Reality 2.0 Episode 24: A Chat About Redis Labs (Podcast Transcript)

Episode 24: A Chat About Redis Labs (Podcast Transcript) cover

Doc Searls and Katherine Druckman talk to Yiftach Shoolman of Redis Labs about Redis, Open Source licenses, company culture and more.

Listen to the podcast here.

Katherine Druckman: Hey, Linux Journal readers, I am Katherine Druckman, joining you again for our awesome, cool podcast. As always, joining us is Doc Searls, our editor-in-chief. Our special guest this time is Yiftach Shoolman of Redis Labs. He is the CTO and co-founder, and he was kind enough to join us. We’ve talked a bit, in preparation for the podcast, about Redis Labs, but I wondered if you could just give us sort of an overview for the tiny fraction of the people listening that don’t know all about Redis Labs and Redis. If you could just give us a little brief intro, that’d be great. 

 

Yiftach Shoolman: Thank you very much for hosting me, first. Redis is an extremely popular in-memory data structure database that’s used by many people as just a caching system, but many of them have shifted from just simple cache to a real database, even in the open source world. Just in terms of numbers, only on Docker Hub, Redis has been launched for almost 1.8 billion times, something like five million every day, so it’s extremely popular. It’s used everywhere. Redis Labs is the company behind the open source. When I say “behind the open source,” we sponsor, I would say, 99% of all the open source activities, if not 100%. We also have enterprise products, which is called Redis Enterprise. 

It is available as a cloud service on all the public clouds, as well as a fully-managed Redis cloud service, as well as softwares that you can download and install everywhere. This is our story in general. The way we split between open source and commercial, which is today very tricky, is that we keep the Redis core as open-core BSD, by the way. On top of that, we added what we call enterprise layers that allows Redis to be deployed in an enterprise environment in the most scalable and highly available way. We have all the goodies that you need, including active-active, including data persistence layer, etc., all the boring stuff that the enterprise needs, in addition to that, a lot of security features. In addition to that, we extended Redis with what we call modules. Some of them were initially open source, and then we changed the license. This is probably the reason that you called me.

 

Katherine Druckman: Right. That was in the news, certainly.

 

Yiftach Shoolman: We changed the license twice, and today, it is licensed under Redis Source Available License, which practically means that you can do everything with it, but you cannot create a product that competes against Redis Enterprise. This is in general. Now, you should ask, “Why did you do it?” This is defeating the purpose, etc., and there are tons of discussions, but this is very simple. It is funny that we, to some extent, became the open source enemies, because if you look at all the companies in this space, we are practically the only one who kept the core Redis, the core database, completely open source under BSD license. MongoDB doesn’t have it. MongoDB, today, using SSQL, which was not accepted as an open source, DataStax is completely enterprise. Elastics has a certain amount of open sources and then a lot of source-available pieces. Cocotb just changed BSL. MariaDB is BSL licensed. Everyone did something. Confluent also did similar stuff. They kept the code with Apache2. Then, a lot of modules on the top of it are source available. 

The main reason for that is not because we hate open source. It’s not because we’re afraid from the open source. There is only one reason. We think that the cloud provider—and specifically AWS—don’t care about open source companies. They are looking elsewhere to see which open source is successful and deployed as a service and use the fact that everyone is coming to the console. It is very easy to deploy on the console, and we created such a great software, so once it is deployed, it usually doesn’t fail. This keeps the open source companies under a significant stretch in terms of how we can grow the business. This is not to say that they do it, usually, with very minimal contribution to the open source. It is not like an equal contribution to the open source across everyone in the Redis world. We contributed like 95% of the codes. They contributed, before we did this switch, something like 60 hours. They do a lot of money because of the facts that they are a cloud provider, everyone can go there and use it, and they practically make money for most from something someone else provided without contributing back. We think the cloud provider started with this process of breaking, I would say, the spirit of the open source. 

Frankly, if you think about the next generation of innovations, our children will do open source projects. They will start doing a project. Someone will look at it. We use the fact that there is a kind of money put in. We’ll take it. We’ll create a great business out of it, and people will just stop innovating. This is the future of the world. We and everyone else in the space decided to stop it and to add some level of restriction at the licensing, but it’s very interesting to note that some level means the core is purely open source. Everyone can do everything with it. The source available is also like an open source because you can practically fork it. You can change it without contributing back. You could do whatever you want, but you cannot compete with us as a business. This is it.

 

Katherine Druckman: I’m glad you said you don’t hate open source. (Laughter.) That’s good news. Go ahead, Doc.

 

Doc Searls: Let me see if I can compress my understanding of what you just said. In the cloud world, especially AWS, Amazon has been taking advantage of open source not only without contributing back to it but, in effect, competing against providers of open source software, in particular, Redis. Is that a compression of it?

 

Yiftach Shoolman: Yeah, you can always say, “What is the profile of an open source version?” It’s an open source. Everyone contributes etc, etc, but what happened with these—when the open sources database include a lot of reliability features, etc., eventually the people who invested in that, in creating the codes, are sponsored by someone because you cannot do it in your free time, meaning you can start with it, but eventually, you need a commercial body to support you. Otherwise, no one would do the work. There is an image behind the open source here. It’s not only the community. It’s also the companies who support it. 

 

Doc Searls: A question—have you heard from other companies said, “Geez, that sounds like a good license. We’d like to have one like that too”? 

 

Yiftach Shoolman: Again, everyone in our space, all other open source non-secret companies, are doing similar stuff. 

 

Katherine Druckman: Yeah, so Mongo after—

 

Yiftach Shoolman: Mongo is completely not open source today. It’s SSPL. It sounds like open source, but by the book, it is not an open source. By the way, I have nothing against it. It’s like another approach for better licensing. Elastic, the core is open source, but all the advantages, all the modules, all the enhancements that they do is like source available. By the way, AWS created another competing product, with Elastic after, they understood that Elastic is doing a lot of stuff with the source available. Confluent, the same. CockroachDB, the same. You name it. Everyone. 

 

Katherine Druckman: I’m wondering, is there something that AWS could have done differently to have avoided this conclusion? Is there something they could even do now that might change the way that you license your product? Was there a potential alternative?

 

Yiftach Shoolman: Yeah, I see Google did it differently. Google Cloud decided to partner with all the open source companies, all the major ones—us, with Mongo, with Neo4j, with Influx, with Confluent—and to offer them as native, primary services integrated in a left navbar of GCP console. I am not here to advertise them, but you ask about different way to do it. I think they did it right. They did it first. They said, “Okay, we will let this party offer their service on our cloud, completely integrated, with integrated user experience, with integrated billing and integrated support, and we’ll do our share.” I think it is a proper approach for open source, other than taking a software that someone else created and competing with the creators of the product. 

 

Katherine Druckman: It’s a tough issue. I wonder if Doc could actually speak to this. We talk a lot about the evolution of open source, the open source community, how over time it has become somewhat divorced from the original ideology. I just wonder, has open source become so successful as a concept? There’s no more proving that open source is legitimate. When I started at Linux Journal, which was 12 years ago, I regularly would meet with people, CTOs of big hosting companies and people that were talking about their experiences marketing open source products. I remember a guy said to me, “This one guy, when we were trying to sell him on our platform, said, ‘It’s like coding with your pants down.’” I awkwardly said, “Well, if your pants are down, you got to keep it clean.” I tell this story a lot. They all kind of looked at me, and it was a little bit awkward, but that was the kind of conversation people used to have. 

People don’t have that conversation anymore. Open source is very much established, it’s very legitimate, but at the same time, there are these massively successful companies—I would consider you to be one of them; you just had a pretty great funding round—that are no longer having to sell the concept of open source, but now are focused on profitability and stuff like that. Is it possible that open source as a concept has become so successful that it’s actually become problematic because now that you no longer have to have this struggle? It’s very easy to say, “This is an established product. Great, I’ll dupe it, and I’ll sell it over here. I’m already a much bigger company.” Is that part of it? 

 

Doc Searls: Let me try an angle on this that I hope will simplify things a little bit. Open source is two things. One is it’s a development methodology. The other is it’s a license argument. It’s been a license argument from the very beginning, even before the beginning, because open source has only been around as an expression since 1998. Free software was around for more than a decade before that. Open source is created as a definition and not a very pure one either. Free software is very clear about its definition. Open source is a little more vague, but in opposition, to some degree, to make open source more friendly to business and something easier to talk about than free software, which is confusing, definitionally. 

What’s happened in the time that I’ve been around it, which is from before the beginning of the term “open source” back in the ‘90s, is that in the beginning, most open source development was done by individuals. That they happened to work for companies was an interesting fact, but they were not run by their companies, for the most part. I think this has changed enormously. Now that open source has gone mainstream, there are many companies that employ open source, hire open source developers on purpose. Also, what’s happened is the software is much more bundled up. It’s in containers. It can be repurposed in all kinds of ways that are commercial. 

We’re at the point in the argument now—and I think Glyn Moody’s piece kind of summarizes it fairly well, which is, while the free software definition is pretty clear about this, you can have commercial uses for it and so forth, but Redis and others in a similar position do have a case because it’s too easy for all these commercial parties to take advantage of the Commons, you might say. It’s interesting to me that you use the term Commons in the license. I am, coincidentally, going to give the tenth anniversary keynote at the Elinor Ostrom Workshop in October and on the tenth anniversary of her winning a Nobel Prize for her work on the Commons. I confess to not knowing enough about it, but I’ve been obliged, actually, to do a research paper on it, and so you’re kind of feeding into that.

Your choice of the term Commons is a really interesting one because there is this sense of a potentially tragic middle area that we can all participate in and we can all contribute to. It actually isn’t finite like a physical Commons might be. It can be infinitely large, but there are behaviors that we’d like to see. What you’re talking about with your new license is one where you’re trying to get respect for the behavior of other companies, and that, I think, is a new thing. I’m wondering whether your license can be generalized in a way that other companies can use exactly the same one—in other words, you can use this code, but if you’re going to sell something against it, that’s not allowed—and whether or not that can become normative. I guess that’s the question for me, whether you’re breaking new ground here that a number of other companies are going to use, even if they’re not in the database space. 

 

Yiftach Shoolman: I think it’s a great question, and practically, we tried to do it at the beginning when we started the Commons Clause license, which was before the—that was the first step license. That was in a coalition of multiple open source companies. Eventually, what happened is that each of us wanted to take the license, and we found ourselves struggling with a proper definition that fits to every business needs [sic] of any companies there. This is why we eventually changed it to what is called Redis Source Available License, which is very, very similar to what others are doing in this space. Now, I know that there is today, we use Heather to write... I forget her last name. 

 

Katherine Druckman: Heather Meeker?

 

Yiftach Shoolman: Yeah. She is considered one of the best in writing open source licenses. She’s now in a venture that they’re trying to do exactly that, trying to define a license that, I would say, fits to the generation of the cloud and that everyone can use it. We ask the open source—we didn’t approach the OS side to accept what we did as an open source project, because we knew that this goes against the restrictions of the policy. MongoDB tried to do the opposite. They defined SSQL with no restrictions. On the other end, they add another clause that says something like, “If you use SSQL, you need to open source everything else,” or something like this. The OSI decided that this is not open source; this is against the definition of the open source. 

It’s tricky to finish it. Eventually, in two or three words, you change your perception regarding your company, which is not correct. We tried to solve the problem. We tried to solve the problem very, very hard, and it looks like we didn’t get the support from the OSI to solve it. I know, again, that there are a few initiatives in order to standardize it. Once it will be there, we will examine it, and hopefully, we’ll try to change it again to something that is more standard, but at the moment, we have to go with what we have.

 

Katherine Druckman: I just want to quickly point out, once we publish this podcast, for everyone listening, I will attach links. We have lots of links for background on all of this, so everybody can familiarize themselves to come to their own conclusions. Anyway, go ahead, Doc. I think you had a good question. 

 

Doc Searls: Part of what I’m trying to get here—and I think you’re describing it very well, Yiftach—is that this is a bit of an ongoing struggle, and we’re sort of at the beginning of the next stage of figuring out what the next layer or collection of open source licenses will be in a time when most open source development that’s consequential in the world is being done by companies that are competing against each other, often in the same markets. Also, we’re not against so much as—but in the context of cloud services that in themselves can compete with you and compete with those companies. It may have been Richard Stallman who said that his definition of a cloud is somebody else’s server, and as long as you’re running your business on somebody else’s server and they can do whatever they want with it, no matter what else they’re doing that’s morally right or wrong, is kind of open for them. We don’t have all the rules down for this thing, and it’s a fairly—

 

Yiftach Shoolman: Yeah, and the question is how this will be ended up, because cloud vendors, they have everything you think about, all the ITs. Do you see the IT world controlled by only 3 companies, 4 companies in 20 years from now? I think it will be against the world’s interest. 

 

Doc Searls: Yeah. I had an experience, and I shared it on our own back channel at Linux Journal with my hosting provider, and so now you have a hosting provider. I have a server in a rack. It’s a Linux server. It’s an old Linux server. It’s my personal one. I basically just store files on there. I kind of stage them there, but I have some personal stuff on there. I’ve had this thing. This is something that started out in my house in the ‘90s. Now, it moved to other hardware, but it’s pretty much been on the same hardware since 2000 or so. The company that runs the rack is going all cloud and basically purging all of their hardware, where people like me are just running our own private server, simply taking advantage of their backhaul, as it were. 

What’s happened is that the Internet has turned into a set of centralized services, utility services, rather than an open peer-to-peer environment where anybody can set up whatever they want and run it, in part because, frankly, clouds are more reliable, and it’s a different world that way, but I don’t like it that Amazon, Google and a few other companies are going to own all of the—we all get to rent on their real estate, while they can also take advantage of a competitive loophole, which is, in fact, the open source license, no matter how much they contribute 

 

Yiftach Shoolman: To us, by the way, it reminds us of what happened with the Internet Explorer and Microsoft when it was combined as part of it. I think, eventually, someone needs to put—some regulations need to get in place and to put some limits to this cloud provider what they can provide. Otherwise, again, the entire IT of the world would be controlled by three or four companies, and you don’t want this. 

 

Katherine Druckman: It’s interesting that you say that. Something that Glyn Moody brought up in his article, back in in the fall, was this perception that these big companies that we talk about, the, quote/unquote, “tech giants,” are being perceived as evil a little bit. People are questioning. People are very cynical about it. We name names, frequently, when we’re talking about privacy concerns, for example. How often does the word “Google” come up or “Amazon” or what not? There’s a general—it’s not wholly negative, but there is a slight tendency, an increasing tendency, to question the motives of these big companies. It’s not just issues of licensing or whatnot. It’s a lot of things. I think that’s interesting that those things are happening at the same time. I think we’re just at this crossroads in the evolution of open source, and like you say, it’ll be interesting to see how it shakes out. 

 

Doc Searls: I thought—Go ahead. Sorry, go. 

 

Yiftach Shoolman: The funny thing is that, eventually, we, as a company, we sponsored and continued to sponsor intensively. The open source and became the open source enemy, not the guys who misused the open source concept. This is funny because all these open source companies help these cloud providers to be what they are, because if you look at what exactly they invented there, I think over 80% is open source that someone else wrote. They just use the facts that they created a nice platform and the fact that people go somewhere in order to consume services and there’s a concern with that, but they built a significant part of the business around open source that someone else wrote. 

 

Katherine Druckman: Maybe it’s just a factor of that level of success, right? You built too good a product, I guess. If you look back on things like—I don’t know—Joomla comes to mind, or there were—10, 12 years ago, when people were selling Joomla modules, you had commercial—nobody thought about changing license for them. People paid for what they needed, because you’re talking about a much smaller scale. You’re not talking about something that powers something as lucrative as AWS. You’re talking about something else. These issues did not come up for smaller projects. Maybe it’s sort of a factor.

 

Yiftach Shoolman: Your point about creating two good open sources is a real point. It’s a real point. We have some people inside the company who ask these questions, “Why did you make Redis such a good piece of software?” Salvatore, who is the creator of the open source and one of our team, Ian, and the other guys in the team continue to improve this process. We never restrict clustering. We never restrict supplication. We never restrict data persistence. We provide all the features in the open source, everything. It’s too good for an open source project. (Laughter.) This is why you are not a $10 billion company, because people can use the open source without paying you. We think it is wrong. We created a great piece of software for the developers. The things that need to be fixed is that other people need to pay if they want to use it, basically.

 

Katherine Druckman: Then some might argue, “Why not just build proprietary software then?” 

That actually brings me to a question, though. How do you decide what level of innovation goes into the open source project versus the not-open source add-ons or the commercial enterprise product? How do you compartmentalize the development on that? 

 

Yiftach Shoolman: First of all, we are open core. “Open core” means that all the important features of the open source, like the cooperation of a database. What is the cooperation of a database? You need to have high availability. You need to have application. You need to have data persistence. You need to have clustering. You need to have some security features. We put all the security features in the open source. That means SSL and ACL and all this stuff. Of course, there are multiple layers on top of it with the enterprise, but the basic ingredient of a database is in the open source. Now, the thing that’s a bit out of the scope of the initial design of the open source, we made its source available. This is like all the modules that we provide. 

We provide Redis search capability and Redis cache capability and Redis JSON capability and Redis AI or Redis TimeSeries All these other modules are not proprietary software, but they are source available. You can use them. You can fork them. You can write in every environment that you want, and again, not competing with us. This is like we split it. Then, on top of it, we have some unique enterprise features, like active-active, geo-replication, and the fact that Redis is an in-memory database and it can run on Flash. This is all completely proprietary. This is like three tiers of project, but the amount of them—the majority of the code database stuff are still open source. 

 

Katherine Druckman: Thanks for that. I read somewhere—this is not related to your technology, in any way, but actually your company and culture, which I thought was interesting—I read somewhere that you offer double referral bonuses when your employees refer a woman to a technical role. Is that true? 

 

Yiftach Shoolman: Yes. 

 

Katherine Druckman: Could you talk a little bit? As a woman in technology, I’m intrigued by that, and I wonder if you might comment. 

 

Yiftach Shoolman: We found that there are not so many women in the deep, thick programming, but when we found them, they are practically great. They are in the 75 percentiles. It’s way, way above men. 

 

Katherine Druckman: (Laughter.) In order to encourage balance and diversity on your team, you go a little bit above and beyond, which is interesting. 

 

Doc Searls: I have to say—this is something my wife said many years ago. We were attending some women’s liberation thing, and she said, “I’m not interested in equality with men. Why deal down?” (Laughter.)

 

Katherine Druckman: I love Joyce. (Laughter.) My hero.

 

Doc Searls: That’s sort of what you’re saying there. 

 

Katherine Druckman: I get it. I totally kick ass. 

 

Doc Searls: I should point out that, at certain points—and we’re close to it now—Linux Journal has long been run entirely by women. (Laughter.) Our publisher is a woman. Katherine is one, and we have others, our sales.

 

Yiftach Shoolman: How many men?

 

Katherine Druckman: It’s you and Mark really. Garrick is part time. It’s really just you and Mark. A lot of our editors are, but they’re not full time.

 

Yiftach Shoolman: So, 66%.

 

Doc Searls: There’s Jill. Jill’s our executive editor. She’s the editor who does most of the work. I write some stuff, but Jill puts the magazine together. The person that runs the shop is Katherine.

 

Katherine Druckman: I’m the nerd.

 

Doc Searls: The person who runs the whole business operation and holds it together is Carlie. Jill is the one who actually puts the magazine together and rides herd on all of the slow men who don’t get their work in on time. That’s pretty much the story. 

I was sort of taking notes, and I wanted to go back to the “where we are now” quick, and especially around where we were talking about the big cloud providers. There’s sort of three remedies that you brought up. One is, of course, what you’re doing already, which is, “Let’s come up with licenses that sort of enforce a non-tragic Commons, where everybody’s sharing in an honorable way and not taking advantage of each other, creating what we might call the free rider problem,” which is what you have there with Amazon taking advantage. 

Another is regulatory. I don’t know where I was in that list of things, but there were a couple of things I wanted to bring up. One was that, on the regulatory front, I’ve always been struck in respect to the cloud or in respect to any of these giant companies that run giant server farms that are the size of nuclear power plants and are absolutely opaque. Nobody really knows what’s going on in there, other than the people running them. We can take advantage of their services. We can use their search engines. We can go on Facebook’s social network, and we see the front-end user interface on that, but we don’t see how this whole thing works behind the scenes. What strikes me is that, if you’re running a nuclear power plant, whatever country you’re in, there’s a federal government that has large teams of guys and women in white coats that are really expert and go out there and study it and look at what’s right and wrong. We have nothing like that for an Amazon, an Apple, a Facebook, a Google. I don’t know how we can do that. I actually wonder whether or not they are temporary developments on the landscape, that they are—all empires fall, right? They’re empires of a sort. I don’t have a finished thought on that, but do wonder about how well anybody can regulate them. 

One of the things that—this is the third thing that Glyn, in his piece, recommends—is that they pay in some way. I think some of them would say right now, “We’re paying the Linux Foundation. We’re alpha contributors to the Linux Foundation, and the Linux Foundation does a really good job of bringing all these big companies together to work stuff out,” which they do in five distinct areas. It’s also interesting to me that half of the Global 2000 belongs to the Linux Foundation today. It may be the largest collection of companies on the face of the earth trying to operate cooperatively. I didn’t even know what to make of it. I wrote a piece about it several months ago where I externalized my own thoughts about it, but I’m just sort of wondering where you’d—

 

Yiftach Shoolman: What you suggest now, which I am for, is also problematic because once they sponsor you, you will be limited in how much criticism you are going to say against them, no?

 

Doc Searls: Yeah.

 

Yiftach Shoolman: Why don’t you think that an easy way to regulate to them is to say, “Listen, you should decide where you want to go. Either you provide a server infrastructure or you provide the software on top of it, but you cannot do both.” They are doing everything. It’s not only databases. Databases was at the beginning, but now the analytics and robotics and all this stuff and blockchain.

 

Doc Searls: In other words, it’s just simple structural separation. That’s what the lawyers call “structural separation.” That’s been proposed, for example, for the phone and cable companies. You could provide one, or you could provide the other. You can provide the infrastructure but not the services on the infrastructure. 

 

Yiftach Shoolman: If you are the bank, you cannot provide a credit card. In all other areas, the world found that there is a need for regulations for, I think, right reasons. All of a sudden, with them, nothing is possible. I must say that, again, with all the respect to what you provide, I think that they will happy to sponsor you—for them, it’s nothing—and all the others. By the way, during the fight that we had, the “fight” With changing the license, we get the feeling that many, many of the teams of the members of the OSI is somehow related to these companies as well, and by doing this, you can easily control the world even further. Again, I’m not saying that sponsoring your initiative is a bad thing. We would be happy to do it as well, but we need to think big picture. I think the only way to do big-picture thinking here is to split the pole that you can deliver. It’s clear. Why only in IT you cannot do it? 

 

Doc Searls: That’s interesting, because I think what you’re saying is we’ve sort of ridden the licensing argument as far as we can, and what we need at this point is really regulation that makes a very clear structural separation between infrastructure and services. Is that about right? 

 

Yiftach Shoolman: Yeah. I think this is the beginning.

 

Doc Searls: It might be interesting to write model legislation, hire somebody who’s used to doing that, write some model legislation and see if you can float it. 

 

Yiftach Shoolman: (Talk over 0:37:54).

 

Doc Searls: I don’t know if you have a large enough constituency for it, but it’s an interesting thought.

 

Yiftach Shoolman: (Talk over 0:37:58). I guess eventually, like—all these things started somewhere in Europe. Usually, this is the type of—I don’t know. Someone in Europe will suggest it one day, I guess. To me, it looks natural. (Talk over 0:38:18) this would continue it like this.

 

Katherine Druckman: We’ve been talking a while. I’m sure there are a lot of people listening who use Redis, the open version of Redis. I wondering if you might have any little exciting tidbits on the horizon. 

 

Yiftach Shoolman: Yeah, I think with regard to the open source version. By the end of the year, we will release open source version 6.0, which includes a lot of security stuff. Again, I think we are practically the only one who provides such a level of security at the open source level. We are talking about access control. We are talking about built-in SSL capability, TLS. Then there are a lot of other interesting stuff, like improving the cluster operation but also providing a new version of the Redis protocol, which is called RESP3, which allows you to do very interesting client-side—eventually, it will allow you to do very interesting client-side caching for Redis. 

Redis is considered as a cache or a fast database. With this level of caching at the client side, you can actually perform even faster than what there is today, which is, I think, amazing. Eventually, if you ask yourself why Redis is so important today, it’s because it guarantees the speeds of any application that is now deployed on the web or on the Internet. It’s clear that when people are not using Redis, the application sucks. It’s slow. (Laughter.) This allows you to do another level of acceleration. There is a lot of stuff that we (talk over 0:40:19) on a daily basis, 

 

Katherine Druckman: Security is interesting. I thought I might bring that up. Now seems like a good opportunity for a segue. 

You’re based in Israel and California. There’s a lot of really interesting research and development that happens in Israel with regard to security. I just wondered, was that just a natural evolution, because it is Israel and because the nature of the state of Israel lends itself to a security innovation? How did Israel become the great tech center and an innovation center that it is today, particularly with regard to security? Somebody asked me that yesterday and said, “Was it a concerted effort, or was it just organic?” I said, “I really have no idea.” Who knows, right? Do you know?

 

Yiftach Shoolman: No, I think (talk over 0:41:21) because you have some relation to (talk over 0:41:24).

 

Katherine Druckman: Yeah, I’m interested. I enjoy visiting Israel quite a bit. I’m very intrigued by what goes on there.

 

Yiftach Shoolman: First of all, I think the innovation is part of the DNA from Israel. I would say the way the country was created is also kind of an innovation way. This process practically went through generation by generation. It’s the nature and the DNA of the people who live there. 

Security is another aspect for the this. It’s mainly related to the intelligence services that we have in the army, which is a huge department of the army today, because as you can imagine, this is the next generation of wars with online. Someone needs to solve these problems, and someone needs to be able to secure the IT of the country or to attack the IT of other countries. All these innovations are creating today the Israeli Defense Force. These people, when they graduated from the army, they have a lot of knowledge, and they would like to apply what they learned in a commercial way or outside the army. I think this is the reason for it. 

 

Katherine Druckman: To plug previous episodes, we actually have talked about state actors and this sort of next generation of war, as you say, the next threats that are on the horizon and the ones that are already here. We had a really interesting one. I think the title is “Be afraid. Be very afraid.” Then, of course, we talked—one of our editors, Kyle Rankin, is a subject matter expert in security. We actually did an episode of our podcast—we recorded it while I was in Israel, and we talked about that. I said it’s part of the culture there in a way that it’s not in the U.S. We have a safe room and the apartment. 

Every new construction apartment has a safe room. Why wouldn’t you have a safe room? That’s a very foreign concept in the U.S. The front door of the apartment is this—in Texas we would call it a hurricane door, but it’s just something that is an everyday part of life. If you see a bag lying around unattended, you report it. You know that when you go in a shopping mall, you’re going to have your trunk opened and searched. That’s just part of it. You don’t think anything of it, but it’s incredibly different to how it is here. I don’t know. It’s just kind of an interesting thing to think about.

 

Yiftach Shoolman: I totally agree with that. There were a few success stories. Like, Check Point started in Israel. That’s really before everyone thought about security, and this drives a lot of innovation in this space. By the way, we are kind of unique database. It’s not just security. We are the only database company in Israel since—I don’t remember when. I don’t think, in Israel, we had any database company. Database, by the way, as a market is two times the size of the cybersecurity market. It’s bigger than that, but we also have a lot of security experts in the company. Salvatore Sanfilippo, the creator of Redis, which is part of the team, is also kind of a hacker. On our core team we have several well-known hackers which helps us to secure Redis very well in the enterprise and now also in the open source.

 

Doc Searls: I was thinking also of—I know Yossi Vardi there. 

 

Katherine Druckman: I know who that is.

 

Doc Searls: He’s very big in the chat world, going back to ICQ. Israel has been punching above its weight technically for a very long time. 

 

Yiftach Shoolman: Yeah, I totally agree. There are quite a few non-security very successful companies in Israel. Like, Wix, I guess you know, allows everyone to create very pretty and very sexy websites in just a few clicks of a button and many others, and also very good chipset companies, like Mellanox. That was recently bought, but I agree that recently security is becoming, I would say, the most popular segment where startups are creating in Israel

 

Katherine Druckman: I always joke. Every time I come back from a trip, just driving along the freeway toward the Haifa or whatever, you’ll see literally every tech company you’ve ever heard of on the side of a building there. Every single one is in Israel. They may not tell you that they are, but they’re there.

 

Doc Searls: Yeah, you have to be there. 

I think a context for this, also, is that we’re still early in the evolution of ourselves as human beings, from physical ones to digital ones and living in a fully connected digital world, the experience of being in one place, even though we’re very different. I mean, we’re in Israel, in Texas, and in New York right now, but we’re all in the same place, except it’s not a place. What’s that like? As my wife puts it, there’s no distance and there’s no gravity here. This is very new to human experience. We’re just gradually building this out. We’re gradually figuring out how this works. Her comparison is it’s like being weightless in space: After a while, we might adapt to it, but it’s pretty strange at first. We haven’t got even the vocabulary for fully understanding that yet. This is part of my, not so much a routine, but sort of my general thinking about things, which is that the older I get, the earlier it seems. The future is much longer and vaster and bigger than we have begun to see so far. 

Security is one issue. We have a completely different set of security risks and concerns in the online world than we did in the physical one. They’re completely different, and yet we have the same model, which is, “Am I safe, or am I not safe? How do I make this safe? How do I make this building safe? How do we make these people safe? How do we signal each other that we’re protected or not protected?” With privacy as well, we’re running around naked online right now. We have been for a long time. Others have taken advantage of it, just sort of like Redis has been taken advantage of in a way. It’s a different thing, but taking advantage of people and of companies that are vulnerable in some way is sort of a human tendency as well. How do we signal privacy? How do we say what that is? What’s clothing and shelter here? We don’t have this worked out yet. That’s fascinating to me that we have a long way to go.

 

Katherine Druckman: It is related, our own individualism or our digital sovereignty as individuals, but also as companies. I think, on that note, that’s a pretty great place to wrap up. Do you have any parting words? 

 

Yiftach Shoolman: I would say only one word about it. With the recent security holes that people found the CPUs, it’s questionable, will we even be fully secured one day? Maybe it is impossible.

 

Katherine Druckman: Maybe it is impossible. That’s a scary thought to end on, as we always do. 

 

Doc Searls: It is an interesting one. I can think of a whole bunch of things to say about that, but I think now is a good time to wrap it. 

 

Katherine Druckman: I know. Thank you. Thank you so much for joining us. 

 

Yiftach Shoolman: Thank you for hosting me. 

 

Katherine Druckman: I think this one might actually get some comments and some emails. Our email is [email protected], for those of you who want to write to us, and thanks.

Katherine Druckman, a self-described Drupal fangirl, is the Director of Digital Experience at Linux Journal. She’s an HTML-flinging, PHP-hacking ​webmistress by day, and a refined connoisseur of historic architecture and fine Chinese ceramics by night. She usually can be found surrounded by the charm of aging Texas buildings from the pioneer days or appreciating ceramics of the Song and Qing dynasties. You can contact Katherine by e-mail, [email protected] 

Load Disqus comments