This Week in Enterprise Tech 515, Transcript

Please be advised this transcript is AI-generated and may not be word for word.
Time codes refer to the approximate times in the ad-supported version of the show.

Louis Maresca (00:00:00):
On This Week in Enterprise Tech, we have Mr. Brian Shamus, Chris Franklin back on the show today. China's being blocked by multiple US agencies on imports and exports, as well as selling tech cyber attacks by spoofing Google Translate using unique phishing attacks plus super clouds with our fabulous guest, Lori Mc, bitty from F five. Definitely shouldn't miss it. Quiet on the set.

Speaker 2 (00:00:23):
Podcasts you love from people you trust. This is TWiT.

Louis Maresca (00:00:36):
This is TWiET This Week in Enterprise Tech. Episode 515  recorded. October 14th, 2022. Supercloud Unmasked. This episode of this week, Enterprise Tech is brought to you by IT Pro tv. If you're looking to break into the world of it or if your IT team needs to level up, get the introduction you need with IT Pro tv. Check out an IT pro TV business plan by visiting IT pro tv slash enterprise today and by Melissa. Make sure your customer contact data is up to date From Melissa's APIs in the developer portal, it's easy to log on, sign up and start playing in the API Sandbox 24 7. Get started today with 1000 records cleaned for free at

Welcome to twt this week in enterprise tech, the show that is dedicated to you, the enterprise professional, the IT pro, and that geek who just wants to know how this worlds connected. I'm your host, Lewis Maka. You guide through this big world of the enterprise, but I can't guide you by myself. I need to bring in the professionals and the experts starting at their AR on Mr. Brian Cheese net architect at Sky Fiber network expert, security expert all around tech geek. He does everything sheer. How are you doing, my friend? What's keeping you busy this week?

Brian Chee (00:01:55):
Oh, it's keeping me busy is some really good drugs. Trying to get my back to on Loosen and stop twining. Every time I move around too much it's like wow, I am getting old. I hate this

Louis Maresca (00:02:09):
<laugh>. Yeah, yeah. Well you got a lot of walking to do, right? I mean the convention center for Maker Fa ir is big, right?

Brian Chee (00:02:14):
Well, it's actually at the fairgrounds, Central Florida fairgrounds. But yeah, I'm gonna be doing a lot of walking, so this is gonna be an event where I really wish I had gotten further on that electric cart that I want to build. I was gonna do an electric cupcake but since I didn't make it for the fair, maybe I'm gonna make a small version of a 42 19 42 Ford Woody maybe. That'd be fun. Very nice.

Louis Maresca (00:02:45):
Very nice. Yeah, my kid's been trying to push me to buy some those, They're pretty cheap electric motors now, 150 bucks or whatever for a high wattage motor on obviously to get the batteries. But they want me to build something like that too and it's like, oh, with the time that I have, Sure.

Brian Chee (00:02:59):
Yeah, the motors aren't the hard part. Yeah,

Louis Maresca (00:03:03):

Curt Franklin (00:03:03):
Know, right?

Brian Chee (00:03:04):
The expensive part are the batteries. That's why I recommend, I recommend to anyone that wants to do this, take a look for at JHU Garcia, J E H u Garcia, he's also known as JAG 35 on Facebook. His company actually survives on recycling batteries and teaching people how to build their own power walls and power packs and electric bicycles and stuff like that. So they actually recycle old laptop battery packs, split 'em open, test the batteries, recycle the bad ones, and then resell the good ones. So you could have a battery pack for an electric vehicle pretty cheaply if you're willing to spend some time on it. Right,

Louis Maresca (00:03:53):
Right. It's really cool, Really cool. Well it's great having you here at Cheaper. What we also have to bring in a man of many talents as well has a pulse on security in the enterprise world and he's our very own Mr. Curtis Franklin, Senior analyst at imd. Curtis, it's always great to have you back. What's been keeping you busy this week?

Curt Franklin (00:04:10):
Well, it's great to be here, Lou, and enjoying being in the middle of Cybersecurity Awareness month. October is cybersecurity awareness month. So you know, have to get out all of your cybersecurity awareness costumes, get the decorations out, make plans for your cybersecurity awareness parades. It's a big deal. So everybody should be hauling out their cybersecurity awareness stuff holds off the decorations for those other HO holidays that come up for just a little while longer because the big box stores are full of cybersecurity awareness month decorations.

Louis Maresca (00:04:57):
Don't you wish that awareness was that easy?

Curt Franklin (00:05:01):
<laugh>? It would be wonderful. It would be wonderful. I still love having neighbors who ask me about things because they will say, Oh, I got this dodgy looking message and so I sent an email back to the people who sent it to me telling them that they should be ashamed. That was the right thing to do, wasn't it? He said, Well, yeah, just stop talking to me about security and for heaven's sakes, don't call me when all of your accounts disappear.

Louis Maresca (00:05:35):

Curt Franklin (00:05:36):
Right. That's right. Just know indeed.

Louis Maresca (00:05:39):
Well thanks for being here, Curtis. Speaking of that, they should be watching TWiET cause we have a lot of awareness on this show and in fact, speaking of awareness, there's been a lot going on in the enterprise this week. Several new moves by the government agencies of the us. They're trying to actually impact China's technology expansion, exporting into the U and exporting and importing in the us. So we'll talk a little bit about some of the moves that are going on there, what it actually means for the industry. Those organizations are always asking us about cloud vendor lock in hybrid clouds, and of course the big industry term of digital transformations. Well, today we have an expert on Lori McVety. She's distinguished engineer with F five and we're gonna learn the truth about it all and whether super clouds can become a real thing. Let's, lots of exciting stuff to talk about here, so definitely stick around.

But first, like we always do, we have some enterprise tech news to talk about here. So let's jump into this week's news blips, if you thought the chip industry was having supply issues. Now just think about the near future. According to this Reuters article, this past week, the US Commerce Department passed a sweeping set of regulations aimed at knee capping advancements in China's semiconductor industry. You may be thinking how bad can it be if it's enforced broadly, it can impact research and commercial data centers from using advanced AI chips. It can also prevent Chinese chip fabs from acquiring the necessary manufacturing equipment and having potential to actually impact people's jobs at these companies, both foreign, foreign and domestic. And a calculated reply from the China Semiconductor Industry Association, they say quote, not only will such a unilateral measure harm the further global supply chain of the semiconductor industry, but more importantly it will create an atmosphere of uncertainty that it will.

Part of this could be due to China's civil military fusion. US national security is responding to China's pursuit of strategic dominance and economic sectors that are also critical for military modernization. Now here are some of the controls. The newer regulation now holds when sending items of any sort to an integrated circuit F in China whose production meets one of the three criteria. One logic that's either a non-player or has a smallest feature side under 16 nanometer dynamic random access memory with a smallest feature size under 18 nanometer. And through number three, producing or developing NA flash memory. And there's also compliance reasons here. Compliance wise, US persons must either get licensed or confirm that their export to China isn't for these purposes. Now as you can see the lots of blocking statements here and red tape thereafter to prevent loopholes. Now the question is, will the United States r and d sector run fast enough to catch up to the technology gap? This will actually create now with the market on the downward trend and new regulations going into place, the bottom of the barrel still not in view. One hopes this is a fuel to a fire of innovation that will be required to level the playing field.

Curt Franklin (00:08:49):
Researchers from Aon, which is part of Checkpoint, have uncovered an ongoing fishing campaign that uses a common JavaScript coding technique to bypass email security scanners using Google Translate. According to an article on dark reading, it's an approach researchers haven't seen before, but worry they'll see again if it's at all successful in harvesting user credentials in the attack, users receive an email message that gives an urgent message about responding to this message or risk having the account closed messages provide a link that directs the users to a credentials harvesting page that appears to be a legitimate Google translate page with a prepopulated email field that requires only that the person enter their password to log in. The blog post announcing the discovery researchers wrote that the attack has a little bit of everything a unique social engineering on the front end leveraging a legitimate site to help it get into the inbox and using trickery and obfuscation to confuse security services.

The attacker's developers use the JavaScript Unes escape function to mask the true contents of the malicious webpage. It's commonly used, but it can't obfuscate the actual URL of the links in the message URLs that really have nothing whatsoever to do with Google Translate. It's yet another reason to do most of your email opening on your computer where the old hover over the link technique still does a pretty good job of showing you where the link actually goes and where you can sit back, relax and wonder why random people would know that your mailbox is full and about to be deleted if you don't act immediately.

Brian Chee (00:10:34):
All right, so this is an interest interesting image. So Mr. Ant, if we could bring up that image. Everybody's seen these types of high voltage towers all over the place. A lot of 'em go between cities or between neighborhoods or regions and whatever. They're carrying some very, very high voltage. Now this isn't a story about power lines specifically. The blip today is more about the RF interference generated by high voltage power lines and radio towers. So in a story from my buddies at on the Interrupt net team where one of them was trying to troubleshoot a really odd air message on his Fluke land meter, this head scratcher wasn't found online or in any of the manuals. So he gave our friend Neil Allen, who was then with Fluke Networks. A call seems the error was odd enough that Neil had to look it up and came up with a question, was he anywhere near a radio transmitter turning slowly around?

He saw not far outside the window of the high rise office building was in a white and red radio transmission tower. The moral of the story is that any network that uses a metallic conductor for its layer one, meaning the physical connection can be affected by RF interference that like those from high voltage power lines or radio antennas. Just think back to those images of folks holding a fluorescent light tube up in the air below high voltage lines and seeing them light up without being connected to anything. The reality is in some cases you might need to shift to shielded twisted pair instead of normal CAT six. Or in some extreme cases like what I had to do in engine rooms onboard lots of ships, I've had to shift to fiber optics. One last story. Back in the day, Hawaiian Electric ran high voltage power lines that had fiber optics in them and what they did was they actually rented the dark fiber. The Bank of Hawaii in hon loved this and had a direct connection from their main data center to their downtown office tower. Sadly, the Public Utilities Commission didn't like it and put the kabosh on the whole thing. Darn

Louis Maresca (00:12:54):
Crowd sourcing and funding is not just for podcasts and do it yourself projects anymore, it's also for distributed DI denials service attacks as well. According to this bleeping article, bleeping computer article, a pro Russian group created a crowdsource project called DDoS IA that pays volunteers launching distributed denials service attacks against Western entities. Now, DDoS attacks are typically simple to carry out but carry a lot of punch and impact. That's why they go, they're the go-to weapon of activists with individuals or groups or even governments. Now adding financial incentives to the process is a new strategy for hacker groups and government entities. Now that means attackers don't have to believe in the cause anymore to actually partake in the Dirty Event. Project DDoS IA was launched in a mid August by a group named no name 0 5 7 16 that had emerged in March, 2022. According to the reports, this group has been involved in DDoSing Ukrainian organizations but was successful in just 40% of their tax.

Now DDoS IA launched on Telegram where the operators shared a link to a GitHub page containing instructions for the volunteers that want to be to actually join. Now the channel counts over 13,000 members today throughout its existence. That group aligned with the targets set by the pro-Russian gang kill net and contributed to the recent wave of DDoS attacks against large airports in the United States. Essentially, if you wanna volunteer for the group, you're sent to zip file with the malware with a unique ID associated with it. Now the link that you actually link the ID to a crypto wallet and that's how you get your money when you have a successful DDoS attack. Pretty crafty. They have a payment tier as well. That's right. Different tiers. Top contributors in each attack wave receive about 80,000 rubble rubies. Rubles, sorry, was about $1,250. Second place attackers receive about $800 and third place contributors are compensated with around $300.

Now this is just another way for people to make a second income online, especially when repercussions are low. Even if you're caught, if you haven't already, you might wanna go and enable DDoS protection on your favorite cloud provider or figure out ways to have distributed filtering, scale, load, and analyze and shut down traffic using those similar patterns out there that that means organizations have to start thinking about these things even if they haven't yet happened to them. Well folks, that does it for the blips. Next up, we have a really great set of bites, but before we get to the bites, we do have to thank a really great sponsor of this enterprise tech and that's it. Pro TV training is an important aspect of any organization your people want to grow, plus, you want your people learning at the speed of the industry. I work in the industry and I can tell you even after 25 years, I still need to learn quickly every single day.

Your IT team needs the skills and knowledge to ensure your business is a success. And with IT pro TV or than 80% of users who start a video, finish it, IT pro TV is engaging and your team will enjoy learning on their platform. Give your team the tools they need to make your business thrive. Horses are entertaining and binge worthy, keeping your team interested, invested in their learning. Now the tech industry is evolving and rapidly changing. We all know that your team needs to be trained today. Now, when a new software is released, there's a system upgrade or a cyber threat facing your business. IT Pro TV offers the training and perspective of those disruptions within days, if not hours, getting you up to speed faster than you've ever been before. And you might be asking, why is it pro TV right? For your business?

Well get all the training and certifications for your team done all in one place. IT Pro TV has every vendor skill you need for you, your IT team and their training. They provide Microsoft IT training, Cisco training, Lenox training, Apple training, security Cloud, and a ton. Others, more than 1500 hours ranging from technical skills to compliance to soft skills. You can do so much with an IT pro TV business plan as well track your team's results. You can manage seats, assign and unsigned team members and access monthly uses reports which actually are very useful for teams. C metrics like logins, viewing times, tracks completed and much more. You can easily manage your teams. You can manage subsets of users or teams by providing them with customized assignments, monitoring progress, importing on the usage platform and assignments can be full courses and they can also be individual episodes within those courses as well.

Now, advanced reporting is also available. Get immediate insight into your team's viewing patterns and progress over any period of time with those visual reports. Don't forget the IT Pro TV has individual plans too. Give your team the IT development platform they need to level up their skills while enjoying the journey for teams of two to a thousand. Go to IT pro TV slash enterprise today and we thank IT TV for their support of this week in enterprise tech. Well folks, it's now time for the bites. Now with new policies looming around commerce blocking manufacturing and supply from China, additional events are happening across the government. We talked about it in the blips now we're gonna talk about it here in the bites and the controversy surrounding Huawei. It's not new, right? In fact, we actually had Huawei cso, Andy Purdy on the show back in episode 4 0 4 to help clean the air.

But however, it's seems that the FCC is about to move forward on our plan that might actually add additional challenges for Huawei in the us. According to this artist, Technica and Axus, they actually expected to ban all sales, all sales of Huawei in ZTE telecom devices in the US on the grounds of national security. That's right. The ban expands upon the ban already in place by for while Y and Z T for being used in telecom networks that receive subsidies from the universal service fund. Now, the FCC claims that the proposed order would actually update and strengthen its covered list that an equipment rules and in fact, it fulfills statutory mandate that Congress imposed on the commission in the Secure Equipment Act of 2021. They also stated that this ban is not retroactive, so that means that companies can continue to sell products that the FCC has already approved.

Now the cover list is a list of communications. Equipment and services are deemed to be posed an unacceptable risk to the national security of the United States or the security and safety of the United States persons that a new ban endless can be voted upon any time here and it's already circulating around with the title Protecting Against National Security Threats to the communication supply Chain through the Equipment Authorization program. Lack of a title now and ZT are not the only companies that will be impacted. In fact, the new proposal would actually ban video surveillance equipment from three Chinese companies. This hi high Tera Hick Vision and Dawa, the companies make products for the police departments. So a question that comes to mind is if this already includes consumer devices as well, that's a good question, right? Cuz obviously most radios or frequencies are already on an allow list. So we'll see how that will be actually impacted. I wanna bring my co-host in here cuz guys, this sounds like we're on our way down a slippery slope here. FCC has bands now, Commerce is trying to place nails in the coffin and FCC has more tactical punches here from other directions. It sounds like this is intended to send a clear global message. What do you guys think? What do you think Curtis?

Curt Franklin (00:20:33):
Well, I think clear global message is exactly what they're trying to send. This is something that deals far more with messaging than with actual tangible results on the ground. Because most of our major carriers were already not using Huawei equipment. This takes a step further meaning that pretty much every telecom of any size is gonna be forbidden from using any Huawei or ZTE equipment. The one that gets interesting are some of these video surveillance things that go, in fact, in a lot of security implementations, a lot of law enforcement there. You start to get into a lot of small communities where the dollar cost, the dollar amount is important. It's not a question of well, it's far better value even though the outlay is higher for someone else, they just don't have the dollars. The fear is pretty clear. They have stated that it's a twofold fear. One is that elements of the Chinese military could use back doors in the equipment to do surveillance on American locations and systems. And the other is that in the event of a conflict, they could send what amount to kill codes to the equipment shutting down American networks and now surveillance capabilities.

What's going to be fascinating is seeing how far this goes. Anyone who has looked at the equipment coming out of China knows that there is a network of manufacturers over there and it's going to be difficult to stop one once they start and you all of a sudden end up with a band list that has scores, if not hundreds of names on it, and that's gonna start getting entertaining for a lot of large American vendors like say, Amazon, Walmart, and the rest,

Louis Maresca (00:23:13):
Right? Right. Well, cheaper obviously Huawei's been trying for a long time to get into this market. It seems like that's it. This is kinda like the nail in that coffin.

Brian Chee (00:23:23):
It's interesting. I've had to deal with a band product list for decades now being in the federal government and doing a lot of work with the military. Heck, even Lenovo was on that list for a long time. Everybody thought, Oh, it's a think pad. It's made by ibm, it's American, is apple pie. But Lenovo is a mainland Chinese company. They've been on the band list for the Department of Defense for quite a long time. So purchasing agents contracting officers are what they actually called have a band product list. And we've been working with it for decades and decades. Lots and lots of stuff on that list already. Now having said this, as I transitioned out of the classified world and into the commercial world I got to work with Huawei in various locations. I sadly cannot share what actually happened because I'm still under a non-disclosure for it. But shall we say there are quite a few engineers out in the network, engineers out in the world that haven't trusted Huawei for quite a while. Maybe their management is trying to be good, but their low and mid-level managers seem to still be interested in doing some stuff.

It's gonna be interesting to see how this goes. Huawei and ZTE both have had equipment that various organizations have proven unequivocally that they phone home which is probably what was going on with the fcc. Now interestingly enough, the FBI has known about a lot of these things that I'm under non-disclosure for. We're not sure why nothing more has been done, but it's gonna be interesting. High terror hick vision, however you pronounce that, sorry have been on the band list for police departments for, I don't know, probably about a half a dozen years that I know of. In fact, some of the larger video management systems will no longer support Hick vision in an effort to push people away from them. So this is gonna be really, really interesting. And I just think the FCC ban is interesting that it's one of the least powerful ways the federal government has of doing a ban but it's the most far reaching because that's actually one of the certifications. FCC certifications is one of the bigger ones that consumers actually look at. So I don't know what it's gonna be like. I'm not privy to what the C-suites talking about, but there has been a lot of shenanigans and I just wish I could share, but I can't just say this, there's been a lot of shenanigans been go going on and I personally would never buy any of that equipment myself. I hear you.

Louis Maresca (00:26:42):
I hear you. Well, Curtis, I wanna throw this to you before we move on to the guest. I mean obviously we covered in the blips a little bit about the commerce department going up against China here. They're blocking it both from the manufacturing side and import export side, ICC blocking devices forever being kind of coming to the US or being sold in the us It seems like to me like this is just a global shield to prevent China from impacting the global market, national security, and essentially here forcing the industry to move forward with self-reliance is that's something that we're gonna be able to survive.

Curt Franklin (00:27:22):
Well, self-reliance is hard because there are areas in which we are not reliant CHIPS being the primary one, right? It's an interesting market because we talked about the band on making shipping chip manufacturing equipment, China, China, most of the chip manufacturing equipment does come from America, but it's shipped to other places where the chips are actually manufactured, which come back. And when you get to global markets and global communication networks, we are not going to be able to have a global network free of this equipment. Why? Because China has been using their national pocketbook to subsidize network construction and infrastructure construction in many parts of the world.

Developing nations in Africa, Central and Southeast Asia to a lesser extent, South America all have been getting large infusions of money from China with the proviso that they turn around and spend much of it with Chinese contractors and Chinese vendors. So if you look at the national telecom networks in Southeast Asia, in Africa, you find Huawei equipment all over the place and those networks interconnect with our networks. Now we can do everything we want to keep the equipment from any given vendor from being used in the United States, but that doesn't mean we're never going to interact with that equipment and no part of our communications is ever gonna ride on that equipment. So it's I think a meaningful statement by our government but we need to be realistic about just how big the impact is going to be.

Louis Maresca (00:29:38):
I agree. I agree. Well, only time we'll tell thanks, Curtis. Thank you. Cheaper. Well, folks, I think it's enough of that. We definitely want to get into the guest because we have a lot of interesting topics to talk about. Well before we do, do have to thank another great sponsor of this weekend enterprise tech, and that's Melissa. Melissa is a leading provider of global data quality and address management solutions. Poor data quality can cost an organization an average of $15 million each year. Don't waste your marketing dollars. Please be sure to manage your budgets effectively and smart. As the longer poor quality data stays in your system. The more losses you can accumulate to ensure your business is successful. Your customer information needs to be accurate and as high quality data as you can, which will save you money. Now there's another side to the accurate data customer service.

If you address someone with the wrong name or verify the wrong address. When dealing with an already frustrated customer, things go from bad to worse. Well, Melissa recently partnered with Idal to launch Melissa ID for seamless contact verification in real time. Melissa ID is unique, fully customizable outta the box SAS solution using a multilayered approach that includes biometrics, facial matching, liveness testing, address verification, and document checks for automated identity verification backed by Melissa's 37 and more years in address, standardization, correction, and verification. This new app offers coverage of over 6,000 identification documents across 200 countries and jurisdictions. Melissa ID is ideal for all types of businesses charged with reducing costs associated with customer acquisition operations, fulfillment and fraud. With Melissa, you'll reduce risk, ensure compliance, and keep customers happy. Protect your data from decay with 2.1 billion clean validated records. Ensure compliance in areas of anti-money laundering, aml, politically exposed persons, and Bank Secrecy Act score and target customers with detailed demographic and demographic data at pens.

Complete customer records. Add missing names, addresses phone numbers and email addresses. Plus they undergo independent security audits. And there's SOC two, HIPAA and GDPR compliant. Duplicate information hurts you, your bottom line. Melissa's data quality suite will help eliminate clutter and duplicates, increasing the accuracy of the database, reducing postage and mailing costs. Melissa has batch addressing cleansing process and entire address list for accuracy and completeness. Identify verification you can reduce risk, ensure compliance, and keep customers happy. Geocoding enrichments, you can convert addresses into longitude and latitude coordinates. Email verification. Remove up to 95% of bad email addresses from your database. Once you have Lookups app, that's right, it's on iOS and Google to search addresses. Verify social security numbers, access detailed property data, and more right at your fingertips. Make sure your customer contact data is up to date. Drive Melissa's APIs and the developer portal. It's easy to log on, sign up and start playing in the API Sandbox 24 7. Get started today with 1000 records cleaned for free. I'm That's And we thank Melissa for their support of this weekend, Enterprise Tech. Well folks, it is my favorite part of the show where we actually get to bring in a guest, drop some knowledge on the Twy Riot. And today, Lori McVety, she's a distinguished engineer with F five. We're really excited to have you on. Welcome to show, Lori.

Lori MacVittie  (00:33:34):
Thanks. Really excited to be here.

Louis Maresca (00:33:38):
So now I know the hosts are no strangers to you, so I wanted to make sure, we just got a couple questions in here and then I'll bring 'em right back in. We'll have a round table discussion, but I wanted to start it out with the question around the fact that our audience has an experience spectrum. A lot of them like to hear people's origin stories and maybe take us through a journey through tech and what brought you to F five.

Lori MacVittie  (00:33:58):
All right, so not my actual origin story, like the New Year's Eve and the car <laugh>.

Louis Maresca (00:34:05):
Right, right.

Lori MacVittie  (00:34:06):
All right. Alright, <laugh>. So I started out as a developer. I did the rounds around a lot of different industries. I job hopped a lot until I landed as an IT architect and then somehow found my way into publishing where we tested products and then wrote words about them. I was really good at the testing, not so good at the writing words back then, but over long years I got better at both and eventually moved over to the dark side where they have really good cookies and joined at five and have been there now for 16 years doing a lot of different things. Technical marketing, product management. Finally landed in the office of the CTO where I focus primarily on technology strategy.

Louis Maresca (00:34:52):
Fantastic. Now we talk a lot about digital transformation on this show and we, we've had a lot of guests on that talk about the challenges there. A fact that organizations are still finding it challenging, but they're trying to do it very quickly, especially in the last couple years. The one thing that they find hard even today is the concept of multi-cloud, supporting different clouds for different reasons or moving between clouds. Now I've been hearing this term, it's been out for a while, but I've been starting to hear even more Super cloud. Can you maybe take us through what that is and what if it, is it really a reality here?

Lori MacVittie  (00:35:27):
Wow, is it a reality? I think it's starting to be in some places little pockets, little pieces of it. But ultimately super Cloud is this architectural idea that you can put a layer of abstraction across clouds that allows you to interface with any of them. You could provision a resource in any of them without having to understand cloud a's specific set of APIs or workflows. You think, put it in Cloud B. And again, you wouldn't have to worry about what's going on under the hood. And this is in response to that complexity that you manage. Because a lot of that ties back to different cloud consoles, different sets of APIs, different workflows. It's, it's a crazy world out there and it's really hard mostly on ops trying to deal with how do I manage this? How do I monitor it? How do I secure it in a consistent way when I'm trying to use multiple clouds? So this is that response, is it real? Yet there are forms of it. Some people call it distributed cloud. I know David Lium started with metacloud, a few different terms for it, but they're all coalescing around that same concept. Let's manage the complexity we cannot get rid of.

Louis Maresca (00:36:49):
Now, is this a standardization process? Is there a company out there that's trying to achieve that? Or is it just basically saying, Hey, aws, Azure, Google, get together and figure out a way to make this a reality?

Lori MacVittie  (00:37:05):
No, we tried that about 50, 10, 15 years ago. We tried to do that with Infrastructure two. Oh, working group. We got together from all these different vendors. Then Google was there the AWS was there and we talked through it and then we just dropped it because there just wasn't really an appetite. There's no pettus for any cloud provider really to conform to someone else's model of how they should operate. So it's really difficult to try to standardize that by saying, Hey, you adopt it. So that's why I think this, right? The abstraction, a layer above approach is probably the one that will finally work because that's the only way to really deal with it.

Louis Maresca (00:37:53):
So I guess the question next is what are organizations doing today? How are they managing something like this? Obviously it's a challenge, especially at the DevOps layer. What are they doing to help at least mitigate some of the risk of challenges there?

Lori MacVittie  (00:38:08):
Wow, <laugh> <laugh>, a lot of them, a lot of them are throwing their hands up in frustration. A lot of them outsource for that skill set and a lot of them are just dealing with it. They have multiple teams and they're siloed. Now we have an Amazon team and we have a Google team, and then we have our private cloud team and we all do our own thing and we don't really, really interoperate even in our own company. And that's part of the bigger kind of fallout from multi-cloud complexity is that you fragment your IT operations and you know, can't get any benefit out of that. It's really hard. It just causes more problems, additional costs you know, don't know what's going on, try doing an inventory, what do you got over there? And a lot of the companies today that are suddenly being surprised by cloud bills, some of that comes from that disconnect that they can't get a picture of, Hey, what am I spending on cloud? Well, you have to go to each team and you have to figure it out

Louis Maresca (00:39:17):
Right now, I think if an organization, let's say an organization is starting out and they're starting out and they're saying, Okay, I'm gonna move my application to the cloud and I'm going to digitally transform and host it in the cloud. Is there something they can do right now to make it easier for them if they do need to say, Okay, I'm gonna move this whole cluster from this cloud to this cloud, or I'm gonna move this network or might me expand my vnet to be across clouds or something like that. So at least way their architecture makes it a little easier if they ever do me need to go across cloud or make it even hybrid.

Lori MacVittie  (00:39:58):
I mean, the easiest way is not to, I'm gonna get in trouble for this eventually, but I mean

Louis Maresca (00:40:06):
The easiest is

Lori MacVittie  (00:40:07):
Just no, I know it's common, but it's the truth, right? If you're developing an app, whether it's a cove or container native or just you wanna put an app in the cloud and you start integrating with services from that cloud, that's technical debt, that's architectural debt and you are not gonna be able to pay that off and move easily. So you're gonna be stuck, right? Right there you are basically putting tethers into that cloud that are gonna keep you there because of the cost to try and rewrite that or refactor it and move it to a different cloud. So that's probably the biggest thing you can not do is don't get dependent on these services that you may not be able to use in another cloud.

Louis Maresca (00:40:52):
Makes sense. Makes sense. I wanna bring my cos back in cuz when they're the one, I'm sure that they're probably excited to ask questions as well. So Curtis cheaper. I wanna bring you guys back in. Who wants to go first?

Curt Franklin (00:41:06):
Well, I, I'd, I have a couple that I want to ask and it's based on some things that you just said, <laugh>. Because on the one hand we know that every company is putting at least some of its application infrastructure in the cloud. If you have more than four employees, you're not doing everything OnPrem. So you're going to the cloud. And my question with all these abstraction layers is, as you said, knowing what you've got is a challenge. When you go to rsa, when you go to blackout, when you go to any of these, the word visibility is on every other booth. So do we just have to get used to a world in which we are supposed to secure all that stuff over there without really knowing what it is? Or are there answers to figuring out what actually lives within your defined infrastructure?

Lori MacVittie  (00:42:19):
There are answers. I don't think people are looking for them right now because you're right, the focus is more on, I need to know about performance, I need to know about security, I need to know about costs, I need to know about these things. So all of the visibility, the observability efforts today are really around those operational details. So there isn't as much effort or attention being spent on, Hey, can you tell me what I have? How many applications do I actually have? How many APIs are actually running? What services am I using? No one's really doing that. If we go back 10, 15 years NPM was partially about, Hey, give me a map of my network, go out there and survey everything and tell me what I have so that I know what I have to secure and what my assets are. And organizations need to go through that exercise, but there's not a lot of tools to help them today. So I don't think we have to live with it forever, but until someone pays attention to it and solves that problem, we have to live with it.

Curt Franklin (00:43:31):
I love the idea of living with stuff until we can invent new stuff. It seems like I've been hearing this for a while. Another thing that we are hearing and when you go again to the industry conference is you get a big dose of this is the idea your big three public clouds all say, Oh we are happy to work with the other public clouds. You can have applications that go across cloud. We're fine with that, with the subtext of we are fine with it as long as we are the top of the pile, as long as we are the cloud that manages all of these other lesser clouds. Again, is that as good as it's going to get? Or do you foresee a way where there can be some sort of grand Switzerland of cloud management systems that is the one that you know, go in and dip your toes into the digital lake Lucerne and everything is happy underneath.

Lori MacVittie  (00:44:49):
Isn't that a beautiful dream? The single pane of glass

Curt Franklin (00:44:54):
The single pane of glass,

Lori MacVittie  (00:44:55):
The manager, managers of managers of clouds. Oh, it'll be a beautiful world when we get that right? I mean we never got it for networks, we didn't get it for Ripper apps, we didn't get it right. No, no technology has ever managed to produce that single pain that we all want. I mean that's ultimately, yes, that would solve the problem. It would be beautiful. But I don't think we're ever going to get there. I don't. And I think part of that is just again, right, well why? I mean why would we support something that lets you use somebody else's product? Mean that's just, and that's business. But the other one is it changes so fast. I mean look at how fast technology has changed just in the last few years. Imagine trying to keep up with that in that single right console or that single system. You'd have to have people working 24 by seven just trying to integrate all and change and test and oh my goodness, what would you do? So I don't think it's feasible. I think we all want it. I don't think we're ever gonna get it.

Curt Franklin (00:46:04):
Well, but that's a cheerful assessment. I appreciate that.

Lori MacVittie  (00:46:07):
You're bumming me out, Curtis. It's bumming

Curt Franklin (00:46:10):
Me out. Well it's my job. It is been the basis of the professional relationship we've had for a long time. So I

Lori MacVittie  (00:46:17):
Know you're always just right there Frank. Find all the

Curt Franklin (00:46:21):

Well I think one of the things, we are in an industry where we get to a certain architectural picture and we decided that's the way we have reached the ultimate. I remember client server was that way. Ooh, client server is what a beautiful architecture, what a wonderful way to be. Which it was right up until the time that the cloud came along and then you don't hear client server anymore. So I suppose my question is, do you see the cloud as we define it today being the sort of architecture that we're gonna use for the rest of our careers? Or are we going to see that pendulum swing back again? I, I'll have to admit, I was amused to see someone talking about more powerful in device edge devices and they started on this and I said, Isn't that just a pc? But what do you think are where we're gonna be for a while? Or are we still evolving into what the perfect application development infrastructure will become?

Lori MacVittie  (00:47:55):
Oh it's still developing and it's changing fast. Even at the edge, that's still a very much a forming market. And when you combine web three, cuz you have to say web three, right? Decentralized, just break up all the things <laugh>. But when you combine all those things, you're starting to see all sorts of changes already being driven into the models about the patterns that we use to develop applications, how they communicate, where they communicate and where they're located. There's edge and there's compute, but then there's also peer to peer models at the edge. And then there's this idea of web three and decentralization where it's not just the application or end user device, but then also the data gets distributed and your identity. So all of these things are still forming and they're rapidly changing what the architectures look like. So you're good now and you'll probably be good for several years, but it's going to change.

And that's one of the things that we see is that when our enterprises put together their architecture and they design it and they think about technology, they think about how can we build a network and an application infrastructure and an environment that is resilient. But resiliency means the ability to bounce back after something happens or after something changes. And in the future the rate of change is so much that you have to be building or adaptability instead where you can adapt to the changes, incorporate them, take advantage of them, find new opportunities and be able to keep moving at that same pace instead of being hit by a truck and stop. You're like, I don't even know what to do. Right, What's next? So it's not gonna stop anytime soon. The rate of change is just too fast right now.

Brian Chee (00:49:53):
Well I'm gonna ask the crystal ball question. Uhoh, Kurt. Kurt and I got a chance to write a book for CRC Press a decent amount of time ago on cloud computing. And one of the things that, a prediction that I brought up was quoting from Arthur C. Clark he was talking in his book Fountains of Paradise about being able to log into a terminal. He called it, he still called it a terminal and he happened to be at a Buddhist monastery and was still able to run flight dynamics for a space elevator to show the abbot. The point being, do you think we're ever gonna get to the point where we can shop around saying, okay, I wanna do this task but I don't have the software who's got it and I've gotta run payroll and I wanna shop it around to someone that's gonna give me the best rate. Obviously the big three cloud vendors don't like this because they want you in their neighborhood, but it's gonna be a third party. Kinda like what happened in the d ssim world, the server KVM management so forth, ENT tried to put a box in front of that so that you could manage all the system management, all the hardware management in a common interface. Is this what you're talking about? Are we gonna see a product like that? Say an add-on to the big ip?

Lori MacVittie  (00:51:33):
No, no, that's not what it's about at all really. Okay. I mean you might see something like distributed, we have distributed cloud that might grow to be able to do that, but it involves platforms that involves APIs. You have to normalize the application environment. So when you deploy that cluster, it's gotta be in a normalized environment that can run in any kind of cloud. So you have to either find one of those and they don't really quite exist yet or you have to wrap it in some sort of platform. And you also have to account for, it's not all cloud, there is still a significant presence on premises and there's going to continue to be for some time. So when you talk about multi-cloud, you also have to start thinking about how do I incorporate that if we're truly going to make this work. So some kind of an abstraction platform that enables you to move those workloads around seamlessly is really what we're going for. Is that gonna happen next year? Probably not. Is it gonna be on a box? No don't. That's not gonna work. It'll be, there needs to be hardware cuz all software needs hardware, but it's not gonna be a piece of hardware that you can deploy and magically get this right. It's gonna take a whole bunch of systems working in concert to be able to orchestrate that kind of movement and that kind of portability.

Brian Chee (00:53:01):
So what kinds of things do we see? Obviously we're gonna have what we, I've been seeing product where people are saying, well we're gonna have your web application firewalls and things like that and it's gonna be a cloud app. Do you think a lot of these services are going to become just that app that you add on and you bolt on the abstraction, whether it's an an aws, Google or Azure cloud?

Lori MacVittie  (00:53:29):
Yeah, well when you've seen that since around 2013, 2014 when people started to go, Hey, this microservices architecture and containers is pretty cool. And you could see that it had this gravitational pull on things that were traditionally employed in the network. Things like the balancing and waff and other kinds of services. So it pulled some to it. Now the thing about a lot of the security services is that they are going at the edge and they are going in the cloud because they need to be able to scale to volumes that just can't be met on premises without a lot of network hardware and a lot of cost. But also because it makes the most sense architecturally to stop an attack as soon as you can, which means get it as close to the bad actor as you can push it out to the edge so that they're stopped before it gets anywhere near your network.

You say bandwidth, you say you know could do the ROI calculations and all that, but it's architecturally sound to put those out there. So you see a lot of the security services are moving to edge or cloud and that's how they're offered. And also because of the nature of those services, they're all proxy based so you can put them pretty much anywhere. They're not attached to the application, they're not in the architecture or bolted on, so they live separately and architecturally you can put them in different places. So that's gonna continue to grow those kind of services at the edge if you will. It have to start looking at which services make sense architecturally to put there and which ones don't, right? It doesn't make a lot of sense to take an ingress controller, rip it out of a Kubernetes cluster and put it somewhere across the world. Why would you do that? Right? Architecturally that doesn't make sense. So those are gonna stay with the application move around as opposed to something like a WAFF or API security that might reside at the edge because it makes sense to run there.

Brian Chee (00:55:32):
True. And so let's go shake the magic eight ball in the Lori McVety view of the world. What should corporations actually be doing? There's so much noise in the press, there's so much noise in social media about what people say you should be doing. Let's go throw one more opinion. What should corporations organizations be prepping for? What's the homework that you think someone should be doing to prepare for the super cloud and digital transformation?

Lori MacVittie  (00:56:15):
Wow. So we wrote a whole book about that. That was the premise of the book that we wrote. Then we looked out and we said, Wow, all of this technology, in order to be able to change, you need to look at your entire enterprise architecture and not the network, not the diagrams and how things are wired together, but how you use and leverage technology in conjunction with the business to serve the business to TOS business capabilities. Because all of this is changing. A digital business is not a traditional business. So the interplay between technology indigenousness becomes very different. And so the enterprise architecture needs to be, we would say modernized. So the best thing someone could do right now is to step back and look at what they have and understand what their business is trying to do and how they can make sure that all of the pieces of their architecture are actually going to be able to support those needs and provide those capabilities so the business can survive or even better thrive in a digital world.

Brian Chee (00:57:23):
All right, so we talked about a book, we had blog entries. Where should our viewers go to go and hear pearls of wisdom from Lori McVety and they have five team,

Lori MacVittie  (00:57:38):
They're pearls, maybe more like Acorns, really tasty Acorns but

Brian Chee (00:57:43):

Lori MacVittie  (00:57:44):
<laugh>. So they can find me on Twitter at el mc biddy or they can find me on f I blog out there and I can give you the actual link, but I think it's like all things, Laurie with hyphens, something like that. But that'll pull up all my writings. I still write at network computing once a month. So that goes out there and that's always fun. Otherwise I'm just, I'm on the internet, I'm out there. It's all good

Louis Maresca (00:58:15):
<laugh>, bad thing. Well Laurie, it's amazing how time flies when you're having fun. It's so great having you on the show since running low on time. Can maybe tell the folks at home where they can learn more about F five and of course maybe what's going on with F five in the coming weeks or what's been going on.

Lori MacVittie  (00:58:31):
Sure. You can find and they're on Twitter and they're on LinkedIn and I think every other social media that you might be on what's been going on, Wow, we've been doing all sorts of stuff around security and distributed cloud, building out those services. Engine X just had some really great product release with API management especially crossing that bridge between operations and development. So it, it's really awesome. I got a demo even. It was really cool. So we've been doing a lot of different things but as focusing on APIs and services and that edge platform, building that out.

Louis Maresca (00:59:14):
Fantastic. Thanks again Lori for being here. Well folks, you've done it again. You've sat through another hour, the best thing enterprise and IT podcast in the universe. So definitely tune your podcast to TWiT it. I want to thank everyone who makes this show possible, especially to my co-host. Start with our very on Mr. Curtis Franklin. Curtis, what's going on with you in the coming weeks or where can people find you?

Curt Franklin (00:59:36):
Well, lots more writing, lots of research. I'll over at the AMIA tab. I'm got some stuff happening on amia. I've got a number of custom projects I'm working on and I'm getting ready for Maker Fair Orlando, which happens November 5th and sixth at the central Florida fairgrounds. So plenty to keep me busy. And when my copious spare time, I'll be thinking about things that I can talk about here on TWT and would love it if people look me up over on Twitter at KG four GWA and shoot me a direct message if there's something that they are very interested in.

Louis Maresca (01:00:22):
Thanks Curtis for being here. We also thank of very own Mr. Brian Chi. That's right cheaper. What's going on for you in the coming weekend? Where can people find you?

Brian Chee (01:00:32):
Well you are welcome to throw me questions, comments, suggestions, whatever you want. I'm on Twitter adv, N E T a Advanced net lab. You're also welcome to throw me email, I'm sheer spelled C H E E B E R T or you're welcome to also throw email to I'm actually following Adam the fan top. He's, he's been doing some interesting things with AI generated art. The Make Orlando Maker Fair is gonna be doing AI generated video, which is gonna be interesting. It's something diffusion. Oh I'm, I'm getting old. Anyway that stable diffusion. Thank you. So the idea is we're trying to track down enough hardware to be able to run it. I actually have an old HP Z 600, which I found out isn't quite there cuz the video cards that they suggest want P C I I E version four and the Z 600 is P C I E version three.

Who would think a multi-thousand dollars workstation class machine would get old that fast? Darn. Anyway, so we're hopefully gonna have a AI art contest with some interesting prizes and so forth. And for those that can hit us and can visit us in central Florida, I strongly recommend November 5th and sixth at the central Florida fairgrounds. We're gonna have all kinds of really cool things and I'm really and truly praying that my back is gonna be better so that I can wander around and help out and do all kinds of cool stuff at the greatest show and tell on Earth

Louis Maresca (01:02:27):
Thank you cheaper. It's great having you here. Well folks, we also have to thank you as well. You're the person who draws in each and every week to watch and to listen to our show, to get your enterprise and it goodness. So wanna make it easy for you to watch and listen and catch up on your enterprise and IT news. So go to our show page right now, There you'll find all those amazing episodes. Of course the back episodes, the show notes, the coast information, guest information, links of the stories be doing on the show, but more importantly next to those videos. There you get those helpful. Subscribe and download links. Support the show by getting an audio version video version of your choice. Listen on any one of your devices or any one of your podcast applications cuz we're on all of 'em.

Definitely subscribe and support the show. Plus you've also probably heard of Club TWiT. That's right. It's, it's members only add free podcast service with a bonus TWiT Plus feed that you can't get anywhere else. And it's only $7 a month. And there's a lot of great things that come with club put. In fact, one of them is exclusive access to the members only Discord channels or servers. Now that is of course the fact that you can chat with hosts, producers, you have separate discussions. All the great channels that are in there. Also have some amazing special events that I love to partake in. Lots of fun discussions there. So definitely check that out. Join Club TWiT, be part of that fun and movement. Go to Of course. Also, Club TWiT offers corporate group plans as well. That's right. It's a great way to give your team access to our ad free tech podcasts that are out there.

The plans start with five members at a discount rate of $6 each per month. And you can add as many seats as you'll like. And this is a great way for your IT department, your sales department, your developers, your tech teams to stay on top and up to date to all of our podcasts that are out there. And just like regular memberships, they can join the TWiT Discord server as well and get that TWiT plus bonus feed as well. So TWiT. Now after you subscribe, definitely impress your family members, your coworkers, friends with the gift of tw, cuz we talk a lot about fun tech topics on this show and I guarantee they will find it fun and interesting as well. So definitely have them subscribe and support the show. Now after you subscribe, remember we do this show live. That's right. Come check out the live streams at 1:30 PM Pacific

There we'll have all the streams that you can choose from. Come see how the pizza's made, all the banter that we have, all the fun that we have here on TWiT. Definitely check it out live. And of course if you're gonna watch the show live, you gotta jump into the infamous IRC channel as Now you can post with all the fun characters there that are each, that are there each and every week. Of course we have some new characters in every week as well. And we have a lot of great show titles in there that we have some show titles, ideas, we have some great conversations. Of course, sometimes you can get some great, great questions and even veer the show in a particular direction cuz of it. So definitely check that out and be part of the IRC channel. IRC Dotb, definitely hit me up at

There I posted my enterprise tidbits direct message me for show ideas. If you just wanna have a conversation about technology, enterprise coding, love coding, coding languages. I'm just, I'm playing with go right now. A lot of fun stuff. Of course Microsoft Ignites happening so feel free to reach out and ask questions like why is Office now Microsoft 365? Stuff like that. So definitely check that out and hit me up. Of course, hit me up on LinkedIn as well. I got some really great messages there as in the recent weeks and I've got some great joy ideas as well. So definitely hit me there. Of course you wanna don't know what I do during my normal work week at Microsoft. Definitely hit out, maybe Microsoft through 65 soon <laugh>. And find it ways to, greatest ways to actually customize your experience there. Find it, make it more productive for you, your organization.

Make it so you can have macros and share them with different people and have it cross platform, Do it in the cloud, that kind of thing. So definitely check out different ways to customize your experience there at that site. I also wanna thank everyone who makes this show possible, especially to Leo and Lisa. They continue to support this suite enterprise tech each and every week and we really couldn't do the show without them. So thank you for all their support over the years. And of course all the engineers thank you to all the engineers and all the staff at TWiT and of course also thank you to Mr. Brian Chi one more time cuz he is not only our cohost, but he's also our tireless producer behind the scenes. He also does all the bookings and the plannings for the show and we really can do the show without him. So thank you cheaper again for all of your support. Of course, before we sign out, we have to thank editor for today, Mr. Anthony. He makes us look good after the fact. He cuts out all the blemishes and all the issues that we have, and of course all the blips we make. But we also think our TD today, our technical director, he's a talented Mr. An Pruitt. He does a amazing show called Hands On Photography and what's going on this week. Cause I'm, I'm ready to watch this week.

Ant Pruitt (01:07:18):
Well, thank you Mr. Lu. This week I took a look at how you can use color to really just change the mood of your photos or your videos, whether you wanna make it look nice and airy and happy, like someone's working on a toy, or make it look a little gloomy. Like what is this creep doing down in his basement? So play around with your color grading. Have a lot of fun with your art.

Louis Maresca (01:07:42):
Looking forward to it. Thank you for everything ant and all your support. Until next time, I'm Lewis Ska, just reminding you wanna know what's going on in the enterprise, Just keep TWiET.

Rod Pyle (01:07:55):
Hey, I'm Rod Pyle, editor in Chief Badd as magazine. And each week I joined with my co-host to bring you this week in space, the latest and greatest news from the Final Frontier. We talked to NASA chief space scientists, engineers, educators, and artists. And sometimes we just shoot the breeze over what's hot and what's not in space. Books and tv, and we do it all for you, our fellow true believers. So whether you're an armchair adventurer or waiting for your turn to grab a slot in Elon's Mars Rocket, join us on this weekend space and be part of the greatest adventure of all time.

All Transcripts posts