Dial Up Motive

♪ Intro Music ♪ ♪ Intro Music ♪ Good morning. Hello, fellow humans. Welcome to the sixth episode of Dial Up Motive. This show is where we explore the first computer and first Internet experiences with Cloudflare employees and understand how it shaped their lives and their careers. I'm joined today by André Cruz. I'm an SRE here at Cloudflare out of our Lisbon office. André, would you mind introducing yourself to our viewers? So, my name is André Cruz. I live in Lisbon, Portugal, and Cloudflare just started an office in Lisbon. In fact, we started about a year ago. And I was, well, one of the first 20 URs in Lisbon at the moment. Awesome. And have you seen the new office yet or due to quarantine procedures, you've been locked out? I have never been to our office, which is in a very nice part of Lisbon. I've never visited. Is it downtown or where is it relative to the city center? Well, it's in the business center of Lisbon. It's on the frontier between downtown and more than part of the city. It's near Marques de Pombal, which is a central area of Lisbon. You can't miss it. Awesome. And as an SRE at Cloudflare, what does your day-to-day job look like? So, as a systems reliability engineer, my job is to manage and maintain clusters of databases or data warehouse solutions that our customer-facing applications use. So, me and my team are responsible for not only building them and making sure they work 24-7, so we get paged when something bad happens to one of those systems. Interesting. And what's your favorite technology that you're working with today? Well, I'm actually on a project using Console, which is a project that allows for service discovery. For example, we have two core callers, as you can call them in the United States and another in Europe. And we have services that run in both of those callers, and we want applications to use them. And they don't have to worry about where should they connect to, right? So, Console makes sure that they connect using just one name. They connect to whichever service is running at the moment or whichever is closest to them, according to our configuration. Awesome. And with that in mind, I guess, when we first chatted prior to this call, you had a very interesting kind of upbringing, your early interactions with computers and with the Internet. Would you mind diving into that? What was your first computer experience like? Sure. So, around 35 years ago, when I was five, my father brought a computer into the home. Of course, I never knew what it was. In fact, I have it right here. It's a ZX Spectrum with 48Ks of RAM. It runs basic programs, which at the time for me were mostly games. I ran games. I have also here the cassette player that I used. So, I loaded this cassette player with tapes. The first show and tell episode that we have here on Dial-Up Motive. Yeah. So, I pressed play and then I had to wait several minutes for the thing to load or not load. It could also happen that at the end it just crashed. And so, the first years I had with computers were with this ZX Spectrum. Then around five years later, around the 90s, I would say, my parents bought me a Commodore Amiga, which is already a full -blown computer with disks. So, programs loaded much faster. But again, for me at the time, it was mostly about games. I also had a Super Nintendo next. But in the early 90s, when I got my first PC, it also, again, started with games. But I realized I could do much more with a computer. Especially around 95, when a cousin of mine, actually, he was spending holidays at my place. And he brought with him a modem. I've never seen a modem before in real life. Of course, I've seen the movie Hackers, in which he uses his phone to dial into... Very accurate depiction. Yeah. And then, it was amazing for me. The first time I used a modem, I connected it to a bulletin board system that was also in my hometown. And I saw the characters appear. You could actually see the characters appear one by one because it was a 2400 volt modem. So, it was extremely slow, even for that time. Excuse me. So, it was using this modem that I managed to meet other people. And start learning about programming and stuff like that. And trading, again, trading games or other programs. And this was what really started to get me into this information security. And communication with other people, etc. Could you double -click a little bit more into the bulletin board world? I know a lot of our viewers, especially the younger viewers, are just completely unaware of this early stage of... Essentially, pre-World Wide Web. Of people trying to communicate to each other via these bulletin boards. Could you go in a bit more about that? Sure. So, bulletin board systems were the precursor to the Internet, as we know it. We could do several things there. We could talk to the system operator, which was... Most of the time, the person who was running the system would most of the time be near the system. So, you could ping him and chat to him. And you could also send messages to other people that were using the bulletin board system. Although not at the same time, but they would come back later. They would connect later and get the message. And you could also send messages to other bulletin board systems. There was a network called FidoNet. In which bulletin board systems themselves dialed to other bulletin board systems to exchange messages. Like, mostly once per day. Something like that. And then your message to a bulletin board system on the other side of the world... It would actually be delivered. Although not instantaneously, but sometime later. After it went through all the hops to get there. And then you could get the response back. It was amazing to talk to people on the other side of the world. And it was the first time I went through this bulletin board system. And were you mostly using that local bulletin board? Or you mentioned there were some game ones. What were the ones you explored as a kid? Now with a modem. With access to the rest of the world. Be it every 24 hours or so. Well, at the time, making phone calls were expensive. I think they were generally expensive. But in Portugal, they were very expensive for the money that we had. So we had to always keep in mind exactly where we were calling. If it was a local call, it was something. If it was for a different town, it was something else. If it was an international call, then it would be quite the surprise at the end of the month when the phone deal came. So we actually used several methods. We didn't invent them. But blue boxing, black boxing were very common here in Portugal. Blue boxing was when you, for example, you could dial a free phone number in the U .S., for example. And then you could use tones. Because at the time, centrals used in-band signaling. So you could actually send control codes in your call. And they would be interpreted by the central station. So you could send codes, for example, to, okay, disconnect on the United States and then connect to another number. Our central telephone company wouldn't tell the difference between me calling a free phone number and then be calling some other number. So that's blue boxing. We also used black boxes, which meant that we could, BBSs that used a black box, you could call them. And for the phone company, it meant that no one had picked up the phone. And you were actually communicating with them. So we got pretty proficient at using these types of systems to be able to use modems to talk to and communicate with our voting board systems and not pay a huge bill at the end of the month. Fascinating. We've talked about Wi-Fi hacking on this show and early Wi-Fi days with some of our engineers. This is the first of essentially, I think, a freaking of hacking phone lines. And from the sounds of it, not even directly, it reached a point where you could buy a box, plug it into your phone line system, and then get the benefits of, as you're saying, between the blue and the black boxes. I mean, that's definitely probably both a new story for me, as well as some of our viewers. Could you go into a bit more, like, was this just very common? This is just, if you were technical at that time, you found a way to find these boxes and start using them? And how did you learn about using them? As soon as you connected to BBS and you start to meet people, there were not that many of them. So this information traveled fast. So I would say that most of the people using BBS at the time were aware of these mechanisms. They might not use them because they were afraid of getting caught. But these were widely known. I'm sure the phone company knew about them as well. And actually, some years later, they moved to a digital phone line system, which didn't use in -band signaling. So this wouldn't work. Interesting. So, yeah, the early cat and mouse game on the network security side of loopholes being presented in a network, people finding ways to exploit those loopholes and ultimately getting patched later. Yeah, it was very fun. Awesome. So as you moved out of the world of bulletin boards into the general Internet, what was that experience like? So around, I think it was 96 or something, the first Internet service providers for the consumers appeared in Portugal. And I would say many of the people that I knew from the BBS world transitioned to IRC. And so we, as a group, we met certain IRC channels and you continued fostering this relationship. And at the time, again, Internet security was like the wild, wild west. You knew that if you were subscribed to certain mailing lists like BugTrack, in which regularly vulnerabilities of certain server software were published, you knew that everyone was using that software was vulnerable because no one took security very seriously at the time. So no one patched anything. Sometimes there was not even a patch from the vendor because the vendor did not acknowledge the problem. And so it was very easy to get access to computers that were not yours. And it was also a learning experience. For example, I remember before I entered university, one day I got access to a machine that was running a database. I knew what the database was. I knew that the database had something that I wanted, but I've never seen SQL before. And so, actually, I learned the first basic steps of SQL by reading the history of other people that were using the database and seeing the commands that they were issuing and trying to figure out what they meant, what they were used for. Actually, that's how I learned SQL. It was reverse engineering it in many ways or just seeing what? Yeah, that time that was very common to do. When you need to learn something, sometimes there were no books or there was no place or we couldn't find those books here. So we just had to experiment with it. And there were a lot of opportunities for this at the time, as I said. And how was it getting to know people through the bulletin board system, through IRC, living across the globe? You're never going to really meet them in real life. You only know them through your interactions via chat. How did that feel growing up? What was that like? Well, for me, it was pretty normal because from a young age, I was used to it. We didn't have even video chats were not available. And, of course, we didn't meet in person. So there are a lot of people. Of course, I've lost track of a bunch of them that I only met through text chat. Nothing more. And they were very good friends of mine at the time. But for me, it felt natural. We didn't have anything better at the time. So that's what we had to cope with. Awesome. Yeah. It's always interesting to see the early stories of the Internet and how, you know, people have been using it to gather information that wasn't available to them to make connections or to meet new people that they never would have otherwise outside of the IRC or a common game or something that kept them together or had that initial spark of a relationship going. Exactly. It was fun at the time because, again, this group that I had, we bonded over several issues. And at the time, around 96, 97, there was a team that you saw a lot in the news here. Now it's an independent country called East Timor. But it was the next colony of Portugal that we already had abandoned because we abandoned all colonies after 74. But the neighboring country, Indonesia, occupied East Timor. And there were several atrocities committed over there in the news, even in Portugal. It was commonplace to see footage of people being killed. And so me and my friends, we did something that at the time we hadn't heard about it. I don't know if we were the first ones to do it, but we decided, OK, let's use our knowledge to bring attention to this problem. And we decided to what we call deface certain websites from the Indonesian government. And actually we coordinated with the time of the news were broadcasted here in Portugal. So we sometimes before the news were broadcasted, we did deface the page and we sent an email to all news people so that they could present it in the news. And we did some multiple, I think, four or five times. And I like to think that it made a difference in bringing attention to this problem. So you invented hacktivism, is what you're saying. We hadn't. That term was unknown to us at the time. I don't know if we invented it, but we were one of the first for sure. Interesting. And so then this is one of the first instances of you using your knowledge and capabilities that you've learned about, you know, of your previous experiences to make a change or to alter something in the real world to draw attention and awareness to these issues. What was that like or was that just pretty organic? Well, one of the angles for this, of course, I wanted to learn and this was a learning opportunity. Again, the other bonus of bringing attention to this issue was also important. But for me, the biggest win for me was learning with other people how to do this, how would it work. So it's very, it was a very, very fun time. This was before I entered university. So I was still at an age where this seemed like a very fun thing to do. And did this experience lead you down kind of a computer science path in university or what was your early education like? Well, the first thing that I wanted to be when I was growing up was a pilot because my film that I enjoyed the most was Top Gun. I really liked that movie, but I don't have a very good eyesight. So that was out of the question. So computer science was because I was playing computer games for years and years. Computers, they seem like a good career path. And so it was, I don't want to say my second choice because it was also something that I enjoyed a lot. But I think from an early age, after realizing that I would never be a pilot, computer science was my goal from very early on. And this was natural for me to go into computer science education. Also, especially information security was something that I also loved doing. Awesome. And did you almost come into certain classes, given your previous experiences, ahead of the curve? Like you knew it at a practical level, you know, how to learn about exploits, implement them. But then some of the theoretical things, were they missing? And then you ultimately learned them in university or what was that like? Many things were missing. I had an upper hand in Internet because some of my colleagues didn't even have Internet at home. They never used it. So I would have had an upper hand there. I could do a little bit of programming, but the programming that I did was mostly for a specific end. I didn't have any theoretical basis or anything like that. More in the script kitty kind of category where you download or copy. And like, I know the output is this, I will use this little script. Exactly. I had no idea what I was doing, but it was very difficult for me to do them on my own at that time. So interesting. And so what was your early career like? Especially coming out of university with a computer science degree, with some of this practical background already, and computers continuing to grow and scale and the Internet continuing to grow and scale. What was your first job out of college? My first job was as a systems programmer. I thought I was going to be like a systems operator, but that was not the opportunity that I had leaving college. I ended up programming. And that's what I did for a lot of years. I was a systems programmer up until 2010 when my employee at the time gave me the opportunity to obtain a master's degree in information security in the US. Actually, I studied in the US for a certain time. And afterwards, I started to do, I was also a programmer, but I also had interest in information security. So I managed to do some tasks in that field as well. Because even when you're programming, having the knowledge of how to do it securely is important. So I managed to use this knowledge in everything that I was doing at the time. And so actually, around 2014, when I was in an event called Code Weeks that was organized by my company, John went and presented at John Graham coming. And that's where the first time I heard about Cloudflare was at that presentation. Again, it was the first time I remember that, okay, it stuck in my mind. I started following Cloudflare on social networks and blog and stuff like that. But it was a surprise for me when last year, it was announced that Cloudflare was going to open a Lisbon office. Because moving abroad was not in my radar. I never wanted to do that. A lot of my colleagues did. They ended up pursuing opportunities in Google, Amazon, Facebook, stuff like that. And they ended up pretty well. But for me, moving abroad was not an option. And so when Cloudflare opened an office in my hometown, it seemed like the perfect opportunity to join it and try my luck and see how it was inside Cloudflare. Awesome. Yeah, it's always good to see. One thing I always appreciate is just how global we are as a company. How many people we have from diverse backgrounds in diverse offices. And that's something that maps to the Internet itself. Like in many ways, I think we as a company are mirroring our product, which is so closely tied to the Internet that we have to be in a diverse distributed, have a wide range of backgrounds and experiences. And it's always good to see that put in place as we open up new offices and hire new folks. Especially ones with interesting stories about hacking phone lines and inventing hacktivism and the like. It was many years ago. I think I can talk about it. I don't know what statute of limitations is. But as long as no one learns what your handle was, we'll be okay. I've since used my handle in places I shouldn't have. So in terms of how have you brought some of those early experiences into your work at Cloudflare? Is it keeping aware of vulnerabilities? Is it knowing what tools are out there? How do you now keep this network going after all of your experience and learning? Well, being a systems reliability engineer is like applying software engineering practices to an operations role. And of course, information security is paramount in keeping all our systems secure. Because our goal is to protect our customers. But if we can't protect ourselves, then it will be quite difficult to accomplish this task. So I think all the knowledge that I've gained from what I've done in the past is culminating in being able to help Cloudflare at this time to accomplish its goal of improving the Internet. That's what I'm trying to do. Awesome. And with that in mind, what are you most excited about the future of the Internet or about what Cloudflare is building today? Well, already a lot of traffic passes through Cloudflare. I think Cloudflare will play a very important role in keeping the Internet secure and keeping web platforms secure, etc. And so my goal, my role in this will be to keep our systems at the core because I'm an SRE at the core. And so my goal is to keep all the applications that our customer facing applications depend on always running, always being available for being used. But I guess my main goal now is, since I talked about we have two core colors. So I guess my goal in the near term is to make them both be available so that applications running on all the other colors can be sure that they can connect to either one of those core colors and they can obtain their service correctly. Because that will improve our Cloudflare's reliability a lot. And do you think in some ways, is this a load balancing problem to make sure the traffic and flow between these core data centers? What do you see as how do we continue to scale in such a way to make sure that the Internet does remain reliable? It's not only a load balancing problem. Applications need to be able to run in more than one place at the same time. Not everyone of the applications is able to do this. So this is one of the problems. Some applications need to be re-architected or be able to have a copy that's not running but can start in a small amount of time and then straight can be transferred over there. And then the load balancing part, I think we have that already figured out. As long as we have capacity on our data centers, load balancing is part of our DNA. I think we have that very well thought of. Awesome. And as we come near the top of the hour, what would your advice be for those that are trying to break into this career or have an Internet -centric career? My advice, well, I would say to them to not focus on a specific technology. I've been working for almost 20 years and I've had some technology that I thought, well, this is the future. This is what we're going to use from now on. And most of them have been deprecated. So we need to get used to it. We can't get too close to that technology. We should expand our horizons and always be aware of what's coming next, because the technology that we're using today will probably not be the same that we're using five years from now. We just need to be adaptable and be always learning. Because even though I finished my studies, again, more than 20 years ago, I've never stopped learning, never stopped reading books. And nowadays we have a lot of information lying around free. We just need time and the will to read it and to learn it and to experiment with it. We need to always be experimenting with new stuff. And I think that's one of the more interesting takeaways I've had from hosting this show is just learning how information has grown and become more accessible over time. Previously, it either wasn't available, it was only available in a bulletin board, it was only available in a book that you had to go to the library for, and it was two editions too old, but it was at least information. And now with the Internet as it is today and video conferencing, it's so easy to get information that if you are not leveraging that for your own benefit or leveraging that to continue to learn, you're letting go of an amazing opportunity available to you. It's not only easy, but it's free. For example, in the information security area, there are projects that some labs that you can use to simulate hacking. And it's legal, but you don't get into trouble by using this service. It's there for you to learn. So I guess you can do what I did 20 years ago, but legally, and you can do it safely. And sometimes it's structured so that you can learn a skill. So even though it's not the wild, wild west as it was before, you still have opportunities to learn at this time. Yeah, and it's definitely, you know, that's almost a good thing for most people. So they're not running the fear of running an illegal box or doing any illegal hacking, but they can still learn how to become a hacker, essentially, and hopefully a future SRE helping keep the Internet afloat. And with that, we're near the top of the hour. So Andre, thank you again for your time. It was a fascinating journey into the early web. And then for those joining us via the live cast or via recording, thank you for your time. Hopefully that was as interesting for you as it was for me. I know that was kind of our first chat about bulletin boards here on the show. Not to mention blue boxes and black boxes and hacking the phone line. And so with that, I'll send us off and we'll catch everyone next week. Have a great day.