cluste

Passage adds device native biometric authorization to web sites to allow passwordless security on devices with or without Touch ID. In this episode of The New Stack Makers, Passage Co-Founders Cole Hecht and Anna Pobletts talk about how the service works for developers to offer users its biometric service. Hecht and Pobletts have worked in product security for many years and the recurring problem is always password-based security. But there really is no great solution, Pobletts said. Multi-factor authentication adds security but the user experience is lacking. Magic links, adaptive MFA, and other techniques add a bit of improvement but are not a great balance of user experience and security. “Whereas biometrics is the only option we've ever seen that gives you both great security and great user experience right out of the box,” Pobletts. The goal for Hecht and Pobletts: offer developers what is challenging to implement themselves: a passwordless service with a high security level and a great user experience. 

In this episode of The New Stack’s On the Road show at Open Source Summit in Austin, Webb Brown, CEO and co-founder of KubeCost, talked with The New Stack about opening up the black box on how much Kubernetes is really costing. Whether we’re talking about cloud costs in general or the costs specifically associated with Kubernetes, the problem teams complain about is lack of visibility. This is a cliche complaint about AWS, but it gets even more complicated once Kubernetes enters the picture. “Now everything’s distributed, everything’s shared,” Brown said. “It becomes much harder to understand and break down these costs. And things just tend to be way more dynamic.” The ability of pods to spin up and down is a key advantage of Kubernetes and brings resilience, but it also makes it harder to understand how much it costs to run a specific feature. And costs aren’t just about money, either. Even with unlimited money, looking at cost information can provide important information about performance issues, reliabili

In this episode of The New Stack’s On the Road show at Open Source Summit in Austin, Amanda Brock, CEO and founder of OpenUK, talked with The New Stack about revenue models for open source and how those fit into building a sustainable project.Funding an open source project has to be part of the sustainability question — open source requires humans to contribute, and those humans have bills to pay and risk burnout if the open source project is a side gig after their full time job. That’s not the only expenses a project might accrue, either — there might be cloud costs, for example. Brock says there are essentially eight categories of funding models for open source, of which really two or three have been proven successful. They are support, subscription and open core.So how do we define open core, exactly? “You get different kinds of open core businesses, one that is driven very much by the needs of the company, and one that is driven by the needs of the open source project and community,” Brock said. In other

AUSTIN, TEX. — In one of the most compelling keynote addresses at The Linux Foundation’s Open Source Summit North America, held here in June, Aeva Black, a veteran of the open source community, said that a friend of theirs recently commented that, “I feel like all the trans women I know on Twitter, are software developers.” There’s a reason for that, Black said. It’s called “survivor bias”: The transgender software developers the friend knows on Twitter are only a small sample of the trans kids who survived into adulthood, or didn’t get pushed out of mainstream society. “It's a pretty common trope, at least on the internet: transwomen are all software developers, we all have high-paying jobs, we're TikTok or on Twitter. And that's really a sampling bias, the transgender people who have the privilege to be loud,” said Black, in this On the Road episode of The New Stack Makers podcast. Black, whose keynote alerted the conference attendees about how the rights of transgender individuals are under attack around t

AUSTIN, TEX. —What’s the future of WebAssembly — Wasm, to its friends — the binary instruction format for a stack-based virtual machine that allows developers to build in their favorite programming language and run their code anywhere?For Matt Butcher, CEO and founder of Fermyon Technologies, the future of Wasm lies in running it outside of the browser and running it inside of everything, from proxy servers to video games.”And, he added, “the really exciting part is being able to run it in the cloud, as well as a cloud service alongside like virtual machines and containers.”For this On the Road episode of The New Stack Makers podcast, Butcher was interviewed by Heather Joslyn, features editor of TNS.With key programming languages like Ruby, Python and C# adding support for WebAssembly’s new capabilities, Wasm is gaining critical mass, Butcher said.“What we're talking about now is the realization of the potential that's been around in WebAssembly for a long time. But as people get excited, and open source proj

VALENCIA, Spain —  WebAssembly (Wasm) is among the more hot topics under the CNCF project umbrella.  In this episode of The New Stack Makers podcast, recorded on the show floor of KubeCon + CloudNativeCon Europe 2022, Liam Randall, CEO and co-founder, Cosmonic, and Colin Murphy, senior software engineer, Adobe, discuss why Wasm’s future looks bright. A quintessential feature of Wasm is that it functions on a CPU level, not unlike Java or Flash. This means, Randall said, that Wasm “can run anywhere.” “Everybody can start using Wasm, which functionally works like a tiny CPU. You can even put WebAssembly inside other applications.”The fact that Wasm has a binary format (with .wasm file format) and can be used to run on a CPU level like C or C++ does means it is highly portable. “WebAssembly really is exciting because it gives us two fundamental things that are truly amazing: One is portability across a diverse set of CPUs and architectures, and even portability into other places, like into a web browser,” said R

In this episode of The New Stack’s On the Road show at Open Source Summit in Austin, Julia Ferraioli, open source technical leader at Cisco’s open source programs office, spoke with The New Stack about some alternative ways to define what is and is not ‘open source.’ When someone says, well, that’s ‘technically’ open source, it’s usually to be snarky about a project that meets the legal criteria to be open source, but doesn’t follow the spirit of open source. Ferraioli doesn’t think that the ‘classic’ open source project, like a Kubernetes or Linux, are the only valid models for open source. She gives the sample of a research project — the code might be open sourced specifically so that others can see the code and reproduce the results themselves. However, for the research to remain valid, they it can’t accept any contributions.“It’s no less open source than others,” Ferraioli said about the hypothetical research project. “If you break things down by purpose, it’s not always that you’re trying to build the ro

AUSTIN, TEX. — How safe is the open source software that virtually every organization uses? You might not want to know, according to the results of a survey released by The Linux Foundation and Snyk, a cloud native cybersecurity company, at the foundation’s annual Open Source Summit North America, held here in June. Forty-one percent of the more than 500 organizations surveyed don’t have high confidence in the security of the open source software they use, according to the research. Only half of participating companies said they have a security policy that addresses open source. Furthermore, it takes more than double the number of days — 98 — to fix a vulnerability compared to what was reported in the 2018 version of the survey. The research was conducted at the request of the Open Source Security Foundation (OpenSSF), a project of The Linux Foundation. For this On the Road episode of The New Stack Makers, Steve Hendrick, vice president of research at The Linux Foundation, and Matt Jarvis, director of develop

AUSTIN, TEX. —Forty-one percent of organizations in a new survey said they expect to increase hiring for open source roles this year. But the study, released in June by the Linux Foundation and online learning platform edX during the foundation’s Open Source Summit North America, also found that 93% of employers surveyed said they struggle to find the talent to fill those roles.At the Austin summit, The New Stack’s Makers podcast sat down with Hilary Carter, vice president for research at the Linux Foundation, who oversaw the study. She was interviewed for this On the Road edition of Makers by Heather Joslyn, features editor at The New Stack.“I think it's a very good time to be an open source developer, I think they hold all the cards right now,” Carter said. “And the fact that demand outstrips supply is nothing short of favorable for open source developers, to carry a bit of a big stick and make more demands and advocate for their improved work environments, for increased pay.”But even sought-after developer

In this episode of The New Stack’s On the Road show at Open Source Summit in Austin, Matt Yonkovit, Head of Open Source at Percona, shared his thoughts on how economic uncertainty could affect the open source ecosystem. Open source, of course, is free. So what role does the economic play in whether or not open source software is contributed to, downloaded and used in production? “Generally, open source is considered a bit recession proof,” Yonkovit said. But that doesn’t mean that things won’t change. Over the past several years, the number of open source companies has increased dramatically, and the amount of funding sloshing around in the ecosystem has been huge. That might change. And if the funding situation does change? “I think the big differentiator for a lot of people in the open source space is going to be the communities,” Yonkovit said. When we talk about having ‘backing,’ it’s usually in reference to financial investors, but in open source the backing of a community is just as important. In the ab

AUSTIN, TEX. —Everyone uses open source software — and it’s become increasingly apparent that not nearly enough attention has been paid to the security of that software. In a survey released by The Linux Foundation and Synk at the foundation’s Open Source Summit in Austin, Tex.,  this month, 41% of organizations said they aren’t confident in the security of the open source software they use.At the Austin event, The New Stack’s Makers podcast sat down with Brian Behlendorf, general manager of Open Source Security Foundation (OpenSSF), to talk about a new plan to attack the problem from multiple angles. He was interviewed for this On the Road edition of Makers by Heather Joslyn, features editor at The New Stack.Behlendorf, who has led OpenSSF since October and serves on the boards of the Electronic Frontier Foundation and Mozilla Foundation, cited the discovery of the Log4j vulnerabilities late in 2021, and other recent security “earthquakes” as a key turning points.“I think the software industry this year real

 British telecommunications provider, Vodafone, which owns and operates networks in over 20 countries and is on a journey to become a tech company focused around digital services, has plans to hire thousands of software engineers and developers that can help put the company on the cloud-native track and utilize their network through API’s.In this episode of The New Stack Makers podcast at MongoDB World 2022 in New York City, Lloyd Woodroffe, Global Product Manager at Vodafone, shares how the company is working with MongoDB on the development of a Telco as a Service (TaaS) platform to help their engineers increase their software development velocity, and drive adoption of best-practice automation within DevSecOps pipelines. Alex Williams, Founder of The New Stack hosted this podcast.Vodafone has built a backbone to keep the business resilient and scalable. But one thing they are looking to do now is innovate and give their developers the freedom and flexibility to develop creatively. “The TaaS platform – which

VALENCIA – The goal of DevOps was to break down silos between software development and operations. The side effect has become the blurring of lines between dev and ops. For better or for worse. Because the role of software developer is just continuously expanding causing cognitive overload and burnout. This is why the developer tooling market has exploded to automate and assist developers right when and where they need to build, in whatever language they already know. In this episode of The New Stack Makers podcast, recorded on the floor of KubeCon + CloudNativeCon Europe 2022, Matty Stratton, staff developer advocate at Pulumi, talks about this recently universal Infrastructure-as-Code and that impact on both dev and ops teams. Earlier this May, Pulumi released updates that took the platform closer to becoming a truly polyglot way to enforce best cloud practices, including support for: Full Java ecosystem YAML Crosswalk for Amazon Web Services (AWS) in all Pulumi languages Deploying AWS Cloud Development Kit

Proper tooling is perhaps the primary key to unlocking developer productivity. With the right tools and frameworks, developers can be productive in minutes versus having to toil over boilerplate code. And as data-hungry use cases such as AI and machine learning emerge, data tooling is becoming paramount. This was evident at the recent MongoDB World conference in New York City where TNS Founder and Publisher Alex Williams recorded this episode of The New Stack Makers podcast featuring Peggy Rayzis, senior director of developer experience at Apollo GraphQL; Lee Robinson, vice president of developer experience at Vercel; Ian Massingham, vice president of developer relations and community at MongoDB; and Søren Bramer Schmidt, co-founder and CEO of Prisma, discussing how their companies’ offerings help unlock developer productivity.Apollo GraphQL and SupergraphsApollo GraphQL unlocks developers by helping them build supergraphs, Raysiz said. A supergraph is a unified network of a company's data services and capabi

"Developers aren't cryptographers. We can only do so much security training, and frankly, they shouldn't have to make hard choices about this encryption mode or that encryption mode. It should just, like, work," said Kenneth White,  a security principal at MongoDB, explaining the need for MongoDB's new Queryable Encryption feature.  In this latest edition of The New Stack Makers podcast, we discuss [sponsor_inline_mention slug="mongodb" ]MongoDB[/sponsor_inline_mention]'s new end-to-end client-side encryption, which allows an application to query an encrypted database and keep the queries in transit encrypted, an industry first, according to the company. White discussed this technology in depth to TNS publisher Alex Williams, in a conversation recorded at MongoDB World, held last week in New York.   MongoDB has offered the ability to encrypt and decrypt documents since MongoDB 4.2, though this release is the first to allow an application to query the encrypted data. Developers with no expertise in encryption

For the past six years, WSO2 has been developing Ballerina, an open-source programming language that streamlines the writing of new services and APIs. It aims to simplify the process of being able to use, combine, and create network services and get highly distributed applications to work together toward a determined outcome.In this episode of The New Stack Makers podcast Eric Newcomer, Chief Technology Officer of WSO2 discusses how the company created a new programming language from the ground up, and the plans for it to become a predominant cloud native language. Darryl Taft, news editor of The New Stack hosted this podcast.Founded on the idea that it was too hard to do development with integration, Ballerina was created to program in highly distributed environments. “Cloud computing is an evolution of distributed computing of integration. You're talking about microservices and APIs that need to talk to each other in the cloud,” said Newcomer. “And what Ballerina does, is it thinks about what functions outs

VALENCIA – Open source code is part of at least 70% of enterprise stacks. Yet, a lot of open source contributors are still unpaid volunteers. Even more than tech as a whole, the future of open source relies on the community. Unless you're among the top tier funded open source projects, your sustainability replies on building a community – whether you want to or not – and cultivating project leadership to help recruit new maintainers – whether you want to hand over the reins or not. That's where the Tech Advisory Group or TAG on Contributor Strategy comes in, acting as maintainer relations for the Cloud Native Computing Foundation. In this episode of The New Stack Makers podcast, recorded on the floor of KubeCon + CloudNativeCon Europe 2022, we talk to Dawn Foster, VMware's director of open source community strategy; Josh Berkus, Red Hat's Kubernetes community manager; Catherine Paganini, Bouyant's head of marketing and community; and Deepthi Sigireddi, a software engineer at PlanetScale. Foster and Berkus are

VALENCIA, SPAIN —Managing the cloud virtual machines (VMs) your containers run on. Running data-intensive workloads. Scaling services in response to spikes in traffic — but doing so in a way that doesn’t jack up your organization’s cloud spend. Kubernetes (K8s) seems so easy at the beginning, but it brings challenges that rachet up complexity as you go. The cloud native ecosystem is filling up with tools aimed at making these challenges easier on developers, data scientists and Ops engineers. Increasingly, automation is the secret sauce helping teams and their companies work faster, safer and more productively. In this special On the Road edition of The New Stack Makers podcast recorded at [sponsor_inline_mention slug="kubecon-cloudnativecon" ]KubeCon + CloudNativeCon EU[/sponsor_inline_mention], we unpacked some of the ways automation helps simplify Kubernetes. We were joined by a trio of guests from [sponsor_inline_mention slug="netapp" ]Spot.io by NetApp[/sponsor_inline_mention]: Jean-Yves “JY” Stephan, se

Telecoms are not necessarily associated with adopting new-generation technologies. However, Deutsche Telekom has made considerable investments cloud in native environments, by creating and supporting Kubernetes clusters to supports its operations infrastructure. In this episode of The New Stack Makers podcast, recorded on the floor of KubeCon + CloudNativeCon Europe 2022, DevOps engineers Christopher Dziomba and Samy Nitsche of Deutsche Telekom discuss how one of Europe’s largest telecom providers made the shift to cloud native.Deutsche Telekom obviously didn’t start from scratch. It had decades worth of telecom infrastructure and networks that all needed to be integrated into the new world of Kubenetes. This involved a lot of “discussion with the other teams,” Dziomba said. “We had to work together [with other departments] to see how we wanted to manage legacy integration, and especially, and especially, policy and process integration,” Dziomba said. As it turned out, many of the existing services Deutsche T