Former President & Chief Executive Officer, RED HAT INC
All Things Open 2015 | Keynotes: Mark Skarpness, Sarah Novotny, Brandon Philips, and Jim Whitehurst
All Things Open 2015, October 19th and 20th, Raleigh NC. Keynotes: Mark Skarpness, Director of Embedded Software, Open ...
About James Whitehurst
Jim Whitehurst, former president and CEO of Red Hat and later president of IBM, has spoken at multiple events about leadership, innovation, and the role of open source in enterprise technology. In a September 2023 fireside chat at Rice University, Whitehurst discussed how engineers can lead in disruptive change, stating that traditional management structures are not built for rapid change and that organizations need to shift from planning-driven approaches to fostering innovation. He described his experience at Red Hat as initially feeling like "chaos" but later recognizing it as a different way to manage for innovation, contrasting it with the efficiency-focused culture at Delta Air Lines, where he previously served as COO. During his tenure at IBM, Whitehurst emphasized the company's focus on hybrid cloud and open source platforms, particularly through the Red Hat acquisition. He stated that IBM's strategy involves providing a platform that runs across any major cloud provider, using Red Hat OpenShift as a core component. Whitehurst also discussed IBM's investments in areas such as AI, quantum computing, and environmental technologies, including a joint venture to recycle PET plastic. He expressed support for increased regulation of AI and other emerging technologies, saying that industry needs to work with government to balance innovation with societal protection.
Transcript (12 segments)
✨ AI-enhanced transcript with speaker attribution
H
Host0:05
With all that, let's go ahead and get Mark Skarpness up with Intel. I know Mark is here. I really appreciate this, folks. The Internet of Things — maybe you've heard of IoT — open source is changing and impacting IoT in a very big way, and Mark is here with Intel to tell us about that. Mark, thank you for being here. I appreciate that.
M
Mark Skarpness0:25
Thank you very much. It's a pleasure to be here, and I'm excited to have the opportunity today to talk about the critical role that open source can play in creating the world of the Internet of Things. I believe that the Internet of Things has the potential to change the world in profound and meaningful ways. IoT is certainly one of the hot topics of today; it gets a lot of coverage and hype. Maybe some of the examples of IoT devices that you've seen have looked a bit trivial. I remember being at the Consumer Electronics Show earlier this year; there were a lot of IoT devices being shown, like connected refrigerators with cameras inside and screens on them. Maybe those aren't going to change the world — they're cool products — but those examples do exist across a wide range of industries and applications: smart cities, smart grid, automotive, connected home, health care. There really are examples that have that potential. But with that potential come some really significant challenges for us in the open source community to work to address. One of the big challenges is a whole new group of developers — developers that have great ideas for applications and devices they want to build but who are not embedded systems experts. In the open source community, we have created a great set of technology building blocks and tools, but we need to help bridge the gap between this new group of developers with great ideas and this great set of technology we've created. Another challenge with IoT is a new set of requirements. Take security, for example. There have been a number of examples of IoT devices being hacked, people's personal information being stolen. We need to do more to help these new developers build truly secure devices, because we're going to have IoT devices that have access to our personal information, that might be controlling physical infrastructure, access to our homes, our roads. If these IoT devices aren't secure, if they're not trusted, they're never going to be deployed. Another key area of new requirement is around communications. IoT devices at their core are gathering data with sensors, doing computation, and sharing that data with each other and with the cloud. There's a whole new set of requirements we need to work on together around communications. One example that has world-changing potential is around vaccines. Vaccines are very sensitive to temperature; they have to be kept at a controlled temperature all the way through the distribution chain from the factory to the clinic. In some developing countries, up to 30% of vaccines are spoiled by the time they reach the patient. What's even worse is there's no easy way to know, so patients are given vaccines that aren't going to work. We've been doing some work with putting sensors on vaccines — taking a little IoT device and sticking it onto the smallest unit of packaging for that vaccine — so that all the way through the distribution chain we can track the temperature and report that data back. If the temperature falls out of the desired range, you can take action, or at the very least when the vaccine shows up at the clinic, you will know if it was kept at the right temperature. Just think about the impact that will have — the millions of lives that can be changed by getting the right vaccine that's actually going to work, just by using a simple IoT device. Another example that is very exciting and promising is around drones. There's been a lot of work in the open source community to create drone stacks and drone code and other projects, looking at how they can use drones for humanitarian efforts, for example in search and rescue. Imagine if there's a natural disaster, sending drones out that can do reconnaissance, look at where the damage has happened, and send the aid to the right places. So just a couple of examples of how IoT can really have a world-changing impact. But we need to do more to help people build these devices. What do we have today? If you think about the place you would start if you're building a device today, you have a couple of choices. You can take an existing open source solution and modify it. If you're building a Linux-based device, you could take an existing Linux distribution, take out what you don't need, put in things that are unique to your application, build that into your device software. We at Intel have been working with the open source community on the Yocto Project, which is a very powerful tool for creating custom embedded Linux images. It allows you to take this great set of open source building blocks — the kernel, communications components, sensor drivers — integrate that all together and create your custom device software. Those are very powerful starting points, but they do require you to be an embedded systems developer; you need to have a lot of system knowledge. So we need to take this as our foundation and do work together to bring the new capabilities necessary to create the world of IoT. I think of that in four broad categories. I talked about the need for security. We already have a lot of security building blocks in open source, which is great, but creating a secure system — as evidenced by the fact that people are building these devices and they're not secure today — they're not doing that because they don't care; in many cases they're doing that because it's really hard. You have to be a security expert and a systems expert to take these building blocks and build them into a secure device. We need to do more together to take those building blocks and provide them at a higher level of integration, to provide a foundational set of secure platform building blocks that can be used to create these devices, putting things together in the right way so that this new generation of developers can build secure devices without having to become embedded systems and security experts, because that will never scale. We're talking about a world of 50 or 100 billion devices; there's going to be millions of new developers, and we have to help them bridge the gap, use our technology, and build secure systems. Something that goes hand in hand with that is device management, and particularly updates. If you think about what it takes to build a secure system, you need to start with a secure foundation, build a secure device, and you have to be able to update it. Nobody's going to build perfect software; new security vulnerabilities are found all the time. If you can't update your system, then you're fundamentally going to be broken. This is a solved problem at a bigger system size — there are lots of known ways to do that — but if you go down to really small devices like the vaccine sensor, a lot of those devices historically have been built without the ability to be updated. People have said to me, "Hey, this is a cheap little device; if it has a security flaw, I'll just throw it away and get a new one." That doesn't work. Imagine that you're at home and you've embedded sensors in the walls of your house, or into the pavement on the roads, or into the infrastructure in your office building. You can't take those out; you have to be able to update them. So we really have to think about this problem across the whole spectrum of device sizes and capabilities. We've got to be able to do updates, and we have to help the people building these devices to do that update, because otherwise they're not going to have secure devices. Customization is another really interesting thing about IoT. The incredible diversity of that market — when we say IoT, people tend to think about their connected home, which is certainly an interesting example, but there are many other applications in markets like automotive, health care, and industrial automation. They are really different from each other. We cannot just create one software stack and say the problem is solved. This is very different from smartphones, where a stack like Android can become the predominant software stack for most of the world's smartphones. I really do not believe that's going to happen in IoT; the diversity of usages and devices is just too wide. So we need to provide this higher level of building blocks that solve some of the hard problems like security, but we need to provide those in a way that the developer can plug them together in different ways and provide a mechanism for customization, but again not the low-level embedded systems customization — it needs to be taken a level up so that they can actually take advantage of the technology we're building. And finally, connectivity. IoT devices are all about communicating, and there are lots of new communication protocols coming: Thread, Bluetooth Low Energy, Bluetooth Mesh in the home, and across the breadth of IoT there are many other technologies. That's one area we need to continue working on, but there's a new requirement. I don't know if you've had this experience — I was out looking at smart light bulbs and light switches, and you have to pay attention to which vendor you're buying from. That's kind of a weird experience. I always thought if I buy a light bulb and a light switch, they'll work together — that's the normal consumer expectation. That's not true with smart light bulbs today; if you don't buy them from the same vendor, they might not work together. That is a problem we have to solve: how do you enable devices to talk to each other and interoperate securely across vendors? About a year ago, we at Intel together with some industry partners started a group called the Open Interconnect Consortium (OIC), focused on solving this problem. What we're doing in OIC is creating a written specification that describes how devices talk to each other. OIC is sponsoring an open source project, IoTivity, hosted at the Linux Foundation, where we're doing the reference implementation of the spec. Finally, OIC is doing certification, so once products are built containing the code, they can be tested with each other to ensure they interoperate. The three legs of the stool are specification, implementation, and certification. We just released the 1.0 spec and the 1.0 code for OIC and IoTivity, and you'll see those first products coming to market this year. That is a critical part of creating a broad world of IoT devices: you have to have standards and interoperability, otherwise these devices are not going to work the way users expect. So what's our ask of you? We have a booth downstairs; I encourage you to go check that out. We'll be showing off some of the technologies I mentioned, with a nice demo of OIC that you can see in action. I'm also going to be talking later today and going into a lot more detail, particularly on the communications piece, so if you'd like to hear more about that and about OIC and IoTivity, I invite you to join me at 2:30. But most importantly, I want to invite you all to work together with us and everyone in the open source community to really work on solving these challenges. We've got some really great technology building blocks, but we have this new set of developers and these new requirements. We need to take our technology and bring it to this new audience. That is how we can really make open source the foundation for this new world of the Internet of Things. With that, thank you all very much.
H
Host14:16
Thank you very much, Mark. We really appreciate that. Great presentation. Okay, Sarah Novotny — yeah, Sarah, technical evangelist, community leader with NGINX, an infrastructure... well, ran large scale infrastructures at Amazon before that. So anyway, Sarah, very nice to have you. Thanks for being here.
S
Sarah Novotny14:46
Thanks very much. Okay, there you go. I'm going to go in a slightly different direction this morning, not specifically talking about anyone's technology, but more how the technology that we work with every day pervades our society and changes the way we work and think. In 2011, Adam Gopnik wrote a great article that I seem to reference all the time, so I wanted to touch base with it here. He wrote this article reviewing a whole set of books on the internet. In 2011, we were starting to see what is going on with the internet and how it is actually changing our world. He read a pile of books because they were all coming out at about the same time; every publisher wanted their own canonical book on what the internet was doing to society or how we were interacting with it. As he was reading all of these books and looking at the popular culture of the day, he decided he wasn't going to review the books individually, but he was going to review the perspectives that the books gave us. He divided the books into three types of categories, and I'm going to use those categories to talk about some of the technologies — forgive me, I'll call them buzzwords — of the day. First, he defined the "Never Better" book. These were the books that were so excited about the changes going on, the possibility, openness, and opportunity, and the future utopia that freedom of information, free publishing, the loud megaphone that every one of us was given with the internet was going to be. "We are on the brink of a new world." This was the kind of internet that Twitter in its most positive sense gave us: anyone can say anything and share on the internet, and this is great because you have free exchange of ideas. He also found a group that discussed this in the "Better Never" sort of category: the world would have been a better place if we'd never given out those microphones on Twitter. We know that Twitter has its own dark corners; it's been used to detriment in our society, giving voices to people who are unhappy, and it's been a collecting place and a reinforcement for people who are disenfranchised. Then he found a group that said, "This has always been the way." As it turns out, technology — from stone tablets to paper and pencils to the revolution of the ballpoint pen — is always changing the way we interact, always moving forward, always making a new world, always changing. These current trends that we see today... I love tech; I came into tech because it's always changing, so I will freely admit right here before we get into all the buzzwords that I'm an "ever waser" with "better ever" tendencies or "Never Better" tendencies. So I think that this has always been changing, but look at all the cool awesome stuff ahead of us. There's so much opportunity, so much change ahead, and that excitement is one of the reasons I get to be an evangelist. So, cloud — let's start with that. We've had variants of a cloud or a distributed system set where we're able to not necessarily host all of our own hardware. We moved from hosting all of our own hardware, and that being a differentiator 20 years ago — we had to have our own data centers — to a space where managed hosting was sort of the next cloud: yes, you got your own hardware, but you weren't managing it. Then to a partly cloudy infrastructure where maybe you were using a cloud system for some of your workload and not for some. And now we're seeing the excitement of cloud native. From the perspective of the "Never Better," it is so much easier to begin a new idea, to take the possibility of a new company or a new concept and grow it into a space where you are able to offer this as a product or service to the broader public than it ever was before. You pay for what you need on cloud. In the "Better Never" category, we have people who are consistently worried about security, regulations dragging, legislation making this move more slowly, and things like the ruling about data sovereignty that came a week and a half ago where the EU said the Safe Harbor legislation that we've all agreed on for many years is not actually what we want to do. So we have people that are dragging at the concept of cloud in the future. In the "Ever Waser" category, this has been changing and changing and changing; we've seen this evolution over the last 10 years, and it's going to continue to change toward a world where we end up with utility compute. I liken the cloud today very much to Edison's time and electricity. There was a point in time where you had to run a generator if you wanted power, and none of the sockets... This morning the first keynote mentioned the fact that right now IoT devices in light bulbs you have to pick by vendor. That's a rehash of what was happening in the very beginning. There was not a standardized socket for many, many years; there was not even a standardized voltage within electricity for many, many years. So we are seeing with cloud right now that competing standard set, and we are coalescing into, I expect, a "Never Better" world where we can move our workloads as we need to on someone else's computers, where someone with more capabilities than I have or than I can hire for my company around security and network and storage, so we have a better experience we can offer to our customers. To take a peek at microservices: in the "Ever Waser" category, we have always been evolving the way we architect systems. Things started with tiny little applications; the tiny little applications talk to each other, and then we actually built into a single company many of these bigger monoliths. We started to do more, consolidate more, then service-oriented architecture came into play. This is all happening along the architectural changes of evolution of what we've learned and what our experiences have been with delivering good services to our customers, delivering good experiences to our customers whether they're internal or external. And now we're moving to a world where this is not only SOA but distributed compute architectures where we are more cloud native, where everything is presumed to fail at some point, and from there you have to architect in a way that is very empathetic to your customer, in a way that doesn't fail spectacularly in total. I'm going to speak more about microservices and NGINX this afternoon at 2:30, so if you want to know more about my thoughts on that, please join me for the session. In the world of microservices, there are the "Never Better" and the "Better Never" categories as well. The "Better Never" people say it's increased complexity, this is horrible, how will we ever know what the different architectures are, how they all interact, how will we be able to have a consistent view, how will we be able to monitor, how will we be able to measure, how will we be able to move this forward, how do I move from a monolithic architecture to a microservice architecture, is this right for my business? So maybe it would be better if we'd never talked about this. In the "Never Better" category, you see many companies focusing on trying to isolate each business need, each business rule, each business capability, and make clear contracts at the edges of that so that those pieces of software can move faster and adapt within a much smaller team, as long as those contracts are held, as long as those edges of those cells are nice and clean and well defined. If that's the case, then I can change everything underneath as long as my customer doesn't see any sort of change or they only see changes that are well published and well adapted. So there's a lot of good just as much as there's a lot of complexity in the microservices architecture. Containers — how many people here have been looking at containers? Come on, hands up. Yep, containers. Okay, so I'm going to start again with the "Ever Evolving" — it's "Ever Waser." We have been changing the way we deploy and build and run our applications for as long as we have been building applications. We started with hardware, we moved to VMs, now we have process isolation — actually we had process isolation in things like chroots and Solaris zones before we had VMs. The idea that we are building more robust, more secure — in the likely long term, more secure — ways to build and deploy applications in a way that gives us better control, better visibility, better isolation, and better clearer boundaries is actually a great big benefit, but it's been changing for as long as we've been architecting systems. So containers from the "Better Never" perspective: complexity again. "Oh my gosh, how am I going to keep track of this? I couldn't even keep track of my own VMs. How are we going to actually move forward in a world where our containers, our application component, may live seconds or microseconds?" There was a study brought forward a few weeks ago that shows that within containers, the lifecycle of your container is incredibly short; you see containers being created and destroyed super fast, which is really fascinating and really helpful if you want to look toward operational stability from some aspects. Operational stability from the aspect of not having a long-term diverging system from what you originally know — that's a great benefit. The great drawback in that space is how do I keep track of them, how do we do this? All of that work is still evolving, so the "Better Never" people are like, "Don't necessarily try and work with it now because it's not ready yet." The "Never Better" people say, "But it's coming. There's all sorts of opportunity in this space. We can make it better. We're learning. If you have a system that's only living for seconds or minutes, then you know it hasn't changed, so you know exactly what state it is in, and you're able to consistently reproduce problems or successes." Software — this is very big picture — software is eating the world. Is this a good thing? We have been increasing the number of abstractions that we have had ever since we started building software. We're building a future of programmable everything, and our future looks right now like a world where we can upgrade our cars and suddenly they have more information to help you drive better. Is software eating the world a good thing or a bad thing? We can look at this from the "Ever Waser" perspective, which is my perspective on this: we have always been changing the world, improving, simply changing, made more complex by this. You can look at it from the "Never Better" perspective: these things mean that we have durable goods that need to be upgraded. On the other hand, from the "Better Never" perspective, we have durable goods or micro devices that need to be upgraded. This is the great big question ahead of us: is this a better thing? I really think that comes down to whether your glass is half full or half empty, and whether your actual perspective on this is that it is scary or exciting. So here's the key trick in all of this: you all are building this world. This is your opportunity to shine and to choose — is this world going to make us, or are these tools going to make our world better, or are these tools going to make the world more difficult, more complicated? Are we, as people working in technology, able to make this a better place? I say, given that we've made open source a default standard in the world at this point, it's never been better, and we can keep changing it. Thank you.
H
Host29:37
All right, Sarah, thank you very much. Great presentation. Okay, as we transition to Brandon Phillips with CoreOS — Brandon, thank you, come on up. Hey, I'm going to ask a favor. Everybody in your seat — I know we're going to transition. If everybody would sort of move to the center a little bit, if you have an open seat beside you, if you would just move over, we'd really appreciate that. Now's probably not the time to do this, but I'm going to commit a party foul and I'm going to ask you to do that. Just move over to make some room for people in the back. I should have done this before, but thank you. We really appreciate that. Thank you very much for your flexibility. That's huge. Brandon, thank you for your patience.
B
Brandon Phillips30:16
Yeah, no worries. Again, this is a nice issue to have — quote unquote issue to have. So for those of you in the back, a lot of seats opening up right here on the right, or on your left, my right, and a lot of seats opening up right here too, so feel free to come on in. Thanks for your patience, thanks for standing along the back wall there. We really do appreciate that. Thank you.
H
Host30:35
Thank you. Feel free to come on up. Okay, Brandon, apologies for the delay.
B
Brandon Phillips30:41
No, this is great. We're all good. Again, better than us having to pull people off the street to fill seats to make it look full. Talk about the glass half full — I choose to look at it that way. But thank you very much.
H
Host30:56
Okay, all right. With that, Brandon, go ahead.
B
Brandon Phillips31:05
Awesome, thank you. There's still a lot of seats out there; people need to get their shoulders comfortable. All right, so what I'm going to be talking about today is the changing server landscape and the movement that we've seen over the last few years towards this concept of application operations. I'm Brandon Phillips, I'm the CTO and co-founder of CoreOS. I've been a system software engineer for a long time; I worked at SUSE for a while on the Linux kernel, worked at Rackspace working on large distributed systems, etc. I'll talk about CoreOS at the end, but let's get into it. Open source today powers compute in a lot of ways, and it really is the de facto — as we ended the last talk with — it's de facto in a number of spots. On mobile, we've become the de facto; on desktop, it didn't end how I thought it would end when I was working at SUSE, but we have sort of taken over — open source has taken over on the front end of the web. It wasn't really the Linux desktop that ended up winning, but it was the front-end web where most applications live today. Server infrastructure, virtualization and Linux, raw compute infrastructure, web backends, web servers, languages, databases, data processing — all these things have become the de facto best-of-breed technologies for the vertical that they're in, and they're all open source. The one area that I think we've kind of had this mystique around over the last probably decade is Google's infrastructure. It's always had mysterious names like Borg; there have been white papers that come out every few years, and it's been this thing that people have had respect for, they've had interest in, but we really haven't had a solid set of technology and tools that we can take off the shelf like these other open source components and use to get Google-like infrastructure. When I say Google's infrastructure, it could be Twitter's infrastructure, Facebook's infrastructure — this infrastructure that we respect because it's these large global internet brands that run huge amounts of infrastructure and data centers. So what this talk is about is how the industry, how open source communities, are building this Google-like infrastructure for everyone else. It's been called cloud native, but I really like "Google-like infrastructure for everyone else" because it has this great little acronym: GIFE, or "jiffy," depending on how you like to pronounce things. It starts with G, and it's ultimately hashtag, which is great. This is really important in the modern age. So I'm going to use the term "GIFE," and what I mean is Google infrastructure for everyone else. All right, so what makes GIFE compelling? Google wrote this paper — one of the many papers describing how their infrastructure works — called "The Datacenter as a Computer." But really, if you get down into it, it explains sort of operations paradise. It explains this world that a lot of us have tried to achieve; many of us have the scars and paper cuts to show that we've tried to achieve this. But it's a world where if I add more hosts to my infrastructure, my applications get more scale. I'm a software engineer, so I need to make a small correction of this slide. I'm also a JavaScript engineer, so I need to make one more correction of this slide. Traditionally, the way we thought about infrastructure is we've thought about it as racks and racks of compute. This is what we pay our infrastructure-as-a-service providers; this is what we make our capex against when we buy hardware. It's, "My application has some needs; I'm going to go off and buy some hardware to fulfill those needs." I think about it in RAM, I think about it in CPU, and then I think about it in the operating system that I install on that. Now, this Google-like infrastructure has a different point of view, a different perspective. It talks about: I have a copy of my application — and this is going to be the icon that I used in this talk, this little cylinder — but this is a copy of our application, and it has some inputs. It says, "I need 2,000 millicores of CPU and I need 2 GB of RAM in order to operate." Those are the inputs to the system. The outputs are that this application is going to be able to handle a thousand requests per second given these inputs. So we start to think not about how fast is my CPU, how much RAM do my servers have, but what does my application need in order to fill X number of actual user requests? So we move from this to thinking about this where I think about metrics of my application and whether it's healthy or not, how many requests it's able to handle at this moment, and then I get into this world where I'm able to add another server, another copy of the application, and I get more scale. The next property of this whole system is the idea that if an individual host fails, everything's going to be okay. This is something that a lot of us would love to say. How many people would really appreciate it if I walked into one of your data centers and unplugged things? Would you be happy with that? Would you get a page? Would that be a bad day for you? Would you probably give the intern a stern talking to if they spilled coffee on one of your racks? So these are things that we concern ourselves with, but a lot of us spend a lot of time and energy trying to get there. So this whole idea that if I lose a server, I lose capacity but my app remains healthy. And the other part of this operations paradise is that I'm able to do really trivial, easy application rolling updates with rollback. It's really important if you're going to update something that you plan for failure, because you know all of us are non-perfect — there may be a couple of you in here that are absolutely perfect, but most of us make mistakes, and you need to be able to undo those mistakes. So this idea that I have my servers, I have them all running the green version of the application, I roll out the red version, things start to go bad, I start locking the database, something's going terribly wrong — I'm able to roll that back, figure out what happened, fix the bug, and roll forward and upgrade the application. This is an operation that happens multiple times a day on a scale of minutes and hours, something that's just a normal part of the healthy operation of my infrastructure. And then the last bit is efficient utilization of servers. I always like to tell this thing that my wife worked really hard as an engineer on hydroelectric dams in Oregon, and I always felt terrible working in infrastructure software because you'd log into a production host and you see 3% utilization, 4% utilization. My wife is out there repelling down inside of dams underwater in order to generate all this energy, and then what are we doing with it as technologists? We're kind of just burning it off the back of the CPU and just wasting all that energy and effort. So this is about: I have my application running across my hosts, but a lot of times the applications are sitting there bored. I want to be able to launch and manage lots of other applications on top of those servers. And on the other side, it's not just about operations; it's about this idea of the application engineer, the application operations, needing very consistent infrastructure, consistent operating systems, consistent places to deploy, really trivial scaling so that when they get additional demand on their application — say their load balancer says they're getting 7,000 requests per second, the app says that I'm able to handle 8,000 — they're able to make those really trivial scaling decisions and be able to roll these applications out in an easy way. So how do we build this? How do we get to this operations paradise? Well, we need to build a lot of new open source tooling, which is exciting and fun. It's also going to be — we're going to be tearing down a lot of the software infrastructure that we've built in the past. It's going to be scary. People are going to say, "Why are we doing this?" So let's talk about these new layers that we kind of define with this infrastructure. We'll tell some stories. Let's start with you as a software engineer. As a software engineer, your role in this new way of building infrastructure is that you take your source code — really sophisticated stuff, doing "Hello World" in a variety of languages — and you build that into a container image. The tools for building the container image: you can use our existing tools like Jenkins, new things like Dockerfiles, etc. It doesn't really matter. It's about transforming your source code through compilation or whatever into a container image. These container images aren't anything mysterious; they're generally a tarball that includes everything that you need outside of a kernel inside of a tarball. So if you're a Java app, this is your JVM and your jar, your bytecode. If it's a Python app, it's going to be the Python runtime and your actual Python script. So this is really what a container image is: it's just your compiled source code if necessary, the language runtimes, devoid of any thing like a kernel. And then you package this up and give it a name, because human beings are way better at names than remembering hashes. I'll challenge you at the end of this talk to read me back that cryptographic hash of this container; we'll see how many of you get it right. So you want to give it a name so that you can type that into configuration, monitor it, etc. And hopefully we get into a world where we start to sign these things, because we want to be able to say, "I only trust a subset of my developers to deploy code." So if Alice wrote the code, I want to make sure that Alice is actually certified with her public key that I'm going to deploy this to the infrastructure, and the infrastructure trusts Alice because she's a known developer. The motivation for all this container stuff is that I no longer have host dependencies. I no longer am depending on the Python and the Java etc. running on the host. That's now the responsibility of the application engineer: to package things up so there are no host dependencies. The nice thing is that this means I can run lots and lots of different things on top of a single host, and those things don't conflict; they're just consuming resources. Now we get into this world where we have a lot of different types of operations: OS operations, cluster operations, and application operations. As an OS operator, what are your responsibilities now in this new way of building infrastructure? Your responsibilities actually get easier, because our applications don't have these host dependencies. We're able to move from this world where we used to have these "Flag Day" operating system updates where we move from one version to the next — kind of a painful situation. But now with fewer host dependencies for the application, we're able to actually experiment and do regular rolling upgrades of our servers, and we move out of this world where we are afraid of updating. Just slowly making this progression of updates all the time. As cluster operations, this is kind of a new role. This is where we're actually providing an abstraction, providing an API across a lot of hosts where you're able to talk to that API and no matter whether there's one, two, three, a thousand hosts, there's a consistent API whereby you say, "I need to deploy this app and I need to run some copies of it." Then your job as an application operator is you say, "Whatever amount of compute that's out there, I have this application that I have — call it 'example web app' — and I want three copies running to be able to handle my load." So these are these new divisions of responsibility that are enabled. What it enables overall is a separation of concerns where OS operations is in charge of getting up the container runtime, cluster operations is about creating a nice dependable layer for getting work down to the machines, and application operation focuses on the health and capacity of the application itself. We get into this world where the underlying infrastructure, the underlying operating system, container runtimes, kind of matter less if we do this right. What's really important is just making sure that application is supported and has the infrastructure it needs to run. So what is CoreOS? CoreOS is a container-focused Linux operating system, most of all open source. You can find it at coreos.com. The namesake of the company is CoreOS, but we're also a number of open source projects supporting this new GIFE, this new style of running infrastructure: etcd, a key-value store; flannel, a networking system; and rkt, a container runtime. These are open source communities and projects that we've started and fostered at CoreOS. So if you're interested in this sort of new wave of infrastructure, we would appreciate you joining our communities. There's a bunch of interesting stuff going on besides these projects at github.com/coreos. We also build products that enable GIFE; we have things that build containers and host them, etc. We have a full stack of stuff that enables this type of technology. So what we're really doing is building these layers, building the software to build this sort of infrastructure: CoreOS Linux, helping out in building container runtimes, and then building these cluster operations tools. If you're interested in this technology or you'd like to see a demo, I have a more technical deep dive at 2:30 on the DevOps track. All right, thank you so much.
H
Host45:59
All right, well Charlie's here. He's from Penn Manor; he has a lightning talk tomorrow on this stage at lunchtime, so I encourage you to come check that out. We will also be premiering a new video from Red Hat Films during our lightning talk session tomorrow as well. So now, without further ado, I'd like to introduce Jim Whitehurst. He's the CEO of Red Hat, he's also the author of "The Open Organization," and he's going to talk today about the power of openness and how we can take all this great stuff that we know and love about open source and improve our leadership in our different organizations. So Jim, come on up.
J
James Whitehurst46:35
All right, thank you, Jason. Well, first off, let me welcome you all to our hometown, Raleigh, North Carolina. We really do appreciate you all coming to visit us. I have to say, speaking for my wife and my kids, it was really nice to be able to go to a keynote but sleep in my own bed last night and have breakfast with the kids. So we're doing more things here, and if you have time, I hope you have a chance to come visit the tower. We're about two blocks away; you can't miss it — it has the big red thing on the top. So I really do appreciate you all being here. I do encourage you to find Charlie at some point during this, listen to him. From the video, it really is a phenomenal and inspirational story. That was just a short trailer; you can go to the site that was up there — redhat.com/redhatstories — and there's the full video there. It really is an extraordinary and inspirational story about what all he's achieved at Penn Manor. I'd like to broaden the conversation, since this is "All Things Open." I'm actually not going to talk about technology today. All right, I'm already causing problems — I'm supposed to stay in these yellow lines, and I'm already outside of them. I'm always the troublemaker, which is a problem. Everybody else stayed right on time, you know. So all right, I'll try to do a better job here. So I'd like to broaden the conversation since this is "All Things Open" and talk about open as it applies to literally management, to business, and to our society. Open source is a key part of that, but I do think what we are all looking to achieve actually has implications far beyond just software. Let me start off broadly with why I think there is such a need for the principles of open source. I'm saying the principles of open source because open source itself is a license; it's about source code. Yet we talk often at Red Hat about "the open source way," which is how we apply those principles beyond technology and open source software itself. If we think about the world we've come from and the world we are entering into, it's been a long change. I'll come into a little bit how all of a sudden I recognized this change personally. But if you think about the Industrial Revolution that we came from, we have come from a world of mass manufacturing developed in the late 1800s, where we basically had — and this is simplification — relatively uneducated people, meaning most people did not have a high school degree, typically doing rote tasks. Most tasks, because the way we actually work to specialize — you know, science and management specialization — people were doing relatively rote tasks on assembly lines in a very static environment. Business and strategy changed over decades, certainly not over years, months, or frankly, it feels like weeks now. In a world where we had no information or very limited information that was very latent — if you're lucky, you had a telegraph. So basically, when we started thinking about how we develop principles of management, leadership, how we coordinate behavior, it happened in a world of a very different context: relatively uneducated people doing relatively rote tasks, static environment with limited information. If we think about where we are today in the context that we all live in, we typically have much better educated people than we did even though we need to continue to work on things like high school graduation rates. They are typically well above 80% in the US. Many of the people that we all work with as employees — probably most that we actually work with as employees — have college degrees. In a world where we've automated the rote tasks, so most tasks out there that need to be done broadly, and certainly in IT, require a degree of initiative and creativity in an incredibly fast-changing environment where we have unlimited broadband information in our pockets. So when you think about that context of the world we live in today and how different it looks from before, how we need to think about coordinating behavior, how we need to think about leadership and management, needs to change. The traditional world of hierarchy has got to open up. Let me try to talk a little bit more in detail about that. We've all seen this in technology. We've gone from a world where 75 or 80% of our effort was around sustaining and very little was about innovation — that goes in terms of both dollars and time and attention — to a world where I think most of us recognize in technology, but broadly for business, sustaining becomes less important. Our ability to innovate becomes dramatically more important. One thing that we absolutely know is that the traditional hierarchies, the closed systems that we've used to manage and coordinate activity, are really bad at innovation. Nobody says, "Give me a great bureaucracy so I can come up with something new." I think we see that happening as well as we think about how we work and become more efficient, how we move more quickly, how we innovate in information technology. DevOps is kind of the buzzword with every CIO I talk to now. Everybody's — whether it's agile for the maybe less bleeding edge or DevOps for the more bleeding edge — almost every conversation I have with CIOs now is talking about how do we move faster. What I hear over and over again is disillusionment, because everybody's figured out the joke now: it's not about the tools. Tools are important; certainly you have to have enabling technologies to increase speed, efficiency, ability to innovate. But so many companies have bought the tools, thrown them into their traditional ways of operating, and they have fallen on their face. It just doesn't happen. It's actually quite fascinating. When I now go out — and I have a great job, I have to say — I get to go out and talk to the web companies, I get to go talk to large corporate CIOs and CEOs, and I get to feel like I'm on the front line of getting to watch this change happening around us. I can say absolutely virtually everyone I talk to, there is a recognition now that something other than technology needs to change. The way we organize, the cultures that we are involved in, need to change if we're going to be able to keep pace with the faster-moving world that we live in. So I actually wrote a book about that. Let me spend just a couple minutes on it, because this is important how I actually came to this. I'm not that smart to certainly not to write a book. Actually, my English teachers would be horrified with the idea that I ever wrote a book. Plus, it's about people, and I actually — this is a true story — I failed Human Resource Management at Harvard Business School, so maybe that gives me a real reason to write a book. But no, in all seriousness, I wrote a book not about what I've done but about what I've learned. I think I've gotten probably the greatest gift that a CEO or an aspiring leader could possibly get. I'll use the analogy: I'm the frog that got thrown in the boiling water. What I mean by that is the world has been changing from this need to be efficient, prescribing kind of classic industrial-era world of bureaucracy and how we lead and manage, slowly over the last 50 years, to a world where things are moving incredibly quickly and the bureaucracies, centralized planning and budgeting, and all those things cannot keep up, nor can they do as good a job at innovating as enabling people. But most of us are the frogs that are in the cold water that slowly heats up, heats up, heats up, and you don't really realize anything's changing. I would say until I got to Red Hat, I thought I knew what management leadership was about. I used to run a large company — Delta Air Lines, which is about as military bureaucratic as you can get. And then I came to Red Hat. In my first week at Red Hat, I thought, "This is the most crazy, ridiculous place I've ever seen. It is total and complete chaos. They've obviously brought me in to clean it up." If we had more time, I could go on story after story after story. But literally, I would tell people to do things, and they would just say, "No, that's not a good idea. We're not going to do that." At Delta, literally when I drove in in the morning, there were people who would salute me. I'm serious. So this contrast was extraordinary. So again, at first I thought I need to clean this place up. Luckily, before I had a chance to do this, the organization wore me down before I could make enough change to happen. I actually realized that what we had developed at Red Hat was a different way to run an organization, but one that was extremely effective. We made several significant strategic decisions without me even being involved in that first six months. All of a sudden, I realized, "Wow, this isn't chaos. It is a different way to run an organization." The reason I'm talking about it here is it literally grew out of the open source movement. Red Hat as a company is all in on open source. We are 21 years old now, and we literally grew out of the open source movement. Red Hat is an experiment in applying the principles of open source for how you run an organization. The book's called "The Open Organization." This is kind of our definition: an organization that engages participative communities inside and out. I want to focus on two words here, because I think these are fundamental to any company that wants to move more quickly, certainly any IT department that wants to move more quickly. The first word there is "participative." We come typically from an era where employees were considered a commodity; they were price takers. Going back to the Industrial Revolution, you got paid a lot more to work in a factory than work on a farm, and people were moving from farms to urban areas. So our management structures that we developed assumed people were just price takers; they would come work, and it was easy to get people. I think we all now know, as we try to not only attract the best and the brightest but more importantly to get people to do more than just what you tell them — to actually be engaged, to be part of an organization, to go above and beyond — you need to treat your people like they are participants, like they have a choice of where they should be. I encourage any leader — and certainly this is true anyone who's been involved in open source community knows this — we talk about it a lot: why are people coming in, why are they joining? You think really hard about it, and you make the organization things that people want to join. It has to be — you just kind of back up and say, "Why are the people here? Is it for a paycheck, or is it because they want to be here?" Open source started off this way because there were no paychecks; it was getting people to do it because they wanted to be a part of things. But every organization needs to start off thinking about their people as opt-in members of a community. The second word I want to say is "engages." I've been asked simply, "If you had to put it in one sentence, what are you saying next-generation leaders need to think about doing?" It truly is about creating the context for people to do their best work. That's all about engagement: how do you create that context, how do you engage people to be part of something so they not only want to be a part of it but they know exactly how they need to play a part in that. For Red Hat, we've developed a whole system to run a company that's now 8,000 people, $2 billion in revenue this year, operating in a lot of countries — I don't know the exact number, probably 40 or 50 countries. I'm going to walk through some examples of this, but I want to spend a minute before I walk through this contextualizing it. This isn't quite in the book; I hope at some point you may read the book. Importantly, there is no theory, management 2.0 paradigm out there. When I was writing this book, I got asked often, "Are you describing a new paradigm, a new kind of management theory?" I scratched my head because I never really thought about it, and I've now come to the conclusion about no, I'm not. Here's the simple reason why. Thinking about any type of participative community — this is true of any open source community, I would argue any kind of organization that is adopting open principles — by definition moves you out of a comfort zone of a clear theory, knowledge, paradigm. It's a lot like economics. There are a lot of parallels between classical economics and classical management. They both developed in the late 1800s, early 1900s, about the same time. Economics and management basically developed using the same set of simplifying assumptions. These were social sciences, so this is trying to apply science to people and behavior. The classic way to do that around the turn of the century was, "All right, we got to make it a science, and therefore we have to make the math work, and we have to have generalized theories." So for economics to make the math work, you had to make some simplifying assumptions, like people are always rational, there's perfect information, and markets are in equilibrium. We know none of those things are true. If you've ever taken a microeconomics class, you know the last two lectures the professor said, "Well, we know none of that stuff's true now, but we had to make the simplifying assumptions to make the math work." So upward-sloping supply curve, downward-sloping demand, etc., etc., etc. But we know people aren't always rational. In fact, if you look today, virtually every major university's economics department has a behavioral economics department specialty within that. Behavioral economics basically says, "We know people aren't rational, so let's study that. We know people have all kinds of biases; they are relatively over-optimistic; we typically value today more than tomorrow." Because if we were all rational, we would all weigh exactly what we want to weigh, we would all save exactly how much we want to save for retirement, etc., etc., etc. We know those things don't happen. So we've developed a new kind of set of economics. If you want to read a great book, there's a book called "Freakonomics," and it's a great book that goes through some of the quirky behaviors that human beings have around not being totally rational. Management made the same assumptions that economics made, which is people are rational. This is why — it's more of an aside — but this is why in the literature for the last 50 years, there's been a bifurcation of management and leadership. That was another question I got asked a lot: "Are you writing a book about management or leadership?" I always scratch my head and say, "Well, I'm not sure." If you look out there, you can read tons of things talking about what's the difference between management and leadership. I've come to realize the difference between management and leadership is very simply because management in the way we classically thought of it made the simplifying assumption that people are totally rational — i.e., will only work for a paycheck and do what they're told, etc., etc., etc. That's imbued in all the aspects of management theory. Leadership is the other piece, which realizes people aren't always rational; we are emotional beings. Things like inspiration, morale, etc., matter. But we split those apart. What I think we're starting to see is those things need to come back together. So I would argue that as we go forward, you will see less of a bifurcation of management and leadership. As we've done in open source communities, we recognize we have to coordinate behavior, but these are people who have motivations other than being completely economically rational. People do it because they love it, or because they like being part of a community, because they feel like they're doing good things for the world. Those are all abstracted away in classical economics and in classical management. The reason I spent such a long time talking about that — and I really will walk through a few components of this — is in the same way that there is no grand unifying theory of behavioral economics because the math is too hard. As soon as you say people are irrational, the math gets really hard. So there is no grand unifying kind of economics 2.0, behavioral economics grand theory. There is no grand theory of management. We're all stumbling along trying to figure out how to best inspire, lead, etc. So what the book is about is what Red Hat has done to unlock the potential and the power of our people. It really is the principles of open source. I'm going to walk through a few of them quickly here; obviously happy to engage more through the course of the day, or meet me outside — I think I'm signing books later, we can talk more about it. First off, purpose and passion are critical. I think we all kind of know this, but as managers we often forget this. I talk to CIOs about this all the time. You have to connect what your people are doing every day to the broader purpose of the company. People just forget. They like, "Well, people can go read the mission statement, etc." You have to connect people to the purpose of the company beyond getting a paycheck. I say that over and over again because we all kind of know it, but we all often forget it. For Red Hat, we really work to ignite that with passion. We talk about open source, we talk about what we're doing in the world. We do videos like the ones you saw; those are certainly for external, but they also continue to bring home the power of all the code we give away and what that ultimately does for society. This is one measure of that: how many people in your company have your company's logo tattooed? Those are not fake; those are real tattoos. Those are three Red Hatters that we actually got together at Summit this year or have the tattoos. That is commitment to a brand. So we're not changing our brand. Not to pick on the Google guys, but you read the article — they changed their brand, and there's a guy with a Google tattoo who is upset. So I always threaten these guys: if they piss me off, I'm going to change the logo. Just kidding. But I cannot overestimate that. I think people who are leaders in open source communities recognize the importance of that to attract the best and the brightest to their communities. Next, you really have to engage. Again, I spend a lot of time talking to CIOs about this. When they buy the shiniest, best DevOps tools and fall flat on their face, it's like, "Well, have you really deeply engaged with the people in your organization about the 'why' of what they're doing, what you're trying to accomplish? Have you really engaged and listened to them?" We use very simple tools, by the way. Memo-list is one of our many email lists. Yes, we are a tech company, and we use email lists to basically collaborate, and it works phenomenally well. It works phenomenally well because I contribute and listen; the senior executives are on there listening, contributing. Our people know that if there's an issue that's important, they can post there and everyone in the company is going to see it. Engagement is critical, critical, critical. We certainly in open source communities really deeply make sure the top teams, and then flowing all the way through to all participants, are all working together on the same mailing list, that people understand direction and the what and the why. That is absolutely critical. Meritocracy — let me just tell you one quick story. I put Qumranet up here. Qumranet is the company that had the key developers of KVM, which is the primary hypervisor that underlies OpenStack and is underlying our product. I remember in my first month at Red Hat, I'm in a meeting with my head of products and technology, our CTO and head of engineering, a person who then was running virtualization engineering, and then an engineer in that group. They're talking about why — this was eight years ago — we were supporting Xen as our core hypervisor, and we're kind of going through this. The engineer in there said, "Yeah, yeah, this is what we're doing, but I really think it's wrong. We really need to be behind KVM because a whole bunch of reasons: part of the Linux kernel, etc., etc., etc." I'm sitting here thinking, and the others in the room are arguing with them but very happy to have an open debate in front of the CEO. I remember going home and telling my wife, "At Delta, if an engineer or somebody in a lower part of the organization in front of his boss and his boss's boss's boss and his boss's boss's boss said to the CEO, 'Yeah, I just completely disagree with what those guys are doing,' that guy would have been fired so fast." At Red Hat, we celebrate that. We love it when people disagree. We argue things out; we fight to ultimately get the best solution. By the way, nine months later, we bought that company for $108 million, so I guess he was right. I think this is another important thing, and this is one that I get the most shock when I talk to CIOs about: "How do you build an organization capable of moving faster and innovating faster?" It's not about holding hands and singing "Kumbaya." Any of you involved in productive open source communities know that it often gets heated. Matter of fact, the whole concept of brainstorming, which is what most of us think about, was developed in the 1950s. Tons of research shows it doesn't work. Celebrating everyone's ideas doesn't work. You get better answers if ultimately you have people kind of fighting things out, when you get people saying, "I agree with this," or "I don't agree with this," or "That's a bad idea." If an idea is a bad idea, say it's a bad idea. Unfortunately, the Linux community takes that to an extreme where I think many of us think that it's not fully productive, but recognizing the importance of having the right debate, having frank, open conversations, is a key part in any organization of ensuring that you get the best answer. And then finally, this is our mission statement. I'll spend a second on it. "To be the catalyst in communities of customers, contributors, and partners building better technology the open source way." The first draft of this said, "We aspire to be the leader in..." dot, dot, dot. Our developers came back and said, "Well, that's not true. We don't lead these communities." So we came back with a second version and said, "Our mission is to be an active participant in..." dot, dot, dot. The same developer said, "No, that's not accurate, because we aspire to drive direction." Of course, I said, "Well, are we leaders or are we participants?" They came back and said, "Well, we're neither." This again is a change from the typical bureaucracy. They came back and said, "We are the catalyst in communities, because we are there because of our contributions; we can influence direction." That's why Red Hat — and virtually every community we're involved in, we're the largest or second largest contributor to those communities — because we need to catalyze direction. We don't order people to do things; we catalyze direction. As leaders on our best days, I tell CIOs this all the time: catalyze direction, because ultimately you get better answers, you get more and deeper levels of engagement. If we — meaning all of us in open source, our organizations, for those of you who are enterprise users, broadly for management teams in general — if we are going to maximize the innovation potential of our organizations and ultimately for society as a whole, we have got to adopt a new approach. I got lucky; I was the frog that got thrown in the boiling water. I'm now out there evangelizing: we've got to move to a post-industrial era way that we organize and lead. Open source is just an extraordinary metaphor, example of how to do that at scale. So I'll leave you with one last thought: no organization can predict the future of technology. All of us — a coalition of us — will build it. That's true whether it's being the default choice in next-generation IT infrastructure or more broadly, IoT, or even how we will construct the economy going forward. So I hope you enjoy the next couple of days. We really do appreciate you having us here in our town, and I look forward to getting a chance to chat with more of you along the way. Thank you.