Building Smarter Authorization Systems with Sam Scott

Alex King is a key player at the Duckbill Group as our legal counsel, as well as the founder of his own law firm, Archetype Legal. In this episode, Alex shares insights on his role in helping startups and small businesses navigate legal complexities, emphasizing the importance of risk analysis and compliance. He explains that attorneys highlight risks, allowing business leaders to make informed decisions. Alex recounts his experiences guiding clients through various legal challenges, from hiring decisions to office leases. Corey discusses the unique legal scenarios faced by the Duckbill Group and highlights the benefits of Alex's unique approach. Show Highlights: (00:00) Introduction (02:10) What Alex does for the Duckbill Group as legal counsel(02:42) The role of an attorney for startups and established businesses(07:20) Similarities and differences between what the advisers at Duckbill Group do and what Alex does as a lawyer(11:56) Alex’s ability to provide context to legal decisions that would otherwise be missing(22:07) How negotiating hiring contracts can work out if done wisely(25:09) What Alex wishes people knew to make interacting with attorneys easierAbout Alex:Alex King is an attorney and the founder of Archetype Legal PC, a law firm dedicated to helping entrepreneurs, startups, and small businesses take practical legal steps to achieve their business goals. In addition, he is a Business Advisor for Pacific Community Ventures, a nonprofit supporting small business growth and job creation in low-income communities. His experience includes corporate law, business operations, and strategic planning. Links Referenced:Website: https://www.archetypelegal.com/  Email: [email protected]: https://www.panoptica.app/

Corey Quinn and Daniel Grzelak take you on a journey through the wild and wonderful world of Amazon S3 in this episode. They explore the fun quirks and hidden surprises of S3, like the mysterious "Schrodinger's Objects" from incomplete uploads and the head-scratching differences between S3 bucket commands and the S3 API. Daniel and Corey break down common misunderstandings about S3 encryption and IAM policies, sharing stories of misconfigurations and security pitfalls.Show Highlights: (00:00) - Introduction(03:49) - Schrodinger's Objects(05:23) - S3 Permissions and Security(06:44) - Incomplete Multipart Uploads Causing Unexpected Billing Issues(10:28) - Historical Oddities and Unexpected Behaviors of S3(12:00) - Encryption Misconceptions(15:17) - Durability and Reliability of S3(17:49) - AWS Security and Trust(21:01) - Practical Tips for S3 Users(26:10) - Compliance Locks and Data Management(29:13) - Closing ThoughtsAbout Daniel:Daniel Grzelak is a 20-year cybersecurity industry veteran, currently working as Chief Innovation Officer at Plerion. He is no longer the CISO at Linktree nor the Head of Security at Atlassian, but he tries to stay relevant by hacking AWS and Cloud in general.Links Referenced:Personal Website: https://dagrz.com/LinkedIn: https://www.linkedin.com/in/danielgrzelak/Things you wish you didn't need to know about S3: https://blog.plerion.com/things-you-wish-you-didnt-need-to-know-about-s3/S3 Bucket Encryption Doesn't Work The Way You Think It Works: https://blog.plerion.com/s3-bucket-encryption-doesnt-work-the-way-you-think-it-works/*SponsorPanoptica: https://www.panoptica.app/

This episode features Madelyn Olson, maintainer for the open-source project Valkey, to discuss the growth and impact of open-source projects in the tech industry. Corey and Madelyn explore the transformations within these projects, particularly the challenges and shifts in governance and licensing practices that affect how companies like AWS contribute to and utilize open-source software. Furthermore, Madelyn shares insights into the motivations behind Valkey, its differentiation from Redis, and the broader implications for open-source sustainability and corporate involvement.Show Highlights: (00:00) Introduction and discussion on AWS's approach to open-source(01:41) Recap of the Redis controversy and licensing changes(02:35) Madelyn's role at AWS and her work on ElastiCache and MemoryDB(04:11) The enduring relevance and importance of open source in solving global technology problems(06:15) The freedoms of open source and the broad implications for software development(08:19) The evolution of governance and project management in the Valkey project(09:53) The full transition of Madelyn's efforts from Redis to Valkey(17:27) Why Valkey was created and its future direction(24:57) The separation of duties between Madelyn's roles at AWS and the Valkey project(32:34) Closing thoughts and where to find more information on ValkeyAbout Madelyn:Madelyn Olson is a co-creator and maintainer of Valkey, a high-performance kev-value data store and Principal Engineer at Amazon Web Services (AWS). She focuses on building secure and highly reliable features, with a passion for working with open-source communities.Links Referenced:Website: https://valkey.io/ Linkedin: https://www.linkedin.com/in/madelyn-olson-valkey/GitHub: https://github.com/madolsonTwitter: https://x.com/reconditerose*SponsorPanoptica: https://www.panoptica.app/

In this episode, Corey Quinn is joined by Senior Security Engineering Lead at Mattermost Paul Harrison in a discussion on the often-overlooked ethical implications of artificial intelligence in technology. They discuss how the rapid adoption of AI technologies might compromise user privacy and consent, reflecting on instances where companies may prioritize innovation at the expense of these core values. Their conversation highlights Mattermost's dedication to data privacy and user control, positioning the company as a privacy-centric alternative in the tech landscape.Show Highlights: (00:00) Introduction to the episode (01:50) How companies compromise privacy in the rush to adopt AI(04:10) What is Mattermost? Paul explains the self-hostable, privacy-focused communication platform(06:00) The evolution of chat platforms and Mattermost's unique position compared to Slack(10:01) Paul elaborates on how Mattermost enables user control over data and customization(14:23) Discuss the implications of integrating AI in everyday applications and its challenges(20:35) AI’s potential risks and unintended consequences, particularly in data management and security(25:14) Paul and Corey critique tech companies’ approach to AI and data privacy(28:59) Closing remarks and where to find more information about Paul Harrison and MattermostAbout Paul:Paul Harrison is a Senior Security Engineering Lead at Mattermost, responsible for their Security Operations team. Prior to this he led Security Operations at GitLib, and several other emerging tech companies. Paul has specialized in building security operations and infrastructure security programs, enabling companies to have a secure footing as they grow. Links Referenced:Mattermost Community: https://community.mattermost.com/landing#/*SponsorPanoptica: https://www.panoptica.app/

Justin Garrison, Director of Developer Relations at Sidero, joins Corey to discuss Justin's experience transitioning from large companies like AWS and Disney to a more agile company like Sidero, the benefits of using simplified Linux distributions like Talos OS for running Kubernetes, and the pros of on-premises setups for certain workloads. The conversation touches upon challenges with cloud provider limitations, the impacts of computing power on both an economic and environmental scale and Corey and Justin’s frustration with businesses touting their use of AI when they’ve already abandoned those projects. Show Highlights: (00:00) - Introduction(01:09) - Justin’s Background and Career Journey(02:39) - Transition to Sidero(03:51) - Using Personal Devices for Work(08:09) - Talos Linux and Kubernetes(15:19) - Kubernetes Upgrades and On-Prem Challenges(19:21) - Building Your Own Cloud Platform(21:52) - Multi-Cloud vs. Hybrid Cloud(25:15) - Scaling and Resource Management(28:02) - Gaming and Cloud Bursting(32:46) - AI and GPU Challenges(34:54) - Balancing On-Prem and Cloud Solutions(40:49) - Final Thoughts and ContactAbout Justin:Justin is a historian living in the future. Lucky enough to play with cool technologies and hopeful enough to bring others along for the ride.Links Referenced:Justin’s Website: http://justingarrison.comJustin on Bluesky: https://bsky.app/profile/justingarrison.comJustin Garrison on LinkedIn: https://www.linkedin.com/in/justingarrison/*SponsorPanoptica: https://www.panoptica.app/

This episode explores the intricacies of authorization in software development with Sam Scott, CTO and co-founder of Oso. This conversation highlights the subtle yet critical differences between authentication and authorization, and why understanding these distinctions is pivotal for securing applications effectively. Sam shares his journey from a cryptography PhD to tackling real-world software security problems, emphasizing Oso's mission to streamline authorization for developers. The episode is rich with insights on how fine-grained authorization can significantly improve security posture and user experience, drawing on examples from prominent tech companies like AWS and Google Cloud. Sam also introduces Oso's innovative approach to authorization, simplifying permission management without sacrificing flexibility or control, making it an indispensable tool for developers navigating the complex landscape of modern software security.Show Highlights: (00:00) Introduction (01:49) Insights from Sam's PhD in cryptography(01:56) Understanding the difference between authentication and authorization(04:05) The real-world implications of key management and the role of authorization in security(06:02) Explaining role-based access control and its practical applications in cloud environments(10:47) The complexities of managing access controls in microservices architectures (15:37) How Oso simplifies the implementation of authorization for developers (19:21) Discussion on the importance of consistent authorization practices across internal and external applications(25:14) Sam explains the challenges and necessity of implementing user impersonation features in authorization systems(31:12) The future of authorization technologies and integrating them into business practices(35:38) Where to find more resources about Oso and get involved with their communityAbout Sam:Sam is the cofounder/CTO at Oso, working on making security and authorization more accessible for developers. Sam previously got a PhD in Cryptography and was a contributor to TLS 1.3Links referenced: Oso Website: https://www.osohq.com/Oso’s Authorization Academy: https://www.osohq.com/academy/authorization-academyOso Community: https://join-slack.osohq.com/https://oso-oss.slack.com/join/shared_invite/zt-1ygg193va-UTUiT7Gwt7DjZGgF96Ze~w#/shared-invite/email* Sponsor Oso: https://www.osohq.com/

This week on Screaming in the Cloud, Corey Quinn is joined by Kat Cosgrove, Lead Open Source Advocate for Dell Technologies. Kat catches Corey up to speed on the newest version of Kubernetes that Kat was the release lead for. The two discuss its unconventional name: Uwubernetes, what goes into creating and implementing a new version of the world’s second biggest open-source project, and which of Kat’s changes will be her legacy to Kubernetes. Kat also shares how she handles running a team that essentially works for free and what her Kubernetes role will be moving forward.Show Highlights:00:00 - Introduction and Welcome00:28 - Meet Kat Cosgrove01:46 - Kubernetes Release Management Insights02:43 - Naming the Kubernetes Release: Uwubernetes06:19 - Roles and Responsibilities in Kubernetes Releases11:18 - Enhancements and Deadlines in Kubernetes Releases14:22 - Kubernetes Incentive to Upgrade & Support Policies18:26 - Running Old Versions of Kubernetes20:17 - Challenges with Using Outdated Software Versions22:15 - Best Practices for Version Releases24:36 - Release Team Cycles26:00 - Kat’s Release Legacy31:58 - Kat’s Responsibilities Post-Release33:04 - Future Plans and Contact InformationAbout Kat CosgroveKat is a Lead Open Source Advocate at Dell focused on the growth and nurturing of open source through authentic contribution. In particular, her specialties are approachable 101-level content and deep dives on the history of technology, with a focus on DevOps and cloud native. She was the Kubernetes Release Lead for 1.30 Uwubernetes, and currently serves as both a Release Team subproject owner and SIG Docs tech lead.When she’s not at a conference, she spends her time playing video games, watching horror movies, or reading science fiction, but her current hyperfixation is film photography. She lives in Scotland with her cat, Espresso, who is the real brains behind the operation and actually ghostwriting all of her tweets.Links ReferencedKubernetes: https://kubernetes.io/ Kat Cosgrove on Twitter: https://x.com/Dixie3FlatlineKat Cosgrove on LinkedIn: https://www.linkedin.com/in/katcosgrove/ Email Kat: [email protected] * Sponsor Prowler: https://prowler.com

Welcome to another episode of Screaming in the Cloud, where we're joined by Anthony Fu, a framework developer at Nuxt Labs and the creator of Slidev. Anthony has diversified the way presentations are crafted by integrating coding directly into slide development. In this episode, Corey and Anthony discuss the benefits of using markdown to craft slides, the challenges associated with traditional presentation tools like Keynote, and the open-source contributions that have propelled the development of this innovative software. Anthony also shares his inspiration for creating a tool that streamlines and enhances the presentation creation process for both developers and non-developers.Show Highlights: (00:00) Introduction (03:13) The origins of Slidev  (04:47) The challenges with traditional presentation tools and the advantages of using Markdown for slides(06:04) How Slidev simplifies slide creation for presentations (07:01) Corey shares his surprise at the utility of Slidev for non-frontend developers (09:56) Addressing the challenges of aligning text and images in presentations (11:09) Anthony discusses his design philosophy for Slidev(15:14) Balancing feature requests and maintaining simplicity for Slidev(16:38) Anthony explains the importance of community contributions to Slidev (20:13) They discuss implementing new features into Slidev's evolution(24:15) Anthony’s insights into the open-source philosophy behind Slidev (27:09) Slidev's approach to redistributing sponsorships to support its dependencies through Open Collective(31:46) Corey mentions contributing to Slidev's documentation to make it more accessible(33:41) Closing remarks & where to connect with Anthony About Anthony Fu:Anthony is a fanatical open sourceror. Core team member of Vue, Nuxt, and Vite. Creator of Vitest, Slidev, VueUse, UnoCSS and Elk. Working at NuxtLabs. Links referenced:Slidev: https://sli.dev/ Slidev Github: https://github.com/slidevjs/slidevAnthony Fu’s Personal Website: https://antfu.me/Anthony Fu on LinkedIn: https://www.linkedin.com/in/antfu/?originalSubdomain=fr Anthony Fu on Twitter: https://x.com/antfu7NuxtLabs: https://nuxtlabs.com * Sponsor Prowler: https://prowler.com

On this week’s episode of Screaming in the Cloud, Corey  is joined by Stanford computer science student Aditya Saligrama, who recently taught a Stanford course on cloud infrastructure. Aditya shares his unique perspective on various topics, including how higher education approaches teaching computer science in a rapidly evolving landscape, why he chose cloud security to begin with instead of tacking it on at the end, and what his plans are for the rest of school and beyond. Corey and Aditya lament the lack of real-world skills taught by universities. Aditya shares with the audience just how much work goes into being an effective undergraduate-level teacher while being an undergraduate student himself. Show Highlights: (00:00) - Introduction(01:57) - Exploring CS40: cloud infrastructure and scalable application deployment(03:46) - The evolution of computer science education(05:09) - Bridging the gap between academia and industry(09:05) - Aditya's journey into security and cloud infrastructure(13:09) - The Stanford security clinic: red teaming for startups(14:09) - Internship insights and cloudflare's upcoming role(16:06) - The challenge of cloud account management for students(17:59) - Improving cloud education and accessibility(22:10) - The technical and educational challenges of CS40(29:29) - Final thoughts and where to find AdityaAbout Aditya Saligrama:Aditya Saligrama is an undergraduate and graduate student at Stanford University studying computer science, focusing on systems and security. In the Winter of 2024, Aditya taught CS 40 (Cloud Infrastructure and Scalable Application Deployment) at Stanford, the first university course ever to teach the fundamentals of deploying apps on the cloud hands-on using infrastructure as code. Aditya also leads the Applied Cyber student group at Stanford, winning first place in a national cyber defense competition in 2023 and second place in a global penetration testing competition in 2024, and advises early-stage startups on their security needs and posture through the Stanford Security Clinic. Aditya enjoys hiking, photography, and ping pong in his free time.Links referenced:Aditya’s Twitter: @saligrama_aAditya’s Website: https://saligrama.io* Sponsor Prowler: https://prowler.com

In this episode, we chat with Randall Hunt, the VP of Technology at Caylent, about the world of generative AI and how it's changing industries. Randall talks about his journey from being an AWS critic to leading tech projects at Caylent. He shares cool insights into the latest tech innovations, the challenges and opportunities in AI, and his vision for the future. Randall also explains how AI is used in healthcare, finance, and more, and gives advice for those interested in tech. Show Highlights: (00:00) - Introduction (00:28) - Randall talks about his job at Caylent and the projects he's working on(01:35) - Randall explains his honest and evolving perspective on Amazon Bedrock after working with it hands-on(03:35) - Randall breaks down the components and improvements of AWS Bedrock(06:08) - Improvements in AWS Bedrock's preview announcements and API functionality(08:05) - Randall's predictions on the future of generative AI models and their cost efficiency(10:00) - Randall shares practical use cases using distilled models and older GPUs(12:12) - Corey shares his experience with GPT-4 and the importance of prompt engineering(17:21) - Bedrock console features for comparing and contrasting AI models(21:02) - enterprise applications of generative AI and building reliable AI infrastructures(28:13) - Randall and Corey delve into the costs of training large AI models(36:37) - Randall talks about real-world applications of Bedrock in industries like HVAC management(39:40) - Closing thoughts and where to connect with RandallAbout Randall Hunt: Randall Hunt is a Software Engineer and Open Source Developer Advocate at Facebook. Previously of AWS, SpaceX, MongoDB, and NASA., Randall Hunt, VP of Cloud Strategy and Solutions at Caylent, is a technology leader, investor, and hands-on-keyboard coder based in Los Angeles, CA. Previously, Randall led software and developer relations teams at Facebook, SpaceX, AWS, MongoDB, and NASA. Randall spends most of his time listening to customers, building demos, writing blog posts, and mentoring junior engineers. Python and C++ are his favorite programming languages, but he begrudgingly admits that Javascript rules the world. Outside of work, Randall loves to read science fiction, advise startups, travel, and ski., Randall is the coder in the boardroom.Links referenced: Randall Hunt on LinkedIn: https://www.linkedin.com/in/ranman/Caylent: https://caylent.com/Caylent on Linkedin: https://www.linkedin.com/company/caylent/* Sponsor Prowler: https://prowler.com