Transcripts
This Week in Enterprise Tech Episode 508 Transcript
Please be advised this transcript is AI-generated and may not be word for word.
Time codes refer to the approximate times in the ad-supported version of the show.
Curt Franklin (00:00:00):
This week at enterprise tech, we talk about teeny tiny routers and Patrick Jean of OutSystems is here to talk about low code development, TW on the set
V.O. (00:00:17):
Podcasts you love from people you trust This. This is tweet this week at enterprise tech episode 508 recorded August 26th, 2022. The death of DevOps.
Louis Maresca (00:00:37):
Louis MarescaThis episode of this week at enterprise tech is brought to you by user way.org user way is the world's number one accessibility solution. And it's committed to enabling the fundamental human right of digital accessibility for everyone. When you're ready to make your site compliant, deciding which solution you use is an easy choice to make, go to user way.org/twit for 30% off user way's AI powered accessibility solution am by thinks Canary detect attackers on your network while avoiding irritating, false alarms. Get the alerts that matter 10% off and a 60 day money back guarantee, but a Canary do tools slash TWiT and enter the code TWiT and the hat hear about box am by I R L an original podcast from Mozilla. IL is a show for people who build AI and people who develop tech policies posted by Bridget Todd. This season of IL looks at AI in real life search for I L in your podcast player.
Curt Franklin (00:01:39):
Welcome to twit this week, an enterprise tech your home for all the latest greatest news in the world of enterprise technology. I'm Kurt Franklin, senior analyst at Omnia and your host for this episode of quiet. You'll notice that I look pretty much nothing like ESKA our normal host he's off on assignment. We will be back with us shortly. In the meantime, I'm joined by my favorite partner in crime, Mr. Brian Chi, Brian, it's pouring down rain down on this end of, uh, the city. Beautiful. What's happening down on your end.
Brian Chee (00:02:22):
I've got all kinds of rumbles, overhead, you know, Thor and Zeuss are having a great time bowling in the sky. Um, I'm actually doing a little bit of work on trying to figure out how certain things work on the new release of the RAs rasp to try and do some more embedded stuff. I'm also building a home built document cam. Um, back when I was teaching at university of Hawaii document cams were great so that I could share in large auditoriums, but the problem is they are expensive and I'm going be hopefully turning out an instructable on building a DIY document cam for under $200.
Curt Franklin (00:03:08):
Ooh, I like the price point on that look forward to, uh, seeing what that project brings. Well, we have a great episode for you today. We have a fabulous guest, got some great news, some wonderful sponsors, and I suppose it's time to get started with all of that.
Curt Franklin (00:03:28):
Well, in the latest, in an ongoing series of third party attacks, the malicious campaign that researchers are calling octopus has followed its breach of Twilio and CloudFlare by infiltrating more than 130 other organizations stealing nearly 10,000 sets of Okta and two factor authentication credentials from the group victims downstream from the original targets include customers like digital lotion and DoorDash among many others. An article on dark reading notes that researchers at group IB describe the campaign as low tech involving simple phishing messages, telling employees that their passwords about to expire in directing them to a malicious website, which captures both existing and new passwords. As an example, the attackers social engineered several Twilio employees into handing over their Okta single sign on credentials, allowing them to gain access to internal systems, applications, and customer data. The breach then went on to effect about 25 downstream organizations using Twilio's phone verification and other services. Now in a counter example of how to limit damage from such an attack in Cloudflare's case, some employees did in fact fell fall for the Rouse, but the attack was thwarted. Thanks to the physical security keys required to access all internal applications that are issued to every employee. Now, while some observers are using the attacks to question the modern state of identity and access management, others point out that simply following best practices can make a huge difference. When the now inevitable supply chain attack comes to pass
Brian Chee (00:05:13):
Well big thank you to the folks at ares Technica for bringing this to my attention all. If you've been watching this show, you know, I like embedded systems and I love raspberry pies. And you know, I've also been yelling and screaming and soap boxing on how we need better, um, firewalls, better intrusion detection systems and so forth, basically enterprise grade security at home. Well, I'm also really happy with seed laboratory that's spelled S E E E D. So seeds cm, four router board basically adds two real full speed gigabit network ports, two USB ports, U USB 2.0 port and a microSD. So an HTM I out a G P O interface for the full raspberry pie hat add-ons and a 0.91 inch O led display onto a pie cm four while having the cm four at the system of core gives you 32 different options for Ram storage and wireless capabilities on your home brew router.
Brian Chee (00:06:23):
The router board comes with open wart open w R T installed, but it could run a Buntu raspberry OS or any other pie friendly system. Well, the RS technical article is quite timely. If you can get the parts in this dismal supply chain in that you can, you can build a fairly nice home security gateway, like we're gonna talk about and bite bites and so forth. We actually talked a lot about it last week. I'd also like to do a big shout out to the folks at seed labs about how they're really stepping up to the plate on providing some spectacular sensor systems based on Laura or long range. Some of their systems could very easily make life a whole lot more interesting for farmers that want to get environmental data out of their distant fields, but couldn't previously afford to use cellular satellite or buried communication cables. I've used the seed wheel node spelled w I O with passive infrared detection and temp and humidity sensor feeding to a node red instance, running on a raspberry pie that then pushed the readings up to a Google spreadsheet, all no code. Anyway, it was to measure building comfort levels and count just how many people were working on the weekends to justify running whole building air conditioning.
Curt Franklin (00:07:52):
Well, if you look at your physical perimeter using hick vision cameras listen up as many as 2300 organizations worldwide. Many of them right here in the United States remain at risk of major compromise via a known critical remote code execution of vulnerability in HC vision, IP video cameras, a compromise that was disclosed last year in an article on dark reading reporter J VI writes that the bug designated CVE 2 0 2 1 3 6 2 6 0 is a command injection vulnerability that's present in the web server of many hick vision cameras. When exploited, it allows attackers to launch commands that allow them to gain complete root shell access to an affected device. Something that even the owners don't have, according to the researcher who discovered the flaw from there, the attacker can move laterally into the rest of the victim's network, gaining access to and persistence on a wide variety of servers and devices.
Curt Franklin (00:08:58):
Researchers from CMA recently analyzed a sample of 285,000 internet facing H vision cameras and found some 80,000 of them that are still open to exploit via the vulnerability hick vision. After being notified of the vulnerability urged organizations using affected hick vision cameras to install updated firmware, to patch the flaw. Now CSA has required all federal agencies using the cameras to apply the patch, which malware bites note is simple enough for someone with reasonable competency and cut and paste to exploit the lesson. And it keeps on being taught is to always listen. When a vendor tells you to update your firmware and for, by all means, keep your systems up to date.
Brian Chee (00:09:50):
Well, I'll tell you USA today had this great article. Uh, I managed to pay for my college education, um, myself, but that's not the case for the vast majority of people in the United States. And I love this article. So debt and no degree Biden cancels as much as 20 K in student loan debt. Uh, president Joe Biden said this last Wednesday, he'll cancel at least $10,000 in student loan debt for millions of borrowers, giving long sought relief to Americans saddled with payments and taking a major gamble to energize young voters ahead of the midterm elections. So how much will be forgiven up to $20,000 in debt relief for about 7 million low income Pell grant recipients, 10 grand for all of their borrowers with incomes less than 125,000 and from households earning 250,000 or less. So according to the article, they're saying up to 43 million borrowers are set to receive some form of relief.
Brian Chee (00:10:57):
Roughly 20 million will have their balances canceled entirely corporate America has had mixed re reaction to the president's plan. Some economists have said forgiveness could spark inflation and put pressure on the value of the dollar. A concern. The white house is dismissing well, this is my spin. What this could mean is a longer term shift in the American labor force. The number of people entering entering college is dropping dramatically over the last decade. And most of that can be attributed to their unwillingness, to shoulder, the increasing tuition and debt load of a modern university. While I agree with people like Mike Rowe of dirty jobs, fame, that nothing is wrong with trade schools. I do point out that cyber security personnel aren't likely to be created from a trade school, but rather a four year university. So in my opinion are shortage of highly skilled labor like cyber security specialists could very well start appearing as high school graduates. Now realize that a university education is finally back within reach. Maybe while this certainly doesn't have the reach of a free education, like in some smaller countries, perhaps longer term hint, hint, hint, the insane cost of a college education, or even a trade school education might someday become a tax write off.
Curt Franklin (00:12:25):
Well, that's it for the blips. We've got a lot more to come, including one or more bites and a fabulous guest before we get there, though, we have to see what our great master host Lu Meeska has been up to because he has a fabulous sponsor to tell us about Lou over to
V.O. (00:12:49):
You. Well, thank you guys. We'll get you back to your enterprise and it news in just one moment before we do, we do have to thank a really great sponsor of this enterprise tech and that's user way.org. Now every website without exception needs to be accessible. Now, user way's incredible AI powered solution. Tirelessly enforces the hundreds of WAC guidelines that are out there. And in a matter of seconds, user AI can achieve more than an entire team developers can in months. Now, at first, it may seem overwhelming to make your website accessible, but user way solutions make it simple, easy, and cost effective. You can even use their free scanning tool to see if your websites ADA compliant. Now, if you have an enterprise level website with thousands of pages out there, user way offers a managed solution where their team can handle everything for you.
V.O. (00:13:36):
User way, AI and machine learning solutions, power accessibility for over a million websites, trusted by Coca-Cola Disney, eBay, FedEx, and many more leading brands out there. Now user way is making its best in class enterprise level accessibility tools available to small and medium businesses as well. You can get started today for as little as $49 a month on yourwas monthly plan, your company can be ADA compliant, reach more customers and even build customer loyalty. And remember, you'll get 30% off. There are a billion people in the world with disabilities. That's roughly 13% of the population. You don't wanna lose as potential customers because you're not compliant. Think about it by not being compliant. Fines and revenue loss will cost you so much more user way. The leading accessibility solution in the market today with the market share of 61% biggest in the world for years, user way has been on the cutting edge.
V.O. (00:14:31):
Creating innovative accessibility technologies is that really pushed the envelope of what's possible with AI machine learning and computer vision, user ways. AI automatically fixes violations at the code level. And here's some of the things they can actually do. Auto generates image all really makes it easy. It writes image descriptions for you. Remediates complex nav menus and ensures that all popups are accessible. It fixes vague link violations and even broken links. It ensures your website makes use of accessible colors while remaining true to your brand. And your way gives you a detailed report of all the violations that were fixed on your website. User is platform agnostic and it integrates seamlessly seamlessly with WordPress Shopify, Wix site core SharePoint, many more out there, let user way help your business meet its compliance goals and improve the experience for your users. The voice of series, Susan Bennett has a message about user way. Hi,
V.O. (00:15:31):
I'm Susan Bennett, the original voice of Siri. You won't hear me say something like this too often. I'm sorry. I don't understand what you're looking for, but every day that's what the internet is like for millions of people with disabilities user way fixes all of that with just one line of
V.O. (00:15:51):
Code user way can make any website fully accessible at ADA compliant with user way. Everyone who visits your site can browse seamlessly and customize it to fit their needs. It's also a perfect way to showcase your brand's commitment to millions of people with disabilities, go to user way.org/TWiT and get 30% off user way's AI power accessibility solution, focus, Aho call and get their accessibility guide user way, making the internet accessible for everyone. Visit user way.org/TWiT today. And we thank user way for their support of this week in enterprise tech back to you guys.
Curt Franklin (00:16:28):
Thanks Lou. We appreciate that. And we'll be hearing more from Lou in just a bit before that though. It's time for a bite and this one. Well, it's something that's becoming more and more important as time goes on because it turns out that a lot of companies are going to a multicloud architecture and writing that architecture into the land of unknowingness. According to the cloud security Alliance's 2021 report, which they call state of the cloud security concerns, challenges and incidents. 41% of the people who responded were unsure, whether they had experienced a cloud security incident in the recent year. That's double the percentage since 2019 and an astounding number. Now, imagine if someone came up to you and asked if you had a break in at your house, they go to a hundred people in your area and over 40% of them say, I don't know, but that's the situation with multi-cloud and for a growing number of organizations multi-cloud is the default.
Curt Franklin (00:17:45):
When it comes to application architecture. When I was at AWS's reinforced conference in Boston earlier this summer multi-cloud was talked about a great deal because even the people at AWS, someone who you could say has a vested interest in keeping people on a single cloud environment, recognize that multi-cloud is the way most of their customers are going to build their applications. Now, in spite of everything that we've done in terms of developing tools and practices for security, consistent data protection, and privacy is very difficult in diverse environment, even though, or perhaps especially because each of those environments is likely to have their very own security tools. The problem is twofold. First visibility, knowing what you have and knowing how it's acting. Now, this seems like a very simple thing, but in fact, it's very, very difficult for most organizations at the black hat conference. A couple of weeks ago, visibility was one of the words that was on practically every booth side, because so many customers are trying to figure out just precisely what they have in their environment and how it's configured.
Curt Franklin (00:19:25):
Now, this is followed by the issue of control and let's begin by stating the obvious you can't control what you don't know. You have. This is critically important for a lot of companies, and it's made even more important by the fact that so many regulations and so many laws across multiple jurisdictions require any organization that collects and possesses data to be able to not just keep its secure and keep the private information of their customers secure and private, but to be able to prove that they're doing that, how can you prove compliance with regulations? If you don't know what is in your environment? Now, there are a lot of companies out there that are trying to provide pieces to solve this puzzle. You see lots of organizations providing solutions that say that they provide visibility. Some of them provide visibility and control, visibility and management, visibility and security, but all comes back to visibility, knowing what you have in your environment.
Curt Franklin (00:21:00):
You know, one of the things I hear over and over and over again is that a CIO or a CISO probably has a really good idea of what their environment looks like on the day it's deployed. Once you get deployment, plus one day the certainty about what that environment and architecture looks like starts to get less and less and less. This is a problem. And it's a bigger problem because threat actors tend to be willing to put the time in to do reconnaissance so that they do know what your environment looks like. And the moment a threat actor knows more about the state of your architecture than you do. You've just crossed the line into exceptional vulnerability. Now, Brian, I, I want to talk to you because you and I have each encountered an awful lot of tools that go out and say that they will provide an inventory, say that they'll look at your environment and come back and tell you what's there with all of these tools and with everyone pretty much admitting that this is a problem. Why do we have so much trouble just knowing what makes up our architecture?
Brian Chee (00:22:38):
I think the base problem is time pressures. We've got way too many people saying you gotta get it done by next week without knowing what the problem is without knowing what the tools are capable of doing. Um, you and I have done many, many, many, many shootouts where we've done competitive product reviews. Problem is they're gone. Um, we couldn't sell enough ads to make it worthwhile for the magazine we both work for. And we are both pink slipped. Well, here's the loss by losing competitive product reviews, it shifts the onus to the people that are deploying them to figure out what the limits of those tools are. You know, face it, not all clouds are built alike. And if you aren't taking the time or the effort to test drive your apps, you know, whip out that corporate credit card and try it, see if it'll work.
Brian Chee (00:23:39):
You know, we've had a great comment from Doug M in the, uh, chat room about multi-cloud is the only way today. Every SAS app on a different cloud infrastructure and so forth, lots and lots of people are testing, but all too many people aren't, they're believing the sales people. You know, some sales people have been great. You know, I, I love them dearly, but they're in to make some money. So they're going to try and convince you and silver tongue is going to do their best job of convincing you jump right in the water's fine. Well, have you tried it first? Cause how do you know that your apps are gonna work? Maybe the water is full of paras anyway.
Brian Chee (00:24:31):
So folks don't believe the sales people use that as a roadmap. Try it out yourself because a multi-cloud environment, just because your SAS app runs beautifully on Google doesn't mean it's gonna run beautifully on AWS or Azure or whatever. Try run it through some tests, use some of the, um, web load type applications out there to go and create some artificial traffic on your apps to make sure that actually will scale at least a little bit. Um, try it. Don't just buy, you know, this giant, super expensive platform, you know, like you won't just buy a car you'll test drive it. First, same thing goes for your cloud apps.
Curt Franklin (00:25:26):
Well, one of the things that we're finding is that in addition to everything else that's going on, there's this whole notion of alert overload, you know, when you've got so many different clouds and, and even if you're only going with the three majors, AWS, Google, Microsoft, if you have pieces from those three, all generating alerts, if you have pieces of those three, all being part of a single application, and then you have all of the additional connectors services, micro applications that combine to make a modern application, it can be difficult to know where everything's coming from, difficult to prioritize it. And often almost impossible to have a single screen. You know, that's the holy grail. These days companies really would like what they call a single pane of glass that gives them the picture of how their application and architecture security is working. And that single pane of glass is something that I find essentially, no company will guarantee you.
Curt Franklin (00:26:55):
Now this, this is good news because it means that the providers of visibility and security and management software are admitting that there are limits to just what they can see ingest, analyze, and display. So that's good. The bad news is that it makes things far more complicated than we would like them to be. Now what's the solution for this? What a great question. Uh, ultimately, a company is going to have to depend on their partners to help them figure out how to build a, uh, an inventory visibility management and security platform that matches and fits their application delivery platform until that magical moment occurs though, just be careful out there. It's a tough, complicated world and it doesn't look like it's getting any simpler anytime soon. Well, that's gonna do it for our bite today. We've got a superb guest coming up with a lot of great information before we can talk to our guests though. It's time to go back and hear from Lou Moresca one more time telling us about an incredible quiet sponsor.
Louis Maresca (00:28:33):
Well thank you guys that will get you back to your enterprise in it news in just a moment. But before we do, we do have to thank another great sponsor of this weekend enterprise tech and that's thanks, Canary. If there's anything we've learned from this last year is that companies must make it a priority to layer the security of their networks. We talk about it all the time. One of these layers needs to be syncs Canary. Unfortunately, companies usually find out too late that they've actually been compromised even after they've already spent millions of dollars on it. Security attackers are sneaky. That's right. They, they hide from companies. They problem the network's looking for that valuable data. But the great thing about Canary is that they've turned this into an advantage for you while attackers browse, actor directory for file servers and explore file shares.
Louis Maresca (00:29:18):
They'll be looking for documents. They'll try to default passwords against network devices and web services. And they'll scan for open services across to that way. Now things canaries are designed to look like the things that hackers want to get to canaries can be deployed throughout your entire network. And you can make them look identical, identical to a router, a switch, a NA server, a Linux box, or a windows server. So attackers won't know that have been actually caught. You could even put fake files on them and name them in ways at, at the hacker's attention. Now you can enroll them in actor directory even, and when attackers investigate further, they give themselves away. And you're instantly notified. Now Canary tokens act as tiny little trip wires that you can drop into hundreds of places. A Canary is designed to be installed and configured in minutes.
Louis Maresca (00:30:05):
And you won't have to think about them again. Now, after an alert happens, Canary will notify you any way you want. In fact, you can get alerts by email or text message right there on the console through slack or web hooks, even syslog or even their API. Now data breaches happen typically through your staff. And when they do companies often don't know they've been compromised. It takes an average of 191 days for a company to realize that there's been a data breach. Canary solves that problem. Now Canary was created by people. Who've trained companies, militaries, and governments on how to break into networks. And with that knowledge they've built canaries. Now you'll find canaries deployed all over the world and are one of the best tools. Again, data breaches visit canary.tools/TWiT and for just $7,500 per year, you'll get five canaries, your own hosted console, upgrade, support and maintenance. And if you use code TWiT and how to hear about this box, you'll get 10% off the price for life. We know you'll love your things Canary, but if you're not happy, you can always return your canaries with their two month money back guarantee for a full refund. That's Canary do tools slash TWiT and to the code TWiT. And now how to hear about this box. And we thank things Canary their support of this week, an enterprise tech back to you guys.
Curt Franklin (00:31:25):
Thanks Lou. We appreciate that. And now it's time for, well, the best part of any episode of twit our guest this week, we have Patrick Jean CTO of OutSystems, Patrick, welcome to TW it.
Stephen Kitay (00:31:44):
Kurt. Thanks for having me
Curt Franklin (00:31:47):
Now, before we get into the heart of what OutSystems is and does our listeners really love it when our guests can talk about how they arrived in their current position. So can you, can you tell us a little bit about, uh, how you came to be sitting in the CTO's chair at our systems?
Stephen Kitay (00:32:12):
Uh, yeah, I think my, uh, my story starts probably when I was about 12 years old and, uh, just classic, uh, classic geek, you know, kid got a home computer, um, introduced to, I think it was like some basic, uh, language that was on the computer started, started basically reproducing, I think, like blander or some game like that, you know, and I, I was hooked ever since on technology. Um, and getting into OutSystems for me was, is a little bit of a dream job. So combining software development, fixing problems with software development and cloud, which is something that, uh, I've been doing for kind of ever since there was cloud really able to pull that together into the CTO job. And, uh, it's a fun ride.
Curt Franklin (00:32:56):
Well, it, it sounds like it, and I want to talk about OutSystems because, uh, I started out in the computer world doing compiler design and, uh, language theory. So tell me about what it is that OutSystems is doing and a little bit about how it happens.
Stephen Kitay (00:33:21):
Yeah, for sure. This'll be very interesting for you then. So we, we really, uh, exist to tackle that some of the problems that you're, that get manifested from what you're talking about with compilers and design and software development. So if you think about the last, I mean, really it's been 30, 40 years of software development. The addition of more and more technology has been a great opportunity for developers, but it has also come with a significant cost and this complexity. And so we really exist as a company to, to tackle the, the kind of the two-headed monster of change and, and complexity. And so we started out knowing that change in software development is something that you must, um, you must always plan for, and that complexity will keep increasing over time. I, if you think about modern developers today, I mean, you're, you're basically given this amazing, just kind of a technology you can use, you know, to go build an application, but then the problem is you're giving all this technology to use and you gotta figure out how to do it.
Stephen Kitay (00:34:27):
I mean, it's like, what's the mobile framework. If you're writing a mobile app, you know, what's the back end data store, you know, how are you gonna secure your APIs? What cloud are you gonna use? I mean, it just goes on and on and on. And so it's daunting. Uh, it's exciting, but, uh, it's too challenging. And if you think about the number of software projects that have failed 20, 30 years ago, percentage wise, it's kind of about the same today. So while we've increased all these capabilities in software development, we still have a significant, uh, failure rate and failure measured by projects that are too late, come in without the necessary requirements. They cost way too much. You know, we continue to have some of these same problems. And so our systems exist to solve that complexity and change problem.
Curt Franklin (00:35:12):
Well, now I'm curious, because what you were describing there makes it sound like many of the users of your system are going to be on the software development team at an organization. I know that there are a lot of other low code and no code options that like to say that they're in place. So that subject matter experts, the business units can do software development, you know, where do you come down? Do you really see most of the people who have hands on with your product being developers who are going to turn to your system rather than sitting down with, uh, C plus plus or Java or, or some other language?
Stephen Kitay (00:35:57):
Yeah, we see both actually. So we're, we're kind of in a, a unique spot as far as in, um, low code, no code. And there's, there's some great companies out there in low code, no code space. Like you said, some of them veer way to the side of, you know, no development experience, you know, just go piece applications together, some, all the way back to the point of, um, it's still a, you know, what you think of traditional development, um, organization. I believe we have to, uh, we have to serve both of those. And so I think of really two groups of people and, uh, if you kinda start breaking it down, there is what I would like to call career developers. I don't like the term professional developers because that kind of assumes all the other people are not professional or unprofessional. <laugh>, you know, so you have career developers and that's someone who you go look at their resume and on their resume, what they list as their software developer, you know, they they're basically that's their craft.
Stephen Kitay (00:36:48):
And then there's a group of people that's kind of been used the term of citizen developers. So developers that they don't look at development as a career that they're gonna, you know, go through and master skills around it. Development is a means to an end for them. And for really both career and citizen developers, the end result is an application in the hands of users, you know, and creating a delightful experience, you know, providing business value, but there's a very different path for both of those and our systems. Um, really actually is a, a tool for both. I think we're definitely much more of a tool for the per what's called the professional developer. We'd like to call a career developer, um, that can get in and do big, large scale applications with us. And that's kind of where we differentiate is the large scale application.
Stephen Kitay (00:37:34):
There's, there's some good tools that are out there in the low code space, along with us that are getting more and more serious about this. And so that there's been a stigma mean it'd be very, you know, clear. I don't even like the term, uh, low code. I mean, it's, it's a little bit, uh, it's a little bit derogatory, right? As a developer, you're like, Hey, that low code, I don't, I don't need something low. Um, and so I think that that stigma is going away because platforms like ours can produce very large scale apps that millions of end users can, um, can basically use without all of this undifferentiated heavy lifting that developers have had to deal with. You know, for many, many years I've done. I mean, ever since, like I said, 12 year old kid and then, you know, developing more and every time I get to a larger app, it was cool. Right. Getting in all this technology is cool, but then you realize the complexity actually increases risk. And yeah, I can't tell you how many, how many projects early in my career are failures, you know, for months of development. And then you get to the end, you can't get it over the finish line because of, I mean, bad mistakes that we made, you know, and it was almost always due to complexity and not handling the change of software development.
Curt Franklin (00:38:45):
I don't know. I, I think that depriving people of the sheer joy of, uh, 2:00 AM errors when they can't do to get their link strings, uh, right, uh, is, is probably, uh, cruelty in and of itself. But one of the things I noticed is that you, you seem to very consciously use the term low code, other companies consciously use no code. Do you see that as being an important distinction?
Stephen Kitay (00:39:16):
Yes, very much so. And I think most of the, and look, we're still shaking it out as far as in the industry. Right. And what these monikers mean. I think the, most of the no code players basically say, look, you can't Pierce that fail of, uh, of the what's called the development platform. You can't get behind the scenes and, um, you know, get in there and make significant changes with us. We say, look, we believe that 90 plus percent of what you need to do that you can do using our visual development tools. And so those, you know, that have used OutSystems and download the service studio, it's an integrated development environment. It's a very visual interface, you know, um, as far as the development process, but if there's something that you can't do with ours, then you can go in and use code to extend it.
Stephen Kitay (00:40:01):
And so we're very big on extensibility. That's why for us, I mean the low code is a, is a, um, it's a good name, you know, to actually people can understand it. And, uh, in that sense and, uh, that's how we differentiate, you know, you can, as a professional developer, get in and use it. And, but a lot of, I mean, if you think about it for those, you know, I'm, I'm not a front end developer. Okay. When I, when I got into development, I like the back end, you know, as far as the, the databases and, you know, before, even it was rest APIs and, you know, handling as far as communication between services. I mean, I, I like that. Then I struggled on the front end side. Um, for us, you know, you can be a full stack developer, get into the areas that you want to get deeper in.
Stephen Kitay (00:40:43):
You know, if you're more, the backend developer get in more of that hard code, backend development, and then create beautiful front end interfaces without having to understand, you know, any, any of the frameworks, you know, react, you know, angular still use angular, you know, um, mobile, right? If you need to, um, flu or things like that, you don't have to understand all those. You don't even have to, to go in and try and learn that, right. You can create a beautiful front end and then focus our vice versa, you know? And so you can really focus on what you want, dig in deeper, where you wanna dig in deeper and not. And I think that's why we do appeal to, um, to more of the, what I call career developers. It's just, we just need to get over that stigma of like low code means that somehow you're not capable.
Stephen Kitay (00:41:25):
No, it's not that you're not capable. It's just that you wanna get time. I, I don't wanna be, I I'll be Frank. I don't wanna be able to a, um, you know, handling all these issues. All, I, I don't wanna be working like, you know, 80 hours, 70, 80 hours a week to try and get this thing over the hump, you know, because you didn't, it was so complex. You couldn't, uh, estimate the time. Right. And, you know, we've all probably been there, right. We've committed to some date internally. And, uh, and then you're gonna try and hit that date, but it means you're working like an insane number of hours. So we're really, it's. One of the things that we do is it's interesting. We've actually had some really emotional testimonials from developers that have used our platform. And that said that, that we basically save their career as a developer, that, uh, they were, they were gonna leave development together and then they found us and, uh, it's made it, you know, much more enjoyable experience.
Curt Franklin (00:42:14):
That's very cool because I, I know, and I have to admit to, to my shame that as I've gone along and gained more experience in life, I've been a little bit, uh, less excited about these, you know, 36 hours marathon coding sessions, uh, the, the sort of thing that, um, actually sort of excited me when I was in my twenties just doesn't anymore. It's amazing how that works. Now. It is
Stephen Kitay (00:42:41):
One
Curt Franklin (00:42:42):
<laugh> now with a lot of, of systems similar to yours, at least in appearance, low code, no code mm-hmm <affirmative>. It seems that every time an application is executed, it has to go and basically involve the backend system that the vendor has put in place. So it's an interpreted language. That's going through a couple of layers of interpretation. Every time that code is, is accessed. And people have pointed out that that is a performance issue in many cases and a security issue in some. So, you know, is that the way that yours works? And if it is then how do you get around these performance and security issues?
Stephen Kitay (00:43:34):
Yeah, we don't work that way. And, uh, and I do believe that that's not the best way. I mean, there are, there are some, um, there are some of the tools in the industry that go about that more interpreted way. We we're fully compiled. And so what we do at the point of change, so kind of talked about a little bit earlier about change is, is one of the big things we tackle at the actual point of change with OutSystems when you make any change, whether it's, uh, on a screen, whether it's a, say a database field, um, whether it's some type of a flow logic flow, whatever it is, we capture that change. And we store the, um, the application representation in a graph. So we call it an application model graph. So that's actually at the point of change. So you talk about a little bit before about compilers and parsers.
Stephen Kitay (00:44:16):
If you think about some of the modern, um, more traditional development, as far as languages, they'll eventually build out these abstract syntax trees, you know, and there, some of the IDs are actually getting, um, they're getting better at this where they're doing it more on demand. And so it's interesting how getting to this, um, graph based representation of the application is what we are. We do immediately. Some of the others obviously do it at compile time. Um, and then they're doing a kind of some pre-compiled capabilities up front, but we take that, um, we take that graph and then we compile it and then it actually comes into binary code. So the, the output of our platform, our development platform looks like what a, um, good modern cloud native full stack development team, but actually put out, you know, and so we can host it in BMS.
Stephen Kitay (00:45:05):
We can host it in containers, um, but you're gonna get, you know, we do a, uh, compilation to, we actually do a trans file technically to see sharp JavaScript, CSS, HTML, uh, sequels fours on the back wind, some type of a sequel. We support multiple database, uh, back ends. And then we'll compile that in to binaries that will actually get deployed out. And so we have the benefit of both worlds. One is that you get that performance and a much higher security, uh, posture, because then you can also use, you can also use all the security tools as far as for static code analysis. You can do runtime analysis, you can do all those things that, uh, that are out there for good traditional development, and actually use them on the applications, uh, built with our platform. But you get all that speed of us having this visual development environment that handles change at the point of change.
Stephen Kitay (00:45:57):
And then all the ramifications, um, you know, it also gets into DevOps and, and the whole, what I like to say is DevOps is a solution to a problem. We shouldn't have, you know, we kind of do away with the concept of the need for DevOps, because if we handle that change early on, instead of pushing, kicking the can down the road, you know, so we definitely to answer long winded, answer to your question. No, we're, we're not interpreted, uh, we don't believe that's the right way. We do believe that we should compile in and just have a modern cloud native stack, which is what we do.
Curt Franklin (00:46:29):
Well, I intrigued by the idea of the end of DevOps, but before we can get there into a lot more it's time to hear from Luka one more time, because we've got yet another great sponsor of TWT to tell you about,
Speaker 3 (00:46:49):
Well, thank you guys. We'll get you back to your guests in just a moment. But before we do, we do have to think of another great sponsor of this week, enterprise tech and that's I R L original podcast from Mozilla. IL is a show for people who build AI and people who develop tech policies now hosted by Bridget Todd. This season, IL looks at AI in real life, who can AI help and who can it harm? The show features fascinating conversations with people who are working to build more trustworthy AI. For example, there's an episode about how our world is mapped with AI. Now, the data that's missing from those maps tells as much of a story as the maps themselves, though, you hear all about the people who are working to fill in those gaps and take control of the data. Now there's another episode about gig workers who depend on apps for their livelihood.
Speaker 3 (00:47:36):
It looks out how they are pushing back against algorithms that control how much they get paid and seeking new ways to gain power over data, to create better working conditions for political junkies. There's an episode about the role that AI plays when it comes to the spread of misinformation and hate speech around elections and huge concern for newies around the world. I really like season four, episode one, checking out online shopping. Now they actually talk about the hidden costs of shopping online and what you're actually giving up. Now matter, brown, a data scientist from Amazon's on the show and talks about what happens when you actually make an online purchase. It may actually shock you super compelling episode. Definitely check it out. Search for IL and your podcast player will also include a link in the show notes. My thanks to IL for their support of this week at enterprise tech.
Curt Franklin (00:48:26):
Well, thanks so much, Lou. I appreciate it. We're back talking with Patrick Jean CTO with OutSystems, and it's time for me to bring in my co-host Brian chief. Brian, I know that you probably have more experience in low-code environments than I do, and I have the strangest feeling. You've got a whole pile of great questions that you are just itching to ask.
Brian Chee (00:48:53):
Thanks, Kurt. Yeah. Um, I actually helped build a, uh, old system back in, oh no, I think it was back in the late eighties of, um, doing touch tone and web registration systems using low code solutions. Well, low code, low code solutions have changed radically over the years. And the biggest problem I've hearing from people are when you have to go hybrid, um, regardless of how good the tools are, stove, pipe solutions still exist. And my question is, do you have tools to help people work in a hybrid environment?
Stephen Kitay (00:49:38):
Yeah, that's definitely one of the areas that we actually have targeted and said that, look, this is something that's a challenge. And so if you think about the stove, pipe or monolith or whatever you wanna, you know, call that hard system to kind of crack, you know, that's really isolated and tries to kind of keep everything together we go through and let companies really use, you know, what you think of as strangler pattern, right? If you kind of, from a development standpoint, it's just chip away at it. And, um, you can, you know, very common, you know, rest API type of integration. As far as that we use, you can connect at the data source level. Um, even if you wanna just go straight to database connectivity, we have, uh, companies that do that as well, many different ways you can integrate. Um, we have a very robust community that build components.
Stephen Kitay (00:50:23):
We call it forge, um, where you can go build components. A lot of 'em are integration components that companies can use and then chip away at that. Um, as far as it's some of the functionality that are in these legacy systems, uh, we replace, you know, Coldwell based systems, uh, as 400 mainframe, you know, piece by piece. And you know, I'm not, you know, I'm never, I probably was early my career. Let me, let me back up, but I'm not a, uh, proponent of like a big bang approach, you know, to go in and, and try and just, uh, replace everything for us. Let's go try it out, go look at something that's been a very difficult problem to do. And maybe it's, maybe it's actually just a, a, um, a great UX in front of a backend legacy system, you know, could even still be old green screen systems. You know, that, and then what we'll have companies do is literally we'll put a, um, a good, highly usable front end in that system, leave everything else back there, you know, and connect to it. And then, but then maybe start, uh, piece by piece, replacing the back end as well. You know? And so, um, we, that's a very common as far as strategy for our customers.
Brian Chee (00:51:25):
Cool. Well, since we're on the topic of UX and user interfaces, your system, descri, your website describes that your platform flexible. So what happens if you have a company that needs to be able to deploy to lots of different user front ends like Android, iPhone, iPad, web windows, Mac Chrome, and so forth, do you have to write or build multiple versions for each platform or does your system allow you to say, I want these,
Stephen Kitay (00:51:56):
Yeah, you could do. You could do both. And we have, uh, customers that basically build. So if you think of it like a responsive app, you could basically take and build one responsive app that would handle all those form factors they could be deployed. Um, we have a thing called a mobile app build service, as far as that could take and build out to a mobile target, that'd be Android and iOS. You could also host that same app. Um, you know, it could be an app. Uh, it could be a I'm sorry, on the tablet, you know, it could be web or could be an app on the tablet as well. Um, you could, and then you could also load that up as far as a browser in the browsers. Um, you could also take and do the back end. So maybe like the database and the APIs and things like that, and then create, um, front ends that are specific to each device format, if there was a need to, you know, and so you actually can do either one and that's kind of goes back to that flexibility of, uh, the, you know, high code or traditional or career developer that likes that control.
Stephen Kitay (00:52:53):
You can do it, but if you just want to go in and do a, could be just a P as well, right, just go write a PWA and, uh, deploy it out. You basically write it once and deploy it to all these form factors. Uh, we allow that as well. And, um, cool because once kind of going through how we do that compilation, you know, process, um, we, you're just basically writing it one time. You're storing it at one time and then we can choose how to deploy it out, you know, uh, downstream,
Brian Chee (00:53:19):
Well, speaking of downstream, what happens if all of a sudden we open up say a European branch. Now all of a sudden our old apps now have a GDPR or HIPAA or FSMA requirement. Can I still go back and say, Hey, I've got new requirements. Do I have to rewrite everything? Or can I just say, go?
Stephen Kitay (00:53:42):
Yeah. I mean, it, GDPR, I mean, all the compliance side is, uh, it's an interesting category, right. Um, but I mean, we absolutely support as far as GDPR from, uh, that process. We're, I think we're actually considered, you're gonna, you're gonna test my compliance, uh, compliance skills here. I think it's a, a data processor on the GDPR side, if I'm not mistaken. Um, you know, if you think about us hosting, so we, this now actually I'm getting into the point where we host the cloud, we actually have the OutSystems cloud. So we actually will do a full end to end hosting of the development platform and the runtime customers could also take it and host it themselves. Right. And so then we're not even involved in it. So then GDPR and issues like that, that's basically you would handle that as your own, but kind of talk in the context about systems cloud.
Stephen Kitay (00:54:28):
Uh, we absolutely support that. You know, we've got a HIPAA offering, we've got a PCI offering, um, you know, we're, that is actually an area that we're, we try and be friendly to it. If you wanna think of it that way. Um, some of the low code, no code solutions out there almost are a get around it. Um, not a fan of that. I've, you know, I've been in it, you know, for quite a few years, and I understand the challenges as far as it, we look at as being a friend of it, a friend of business, a friend of the developer, and we try and make sure that, uh, we can handle all those. And so on the compliance side, we work real hard to make sure that we handle, you know, all the different certifications and at testation that are, uh, important for our customers.
Stephen Kitay (00:55:12):
And then also given just good process and how you go about, um, deploying applications. You know, you can do things such as, as a developer, I can write the application, but, and I can deploy it to say development and, uh, and staging, but then I can't deploy it to production. And then someone, maybe an it, if I'm not, you know, a dedicated system administrator, an it is the only one that could deploy to production with our, uh, with our services. So we try and really handle that side, which I think a lot of the low code, no code players don't, you know, address, um, because we do understand the complexity and the need to be, uh, to support all of this from a compliance standpoint.
Brian Chee (00:55:53):
Well, my last question, custom connectors, that seems to be the Achilles heel of a lot of the no code, low code solutions out there. How do you deal with something that isn't on your connector list?
Stephen Kitay (00:56:08):
Yeah, so for us, like I said, we, so think of it the database side, um, we support as far as SQL Oracle, uh, DB two, um, you know, basically it's out of the box and my SQL outta the box, uh, with our latest iteration, with an EO, we also support Postgres, um, on AWS. And then if you want, you can, you can actually write your own database connector with, uh, database SDK. Um, we have a tool called integration builder that will allow you to integrate into other services. You could do it at the database level. You could do it at the, um, say like an API or soap. I mean, there's a lot of legacy systems out there that still use soap to connect. So it's a very, um, kind of straightforward process to do it. And going back to that question of like, Hey, the, the complexity between the, the career developer and citizen developer, you could have similar that understands more, the backend system go create the rapper around this connectivity.
Stephen Kitay (00:57:03):
And then they just get exposed up as very consumable, low code endpoints. And then you have maybe a more of an analyst type that's in the environment that they could just plug in, connect to all these things and, you know, create some business logic around it. So for us, we try and create that fusion team. You'll hear that term approach where you have people work technical dig in on the back inside, get to all these connectors, these systems, and then make 'em consumable, um, in a nice friendly way by, uh, more of a citizen developer. You know, if you wanna think of it that way, that we use a system that doesn't understand all the backend stuff and they don't need to, you know, and so, um, once again, it's another place that we shine on that. And I think it, you have to look you, if you can't access data in the enterprise, if you can't manipulate data in the enterprise, you know, you're not gonna be a, uh, a tool that most companies are gonna want to use. And so you have to be able to access all of this data that's out there and do it in a, in a very user friendly way.
Curt Franklin (00:57:58):
Well, we've been with Patrick Jean CTO of OutSystems. And unfortunately we are just about out of time before we leave, though, Patrick want to ask if someone is interested in learning about OutSystems or even trying their hand with your development tools, how do they get started?
Stephen Kitay (00:58:24):
Yeah. Easiest way asGood@outsystems.com. I mean, there's a, there's a little button in the top right corner that says start free. And, uh, and you click that button. And just within a few minutes, you literally will have a, a development tool, an integrated development environment. You'll be connected to a back end cloud environment where you can build an application and there's, there's this nice little one click published button that just publishes the app and you'll actually see it running. I mean, this is literally just within a few minutes, so, uh, just go try it. That's the easiest way.
Curt Franklin (00:58:56):
Try it. That's the easiest way. Well, we appreciate that and we appreciate you taking the time to be with us today. Well, we also appreciate you, our faithful viewers and listeners, uh, thanks for being with us before we head off into the somewhat thundery, uh, sunset here in Florida though, got to ask my co-host Brian what's what's on your agenda for the coming week. Where can people find you and everything you're doing
Brian Chee (00:59:31):
Well, I'm gonna show this new toy. It's an P 32. So it's basically a mini Android machine. There's a micro SD card slot in the top. I'm modifying the code. It basically plays, um, an HTML webcam, but by changing the code, I can change it into something. I wanna be able to do interval photography. Um, I'm gonna stick up battery on this and I want to stick it way up in the rafters. So we can actually take a picture, say once a minute and watch the maker fair being built. So it'll be fun. And the cool thing is I bought this off Amazon, and this was under $40 and it's a pretty decent little camera. And, um, it uses so little, um, energy. In fact, when it goes into sleep mode, it's only, uh, 12 milliamps. So I should be able to put a fairly good size battery on that and not have to change the battery through the entire maker. Fair, which ought to be a lot of fun.
Curt Franklin (01:00:37):
I like the idea of not having to put you up on a, uh, forklift on a regular basis just to change out the battery. That that's a very good thing. Well, as for me, you can always find me on Twitter at kg four GWA. I'm also gonna be writing more at dark reading, go to dark reading slash AMIA and uh, for those who are subscribers, you'll see my writing@omni.com. Well, as I said, we really appreciate you being here because we could not, and most likely wouldn't do this without you, the TWT riot. So thank you for that. We'll look forward to seeing you next week. And remember whenever you want to know about what's happening in the world of enterprise technology. Well, just keep quiet
Speaker 6 (01:01:32):
Listeners of this program. Get an ad free version. If they're members of Club TWiT $7 a month gives you ad free versions of all of our shows plus membership in the Club TWiT discord, a great clubhouse for twit listeners, and finally the twit plus feed with shows like Stacey's book Club, the untitled Lenox show, the gizz fizz, and more go to twit.tv/Club TWiT. And thanks for your support.