eBPFChirp FM is a quick‑hit podcast spotlighting the innovators behind projects like Cilium, Coroot, and other eBPF breakthroughs. Tune in for punchy chats on how they’re rewriting the rules of cloud‑native networking and observability. <br/><br/><a href="https://ebpfchirp.substack.com?utm_medium=podcast">ebpfchirp.substack.com</a>
eBPFChirp FM
Claim This Podcastby Teodor J. Podobnik
7 episodes
Updated Daily
Accepts GuestsHas Sponsors
Podcast Overview
eBPFChirp FM is a quick‑hit podcast spotlighting the innovators behind projects like Cilium, Coroot, and other eBPF breakthroughs. Tune in for punchy chats on how they’re rewriting the rules of cloud‑native networking and observability. <br/><br/><a href="https://ebpfchirp.substack.com?utm_medium=podcast">ebpfchirp.substack.com</a>
Language
🇺🇲
Publishing Since
7/24/2025
1 verified contact email on file for eBPFChirp FM
Pitch yourself as a guest, propose sponsorships, or reach out directly to the host.
Recent Episodes
December 2, 2025
Interview with Henrik Rexed, CNCF Ambassador, Cloud Native Advocate at Dynatrace
<p>This time I sat down with <a target="_blank" href="https://www.linkedin.com/in/hrexed/"><strong>Henrik Rexed</strong></a>, CNCF Ambassador and Staff Engineer at <a target="_blank" href="https://www.dynatrace.com/"><strong>Dynatrace</strong></a>. Henrik is also the voice behind the popular blog <a target="_blank" href="https://isitobservable.io/">Is It Observable</a> and brings deep expertise from a career spent largely in performance engineering.</p><p>Here’s what we covered:</p><p>* <strong>What does a CNCF Ambassador actually do?</strong> </p><p>It turns out the role is less about status and more about survival for open-source projects. The goal is simple: help the community navigate a landscape flooded with new tools and ensure worthy projects actually get adopted.</p><p>* <strong>When “CPU Usage” tells you nothing</strong> </p><p>From European League live streams to GPS trackers on police cars in the desert, simulating massive loads used to be the only way to understand system limits. But simply knowing a CPU is “waiting” isn’t enough. Is it waiting on disk? On the network? We discussed why traditional observability fail in modern architectures and how eBPF provides the missing context.</p><p>* <strong>Is eBPF always the answer?</strong> </p><p>It’s tempting to rewrite everything in eBPF, but is it always necessary? Dynatrace takes a “tactical” approach. Forcing eBPF onto legacy bare-metal systems with old kernels creates a maintenance nightmare. The argument here is for a hybrid model: use eBPF only where the environment (like Kubernetes) is controlled enough to support it safely.</p><p>* <strong>The “Cross Your Fingers” Deployment</strong> </p><p>We deploy network policies in Kubernetes or Istio, but do we actually know what they are doing? There is a frustrating gap in observability: when a connection fails, was it the policy or the network? Right now, most of us are just guessing.</p><p>* <strong>Security: To block or to listen?</strong> </p><p>If a process acts up, should you kill it immediately? Aggressive blocking often causes more problems than it solves, especially if dependencies break. We discuss the alternative: using “honeypots” and fake tokens to let attackers reveal themselves before you take action—learning the behavior rather than just stopping the process.</p><p>I’ll leave it at that. Hope you enjoy it 🐝</p> <br/><br/>Get full access to eBPFChirp at <a href="https://ebpfchirp.substack.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4">ebpfchirp.substack.com/subscribe</a>
November 11, 2025
Interview with Rafael David Tinoco, Senior Software Engineer at Garnet
<p>This time I sat down with <a target="_blank" href="https://www.linkedin.com/in/rafaeldtinoco/"><strong>Rafael David Tinoco</strong></a>, Engineer at <a target="_blank" href="https://www.linkedin.com/company/garnetlabs"><strong>Garnet</strong></a>, where he’s developing <strong>Jibril</strong> — a runtime security engine.</p><p>Rafael’s story spans from mainframes and operating system internals to maintaining <strong>Tracee</strong> at Aqua Security, and now, pushing eBPF to its architectural limits at Garnet. Here’s what we covered:</p><p>* <strong>From CI/CD runtime security to Kubernetes</strong></p><p>Jibril started as a project focused on <strong>GitHub Actions runtime security</strong>, but as users began deploying it in Kubernetes clusters, the transition was natural. After all, GitHub runners are just virtual machines — Kubernetes simply scales that model across nodes.</p><p>* <strong>The context-first vision</strong></p><p>From day one, Garnet’s founders had a clear thesis: whoever holds the <strong>best context</strong> wins. Jibril’s engine was built around this — capturing what’s happening at the system level without caring whether it’s running on GitHub, Kubernetes, or even a toaster.</p><p>* <strong>A new/unique way to process kernel events</strong></p><p>Unlike traditional runtime security tools like Falco, Tetragon, or Datadog Agent, Jibril <strong>doesn’t stream events</strong> from kernel to user space. Instead, it uses an <strong>in-kernel data query model</strong> — treating eBPF maps like a database.Rather than flooding user space with raw events, Jibril stores, indexes, and exposes them <strong>on-demand</strong> through queries. The result: <strong>an order of magnitude reduction in CPU and memory usage</strong> while maintaining full observability.</p><p>* <strong>Virtual maps and caching</strong></p><p>To make this model scale, Rafael built what he calls <strong>virtual maps</strong> — “maps made of maps” — enabling nested lookups and richer data structures entirely in-kernel.A <strong>userland caching layer</strong> further optimizes queries, ensuring repeated lookups don’t re-hit the kernel unless necessary. The outcome is a smooth balance between <strong>cadence and performance</strong>, with tunable refresh intervals depending on workload.</p><p>* <strong>Beyond just detection</strong></p><p>Jibril already supports <strong>in-kernel enforcement</strong>, blocking domains or CIDRs at egress using eBPF — no proxy, no user-space hop.For broader cluster-wide blocking, it can also hand off to <strong>Cilium</strong> to enforce network policies, rather than competing with it.</p><p>At the end, there’s a short demo of Jibril — aimed at a more technical audience — showcasing the concepts we discussed throughout our conversation.</p><p>I’ll leave it at that — this was one of the most technical and insightful discussions I’ve had about eBPF architecture in a while. </p><p>Jibril is shaping up to be a fascinating rethink of how we do runtime security — not by streaming data faster, but by <strong>rethinking where and how data lives</strong>. 🐝</p> <br/><br/>Get full access to eBPFChirp at <a href="https://ebpfchirp.substack.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4">ebpfchirp.substack.com/subscribe</a>
October 21, 2025
Interview with Avi Lumelsky, AI Security Researcher at Oligo Security
<p>This time I sat down with <a target="_blank" href="https://www.linkedin.com/in/avi-lumelsky-713111144/"><strong>Avi Lumelsky</strong></a>, AI Security Researcher at <a target="_blank" href="https://www.oligo.security/"><strong>Oligo Security</strong></a>, where he works at the intersection of AI and runtime protection. Avi’s story is a perfect example of how curiosity leads to innovation. Here are some of the topics we covered:</p><p>* <strong>From inference to insight</strong>Before Oligo, Avi worked at Deci AI, optimizing model inference speed. There, he realized something crucial — performance isn’t just about models; it’s also about how well you understand and leverage the system it runs on.</p><p>* <strong>The confinement challenge</strong>Imagine a Python model that should only do math, but could also spawn a subprocess or access the network. How do you confine it safely?</p><p>* <strong>Discovering eBPF</strong>His early experiments with DTrace were too slow and invasive for production, so when eBPF matured, he rebuilt his <a target="_blank" href="https://github.com/avilum/secimport">secimport</a> prototype — and found a scalable way to trace and enforce what code can (and can’t) do in real time.</p><p>* <strong>Beyond observability</strong>Avi’s big insight: eBPF isn’t just for monitoring. Combined with Linux Security Modules (LSM) and KRSI, it can actively stop malicious behavior before it completes — for example, blocking a rogue pickle.load() before it spawns a shell.</p><p>* <strong>Language-aware security</strong>At Oligo, Avi’s team extended this concept across languages — Python, Java, Node, .NET, PHP — extracting application-level context straight from production without user-space overhead.</p><p>* <strong>From CVEs to context</strong>Instead of flagging every potential vulnerability, Oligo maps which functions actually run in production, reducing noise and focusing developer effort where it matters most.</p><p>* <strong>The AI connection</strong>We also discussed how AI agents could soon operate eBPF — dynamically tuning kernel parameters or deploying probes on demand, creating adaptive, self-healing systems.</p><p>* <strong>Looking ahead</strong>Avi sees a future where security tooling merges with intelligence — where production data directly informs code fixes, and AI uses eBPF to keep systems resilient in real time.</p><p>🐝 I’ll leave it there — hope you enjoy the conversation.</p> <br/><br/>Get full access to eBPFChirp at <a href="https://ebpfchirp.substack.com/subscribe?utm_medium=podcast&utm_campaign=CTA_4">ebpfchirp.substack.com/subscribe</a>
7 total episodes available
Deep-dive analytics for eBPFChirp FM
Frequently asked questions
Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.
- What is eBPFChirp FM?
- How often does this podcast release new episodes?
This podcast updates daily.
- Where can I listen to this podcast?
This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.
- Does this podcast accept guests?
Yes, this podcast regularly features guests.
Legal Disclaimer
Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.
All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.
We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.
While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.
By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.