The POPCAST with Dan POP artwork

Episode 73 - Sign of the Times with Google and Sigstore's Dan Lorenc

The POPCAST with Dan POP

English - June 16, 2021 13:00 - 38 minutes - 35.7 MB - ★★★★★ - 9 ratings
Technology k8s cncf danpop devops kubecon dan papandrea agiledevelopment developer kubernetes software Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Episode 72 - The GitOps Weaver with Weaveworks CEO Alexis Richardson
Next Episode: Episode 74 - Continuously Delivering with the CD Foundation's Jacqueline Salinas

On June 18th 2021 - we will be holding our first Root Key ceremony on June 18th at 2pm Eastern on June 18th at 2pm Eastern on CloudNative.tv (CNCF twitch). Please join us more details at this link: https://blog.sigstore.dev/a-new-kind-of-trust-root-f11eeeed92ef

Timeline/Topic

00:00 -- Sigstore Key Ceremony June 16th 2021 - EXCLUSIVELY on CloudNative.tv

00:15 -- POPCAST Opener (Like and Subscribe and leave a comment!)

00:23 -- Introduction to Dan Lorenc Google Software Engineer and lead for Sigstore

01:00 -- "Lorenc" pronounced like "LAWRENCE"

01:46 -- the Dan's talk Upstate NY / Freihofer's Bakery but specifically Cookies

04:33 -- Dan's Journey to Google  

08:36 -- Dan talks Skaffold

11:09 -- Dan talks Minikube

13:08 -- Secure Software Supply Chain... whats the problem we need to solve?

15:43 -- Dan provides some advice on how to Secure Software Supply Chain

21:22 -- How a company's culture can help shape better security.  

23:43 -- Sigstore / Cosign - what is it and why you need it.

27:44 -- What a Sigstore Key Signing Cermony is (a full explanation)  

34:20 -- what work are you most proud of?  

Please leave a comment if you enjoyed the episode!  it helps the show!

Brought to you by:

***Teleport***

Teleport allows engineers and security professionals to unify access for SSH servers, Kubernetes clusters, web applications, and databases across all environments. You can download Teleport at https://goteleport.com

***Sysdig***

Run Confidently with Secure DevOps Security for containers, Kubernetes, and cloud

https://www.sysdig.com  

***COCKROACH LABS***

Discover  @CockroachDB   the most highly evolved distributed SQL database on the planet.  

Kubernetes-native and built from the ground up to help companies of all sizes including Bose,

Comcast, and Equifax scale fast, survive anything, and thrive everywhere.

Sign up for a free 30-day trial and get a free t-shirt at https://cockroachlabs.com/popcast

***Styra***

Learn how to operationalize Open Policy Agent at scale with Styra: https://hubs.ly/H0Pnkm20

***CIVO***

Civo is an alternative to the big hyperscale cloud providers.  

They've launched world's first managed Kubernetes service powered by K3s.  

With sub 90 second cluster launch times, a simplified Kubernetes experience,

and predictable billing, Civo is on a mission to create a better developer experience.

Get $250 free credit to get started. Sign up today at https://civo.com/popcast

Episode Links  

Sigstore - https://sigstore.dev/

Sigstore Root Key Ceremony Blog Post - https://blog.sigstore.dev/a-new-kind-of-trust-root-f11eeeed92ef

Ken Thompson  Paper - https://www.cs.cmu.edu/~rdriley/487/papers/Thompson\_1984\_ReflectionsonTrustingTrust.pdf

Dan's Malware with Falco blog - https://dlorenc.medium.com/hunting-for-malware-with-falco-834b19b398c9

POPCAST SHOW DETAILS  

YouTube:  https://bit.ly/3xgmmCj

Audio Podcast (Apple, Spotify, and others):  http://bit.ly/35MXfte

Follow us on (Twitter):  https://twitter.com/PopcastPop  

Follow us on (Linkedin): https://www.linkedin.com/company/the-popcast-with-danpop

Twitter Mentions