Transcripts

This Week in Enterprise Tech 521 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.

Louis Maresca (00:00:00):
On this week, enterprise tech, we have Mr. Curtis Franklin and Mr. Brian Chee back on the show today. Now data breaches continue to be a trend and consumers are not gonna take it anymore. We're gonna talk about what that means. Plus we also have a great guest today, Mario Blandini from IX Systems. He's gonna talk about open source, hyper-converged storage. You definitely shouldn't miss it. Twt on the set

Announcer (00:00:24):
Podcasts you love from people you trust. This is twit. TWIT Double.

Louis Maresca (00:00:37):
This is This Week in Enterprise Tech. Episode 5 21, recorded December 2nd, 2022. Mary Ex nas. This episode of This Week in Enterprise Tech is brought to you by ON Logic. On Logic is helping innovators around the world solve their most complex technology challenges using on logic industrial computers, which are engineered for reliability, even environments that would challenge or destroy traditional computer hardware. Learn more and find out about on Logic's 30 day risk-free hardware trial by visiting on logic.com/twit. And by hover, whether your developer, photographer, or a small business hover has something for you to expand your projects and get the visibility you want, go to hover.com/twit. Get 10% off your first purchase of any domain extension for the entire first year. And by code comments, an original podcast from Red Hat that lets you listen in on two experienced technologists as they described their building process and what they've learned from their experiences. Search for code comments, your podcast player.

(00:01:51):
Welcome to This Week in Enterprise Tech, the show that is dedicated to you, the enterprise professional, the IT pro, and that geek who just wants to know how those world is connected. I'm your host, Louis Maki, your guide through this big world of the enterprise. I can't catch you by myself. I need to bring in the professionals and the experts, starting with everyone in very busy senior analyst. And I'm Dia, he's the man with the pulse of the enterprise. He is Mr. Curtis Franklin. Curtis, welcome back. How are you doing? It's been a couple weeks.

Curtis Franklin (00:02:21):
It has been a while and I wish I could say I'd been hard at work for those two weeks, but I haven't. I took last week and this week off, so I'm trying to relax a little bit. Get good for you some sleep in and be ready to go back and do some work for the last few weeks of the year before we roar into 2023.

Louis Maresca (00:02:42):
I know, I can't believe it's getting there. So, so close now. So close to our, the last couple episodes of this weekend Enterprise Tech. But, you know, we can't do these last couple episodes without our very Mr. Brian. She architected Sky fiber and net expert all around Tech Geek. He's, he's, he's always doing something cheaper. How you been, what you, what's been keeping you busy?

Brian Chee (00:03:03):
I've actually been on Discord channels, yaking with the folks over at yolink. If you've been listening to me ramble, I've been, you know, I'm very big fan of the Laura Technol wireless technology. It fixes a lot of interesting iot, OT issues. And in addition, because it goes through a hub or gate or gateway more accurately it's a lot easier to secure than say, you know, Bluetooth or wifi and so forth. So I'm slowly getting rid of my wifi based IOT gear which is going to make my home network a lot more secure. And with a quarter mile range, it means I can put sensors in some really interesting places. So, ought to be fun.

Louis Maresca (00:03:56):
Now I tell you, you got me to the, to the Laura and to the Ying stuff as well, and I'm just going kind of crazy with different automations with I F T T T and Alexa and, and actions and doing different things in the house. So I'm just seeing how creative I can get with them. It's actually a lot of fun.

Brian Chee (00:04:12):
Yeah, we've actually been yaking with some of the developers and we did an article, we're actually kind of a story on the and a new set of iot integration systems and I was kind of saying, gee, I wish such a thing existed. And one of our viewers said well, how about I write one? It's like, dude, sure. <Laugh>

Louis Maresca (00:04:39):
<Laugh>. That's cool.

Brian Chee (00:04:41):
We've apparently got some serious talent in our viewership.

Louis Maresca (00:04:45):
We do, we do. We have the, we have the professionals. That's right. We have the professionals. Well, thank you cheaper for being here. I'm sure. We'll, we'll have to talk a little bit more about Laura later cuz it's actually a really great protocol and lots of great products there. But first we have to get into some enterprise news cuz it's been a busy week in the enterprise. Now data breaches continue to be on a trend, however, consumers are starting to put their foot down. They want more protections and assurances than ever before. So we're gonna talk about what those are. Plus we have a great guest today, Mario Blandini. He's from IX Systems, he's marketing from IX systems. We're gonna talk about open source, hyper-converged storage, lots of fun stuff to talk about there. So definitely stick around. But first, like we always do, we do have to get into this week's enterprise tech blips supply chain continues to be on a trend as an issue for all industries.

(00:05:34):
In fact, America's seven dominant freight rail carriers have been struggling to con to come to an agreement on a new contract, which could mean a strike in the coming weeks. However, on a lighter note, there are some good news for transportation. This week, Tesla has finally unveiled their electrified tractor trailer. Now, according to this in Gadget article, the new EV semi was produced by Tesla's Nevada gig factory for Pepsi, which ordered about a hundred of these vehicles. Now, the design of the vehicle is quite unique. According to Musk the quote design, they're actually designed like a bullet and they will come equipped with a one milliwatt battery pack. And if you wanna talk performance, it can go from zero to 60 in just 20 seconds. That's pretty good for a pretty semi-truck, especially one that can carry 80,000 pounds at a time. Now, what is also impressive here is that it can go from zero to 80% charge in just 30 minutes.

(00:06:26):
So that makes it less layover time requirements or shorter pit stops. Now let's talk tech. Now, these semis are also outfitted with enhanced autopilot capabilities as well as a jackknife mitigation system. Blind spot sensors and data logging for fleet management. Now, if you've ever encountered a semi jack knifing as before and they come down the mountains of Pennsylvania or Washington state, you, you haven't really lived seeing not not seeing that it's, it's fricking scary. So many technologies are out there, but if you have one that actually mitigates that type of risk even better now it shows that Tesla is providing more than the vehicle being an EV as an incentive for commercial use. Now Pepsi is immediately seeing those values there and putting in an order. The question looming throughout the industry is whether Tesla will be able to meet production demands due to the shortage of chips and the limit supply of battery cells. Now, if nothing else, if successful, Tesla may have kickstarted another evolution in the transportation industry.

Curtis Franklin (00:07:26):
One of the things we've talked about a lot here on twit and we'll continue to discuss is software supply chain security with open source software effect of life in the enterprise. It's impossible to say you're taking security seriously if you ignore the parts and processes that make up your enterprise applications. That came into focus this week when security firm legit security published an advisory on December 1st stating that an artifact poisoning weakness could affect software projects that use GitHub actions by triggering the build process when a change is detected in a software dependency. Now GitHub, GitHub actions is a service for automating development pipelines in the largest software and component repository on earth. An article on dark reading explains that this vulnerability is not just proof of concept. Legit security simulated an attack on the project that manages rust causing the project to recompile using a malicious version of the popular GCC software library.

(00:08:31):
Since many open source projects hosted on GitHub automate the build and testing processes for new contributions, it's likely that this vulnerability could have an impact on hundreds if not thousands of projects. Legit security explained that in a vulnerable, vulnerable workflow, any GitHub user can create a fork that builds an artifact, that inject the artifact artifact into the rep original repository build process and modify that output. This is another form of a software supply chain attack where the build output is modified by an attacker. Github has confirmed the issue and paid a bounty for the information while rust fixed its vulnerable pipeline.

(00:09:17):
The company, this is GitHub, has not explained whether the larger vulnerability has been patched, although it acknowledged the issue and expanded the ways of excluding submissions from outside collaborators, from being automatically inserted into the actions pipeline the company updated. Its get artifact and list artifact APIs with the goal of providing more information to help determine whether an artifact can be trusted. Now, regardless of whether or not you're confident that the vulnerability has been patched, this is a wake up call to look carefully at all of the tools processing cold building blocks that make up your enterprise software and deploy your own software tools to thoroughly vet each and every piece of your applications.

Brian Chee (00:10:12):
So a big thanks to bleeping computer.com though this particular article has been covered by probably just about every major journalistic outlet on earth because it has that big an impact. So a little portion is United States government through the Federal Communications Commission has banned the sale of equipment from Chinese telecommunications and video surveillance vendor, Huawei Z T E, hitter, hick Vision and ua. Due to unacceptable risks to national security, the Federal Communications Commission adopted new rules prohibiting communications equipment deemed to pose an unacceptable risk to national security from being authorized for importation or sale in the United States according to the FCC press release. Well, this goes beyond the original ban for US federal activities to now banning these brand brands from being sold in the United States and territories. Well, we did have US Huawei person on episode 4 0 4 back on July 31st of this year where the official line was that Huawei America is different. Well, apparently the FCC and administration think differently. I'd like to also point out that such actions do not happen overnight and has most likely had its beginning quite a while ago. And I seriously doubt the FCC kicked this action off without support by federal law enforcement.

Louis Maresca (00:11:55):
Now it may seem like ransomware threats have trended down because news have been focusing on other things according to the fbi that isn't the case. Now in this Tech Crunch article, there's a joint advisory from the C I S A and the FBI regarding a Cuban ransomware gang who has extorted 60 million in ransom payments from victims from last December until this August. Now the latest advisory is a follow up to a flash alert leased by F B I in December of 2021, which revealed that the gang had earned close to 44 million in ransom payments after tax on more than 49 entities and five critical infrastructure sectors in the us. Now since that time, the gangs brought in about 60 million more from attacks on a hundred different organizations. Now if you've noticed, that means that since the FBI flashed in 2021, the number of compromised organizations has actually doubled.

(00:12:45):
Now you may be wondering what have been the targets of these gangs? Well, most of them have been critical infrastructure including financial services, government facilities, healthcare and public health, critical manufacturing and information technology. Now in August this year, the gang was linked to their ransomware attack targeting the nation state of Monte Negro. And that targeted the government systems and other critical infrastructures and utilities including electricity, water systems, and transportation. A Cuba was also linked to a breach of California's Department of Motor Vehicles in April this year, the F B I and CISA added that the ransomware gang has modified its tactics, techniques and procedures since the start of the year and been linked to the romcom malware and custom remote access Trojans for command and control and the industrial spy ransomware. And what does this mean for you and your organization? What can you do?

(00:13:35):
While we obviously have the obligatory guidance of at risk organizations should also prioritize patching about those known vulnerabilities that are out there plus training. That's right. Train employees to spot and report phishing attacks to enable and enforce phishing resistant multifactor authentication as well because that definitely helps and add another layer. Well, folks that does it for the blips. Next up the bites, we're gonna talk a little bit about the fear of security of your data and becoming a forcing function for maybe even some legislature around there. But before we do, we do have to thank a really great sponsor of This Week in Enterprise Tech and that's on logic. Now, sometimes you need a computer rig that's, you know, it's rugged, it can resist the elements and have actually constructed a single board computer rig before and mounted it outta the bottom of a truck to actually collect some telemetry data.

(00:14:25):
Now let me tell you, I worked for months to secure and harden that computer. I just wish I had an on Logic device at that time cuz I could have focused more on the data collection rather than building and securing the device. Now on Logic is the first choice in industrial computing for innovators around the world who need computing power that could survive and thrive or traditional hardware might fail on logic's designs and creates computing solutions that can fit in the palm of your hand while powering everything from advanced robotics and AI to manufacturing automation, digital media solutions, and smart agricultural technologies. Now get this, the computers are passively cooled and ventless, and that only makes them quiet, but it also protects them and the internal components from dust and other airborne contaminants plus constructed them like that on Logic has been able to produce a completely solid state device to protect against shock and vibration as well.

(00:15:22):
Really cool stuff here. Now, other design features protect systems from extreme temperatures and interference. Now the team at On Logic truly cares about creating RightFit solutions tailored specifically to solve unique technology challenges, especially for organizational on Logic partners with leading software companies like AW w s to enable rapid evaluation and deployment of edge computing solutions. For example, on Logic's line of AW w s to iot, Greengrass compatible computers has been vetted by AWS, bringing you the peace of mind that it will work right outta the box. Now, if you need computing solutions that can be easily configured to your particular needs, supported by industry experts who are just a phone call away, website chat, or even email away and are delivered to you quickly, the team and on Logic is ready to help. If you'd rather do it yourself. On Logic's easy to use website gives you the power to configure and order your next industrial computing device quickly and easily, right online.

(00:16:23):
Now, all on stock online orders are custom-built, thoroughly tested and shipped as little as five days. And when you need a custom configured national Computer Edge server or panel PC delivered quickly on Logic should be your first destination to get started and learn more about on Logic's 30 day risk-free hardware trial, connect with their experts or visit on logic.com/twit. That's on logic.com/twit. And we thank on Logic for their support of this week and enterprise tech. Well, folks, it's time for the B Now, we hear in the news all the time about data breaches and how it's impacting the commercial sectors. Some weeks it actually dominates the headlines. I've seen a ton of them. However, consumers are really starting to worry here, right? I'm starting to worry. In fact, Twitter's actually covered recently the last pass breach, which is, you know, a big deal out there.

(00:17:20):
It's impacted both commercial and consumers alike. And the fear of data loss and data security is trending, especially with consumers. In fact, according to a recent report in this dark reading article in the Sales Consumer Digital Trust index, almost half 48% of consumers report being victims of a data breach higher than their global counterparts at just 33%. Now consumers are being hit left and right and being impacted by the news, especially cyber attacks like T-Mobile's attack in in 2021, drizzly 2021 breach, or 2020 breach. And of course, just recently last pass and others, now consumers are not gonna take it anymore. That's right. And they're starting to make the decisions about their data as they handle their, how companies actually handle their data going forward. Even more interesting here, according to some of this data, one in 20 victims, one in 20 reported first hearing about a breach affecting them on the news.

(00:18:13):
So they actually had to hear it from the news first instead of the company directly. Now, 11% of those companies took up to six months to inform consumers about a data breach. Now, he asked me, failing to do that sooner is actually a trust problem. You can't trust that company anymore. They, if they fail to actually promote and let you know that they've actually had a breach and that your data was part of that. Now, how have consumers responded? Well, to me, they're responding in kind here. Just over a fifth of them have actually stopped using a company that's suffered a data, data breach with a large portion of those requesting that the company delete their information altogether, get rid of it. Others are keeping closer eye on their accounts for suspicious activity. That's 25% of them. Now, being transparent is not enough for consumers, definitely not for me.

(00:18:58):
Sometimes in fact of surveyed consumers, 53% over half believe companies should offer compensation to victims. But when it comes to overseeing regulations, only 31% believe companies should actually receive large fines for breaches. Now, more than half actually believe customers should be forced. A company should be forced into mandating or mandatory data protection controls following a breach. This includes encryption to factor off, that kind of thing, which have, you know, been really good options out there. And just under half believe companies should be subject to more stringent regulation. Now, I wanna bring my co-host back in here, here because it sounds like, you know, this is not an old, this is not a new thing. I mean, we've, we've been dealing with data being leaked at a consumer level for a long time. We talked, heard target hitting, getting hit a while back Home Depot, you know, at years and years ago, people losing their data, people losing their identities because of these data losses. But customers now for some reason are just being more sensitive about it. However, European Union EU seems to have more protections here. Curtis, what do you think that these protections that the EU is providing would be, would make sense to come to the us?

Curtis Franklin (00:20:13):
I would love to see GDPR type protections in the us Maybe not every single bit of gdpr, but, but protections that largely echo what GDPR provides for consumers, I think would be a good thing. And the interesting part is that virtually every company of any size already has the mechanisms in place to comply with gdpr. Because if you are a company of any size and you have any customers in Europe, you're required to comply with gdpr. It's just the way it works. So there's the the fact that we can have this as a possibility all it requires is political will. I wish us the very best of luck on that score. But until then we're going to be left with this patchwork of state regulations. California leads the way some states have no protections at all, or perversely protect the companies that violate privacy rules or privacy standards better than they protect the consumers. I think, to be honest, most companies would prefer to see a national standard, even if it's a tough one, then have to comply with this patchwork of state standards. So I, I think there is the possibility of something happened, although I think if it doesn't happen in the next six to seven months its chances of being part of this congress are, are pretty much gone.

Louis Maresca (00:22:17):
So think true that you brought it up, because obviously we don't have the same protections as the EU in the United States, and each state might have their own protections like California, but it does seem like there are some industries out there, some regulations around industries cheaper. Is that right? Around industries, maybe like financial or FinTech type industries or there's some like regulations around when, when data breaches are happening, healthcare, that kind of thing?

Brian Chee (00:22:39):
Certainly. let, let's put it this way, you know, the folks at pci, the credit card people when I first started doing PCI audits, I was going, wow, this is kinda lame. And over the years it's really grown up whenever large, large sums of money are involved. Regulatory, you know, ad hoc, in this case, PCI started, you know, in private industry. It started growing up very quickly. So by the time I left the University of Hawaii, PCI actually started looking like something reasonable. Now, the HIPAA world ha started off pretty hot, was a fairly high bar. And the big problem with HIPAA is a lot of uneven application. Which brings me actually to my point having a G D P R like regulation in this case it's being called the American, oh, where is it?

(00:23:50):
American Data Privacy and Protection Act. A D P P A is being proposed. It would be really nice to be able to have a all encompassing some something like, you know, gdpr. I say this only because when you start having to have different sets of auditing standards or different sets of anything, you know, when it comes to security, it starts getting more expensive. You know, which one do you follow? Do you have to follow all of them? Do I just go and use a sledgehammer and just make life really miserable for my users just so that I can survive, you know, audit X just because nobody really has a clue on how to do say a combination like HIPAA and PCI and Starbucks, you know, and some large health organizations. So you start getting, you know, things layered on really thickly and you start getting in the way of doing business.

(00:25:00):
So I'm actually in favor of having a GDPR like environment only because I firmly believe we're gonna start getting less complexity because people will be able to have, you know, more training in it. We're gonna have you know, hopefully more consistent breach notification rules instead of having to go through a big giant list. Cuz if anyone's ever had, you know, billing errors on their health insurance that's because there's so many standards on how to do things if we already have an IT or actually a security specialist shortage in a huge, huge way, and adding more and more complex and layered and differing regulations just means you're gonna have to have more specialists in an already tough market. So anyway, it also means things like, you know, security auditing audits become easier. I've actually done a lot of security audits for servers of varying flavors, windows, Linux, B, s, D, and so forth.

(00:26:26):
And when you have feet in two, two worlds the audit gets ungodly complex. Being able to have something where enough people have to do it or should be doing it I actually saw a new logging system and there was actually a GDPR check mark that's going to be very, very cool. So if we can now start having check marks and saying, okay, check this off and we can have it, or in the case of the Sonic Walls I use, there's actually a check mark for fizz, you know, F fis, which is kind of cool. So anyway, I'm rambling. You know, things like breach notification rules have to get better, more consistent, and having less regulations or a encompassing regulation might get us there. I'd really like to try and see if I can get some security specialists from Europe on the show and get their, you know, spin on whether or not GDPR has been helpful. And what's on the screen now is the breach notification regulation history, which, so it sounds like a really, really good start. And I'd love to see us get something a lot more consistent.

Louis Maresca (00:27:57):
So one thing I'm curious about, Curtis, I'm gonna throw this to you because obviously recently president Biden put out an executive order around nation cybersecurity, and there's lots of, there's lots of things kind of encapsulated within this order. Obviously, it's getting companies to scramble to try to adhere to this executive order. Do you feel like the, this particular order has a bunch of things in it that also protect consumers?

Curtis Franklin (00:28:26):
I think it has less that directly protect consumers than we would like. I mean, let's face it, anything that adds to the total cybersecurity of an organization is going to, in many ways have an impact on consumers just because it will help protect their data. But the fact is that most of what goes into some of the, the nation's cyber security and NIST responsibilities have to do with what's defined as critical infrastructure. And I I've told a number of people in companies, a a good rule of thumb, if you're not sure whether your company is part of critical infrastructure, assume it is because the government definitions cast a wide net in defining critical infrastructure. With that said it tends to focus on things like energy production and food safety and all of that, rather than the private and personal information of the consumers.

(00:29:47):
 As I said, the good news is that if the overall cybersecurity posture of an organization is improved, it's going to improve the security and therefore the privacy of its customers. But I would really like to see some guidelines coming out in the not too distant future that look specifically at PII or personally identifiable information and how it should be protected. Not in a prescriptive way. You have to use this product and this technique, but in a general functional way, using whatever methods are best for you and your organization, you have to protect information, p i i to this standard, do it any way you want, but meet this standard at a minimum.

Louis Maresca (00:30:42):
Right? A hundred percent agree with that. I, I threw this in the, in the, in the chat really quick. I wonder if, if Ann saw it, there's a great wire cutter New York Times article here that talks about all the different data privacy laws, native protection laws in the US from, from different states. And you can definitely see how diverse they are and how kind of, you know, swish cheesed they are throughout the United States here. And again, they, we definitely need some consolidation, some normalization there from a law perspective, even at the federal level. Unfortunately, this is just the state of the union essentially, of what it means for data protection. Now, you know, i i I think part of this too is one thing that we've talked about even from an organization perspective, is that you assume breach. You assume the fact that your data is not protected, and that if it is breached and somebody steals it, what does that mean for you?

(00:31:32):
And so I think that part of it is, as a consumer, you protect yourself by just thinking, okay, who has my information? Where is my information at? And does those companies have protections in place to ensure that it's safe? And, and some of these retail organizations, they just do not. And so when they ask you to save credit card information or save address information in their system, does it make sense for you to do so? Maybe don't do that. Obviously, organizations who don't take it seriously, who have a bad track record, maybe these are companies that you don't put on your list of ones that you buy from or that you deal with on a regular basis. But again, if organizations do respond in kind and the, and and they respond in a way where they start putting things in place before an issue happens and an issue does still happen, that at least means they were taking responsibility for it.

(00:32:24):
But again, you have to also essentially put this on your own decision tree of whether that means that you need to, you still can trust them in the future. So we'll definitely see how organizations are responding, especially over the holiday season. Cause there's a lot of people obviously purchasing things and putting, putting their information out there in, in, and they're trying to get the be the best deal. And sometimes these best deals don't necessarily come from a reliable source. So we'll definitely see, hopefully people pay more attention to that as they, as they get the, as as they get to the holiday season. Well, folks, that does it for the bites, it's time for the guest, which is my favorite part of the show. But before we go there, we do have to thank another great sponsor of this weekend Enterprise Tech, and that's hover.

(00:33:10):
Now it's time to make plans and let hover help you achieve them. If you are blogger creating a portfolio, building an online store, just wanna make a more memorable redirect to your LinkedIn page. Hover has the best domain names and email addresses out there. Email at your domain name is a key to connecting with consumers and customers and building trust for your brand. Now, personal branding is more important than ever in today's digital age of social media and e-commerce. A personal brand will allow you to build a distinct identity gain credibility, and maintain control now helps you stand out from the crowd or your competitors, and it showcases your accomplishments and your abilities. Now, if you're selling a service or a product, your personal brand will emphasize what you bring to the table or how you ease your customer's pain points. Now, let Hover help you.

(00:34:02):
Hover has domain based emails for all your needs, small or large. It's easy to set up. You can add as many mailboxes to your domain as you need. When your domain renews, your mailboxes will too. Now, the prices are unbeatable. They're unbeatable. Get access from anywhere. You can use the email app you already have, or you don't wanna use an app. They're, they have web mail. You could actually access it wherever you go. Hover isn't just there to upsell you on stuff, they just wanna help you. They have pro-level tools, powerful domain and email management tools that are intuitive and easy to use, whether you're a web pro or just getting started. And they're, they're private and secure. They who is privacy protection included. Your privacy and your private information will remain just that private. Now, hover Connect lets you pick the service you wanna use to build and host your website.

(00:34:49):
Connect helps you get started using the domain name with just a couple of clicks. Now, personally, I really love how Hovers Easy Use, they have a huge collection of top level domains plus super easy to transfer. That's right, makes like really life easier. You know, we already have a domain somewhere else transfer it. And some of the other domain registrars out there run things like a used car salesman. And if you ever tried to transfer things using some of those other guys, it's a headache. But Hover, you're a customer and not a source of data. Take back control of your data with Reliable Tracker free Email Hover is trusted by hundreds of thousands of customers who use their domain names and email to create their personal brand and turn their ideas into reality. Whether you're a developer, photographer, or a small business hover has something for you to expand your projects and get the the visibility you want. Go to hover.com/twit to get 10% off your first purchase of any domain extension the entire first year. That's hover.com/twit, 10% off your domain extension for a full year. And we thank Hover for their support of this week and Enterprise Tech. Well folks, it's now my favorite part of the show where we get to bring it guest to drop some knowledge on the twit riot. Today we have Mario Blandini, he's VP of Marketing from IX Systems. Welcome to the show, Mario

Mario Blandini (00:36:14):
Austin to be here. Thank you.

Louis Maresca (00:36:17):
Now before we get to talking about open source storage, cause it's a really interesting topic. I'm actually interested to hear about all the different options here. Our audience loved to hear people's origin stories. Can you maybe take us through a journey through tech and where it brought you to IX systems?

Mario Blandini (00:36:30):
Would love to didn't have anybody to go to college. So I joined the Marine Corps. My dad was a Navy vet in Vietnam and said I was too weak to make it one day in the Navy. So enjoyed six years of doing that where I was a Banyan Vine System administrator and an S E O Unix system administrator. Went and got a Nobel certification. Maybe I'm dating myself a little bit, but I had a chance to work on a lot of old school IT stuff, storage stuff as well. And it seems that being a kid that grew up in Silicon Valley, I the tractor beam when I went back home after being in the Marine Corps got me to be more of a marketing guy for a high tech company cuz I really wasn't the best UNY admin. I wouldn't hire myself to be a UNY admin. But I've enjoyed getting to really serve IT people for some number of years.

Louis Maresca (00:37:24):
Fantastic. Well, we, we, we have a lot to talk about here. I mean, obviously the, the concept of storage is a big topic for people. People are worried specifically about locking into cloud storage and cloud storage services. And we've talked a lot of organizations about this now IX systems. They have this concept of hyper-converged storage. Can you maybe take us through what hyper-converged storage is and what does it mean for an organization or even somebody who's trying to use them?

Mario Blandini (00:37:51):
Sure. I I'll just do a real quick rewind because people are probably saying what the heck's true Naz and who, who's IX systems if you've ever heard of Free Na IX Systems is the company behind the open source project, which as of about 18 months ago was officially transitioned to being called Tru Naz. So think of Tru Naz is free Naz and the hyper-converged part is that we now have two additions of true naz, the tried and true free naz to true Naz that everybody might remember, that's based on free B S D as its underlying operating system. And for the hyperconverged part, think of it it as the same underlying components of Tru Naz, but running on Dent Linux, giving it the ability to then take advantage of Kubernetes and containers and thus making it a hyper-converged solution. So no matter what you're looking to do, scale up or scale out, there's an open source tested and well used software out there that's in production as we like to say, the most deployed operating system for storage on the planet. That being truness.

Louis Maresca (00:39:05):
Now, you, you mentioned that obviously truness is built on Linux and it offers all these different features including things like containers and Kubernetes and all that stuff. What does it mean for organization? How do they tran transition to that? Like if they're already using you know, some of the bigger cloud storage organizations out there, they want to move to more of a, a managed and a, a self-reliant approach for like this type of system. How do they do that?

Mario Blandini (00:39:29):
Sure. Well the, think of Tru Naz as being mostly on premises. You can run it in the cloud, but for most practical use cases, people are using it on premise prop premises either in a virtual machine, but most often on hardware turning what would otherwise be some standard hardware into a storage appliance. So in that particular use case it can be thought of these days, even though it's got the word NAS in it these days, in the second score of the 21st century, NAS really has all the interfaces that people are looking for, whether it be block file, object or app. And in the case of being able to support the underlying medias, n vm e hard drives, SSDs, and a hybrid ver combination of all those things. So we do have folks who want to repatriate stuff from the cloud but just as many folks, if not more, that think of it as your garden variety on-premises storage, which before people might have thought, Hey, open source really wasn't for me. But with the maturity of the way the project's gone and as much development that's gone into the open source project, we are enjoying, at least at IX systems the best times we've ever had because I think folks are looking for that alternative for storage, which may not come with the same costs that you are normally associated or normally thinking of paying when it comes to your on-premises storage.

Louis Maresca (00:40:59):
Great. So obviously a big proponent of this is the ability to scale out. One thing I've actually noticed is, you know, there's lots of documentation talking about Tru nas, but then there's also free nas. What's the difference between those?

Mario Blandini (00:41:12):
Yeah, free Naz, just think of it as what Tru Naz had been known before the name changed. So Tru Naz is the modern, ver the modern name for Freeness.

Louis Maresca (00:41:22):
Okay, great. And, and what do you what from a, from a perspective, oh, I see just a name change, but also what are, what are you seeing from a trending perspective? Like how, what are the trends that are seeing from an on-premise storage or an NAS perspective, what are people looking for? What are organizations looking for from those types of solutions?

Mario Blandini (00:41:39):
Well, obviously other than historically scaling Yeah. <Laugh>, yeah, <laugh>. So historically what's interesting, I'd say just from a per perspective, people would think of storage as measured by capacity and performance. The idea that you need a certain amount of capacity that meets a certain service level. And there had been talks heck over the last decade that all flash would replace hard drives. Yet here we are where there's still a great use case for both. And I think the, the trend that we are seeing at least an adoption of open source storage in the enterprise is that the criticality of data naturally would, would dictate that you should spend as much money as you got to make sure it's well protected. But not all data needs to have the same sla. And these days it's impossible to figure out what to throw out, especially with the future value of data around AI machine learning and such.

(00:42:38):
So folks are looking for more capacity, and how do you get more capacity if your budget, if your requirements double but you don't have double the money. So what we're seeing is that a lot more enterprises are looking to using open source storage, whether it be from Red Hat or using MIN io or in this case, you know, truness from ix. It, it really creates what I would call the other category, the unnamed category in enterprise storage, because certainly the category measured by the dollars spent greater than 45 billion a year is got its growth rate, but there's also people looking to store even more data. And that's where open source technologies allow you to have that tier four or tier five. And you'd be surprised how many organizations find out that that stuff that they did for their backups of their backups runs their virtualization infrastructure as well, if not better, than the, the storage that they would normally pay for. So we at ix have we, we, we come to work with a passion to give this software away for free and have folks experience data freedom, and we're able to fund that project by selling turnkey appliances that are consumed and have the experience very much like you'd buy enterprise storage today.

Louis Maresca (00:44:01):
I love that. I love that. The whole concept of just data freedom in general. I do wanna bring my co-host back in because of course, they're chomping at the bait here and cheaper has lots of experience with storage, so I'm gonna actually bring in cheaper first. Cheaper.

Brian Chee (00:44:13):
Yeah. The funny thing is, Mario said, served with the US Marine Corps, thank you very much for your service. I actually did quite a bit of support for the US Marine Corps, especially in the field. And I actually used free na mostly because it was a classified environment. So I couldn't let the technicians even touch even see the equipment. I wanted something open source so I could go and, you know, get my people to vet it and make sure that we didn't have, you know, some nasty stuff hiding on it. And cost I'm sorry, the Marine Corps is really cheap.

Mario Blandini (00:44:52):
<Laugh>, <laugh>,

Brian Chee (00:44:53):
<Laugh>,

Mario Blandini (00:44:54):
I, I can confirm that statement.

Brian Chee (00:44:56):
Yes. So Freeez really appealed to the kernel that I built this equipment for. It's actually was bolted in the back of a Humvee and was basically a mobile data center that went out into the field with the Marine expeditionary force. Anyway you fast forwarding a couple years, the world is changed. Those that are running on premise are doing it for some very specific reasons. General computing is moving to the cloud. We're all kind of, you know, that's facing the reality. However, there's a lot of things that don't make sense, like surveillance. So when I was actually digging through your website, I was going, I wonder if they actually went through and got certifications with the big boys like Jen and Tech Access, you know Honeywell and things like that. And lo and behold, I saw a whole bunch of logos. That's where I'm, I'm seeing a lot of on-premise work going and getting bigger and bigger. So your hardware looks very much like what I used to have to build from scratch. They look like, you know, started off as white box servers and kind of grew up. Tell us a little bit, you know, how well does it all fit in and what kinds of challenges does the surveillance world have with on-premise storage?

Mario Blandini (00:46:31):
Yeah, we if I were to tell you the most common consumers of of Tru Naz Enterprise in the enterprise media, entertainment and and other research type of applications where there's tons of data clearly that there's a cost benefit to doing it that way. And surveillance is also one of those ones that that collects a lot of stuff. Da data storage or DA storage is the only one of the three essential elements of it that both works 20 all the time and serves stuff, right, compute and and memory do their thing while they're doing their thing. The compute networking, I should say, storage has to keep the, the data asleep and and stored well and protected. At Night IX Systems actually became the purveyor of Tru Naz because it had a lot of expertise in free B s D, and it was originally designed for free bsd.

(00:47:37):
So our hardware that you mentioned, Brian goes back to the, the company originally, and we still do sell it to, to folks who wanna buy servers the a great server that's optimized for open source operating system workloads. So our heritage goes forward with that. Most people who use the software do it on their own equipment, whether it's refurbished or stuff, they go out and buy themselves because they're looking to architect it. And you helped me do a quick commercial for the company, Brian, in the sense that if you're looking for the easy button and you just wanna get the hardware, have it be fully integrated and come with your typical enterprise support, the stuff you expect when you buy a storage appliance for any enterprise workloads, that's where IX systems comes in. But on the, the surveillance side I'd say that for a lot of folks, they're wanting to drive the cost down in order to not necessarily spend less, but to then increase the amount of coverage they can get. So a lot of people think, hey, it's always about saving money. I think a lot of folks are looking to open source storage as an opportunity to not spend less money, but just store more data that that's for surveillance, as well as other use cases where you can never have enough storage.

Louis Maresca (00:49:06):
I wanna talk security, but before we do, we do have to think another great sponsor of this weekend, enterprise Tech. And that's Code Comments, an original podcast from Red Hat. Now you, you know, when you're working on a project and leave behind a small reminder in the code, you leave a code comment to help others learn from your work. This podcast takes the idea, but letting you listen in on two experienced technologies as they describe the building process. Now, there's a lot of work required to bring a project from whiteboard to development, and none of us can do it alone. The host Burr Sutter is a Red Hatter and a lifelong developer advocate and community organizer. On each episode, Burr sits down with experienced technologies from across the industry to trade stories and talk about what they've learned from their experiences. Now, the cool thing about this podcast is to bring real world experts to you, to provide tools and techniques that apply to even your scenarios.

(00:50:00):
In fact, the Deep Learning episode brings you toolkits to help reduce the barrier for your organization. Get rid of all that noise and get you there. Fast episodes are available anywhere you listen to podcasts. And at Red hat.com/code comments podcast, search for code comments in your podcast player will also include a link in the show notes. And we thank code comments for their support of This Week in Enterprise Tech. Now, we've been talking with Mario Blandini, he's from IX Systems. We've been talking a lot about open source storage. I'm sure, I'm sure that Zeibert's got some more questions,

Brian Chee (00:50:40):
Zeibert. Oh, yeah. So I need to bring this up only because Free Naz was z was Zfs, and shall we say Linus Tural and the Linnux crew had a big argument with Oracle on zfs, but you guys don't use that version. You're using Open Zfs, right?

Mario Blandini (00:51:02):
Yeah. If

Brian Chee (00:51:03):
You that, tell us more about that

Mario Blandini (00:51:04):
Sure thing. Yeah, from a a history perspective there's a lot of that political history. We even recently in bringing open Z F S and making it a FirstClass citizen running on Linux, we are kind of in that a little bit of a religious debate. It turned out that when we made that transition, it was much to do about nothing. And actually a lot generated a lot more excitement. So think of Open Zfs as having its own development community involving companies like Delphix. Certainly IX systems is a part of it. Nutanix and other companies do contribute to that. So it is really carrying forward the original vision of zfs, which is to create a zettabyte of data freedom. And we being the most deployed storage operating system, we're not quite there yet. Give us another eight, 10 years, and I think we could reasonably point to there being a zettabyte of data behind Tru Naz and thus open Zfs.

(00:52:06):
But think of it as its own project that has its own governance. We just had our a conference recently in San Francisco with all the developers and sharing some tips and secrets on how to optimize performance. And certainly you could look at a lot of the feature functionality over the years as having really improved. So it makes it a lot easier for folks to deploy and not even worry about it. I mean, there used to be days when folks wouldn't, when we'd care in storage about exactly how you laid your hard drives out and all that sort of other stuff. These days it things work a lot better than they had and more of a turnkey experience. So, which is why I tell folks, even if you're in the enterprise and you don't think that open source is is for you, maybe you haven't tried what open source is these days. It has matured and gotten a lot more turnkey for folks who don't wanna do a DIY project, but can at least install some software to turn some bare metal into some storage.

Curtis Franklin (00:53:13):
Well, when we're talking about the capabilities of the software in, in so many instances, we, we see software of, of this sort go in one of two directions. Either it becomes more and more full featured offering, you know, new and exciting things. It, it provides indexing and security, and now it's a database, now it's something else. It walks the dog, it freshens your breath, it whitens your teeth, all of these things. The other direction is one where it says, we're going to take away all that. We're going to focus on this one core activity, do that, provide some API hooks, and we'll do our thing, let other people join us to do the others. Which one do you think will be the long-term direction, broad direction for, for what you're doing?

Mario Blandini (00:54:12):
Yeah, for what we're doing, I'd say that it would be door number two in the sense that the, we exist to help people from having to re-implement build their own storage, right? There used to be how many operating systems in the world, and now there's far fewer of them because you don't need a lot of operating systems. We, we happen to believe as the, as the life goes on, a lot of the storage tax built by other enterprise technology companies are not gonna survive. A lot of them acquired and put together in portfolios of bigger companies with the idea that Tru Naz is here to stay, think of it as that door number two, where it does what it does very well. And by us, with Tru Naz scale, moving to Linux, our model that we see is that you would take Linux-based storage applications that do all of the things like freshen your breath and index data.

(00:55:09):
We've already have a a really cool development ecosystem with over a thousand apps available in application charts for True Now scale. And we've just only re released that software in February of this year. So, to your model question, it would be one where IX systems with Tru Naz would make sure that the base functionality remains as easy to use and bulletproof as possible, doing the development necessary to keep it secure and such. But let's just say up the stack will be with apps running natively as containers on the storage device.

Curtis Franklin (00:55:48):
Well, you did mention one of my favorite words in that answer, and that's security. So, you know, obviously as, as we said earlier in the show, privacy and security are not the same, but they're linked. And both enterprises consumers and governments are becoming much more interested in both of these things. Would you say that Truness is interested in making security or making it easier for other people to provide security for the storage or, or some combination of the two?

Mario Blandini (00:56:28):
It's probably a couple different layers there. Brian mentioned one of them in the pre-show huddle a about how actor directory and access controls in general are handled. That's something that the underlying storage needs to be able to support any of those environments and just be able to do it the same way you would expect from an enterprise storage device that you bought from a proprietary vendor, right? So think of, of that as being the, the, at least the things that the storage needs to do as you guys were talking about HIPAA and other things, a lot of it has to do with how you use a technology, not the technology itself that dictates some of that. So there, there are opportunities higher up in the stack for things that could improve security.

(00:57:22):
But think of what IX is focused on is making sure that to the extent that you deploy this, and in a lot of these cases, these are on-premises storage devices that are air gapped from the, from the entire world supporting backend applications. So for our you know, small office users and folks that are using it for a lot of o those sort of other things we often get told that our software is too hard to use compared to some of the small office home office products, which are built more for, for that audience who, and don't have the folks that can touch and manage all the security settings. So you Tru Naza is certainly built with enterprise in mind, though we have folks using it from, you know, small mini boxes at their home to, you know 20 plus petabytes per, per system in some of our large users in universities, all without paying us any money, which we're excited about, because as I mentioned before, we s we're here to spread the benefits of data freedom, get people to try it.

(00:58:24):
 And if they try it and they use it, they like it that's awesome because then maybe next time they need some storage, they'll think of us if they need a SLA or they need a a support contract.

Louis Maresca (00:58:36):
Well, you, you segued beautifully because unfortunately, time flies when you're having fun and we're running it out of time. So, Mario, thanks so much for being here. But, you know, I wanted to give you a chance to tell a little bit, folks, folks at home, a little bit about where they can find more about IX Systems, maybe how they can get started and maybe try out some stuff.

Mario Blandini (00:58:52):
Yeah, I mean, we say free to try, but it's really free to use. So if you have never made attempt to use Tru Naz and you've got a VM or you've got some gear laying around, odds are that it would work great on that. We have a, a community of 250,000 users, and in the case of Triad Scale, our hyper-converged product, 40,000 different folks helped us test and do bugs and all that documentation stuff. The easiest way to get started is go to tru nas.com. We've got forums and a Discord channel there for support. But you can just download the software and use it and if you need any help there's the forums, as I mentioned, a Discord channel. There's Reddit think of it like an open source project where you're free to to, to use it. And where IX comes in, if you know have the need to get some new hardware or you're looking for a an easier way to do it with a turnkey support model that's where we come into play and usually a lot less expensive than what you might otherwise get a quote from from the enterprise vendors.

Louis Maresca (01:00:03):
Well, folks, you've done it again. You sat through another hour with the Best Day Enterprise and IT podcast in the universe to definitely tune your podcaster to twit. I wanna thank everyone who makes this show possible, especially to my wonderful co-host, especially Mr. Brian g I wanna thank Mr. Brian G first. What's going on for you in the coming weeks, Brian? And where can people find you?

Brian Chee (01:00:24):
I'm actually really curious on how many of my free NAS machines are still running. I, I recycled a lot of old servers that people didn't want anymore. So my hardware was free, my software is free. It played really nicely with my N F S N I S systems. It played nicely with my active directory and gee, it was the perfect answer for really, really cheap commands. And universities are, you know, that cheap also. Anyway I'm actually working on things again with Makerspace. The Holiday Matsuri, which is actually a big show at a local hotel in Orlando, is basically it's holiday themed, anime, cosplay and so forth. The person driving this is trying to wrangle me into going and making the Christmas tree in the middle of the booth intelligence. So that ought to be fun. But, you know, I'd love to hear from you, get your ideas.

(01:01:37):
 Some people don't like what I say, some people do. That's your opinion is very valuable. If you wanna flame me, go right ahead. Just don't expect a nice answer if you flame me <laugh>. But anyway on the easiest way to get me is on Twitter, and I'm still on Twitter. I haven't completely moved over to another platform yet, but I am A D V N E T L A B advanced net lab. And I, I was actually throwing some love towards the Yolink people. It's a very nice implementation of Laura. If you've never had to do Laura from scratch, there's a lot of moving parts and the yielding folks have taken a lot of the hassle out of, in fact the founder and I have been having a back channel chat about a potential new product and we'll see how that goes. Oughta be fun. You're also welcome to throw email on I'm cheever, spelled C H e e B e RT twit.tv. And you're also welcome to throw email@twittwit.tv and that'll hit all the hosts. Would love to hear from you. Have a great holiday season.

Louis Maresca (01:03:02):
Thanks. Cheaper. Well, we also have to thank the wonderful Mr. Curtis Franklin. Curtis, what's going on for you in the coming weeks and where could people find you?

Curtis Franklin (01:03:11):
Well, I'm back at work on Monday, so back doing my normal things. I'll be back on the social networks, everything from Twitter and Mastodon to LinkedIn. I'll be back doing LinkedIn live next week. I've got a ton of written things due before the end of the year and fortunately because I don't have nearly enough to do, I've got a new keyboard that just came in that I'm gonna be doing a review off. I do a lot of typing and so I am always looking for the next great keyboard. One arrive today and it's looking promising. So I'll have some words about that. And will look forward to seeing how many of you have the same keyboard and can agree with me or disagree ideally without the flames

Louis Maresca (01:04:06):
<Laugh>. Thanks Curtis. Well folks, we also have to thank you as well. You're the person who drops in and every week to get your enterprise and it goodness who wanna make it easy for you to listen and catch up on your enterprise and IT news to go to our show page, write now TWI tv slash twi that you'll find all the amazing backup of those that we have. We have a lot of them, all the show notes, the cos information, the guest information, of course, the links of the stories that we do during the show. But more importantly there next to those videos, you'll get your, your those helpful download and subscribe links. Support the show by getting your audio version and your video version of your choice. Use it on any one of your devices or even on any one of your podcast applications cuz we're on all of them.

(01:04:47):
Definitely subscribe and support the show. Plus, you've also probably heard we also have Club Twit. That's a great way to support the network and the show. It's a members only ad free podcast service with a bonus sweat plus feed that you can't get anywhere else. And it's only $7 a month and there's a lot to great, great things about Club Twit. In fact, one of them is the exclusive access to the members only Discord server. You can chat with hosts, you can chat with producers. We have separate discussion channels. Lots of great special events that go on there. So definitely join Club twit, be part of the fun and be part of the movement. Go to TWIT tv slash club twit and also Club Twit also offers corporate group group plans as well. It's a great way to give your team access to our Ad Free Tech podcast.

(01:05:29):
The plans start with five members at a discount rate of $6 each per month. And you can add as many seats as you'd like. And this is a great way for your IT departments, your developers, your tech teams, your sales teams to stay up to date with access up to all of our podcasts. And just like the regular membership, you also get access to twit Discord server and get the TWIT plus bonus feed as well. So twit TV slash club twit. Now after you subscribe, definitely impress your family members, your coworkers, your friends with the gift of Twits the holiday season. You might as well give 'em a really good gift. We talk a lot about fun tech topics on this show and I can guarantee they will find it fun and interesting as well. So definitely have them subscribe to TWIT as well.

(01:06:09):
Now if you're already subscribed and you're available on Friday, 1:30 PM Pacific, we do this show live. That's right, right here, right now at Live twit tv. There's all the streams there. You can choose one of them, come see how the pizza is made, all the behind the scenes, all the fun stuff. Of course, you know, we have a lot of fun here. We have a lot of banter. So definitely check it out, Jeff, the live stream livestream, of course you're gonna watch the live stream. Definitely jump into our infamous IRC channel as well. Irc TWI TV is the website or the server. Use a another client, definitely ge, jump into the Twit live channel there. Of course, we have a lot of amazing characters that are in there. They returning characters, new characters, river, Mike Leia, Adam 24 Bitcoin and Assassin. Love that. So a lot of people in there, definitely join them.

(01:06:57):
Be part of the chat room, be part of that movement. Join them at IRC dot Twitter tv now. Definitely hit me up. I want you to hit me up because I want to hear about how we're doing on the show. Different topics you want. Go over to twitter.com/lu like right now, send me a message, send me a direct message, send me a public message. Whatever you wanna do. I'd love to hear from you. Of course you can always hit me up on LinkedIn as well. I'm a Lewis Maka on LinkedIn. You know, lots of people send me messages on there, whether it's about my normal work week for, for Microsoft or if it's just wanna talk about tech or even talk about some of the trends that are out there. So definitely hit me up there. If you wanna know what I do at Microsoft, definitely check out developers.microsoft.com/office.

(01:07:37):
There it is. It's really the latest and greatest ways for you to customize your office experience developer on develop on office. You can create, you know, web-based macros now using JavaScript type script to be, be able to run them, you know, behind the scenes without actually having to have Excel open. Definitely check out office scripts. Check out all the latest greatest ways for you to customize your office experience. I wanna make sure I thank everyone who makes this show possible, especially to Leo and Lisa. They continue to support this weekend enterprise tech each and every week and we couldn't do this show without them. So thank you for all your support over the years. I wanna thank all the engineers and staff and twit happy holidays to, to them cuz they do a lot of work and they deserve some time off. So thank you all for your support.

(01:08:19):
Of course. I want to thank Mr. Brian. She sheer one more time. He's not only our co-host but he's also our tireless producer. That's right. He does all the bookings and the playings for the show and we couldn't do this show without him. So thank you Zeibert for all your support over the years. We definitely couldn't do show that without you. Before we sign out, I want to thank our editor for today because, you know, they're gonna make us look good. I make lots of mistakes, so they make me look, you know, smart. So thank you for that. Of course. I want to thank our TD for today, our wonderful Mr. Ant Pruitt. He does an amazing show called HandsOn Photography and what's on the show this week.

Ant Pruitt (01:08:54):
Well, thank you Mr. Lou. this week I took a look at a micro panel from the folks at Black Magic Design. It's a tool specifically used for color grading inside a Da Vinci resolved. And spoiler alert, I'm really trying to sweep talk Queen Pruit and then letting me buy one. That thing is so dag gum. Awesome. Oh, twit, that tv slash h o p.

Louis Maresca (01:09:18):
Thanks aunt. Well, until next time, I'm Lewis Maresca just reminding you, if you want to know what's going on in the enterprise, just keep quiet.

Rod Pyle (01:09:28):
Hey, I'm Rod Pyle, editor in Chief of Ad Astra Magazine. And each week I joined with my co-host to bring you this week in space, the latest and greatest news from the Final Frontier. We talk to NASA chiefs, space scientists, engineers, educators and artists, and sometimes we just shoot the breeze over what's hot and what's not in space books and tv. And we do it all for you, our fellow true believers. So whether you're an armchair adventurer or waiting for your turn to grab a slot in Elon's Mars Rocket, join us on this weekend space and be part of the greatest adventure of all time.

All Transcripts posts