Screaming in the Cloud Corey Quinn

Alex King is a key player at the Duckbill Group as our legal counsel, as well as the founder of his own law firm, Archetype Legal. In this episode, Alex shares insights on his role in helping startups and small businesses navigate legal complexities, emphasizing the importance of risk analysis and compliance. He explains that attorneys highlight risks, allowing business leaders to make informed decisions. Alex recounts his experiences guiding clients through various legal challenges, from hiring decisions to office leases. Corey discusses the unique legal scenarios faced by the Duckbill Group and highlights the benefits of Alex's unique approach. 
Show Highlights: 
(00:00) Introduction (02:10) What Alex does for the Duckbill Group as legal counsel(02:42) The role of an attorney for startups and established businesses(07:20) Similarities and differences between what the advisers at Duckbill Group do and what Alex does as a lawyer(11:56) Alex’s ability to provide context to legal decisions that would otherwise be missing(22:07) How negotiating hiring contracts can work out if done wisely(25:09) What Alex wishes people knew to make interacting with attorneys easier
About Alex:
Alex King is an attorney and the founder of Archetype Legal PC, a law firm dedicated to helping entrepreneurs, startups, and small businesses take practical legal steps to achieve their business goals. In addition, he is a Business Advisor for Pacific Community Ventures, a nonprofit supporting small business growth and job creation in low-income communities. His experience includes corporate law, business operations, and strategic planning. 
Links Referenced:
Website: https://www.archetypelegal.com/  Email: alex@archetypelegal.comSponsor
Panoptica: https://www.panoptica.app/

Corey Quinn and Daniel Grzelak take you on a journey through the wild and wonderful world of Amazon S3 in this episode. They explore the fun quirks and hidden surprises of S3, like the mysterious "Schrodinger's Objects" from incomplete uploads and the head-scratching differences between S3 bucket commands and the S3 API. Daniel and Corey break down common misunderstandings about S3 encryption and IAM policies, sharing stories of misconfigurations and security pitfalls.
Show Highlights: 
(00:00) - Introduction
(03:49) - Schrodinger's Objects
(05:23) - S3 Permissions and Security
(06:44) - Incomplete Multipart Uploads Causing Unexpected Billing Issues
(10:28) - Historical Oddities and Unexpected Behaviors of S3
(12:00) - Encryption Misconceptions
(15:17) - Durability and Reliability of S3
(17:49) - AWS Security and Trust
(21:01) - Practical Tips for S3 Users
(26:10) - Compliance Locks and Data Management
(29:13) - Closing Thoughts

About Daniel:
Daniel Grzelak is a 20-year cybersecurity industry veteran, currently working as Chief Innovation Officer at Plerion. He is no longer the CISO at Linktree nor the Head of Security at Atlassian, but he tries to stay relevant by hacking AWS and Cloud in general.
Links Referenced:
Personal Website: https://dagrz.com/
LinkedIn: https://www.linkedin.com/in/danielgrzelak/
Things you wish you didn't need to know about S3: https://blog.plerion.com/things-you-wish-you-didnt-need-to-know-about-s3/
S3 Bucket Encryption Doesn't Work The Way You Think It Works: https://blog.plerion.com/s3-bucket-encryption-doesnt-work-the-way-you-think-it-works/
*Sponsor
Panoptica: https://www.panoptica.app/

This episode features Madelyn Olson, maintainer for the open-source project Valkey, to discuss the growth and impact of open-source projects in the tech industry. Corey and Madelyn explore the transformations within these projects, particularly the challenges and shifts in governance and licensing practices that affect how companies like AWS contribute to and utilize open-source software. Furthermore, Madelyn shares insights into the motivations behind Valkey, its differentiation from Redis, and the broader implications for open-source sustainability and corporate involvement.
Show Highlights: 
(00:00) Introduction and discussion on AWS's approach to open-source
(01:41) Recap of the Redis controversy and licensing changes
(02:35) Madelyn's role at AWS and her work on ElastiCache and MemoryDB
(04:11) The enduring relevance and importance of open source in solving global technology problems
(06:15) The freedoms of open source and the broad implications for software development
(08:19) The evolution of governance and project management in the Valkey project
(09:53) The full transition of Madelyn's efforts from Redis to Valkey
(17:27) Why Valkey was created and its future direction
(24:57) The separation of duties between Madelyn's roles at AWS and the Valkey project
(32:34) Closing thoughts and where to find more information on Valkey
About Madelyn:
Madelyn Olson is a co-creator and maintainer of Valkey, a high-performance kev-value data store and Principal Engineer at Amazon Web Services (AWS). She focuses on building secure and highly reliable features, with a passion for working with open-source communities.
Links Referenced:
Website: https://valkey.io/ 
Linkedin: https://www.linkedin.com/in/madelyn-olson-valkey/
GitHub: https://github.com/madolson
Twitter: https://x.com/reconditerose

*Sponsor
Panoptica: https://www.panoptica.app/

In this episode, Corey Quinn is joined by Senior Security Engineering Lead at Mattermost Paul Harrison in a discussion on the often-overlooked ethical implications of artificial intelligence in technology. They discuss how the rapid adoption of AI technologies might compromise user privacy and consent, reflecting on instances where companies may prioritize innovation at the expense of these core values. Their conversation highlights Mattermost's dedication to data privacy and user control, positioning the company as a privacy-centric alternative in the tech landscape.
Show Highlights: 
(00:00) Introduction to the episode 

(01:50) How companies compromise privacy in the rush to adopt AI

(04:10) What is Mattermost? Paul explains the self-hostable, privacy-focused 
communication platform

(06:00) The evolution of chat platforms and Mattermost's unique position compared to Slack

(10:01) Paul elaborates on how Mattermost enables user control over data and customization

(14:23) Discuss the implications of integrating AI in everyday applications and its challenges

(20:35) AI’s potential risks and unintended consequences, particularly in data management and security

(25:14) Paul and Corey critique tech companies’ approach to AI and data privacy

(28:59) Closing remarks and where to find more information about Paul Harrison and Mattermost

About Paul:
Paul Harrison is a Senior Security Engineering Lead at Mattermost, responsible for their Security Operations team. Prior to this he led Security Operations at GitLib, and several other emerging tech companies. Paul has specialized in building security operations and infrastructure security programs, enabling companies to have a secure footing as they grow. 
Links Referenced:
Mattermost Community: https://community.mattermost.com/landing#/
*Sponsor
Panoptica: https://www.panoptica.app/

Justin Garrison, Director of Developer Relations at Sidero, joins Corey to discuss Justin's experience transitioning from large companies like AWS and Disney to a more agile company like Sidero, the benefits of using simplified Linux distributions like Talos OS for running Kubernetes, and the pros of on-premises setups for certain workloads. The conversation touches upon challenges with cloud provider limitations, the impacts of computing power on both an economic and environmental scale and Corey and Justin’s frustration with businesses touting their use of AI when they’ve already abandoned those projects. 
Show Highlights: 
(00:00) - Introduction
(01:09) - Justin’s Background and Career Journey
(02:39) - Transition to Sidero
(03:51) - Using Personal Devices for Work
(08:09) - Talos Linux and Kubernetes
(15:19) - Kubernetes Upgrades and On-Prem Challenges
(19:21) - Building Your Own Cloud Platform
(21:52) - Multi-Cloud vs. Hybrid Cloud
(25:15) - Scaling and Resource Management
(28:02) - Gaming and Cloud Bursting
(32:46) - AI and GPU Challenges
(34:54) - Balancing On-Prem and Cloud Solutions
(40:49) - Final Thoughts and Contact

About Justin:
Justin is a historian living in the future. Lucky enough to play with cool technologies and hopeful enough to bring others along for the ride.
Links Referenced:
Justin’s Website: http://justingarrison.com
Justin on Bluesky: https://bsky.app/profile/justingarrison.com
Justin Garrison on LinkedIn: https://www.linkedin.com/in/justingarrison/

*Sponsor

Panoptica: https://www.panoptica.app/

This episode explores the intricacies of authorization in software development with Sam Scott, CTO and co-founder of Oso. This conversation highlights the subtle yet critical differences between authentication and authorization, and why understanding these distinctions is pivotal for securing applications effectively. Sam shares his journey from a cryptography PhD to tackling real-world software security problems, emphasizing Oso's mission to streamline authorization for developers. The episode is rich with insights on how fine-grained authorization can significantly improve security posture and user experience, drawing on examples from prominent tech companies like AWS and Google Cloud. Sam also introduces Oso's innovative approach to authorization, simplifying permission management without sacrificing flexibility or control, making it an indispensable tool for developers navigating the complex landscape of modern software security.
Show Highlights: 
(00:00) Introduction 
(01:49) Insights from Sam's PhD in cryptography
(01:56) Understanding the difference between authentication and authorization
(04:05) The real-world implications of key management and the role of authorization in security
(06:02) Explaining role-based access control and its practical applications in cloud environments
(10:47) The complexities of managing access controls in microservices architectures 
(15:37) How Oso simplifies the implementation of authorization for developers 
(19:21) Discussion on the importance of consistent authorization practices across internal and external applications
(25:14) Sam explains the challenges and necessity of implementing user impersonation features in authorization systems
(31:12) The future of authorization technologies and integrating them into business practices
(35:38) Where to find more resources about Oso and get involved with their community

About Sam:
Sam is the cofounder/CTO at Oso, working on making security and authorization more accessible for developers. Sam previously got a PhD in Cryptography and was a contributor to TLS 1.3
Links referenced: 
Oso Website: https://www.osohq.com/
Oso’s Authorization Academy: https://www.osohq.com/academy/authorization-academy
Oso Community: 
https://join-slack.osohq.com/
https://oso-oss.slack.com/join/shared_invite/zt-1ygg193va-UTUiT7Gwt7DjZGgF96Ze~w#/shared-invite/email
* Sponsor 
Oso: https://www.osohq.com/