Open at Intel open.intel

In this episode, John Kjell, Director of Open Source at TestifySec, discusses his involvement in various open source projects and the intricacies of maintaining such projects. John sheds light on his work with the CNCF and OpenSSF, and the impact of tools like Witness, Archivista, and SLSA. He outlines the challenges maintainers face, especially around security, and offers insights into balancing professional and personal responsibilities. John also explores the significance of community, inclusivity, and a secure developer identity in open source ecosystems.
00:00 Introduction and Guest Background01:20 Maintainer Burnout and Security Challenges04:41 Balancing Multiple Projects and Personal Life07:15 Security Risks in Smaller Projects10:13 Developer Identity and Reputation19:37 Open Source Origin Story and Community Involvement24:11 Optimism for the Future of Open Source Security
Resources:
Enhancing Open Source Security: Introducing Siren by OpenSSF – Open Source Security Foundation
Security at Every Step: Why Software Supply Chains Are Critical
Guest:

John Kjell is responsible for open source at TestifySec, a software supply chain security startup. He is a maintainer for the Witness and Archivista sub-projects under in-toto. Additionally, John is an active contributor to CNCF's TAG Security and multiple projects within the OpenSSF. Before TestifySec, John was an engineering leader at VMware, helping to bring supply chain security features to the Tanzu Application Platform.

In this episode, Devin Stein, founder of Dosu, shares his journey from being an active open source user and maintainer to solving maintainer burnout with Dosu, a GitHub app designed to automate and streamline open source project management. He discusses key pain points faced by maintainers, the innovative use of LLMs to enhance task automation, and his partnership with the CNCF to support various projects. Stein reflects on the broader impact of AI in open source maintenance, emphasizing the potential to enhance efficiency and community engagement while preserving the human element in open source development.
 
00:00 Introduction02:21 Challenges Faced by Open Source Maintainers06:53 How Dosu Works11:39 Partnership with the CNCF16:39 Future of Open Source and AI
 
Guest:

Devin Stein is the CEO and Founder of Dosu. Prior to Dosu, Devin was an early engineer and leader at various startups. Outside of work, he is an active open source contributor and maintainer.

Sarah Christoff discusses her experiences and challenges as an open source maintainer with a focus on her work with the Porter and Zarf projects. Sarah shares insights into the frustrations and isolation often felt by maintainers, and emphasizes the importance of community and human connections in navigating these roles. We chatted about of Porter and its function in simplifying complex DevOps tool integrations. Additionally, Sarah talks about Zarf, a project recently donated to the OpenSSF aimed at facilitating air-gapped Kubernetes deployments. 

00:00 Introduction
01:29 Challenges of Being an Open Source Maintainer
03:12 The Human Element in Software Development
05:45 Advice for Aspiring Maintainers
08:42 The Porter Project
11:10 The Zarf Project
13:09 The Importance of Community in Open Source
15:31 Women in Tech and Role Models
21:45 Animal Rescue and Community Building
26:10 Final Thoughts and Hot Takes on Open Source


 

Guest:

Sarah Christoff is a software engineer at Defense Unicorns who loves making complex code more digestible. She is the self-proclaimed founder of the Leslie Lamport fan club. When she's not bugbusting, she is running her animal rescue and competing in triathlons. She believes code should be like cats: intelligent, fluffy, and easy to take care of.
 

Matt Ray, the community manager for the CNCF sandbox project OpenCost, discusses their cloud and Kubernetes cost monitoring technology. He covers the capabilities of OpenCost in tracking cloud expenses and its new feature for monitoring carbon costs. Matt elaborates on the project's origin, its open source community, and the collaborative effort with other companies like Grafana and Microsoft. The conversation covers the community's growth, contribution processes, and OpenCost's goals for becoming more diverse and integrated with other technologies. Matt also reflects on the increasing interest in cost monitoring and his personal journey in the open source community.
 
00:00 Introduction to Matt Ray and OpenCost
01:09 OpenCost's Origins and CNCF Contribution
02:25 OpenCost vs. KubeCost: Defining the Boundaries
03:35 Adoption and Integration of OpenCost
04:30 Community Contributions and Project Growth
07:00 Flexibility and Use Cases of OpenCost
13:58 Becoming a Committer and Maintainer
14:47 Community Engagement and Participation
15:25 Future Plans and Focus
16:39 Carbon Cost and Plugin Architecture
17:53 Personal Journey in Open Source
 
Guest:


Matt Ray has been active in Open Source and DevOps communities for over two decades and has spoken at and helped organize many conferences and meetups. He is currently the Senior Community Manager at Kubecost for the CNCF Sandbox Project OpenCost. He has worked in and with enterprises and startups across a wide variety of industries including banking, retail, and government. He currently resides in Sydney, Australia after relocating from Austin, Texas. He co-hosts the Software Defined Talk podcast and is active on Mastodon, GitHub, and too many Slacks.

Andres Aguiar joins us to discuss OpenFGA, an open source project for managing fine-grained authorization. Andres covers the challenges in implementing authorization and the importance of using precise access controls to enhance security. He outlines the project's journey, use cases, and how it can be integrated into different software environments. The conversation highlights the community's contributions, the roadmap for OpenFGA, and the potential of AI in improving security through centralized logging and anomaly detection.
00:13 Meet Andres and OpenFGA01:48 Project Maturity and Community02:55 Adoption and Use Cases04:43 Contributions and Integrations05:59 Understanding Relationship-Based Access Control16:13 Future Roadmap and AI Potential
Guest:

Andres Aguiar has spent his 20+ year career building tools for developers, wearing different hats. He’s been working on the identity space for the last 6 years, and is currently the Product Manager for OpenFGA.

We spoke with Edoardo Dusi from Sparkfabrik about Edoardo's career path from a backend software engineer specializing in Drupal to his current role in Developer Relations (DevRel). He shared his experiences and the importance of community involvement when working with open source software. He highlighted the supportive nature of open source communities and provided advice for newcomers. We also covered the work of the Open Source Security Foundation (OpenSSF) and the significance of security in open source projects.
00:00 Welcome and Introduction 01:03 Sparkfabrik and Drupal02:01 Exploring KubeCon02:56 Getting Involved in Open Source06:10 Challenges in Modern Open Source08:37 Joining OpenSSF11:21 Importance of Security in Open Source13:01 European Perspectives on Security14:14 The Role of Big Tech in Open Source14:36 Community Contributions and Impact16:34 Navigating the Contribution Process21:24 Advice for New Open Source Contributors25:47 The Human Side of Software Development
Guest:

Edoardo Dusi is a Developer Relations Engineer at SparkFabrik, a company that helps organisations build digital products with open source technologies. He has a strong software developer and team leader background, working on various projects and platforms. He is passionate about creating and sharing content that educates and inspires other developers, such as tech talks, videos, podcasts, conferences, and more. He enjoys connecting with the developer community and promoting the benefits of open source software.