Containers are taking the development world by storm. Is it all hype? What benefits do they provide? What challenges do they create? Our guest on this episode works regularly with containers and is the lead engineer on Trend Micro's container security solution.
Guests
Geoff Baskwill, Sr. Engineer at Trend Micro
Details
This episode was originally streamed on Tue, 19-Nov-2019 to multiple platforms. You can watch the streams (along with the comments) on-demand on:
Transcript
Mark: Hello, everybody. welcome.
Welcome back for those of you [laughs] that, tried to join us this morning. If you did try to join us for this morning, you can see from the background already that we are back into the sort of traditional studio setup, as opposed to trying to do it onsite.
[00:04:12] We're actually, in the Trend Micro office in Ottawa this morning, on a mobile setup, had a ton of problems. I really appreciate your patience. we learned some stuff. Right? Every, every opportunity, ah, for, ah, every failure is very much an opportunity for learning.
I learned some stuff. you know, we were doing the mobile setup, we had audio problems, we had lagging problems, we had bandwidth problems, and that, ah, should not have been a surprise to me, though it was.
[00:04:35] If you're in a building full of engineers, bandwidth is not something that is gonna [laughs] be plentiful because everyone's doing a ton of stuff. They're creating all sorts of creative stuff, everybody's streaming stuff, pulling things down.
There's just a lot of usage. We did not get enough bandwidth to get a good-quality signal, which is why we pulled the plug after eight extremely awkward minutes on the stream, learning and, and appreciating your patience, so thank you for jumping back on the stream.
[00:04:58] We are live on LinkedIn, we are live on YouTube, we are live on Twitter. We've got folks already tuned in from all around the world. I see folks, from India, from Kuwait, from KSA, from Portugal, from Russia, a whole bunch of places in the EU, people tuning in from North America, South America.
Thank you very, very much, especially after us, you'll notice in the title this is, Containers V1.1, 'cause V1 was a failed build. It did not pass our integration tests, yet we still tried to deploy, which is just, you know, we'll talk about it in a minute.
[00:05:28] but if you are, watching us here, we are monitoring the comments on LinkedIn, we are monitoring on YouTube as well as Twitter. If you have questions, please post it, there. We will try to address them as we go in the stream. Today's conversation is about containers, and we're gonna tackle it all over, every kind of angle we can think of.
[00:05:46] With that, I'm gonna bring in our guest today. Geoff Baskwill is one of the smartest people I know. He is a phenomenal developer. Um [laughs], he is already super embarrassed, but now you're on the stream, and you got to go with it 'cause I can't, you can't hang up.
We already failed once trying technical, so, I am just gonna fire comments your way and compliments because I, if I say it, I mean it.
[00:06:06] Geoff is a senior software developer, with Trend Micro. I tried to use his actual title, but he will not let me, so we're just saying, you know, software developer.
Needless to say, it's very high up there and he's very, very good. Geoff, welcome to the stream. You wanna say a little bit about yourself [laughs]?
[00:06:22] Geoff: [laughs] Thanks, Mark. Thanks for the, incredible intro. so yeah, I'm, I'm Geoff Baskwill. I have been doing software development for a long time, quite, quite a long time.
I don't actually want to say, but, been, I worked in, telecoms for, for probably about 20 years, and then I moved over to, to Trend and started doing, security work.
[00:06:42] And, I've been working with cloud containers for I'm gonna say about two years now, like really actively working with them. learned a lot, learned that there's a lot more to learn, and [laughs], yeah, so, I, I think that's a, maybe a good start?
[00:06:57] Mark: Yeah, that's great! That's fantastic. Very modest introduction, but, you know, I think people will get it as we, as we dive into this. So, you mentioned you've been working with containers, you know, really heavy for the last couple of years?
[00:07:07] Geoff: Yep.
[00:07:08] Mark: Let's start that off, then. what, in your view, what are the, what's the point of containers? A lot of people hear the word "containers," they know it's the coolness, you know, and there's a lot of conferences around it, a lot of talks around it. From your perspective, what's the point?
[00:07:22] Geoff: let's see, so m- from my perspective, the point is, being able to take your software that you've built and deploy it resil- really easily, right, and, and not worry a whole lot about the environment that you're, deploying it into.
[00:07:37] in, in previous places, you had to worry about, okay, is, is the VM running the right operating system? Is, are the right, dependencies in place? You know, shared libraries all over the place, you kind of worry about everything that's there, and with containers, you kinda package up your application, right?
It is just ... it's a simple way to package it up. You say, here it is, it's exactly the same on my laptop as it is when it's deployed.
[00:08:02] and that's, that's kind of the easiest thing about it is, and I mean, from my perspective, the most important thing about it is that you ship what you work with on your computer, and it's gonna be the same, right?
You don't go worry about, strange stuff changing underneath you. Yeah, we'll get back to that.
[00:08:19] Mark: [laughs] Thizizi- almost caught yourself in a little trap there, didn't you? But I mean I, I think, the, the point, you know, just from the way you were describing it, I'm gonna go out on a limb and say you've had that problem before in your career where you've had something working just fine in your environment, and when you try to push it out, it no longer works.
[00:08:36] Geoff: Yeah, absolutely. that, that happens, like, probably the most often. that is one of the biggest problems that, that you run into when you're building software. So in the traditional way where I'd be saying, okay, I'm just gonna ship a zip file or I'm gonna ship an, an installer, right? And-
[00:08:51] Mark: Mm-hmm, mm-hmm [affirmative].
[00:08:52] Geoff: ... the customer brings their own OS and, and you just sort of try to deal with, whatever might be there, and, and predict what might be there. it's gotten, it wa- it got better with, you know, shipping VM images-
[00:09:04] Mark: Mm-hmm [affirmative].
[00:09:04] Geoff: ... but VM images are huge, right? And so containers let you just say, I'm gonna take this small application, ideally a small application, and ship just that bit of it, out to the customer. They can run in the container environment, and it just comes up. Right? It's small, it's simple, it's, it's fast.
[00:09:22] Mark: And I think those are, those are really good three keys, right? Small, simple and fast?
[00:09:26] Geoff: Yeah.
[00:09:27] Mark: you know, and I mean we're gonna jump around a bit, but what kind of mistakes do you see people making? 'Cause I mean not only, you're obviously an active developer working on stuff for Trend, but you're interested in, in, on your own and professional development.
[00:09:38] You come across, you watch a lot of talks, you're active on social, everyone can see actually, I'll fire that up right now, they can see Geoff's Twitter handle on, on the stream, you're active up on social and, you know, you share a lot of great stuff that you've found, from other people in the community who are giving these talks.
What kind of mistakes do you see people making with containers?
[00:09:56] Geoff: I, I'd say the biggest mistake that I see people run into is, their, they haven't made that switch from, from being VM people. All right? And, sorry, that sounds really mean. Um-
[00:10:05] Mark: [laughing] The VM people. Oh, no! No, but like people who are predominantly thinking in their software in terms of this is a VM, this is a VM.
[00:10:15] Geoff: Yeah.
[00:10:15] Mark: Yeah.
[00:10:16] Geoff: Yeah, so, so people that, that are sort of taking ear- early on in that, in that transition period where they're saying, okay, I've got this application, it worked really well in this, in this virtual machine that I used to deliver, and so they try to take that whole virtual machine and that whole giant application and, and bundle it up into this terabyte-sized container image, and try to run that in a, in the world. Right?
[00:10:40] And, and I said terabyte and I didn't actually misspeak that. I actually had a customer come to me and say, "We want to look at images that are a terabyte in size."
And, and I just sort of, I paused, and, and I wasn't really sure how to respond to that because you're, I think they were kind of missing the point.
[00:10:56] Mark: A terabyte's big for even a VM, though.
[00:10:59] Geoff: Yeah.
[00:11:00] Mark: Like, that's just-
[00:11:00] Geoff: Yeah.
[00:11:01] Mark: ... big!
[00:11:01] Geoff: I, I didn't wanna ask what was in it. I just didn't want to.
[00:11:05] Mark: [laughs]
[00:11:05] Geoff: you know, I look at containers as, you know, you can build containers with an OS image or you can build containers just with your application, which is-
[00:11:14] Mark: Mm-hmm [affirmative].
[00:11:14] Geoff: ... kind of what I prefer to do, and it's kind of the difference between, you know, a 10-megabyte image and a 100-megabyte image, right?
And it's like, if you can do 10, why don't you do that? 'Cause your attack surface is smaller, your, your downloads are faster, your start-up is faster.
[00:11:30] Mark: Yeah.
[00:11:30] Geoff: There's a lot less to worry about.
[00:11:31] Mark: Yeah, and just I mean, you know, if you get into terabyte images, how are you gonna keep up fast changes in production? Right?
[00:11:38] Geoff: Yeah.
[00:11:38] Mark: Even with gigabyte images, it's, it's, that takes bandwidth, right? That takes time.
[00:11:42] Geoff: Yep, yeah, yeah, yeah like, if you have a 10-meg image, you can download that in a very small amount of time, and you can get up and running, right? you can, you can…
If you have a 100-megabyte image, or gigabyte image, that takes a long time. It's not gonna start up fast. You're gonna have a hard time moving around.
[00:11:58] Mark: Mm-hmm, mm-hmm [affirmative]. So one of the things you mentioned there kinda implies something else. So what do you feel is sort of like a good, if I'm sitting and looking at my software and trying to decompose it into different pieces-
[00:12:10] Geoff: Yep.
[00:12:10] Mark: ... what is sort of the logical boundary for a container? Because the technology will let me do whatever I want. If I wanna shoot myself in the foot with a terabyte image, I can-
[00:12:19] Geoff: Yep.
[00:12:19] Mark: ... but how do I get down to those 10-meg images? Like how do I get down to that lean and mean one?
[00:12:24] Geoff: Yeah. So, the buzzword that, that a lot of people use is microservices, right? and I think the idea there is that you take, and I think the, the word that people use in, in sort of the software architecture world is "bounded context."
[00:12:38] Mark: Mm-hmm [affirmative].
[00:12:38] Geoff: Right? And, and that might be a, a strange and a weird word for people that, kind of the idea behind it is, you want your container, you want your service to do one thing, right? if it's authorization, it does authorization. If it's, editing your profile, it's-
[00:12:52] Mark: Mm-hmm [affirmative].
[00:12:53] Geoff: ... that's all it does, right? And so if you can break these things down, into your, your container image is, is basically a simple service, it does a very small amount of things, therefore, ideally one thing-
[00:12:55] Mark: Yeah.
[00:12:55] Geoff: ... then, then you're good to go.
[00:12:55] Mark: Mmkay. just a quick pause for everybody on the livestream. You know, we see you from Mauritius, India, you know, Belgi a whole bunch of people kicking in from around the world, Argentina, India.
If you have questions, please fire them off, #letstalkcloud. hit them here on the LinkedIn live comments, on Twitter, on YouTube. we'll address them in the conversation as Geoff and I go.
[00:13:26] as you can see, we can go a little more technical, than in the past couple of weeks, which is great. I think that's really important because, there is a lot of misconceptions, around containers.
So one of the things, you know, and I mentioned earlier, Geoff's really active on, on social and shares a lot of great stuff, one of the things you shared, though, the other day, Geoff, and know this isn't like a, I dug through your Twitter for a gotcha, um-
[00:13:28] Geoff: Yeah [laughs].
[00:13:28] Mark: ... but was a paper that Google had written on container-
[00:13:28] Geoff: Yeah!
[00:13:28] Mark: ... security. Um-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: What were your thoughts on that? Give, maybe give us a quick little overview on what they did and then, what the, what your thoughts were.
[00:13:28] Geoff: okay. Well, you did catch me a bit because I wasn't prepared for that question, but, um-
[00:13:28] Mark: [laughs]
[00:13:28] Geoff: I remember, I remember reading it and, and thinking, what a great thing for Google to push out just, days before I'm supposed to come and, and, and be an expert on containers.
[00:13:28] Mark: [laughs]
[00:13:28] Geoff: really I, you know, go back and, and read the paper. anybody's watching, it's, it's really an awesome paper 'cause it, it does get into that, sort of, it starts you from the beginning of, of what's a container for, you know, getting a packaging construct and, and getting stuff out there.
And then, starting to talk about the different ways to secure your containers and, and securing the right runtime as well. So it-
[00:13:28] Mark: 'Kay.
[00:13:28] Geoff: It kinda covers the whole gamut of, of sort of why containers exist, how to build them well, and then how to secure them. And it's a really great paper and, like I said, kinda made me like, oh, my, why am I going on this instead of me sourcing from Google?
[00:13:28] Mark: [laughs]
[00:13:28] Geoff: But-
[00:13:28] Mark: Fair, fair. And I didn't, I didn't, I m- didn't wanna get you with a gotcha. one of the things that, um ... So I read that through after you sent it out 'cause I hadn't seen it, and then when I saw you tweet about it I was like, okay, I gotta, I gotta dive into this.
And it was really, I found it was really well-written from a, it was technical but not technical.
[00:13:28] Geoff: Yeah. Yeah, I thought it was really approachable.
[00:13:28] Mark: Yeah.
[00:13:28] Geoff: It was like, you don't have to be an expert to, to really dive in and understand what's going on and, and really get it. I really liked the, the language that they used, too. It was very, very easy to read.
[00:13:28] Mark: Yeah, and I dropped a link to that paper in the l- in the LinkedIn chat, for those of you on the stream, so you can check that out and we'll tweet it ag- out later. but one of the things that came up in that, that I think you should be okay about talking about, it was the idea sort of supply chain when it comes to containers was that, you know, in production there, there, they should be immutable, and-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... then there's this all the stuff that happens before, you, you, you actually hit production, and then that needs to be part of your idea of not just the development and operations but of security as well.
[00:13:28] what, any thoughts on, on that sort of concept? Because we don't normally, we didn't use to talk about developing software in that concept. We were just kind of like, no, it's in production, you're good.
[00:13:28] Geoff: Yeah. so, there are a few things in there. Let me, let me try and unpack a bit. I'm gonna start with the supply chain thing.
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: 'cause, I think a lot of current software development is, you kinda look for, you kinda look for a dependency or you look for a library that does what you're trying to do. You grab it, you ship it. Right?
And you don't sp- and a lot of people don't spend a lot of time thinking about where it came from. sometimes they'll think, well, with the licenses, but they won't necessarily look at how stable the, how stable the project is, right?
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: So you might find something that does what you want, and then, you know, you're not really paying attention and, hey, it wasn't updated, except for three years ago. Right?
[00:13:28] And then, you're seeing things where, in the recent past where, projects kinda die, and then they get taken over, right? Somebody says, hey, I wanna take over that, that, project for you, and the person says, yeah, sure, I don't, I don't care about it anymore. but the, the new owner, starts putting in new functionality that maybe you didn't want, like coinminers, which, which has actually happened.
[00:13:28] Mark: Yep.
[00:13:28] Geoff: Yeah, so, you know, sort of thinking with that supply chain and, and wondering what's actually going into your container, just like you would for, for any software that you're building, you're, you're kind of worried about ... hm, I don't know if "worried" is the right word.
You kinda have to think about, what you're bringing in, right, in the same way that you would for any other software problem.
[00:13:28] Mark: Okay. yeah, and that, I mean that's a new thing, right? Now especially, so, I'm, I'm torn. I wanna circle back to something but I also wanna, that's a great segue into something else.
[00:13:28] Geoff: [laughs]
[00:13:28] Mark: I'll circle back in a sec. Let's just segue there. So you mentioned, you know, like someone new could take it over and put something, either mali- outright malicious like a coinminer, which we've seen a huge uptake in in general, but specifically a few instances where it's happening in containers.
[00:13:28] but also that kind of brings in the idea of your container doesn't just exist. You know, like you don't just create it from scratch necessarily.
A lot of the time you're pulling in other containers as the baseline layers, and you're pulling those in from registries. Um-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Now, how does that, can you explain that flow a little bit and how that works, and then sort of what you need to be aware of as a, as a developer?
[00:13:28] Geoff: Sure. so for, for people who may not be familiar, when you build a container image, it's basically, a tar file.
Like people get what a tar file is. and so it's a, it's a tar file, it's, it's got all the stuff that's in your, in your application, but it's, as you said, it's, it's kind of based, in many cases it's based on a lower-level layer or a lower-level image that's got, other stuff that you've brought in.
[00:13:28] and then, when you, when you bring all these things together, you've got this file, of course, in a series of layers, right, which is a series of files, and they get stored in a registry. And the registry is really just a web server.
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: that's, it's a file server that it's storing, storing the files. and you can either have them in a cloud provider or you can bring your own or you can use Docker Hub or any other, any other registry provider.
[00:13:28] Mark: Mm-hmm [affirmative]. Okay.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: so that brings up a different one. So Docker Hub, um-
[00:13:28] Geoff: Yep.
[00:13:28] Mark: ... from Docker, um-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: You know, Docker's undergone some significant changes in the last couple weeks.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: right? And I mean, we don't wanna dive into that. There's, there's obviously complexities and challenges there, but from a, a developer, if you're building stuff that's pulling down from, a resource that's out there, um-
[00:13:28] Geoff: Yep.
[00:13:28] Mark: ... what, like are you concerned about that? Is this, you know ... So I mean you mentioned tar files which are basically just one, you know, it's a zip file for, you know, compressed bundle of other stuff.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: And if you're pulling those in from other places, ah, you know, you just take them on faith or are you looking for issues? Are you, you know, your reputation?
[00:13:28] Geoff: there's, there's two or three things. There's two or three things there are to think about. So the first one is, is sort of like, does the, does the thing you're pulling in do what you want it to?
And, and to steal a, steal a phrase from somebody I know, does it do what it want, what you're supposed to, and only what it's supposed to?
[00:13:28] Mark: Yay! [laughs]
[00:13:28] Geoff: Yeah, I'm not sure, I'm not sure where I heard that before.
[00:13:28] Mark: Thank you.
[00:13:28] Geoff: Or maybe it was you.
[00:13:28] Mark: Yeah. [laughing]
[00:13:28] Geoff: So you wanna make sure that, that your layers that you're bringing in or even the services that you're bringing in are doing only what they're supposed to do.
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: But you also, one of the things that, that you run into that you don't really think about until it happens is availability. Right? So you're saying, hey, I'm pulling in this image. is Docker up there?
[00:13:28] Mark: Yeah.
[00:13:28] Geoff: And, you know, 99-point-some huge percentage, a l- a lot of the times it's there, but actually in, in the time that I've been working with them, a couple of times we've tried to get, get through a build, tried to pull down an image, and Docker Hub was down.
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: Right? So you just, you just lose that. and y- you have the same thing anytime you open an external dependency, right? So, you're, you're trying to download the software from somewhere, you kinda need to make sure that you've got a, a layer in the middle that you can trust that's sort of your own, under your own control that says, okay, I've got these vetted images, that I've, that I've taken from outside.
I've kind of taken a look at them, made sure that they do what they're supposed to, and then, they are also in your control in terms of availability as well. Right? So, if somebody says, oh, I'm gonna delete this image, you're not, you know, up the creek.
[00:13:28] Mark: Yeah. Yeah, yeah, you can say that, don't worry. Um [laughs], the, so is that where, that's where the idea, that concept of like a private registry comes into play.
[00:13:28] Geoff: Yeah, exactly. Right. So you either have a private registry, or, yeah, some sort of proxy that, that's sort of keeping those, those images for you. Yeah.
[00:13:28] Mark: Makes sense, right? 'Cause I mean we've seen that not specifically in containers, but we saw that in the Node.js world a couple of years back-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... when for some odd reason, people used an external library to left pad strings.
[00:13:28] Geoff: Yeah, exactly.
[00:13:28] Mark: and someone yanked it, right? Like entirety, a huge mass, like 207-some packages from one person got pulled, and all of a sudden, builds failed left, right and center.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: And that's the last thing you wanna do if you're trying to build sustainable software is be dependent on something you've no control over.
[00:13:28] Geoff: Yeah, exactly. So, a lot of people I think are sort of starting that, hey, I'm just gonna pull it from Docker. That was part of my build. And then, they go along with that for quite a while.
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: And then, and then, just like, oh, wait [laughs].
[00:13:28] Mark: Yeah.
[00:13:28] Geoff: I've, I've got a dependency here that I didn't really think about, and then, yeah, you kinda need to, to be careful about that.
[00:13:28] Mark: And sadly that "Oh, wait" is normally after something hits the fan, and-
[00:13:28] Geoff: Yeah. It could be on a Friday afternoon where you're trying to do a release, for example [laughs].
[00:13:28] Mark: Always on a Friday [laughs] afternoon.
[00:13:28] Geoff: Right.
[00:13:28] Mark: The computer knows.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: They always know. Friday afternoon, likelihood of things exploding, through the roof.
[00:13:28] Geoff: Yep.
[00:13:28] Mark: so one of the things I wanted to circle back to, and we had this conversation, after the disastrous start this morning, that I, I had mentioned you on the, so Disney+ launched last week-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... and I don't have any in- knowledge of the internal workings, but it seems like they've taken a microservices design. And we touched on that a little bit earlier and you kinda used it a bit in your example, uh-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: But for me, so I signed up, I've got kids, I was excited to watch the Star Wars stuff on my own and the Marvel stuff, and I signed up and I, thankfully it worked, second try for me to sign up, but then it had intermittent errors throughout the, the, the week.
[00:13:28] And basically, for those of you that hasn't signed up for Disney+, and know this isn't an ad for it, but there's five main content pillars. There's the Disney, the Pixar, the Marvel, the Star Wars and National Geographic. and once you've signed up, each of those throughout the week were down at different times for me.
[00:13:28] So I couldn't get to like the Marvel stuff or the Pixar stuff, or National Geographic, but the others were up and running, or I couldn't edit my profile pic, but I could still watch things, right?
Or if I'd start it, I could watch it. And for me, you know, being a nerd, I was like, wait a minute, this feels like they're all separate services-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... that are having some problems, but the others aren't. So as a user, instead of just getting, you know, the annoyingly cute error message with Vanellope and Wreck-it-Ralph saying, "We can't do this for you," which is great the first time you see it, but after like the sixth you're like, I get it, I get it, Vanellope, I can't get my data, but it was a better experience 'cause at least I got something.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Now that for me kinda screams microservices.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: And, as we've had, previous conversations, microservices are kinda like linked hand in hand with containers.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: But the, but they're different, right? Microservices is an-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... architecture design, container's a way of delivering something.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Why are they together so much?
[00:13:28] Geoff: I think because when you have microservices, you have a whole bunch of stuff that you want to deliver. Right?
So you've got, instead of this one monolithic application, right, that, that just sort of, it does everything and it goes and it all crashes at once and you get the, you get the whale on the screen and, and nothing-
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: ... works, right, instead of that, you've got all these different services, and you get sort of progressive degradation. Right? So you get little things that, that break here and there.
[00:13:28] And because containers are a really ... The, the technology around containers and deploying containers and orchestrating containers has progressed so that you can deliver a lot of stuff, really easily, right, and you can tie them together really easily, right?
[00:13:28] So, it gives you that ability to architect your application in those microservice, in that sort of microservice fashion where you have, okay, I've got the small service that can grow or shrink or fail independently of everything else.
And you've got this other [inaudible 00:26:32], so that's great architectural development, but then on your, on your deployment perspective you can still deploy that thing, right, really easily because you've got this container that you can just shove to someone, and just run somewhere.
[00:13:28] And, having that environment where you can just make these little services deploy, rather than having to have, all that ... I mentioned at the beginning about having a whole VM you have to worry about and all the stuff that, that, that can go wrong when you're trying to deploy one service onto-
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: ... a VM, right? Instead of having one service, you have a thousand services, and you imagine having a thousand different VMs that are all have to be configured right, and it's just, it's just a disaster, right?
[00:13:28] So, I think that containers really help to enable that, the microservice approach because you can easily package up everything that you need to and ship it out and run it and have it, and have that sort of uniform interface, where the, the application just comes up and presents the network interface and you're, and you're good to go.
[00:13:28] Mark: 'Kay. so that, we're dancing around the big K-word, and we're gonna keep dancing around it-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... for a second, but, that, that actually leads to something. So, so for you and your role at Trend, you work on our container image security product. Um-
[00:13:28] Geoff: I did.
[00:13:28] Mark: Right? it was previously Smart Check. Now it's, under the cloud, the new Cloud One, naming, which, itself actually deploys as a set of containers, right?
[00:13:28] Geoff: Yeah, it does.
[00:13:28] Mark: So that's a bit different, right? It's only up-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... in the last year or two that we've seen people actually developing software and deploying it out as a container, or series of containers. What sort of challenges have you seen there? 'Cause I mean you've, you've packaged software at the old way, you've worked on-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... you know, global-scale cloud services. What, what is now, what's different, what's better, what's worse?
[00:13:28] Geoff: so I think this is where the K-word comes up, right? So, we'd start talking about Kubernetes, and that's how, that's how the application that I work on deployed, right, is we need to have a Kubernetes cluster, to deploy it.
[00:13:28] and the, the nice thing about that is that, Kubernetes is, is a really great place. it gives you a lot of capabilities sort of built in, right, in terms of, like I was saying earlier with that application orchestration, right?
It's like, I can say I want these six services to come up and run, and they all, they all need to be able to talk to each other, and it's really easy to deploying that. And, you know, when they fail or, or crash or, well, they never crash [laughs], no, but-
[00:13:28] Mark: It happens.
[00:13:28] Geoff: In, when they do crash because of, of whatever happening-
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: ... then, the, the infrastructure will, will bring them up and, and start running them for you.
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: that's super amazingly awesome. Right? before, I would've had to write that all myself.
[00:13:28] Mark: Yeah.
[00:13:28] Geoff: Right? I would've had to, you know, take the, or, or sort of replicate the, combined intelligence of everybody at Google who worked on, on the board system before it became Kubernetes or, or inspired Kubernetes, all the thousands of contributors that, that make Kubernetes better every day-
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: ... like, I would have to do that with my team. and that's just insane. Right? trying, trying to build something that's, that's, big and complicated and useful and fascinating and awesome.
[00:13:28] Mark: And none of that's unique to the problem you're tackling, either, right? So why-
[00:13:28] Geoff: Exactly.
[00:13:28] Mark: ... solve it in one place to have to solve it in a bunch of others?
[00:13:28] Geoff: Yeah. And, and I'm g- I'm, I'm not gonna attribute this, this quote that I'm gonna steal from, from someone famous, but it's, it's undifferentiated heavy lifting. Right?
And I think that's, I think a lot of people will re- will recognize that. We didn't wanna do any undifferentiated heavy lifting, right? We said we wanna focus on our application-
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: ... and get it out there and get it running and not worry about all of those, those complex details that really don't help us deliver business value to our customers.
[00:13:28] Mark: So, a question for you, then. So comparing that, you know, everything you said totally makes sense, especially, you know, leveraging the, the, the power that's already built into Kubernetes-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... if you have to ship a patch, right, and like a traditional, what people would think of as a traditional patch-
[00:13:28] Geoff: Right.
[00:13:28] Mark: ... are you then just sending out a new version of the effect of containers, like saying, hey, you can pull a new version? Like how does that, how does that flow? 'Cause that's got to be smoother.
[00:13:28] Geoff: It is. It's super smooth. so, the way it works is, we basically just do a whole build of the, the entire service, ship out a new version of the container, and, and it's done. Right? and then, our customer will just sort of update their lineup and-
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: ... sort of like a one-line command, and they can pick up the new, the new container and it just gets replaced, and there's, there's nothing to worry about. Right?
[00:13:28] Mark: Nice.
[00:13:28] Geoff: it does re- it does require you to build your software in a way that it can be updated that way, right?
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: You can't, there are some things that you shouldn't do when you're building applications that, that need to be upgraded that way, but, but it's really, it makes it super easy. Right? Um-
[00:13:28] Mark: That, that, that seems far smoother. Like even, even taking those architectural designs, sort of choices on your side as the, as the software builder into play, that seems way easier than our old method of like, here's, here's a patch, now you may-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... or may not have to take the system offline to upgrade this patch. It may have additional dependencies 'cause I'm not sure what it's running on top of, um-
[00:13:28] Geoff: Exactly.
[00:13:28] Mark: You're, you're reducing the order of the complexities by in order of magnitude or more.
[00:13:28] Geoff: Yeah. and I'm trying, I'm gonna change the word for you. I'm not reducing it, I'm moving it to someone else's problem.
[00:13:28] Mark: Even better [laughs].
[00:13:28] Geoff: Yeah. Exactly. Well, like, because, because i- the container environment is, is predictable, right? It's like-
[00:13:28] Mark: It is.
[00:13:28] Geoff: And, and again, I'm gonna go back to that most of the time, so there, there's a great podcast that, that I tweeted out the other day, where they interviewed about all the differences and the underlying, the underlying container em- environments.
I was like, yeah, I'm glad that most of the time I don't have to think about that.
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: Because most of the time, your container's just run and it looks like a, a Linux process that's just going.
[00:13:28] Mark: Yeah.
[00:13:28] Geoff: Right? And you're not gonna worry about it.
[00:13:28] Mark: Well, that's, that's the advantage, right I mean you hit on a couple words. Besides the undifferentiated heavy lifting, you know, what are you doing if it's not delivering value, like why are you working on that stuff, and then more you can kind of push away, the better.
I mean that's the whole advantage of cloud is going up that shared responsibility model to the right as far as you can-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... to get away from doing stuff that doesn't make a difference, right?
[00:13:28] Geoff: Mm-hmm [affirmative].
[00:13:28] Mark: so question for you, then. Ah, what Kubernetes, so like staying on Kubernetes just a second here, what do you think, so, you know, it's all the rage, everyone's like, oh, we have containers, we need Kubernetes. It's, you know-
[00:13:28] Geoff: Yeah [laughs].
[00:13:28] Mark: They're so intrinsically linked now. what do you think, so I think we know what the biggest plus is already, it's getting rid of that-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... undifferentiated heavy lifting, taking advantage of all that, complexity and letting someone else handle it-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... if it can't be eliminated. What's the biggest downside of Kubernetes?
[00:13:28] Geoff: Well, the biggest downside is people don't think about all the complexity that is still there. Right? because, just because it's hidden behind this, this magical Kubernetes thing, doesn't mean it's gone anywhere, right?
[00:13:28] Mark: Yeah.
[00:13:28] Geoff: and so if you're trying to, if you're trying to run it yourself, if you're trying to build your own cluster, if you're trying to manage your own cluster, it's a surprising amount of work, right, to, to get everything up and running and, you know like, sorry, up and running is kind of okay, keeping it running and keeping it alive, keeping it that-
[00:13:28] Mark: Two, two very different things.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Up and running, I have a container I deployed. Keeping that going no matter what happens, very-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... different proposition.
[00:13:28] Geoff: Yeah, exactly. So, there's quite a lot of expertise involved in, in having a Kubernetes system that works properly.
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: so a lot of people think that they can just, say, follow tutorial or spin up Kubernetes in their, in their data center and, and have it work really well.
And unfortunately, a lot of times it doesn't work very well for, because it is such a complex task. luckily, a lot of cloud providers will give that to you. They'll, like a lot-
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: ... of them have, have really good Kubernetes, setups where you can say, push a button and you've go- you've got a cluster, and those tend to work really well. Like our customers have done really well with that.
[00:13:28] Mark: Mm-hmm, mm-hmm [affirmative].
[00:13:28] Geoff: The ones that are sort of spinning up their own clusters, it tends to take them a while to develop the expertise and develop the, the understanding of all those little things that can go wrong with networking or storage or, you know-
[00:13:28] Mark: Yeah.
[00:13:28] Geoff: ... the things that, that it doesn't really taper over very well, and you kinda need to have a lot of expertise in.
[00:13:28] Mark: Yeah, 'cause I mean it's, it's, in itself, it now becomes critical infrastructure, and it's-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... another layer of abstraction and, you know, when, anytime you're putting any layer of abstraction in, you need to make sure you're getting more value versus the effort that you're putting in.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Right?
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: And that's why, you know, I know I still talk to a lot of, infrastructure teams who are excited about it because it's something in where they can, they're still, if you need to take advantage of assets you already have in your data center, it's a great way, to do that.
But more and more I'm seeing the same thing you are where people are taking advantage of the, you know, like the g- GKE on Google, EKS on AWS, Microsoft's, Kubernetes service more and more of like, hey, I want all the good stuff, but I don't wanna deal with all the mountain of stuff in the background. Um-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: But I mean that's the whole point of cloud, right, is, I don't wanna do it, you can do it and I'll pay you a couple-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... cents an hour to do it.
[00:13:28] Geoff: Yep. Yeah. Managed services, like they're, they make a huge amount of sense.
[00:13:28] Mark: Yeah. so, adjacent topic. you know, and I mean based on, on your history and, you know, you've worked in telecom, you've worked on, on massive-scale services, you're-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... deep in containers now. one of the sort of keys is, is obviously reliable, but sustainable software. Um-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Have, do you think containers have pushed that ahead? Is it easier to build sustainable software using containers? and sort of, just what's your general take on how to approach it?
[00:13:28] Geoff: I think that, more, more than containers themselves, like, if you, yeah, actually, yes. I think the short answer is yes [laughs]. I think because it does enable you, it does make it easier for you say, here is the whole package-
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: Right? here is, you know, to jump into the technical term, here is the Dockerfile-
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: ... right, that defines this application. Here is where you get every single piece of, of infrastructure that you need to build this application and, and run it. and, like compared to in the past where you said, oh, I need to have Row 7, to sort of, you, you have that line item somewhere, off in a document somewhere, and you'd have this, this version of, Red Hat Enterprise Linux and these libraries that come from where again?
[00:13:28] And then, and then you'd, and then even install your application. Right? Whereas if, with the Dockerfile sort of concept it's like, hey, I've got this base image, which of course I've kept a copy of in my private registry-
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: ... for [inaudible 00:38:03] purposes, and then, and then you have the, the exact instructions for building that application, from scratch.
[00:13:28] Mark: Yeah.
[00:13:28] Geoff: Right? And, and that I think makes it a lot easier to sort of maintain that over time, right, and, and, even if you don't, even if you don't touch a service for a couple of years, you can go back to it and it's like, hey, it's still built, right, because you've still got that exact environment set up.
[00:13:28] Mark: You've essentially got that sort of single source of truth, you know. That file, it's not like a document that we hope you updated, which-
[00:13:28] Geoff: Yeah, exactly.
[00:13:28] Mark: ... nobody ever does.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: You've got literally, this is the executed code that creates that thing.
[00:13:28] Geoff: Exactly. Yeah.
[00:13:28] Mark: Nice.
[00:13:28] Geoff: Well, that, that helps a lot.
[00:13:28] Mark: Okay. We've hit that time in the stream, so, ah, you know, everyone's still tuned in. That's fantastic. We've still got people around the world. you, I know you've watched the first two that we did with these. Ah, it's always a ton of fun. I'm gonna hit you with a bunch of rapid-fire questions.
[00:13:28] Geoff: All right.
[00:13:28] Mark: And I want short like one or two-word answers and then we'll circle back if anything crazy comes up.
[00:13:28] Geoff: All right.
[00:13:28] Mark: and I always find it interesting 'cause I've, I've known you for a while and you're such a good friend, I think I know how you're gonna answer these, but I'm curious to see how well I know. Maybe we'll evolve this to the point where it's like a game show-
[00:13:28] Geoff: Okay.
[00:13:28] Mark: ... but right now we're gonna just keep it straightforward with the rapid-fire.
[00:13:28] Geoff: All right.
[00:13:28] Mark: So, Unix philosophy, yes or no for containers?
[00:13:28] Geoff: Yes.
[00:13:28] Mark: 'Kay. Databases, containerize them or no?
[00:13:28] Geoff: [laughs] No.
[00:13:28] Mark: A giggle and a no. Okay, we're coming back to that. Ah, blue-green deployments, real thing or just lip service?
[00:13:28] Geoff: Um ... I'm only allowed two words?
[00:13:28] Mark: well, yeah.
[00:13:28] Geoff: real thing.
[00:13:28] Mark: Real thing, okay. We'll come back. Ah, can containers be serverless, yes or no?
[00:13:28] Geoff: Geeaahh.
[00:13:28] Mark: [laughs]
[00:13:28] Geoff: That is my word. I choose [crosstalk 00:39:49]-
[00:13:28] Mark: That's your, that's your answer? Your answer is "Geeaahh?"
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Okay, fair. That's a legit answer. Kubernetes, most hyped ever or just the most hyped of 2019?
[00:13:28] Geoff: I heard [inaudible 00:40:01] ever.
[00:13:28] Mark: 'Kay. Uh ... So, containers, legitimate solution that you should be aiming for or just a way station to the real one that's serverless?
[00:13:28] Geoff: Whooa. Oh, I'm gonna get in trouble for this one.
[00:13:28] Mark: [laughs] Yes, you are [laughs]!
[00:13:28] Geoff: Well, Ben, if you're watching this, I'm sorry.
[00:13:28] Mark: [laughs]
[00:13:28] Geoff: Containers are real. They're, they're a good thing. Um-
[00:13:28] Mark: Okay, okay.
[00:13:28] Geoff: But keep going, but keep going.
[00:13:28] Mark: Okay, okay. we will loop back in Ben Kehoe and see where, where that is. okay, last one. Languages: Go was better than Java in 99% of cases, yes or no?
[00:13:28] Geoff: Ooh. I'm only allowed two words? Today I'll say yes.
[00:13:28] Mark: 'Kay. Interesting.
[00:13:28] Geoff: Uh-
[00:13:28] Mark: Very interesting. you held yourself well [laughs]. so, you know, Unix philosophy was straightforward. You were a firm rapid "no" on databases in containers. Why?
[00:13:28] Geoff: There's, there's a lot smarter people who may have, who've talked about this, but it's effectively, containers are really good at starting and stopping and getting rescheduled to different places and, that doesn't really work really well with databases, right?
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: Databases like to be on the same system as their storage.
[00:13:28] Mark: Yep.
[00:13:28] Geoff: They, they like to have storage really closely attached to them. Right? and so, if you have a container that's running a database and it dies, o- or gets rescheduled or the node that it's on gets moved, and it hasn't done the right things to its data storage, then bad things happen. and so, yeah, don't render database in containers unless you absolutely have no choice, and then distill them. Um-
[00:13:28] Mark: [laughs]
[00:13:28] Geoff: Find, find a managed database service that you can connect to.
[00:13:28] Mark: Yeah. And I think that's a, that's a good point, and I mean I 100% agree, and I think, not that I have to, but I do [laughs], but I think it's, it's important to realize that containers don't solve every problem, right? So there are-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... applications and use cases like databases where you're in for a world of hurt if you-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... try to go down that path.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Right?
[00:13:28] Geoff: It's just not a good idea.
[00:13:28] Mark: So blue-green deployments, you were a little-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... iffy there. Uh ...
[00:13:28] Geoff: So, there are, there are some really awesome mature teams out there and I think there's a lot of teams that are getting it-
[00:13:28] Mark: 'Kay.
[00:13:28] Geoff: ... right, in terms of blue-green. I think that it's a maturing technology. It's not something that people know how to do out of school, right? And I could be wrong. It's been a long time since I was in school, but, I'm not running into people that sort of know natively how to do this.
[00:13:28] Mark: Mmkay.
[00:13:28] Geoff: and yet, I talk to a lot of really smart people that are doing it for real. Right? Um-
[00:13:28] Mark: So, is it fair to say it's just, like the concept is solid, it's where-
[00:13:28] Geoff: Yep.
[00:13:28] Mark: ... should we, we should be going. It's just a matter of comfort level, you know, especially people moving out of dev more into ops, like it's a really tricky shell game ops move, right?
[00:13:28] Geoff: Yeah. Yeah, I, I think that, I think that people need to understand how to do it, but once they do it's like, oh, this is amazing-
[00:13:28] Mark: Yeah.
[00:13:28] Geoff: ... and it's so helpful.
[00:13:28] Mark: Yeah, and it's super easy to draw on a slide. It's-
[00:13:28] Geoff: [laughs] Yeah.
[00:13:28] Mark: ... a whole 'nother thing [laughs] to actually do, right?
[00:13:28] Geoff: Exactly.
[00:13:28] Mark: Ah, last one I wanna circle back to, containers can be serverless, yes or no. Um-
[00:13:28] Geoff: Uh-huh.
[00:13:28] Mark: And, you know, you literally apologized to, Ben. For those of you won't don't know, Ben Kehoe is a native US, serverless hero, works at iRobot, gives a ton of phenomenal, technical talks, huge leader in the serverless community, phenomenal guy, too, but okay, why, what was your stance there?
Like why do you think that's so, controversial as far as containers can be serverless?
[00:13:28] Geoff: so the reason that, that I, that I really hesitated for that is because, I think that containers are, you know, they're really not the where, where you wanna think about when you're talking about serverless, right?
[00:13:28] Mark: Yep.
[00:13:28] Geoff: Serverless is a lot about, using managed services for as much as you can.
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: Right? It's about not thinking about or not needing to think about where your software is deployed.
And, containers kinda get you part of the way there, but I think you, to, to really get to sort of a, a serverless philosophy, you really need to scale back even from your, your sort of microservice stocks that are going into your container and saying, okay, I wa- I just want my code to run somewhere-
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: ... and I don't want to be worried about how I'm building that.
[00:13:28] Mark: Yeah.
[00:13:28] Geoff: Right? And so you say, if you're building it, a container, I think there's people who are, who would, who would argue that, that if you're building a container, you're doing too much work already. Right?
[00:13:28] Mark: Fair.
[00:13:28] Geoff: For serverless?
[00:13:28] Mark: Yeah. And I mean this kinda combines with the, the other rapid-fire I asked you about as far as containers being a way point or, you know, are, are they an actual destination. Um-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: And, and let me sum it up, 'cause I think I'm reading between the lines. I, I think you're go, and I know how I feel on it, whereas, depending on the problem you're trying to solve, ideally try to do something serverless because that's the least amount of work you need to do.
[00:13:28] Geoff: Absolutely, yeah.
[00:13:28] Mark: Then go containers.
[00:13:28] Geoff: Yep.
[00:13:28] Mark: Then go VMs in a sort of falling, filter scale of if you can't solve, if it doesn't fit the right way, 'cause don't shoehorn-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... it into any one of those.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Find the one where it slides in like a glove.
[00:13:28] Geoff: Exactly. Y- you gotta find the right tool for the job that you're looking for. if I can sort of plug for a little bit, the right tool in a lot of cases, in a lot more cases than you might think about, is serverless. sorry, container people. because, you know, you, you take your function, you deploy it to the world, and, and it just rises-
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: ... and you don't worry about a lot. if you're not ready for that yet, then, containers are a really great solution, right? So all other stuff that I build necessarily is, is in containers, because that's kind of, it's what works for deploying software a lot these days.
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: it's a lot harder to deploy, serverless applications still, if you're talking about software. If you're not talking about a service that you're running in-house, if you're talking about delivering software to, to people, then containers are still really, I think they're really a great place to go.
[00:13:28] Mark: Yeah, and I mean we had this, this chat earlier, offline when I was telling you I had ServerlessConf. I was talking to Bret McGowen, who is a developer out of Google, around Google Cloud Run, which is a, a somewhat controversial container/serverless function service, but-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: The way Bret, Bret presented it was really, really, when Bret was talking about, what was really, really logical to me was, and it reminded me, because a lot of the time when we're deep into this tech, you start to think either-or. Like it's this-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... or it's that or it's this and, you know, if you're building new, you've got all the choices in the world, but-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... the vast majority of work that's being done out there is on stuff that exists today that you can't justify rewriting completely from the ground up in your ideal framework or model or whatever. You've got to figure out how to optimize what you've got while moving forward.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Okay. Fantastic. I, I, I mean I agree. It's in the, ideal world, we wouldn't have to build any of this, right?
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: You'd be able just to go back to like the old, almost visual basic-level days where I draw a button, I click on it and tell it what to do when it's clicked and I don't worry about anything else.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Right? I mean like that's the, the, you want that direct line to value. So, we're almost at the end here. This has been fantastic conversation, Geoff.
Ah, a couple quick questions, or relatively quick. What's the weirdest problem you've ever seen dealing around containers or even something on containers? Just weird, sort of tech problem tackling, these kind of things.
[00:13:28] Geoff: let's see. So, I think the, the weirdest thing that I've seen is that, that customer with the terabyte image. the weirdest tech problem I've tried to solve, I think, I think that a lot of stuff that I'm running into lately has been around, you know, just the, the fractal nature of Kubernetes. Right?
Like, and digging into, why something isn't working today.
[00:13:28] Mark: Mm-hmm [affirmative].
[00:13:28] Geoff: sort of the networking stuff that, that you kind of find in there, you know, like, and, and I've, I've done like [inaudible 00:48:28] kernel-level work, understanding the kernel and how, how packet work, how packet-forwarding works there. And still-
[00:13:28] Mark: [laughs]
[00:13:28] Geoff: yeah, I kinda get lost with like, what's going on here?
[00:13:28] Mark: You forgot your quotes around how it works.
[00:13:28] Geoff: [laughs] Oh, yeah. Works.
[00:13:28] Mark: You're like it goes in this function, and then it's delivered somewhere.
[00:13:28] Geoff: Yes. Yeah. So, I used to know. Now it's just, it just doesn't make sense anymore.
[00:13:28] Mark: Sometimes learning more is not the right answer [laughs].
[00:13:28] Geoff: [laughs] Yes.
[00:13:28] Mark: Sometimes just accepting that, you know what, it just did a weird thing-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... that's okay.
[00:13:28] Geoff: That's correct, yeah.
[00:13:28] Mark: All right. so a more personal one here: What's your favorite cloud service? It doesn't have to do anything with, do with containers, just using, you know, either in Google or Integer or in AWS, something that you find useful for your own stuff, whether it's work or personal or anything like that, what's your favorite cloud service?
[00:13:28] Geoff: I'm gonna say Lambda.
[00:13:28] Mark: 'Kay.
[00:13:28] Geoff: So, yep. there's, there's others that, that I wanna play with more, right? Like, I've played with, Cognito a bit, so AWS Cognito. it's really awesome for, for doing, sort of user management and that, that's the thing you get stuck really quickly.
[00:13:28] but Lambda is, is the awesome. you just, you, you plug in a couple lines of code and magically attach it to some events and, the right thing starts happening. Right? So just having that, that ability to do stuff like that is, it blows my mind.
[00:13:28] Mark: Yeah, it is pretty amazing. And-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: You know, we just, th- this week or last week was the five-year anniversary-
[00:13:28] Geoff: Yeah! Yeah, it's, uh-
[00:13:28] Mark: ... of, of Lambda?
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Which is nuts that we've come that far where, when it first announced, everyone was like, hey, what's this good for, and then very quickly to go, oh, yeah, no, we've built the entire solution on Lambda and it can ac- you know, it's not just Glue anymore, it's legit computing and, you know, re:Invent's 12 days away, um-
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: ... and it's almost a guarantee that we will see more announcements around, Lambda and hopefully a ton of new container announcements as well.
[00:13:28] Geoff: Yeah.
[00:13:28] Mark: Right on. Geoff, thank you very, very much. This has been fantastic. great conversation. Thank you to the audience for joining in from around the world and for your patience this morning.
I think we rebounded strong, which is good. we've had folks, like I said, from all around the planet, tuning in again, which is, wonderful.
[00:13:28] Please keep those questions coming, uh #letstalkcloud. we will be back again next week, with a fully functioning, working stream, covering another, ah, topic in cloud.
And if you have topic suggestions, not just questions on the existing topics, let us know and we are happy, to tackle whatever. this really, is community-driven. This what makes it interesting.
[00:13:29] personally, I just love to talking to smart people, but hopefully you guys are getting something out of this well. So Geoff, thank you again. We very, very much appreciate it. Have a great rest of your afternoon, Geoff, and everybody for tuning in.
[00:13:29] Geoff: Catch you later. Thanks.