Three years in the software industry is like a score in the rest of the world. It’d seem futile to write a book because, by the time it’s published, it’s outdated. But for Kris Nóva, who co-authored “Cloud Native Infrastructure” back in 2017, much of it still rings true today. After all, when you take a step back from the brands and the tooling, the transparency-focused culture and the declarative infrastructure is still the same.
In this episode of The New Stack Makers podcast, we talk to Nóva, chief open source advocate at Sysdig, about the progression of the open source world and her perspective examining it through the lens of San Francisco’s COVID-19 lockdown. She calls the book she wrote with Justin Garrison a kind of thesis that looks to predict the infrastructural patterns that could solve a lot of the challenges cloud native infrastructure teams face.
Most of their predictions, like wrapping up infrastructure into a standardized API, were dead on. But they couldn’t have foreseen how invested the three big cloud providers — Amazon Web Services, Google Cloud Platform, and Microsoft Azure — going all-in on this idea of building a vendor-neutral open-source community-backed solution. In turn, this allowed for other cloud providers like DigitalOcean to compete.
Nóva said, “It’s cool to see people coming together in this community and the cluster API not working just for the big three as we had originally planned, but also working for the little guys or the new guys. And I think that’s just a good example of a good abstraction and a good design.”
But what about security? Can open source really be more secure? From SSL to GPG keys to TLS, she points out that a lot of the basis for security is in the open source space.
“In a weird way, the actual intellectual property of keeping them [open source projects] secure has more eyes on it, more contributions and more support. And it’s used in different ways. And I think that makes for a healthier, more rounded, security implementation,” Nóva said.
Although she admits open source for security is a harder sell. Sysdig is the creator of Falco, which she calls “the only runtime open source security tool out there.” She says they don’t have difficulty finding and protecting users, but gathering use cases and testimonials is inherently harder. She says that no one wants to be the end-users demonstrating publicly what’s keeping their systems secure.
In the end, Nóva says there’s no such thing as perfect or safe software. And you can only prepare for so much.
Reflecting on her forced home quarantine, she said, “I don’t think California, the state where I live, or even the country I live in, was prepared for a lot of this. This [pandemic] kind of caught us off guard. And I think you see that same pattern in open source in technology… For lack of a better term, there are things that happen, that you’re not prepared for. So I think to have a good set of monitoring and detection tools in place, whether they’re open source or not, is going to be more and more important as we start to prepare for the unexpected.”
Photo by Sangga Rima Roman Selia on Unsplash.