This Week in Enterprise Tech 513 Transcripts
Louis Maresca (00:00:00):
This Week in Enterprise Tech, Mr. Brian Chi. Mr. K Franklin joined me here today. Black Hat Ransomware Groups evolved their tools. Security professionals look to do standards from a Bloomberg terminal, like single pan of glass For security. And Deputy CTO of indico, Sam Curran takes on a journey of decentralized identities. You definitely shouldn't miss it. Quiet on the set.
ANNCR (00:00:25):
Podcasts you love from people you trust. This is TWIT.
Louis Maresca (00:00:38):
This is TWiT This Week in Enterprise Tech, episode five 13, recorded September 30th, 2022. Ledger never lies. This episode of This Week in Enterprise Tech is brought to you by Cisco, orchestrated by the experts at C D W. When you need to get more out of your technology, Cisco makes hybrid work possible. CDW makes it powerful. Learn more at cdw.com/cisco. End by compiler, the original podcast from Red Hat devoted to the simplifying tech topics and providing insight for new generation of IT professionals. Listen to compiler and your favorite podcast player.
ANNCR (00:01:20):
Welcome
Louis Maresca (00:01:21):
To TWiT This Week in Enterprise Tech, the show that is dedicated to you, the enterprise professional, the IT Pro, and Nike who just wants to know how this world's connected. I'm your host, Louis Mosca, your guide through this big world of the enterprise, but it definitely can't guide you by myself. I need to bring in the professionals and the experts and also add in their true survivors as well are Orlando residents, starting with the very on Mr. Brian Cheese's, net architect at Sky Fiber Network expert, security professional plus all around Tech geek sheer. I was glued to my video streams the last several days, seeing the impact of Ian. How are you doing? How are you making out?
Brian Chee (00:01:58):
We're fine. All the years of preparing living in Hawaii hurricanes happen. You know, it's, it's a force of nature, so we knew what to do. We've actually started prepping since middle of May so that we don't break the bank. We can slowly stock up and once hurricane season over, we'll just eat through our hurricane stock. In that way, nothing's wasted.
ANNCR (00:02:26):
So
Louis Maresca (00:02:26):
How did it, how did the power wall stay stay up, did stay working well?
Brian Chee (00:02:31):
Oh, the power wall was awesome. I, I'll actually talk about that in my blip, but the reality is, is once the grid went out, we started reducing the power load of the house. I managed to get everything shut off and got it down to half a kilowatt wow. Of load. And with, at that kind of load, we were in excess of 24 hours of battery. And then once the
Curt Franklin (00:02:58):
Sun came out, even though it was still very cloudy, it still managed to top it off. So we stayed at 24 plus hours of battery throughout the entire storm, which was very cool.
Louis Maresca (00:03:10):
Unbelievable. That's unbelievable. Thank you for being here, Chief. I know it's been kind of a journey last week. We also have to bring in a man of many talents, including having the pulse of security enterprise world. He is the very own Mr. Curtis Franklin, senior analyst at Omni Curtis. How are you guys holding up? How's everything with you?
Curt Franklin (00:03:27):
Well, on our end of the block, we had a little more of the water about the same amount of wind. And since I don't have the Tesla power wall, we have the next best thing, a neighbor with a whole house generator. So we made sure that things were buttoned up and went over to our good friend's house where we spent the day being entertained by things like art and reading and functional air conditioning. So it, it worked out well. We have to say that up here in our part of Orlando, things could have been much worse. We, our neighborhood had no significant property damage and no injuries at all. We're thinking about all those folks down in southwest Florida who have a major rebuilding task ahead of them. And I fear that the death toll is gonna rise. So this, this was a serious hurricane. It brought damage all up and down the peninsula. So it, it was a good reminder that taking preparation and warnings seriously is absolutely the right thing to do. Whether you're in hurricane mode or or computer security mode, it's it's, it's a good reminder of, of where we can be.
Louis Maresca (00:04:59):
Agreed. Agreed. I'm so glad you guys could be here. I really appreciate it. Well, speaking of being prepared, I think we have talked a little bit about enterprise security this week and what's going on in the news there. So we should get started. And as it and security professionals strive for that single pane of glass to have a really good view in the health and security of your organization, imagine if you could have what traders and investment bankers had today that's right, with their amazing Bloomberg terminal that gives you the view of the entire universe potentially related to your security and health and your network services. Wouldn't that be nice or we're gonna get to just how that could be in your near future, maybe even a standard in there a little bit as well. Plus today we, we wanna talk a little bit about verifiable credentials and identity space and the work to ensure a decentralized identities as a big effort of the Inid company.
Louis Maresca (00:05:47):
And today we have Sam Keran, he's Deputy C of Inid, and he's going to talk a little bit about just how you can actually move to a digital identity identity system that's more centralized, that's more closely related to physical identity credentials of today. So we'll talk about that. Lots of exciting stuff, so definitely stick around. But before we do, let's go ahead and jump into this week's news. Blips, malware and ransomware crews are constantly evolving in the bag of tricks to ensure they are fly under the radar when they're infiltrating organizations. According to this, the Hacker News article, the Black Cat ransomware crew is no exception here. They have been spotted in the wild fine tuning and evolving their malware arsenal to be undetectable in today's standards. Now to highlight what they're actually doing here, let's talk about one of their tools called Info.
Louis Maresca (00:06:35):
Now, there are reports of a new version of this tool, which is an info stealing malware that is designed to steal credentials stored by VM Vem backup software. It now has better capabilities to facilitate privilege, escalation and lateral movements. The Black Hat is also known by the names of Al V, or no nos or Noris attributed to adversaries tracked as core id, but also rebranded successors of Dark Side and Black Matter. Both of those were thought to have shut shut, shut down shop after high profile attacks like the Colonial Pipeline. Now, as you can see, security by obscurity and confusion is the name of the game here, including their names. The group is notorious for running ransomware as a service operations. Core developers enlist the help of or affiliates to carry out the attacks in exchange for a cut of the proceeds. Alfie is also known for some of the first ransomware strains developed in the rust language later to be adapted by other groups like Hy and Luna.
Louis Maresca (00:07:31):
Then that means they malware is cross platform and can even impact machines that run Linnux and Max. Now the evolution of the group's tactics, tools, and procedures comes more than three months after the Cybercrime gang was discovered, exploiting unpatched Microsoft Exchange Service as a conduit deploy ransomware. Now subsequent updates to its tool set have incorporated new encryption functionalities that enable them out where to reboot compromise windows machines in safe mode to bypass security protections. Its continuous development also underlines the focus of the group on data theft and extortion, the importance of the element of attacks to ransomware actors. Now, now what's also very concerning is there's also reports of groups like these being infiltrated themselves. That's right, the groups themselves are infiltrated and they're exposing their tools to less experienced people who fork them and make them their own and do bad things with them. Now, it's part of the black market many people aren't aware of. And what this means is that more and more of you will should be working with your organization to better understand the effect and standard approaches to protect yourself from ransom ransomware attacks.
Curt Franklin (00:08:39):
According to an article published today at Dark Reading Businesses should be on the lookout for attacks targeting on premises versions of Microsoft Exchange servers 20 13, 20 16, and 2019 that faced the internet. This is according to a Microsoft statement confirming two exchange servers, zero day vulnerabilities reported overnight. Microsoft said in an update today that it's already seeing limited targeted attacks, chaining the bugs together for an initial access and take over of email systems. While Microsoft said that users of hybrid servers with OWA or Outlook web access were not affected by the vulnerabilities security researcher Kevin Beaumont has said, and the security team at Rapid seven is confirmed that the vulnerabilities do affect the web platform. Authenticated access to the exchange server is necessary for exploitation according to Microsoft. Beaumont clarified, Please note exploitation needs valid non-ad admin credentials for any email user. End quote. Now the vulnerabilities or catalog as CVE 20 22 41 0 4 oh a server side request forgery vulnerability, giving access to any mailbox in exchange and CVE 2022 dash 40 0 8 2, which allows authenticated remote code execution when PowerShell is accessed by the attacker.
Curt Franklin (00:10:18):
At this time, there is no patch for vulnerabilities, though it's known that Microsoft's is fast tracking fixes. Since attacks are being seen in the wild, Microsoft has presented mitigations including a blocking rule and a URL rewriting instruction. Further vulnerabilities, organizations running the affected email servers are urged to visit Microsoft's website for more details on these mitigations. Now, it's worth noting that the vulnerabilities worth first disclosed by security firm GTS G, which is a firm out of Vietnam. The company said that it disclosed the vulnerabilities, which it described as being very similar to the proxy shell family of exchange server vulnerabilities to Microsoft last month, an act that would normally start the 120 day countdown of responsible disclosure. GTS G said that it only violated the responsibility, the responsible disclosure of protocol when it saw active attacks in the wild. Now, Bo Beaumont has dubbed these vulnerabilities proxy not Shell and given them their own logo while cautioning that the most secure action for organizations with vulnerable products is to stop using them until patches are available. He noted that successful exploitation would put an attacker in God mode within the server, a situation that would be the very definition of a very bad no good, awful
Brian Chee (00:11:53):
Day for the victim. Well, this is not an article, this is just me ranting. So warning rant on one thing was very apparent in the days leading up to Hurricane Ian's landfall, human nature was at work with crowds looking for last minute storm supplies, people getting angry at others for hoarding bottled water or other supplies, and in general, doing storm prep at the last minute. Well, my wife and I grew up in the most isolated set of islands on earth Hawaii, and with just over 95% of all bulk goods brought in by ship, any whiff of a major storm, dock strike or anything else that could disrupt shipping would cause huge runs on supplies. The management of Costco were absolutely shocked at how fast their stock disappeared when they experienced their first dock strike rumor. They actually got wiped out a hundred percent of their stock within three days, Florida, Unlike Hawaii can truck in a lot of goods and like Hawaii, anti gouging laws do exist to prevent things like $50 cases of bottled water.
Brian Chee (00:13:11):
So what I did was start stocking up in May. In gradual preparation for the June start of hurricane season, we also spent the money on ballistic nylon storm shutters. That's picture number one. This idea of these storm shutters is they are similar to bulletproof vest. It's amid yarn woven together very tightly and bolted into place. Well, our big mistake in slide number two is our contractor did a really, really bad job of measuring, and Kurt and I actually had to use zip ties to, to secure the shutters. We were not pleased. Well, I also spent the money on a standing sea metal roof with solar panels clipped to the seam so that we had zero holes in the roof. Additionally, we dug down deep into our pockets for a pair of Tesla power walls. That's gonna be picture number three. Oops, wrong one.
Brian Chee (00:14:17):
Sorry. Solar plant picture number four. The cool thing about that third picture was that the Tesla power wall allows me to track my power usage. We actually managed to start turning a lot of stuff off and got our total house power consumption down to half a kilowatt. And at that level, we were actually able to have 24 plus hours of battery life. And then once a little bit of sun came out we were able to top off the batteries. So life is good. Now, one of those things that did happen that was interesting was that the fiber internet that we had, which is at and t's absolute latest and greatest fiber internet option, is based on what's called exon. So we've actually talked about in the past the older standards called G pon, which stands for Gigabit. It allows you to take a single strand of fiber stretching from the central office out as much as 40 kilometers.
Brian Chee (00:15:25):
And every time you drop it off for a customer, you put a splitter in there, just peels off a little bit of light, and a single strand goes to the customer into a x SFP plus exon optics and allows you to drop off, in my case, one gig. But you, this particular one can actually drop off as much as five gig. Now, just across town at a slightly older installation, a a friend had the original one gig maximum at and t fiber, and that actually went out very early on in the storm. We think because that central office is based in an old bunker of some sort, that it got flooded early on during the height of the storm. And we'll see, We'll see. I'm actually trying to query some people through the at and t system whether or not that was the trick.
Brian Chee (00:16:26):
Now, the last word, folks, if you are doing hurricane pep and prep and you have a gas generator, you should be starting and running it at least once a quarter. Otherwise, like my neighbor, you'll have a carburetor gummed up with shelac. If your gas sits in the tank for long enough, it turns to shelac and it'll coat and stick everything. And basically you're gonna have to get a small engine repair shop to tear apart the carburetor and for about 300 bucks clean it up and give you back a functional generator. If you are going to buy a new generator, think dual fuel because propane does not have that issue. And the nice thing about dual fuel is that if you run out of propane, you can run it by cyphing some gas out of your car, fill your car up early. Bottom line, make sure the generator is run outdoors. So you might want to, you know, drill, put a big giant eye bolt into a sidewalk or foundation or something and chain your gas generator down. There's been many cases of gas generator or generators in general being stolen by people didn't plan ahead. So chain it down and oh yeah, if you run your generator for any extended period, you should change the oil after you're
Louis Maresca (00:17:48):
Done done Supply chain tax and securing open source software is a big undertake. We've seen the impact when you don't pay attention to them. According to the zing net article, there may be some legislation that looks to help battle some of the issues in a more standardized way. Now, the bipartisans Secure Securing Open Source Software Act is targeted at ensuring that the US government anticipates and mitigates security vulnerabilities in open source software. The purposes that actually proposes that the cybersecurity and infrastructure security agency or CSUN must help quote, ensure that open source software is used safely and securely by the federal gr government critical infrastructure and others. The proposed bill comes after the log for J security issue blew up in 2021 that we're still actually seeing floating around in the wild. Now what the bill does is attempts to move open source from the realm of policy and regulation decisions into federal law.
Louis Maresca (00:18:48):
Now, this bill will direct the CEASE to develop a risk framework to evaluate how open source code is used by the federal government. The CSA would also decide on how the same framework could be used by critical infrastructure owners and operators according to the Open Source Security Foundation. After they've analyzed the act, the CS a would produce an initial assessment framework for handling open source, code risk, incorporating government industry in open source community frameworks and best practices for, for software security. Basically, that means that Cecila won't try and rema any wheels here and they'll try to use best practices for existing open source security software. Of course, just because a bill reaches Congress doesn't mean it will become a law still, it's still, it's it's committee advanced to bill to the Senate floor on September 29th. Now, that's a very fast for any type of bill out there.
Louis Maresca (00:19:37):
That means that maybe 20, 23 3 will actually be the year for securing open source software. We should see well folks that does it for the blips. Next up we have the news bites, but before we get to the bites, we have to thank a really great sponsor of this weekend enterprise tech, and that's Cisco orchestrated by the experts at C D W. The helpful people at CDW understand that hybrid work continues to evolve and that your organization must evolve with it to succeed. And with so many options to collaborate remotely, you need a strong and consistent network to empower your workforce and keep them together. Consider a Cisco hybrid work solution design and manage by CDW experts to deliver the same quality of network experienced to all your offices, even your satellite ones, connecting your team from pretty much anywhere. Because Cisco networking keeps things flowing smoothly and securely with embedded security compliance and multifactor authentication that protects collaboration among your spread out team.
Louis Maresca (00:20:44):
And with real time visibility into distributed application security, user and service performance, you get a better line of sight in how your network is operating and how better to grow your organization. And Cisco networking levels, the playing field, providing access to flexible high end collaborative experiences that create an inclusive work environment. When you need to get more out of your technology, Cisco makes hybrid work possible. CDW makes it powerful. Learn more at cdw.com/cisco and we thank CDW for their support of this week and enterprise tech. Well folks, this now time for the bites. And when the Bloomberg terminal was introduced back in 1982, it changed Wall Street forever. It became a standard in the world of trading and banking. The terminal was a computing marvel out there. It aggregated and correlated all the data from everywhere, anywhere you can possibly imagine into one single pan From the market data to global currencies and commodities real estate to policies and politics, investors and traders have the first time a centralized data platform, which has been real time to multidimensionally analyzed data and have visibility into things.
Louis Maresca (00:22:00):
Now we live in the days of information, right? And having a single plane of glass for visibility into all your data for that you need for your job is really something that is, would make it more efficient, right? Make it more helpful for you. Right? Let's talk about security data analysis and is really a critical component there, right? It's, it's for any cyber security program. If you think about it, think about all the data that you have to sift through today, right? From endless amounts of endpoint information or issues to really separate signals and noises. And you really must differentiate between them and from the noise really, or from legitimate malicious activity that's out there. Now, one, one thing you have to do is you have to figure out, once you do have malicious activity, how do you prioritize that and take action to, to mitigate the problems or, or any of the risks that are out there and you battle against the bad guys to help your business and your and your customers.
Louis Maresca (00:22:53):
Well, you may ask, Well, what about I'm ML and ai, right? They're helping things out there. There's, there's solutions being developed by different technology providers out there. Can they help manage or advance security? Well, problem is a lot of those solutions are actually developed in isolation. They're built in a bubble and they're very complex and they don't have the ability to really scale all to all scenarios that organizations might have. The question is, what if you had a Bloomberg like terminal for cyber security? Well, that's, that's that magic single planet, single plane of glass that can gather and correlate all the data for security professionals to help them do their job. That would be amazing, right? Well, I'm gonna bring my coast back in in a moment to talk about that. Cause I want to ask them exactly that. What if they had that right?
Louis Maresca (00:23:32):
Partially, the current approaches for most organizations to actually reduce their business risk and protect critical ACC assets is really isn't working or it's not really scaling to that complex set of attack factors that are out there or methods that other people are using. And the focus has been on protecting infrastructure data centers and devices, but that's by using really a complex set of barriers to really limit access. And in fact, despite the attention to zero trust architectures out there, it seems that the industry's really struggling to turn known issues into other conversations of architecture. The businesses are encouraged to move away from those moats and castles and towards securing access and applications. But really, practitioners out there still tend to focus on building fences around the most critical assets instead of securing the assets themselves. I don't have to tell you that data is really arguably the enterprise's most important asset out there.
Louis Maresca (00:24:27):
Data breaches exposed 21 billion records just in 2021. That's why cyber mills tend to target it and governments around the world regulate it. As the enterprise transitions to the cloud, this shifts dramatically and increases the threat service of any organizations. And much of that activity is outside the visibility of security terms. Now, according to Gartner, 2022, the Gartner predicts consolidated security platforms are the future. That's right. Vendors are increasingly divided into platform and portfolio camps with the former integrating tools to make a whole that's greater than the sum of its parts. And the latter package it products with a little integration. Now, technology consolidation is not limited to one technology error even to a cross closely related set of technologies. These consolidations are happening in payroll across many security areas. I wanna bring my coast back in and throw the question out there. What if we did have a Bloomberg like terminal security professionals? What do you think, Curtis?
Curt Franklin (00:25:26):
Well, you know, this is something that we talk about with a number of vendors. And on the one hand, you're right, it, it is the platonic ideal for the, the data presentation in security. Everyone would love to have one pan of glass that would talk ab talk about things. The real problem is, is twofold. The first is who provides that pan of glass? And the, the answer is that whoever it is has a remarkable amount of control over the, the budget and the operation of the security center. Now, there, there are some companies out there who are logical candidates. Splunk is one, but even Splunk will you know, tell you that they don't really present themselves as that sole single pane of glass for security. The, the other big question is, single pane of glass for whom, you know, do the first level, you know, the tier one and tier two analysts need the same single pane of glass that the CSO gets.
Curt Franklin (00:26:59):
And, and the answer is not really, you know, each role within the organization, within the security organization is going to be getting a separate set of information that is perfect for their role. The, the fact is that the Bloomberg terminal is a great tool for a particular role. I mean, it's designed for the trader, and we can have single pans of glass for the tier one analyst, for the tier two analyst. We can even have a single pane of glass for the cso. What we aren't going to have, I think, is the single universal pain of glass that prevents the kind of alert fatigue that people are worried about being a serious issue for for analysts. Because there's just too much data. Cyber security in the modern enterprise is too complex and issue even with the necessary assistance of AI and machine learning. It's a glorious concept. I, I, I, I would love it. And so would lots of other people, but I don't know of anyone who thinks that it's a realistic possibility for any time within the next half decade or so.
Louis Maresca (00:28:50):
Good point. Now, Trooper, I wanna throw this to you cuz you've talked about seam in the past. A lot of organizations are kind of moving to this model to help them with things. Is this, is this just you know, a facade for them?
Brian Chee (00:29:04):
I actually think the issue is quite a bit more basic. It's human nature. I've been part of several I ETFs committees and one i e committee. And getting people representing different points of view or different product lines is part of a standard because that's what's gonna requires, there's gonna be required some standards to get a single pane of glass for just about anything. Now, in the case of Bloomberg, they were the big, big dog on the block and they could go and force that issue. In the case of security, we've got way too many people in the game that have way too many different issues and aspects that they wanna support. And their product line, you know, they want to sell their product line. And so getting a single pane of glass, I think is a wonderful thing I think is a great goal in life. But we're going to have an awful lot of battles in the standards committee before something like this actually happens. It's great. I, I'd like, I've seen the Bloomberg terminals. I think they are spectacular. I've dreamed about it in security or the network world, knock or sock. I just don't think we're gonna get one anytime soon because human nature bummer.
Louis Maresca (00:30:35):
Agree, agree. Yeah, I think there's a lot of solutions out there that get you only so far. And I think Curtis touched on them a little bit. Obviously there's these whole security information event management solutions. There's log event managing. There's, there's tools like Splunk and they don't, they, they're kind of like universal ways to manage some of the data that's coming in. But it, again, that doesn't give you the full view of all your assets. I know the iot devices, the number of I iot devices that even putting on the networks today, there's really no way to, to manage or a good way really to really manage all of the data and the, and logging access and everything that's coming from them. And so security organizations really need to bottle down or tighten down their efforts here and, and, and find better ways to, to aggregate and analyze data.
Louis Maresca (00:31:19):
And again, single pans of glass are usually a customized view, again, of, of, of managing alerts and and developing automation along the way to be very specific for you. So it should be interesting to see how things evolve over the next coming years. In the case of single pains of glass, I really don't think that there is a a one way to do this. Unfortunately, it's not as structured as markets that are, are out there today for things like Bloomberg terminals. But we will have to see, we'll have to see if there's, there's some platforms that are built to help standardize it. Well, folks, that does it for the bites. Next step, we have our guest drops knowledge on Thew Riot. But before we get to our guest, we do have to thank another great sponsor of this enterprise tech.
Louis Maresca (00:32:05):
And that's compiler an original podcast from Red Hat devoted to simplifying tech topics, providing insight for a new generation of IT professionals, hosted by Angela Andrews and Brent Semio. Compiler composes the gap between those who are new to technology and those behind inventions and services shaping our world. Compiler brings together stories and perspectives from the industry and simplifies its language, culture, and movements in a way that's fun, informative, and guilt free. You wanna stay on top of tech without the time spend? Well, Huh. An original podcast from Red Hat compiler presents perspectives, topics and insights from the tech industry free of jargon and judgment. They wanna discover where technology is headed beyond the headlines, right? And it create a place where new IT professionals learn, grow, and thrive. Now, compiler helps people break through barriers and challenges turning code into community, all levels of the enterprise.
Louis Maresca (00:33:02):
In fact, in one episode, they cover the great stack debate. That's right. The software stack is like an onion or a sheet cake or lasagna, or is it, it's often described as having layers that sit on top of each other. The reality is much more complicated in learning about it can help any tech career. Now the great Stack debate is the first episode in compiler series on the software stack. They call it Stack Unstuck. They explore each layer of the stack and what's like to work on them and how they come together in a whole application. There's actually another episode covers. Are we as productive as we think? Great episode. The pressure is to balance productivity with passion projects. Personal responsibilities are just with the need to rest is challenge. While their team actually spoke with tech minded creators in the productivity space on how to achieve full focus and how to make time for work, relaxation and creativity.
Louis Maresca (00:33:59):
And personally, I found each episode of Compiler to be super relevant to my job and to several current events happening in industry to talk about the productivity. One, there is work overload and productivity paranoia. That's right. We've heard it from many sources. Their episode on productivity walks you through the pitfalls and the things you experience, but don't think about when it comes to working, impacting our lives. So definitely check that out. That episode's a great one. Learn more@compileratred.ht slash TWiT That's red.ht/TWiT Listen to compiler in your favorite podcast player. We also include a link and show that for today, many thanks to compiler for their support of this week and enterprise tech. Well folks, it's now time to bring in the guests to drop some knowledge on the tw at Riot. Today we have Sam Kern, he's Deputy CTO of Indio. Welcome to the show, Sam.
Sam Curren (00:34:55):
Glad a beer.
Louis Maresca (00:34:57):
So before we get into the interesting topic of decentralized identity, cause it's a really great topic, and we, we would love to actually broaden a little bit more from our past episodes. We have a large spectrum of audiences who have different levels of experience. A lot of them like to hear people's origin stories and their journeys through tech. Can you take us through your journey through tech and what brought you to ndco?
Sam Curren (00:35:18):
I can, So I've been a nerd for a long time. But my, my entry into the identity space came mostly as a result of a conference called the Internet Identity Workshop. And I first went to that conference as a result of my grad advisor who helped run it. And so I was semi required to go but then kept going even after I graduated. And on. And in, in that community has been really powerful. It's a conference that meets every six months and in, in the, everything from Open id to to OWA style conversations happen there. Lots of decentralized identity conversations and verifiable credentials are, are always a topic. But but that community is really what got me into doing decentralized identity stuff.
Louis Maresca (00:36:10):
And we know about many identity providers out there. And when you, you know, you log in, you know, your identity then is authenticated by similarly, the same company that's out there. Now, I I dare to mentioned Facebook or meta identities out there today. The site might take a Facebook login and then they really know everything about you, and then they au authenticate you. And they kind of basically a centralized way of doing it. Now, we've heard a lot about the concept of decentralized identity. Can you maybe take us through what is it and really what the advantages of it is?
Sam Curren (00:36:39):
So decentralized identity is sort of best described in contrast to federated identity, which is kind of the world, what we, we work on mostly today where you have these organizations where you have an identity and you have other parties that decide to rely on, on those main parties. So this is the login with GitHub login with Facebook, you know, Right. Those varieties. And the, in this case, the trust in your identity comes from who you asked, meaning the information that was passed directly through one of those federated identity providers, rather than coming directly through the user themselves. And so the, the main concept of decentralized identity is that you have a core set of technologies that allow for the identity information to be passed along with the person who's authenticating but still with that trust enabled. And that's done with verifiable credentials primarily. And, and it allows you to verify the information from an authority without having to actually communicate with that authority directly in any way. And, and that's the basic idea that allows decentralized identity to work
Louis Maresca (00:37:46):
And like goes along with the normal concept of like personal identity today, where you can, you walk up to somebody and, and you can show them some piece of identification and they understand who you are and obviously it come, follows a similar concept. How, how does that happen in the digital sense though?
Sam Curren (00:38:01):
Well, so this is a really good conversation, right? Is that most of the, I I we talk about online identity, but let's go to like cards in your wallet, right? I have a driver's license as the classic example. And, and it's, it's good for a number of reasons. If I wanna go go into a bar, they look at my driver's license to see if I'm old enough to be served alcohol, right? And and so that's a, a, a, maybe an unden an unintended use of my driver's license. The state issued it to me to be able to keep track of who's authorized to drive a vehicle. But it gets used for lots of other cases. Proof of addresses, one of them. Certainly I can use it when I go to the airport. And so there's all these sort of side effect use cases of identity.
Sam Curren (00:38:42):
And that's n not a bug, that's actually a feature. And federated identity doesn't really allow that today. It doesn't allow me to present the data that I might have from a variety of online, you know, authorities or providers and, and presented sort of anywhere that I wish for whatever purpose. And so one of the side effects of of decentralized identity is that if I am issued a credential that has these verified claims in it, then I can go and present it to somebody else without the issue or actually knowing or being involved. And that actually promotes a wide variety of identity based use cases that aren't really supported using the, the online identity models that we have
Louis Maresca (00:39:20):
Now. We, we hear a lot about decentralized identity and how it relates to the, the web three, you know, 3.0 concepts that are out there. How is this kind of relating? Is it, is it used blockchain technology?
Sam Curren (00:39:30):
So it can, it doesn't have to, This is a, a large area of contention. So blockchains turn out to be really great for high available immutable data that you know, that, that everyone can refer to. There's often consensus mechanisms which makes them attack resistant. And so the short answer is, is no, you don't have to use a blockchain, but you need to be ready to solve all the problems that a blockchain does if you want a robust system to be built on it. So underneath verifiable credentials are, are usually DIDs decentralized identifiers. That was a standard recently ratified by the w3c. And not all did methods have a ledger underneath of them, but many do specifically because of the advantages that ledgers give you. But, but no, not technically required.
Louis Maresca (00:40:15):
Interesting. So you know, we hear a lot about, we've had a lot of you know, identity and you know, experts on the show, and they've talked a little bit about Fido and the technologies that go along with that. How, how is it different maybe, how is it, how's it complement decentralized identities?
Sam Curren (00:40:32):
So Fido is primarily the idea that rather than using something like a username and a password, that you're going to prove key ownership. And you do that by typically signing a challenge. And often that's a hardware device or an app on your phone that helps you to do that. Decentralized identity takes that concept a little further in the sense that not only are you proving key ownership, but you can actually then communicate based on your decent decentralized identifier you did and, and actually interact with other folks as well. So it's, it's a similar concept, but advanced further in, in a way that I think is really powerful for the internet. I mean, you've, this probably come up on the show before you don't. The internet was created with that an identity layer primarily because all the people that were running it knew each other originally.
Sam Curren (00:41:16):
And so as that expanded, we kind of have never really gotten there. The closest thing we have today is an identity layer is email addresses, because you can both prove access to them, and they're a method of communication. And so Fido does the prove who you are or that you, you are in possession of, of the same hardware security token that you were last time. But doesn't really solve the communication aspect. And so decentralized identity ventures further into that road to, to for both communication and for portable trust and verifiable credentials. So it's similar ideas at the start, but it takes it a little further on purpose,
Louis Maresca (00:41:52):
Right? So decentralization and democratizes data and access, it sounds great, sounds great for individuals, but what is really the real advantage for organizations? Like what, what, what, what, what's the means for them to move to it?
Sam Curren (00:42:06):
So a huge example that's often overlooked is decreased integration costs. And I'll give you an example that, that we as a company have, have worked with. We did a pilot project with the island of Aruba and the, and the health department of, of of New York State. This was mid pandemic. There was a project already going on that seated was helping with to eliminate lines in airports when you arrive at a destination. But the pandemic showed up. And so the efforts pivoted to, to focus on the pandemic. And as part of that, they wanted to know that that the, the island wanted to know that you had a, a particular test that you were either vaccinated or you had a negative covid test. And they didn't directly have a relationship, of course, with all the health departments that could exist in the us.
Sam Curren (00:42:54):
And so the technology that we use, verifiable credentials, of course the, the, the subject was issued a verifiable credential of their test results and could then present them when they arrived in Aruba, or actually in advance of arriving at, at Aruba as well. And, and the advantage there was that there's some governance, I'm glossing over a handful of things, but the governance involved meant that Aruba could trust the test results of a, of a health lab that they had never communicated with or heard of before because of the architecture of, of making this happen. They, it's a little bit funny, but when you hand trusted data to the holder and they, and, and and they present it to the party that needs to verify that data, you're kind of sneaker netting trust. You know we, we joke about sneaker net.
Sam Curren (00:43:40):
You load something onto a, you know, in the old days of floppy disc or, or a USB thumb drive, and then you walk it to its destination. And in some ways, that's kind of what we're doing with verify work credentials, rather than worrying about how the issuer in the verifier that the, the data authority and then the person that wants to verify the data, how they communicate, you simply give that data to the user. Of course, it's, it's tamper resistant because of the cryptography, and they just move it to wherever they, they need to take it with them. And so it solves a lot of integration issues. You know, if, if you didn't have verifiable credentials, there was likely need to be a, a new organization created that, that handled a whole bunch of database integrations and, and and, and costly systems to run because they need to be highly available. And verifiable credentials allow the same trust properties, but without all of the high infrastructure costs in the, in the, in the requirements that are normally involved with, with the integration of, of multiple data systems.
Louis Maresca (00:44:38):
Now, one, one question we always get from organizations out there, obviously they like to hear about all the new technologies and, and methods out there. They're using, you know, standard IM structures and, and setups you know, with, with normal eye open ID providers and so on. What would it take for an organization, small or large to move to more decentralized system? What, what is the kind of the process for them to do that?
Sam Curren (00:45:02):
So there's a couple of different options that are emerging. One of the ways to issue or verify CR Verify credentials, leans on open, Id connect directly such that you can pass a credential over that same existing connection. Microsoft has a product that allows you to issue credentials out of active directory. And and so that's a, that's their sort of foray into offering these sorts of things to enterprises. And there's, there's some new technology as well that's emerging that, that that is different on purpose from the, from the other integrations because of the advantages that it gives you. In the enterprise world, we tend to think that you, you run stuff, you, you run something like an api. You, you host the infrastructure and make that happen. That works well when you're talking with other companies or, or, or or partners that also host APIs. A decentralized identity offers the potential for people to be peers rather than clients and interactions. And so interactions that are, are adopting that type of stuff involves a little bit more sort of deeper integration to gain those benefits. But there you can definitely get started with things like Open id connect and and other, other style of other similar styles of, of interaction that, that work similar to or alongside the technologies that you have in place today in an enterprise.
Louis Maresca (00:46:23):
So I do wanna bring my cohost back cause they're chopping at the bit here to ask some questions. They love this, this topic. I wanna throw it to Kurt first. Kurt.
Curt Franklin (00:46:32):
Thanks, Lou. You know, one of the things that, that I wanted to ask about, we've seen a lot of attention being given on the identity side to the, the point at which the identity system and the user come together. So, you know, all the different factors in authentication, the experience, trying to reduce the friction of the experience, all of this thing. Why do you think it's important to focus on, if you will, the back end of identity? I mean, could not the argument be made that we need to make sure that the front end, that, that, you know, the sharp point of the identity system needs to be perfect before we worry so much about the back end?
Sam Curren (00:47:23):
I don't think we can perfect the front end without working on some of the back end. Ignoring user experience, of course, is, is a profound way to fail. And, and that's not anyone's intention here, but I think we have tried to solve identity at some higher layers, and we still have struggles that that identity hasn't really solved yet. Open idea is great, federated identity is great, but it hasn't really solved some of those fundamental things. And I think we're, we're reaching the limits of what the existing technology can provide for. And so we're having to go deeper to try and, and, and reorganize some of this stuff. At the same time. A lot of the stuff we're doing is not new. Ledger technology is newish but but pka technology is not new. And, and a lot of what we're doing even the, the ledgers are doing is, is simply sort of a remix of PKI in an attempt to get PKI to, to go further than it has before in helping us solve problems.
Sam Curren (00:48:19):
So I, I think that the reason we're going a little deeper than some of the identity technologies is because we're running into the limits of what we can do with the old models that we had. By having a new model of decentralized identity we can get past some of those barriers that exist and and, and then carry that progress forward into the UI that the, you know, that the user experience of, of end users and, and and those that, particularly those that are not technically educated in order to help them make good decisions about, about identity and authentication and, and the other types of things they need to interact with.
Curt Franklin (00:48:55):
Well,
Sam Curren (00:48:56):
That, that get deep enough for you, is that
Curt Franklin (00:48:58):
That was perfect, and I'm gonna give you a chance to, to get deep on, on a another topic that's, that's related because it seems like one of the things that you're doing here is putting ownership of the identity information, the identity data with the user. I mean, they're, they're responsible for their, you know, or the, the, the data is attached to the user in a, in a significant way, rather than being something that a single organization holds out in a store somewhere.
Sam Curren (00:49:33):
Yeah. So so instead of, so instead of ownership, I'm gonna, I'm gonna use the words control not because ownership isn't involved, but it's a deeply complicated subject, particularly in most data actually has multiple owners. But, but control of the data in this model is directly involves the user. And, and we feel like that's fundamental to needing to reaching some of the privacy requirements that we have and also reducing the, the types of attacks that are possible. When a lot of data is held in one place that that ends up as a natural honeypot I will mention that verifiable credentials do not require the original source of the data to delete that data in any way, but rather to use verifiable credentials to allow the, the user, the person to actually control where it goes.
Sam Curren (00:50:20):
The nice part about a verifiable credential is that the users involved in the process of presenting that credential which means that the consent is actually built into the, to the architecture as opposed to being something that we sort of tack on afterwards. A lot of health information exchanges for example today have a lot of data about users and they do their own authentication in their own management about who should be allowed to access that based on their, their roles or or position wherever they are. And, and that's sticky when you get wrong. And so anytime we can involve the user in a natural process of granting permission or authorization, architecturally speaking, it means that it's harder to foul that up and to get it wrong. And so a lot of a lot of companies are turning to decentralized identity to solve legislative issues whether it be GDPR or CCPA or, or the, the other ones coming down the pike. It's a lot easier to prove that the users are consenting to the types of information flows that you're using if they are literally architecturally a part of how the information gets to part from from party A to party B. So it solves a lot of issues there. As, as for regulatory compliance in particular,
Curt Franklin (00:51:33):
Well, speaking of regulatory compliance, let, let me ask the big one. Obviously something like GDPR is heavily concerned with the information around the individual who controls it, where it's stored all of this. And on the one hand, it sounds like your system would work very well within GDPR because it addresses some of the sort of foundational issues of who owns and controls the data. On the other hand, I know that GDPR is fairly prescriptive in a number of ways and prescribes things that fit with some other assumptions about how data is stored. So is this an issue that you're having with gdpr or does your, your fitting within the, the core concepts and the core direction of GDPR make it easier to meet all of the prescriptive issues?
Sam Curren (00:52:37):
So the main question that always gets brought up is that we're interacting with a ledger and ledgers don't delete things. And so the, the first thing that I'll mention is that while we off most of our solutions use a ledger that's really uninteresting, the only thing that ends up on a ledger is a public key on identifier and often an endpoint. And so there's not actually any PII that goes on the ledger personally identifiable information. Now, the, that goes on a ledger on purpose. All the, all of the, that personal information is actually transferred party to party directly. And so that the, there's not a permanent record, of course, even hash door encrypted that ends up on a ledger. And, and that's pretty important. GDPR is not really a problem. Bec it was written in such a way that allows us it took a while for the ledger world to sort of understand how it would apply but it turns out to be okay.
Sam Curren (00:53:27):
There are some future legislative efforts that we're paying more attention to. There Europe is working on e i two, which is a which is the second version of their, of their digital identity framework that they're promoting. And there's definitely some legislative decisions that don't really favor the growth of the right technologies. And this is hard. I understand when legislators wanna make things better, but it's really difficult, particularly with rapidly moving technology to legislate things that only do good and don't do bad. I mean, this is a little bit of a squirrel, but but the USBC regulation that, that, that, that the Europe has decided on, I don't think is actually very good. Not because I don't like usbc, but because I worry that it will stifle innovation of a better plug design and to back apply that to decentralized identity.
Sam Curren (00:54:18):
I think that if you make the wrong legislative decisions, there can be long term consequences to the development of this technology. Most you know, most computer professionals are not necessarily very current on things like verifiable credentials because they, they just haven't run into it yet. Mostly. and, and so to expect legislators to make nuanced decisions about what requirements should be or should not be in legislative frameworks could often be really difficult. Decentralized identity was created in ex on the timeframe such that that the GDPR didn't really consider it in the creation of, of that legislation. And so we're lucky that there's not a real conflict there. But but we don't, we can't expect that to happen every time something like this comes along. So part of being involved in, in identity is trying to communicate and guide you know, governments as much as you can into either adopting or at the very worst, not harming the development of this privacy preserving technology.
Brian Chee (00:55:22):
My turn, my turn. I let, let's go back to the example of the driver's license. I've worked in the federal government a lot, and you would not believe how many fake driver's licenses. I've actually seen one of the great wishes in law enforcement has always been a way to rapidly and easily validate that a driver's license is real. Can we use blockchain?
Sam Curren (00:55:57):
We can. So I'm gonna, I'm gonna rephrase your, your, your plea here. Can we use decentralized identity? Blockchain is sometimes involved and the answer absolutely is yes. There's the government already has verified information on you. That's what they're using to like print a driver's license. Cryptography is a lot harder to break than to create a fake looking replica of a driver's license. Let's not even get into like covid vaccination certificates, but, but even a driver's license, you know, it's not that hard to fake on approximation, but cryptography either checks out or doesn't check out, and that's one of the advantages of it. And so I, we can definitely get to that point. There's two types of trust that are required to really get a, a driver's license. The way you're describing one type of trust is crypto cryptographic trust.
Sam Curren (00:56:47):
You're, you're making sure that it has not been tampered with since it has been signed by a particular key. The second type is a, is a governance trust, is that just because it's been signed by a key doesn't mean it's been signed by the right key or the right set of keys. And so there, there needs to be the development of government system governance systems that allow police officers or even regular individuals to be able to validate that a driver's license is in fact real. And so, and to that is a lot more of the organizational or logistical side of pki. Then the actual cryptographic side, how do we know that this, that this driver's license was issued by the, the, the, the state you live in instead of like Joe down the street, right? Because Joe can also make up a key and create that cr you know, create a verifiable credential and sign it properly.
Sam Curren (00:57:40):
But it doesn't matter because no one cares what Joe thinks. Or, or, or the fact that Joe's issuing a dr a driver's license. And so that we, we've got a reasonable handle on the cryptographic trust side of things on how to make this work. The governance side is still developing. We're actively involved in that. The Aruba example that I gave was a, was a huge leap forward in demonstrating that type of decentralized ecosystem governance. But but that type of architecture that allows existing authorities to be recognized for the information that they should be trusted for is, is a really important area of advancement that I expect to see a lot of movement in within the next year.
Brian Chee (00:58:17):
Okay. So my next question is, I'm gonna ask how, you know, let's, let's go into your crystal ball. Apple seems to think that they're gonna try and backdoor in a, a identity dongle with their Apple Cash system. What do you think are, do you think they're on the right track, or do you think Apple's just trying to get more apple hardware out?
Sam Curren (00:58:45):
Apple does a good job serving Apple. I think it's a mistake to assume that the decisions that Apple makes are really for the large benefit of humanity as a whole. And so there's, there's definitely a lot of concern about that. In, in fact, one of the efforts that is very, very new, it's called the Open Wall Foundation at the, that's being formed at the at the Linux Foundation. And the, the motivation there is is to try and prevent the further calcifying of mobile vendor wallets as being the only wallets that people actually use on a device. I don't don't know how successful that effort's going to be. I am optimistic about it. But I think that but I, I think there's a lot of attention in how we guide or influence those mobile platforms to do the right thing.
Sam Curren (00:59:36):
And I have two opinions here. One is, it would be great if they did the right thing, and they actually joined and, and worked with a larger community of experienced professionals that know how to do this stuff and, and got on board with that. On the other hand, I don't think they can really kill it unless they decide that they're not going to allow any apps on, on their mobile platform that that perform wallet like functionality. Because there's already a whole bunch of apps out here that, that allow you to interact with verifiable credentials. And and so unless they decide to kill those, I don't actually think that they can impede our progress very much. I think they could accelerate it if they chose to get involved and to do things in, in a healthy way. But I don't think they can actually impede its development in particular very much.
Sam Curren (01:00:19):
They could be annoying about it, but I, I think ultimately that we're gonna end up with a much better solution in the future because of that. So I hope you know, development never happens quite as fast as you hope it will. But I hope that that we can keep moving at a pace that, that the mobile vendors are going to have to pay attention at some point and and, and then get involved and hopefully they make good decisions when they do. So that was a little bit of a squishy answer to your question, and hopefully that was what you're looking for.
Louis Maresca (01:00:49):
Fantastic. Well, unfortunately, time flies when you're having fun. The show went really fast. Sam, thank you so much for being here. Since we're running a little low on time, we do wanna give you a chance to tell the folks home where they can find out more information about Inicio and maybe even decentralized identities.
Sam Curren (01:01:05):
So I do work for a dco adio.tech is, is the UI there that will help you find out more. We are a company that strives to help people with identity problems. And so we lean heavily on open source. We contribute to the related projects in the ecosystem. Lots of them basic Hyperledger. And we're involved at working groups all over the place with different organizations. And so I have two general pleases. If you are interested as a company we'd be happy to as Indio to talk to you about this. And, and even if you're not interested in using us as a vendor and you're interested in this, then please get involved with the the community efforts that exist. The Decentralized Identity Foundation is one of those groups.
Sam Curren (01:01:49):
The Hyperledger Indian Aries projects are, are very focused on this. And the the W three C Community Credentials Group is another area where lot's done about this. If you, if speaking about identity for three action packed days where you set the agenda is in your interest in the middle of November, the Internet Identity Workshop is an excellent place to attend. In any of those community events, you'll, you'll meet lots of people. You can get involved and into and to help further the work along. We likely need your expertise and perspective and that will help the whole thing be better. So whether we can serve you as a, as a consulting company or one of the products that we have will help accelerate your efforts, that's great. If not, we'd love you to get involved in the open source community. We're a big believer and a big supporter of it. So thanks. And and I hope to see all of you involved.
Louis Maresca (01:02:40):
Well, folks, you've done it again. You sat through another hour, The best thing enterprise and IT podcast in the universe. So definitely tune your podcaster to TW it. I wanna thank everyone who mix makes this show possible, especially to my cohost, starting with their own. Mr. Curtis Franklin. Curtis, what's going on for you in the coming weeks where it could people find you?
Curt Franklin (01:03:00):
Well, this week they could have found me doing hurricane prep with any luck at all, they won't be able to find me doing that next week. Instead, they'll find me back hard at work, at Dark Reading and Omnia, where I'm working on a number of projects. I'll be publishing on dark reading. Follow me on Twitter at KG four gwa. Follow me on LinkedIn. I'm Curtis underscore Franklin. And if you're gonna be in central Florida in the early part of November, feel free to follow me all the way to the Orlando Maker Fair. We're getting ready for that. It is one of the largest maker fairs around and certainly the largest in North America that is produced entirely by volunteers. And I will be one of those volunteers. Look forward to seeing folks at one of the world's great show and tell experiences.
Louis Maresca (01:04:02):
Thank you, Curtis. Looking forward to it. Well, we also have to thank our very own Mr. Brian Chi sheer. What's going on for you in the coming week? Where can people find you?
Brian Chee (01:04:11):
I am cleaning up. There's an awful lot of stuff to clean up, not the least of, which is next big task is drying and folding and taking down the ballistic nylon storm shutters, which they worked really well, but, you know, maybe just maybe I can get ahold of the company and get them to learn how to measure. Anyway, back to the show we'd love to hear from you. And on Sky on Twitter, I am a DV N E T L A B advanced Net Lab. Hold over from the days of working at the University of Hawaii. People keep asking where did sheer come from? And that came from my students the Advanced Network Computing Laboratory. My, we had a naming theme of using Dilbert names. And my student Mike Canata decided since we had Dilbert, Catbert, Rat, Burt, and so forth, that I had to be cheaper.
Brian Chee (01:05:13):
Anyway, that, that'll answer your curiosity. But my curiosity is I would love to hear show ideas from you folks. Now, we, we do have an awful lot of shows booked but we have wiggle room and I try to go by themes. Identity is definitely one of the themes. Sas you name it, we have lots of different themes that we try to fulfill and a lot of the bookings are fit into those themes that you suggest. So we'd like to hear from you. The other way of hearing from you is you can throw email at me. My email is cheaper, C H E E B e RT TWIT tv. You're also welcome to send email to TWiT TWiTtv and that'll hit all the hosts. We'd love to hear from you, even if you know your na in your native language, I'll just beware. I'll be using a machine translator. But we've had some amazing questions from folks in France, Germany Africa. I actually still correspond with some folks that live in Joburg, South Africa. And we can have some fun bouncing some ideas back and forth. So we'd love to hear from you. I'd love to hear show ideas, just, you know, to the folks in the Carolinas that are getting the Ian, be careful. Be safe,
Louis Maresca (01:06:50):
Thank you, cheaper. Well, we also have to thank you as well. You're the person who drops in each and every week to get your enterprise and it good news to listen to our show and wanna make it easy for you to watch and listen to catch up on your IT and Enterprise News. To go to our show page right now, TWiTtv/quiet amazing page there that you'll find all the amazing backup episodes, the show notes, cohos information, guest information, of course, all the links of the stories that we do during the show. But more importantly there next to those videos, you'll get those helpful. Subscribe and down the links. Support the show by getting your audio version or your video version of your choice. And listen on any one of your devices or any one of your podcast applications cuz we're on all of them. So definitely subscribe and support the show.
Louis Maresca (01:07:32):
But you've probably also heard of our club TWI as well is a really great members only add free podcast service with a bonus TWI plus feed that you can't get anywhere else. It's only $7 a month and you can get a lot of great things with Club TWiT. In fact, one of them is the exclusive access to the members only Discord survey. You have a lot of great channels in there. You can chat with hosts and producers. You can have separate discussions and all the amazing channels in there. Plus they also have special events. That's right. So check that out. Lots of fun discussions and channels. So join Club TWI and be part of the movement. Go to TWiTtv/club TWiT for more information. Now, Club Quit also offers corporate group plans as well. It's a great way for your giving your team access to our ad free Tech podcast plans.
Louis Maresca (01:08:15):
Start with five members at a discounted rate of $6 each per month. And you can add as many members as you like. And this is really a great way for your IT departments, your developers, your tech teams, your customer service people to stay up top of all of our or have access to all of our podcasts. So definitely have them join as well. Just like regular memberships, they can join the twi, this scored server and get that TWI plus bonus feed as well. So TWiTtv/club TWiT Now after you subscribe, you can press your family members, your coworkers, your friends with the gift of TWiT cuz we talk a lot about fun tech topics on here and I guarantee they will find it fun and interesting as well. So definitely have them run out there right now and subscribe and be part of the fun. But speaking of being part of the fun, we also do this show live that's right, 1:30 PM Pacific on Fridays.
Louis Maresca (01:09:02):
And we have a live stream. If you go to live.Twittv there, all the streams are there. You can choose from the ones that are lo lowest latency for you. And you can watch the show, you can watch how the pizza's made behind the scenes, all the banter, all the fun we have here on twi Live on the stream. Plus, if you're gonna watch it live, you might as well join our chat room as well. It's irc twi tv, infamous chatroom, and you have all the, the, the reoccurring characters in there. Plus all some of the new characters that, that come in and join us during the show. Ask some questions, sometimes actually direct the show and different vectors. So definitely being there and be part of the show. Be part of the conversation at IRC Twitter tv. Now, definitely hit me up during the week or in the weekend at TWiTter.com/lum.
Louis Maresca (01:09:46):
There I post all my enterprise tidbits. I get a ton of great dms from people about show titles and show options and topics. We talk a lot about fun tech topics. So definitely hit me up there, there on LinkedIn, wherever, wherever you reside, wherever you have you know, you post your stuff, definitely hit me up there. Plus if you wanna know what I do do during my normal work week at Microsoft, definitely check out developers.microsoft.com/office. There we post all the amazing and laser greatest ways for you to customize your office experience, generate macros whatever you wanna do with your office installation or your servers to make it more productive for you. Make it more useful and automated for you. So definitly, check out all the latest and greatest ways for you to do that there. I also wanna thank everyone who makes this show possible, especially the Leo and Lisa.
Louis Maresca (01:10:37):
They continue to support us each and every week, and we couldn't do this enterprise this week at Enterprise Tech without them. So thank you for all their support. Of course, all the staff and engineers at twi, I wanna thank them as well. Of course, I wanna thank Mr. Brian Chi one more time. He's not only our co-host, but he's also our tireless producer. Here's all the show bookings and the plannings for the show, and we really couldn't do without him. So thank you cheaper for all your support. Of course, before we sign out, we have to thank an editor for today. Of course, he, he's gonna make us look good behind the, behind the scenes after the fact. So thank you for all your support and of course cutting out all my mistakes. And of course, I wanna thank our TD for today, The talented Mr. An Per. He does an amazing show called Hands on Photography, which I religiously watch each and every week I learn new things about cameras. In fact, I'm using new settings from an one of an's episodes right now on my on my stream here. So definitely to an thanks to an for that. And what's so, what's going on this week and hands on photography?
Ant Pruitt (01:11:31):
Well, sir, this week, thank you very much for allowing me to plug the show. But this week I sat down with Alexis Carma. He's a Bay Area photographer here, but he does a lot of work in, in LA and New York, working with brands and working with all the celebrities. And he's just a really cool guy. Great story, great energy. Definitely go check that one out. TWIT TV slash hop, That TWI tv slash h o p.
ANNCR (01:12:01):
Thank
Louis Maresca (01:12:02):
You sir. We look forward to seeing you next weekend. Until next time, I'm Lewis Mosca. Just reminding you, if you want to know what's going on in the enterprise, just keep tw.
Rod Pyle (01:12:12):
Hey, I'm Rod Pyle, editor in Chief of Ad Astra magazine. And each week I joined with my co-host to bring you this week in space, the latest and greatest news from the Final Frontier. We talk to NASA chief space scientists, engineers, educators and artists, and sometimes we just shoot the breeze over what's hot and what's not in space books and tv. And we do it all for you, our fellow true believers. So whether you're an armchair adventure or waiting for your turn to grab a slot in Elon's Mars Rocket, join us on this weekend space and be part of the greatest adventure of all time.
