Skip to main content Search
Contact us

February monthly roundup

In this episode of the DevOps Sauna, Darren and Pinja discuss the latest stories and developments in the DevOps scene for February 2025, including Le Chat and the Majorana 1 processor.

[Darren] (0:02 - 0:22)

It does mean that quantum computing is probably years away, and not decades, but it doesn't mean cryptography is going to break tomorrow.

Welcome to the DevOps Sauna, the podcast where we deep dive into the world of DevOps, platform engineering, security, and more as we explore the future of development.

[Pinja] (0:22 - 0:32)

Join us as we dive into the heart of DevOps, one story at a time. Whether you're a seasoned practitioner or only starting your DevOps journey, we're happy to welcome you into the DevOps Sauna.

[Darren] (0:38 - 0:42)

Welcome once again to the DevOps Sauna. I'm joined again by Pinja.

[Pinja] (0:43 - 0:44)

Hello, how are you doing, Darren?

[Darren] (0:45 - 0:48)

Uh, pretty good for a Tuesday. How about yourself?

[Pinja] (0:48 - 0:54)

I think that's a very good measurement. Pretty good for a Tuesday. A solid three out of five, I would say.

Isn't that a good, good grade?

[Darren] (0:55 - 1:03)

Yeah, yeah. Seems fair. Okay, so it's the end of February.

It's time we take a look at what's been happening over the last 30 days.

[Pinja] (1:03 - 1:32)

Yes, let's look at the news and what's been going on around the world. And let's start with a forecast. And this is about how big the DevOps market is going to be worth in 2030.

So there was an estimate with the current value being $6.78 billion that the whole DevOps market would actually grow by 2030 to be $58 billion, which would mean that would be over 24% compound annual growth.

[Darren] (1:33 - 2:01)

Yep, this was a news article on OpenMPT about the perceived explosion in the DevOps market. And obviously, as people who sell DevOps, this is kind of good and not entirely unexpected, I would say because it's driven by this increasing need for rapid delivery and the focus on being able to streamline everything, all delivery through security, through testing and everything, and kind of really reduce the operating costs in that way.

[Pinja] (2:01 - 2:21)

Yeah, there's been a lot of focus on the cost element in the past couple years. And we see a lot of good opportunities here. More and more applications are being implemented in small or medium enterprises.

It is not just software companies that are using DevOps tooling. And also AI is bringing its own flavor into this soup, let's call it that.

[Darren] (2:22 - 2:51)

Yep. And I think the biggest stumbling point, as pointed out by this article, was legacy systems. And that's something we've seen in Eficode.

Legacy systems and their, let's say, monolithic architectures that don't allow porting to cloud native or require being on site, they're still slowing down this growth. So if you're still operating legacy systems, it's better to start thinking about these kind of transformations sooner rather than later, because they will become your biggest tripping point.

[Pinja] (2:51 - 3:06)

Yeah. But there are, as mentioned, some good opportunities here. As I said, this is a forecast that we will see a growth from 6.78 billion to 58 billion in the next five years. But we don't know where AI is going right now, because the market is growing so fast.

[Darren] (3:07 - 3:10)

Yep, indeed. But shall we migrate quickly and talk about the cat?

[Pinja] (3:10 - 3:29)

Let's talk about the cat. And let's talk about the French cat, meaning Le Chat, which is the French startup Mistral AI's equivalent to the other generative AI solutions. So this is something we heard about, I'd say, a couple of weeks ago, an open-source AI by the startup Mistral AI.

[Darren] (3:30 - 3:58)

Yeah, it's one of those things that's not... I don't know if it's doing anything new. It's, again, just a chat model.

But it's quite rare that we have one of these coming out of Europe, especially given the EU AI Act that these companies have to navigate. It's one of the reasons why we see lots of complaints about AI in the EU, and that we're not able to innovate at the same speed as America or China. And then we have the French saying, actually, here we go.

[Pinja] (3:58 - 4:33)

Exactly. And the CEO of Mistral AI is saying that they're very well aware of what's going on with DeepSeek. And they also claim that DeepSeek has benefited from technologies shared by Mistral AI via open-source already two years ago.

So they were not surprised that DeepSeek from China happened a couple weeks ago, a month ago. So of course, they're a company building products, and they're building it on open-source solutions. So of course, they know that other companies are going to benefit out of it.

So they're looking into the whole market of things and not just their own product here.

[Darren] (4:33 - 5:30)

We were talking with Henri Terho not that long ago about distillation models and the idea of siphoning knowledge from something like GPT into a lighter-weight model. And I like the French approach of just acknowledging that as open-source, this is something that's going to happen instead of the open AI-like approach of saying, well, they stole our stuff. And it's like, there was this quote by an author, I think it was John Scalzi, which said, oh no, the American plagiarism machine has been plagiarized by the Chinese plagiarism machine.

And it all comes back to this idea that everything in AI is just taking content from the internet that it may or may not have active licenses for and regurgitating it in some form. So it's nice to see an AI company understanding that and open-sourcing things in such a way. And I do hope we start seeing more open-source, not just models, but code and training databases, too, the training data.

This is how we get full open-source.

[Pinja] (5:31 - 6:03)

And the launch of the Le Chat model was actually very well positioned in terms of time, because there was an AI summit in Paris. And Darren, you mentioned that, well, Europe is now also a player in the game of the global AI landscape. So having the AI summit in Paris in the beginning of February, but also having the Le Chat model coming up from Mistral AI also kind of highlights this, that yes, it is not just the U.S. and China who can come up with the new solutions and new models here.

[Darren] (6:03 - 6:32)

Yeah. And I think the EU has been a player all along. If we just look at Finland, we have things like Silo AI here, which are pushing this artificial intelligence.

It's just in Europe, we have this bad habit of doing things by the rules instead of accelerating at a massive speed and not really care what happens on an ethical side of things. So it's nice to see Paris and this Mistral AI pushing things out as well. But I think there's been innovation in Europe for a long time and it will continue.

[Pinja] (6:33 - 6:40)

Yeah. Speaking of models, going to the xAI company's new model, Grok 3.

[Darren] (6:40 - 7:06)

I think the news here is that I'm always going to be confused by anything being called X and not Twitter. But yeah, the xAI is the Grok 3 from Elon Musk's company. Again, it's an accessible and currently free beta for everyone.

There is a paid subscription, I believe. But again, talking about more of the same, it's another large language model. I don't think it's a multimodal model yet.

[Pinja] (7:06 - 7:38)

No, I don't think so either. But the big feature that they say is the competitive factor here is their deep search, which is designed to perform advanced searches for more precise responses. I've seen videos online, people using it, and it actually says how long it's going to be thinking.

It is more open about its thinking process, perhaps in this sense, that is saying thinking for three seconds, thinking for four seconds. So they're saying that this is also to their advantage that they're actually showing the user that something is happening in the background.

[Darren] (7:38 - 8:17)

That is similar to what's been happening with OpenAI's ChatGPT's latest model, the advanced reasoning models, where it will tell you what it's reasoning on. I'm not sure it gives an exact time, but it is kind of reason. The problem I had with that with ChatGPT is it kind of became laser focused on something and then couldn't be creative around it.

It was trying to reason, even if you gave it something completely unreasonable to reason about, and it would try to do it and then say, oh, it can't do this, but here's what it could do if it could. So it's like, it's a little confusing. I'm actually curious to see how Grok 3's deep search plays out.

[Pinja] (8:17 - 8:34)

Yeah. And especially since, well, I haven't personally tried it, but the premium subscription called Super Grok with the unlimited access to all the features is said to be, of course, even better. But there will be some interesting news coming up in this field in the next weeks or months.

[Darren] (8:35 - 9:13)

Indeed, there will be. Speaking of interesting things, let's talk about a security topic. The North Korean Lazarus Group seems to be once again active.

They delved into this Operation Marstech mayhem, targeted at developers and software supply chain compromise. And again, their target was cryptocurrency wallets. So it's an interesting mixture.

I hope people who develop professionally and do it on a work laptop and keep their cryptocurrency wallets on a home laptop. But the fact that there were 240 victims so far suggests that's not the case in all situations.

[Pinja] (9:14 - 9:45)

No, and there are reportedly already quite a number of victims, as you say. And they're spreading it via a legitimate looking GitHub profile and possibly also through NPM packages. And the name of the profile is supposed to be called SuccessFriend, capital S in success and capital F in friend, everything together.

So, if we think of how many users GitHub has, this is a very wide channel that they're using to spread the malware here.

[Darren] (9:45 - 10:38)

Yeah, and the fact that it's a software supply chain attack is kind of consistent with what we've been expecting because no one really builds much of their own software. Well, maybe that's not fair to say no one builds much of their own software, but software is typically built by bringing in dependencies and wrapping them together in the code you need. So, for quite some time already, hacking groups have been looking at infiltrating software supply chains.

And there have been cases where they've been contributing legitimate code for months, if not years, only to insert a back door. And when that occurs, it can be devastating in both directions. If it's caught quickly, it can mean the burning of two years of work from this bad actor.

But if it's not caught, then you have a trusted source. So, it just shows the importance of verifying these things at build time.

[Pinja] (10:39 - 11:03)

And if we think of how people use their GitHub repositories because they're like being subsequently embedded into these packages where people are building software. So, as you say, hopefully, nobody is storing their cryptocurrency on their work laptops. We don't know how people use that, but hopefully not because this is a very widespread attack and is still ongoing.

So people actually should know about this more.

[Darren] (11:04 - 11:17)

They definitely should. Onto the next topic, you found this evolution of insights from analyticsinsight.net about the evolution of DevOps as an enabler. What can you tell us about this?

[Pinja] (11:17 - 11:48)

Yeah. So of course, we are like advocates of DevOps. We come from a company that sells DevOps for a living.

And we know that DevOps has been revolutionizing how we do software. But now there's actually a study. And Ganesh Vanam, who's an expert in this field, has explored how DevOps has actually evolved into a transformative methodology.

And it has been driving operational excellence and system resilience. And there is actually now numbers to prove this.

[Darren] (11:48 - 12:27)

Yeah. And some of the numbers were around, firstly, infrastructure of code. So infrastructure automation, decreasing provisioning time by 78%, and Kuroot configuration flaws by 64%.

And if we're talking about man hours, a 78% reduction in deployment time is huge. And just having a reduction in configuration flaws means a lower attack surface. So this, of course, revolved around tools like Terraform and Ansible, though I guess Terraform is OpenTofu now if people are using it in the open source version.

So yeah, these are also leading to an operational cost for infrastructure reduction by 42%.

[Pinja] (12:27 - 12:59)

Yes. And what is the crucial concept in DevOps, CI/CD? So how has CI/CD pipelines have actually impacted our deployment success rates?

Based on this study, it has raised them by 96%. And the time to market has sped up by 71%. So this is not only, of course, as business people, they want to see the time to market go up, get higher.

But also security-wise, this has caught vulnerabilities by 72% by adding scanning and automated testing into the workflows.

[Darren] (12:59 - 13:41)

And I think the final thing of that study we should look at is the monitoring and observability. So the observability solutions are enhancing monitoring to the tune of seeing a 69% increase in system reliability and 58% decrease in unplanned downtime. And in systems where downtime can cost tens of thousands, if not more per hour, in some high-scale cases, that might be per minute, that can be a huge advantage.

So yeah, while we are, I think, a bit biased towards DevOps, you know, we have the world's only DevOps center, I think these numbers speak for themselves. So it's kind of gratifying to know that we're doing something right in a way.

[Pinja] (13:42 - 14:21)

And if we think of, what is the main concept of DevOps, I'm now going to quote the father of DevOps, Patrick Debois here. So trying to remove the friction between the silos. And also, the study showed that by removing the silos or the friction between the silos and trying to move towards synergy, another consultancy favorite word, is that we gain 35% gain in productivity.

And this also impacted the time to market for new features by decreasing that by 30%. So yes, we do love DevOps. I guess it's clear for everybody, but I'm very happy to see that this is now being quantified by an actual study here.

[Darren] (14:21 - 14:42)

I think it's important to get those solid numbers out there. Then another thing that happened, Atlassian released its letter to shareholders for the second quarter of fiscal year 2025. There's a lot to digest in there.

And if you're interested, I recommend you go take a look, but they actually had some kind of impressive achievements that I think we highlight.

[Pinja] (14:43 - 15:13)

Let's talk about the achievements that Atlassian has been named a leader in the Gartner Magic Quadrant for DevOps platforms. And this is not the first time, but also the second time in this two years in a row. This is not a small achievement.

Gartner is being used by many, many companies. We don't even know how vast it is in the world. But let's think about the importance of producing data availability.

So, having Atlassian at the leaderboard for Gartner Magic Quadrant is a big deal.

[Darren] (15:13 - 15:30)

It is. And it's not the only accolade they have. They were named a leader with the highest possible score in the strategy category of the Forrester Wave Enterprise Service Management for quarter four of 2023.

So it's a little bit older now, but again, it's showing they're kind of progressing quite well.

[Pinja] (15:30 - 15:57)

And related to enterprise service management, also in the IT service management category, they were named a leader in the IDC market space. So there is the Worldwide IT Service Management Software 2024, so last year's vendor assessment. And what was noted here was that a couple years ago in -23, there was growth for Jira Service Management, and it was well over the average for the whole IT service management market, according to the data by IDC.

[Darren] (15:57 - 16:10)

And I think one final thing we can mention is just kind of a cool statistic for Atlassian that today over 40% of Fortune 500 companies are Jira Service Management customers. That's kind of an impressive market penetration rate.

[Pinja] (16:10 - 16:21)

That's true. And they do understand at Atlassian that they still have tons of runway within the walls of those organizations, but like being already used by these companies is a big deal.

[Darren] (16:21 - 16:54)

Indeed. I think it would be time to talk about a topic we've actually discussed before. We have a Semgrep.

In December of last year, Semgrep, which is a security tool, basically a scanning system, announced something that has been announced by several people before, which was a license change. And what happened is the license changed from kind of a very free, very liberal model to a more commercial model where even the community feed is ending up locked by a payment requirement.

[Pinja] (16:54 - 17:09)

And as a response to this, Endor Labs, because they did not want to, of course, have these restrictions impact so many people and so many companies, they announced Opengrep. And this is a free open-source fork of Semgrep.

[Darren] (17:09 - 17:53)

Yep. And this exact thing happened last year with HashiCorp Terraform. So Terraform shifted to a more commercial-friendly license and immediately spawned OpenTofu, which was like a free, open-source version based on the last free, open-source version of Terraform.

So now we have the same where Opengrep is just taking the most recent open version of Semgrep and starting to build on it. So we're now going to hopefully see a scanner that's building those principles in. So it's a capable scanning engine that is improved over time and hopefully won't have every community rule locked behind these pro or paid subscription models.

[Pinja] (17:53 - 18:43)

The main three pillars here and the principles on which Opengrep has been built is that they indeed want to assure a long-term openness so that they would not hide anything behind these governance structures. Because this governance structure is designed to prevent any single entity from imposing these future restrictions so that we could see this long-term open-source freedom with it. Another principle here that they mentioned was that they wanted to build a better and more capable scanning engine.

And again, not hiding the essential metadata and the new scanning capabilities behind this locking, but also the improved engine, which could lead to more capable community rules, again, in the spirit of open-source, by unlocking these previously pro-only capabilities. But we shall see if this is a sufficient measure to actually ensure the openness of Opengrep. I hope so.

[Darren] (18:43 - 19:02)

Yeah. And I think there's also some requirement for assurance that they're not going to be locked into specific vendors or specific tooling, which I think was the big problem with the licensing, that Semgrep now being locked behind the commercial versions, locking them into a specific SaaS system.

[Pinja] (19:02 - 19:13)

And let's talk about the last article that we have here, last piece of news, about Microsoft. They announced that they had now managed to produce their first quantum chip.

[Darren] (19:13 - 19:50)

Yeah, this caused some drama in internal Eficode channels when it was announced because everyone knows that as soon as quantum computing is solved, traditional cryptography goes out the window, and that makes for very busy security professionals. So it was one of those things where you post the link, the link says, Microsoft stock first quantum computing chip from investors.com. From the verge, it was saying the quantum Majorana 1 processor.

And well, it's kind of interesting. So, I mean, Pinja, if you maybe want to run through the particulars of the article, and then we can dive into the things behind it.

[Pinja] (19:51 - 20:24)

Yeah. So, this is the first quantum chip from Microsoft. It's based on a novel architecture, and based on information from Microsoft, this development stems from 17 years of research focused on creating this new material that they called a topoconductor.

And they claim that this is now vastly improving the computational power. And it's supposed to have the potential to accommodate up to 1 million qubits on a single chip. So this would help with the complex simulations and real world problem solving.

[Darren] (20:25 - 21:46)

Yeah. So, a qubit, for those who don't know, is just a quantum bit. In standard computing, we have ones and zeros, there are bits, they're binary switches.

But in quantum computing, the idea is that quantum superposition would allow for basically a measurable value between zero and one, allowing for a single qubit to carry much more information. And the science behind that is sound. The problem with this first quantum chip being released is the threshold generally agreed upon by experts is the requirement for 1 million qubits.

Currently, this topoconductor is short for topological superconductor. It's essentially because of the speeds and heat required by quantum computing. But this current chip, I think, had eight qubits.

And eight qubits is quite far away from the threshold of 1 million. So it's a little bit on the clickbaity side that it's like, Microsoft did announce this chip, and it's a cool breakthrough. And it has a potential to scale up to a million qubits.

And right now it's reaching eight. It does mean that quantum computing is probably years away and not decades, as some people have previously thought. But it doesn't mean cryptography is going to break tomorrow.

[Pinja] (21:47 - 21:56)

Okay. So, if we think about the potential security issues coming off of this, we do not have to start panicking right now. Is that correct, Darren?

[Darren] (21:56 - 22:57)

No. I think it's also important not to get drawn into. It's weird for me to say this, but don't get wrapped up in the security aspects of quantum computing. Because once that million qubit threshold is reached, quantum computing will revolutionize a great deal of things.

Yes, it will make a lot of security professionals very unhappy. And the post-quantum cryptography world had better be ready for that point. But if we think about being able to either do so much more with previous infrastructure or minimize it in such a way that data centers stop being these huge sprawling areas requiring huge amounts of cooling.

Well, they'll still require cooling because of how the quantum superconductors are cooled. But hopefully, we'd be able to shrink power requirements and really economize things in terms of scale so that we don't make these huge data centers anymore, that we could make everything so much smaller and have such a smaller footprint.

[Pinja] (22:58 - 23:26)

This discussion a little bit reminds me of the whole rise of AI at the moment. We know that advances in technology are coming, but it's not exactly happening overnight here. That this is the first one, and as you said, AI is still far behind for one million.

This is the first quantum chip by Microsoft. So I think we will see technology advancements in this area, maybe sooner rather than later. But is quantum computing coming next year?

I highly doubt that.

[Darren] (23:26 - 23:54)

But you raise an interesting point on the AI side, because I do think we're going to have this cascade problem that we have with AI, that there will be a development in quantum computing that causes a snowball effect. And we do start seeing the developments happening in rapid succession, like we currently are mitigating in AI. So it's important to start thinking about your quantum cryptography strategy now, but it's probably not needed to be fleshed out just yet.

[Pinja] (23:54 - 24:05)

No, and if we think about the legislation now coming for AI and AI technologies, I think we will have to see the same for quantum computing in the upcoming future.

[Darren] (24:05 - 24:30)

We will, but we'll, as is demonstrated, we'll see them in the EU long before they're active in the US and in what we could consider hostile nations, where if they get access to quantum computing and can use it to break allied cryptography, that would be extremely problematic. And that's probably a nice, depressing place to leave the news. Hopefully we'll leave you with a bit of a cheerier thing next time.

[Pinja] (24:30 - 24:35)

We will aim for that. That was February in the news and the world of DevOps.

[Darren] (24:35 - 24:37)

Indeed it was. Thank you for joining me, Pinja.

[Pinja] (24:37 - 24:38)

Thank you. Thank you, Darren.

[Darren] (24:38 - 24:41)

And I hope you'll join us next time in the DevOps Sauna.

[Pinja] (24:42 - 24:48)

We'll now tell you a little bit about who we are.

[Darren] (24:48 - 24:51)

I'm Darren Richardson, Security Consultant at Eficode.

[Pinja] (24:51 - 24:56)

I'm Pinja Kujala. I specialize in Agile and portfolio management topics at Eficode.

[Darren] (24:56 - 24:58)

Thanks for tuning in. We'll catch you next time.

[Pinja] (24:58 - 25:06)

And remember, if you like what you hear, please like, rate, and subscribe on your favorite podcast platform. It means the world to us.

Published:

DevOpsSauna Sessions