 Welcome to theCUBE's coverage of KubeCon EU 2024, live from Paris, France. Join hosts Savannah Peterson, Dustin Kirkland, and Rob Stratche, as they interview some of the brightest minds in cloud native computing. Coverage of KubeCon cloud native con is brought to you by Red Hat, CNCF, and its ecosystem partners. The CUBE's coverage of KubeCon EU 2024 begins right now. Cloud community and welcome back to Paris, France. We're here at KubeCon, cloud native con, CNCF's biggest event in Europe. My name is Savannah Peterson, joined by the ineffable Rob Stratche. Rob, you're absolutely crushing the show. I'm so impressed. I'm loving this. It's so much fun to talk about these topics. It really is. The energy comes through and it just, getting some good ideas out there to help people who maybe couldn't make it here. So it's awesome. Yeah, and we've got some Kube pros here on the staff. Kevin and Ignacio, welcome back. Thank you both for being here. It's a pleasure to see your smiling faces. Really excited to be talking about developers. Before we dig in, how's the show going for you guys? This has got to be a big one for you. Yeah, it's probably the biggest show of the year for us. Obviously Europe and also the US version. And it's looking great. I mean, I was hearing the organization sharing that this is the biggest KubeCon so far. So more than 2,000 people, so looking great. And we're hearing it's probably a 50-50 split between first time and been here before. So it's always nice to see new blood coming in, get more contributors and things of that nature and get some new companies that are coming in. I know some other companies have gone bigger with this show as well, especially the financial services because they now have their own little, yes, my favorite, they're all here. In fact, you guys had Goldman Sachs on stage earlier today and there's Deutsche Bank and a number of others like Fidelity and Discover who all are contributing as well. So it's good to see the community and not just the financial services but all the companies here contributing as well. Well, you see, just behind us, Mercedes-Benz. Oh, yes. So they are sharing and explaining how they are using Kubernetes in the cars. And I was like, very good use case. I was not aware that the Mercedes is powered by Kubernetes. That's awesome. We had an audio on at KubeCon in Amsterdam when we talked about them running Kubernetes on their EVs and it's just, I mean, talk about fun edge use cases of this and true adoption too. I mean, if it's in consumer cars, we're no longer in this early third stage, right? It's more tangible. Exactly, it makes it real intangible for, yeah. Yeah, absolutely. Have you seen anything on the show floor that got you excited? Now that we're talking about this. My own talk? No. Yes! Oh my gosh, shameless self-promotion. I'm here for it, Kevin. Absolutely. I am here for it. Oh, let's lean into that. What did you talk about, Kevin? Yesterday I talked about Project Kepler, right? So we're, you know, of course, sustainability is a big topic and everything, but we wanted to make it a little more tangible and make it, you know, like, how can we actually measure something real, something that people are wondering about, which is like, for example, serverless, right? It scales down to zero. So you would think it's not consuming any energy because there's no pods running. And so we were doing different experiments to see if that really was the case or not because at the end of the day, there's a control plane underneath. Of course, that does keep running. So we had some interesting conclusions that we could measure things to Kepler and actually see what is the exact power usage of applications. Yeah, I think it's interesting. And again, I think all of this, and we were talking with Moe earlier today about kind of using, you know, Podman desktop to really understand what resources, when you start to move things from dev to production and things of that nature, and had a similar conversation with Docker. And I think when you start to look at all of these different pieces and how they really move, but the sustainability part of it is really hard. And like, Deutsche Bank. It's just hard, yeah. And Deutsche Bank, I mean, I was at AWS at one point in time, when they came out with the carbon footprint tool, it's like, but it really is that. And is that my scope two? Is that my scope three? Where does that fit in? And as Red Hat, I mean, you guys have to look at that. Is this why you're supporting so much in those projects as well? So understand all of the, hey, it's not just about buying the software and all the hardware, but it's also running it and how that impacts you. That has to be kind of your goals in that. Yeah, absolutely. I mean, yeah, we want to help our community, our customers, of course, not only like, yeah, you can run some stuff in the cloud, but everything around that is where it really counts these days, right? So it goes from doing our local development and having the tools to support that with, for example, Podman desktop or our Quarkus to help the Java developers. And then going into how do we deliver that through pipelines and automating that. And then maybe in those pipelines, we can actually measure the applications, power usage and seeing, well, this new code change actually consumes way more power. So I mean, but we're in that entire life cycle. Yeah. And just to finish on this, but Priyanka was making a very good point yesterday about the importance of observability, how all these critical. Absolutely critical. And one of the questions that the companies are going to ask is how I can measure the sustainability of my servers. And this is basically what he was explaining in the talk. And we had talked about this just a little bit yesterday off to the side, kind of the hallway track that's going on here about AI and the impacts of AI, because even Priyanka brought it up and others, it's, hey, I have a 10,000 GPUs, but they're 30% utilized. How do you see like just the efforts for getting more efficiency? Because there's a lot of different projects that are aiming at that and auto scaling and things of that nature. Specifically go ahead. Specifically on AI. Yeah, yeah, right. I mean, it's like you're saying, well, we have all these GPUs or maybe we don't, how do we use them in an efficient way in an effective way where we're either not using as many as we have or too many. And I think the serverless component is really interesting in that because it can scale exactly to what we need. Then there's, you know, let's measure it again, but I think what's really interesting in that AI world these days too, is like, okay, so now we have models and we have really cool kind of new applications of using, you know, with gen AI and stuff like that, but like, okay, so now as a developer, how can we leverage this technology for something real and something tangible, something that can actually help us, and then how do we get that to production? Right, well, and let's talk about productivity. We heard an interesting stat earlier that most developers only spend an average of 37% of their time creating, coding, building. I know we're all really passionate about cognitive load and decreasing that burden. How are y'all approaching that? Well, as you mentioned, the down thin stat is 75% of the developers feel cognitive load. And the problem is this is only increasing, okay? Right, it's not getting any simpler. No, especially when- I was gonna say, funny, AI isn't making that easy. Yeah, exactly. No, and that- If you weren't gonna say it, I was gonna say it. That is exactly part of the problem. The problem is we're used to work, developers used to work, and used to have a good connection with the platform engineers, okay? Suddenly, there is a new team called the data scientists that are bringing the AI models that developers are like, and who are you, and what are you giving to me? And I need to incorporate that in my app. How do I do that? So the stack is getting more and more difficult because we used to have, okay, you know about Linux? Yes, I am good. You know about containers? Yes, I use Docker. If I know, I know also about Pullman desktop. Yes, I know about Kafka and integration and the tools that I need. And I know about Java. And now suddenly, there is people talking about Go. There are people talking about the language models that is, and you are like, and I need to incorporate all that in my app. Give me a break. Right. So it's all about cognitive load and how to reduce that. And that's why it's so important that you create books, you train them, events like this, where we explain the whole picture and developer advocates traveling all over the place, explaining how to use all these models and how to integrate in your apps. So it's, again, all pushing tools like Pullman desktop. So it's all against the same objective that is, guys, take it easy. This is not the first time that we need to deal with this kind of complex technology. It's just another step. Right. Another set of people that you need to start talking and understanding what are their priorities. And you did a UX research study on this too, right? Yeah, Mo was presenting this in one of the sessions because as always, the first thing that you do is ask developers where they are struggling, what they want to know more, what is the type of documentation that they are expecting. So the first is always you do UX research, you ask developers what do you need, and then you work towards that need. In fact, the last version is insisting specifically on that in order to create more learning paths, more tutorials, more easy to use, ways for developers to access. Yeah, I think it's one of those things that the user experience for the developers to get them involved has to be simplified. And I think Podman makes a lot of sense where you can do it locally and be able to understand that. I mean, even Priyanka was using it on stage. And I think when you start to look at how the community comes to that and how you can do that, it also helps when you start to think about things like security, right? And shifting left with security and things of that nature. How do you see developers being helped with security from that perspective? Yeah, so I mean, so we had the shift left movement which the idea behind it is great, right? The sooner we find the issues, the sooner we can be aware of them and the sooner we can fix them instead of waiting until the last moment before production when we do some last minute scan or afterwards even, and then having to go back and fix it. So in theory, this makes a lot of sense, but in reality, what we saw is that the developers now all of a sudden need to be like security experts because how do we now find these security issues? And so that's I think where we see, especially in the last year, the last six months, a lot of movement towards, okay, how can we actually help the developers because now they have to create their software bill of materials and they have to find secure images and they need to scan them, they need to sign them, then verify that they actually come from where they're supposed to come from and everything. And that's so much for the developers. So one of the things that we're working on is a few tools using the community, not using, working in the community. Collaborating with the community. Yeah, yes, yes. Thank you. I got you, Kevin, I got you. Totally, absolutely. And yeah, so leveraging open source to help the developers, for example, with Project Six or FALCO or whatever, and integrating them into easily consumable products, projects that we can integrate in our pipelines so the developer on the first, maybe I should backtrack a little bit because actually while they're developing, you have, for example, the dependency analytics tool which will notify the developer, hey, you're trying to use this dependency, it's not secure, you should use this version or blah, blah, blah. And then after that, they commit their code and we'll go through a pipeline that's going to take care of all that really complicated stuff where the developers have all the tools available but they don't have to actually start configuring and finding out exactly how to do it all themselves. And I want to add that there are also a couple of data points. The first one is over 700% more attacks year over year. That's, it says here, 742% That's insane. That's insane. Yeah, but you know why? Because obviously more and more how we create the code. The code is created taking pieces. We used to do that from Stack Overflow and now we have ChapGPT and we're taking all these pieces. And we are creating the code and then you don't know which of those pieces is secure. So you know what the people that want to heart a company will do? Find that code that is not secure. And attack there. Yeah. And I think we talked about, it might have been yesterday, like trusted artifact signer and some other things that you're bringing out at the preview. What other stuff do you have coming that that's coming down the pipe that way to help? There are those are the main tools that we are right now. Overall the overall picture is trusted software, secure supply chain. That is, okay, you need to ensure that the software that you're creating is secure. You need two things to do that. The first thing is you need to be able to analyze the current code that you are using. You need to know if your libraries are secure, if you are reusing the right code, if that piece of code that you took for whatever is secure. That is the first. And the second thing is you need to be able to sign to each every phase of the development process, you need to be able to sign that, yes, this has been tested, this is done, approved, can move to the next stage. So those are the two pieces that we are bringing. We are right now working towards Summit, but right now they are already at tech preview. So that is security is definitely one of the key areas looking forward. Yeah, that adaptation is so key to people looking. It's not just about S-bombs. And I think S-bombs are great and we drop them all the time on the show, but it's like, we look at it and say, hey, great, but that adds to the cognitive load as well. It does, yeah. So I think that is, so that's what you're aiming at, helping them is reducing it, making security from the start, right? Exactly, yeah. Because I mean, especially as we scale and ramp up with things like AI, a tiny little problem is going to become a magnificent problem. Quite quickly. Imagine that they take care of your car. Right. Imagine that they attack your car. So, I don't really want to think of that. I don't really want to think of that. My own scenarios. Yeah, but it is. Not too far fetched, but it's a bit mildly, so. You have a lot of resources for people who are trying to learn for developers, correct? You've got books, events. Well, that's what we do. Yeah. We create, first of all, obviously, we have a number of engineers in the organization working with the open source community in order to create great products. Then you need to be able to explain all of that. Then you need, and for developers, it's super critical also to do hands-on activities because developers learn by doing. It's not enough. It's good enough to read an article, but then where I can learn this, where I can try this, and then finally you need to create deep technical content. And when I say deep technical content, I am talking about 400 level content, super deep in the form of books, or sessions, or labs, hands-on activities, whatever. But this is how developers learn. Yeah, it's great. So that's what we do, basically. I know you're great at it. How important is the feedback loop with all the developers? Well, you are collecting feedback loop. Yeah. Every single. Right. Yeah, because at the end of the day, if we're building tools that don't make sense or that are too complicated, or maybe they don't hit the need of the developer, then what are we doing, right? So we are constantly, of course, listening to the developers. I mean, I'm a developer, right? So I also have my experience of building on top of it. I mean, it keeps evolving and we need to keep an eye on the community. Well, an ear on the community and an eye on the community. You can do both ears at the same time. And this is the last version of the book that we are launching here at Red Hat with developer portals all about back stage. Awesome. Well, we're going to have to, I know what my evening reading material is going to be. All right, gentlemen, last question for you since your regular is on the show. What can't you say today that you hope you can say next time we have you on theCUBE? Kevin, I'll start with you. Yeah. I'm blanking out, so I'm going to let you start with two things. Security everywhere, AI everywhere. Yeah. Those are the two things that are going to be critical for us in the youth, I mean, I'm sadly sitting in November. We are working towards presenting a bunch of news because again, it's not about AI as such is, okay, AI in my product, AI in Podman desktop. How we are taking the AI, also there is another great quote from Chris Bright, our CTO that says, guys, the future is not about very LLMs, large language models. It's about small LMs. It's about every company creating their own LM, their own expertise, infusing that expertise in that app and then ensuring that that app is then produced. So, and obviously in the process, security all over. So those are the two big key themes we are looking for. We're talking about the little M. The little for a while. And we will talk about that in May. Yes, Samit, I will hope that I will see you there. So absolutely. Yeah, and actually we call them segmented or small language models, SLMs. And we actually have what we call our, actually it's a distribution of generative AI. And what you see is the long tail is actually those small, or segmented LLMs. Orated price LMs. And they're going to be so numerous. And that's where the security comes around because you're going to have sprawl. You're going to have LLMs sprawl. Right, and then it's the same story again, right? How do we get those to production in a safe way without overloading the developers, whether they're working on the models or the applications and or both. So, yeah, absolutely. All right, we'll let you get away with a collaborative answer on that one. Thank you. Yeah, that's the problem. Very nice of you. Kevin Ignacio, it's such a pleasure to have you on the show always. Thank you for making the time, for being here and for all you do, making the developer experience better. I'm sure there's a lot of people also very grateful for you. And thank you, Rob, for a fantastic day so far. And thanks all of you for tuning in wherever you are on this gorgeous rock. We're here in Paris, France, at KubeCon, CloudNativeCon. My name's Savannah Peterson. You're watching theCUBE, the leading source for enterprise tech news.