 Also, I just realized I'm rolling by good morning. Good afternoon. Good evening. Wherever you're handling from welcome to another episode of The level up hour with the one and only the illustrious Langdon White today. We're joined by the Marvelous and All well traveled Scott McCarty. We were discussing where he lives versus where I live as prior to the show So welcome Scott welcome Langdon to the channel Langdon that you want to kind of go through a normal rigmarow or let's go. Yeah himself first Let's let's do the normal rigmarole and then we'll do the introductions so I can give a little bit of context and So I will share my awesome slides Which are awesome Scott has been on the show before and so I'm sure he appreciates seeing these brilliant slides again You know because I'm sure everyone does So this is a level up hour where we talk about Why containers rock and why you might want to start using them? and We're trying to convince you and then we also are we've actually been doing a lot of interviewing of people about kind of the ins and outs of Containers and about how they get deployed and and the kind of the architecture for that We also tend to talk about open shift as well, you know, we are on the open shift TV channel You know and how it relates to you know, kind of using containers natively on the operating system So that's the level of our check out our website at red.ht Slash level up our and you can also find cool things like discounts on training and discounts on licensing You know, and if you want to get more into podman, for example, you know, you can always go down download fedora But you can also now get red hat or sorry rel production subscriptions through a developer subscription You know, I think it's up to 16 that you can run yourself So you can definitely play with everything that we're talking about here If you have any trouble trying to play with those things, let us know and we will help you solve them And speaking of which You can find myself and chris on twitter. I'm Langdon with a one and chris shortest chris short And speaking of mr. McCarty here. He is father linux on twitter So you can go check out his twitter feed and all his millions of followers But if you want to chat with us Kind of you know, with more kind of long form chatting, I guess We also have a discord that you can check us out on Where there is sometimes some active discussion Around the various shows including the level of power, but also like the gaming show that we do So which is later today by the way. Oh, is it today? Okay. Yeah today at two eastern 1800 utc cool cool So, uh, yeah, so check that out We usually do a recap of everything that's coming up for the day at the end of the show So we'll probably cover it again. So more details later So today we're going to talk about ubi We have talked about ubi on the show before and as we were joking around earlier. This is not a universal basic income, but instead a Base container image that uses red hat provided software But in the idea being that you can kind of have a redistributable container for all the things you might want to build You know, rather than the things that red hat wants to build and ship Also have show notes from last time So before I move on let me just kind of say like You know, so we're going to talk more in depth about what the ubi is like internally rather than How to use it, which is more what we normally cover on the show Um, sorry, christ. Did you have a question? No, I just said I was dropping the links for oh cool. Thanks. I actually have them nicely copied over somewhere so that I could I could do that too. Um, but so I I got the show notes done for uh the episode before and last and last episode Those were interesting topics, particularly the podman v3 kind of deep dive We had one of the architects that of the podman project on the show brand bowdy And he's always a lot of fun You know, I think that was I think it was really successful I think what was really popular and I think we had a lot of good questions So we may even twist his arm and bring him back To talk about the show or talk about podman, uh, some more Um And then last time we we're supposed to talk more about docker compose But ended up talking a lot about the differences between Deploying something for open shift versus deploying something uh in podman So we're going to do more with docker compose and podman in a future episode in a couple of weeks. Um I have a lot of intro today. Uh, so next week. Yeah, sorry. So next week coming up next week Yes, we are going to have chris right cto of red hat on the show And we're going to be talking about Some of the kind of like future ideas around kubernetes and like how to maybe kind of wrap How you think about kubernetes around a little bit. It's not just It's not just a way to deploy software necessarily and and we want to get into that a little bit Um primarily driven from a show he did like a quick hit Show called technically speaking about with he and kelsey hightower that they did They recorded a couple of weeks ago, but it will be also dropping during the show So we're going to feature that and talk with him about that Hopefully we'll also talk about what's coming up at red hat summit, which is the following week And kube con eu which is the week after that. Uh, and what he's really interested in going to see And what as hopefully by extension you might be interested as well Please remember we are we are running a contest. We've decided We're going to try to extend it a little bit if you want to go to kube con eu Please share somewhere on the social media about uh, what you Have learned on the show. Um, and then come and bring us a link to it on our discord So that we can enter you into a raffle for free tickets to both red hat summit and kube con eu Except the red hat summit ones. Everyone is free. So everybody on the show gets a ticket Wait, what? So so i'm going to take complete credit for you get a free ticket to red hat summit so does everyone else But uh, you know the kube con eu does have a you know a decent size fee And so we would like to give out some free tickets to that Whoo, that was a lot. All right. So scott mccarty. Uh, let me stop sharing. Um Would you care to introduce yourself as to uh, you know, what you do at red hat? Sure. So, uh, I finally had a chance to watch your episode with brent bowdie Who's on our team and uh, so I work with brent a lot. Um, um, I am a product manager For pod man build a scopio cryo and red hat universal base image So basically all of these Pieces parts that are in open shift and rel All the fun stuff All the fun stuff, but the funny part about ubi is it touches literally Everything in the world and so I get every question on the planet from like security stuff to like When is open as the cell getting updated? I'm like, I don't know. That's a different team Like like too. I literally had one about python this morning. They're like, you do ubi. What's going on with python? I'm like, don't know like I don't run all of rel like Right, you don't this is insane. You're not the whole real team scott. Yeah Not only is it all the like bits that go into ubi, right? But it's also like it is a significantly different distribution model For like any of our software So, you know, we were first trying to get ubi out the door like that that was a train wreck through our like building Free software away at red hat. Yes. Yes, it is weirdly enough Yeah, and then and just just even building it right is a non-trivial exercise. I became an amateur lawyer I became an amateur like I've basically everything export compliance Uh, you know open source compliance like I dealt with like every I've had everything with launching ubi Yeah, I launched dbi too. So at least the good news is I know it all really well, but like It is it gets literally any question at red hat could somehow come to ubi Like if you're a container basically so like they're always like, well, how do I do this? What do I do with this? What's the legal? Can I redistribute this? What happens if I had this package? Right, right? Um, so when can I get pod maintenance idea? Yeah, actually, that's that we have tech preview bits of that today that are on Oh, really? I feel it. Yeah, and It remained tech preview for two dot releases and we'll end up g aing it Dan wall's chanted up getting I finally roped him into getting interested in and paying attention to it more and uh We have all kinds So it was hard for me to educate people why that why why we want that like everyone's like, why don't we want that? Why don't they just use pod? I'm like, like, well, let me give you some crazy ideas So like I'm a sys admin and I need to run this version of pod man And I'm not allowed to install it on the system because yeah, we certify on rel 8.2 Okay Well, now I can use a pod man container and get the version from 8.4 Which is 3.0 running on my 8.2 system I don't break any of the compliance stuff at my company and I still get to use the new version of pod man Containers are awesome. Um, it's funny because we talk about application standards on the show a lot And uh, you know, I don't think they get anywhere near the You know kind of marketing push or whatever that they should I mean it's Like it's so much easier to run whatever You know gnarly thing that you want to You know using a container We actually opened like this we started the series of the show really about like How do you build an application container that kind of contains all the tools that you want to use? Um, and then ship it around your data center and have it kind of wherever you want it So that you don't have to muck with the systems that are running real stuff Let's give you the even crazier one So we had a problem where a partner of ours was running rel 7 and they were locked into rel 7 for a hardware solution that they're delivering And they're like, but we need pod man 3.0 or whatever, you know pod man 2.2 It has some bug 1.64 that we released that's the last like, you know, rel 7 is in the sunset now I mean like it's the sun is setting the sun is still over the horizon and we do cvs and that's about it You know, and it's very stable, but like pod man people always want the latest greatest version So they're like, hey We need 2.2.3 and I'm like now I could have and like we cannot update that ever again The real program will kill me like they don't they do not let me do this Um, and so I was like, but we do support rel 8 containers on rel 7 like we do support that at tier 2 So let's bring a pod man container back and run pod man in a container Using the version of pod man that's there, but you still get the newer features that you need for this thing That's a pretty killer like that truly unblocked a serious cluster fire problem I had like where I'm like, I don't know how to support this that is like such a mind-blowing concept, right? Like that is Awesome, right? It's awesome, right? Like it unlocks people so they can do what they need to do Which is like the agile way of thinking right like how can I unblock people to do what they need to do? Yeah, right, right. So that's how you know, I dropped the link in chat to the tech preview pod man. Oh cool. So cool free to Kick the tires on it Field questions and discord we can get them back to scott and company so they can get it One thing I will I will plug the alternate route there with kind of rel 8 beyond right is that That's this is actually the goal of something like abstruse, right is also part of trying to solve that same problem And we when we're developing that project, you know, we We often refer to the too fast too slow problem And you know, so we have customer a right who says I need the latest version of pod man. Oh, but don't change anything else Right. Yeah, you know, but then at the same time you have someone else who's like, oh my entire infrastructure is working on pod man, you know, ancient right or whatever But I need new hardware. So, um, you know, please, you know, use the older version of pod man on the latest version of things So I think when you're coming from the perspective of a kind of a single customer or a single user You always have a complaint You know and depending on the current perspective of wherever you're at or whatever you're doing It's that all of rel or linux or whatever is moving too fast or vice versa. It's all moving too slowly Um, and I think when you look at it in aggregate, you start to realize, you know, that everybody has a problem with the speed of something Um, yeah, and so that's actually the genesis of the upstream stuff Um, kind of it was concurrent with the work around containers And I think now we have two really nice ways of approaching that problem that can work independently as well as together to try to give you that too flat fast too slow solution across, you know, the, you know, our, you know Basically our platform, right, uh, which I think is super interesting, but Moving on Last thing back to ubi Builda and scopia will drop in ubi in rel 8 4 and then the plan is to add pod man in rel 8 5 So there's a pod man image today that's tech preview But you have to have a real subscription and you have to authenticate to grab it But like in and but in when rel 8 4 drops here in a few weeks You'll you'll see builda and scopia and those are those are fully supported on rel But they're also g8. So now we're adding them to ubi. So it'll be freely redistributable And then we're doing the same thing with pod man in 8.5 is kind of the plan right now So just for clarification You need to register and and download it, but um, you should be able to do that with a developer subscription Yes is no cost. So so it is accessible for you know, without paying money Um, it's just that it's not accessible without kind of agreeing to the T's and C's at the moment Um, that brings up a really good point. We actually had the question with Brent, um, you know But we were joking around about how we never actually know when anything's going to release So it's nice to have product managers on occasionally who who are like, oh, yeah Here is exactly when this is going to happen. Um, so it's good to hear So 8.4 is the target for for basically the new versions of pod man, which is awesome And then you were saying 8.5 is when the container Well pod technically today even in rel 8 3 is when we released a pod man container to be honest with you I wasn't happy with the ux of it. I think the ux is a little funky You still have to run it as a privileged container, which is fine Yeah, but you have to run it as dash dash privilege We are working on like Dan, especially this week I know he's been working on all kinds of different ways you can run it and we're looking at like what modifications We can make in the container image to make it easier to use etc Like we're looking at improving the ux over the next dot release so that like when we release it in rel You know, we're going to ga pod man in a container on rel in 8 5 is the plan And then when we ga so I have this rule. I don't really say anything into ubi unless it's ga So like that's why build and scopi are dropping in in in ubi in 8 4 because they've those container images are already ga Um, and then when pod man ga is in a container as in the ux is good I feel like it passes all the sniff tests like qe is good our docs are good Then we ga it and then it'll drop in ubi So it'll be like you said redistributable without a subscription and just you can test it today For anybody who's new to the show build uh, so pod man as we jokingly refer to is often referred to as a rapper Um, yes, you know, and so it's pod man the rapper, uh, which we still don't have t-shirts for no I haven't t-shirt for you don't I don't have a t-shirt for that's true But uh, so builda is kind of the build component of pod man scopio is kind of the search and um and kind of delivery Side of pod man It's the pairing knife. Yeah, I call it the chef's knife pairing knife. No hibachi knife Right, okay. So and then so pod man's experience for the for the overall set of things that you need to do with containers Um, but if you want to do like build a ci engine for example, you might want to just include builda for example Um, because you don't you don't need all of pod man. You just want to build infrastructure So that's why it's it's you know, it's kind of built in the unix philosophy of you know Each tool does a job, but then sometimes you want to wrap those together to give you a full experience Um, so we had a question come up in the chat. Um We have a couple that we had a couple questions Uh, do you I was going to go off and talk about uh, ubi versus ubi minimal versus the rel image But is there another question we should answer before that's quicker than that? Uh, I mean there's So there is some confusion, right? Like I want to acknowledge that plain risky's question I think is worth addressing early so we can eliminate confusion. So, okay So that's what I was going to kind of go to scott was is like, okay So if I go and look for a base image from red hat Let's ignore for the sake of argument the kind of the strongly built images So like the ones that already have apache and php and all that jazz, right? Instead, let's just talk about kind of the the more basic ones So we have to the best of my knowledge right now. We have ubi minimal There's a ubi micro. I think in the works. Um, and then there's like a ubi and then there's also like a rel image What's the difference or like is are they all things that we expect to continue like forever Are is there a recommendation around which one we choose under some conditions or should we always be choosing ubi or ubi minimal And getting away from rel images Yeah, so So in rel how to word this so in rel seven, let's start with the history So in rel seven we had that the end user license agreement was only the The rel end user license agreement which which back in the day the way you would install software was We delivered industrial grade flour industrial grade sugar, you know industrial grade You know water like in big bins bags and boxes and barrels to our customers And then they mixed it all together and they made cakes at scale, right? Like that that's what we sold enterprise software And so it was really fine when the when the You know sys admin architects developers all mixed the cake On premise in a data center or a shared, you know, blah, blah, blah That's how our Original entitlement model was based around all of that like we would sell the company a subscription And then they could use whatever they wanted in that industrial data center, you know, or whatever they had they bought whatever subscription They could use it But they were not allowed to redistribute it because it's free software That's open source and they're allowed to but contractually they would agree not to is what how I should say it And that was just so that we could get them to We could come up with a monetization model where we could actually make money and actually, you know Sell them something so that we could make money and keep building free software um But technically what people don't realize is like if you don't have a rel agreement If you don't sign the red hat uh enterprise license agreement You can redistribute rel all you want like there's nothing like you're not breaking any laws, right? Like it's a contractual agreement that businesses make with each other And it basically says we'll give you support as long as you pay us for the copies that you install And and it was just the only way we could come up with in the united states and the world with a legal framework That would actually make this work, right? Like you have to have some these locks keep honest people honest And that's all this is this is like a legal agreement to keep honest people honest um Now that said that breaks down when you get into containers and when we released docker and rel 7 We still had the container images protected by the exact same end user license agreement As the bits for the servers and so we had customers that couldn't they would they would create a container image with rel 7 And then they would go to redistribute it to their friends But oh i'm not allowed to do that, you know like i contractually i'm not supposed to do that And it took us a while to figure out how to do this in a way that was that made sense And so when we launched rel 8 we came up with this concept of ubi, which is really just a yua to be honest with you It's a legal. It's a different end user license agreement It is not actually different bits although people perceive it as that because it's just how human brains work But it's actually nothing more than a different end user license agreement that allows people to redistribute The set of content that is in ubi, which is a subset of rel And it's not all the things that red had it's not layered products. It's not open shift It's not i mean it is open shift because open shift comes with rel but it it it comes from rel It's always a subset of rel now that said there are three ubi base images. I manage the base images other people Manage the layered ones like python and ruby actually brian galhar manages ruby and python and all the layered ones that are like programming like and actually other people manage other ones like Because there's a bunch of different subsystem teams in rel so like i will specifically talk about the base images Even though i know how all the others they all fall under that same ubi yula So they're all ubi in people's minds But they're really just rel released under a different end user license agreement and that said there are three base images today There is minimal standard and the one that has system d in it We call it the in it and call it the catalac image like that's the one that you just do a yum install System ctl enable a patchy in our htdbd and things just work like magic habits You treat the in it image like a vm if you're like kind of bringing stuff along from the old world um The standard one we had targeted for 80 of use cases So it works just like a regular rel system where you do a yum install a pat, you know htdbd things work Um, if you're in a docker file or whatever container file, um, the the minimal has something called Micro d and f which is which pulls in less dependencies and can in some cases Um make an image smaller, you know, like it'll trim out a few megabytes I think it's like a hundred I forget what the latest version in rel is but call it 110 ish megabytes and then the standard is about, you know Or maybe it's about 130 megabytes. The standard is about 205 ish And then the in it is about like 208 ish, you know It adds another couple megabytes for the few things we had for system d Those are the three ones to now being honest 80 percent of the users end up just seeing ubi minimal and just going for that And then what happens is a lot of times they'll add packages Sometimes it even ends up adding regular yum because yum Or you know yum slash dnf gets pulled in as a dependency And so it ends up having micro dnf and dnf and you know, and next thing, you know, the image is actually Bigger than no it ends up being bigger than the regular standard image Right it's counterintuitive, but it's what happens that still doesn't matter I look at her download numbers 80 percent of the people are using ubi minimal Or at least 80 percent of the automated builds that are probably the driving this are um Now in rel 8 4 we're adding one more we're adding ubi micro ubi micro is special It is actually truly different than the other ones. It has no yum and dnf installed It has no rpm command. It has nothing you can fire it up and you'll be like, oh, this is cool I can run bash. What the do I do with this now? Like I don't understand what this is for um The reason why because most people will try to use it in a docker file and it will fail Right. Um, you cannot build it with a docker file not yet I'm working on some really cool tricky stuff with podman to make this super elegant But that'll probably be more like rel 8 5 as a sneak preview, but um, but um Ralph 8 4 when it comes out, you'll have to use builda. You will use the yum You know slash dnf in rel 8 4 on the host to then like do the dash. Oh, you know install Into a directory and you'll like basically install into a mounted ubi And then you will create another layer and then you will commit that layer But the beauty of this is this has three beautiful things like you're using trusted rel content So the quality of the content is really good You are not adding new packages into your environment that are not already part of rel So you're not expanding your attack, you know footprint, you know attack surface Because if you already have these packages on a rel host somewhere somebody can theoretically attack these You're just adding the exact same packages that are on a rel host into the container image So you're basically keeping the environment minimal the total permutation set of packages that you have in your environment and then third The actual individual container image is pretty damn tiny Um, we can get it down like a base image right now is like 12.9 megabytes compressed and about 38 megabytes uncompressed And then we can build we've done some tests with open ssl. We can get like 80 megabyte open s style image We can get like 120 megabyte Apache image about 120 megabyte engine next image And right now you'll have to build those today, but I am working on a roadmap We'll we'll sort of have a ubi micro family of container images where we'll have like a pre-built open s I'll want to pre-build Apache want to pre-build engine next month. You just grab these tiny images Now again, you're gonna have to use them with build a if or or once it already has the app in it You know like say you just want to use Apache you may be able to use a copy You know just copy some you know like a web brood in and do some of that You may be able to consume some of those without having to muck with them But the ubi micro that's coming out really you'll have to use build a to add anything to it But I mean like if you're I mean if you're doing an Apache, whatever wouldn't you bind mount the content anyway? I mean a lot of the time. Yeah Yeah, I guess I don't know so what came up with the chat was like, you know Kind of going through a multi-stage build process It'd be really you know at least you know my immediate thought right is be nice if I could use a docker file or container file And do a multi-stage build where oh, yes, I wish it was possible I spent three hours this week trying to find some hacky way to figure out how to do that But it is not possible. Okay. I'm planning on doing is not even using a multi-stage build One of the features that got overlooked in this pure incidental. I'm like 99% sure this is incidental I still I talked to valentine about it last week a little bit and talk I haven't had chance to bring it up with dan and brent, but uh But in a nutshell the dash dash mount option is missing with podman build We have the dash v bind mount option, but we don't have the dash dash mount option The dash dash mount option does some really friggin cool stuff. You can bind you can mount Uh container images people don't realize this you can actually like specify a container image and then give it a mount point Inside of the container that you're firing up and it will just show up as a directory, but you're like mounting another image Like advanced linking. Yeah, this is like yeah Now imagine a scenario where I have a docker file that bind mounts regular ubi I run the yum tools, you know yum an rpm from the regular ubi image to add packages into the ubi micro Then do a yum clean all and then save that extra layer and I can do it with like two commands in a docker file Like it's not even going to be a multi-stage. It will just be like a regular docker file. I'm pretty sure dan walsh Did an article or a blog post or something about doing essentially exactly that might have been might have been collin I don't there was somebody who did this with docker a long time ago Um using that exact same technique. I think when it might have been bind mounts You could do it. Well, so you could do that when he was looking for micro when he hadn't built micro dnf yet Um, he was I think he was doing something like this. I I think yeah, it's it's we looked at doing like a I looked last week at everything I looked you can do a podman mount on the ubi micro image if you want or build a mount Then you could like mount that into a container, you know, and then basically install into that You can do some hacky things to kind of make this but I want to be super elegant I want to be like a single command single build command very simple docker file like, you know container file I want to be like two three lines in the docker file and a single build command And once we add the dash dash mount option to the build, you know podman build dash dash mount equal And then you'll build a specified containers then within the docker file We'll probably be able to do something You know tricky with the paths and the library paths to make sure that you can just run the yum command And it looks like it's natively installed even though it's not it's actually coming from the the other image But that's the plan to kind of make that more elegant One thing I wanted to kind of quickly mention just because we haven't covered this on the show and I and I don't think it's commonly understood Is that um build a actually when you do build with build a It actually follows a lot more the rocket model, which very few people have any experience with Which is that essentially you can kind of build up a container image Using build a commands and that like feeding it a docker file is actually almost like a secondary activity Like so basically what it's doing is actually just kind of feeding that set of commands If you're doing docker and you don't know what you want to build right what you typically do is you You know take some sort of base image you log into it Then you install the stuff you want and set up all the stuff you want And then you do essentially you go outside and do a docker commit right podman has that support as well But if you're doing it with build it's actually slightly different in that you can Actually give it the set of commands that you want to build and you will get container images along the way So it has a somewhat more flexibility about building up a container Then a container file would do The downside is that it doesn't have the ease of use that a container file Distributed right But you can get to very very nice clean quick images You know essentially with a bash script instead of feeding it a container file You know container file in a lot of ways is basically a bash script But if you use an actual bash script with builda you can actually get to some cleaner containers Yeah rocket is deprecated out it is I think it is officially retired actually I was just going Yeah, if it's it was the first cncf thing to be sunset whatever I forget the term that they use Yeah, like it's after graduated where it has passed You know like it's not deprecated. I don't think they called it that but it's definitely in the sense of being worked on No longer being worked on and so it's to be clear But it does bring some great ideas Yeah, it just follows that the style of how rocket worked and it was interesting in the early days right rocket was very much The tool of choice for sys admins and developers tended to focus on talker And you know and so eventually they kind of came together at least in my opinion right and now we have Kind of builda which gives you that really Tight tight tight containers if you want them You know so you know appealing to the kind of sys admin side of the world Whereas developers or casual users in a sense can can still use something like container file And feed that to podman and everything just works. You can actually feed it to build it directly But podman makes a nicer wrapper around it Yeah, and I just I just literally while you guys were talking it's just checked to see if the builda bud command had the dash dash mount option But it doesn't so I can't I was thinking I may have found a hacky new way to make this work To break it in a different new in different way Yeah, nice, but But no no you asked though about rel images. So like for each of these So rel seven they were all rel images. They had the rel and user license agreement. There was no ubi yula Then we added the ubi when we launched rel eight We actually added a set of container images for rel seven There were identical bits that had the ubi yula And then we did the same thing in rel eight for compatibility We left the rel eight base images in place just like rel seven We don't necessarily recommend that anyone ever uses them But we wanted them to be there just in case other layered products and some companies were building You know, like who knows what weird stuff in rel nine to be honest with you will probably get rid of You know, there probably won't be a rel nine images. It'll only be ubi nine Um, you know, it's it's really a matter of whether the yula whether we need the other yula or not Like do we need the regular rel yula for some of the container images? And um, some of them we did so we ended up having both actually I just remembered we made a decision that we will End up still having the rel nine mounts the the rel nine namespace will exist in In uh in rel nine and that means that there will be some container images that have the rel yula You know with but but they won't likely be the base images at all Right. So I think uses people right. I think and I think the the audience question Which I think was jp dade. It could have been somebody else. Um, was you know, essentially that is that you know ubi eight right and and rel eight seem really comparable aside from the yula. They're identical They are literally identical. The only difference is a piece of metadata in one of the labels that points to the yula Okay, there's the only difference and the pause stories. They point to by default. Yeah, and they're uh No, that well that that's not even how well. Yes Because you're right. You're right because ubi does have an extra text file in the yum.d directory Where it points to ubi and then the rel eight one doesn't have that that's correct and then um, okay And then but they both In the the rel channels actually come from the host not from the image So actually there's nothing in the rel eight image that's Different if you dropped the ubi text file in there it would function Identically the same and then that one yula is different. But yeah, you're right. Got it. Okay. Um, so Generally speaking the the expectation is kind of go towards the ubi images is probably the the right answer 95 of people and we've we've even we've done it on the show too is like, um, you know where I'll you know, I'll go get a ubi image and then use stuff that is protected by the rel yula by Doing it from a subscribed rel machine. Um, and then it works It'd be nice if there was a way and like one of the things that I think we're discovering around the container stuff right and I think red hat has been uh kind of on the forefront of trying to help with this it's like All that helpful metadata that you have around Your binaries, you know that you get like an rpm is kind of still difficult to Find in a sense. Um in container world. Um, so it's really hard to indicate that you know this hey this ubi You know this uh image that I built or whatever this container file isn't gonna work unless you do it on a subscribed machine There's no way for me to tell a user that without essentially a comment in the docker or in the container file, uh, which you know It's unfortunate, but it's kind of the way The infrastructure is and we don't want to rock the the you know muscle memory boat right on changing how people do things Yeah, I've been working on expanding ebi ever since we ever since we created it but so far rel nine We don't we don't really know what Completely i'm not a hundred percent sure where we'll be with rel nine yet. I mean in a perfect world I'd like to have all of rel and ebi, but we don't yet Um, yeah, I mean I can really say on that. Okay. Never mind Oh, I could say I could you can ask me more. I don't know if I can All right, so so here's another question that uh did not come up today, but came up in the past Uh, which I'm sure you get Like what I don't know hourly basis. Um, why are ubi images so big? um, and uh, and then I will probably give my typical rant of why do you care, but um, the uh I will leave I will hear your answer is we so adam samlick and I did a talk at dev conf couple like a month and a half Go, or whatever Um, and adam has been working on this for like, I don't know two years a year and a half So upstream long story short is container images are large because the dependency tree in rel has never been optimized To make it smaller. Yeah. Oh yeah for containers and just to make it small in general So fedora for the last year year and a half two years I don't remember the exact time frame has had a strategic initiative like one of their top level Initiatives like minimize It may have been yeah, it's been a while One of their strategic initiatives to basically minimize rel you know minimize fedora I'm sorry because it not just for containers But for everything for like a coro s style use case for edge use case for all kinds of things But it is really really hard to go to every think about how many packages are in fedora There's like I don't remember 20,000 packages or whatever So you've got to go to every package maintainer every subsystem team And you've basically got to educate them on why they have to go do a bunch of work that they don't want to do Like you're like it's just like everything else in the world. You're like, wait a minute Why do I got to change this this isn't broken like like and you're like, oh you should make this a soft dependency You should do this you should do that You should and you sound like that guy like you're like you can come up You're like, you know what you need to do You know, that's like when some guy you're at the gas station. He comes up. He's like, you know what you need to do Put a steel bumper on the front. You're like, I don't want to do it I don't know why you're talking to me stop talking to me Like that's how all these subsystem teams feel right like so So basically adam built this really cool tool and he's been working on this project for a long time To like basically show people all the dependencies that get dragged in and why and kind of get them to like open their eyes and go Oh, maybe I'm pulling in some dependencies that I really shouldn't be And then specifically we're working with like the glipsy team to do all kinds of cool things like pull out all the tz Did except for utc. So all containers will run in utc Pull out some of these gconf character converters set things that honestly, I don't even know what they do Like I'm not that deep it was a big deal to pull out the translations You know, it's like you got by default You know 150 languages or something with a glipsy install and to do that right you have to have separate packages In fedora and rel and that's why the glipsy team. This is a lot of work for them Right like they got to basically break their package up into a whole bunch of other sub packages And then that adds more metadata to rpm and and yum Which then actually over time with enough patches is actually slows down container builds So like one of the other features in ubi is it only has the metadata for the latest content And it doesn't it doesn't leave it doesn't it only has the latest of everything So like it's super fast to build compared to a rel image because rel has to look for every version of every package Pull all that metadata on ubi just has the latest of everything. That's one other little side benefit of ubi But um, but yeah, this is a lot of work This is like years in the making to minimize the dependency tree that's been built up over 20 years You know, so it's what I want to make the point here Is and the reason for this right or the reason why there's a bunch of competitor images that don't have this problem is because they're hand building those container images Without any of this package dependency management stuff Yeah, some of that I agree on that another thing is is it's a misperception? Like if you look I I have this article that's wildly popular called comparison of container images if you compare alpine Ubuntu fedora rel sent os blah blah blah name another distribution You know demian and you add java like headless blah blah blah jvm. They're all about the same size They're all about 350 megabytes like once you put java in play it's yeah Well, and now one's not even that big to be honest with you, but like you add a patchy They're all about the same size. I mean you add as soon as nobody Despite the fact that it's small It was smaller at the beginning by the time you actually have a usable container They're the same size They're the same size almost and then and then I talk to customers and partners all the time that are embarrassed But they're like, yeah, we have this like 1.5 gigabyte image after we add all our stuff to it And like they kind of say it quietly like that they go, you know, I mean it's like 1.5 gigabytes, you know You're like, I mean dude. I'm not I'm not judging, you know, like like I mean it is what it is like There was a saying back in the day when I started red hat 10 years ago I was a slushed architect, you know Nobody runs an os for the point of running an os like nobody says, ah sweet. We got this $10,000 server Let's fire up an os and just keep it pristine and not do anything on it Like no the whole point is the application So like right a container image is small until you add an application And as soon as you add the actual thing that you need to do it's going to get big like it's going to get way bigger Some people some hipsters some cool kids They are running like going binaries and see binaries and those people have like five megabyte images. Good for them Scratch great. Yeah build from scratch And you have to pile every time great What it means is like if if you want to have a truly small image, right? It means that you cannot leverage the support of the ecosystem Exactly and and that's it has its trade-offs. That's a trade-off. Exactly. Yeah, you make a choice under some Like you if you want to go build that Java image and go build it by hand and put only the stuff in there that you want That's fine. You know, let me know in a year when you're done with that You know instead of you know, me being able to write, you know a single line in a container file and be done Like that that's the trade-off and sometimes it's worth it But I think the you know as the the joke is already starting in the audience and I was thinking this too, you know But the the the shaming of the container sides, you know is like Recognize what you're doing here. This is a trade press story Not a way of comparison, right? I mean like I actually just saw an article about how the new x1 from Lenovo Is too thin like it doesn't like it's it's like they're like, yeah I'm like trading off the ability to like use my computer so that they can make the trade rags like this is you know Recognize sometimes that the trade press needs Things that they can measure to be able to talk about it, right? But they aren't always an accurate thing to be measuring or I also remember like in cars a Ferrari is a piece of crap Right, it costs a lot of money Super fast and it you guys all the time every day. Yeah, it has crappy interior It's hard to get in and out like like it's it is the least human like like like yes They take great care to make this a great car But like but like at the end of the day It's really hard to make a good car when you only produce like a thousand of them like a three series BMWs Probably one of the best cars on the planet because like there's 50 million of them And they get all that user feedback and to get super refined And like I'll be honestly like an Audi a4 like a three series a c-class Those are probably the best cars in the world because there's enough of them that you get enough feedback that they're really refined But you get into the higher end ones They have more quirks even even the highest end Mercedes You're gonna get more and more quirks the higher end you get because there's not as many people using them And there's not as much time to iterate and you're like how many people are working on that car versus the three series Like there's probably gotta be like 10 times as many people working on one that like that many people The same is true with software. Right. What are you doing with the car? You know, are you are you taking it out to the track and racing it? Okay, then go get a race car then I can handle sacrifices Right, but if you're if you're taking it, you know to drive to the grocery store Like or an hour commute each way every day. That's gonna suck, you know, exactly All right, uh, so let's see. Um another question we had before the show, uh, which is basically like, um What what is kind of the default? Security model that's going on inside a ubi image. So in other words, like What is the, you know, sc linux configuration? What is the, you know, is the is the answer the same as rel or is it tweaked somehow or are there things that people should be aware of Because they don't know that ubi has been modified in abc way Um that they should be paying attention to when they're building, you know, an image based on say ubi Yeah, this is an interesting question I get all the time like so So it's so funny people. They're like, ah, we need to harden the image. I'm like, what does that even mean? Like, what does that mean? Like there's this perception that I get this It's like it's like me when I buy a new car and then I got to modify it I'm like, oh, I want to tune the like my my crossfire is all super modified. I changed the differential I changed that, you know, I've tuned the transmission The the ecu it's like once then I do that then I'm like, okay now this is like this is good Like I get the warm and fuzzy. It's like this is like my car. I can race this thing But like it's stupid like like like for a daily driver This is not something you need to think about but like This is how people feel with ubi images like ubi images are relevant So the all the binaries are hardened with like pi a and all these other things like in that in that comparison of container images I go through and show all the security technologies that we use to harden all the binaries that are in these container images So first let's back up and say Containers are not real like like they're just processes They are just fancy processes with more constraints around them The host is responsible for placing those extra constraints around them Not the container image the container image is nothing more than binaries packaged in a tarball So like you're like, well, what how do I harden these binaries packaged in a tarball? Like say that out loud and you go, oh, I mean, I'm I guess that yeah, that doesn't make a lot of sense like like You don't harden that like not really. I mean, there's a few little things people do like I'll admit There's things like government has requirements for message of the day things like that So like when you fire a container it literally has to have a stupid message of the day those kinds of things Yes, you can do things that are core bill to ask to a container image But for the vast majority of it you can put it in when you put the host in the FIPS mode The container when the process runs in the container it will be in FIPS mode So like you again do that from the host. Um, the s e linux rules are governed by Podman which talks to you know has its own s e linux library And then each of the containers are fired up in their own s e linux context So they're automatically more Isolated than any binder that you're running on a rel host So like today if you run two copies of Apache they're running the same context Like they can both access the same file systems. They can access the same ports blah blah blah like if you run them in two different podman containers They're actually ran in dynamically generate s e linux context. They can't talk to each other's ports They can't talk to each other's files. They can't talk to like and nobody even notices that s e linux is on That in my like I would say 95 of the hardening comes from the host Maybe five percent comes from the tar ball with binaries in it and and in and when I say that I mean In addition to whatever rel already does like rel does all kinds of crazy stuff to its binaries to make sure they're hardened and Crazy, you know, you know already so like those binaries are pretty good Like there's definitely work that gets done there But there's nothing that you need to do when you buy it It's like it's like I just bought a tractor trailer like should I put sweet rims on my tractor trailer? Like I don't think you need to do that like I think probably can carry cargo like it's good Like you know like the basic things like it can do those Yeah, I don't want to ramp for the trailer not Spenners Yeah It's like it's one of those questions that I always I know I'm that guy that always gets irritated when questions So it makes sense But you're like it doesn't really make sense to think of it as hardening UBI images, although I get that question all the time Well, there are DOD standards for certain things and I have been looking at I'll confess some metadata here because since I'm a PM But like I have been talking to some DOD people and thinking about how we might produce a DOD specific version Of ubi because they have their weird requirements I'm not even sure that I would call those actually more secure, but like nonetheless. It's just like what they want So like, you know how that works. That's this standard is a no joke And yeah, that was actually specifically why I like the freezing of this question Which is was not the you know, what do I need to do to secure a container? But instead the okay, I know by default that if I go into a rel container I can I can have an expectation that red hat has made that a secure thing Are there things about ubi that I should be aware of that you had to step back from that? Because it's lighter weight or Registributable or any of those things and it sounds like the answer is no, but it's good to hear the answer is no, right? Yeah It's mostly just trust that there's rail binaries in there and use the same packages and there's security metadata for everything That's in there, which honestly, I think it's more important the fact that you can audit and know exactly what's in there That's that's important to me to me, you know my sister admin gene twitches if I don't have that Yeah, actually speaking of which I finally got confirmation from Somebody we were talking about earlier brian cook that he's going to be on the show not for a while, but eventually That we're going to talk about the health index In the red hat container catalog, which I think is another thing that people don't kind of really look at too often But basically everything in the red hat container and catalog is scanned quay does this as well We were talking about this on the show But is scanned for what's in it and what's going on there and then on the red hat container catalog It gets a straight up grade as to the quality of it, you know, when was it? It's trust but verify we try to show you the verify like Right and and what people don't this is this putt is on another interesting question I'm sure we have questions around is container image scanners So like I talked to the stack rocks guys already since we've you know, since we've made that agreement to buy them And I've talked to a million partners of ours that already do this Scanning software is only as good as the metadata that it's consuming or and or that company events It is a nightmare to scan Container images that are built from scratch Like like when I say scratch like a C binary that you compiled yourself threw it in a threw it in a container and you know tar ball, you know Basically and then sent to somebody and be like hey scan this. Tell me if it's secure Like I don't know like I have no idea if that's secure Like if you statically compile a C binary or going binary and send it to somebody I will challenge them to analyze like sure There's decomposers and you can decompile things and like look at them and like analyze the decompiled code But there's no way to truly look at a binary Most of the time what we actually mean is C binaries that are dynamically linked against libraries that come from a linux distro And now we're going and talking to that linux distro and saying hey Did you guys patch this cv? Did you patch this cv? Did you pass this other cv? And you go? Yes? Yes? Yes? That's called metadata like like that's like red hat provides a ton of xml metadata that we Actually transparently show people which cvs we've patched which ones we haven't blah blah blah Most linux distros don't even have that like they don't even have something like that so Most of the time scanners are taking a wild ass guess about whether something's patched based on the version number They're like oh look that's a new version number and I know it's patched upstream. So so that must work Right. I mean this this is actually a problematic area in rel all the time Because people will get um, you know, basically bad, you know security warnings from you know, like say Particularly like a rel 7 or like a rel 6 library Because we backported a patch into it. So the version number hasn't changed because it still has to be backwards compatible But wherever possible we actually backported a cde into it So when you just go look at the version number, it doesn't actually tell you that the patch is is there It just tells you the version number which you know in all other regards aside from this security problem It has not been upgraded right and it was easier to explain at the host layer Like people would have to install three four different linux distros analyze them scan them and do a ton of work Now they just do podman pull podman pull podman pull podman pull run scanner, you know, like, okay Why is this different, you know, like it's a lot easier to question it not understand it And so like you're getting a consumer a closer to a consumer level, you know Analysis as opposed to yeah, yeah So you're generating a lot more noise questions in my opinion. That's kind of what I see happening And a container scanner vendors, it's in their best interest to find as many red blood lights, you know that they can Oh, look at our dashboard. We found all these problems. Oh, this software must be awesome It found all these problems like Not to be cynical, but that there is some of that happening too. Right, right, right Um, all right. So let's uh talk about uh points for a minute And then I want to close with the uh question that I Yeah, um that I really wanted to get to which is uh, you know And so we'll give you scott a chance to think about it for a second is like What's what new feature or features or whatever that's coming down the pipe for ubi? Are you most excited about that we should get excited about? Um, but before we delve into that, let's uh talk about our sweet sweet internet points Um, and let's see does scott remember what the sweet sweet internet points are from the last time you were here Oh, you're gonna put scott on the spot. That's not cool So here we have our sweet sweet internet points. Um The uh, you know the collectible points that will give you that warm fuzzy feeling inside That you are participating in something greater than yourself and get these intrinsic value of these amazing internet points Um, we are working very hard to give them some extra value Right, right, right as I as I keep saying, you know, we're working on the extrinsic version But here is the intrinsic version So narendev at 4900 points, uh, neville and taccom who I saw here today, um, you know Missed a show. I think uh, so we need to see that catching up No friction continuing going strong. Uh, joe fuzz who seems to be missing in the ether. Um, we uh, We haven't seen them in a while. Yeah So we hope they come back. Uh, and then detective kona kudos definitely, uh, you know making some forward progress You know and uh, we regularly talk about fedora as well with him um And then lastly bacon fork definitely on the up and up And then the people we featured from last time. Uh, I saw some more points getting added there So, uh, we will feature them again in a future episode once we uh, we see their numbers continuing to go up If you would like to collect the sweet sweet internet points for today's episode Um, they are on the screen right now and i'm going to drop them in the chat assuming I got good links looks good there um And uh, that's our sweet sweet internet points, uh extravaganza for the week, um You know hackham would like to remind you or like to point out that he Like he did something last week, but I guess you didn't pick it up somehow. Oh, he'll resubmit is what he's saying Okay, I'll uh, I'll take a look. Uh, it is occasionally I make mistakes about distributing the code. So, um, right If if you are unclear on a code, uh, you know, put the code in chat so you can track it if you want Right, um, and uh, it's also obviously it's in also all the videos So if you watch the video again, you will find the code there So that is also how you can collect points from older shows Um, or you can also, uh, you know, there are other ways to collect points as well So, you know, let me, uh, grab a link to that Um, but there's an activity. Oops. There's an activities page In the repo for with the show notes, which I'm going to put the link in the chat Um, that has other ways that you can earn points as well. So, uh, we always love people earning points. Um, I think they're a lot of fun. So, you know, please submit them at your earliest opportunity If you join the discord and want the points for joining the discord, uh, please just private message me and I will send you the code We don't have anything more sophisticated than that at the moment. Um, I was talking to a, uh, discord expert about how to, uh, kind of auto submit it Um, but I haven't quite Connected all those dots. Uh, discord is it's not my ways to do automation There's all kinds of crazy plugins for it. Like, uh, I saw a calendaring event app. Um, that, uh, I've been trying to get the hang of It's weird. It it works pretty well, except it doesn't understand, uh, 24 hour time And I was just like, really? This seems really obvious. Um So, uh, yeah, so actually just to by way of point in the chat, um, there and have Has opened a few issues and that's part of how he Has moved up in his points. Um, and some of those ideas actually I think one of his ideas is what led to today's show So, uh, you know, that's how it's one of the ways we try to generate new, uh, episodes Is by taking questions from the audience So i'm going to ask this question from jp dade, uh And I was going to have all of us, but it was particularly focused on scott, uh, so father linux Are you going to do the road show in october november time frame and to be honest folks? I don't even know where the road shows are gonna be right now. So So, yeah, I don't know. It'd be fun. It would be great, right? Like I would love to cover like detroit or, you know, chicago Whatever go help, you know, so I I have been a little bit Out there meet up with the red the red hat truck. There you go. I by side. We can race him We can show you why a Ferrari is not what you want. Um The so I have been a little bit involved in that set or chunk of summit I think it's actually more like september october There's a bunch of cities getting set for where they're going to take place It's going to be mostly hands-on stuff. Uh, whereas the so like the summit that's upcoming like they probably have turned names But I can't get them through my head. So some of part one is what I so some of part one Which is like in a week or two Is a kind of mostly like keynote kind of sessions And roadmappy stuff things like that whereas summit part two, which is going to be like in june Is more like traditional talks like traditional conference talks So a little closer to the bone more engineering that kind of stuff And then the ones that jpdade was talking about and then i'm kind of talking about is You know summit part three, which is going to be physically in person What I heard was september october But it kind of travels to you rather than you travel to it. So there's going to be a whole bunch of them And hopefully there's one near your place of residence And you know and and basically will run a bunch of hands-on these stuff. So like labs or like, you know, other kinds of workshops And so that's that's kind of the idea And I I don't know scott. Are you, you know, I don't know if you have anything in the the pitch bucket for it I know there's container stuff I know I the thing I reason I know about it is because My lab that I've been doing for several years at summit Which is about containerizing applications and bringing them to open shift That's in the the offing for it Well, how about this wherever you go we do a road show of the level of power. How about that? Exactly exactly Yeah, so I just need I need so we I guess we're we have a We're on the short list for labs right now. So there's I don't know 20 30 40. I have no idea But they're only going to choose 20 of the total. So I'm still I'm still not completely in yet So, uh, you know who you are you're the illustrious one. Hey Yeah, by and my lab is usually very very popular But I know scott's have been in the past as well. So Who knows I'll compete with you. That's right. Right exactly. Um, all right. So going back to the other question. Um What are you most excited about what's what's the next thing that you are really looking forward to having land in ebi I'm most excited about the roadmap for ubi micro and what else we can build using that I think It we have some just being super transparent We have some internal build challenges figuring out how we're going to build on ubi Micro, but once we figure that out, then I think we can build out a family of other images that are built on ubi micro Some My fingers are crossed we can unblock things by like the rel 9 Relate six time frame and get some cool Family of things going for ubi micro like I'd I'd love to get an open s to sell image an apache image an next image You know, maybe even like eventually database images and all kinds of things that are built on that ubi micro concept that are just Really small. It's like a nice lightweight Postgres nice, and then I'm excited about some of the work the g-libc team is doing to try to Yank out another couple megabytes here and there like my understanding is like we probably have a roadmap to get rid of another 12 13 megabytes. So now we're like down to like 28 megabytes uncompressed maybe even 25 megabytes uncompressed and then who knows what compressed maybe 10, you know, I don't know I'd be pretty happy with that like we can get to that level I'm like super stoked now. We're getting into that alpine size But still using the rel content, which I think is very good quality and And then also not expand, you know, if you use alpine with a rel like say you use alpine on open shift You're still increasing your attack surface even though you don't realize it because you're bringing in all the versions of libraries That are an alpine that aren't in open shift And so now you I mean by definition you're adding new permutations of packages and things so yeah So to me we have micro is exciting. Like yeah, yeah, it's different software. Yeah, that's just saying Yeah, one of the just to give a little bit of an example You know when when because I was involved in kind of this minimization activity four years ago or five years ago When it's yeah, I think I worked on this with you a million years. Yeah And the the thing that one of the things that was so like Shocking for me in a sense is like they were talking about trying to get, you know Minimal and part of the part of the activity was also trying to get boot times faster that kind of stuff as well And one of the things that just blew my mind was how proud the Fedora team kind of in general was that we had gotten from four Different encryption libraries that were required for boot Down to two and a half So it's right so so like Why there's more than one? Is a little bit the challenge with open source, right? Is that there is no one who's declaring by fiat? This is the answer And so and it evolves over time and so we have like encryption libraries for example that have been involving over time You know based on what language you're actually building your software in and all that kind of stuff And so you kind of have this plethora of things that that come out of that but We've been making progress like, you know, we've we're kind of coming together as a software community or open source Software community about trying to solve this this problem and trying to get down to You know one encryption library that is used, uh, you know through boot and then maybe there's specialized use cases where you need other stuff But um, you know for the vast majority of it, uh, you know, maybe we can get to something smaller So I think that's that's super interesting. Um, I You know, like I really like being able to pick up, you know, quote-unquote off-the-shelf software Because especially with things like the Apache and the databases and that kind of stuff because I trust The team at red hat, right? That they know how to put together an Apache like an htpd That will run and be secure and do all the right things Way better than me configuring them. Um, and so what I want to do is just pick it up And like run with it use the power of multiple people's brains Right, right, especially especially your knowledge is limited. That's one thing that you've got to remember in this space, right? Like you yeah, you could build a scratch container and it can be really minimal and really clean and lean but you have Little idea of what oh really exists in there. Well a perfect example of this was like For well 10 years ago before I came to red hat. I was a php mice crow like ninja like like we ran So much of that shit everywhere that it was insane. So like I felt pretty confident I knew how to build the best one and I usually built it from red hat bits, but then I would tweak it I would tune this I would do that, you know, I was getting to that level where I was like, oh, yeah, this thing is warm and fuzzy Um, then I come to red hat and I'm like farting around, you know, sales product management part of marketing Like just last year year before I'm building a php my scroll thing for my blog because I'm going to confess I have not upgraded my blog and my web my wiki for like 10 years So I and and media wiki will do that for you like it'll do that for you So so I did that and I exported it all re-imported it all worked by god. I mean, it was actually amazing But um, it's amazing But when I went to rebuild it, I was like, what's this fpm stuff? What's this php fp? I'm with the hell is it so I google it I find remi the guy that package. I didn't even know he was a red hat guy I just oh, yeah, this remi guy's docs. I'm like, oh, I guess I should move to fpm It's better because of this this this and then I looked it up and I was like, oh, it's already built into rel I was like, dear god, am I that out of touch? Like it had already changed in fedora changed upstream But gotten pulled into rel and it was all different and I didn't even know like I had a very similar experience that a company Used to work for a startup. Yeah, they were just like, wait, what is this new php paradigm? I'm like, yeah, that's why I'm here But I mean I got out of touch like I was an expert Yeah, and I was like, dammit. I was like dammit Yeah, I used to like You know run through my sql databases like they were you know nothing and now if you put me on the my sql command line I probably couldn't get myself out of a wet paper bag. So, you know, yeah, it's it's just one of those things, right? And this is why I trust remi. I know he knows right like right. I'm like, dude. He built this. I'm like, I don't know Let's go. I mean and he and like yeah, and him Is a kind of a canonical example of like lots of other people at red hat and kind of in the open source community in general Like he not only Kind of does his day job of packaging php and all that other just he maintains an entire repo on the side That has all the stuff that he isn't comfortable putting in rel that you might need Because you know, you might need it for something but he does that in his spare time, right? That's a free time. He's using to do that. Exactly. And so, uh, yeah, if you ever go to fosdem Definitely look for him. He's a super nice french guy Um, uh, he's already been, uh, trying to, uh, twist their, you know, modify Cause whatever his, uh, son to get into the field as well. Uh, so he's I think his son is already doing some packaging Um, which I find hilarious like like 16 18 something like that We need to have like the emmies of like open source like we need to give them a war like an oscar Like here's your open source. We could totally do that. We should totally like right here. We could totally do that We could do it on the show. Yeah Remy deserves that. He deserves like an oscar for like his performance in 2013. Come on. That was epic Yeah, right, right, right Carlos was on all with g-libs Carlos would also get it You know, um, but if we put him on the show, obviously, uh, we would all have to dress up because I've never seen him in not a suit Um, like he even because he works he works remote works from home Just like all of us are doing lately. He does it in a suit. Um, it's amazing And and not only is it a suit, but he looks like good like he is well dressed Um, yeah, it took me like three months under the pandemic to just give up on anything but t-shirt and gym shorts Right. This is this is standard p.m. Outfit like a button-up shirt. No, yeah, yeah, right Exactly, um off the vibe of being just a hair more dressed up But I like this idea. I wonder how we could do it. You know, it's like, you know, uh I think we could do like a dedicated award show and invite all the open source people, right? Like not just red headers But I'm talking like right right and like, you know, it's hour and a half You know, thank you very much for xyz thing and off we go and we just that would be hilarious pick 12 people and off we go. I think we could totally do it I I try to figure out how we pick the 10 or 12 people though Oh, like it would be something we do on a regular basis, right, right, or so I mean there's there's literally a lot Millions but yeah, potentially tens of thousands. Yeah um All right. Well, thank you so much, uh, mr. McCarty for your time I reiterate, uh, you know, follow him on twitter father linux. Uh, he says, uh, mostly controversial things on the internet And uh, but they're always entertaining. Uh, so, you know, uh, we highly recommend, uh, you know, everything that he writes, uh, is worth reading um So definitely check that stuff out. Uh, let us know if you have more questions. We can always have scott come back Um, and uh, you know, hopefully we covered, uh, you know, kind of what's going on with ubi what we're excited about Why you should use it? Um, and uh, you know, we'll uh, you know talk about it more next time So chris you want to tell us what's coming up on the channel So next up at 11 a.m. Eastern if i'm reading the calendar, right 1500 utc We are going to be talking about Day two operations and open shift and we're actually breaking it up into multiple parts. Andrew is going to come on It's like day two operations part one is what's coming up. So it's kind of Okay day two dot one Exactly. So, you know, day two operations can be Extensive depending upon your environment, right? Like if you all of a sudden you're like, hey great I've got this open shift thing, but now I need it over there on that disconnected network. Yeah, that's that's like a whole different ball game, right? So, yeah um Plain risky wants us to have an episode when ubi micro launches. So that's a good idea Like if you want to come on and highlight that stuff, we'd more than welcome you anytime um But then later today after the the day two operations, we've got Open shift commas are going to be talking to my friend baruch from jfrog and then the scalable multiplayer game design game at 2 p.m. Eastern 1800 utc Cool. Yeah, cool day of content for y'all And remember we'll have uh chris, right cto of redhead on the show next week And then summit soon after that we will be dark for I think both summit and cube con. Yes There will be content on the channel, but most of it will be focused on summit and cube con So the the summit week we're kind of just like, okay, there's summit done. Okay, and then uh cube con week So we have Open shift commas gathering Day zero event I'll be hosting this will be on that'll be on the channel during cube con and then we have various community office hours That kind of line up to breaks in the cube con schedule so that you don't have to feel like you're missing something That week of cube con. It's all in the calendar. I encourage you to check it out subscribe to the calendar You know, please. I'll drop the link to it right now And uh, yeah, enjoy it. Join us for our journeys. How about that? Exactly Um Cool, I'm really looking forward to the service mesh one of the office hour. So uh, yeah, I think it'd be cool. Um, all right Thanks, everybody. Thanks. Have a great one. Be safe out there everyone Thank you scott and thank you Take care