Podcasts about ci cd

At KubeCon EU 2025 in London, Nirmal and I discussed the important (and not-so-important) things you might have missed. There's also a video version of this show on YouTube.Creators & Guests Cristi Cotovan - Editor Beth Fisher - Producer Bret Fisher - Host Nirmal Mehta - Host (00:00) - DDT Audio Podcast Edited (00:04) - Intro (01:24) - KubeCon 2025 EU Overview (03:24) - Platform Engineering and AI Trends (07:03) - AI and Machine Learning in Kubernetes (15:38) - Project Pavilions at KubeCon (17:05) - FinOps and Cost Optimization (20:39) - HAProxy and AI Gateways (24:00) - Proxy Intelligence and Network Layer Optimization (26:52) - Developer Experience and Organizational Challenges (29:23) - Platform Engineering and Cognitive Load (35:54) - End of Life for CNCF Projects You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Вторая часть подкаста про такую неоднозначную тему, как запуск полноценных виртуалок в кубернетесе. Кто: Андрей Квапил. CEO & Founder Ænix, core-разработчик платформы Cozystack Георг Гаал. CTO & Co-founder Ænix Про что: Cozystack приняли в CNCF Как устроена сеть в kubvirt (харвейстер, козистек, опеншифт) в сравнении с обычной виртуализации Кубернетес в кубернетесе Базы данных как сервис и как осуществляется доступ к ним? Обычные виртуалки и все приблуды для CI/CD (argocd и всякое такое вместе с ансиблом/тераформом) Как попробовать Cozystack?

Where does the next phase of AI-assistants for software development go next? Is it an evolution of developer productivity, or a complete rethinking of the barriers and limitations for broader software development? SHOW: 924SHOW TRANSCRIPT: The Cloudcast #924 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST: "CLOUDCAST BASICS"SHOW SPONSORS:Cut Enterprise IT Support Costs by 30-50% with US CloudSHOW NOTES:WHERE DO AI DEVELOPER-ASSISTANTS GO NEXT?A year ago it felt like co-pilots were one of the entry point use-cases for AI.Since then we've seen numbers say the uplift is 10-20% productivity.Microsoft claims that 20-30% of their code is now written by AIs.We've seen many senior developers speakout that it's not replacement level technology and they don't trust it.Companies like Cursor have a $9-10B valuation. Windsurf just got purchased for $3B by OpenAI.Microsoft has Co-Pilot (based on OpenAI models). Google and Amazon are rumored to be launching their own.Lots of companies are launching agents (IBM, Salesforce, Oracle, etc.), and lots of agent frameworks now exist. So where does it go next? Is it just wide-spead adoption of developer productivity? Is it specialized functions within developer workflows? (e.g. CI/CD, documentation, security evaluations, bug fixes, long-term maintenance, etc.)How far are we from teams being just a few architects, leads, Sr. Devs, and then teams of AI's (agents, etc.)?Is that a good thing for Sr. Dev personalities that didn't want to focus on soft-skills?Does that allow for greater experimentation against feature-requests or stories, since they can create more, test more, etc.?Do we start to see companies create skunkworks teams/groups that try to adopt this approach? Are product managers ready to have zero-backlogs and the demand for new ideas to increase?FEEDBACK?Email: show at the cloudcast dot netTwitter/X: @cloudcastpodBlueSky: @cloudcastpod.bsky.socialInstagram: @cloudcastpodTikTok: @cloudcastpod

Codemagic CEO Martin Remmelgas joins Robin and Mazen to talk mobile CI/CD in 2025: Why build tooling still has rough edges, how Codemagic handles versioning and code signing, and where the developer experience still needs work.Show NotesReact Native CI/CD with CodemagicCodemagicConnect With Us!Martin Remmelgas: @martinjeretRobin Heinze: @robinheinzeMazen Chami: @mazenchamiReact Native Radio: @ReactNativeRdioThis episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.

Ever wondered what it takes to climb the ladder from Salesforce developer to Salesforce architect to Salesforce manager in the complex and fast-paced ecosystem we live in?  In this episode of DevOps Diaries, host Jack McCurdy sits down with Salesforce leader Jessica Riffe to uncover her incredible journey. Get ready for a deep dive into the evolution of Salesforce DevOps, the secrets to impactful documentation, and the real-world challenges (and triumphs!) of growing a high-performing team. If you're navigating your own DevOps transformation or looking to elevate your team's collaboration, Jessica's hard-won insights on pipelines, understanding DevOps user needs, and effective communication are pure gold. Don't miss these invaluable lessons – listen to the full episode now!About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKW

Mat X, JD, and special guest Rod Christensen from Emily Carr University invite you to the next exciting chapter of the MacDevOps YVR podcast. In this episode, the conversation spans across the adoption of DevOps practices in managing Macs, ongoing experiences with various software tools, and the shared thrill of transforming workflows into more efficient systems. It's an engaging mix of personal anecdotes, technical insights, and lively banter that showcases how fostering collaboration within the tech community can lead to innovation and success.

Bu bölümde ekiplerin ve bireylerin omuzlarındaki “bilişsel yük” kavramını masaya yatırıyoruz. Codefiction ekibi, context-switching'in verimliliği nasıl düşürdüğünü, ölçek büyüdükçe teknoloji setinin çeşitlenmesinin ve sorumlulukların yayılmasının geliştiricinin zihinsel kapasitesini nasıl zorladığını örneklerle anlatıyor. Front-end'den veri tabanına, CI/CD pipeline'larına insan-kaynakları işlemlerine kadar uzanan dağınık görevlerin, doğru kurgulanmamış süreçler ve eksik dokümantasyonla birleşince ne kadar görünmez bir “yavaşlatıcı”ya dönüştüğü açıklanıyor. İkinci kısımda bilişsel yükün hem ekip çıktısını hem de çalışan sağlığını (burn-out riskini) nasıl etkilediği tartışılıyor; Team Topologies, Developer Experience ekipleri, “discovery” time-box'ları, standardize teknoloji seçimleri, net domain sınırları ve iyi yazılmış dokümantasyon gibi çözümler tartışılıyor. Teknik borcun ve sürekli toplantı trafiğinin yaratabileceği gizli maliyetlere değinilirken, yöneticilerin olduğu kadar ekip üyelerinin de yükü ölçme-dile-getirme sorumluluğu vurgulanıyor. Bölüm, “her şeyi yapmaya çalışmak yerine önceliklendirmek, sınırlar koymak ve odaklanmak” çağrısıyla kapanıyor. Katılımcılar;Fırat ÖzbolatDeniz İrginMert SusurDeniz ÖzgenBarış ÖzaydınOnur Aykaç

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

Extensive Notes: "No Dummy: AI Will Not Replace Coders"Introduction: The Critical Thinking ProblemAmerica faces a critical thinking deficit, especially evident in narratives about AI automating developers' jobsSpeaker advocates for examining the narrative with core critical thinking skillsSuggests substituting the dominant narrative with alternative explanationsAlternative Explanation 1: Non-Productive EmployeesOrganizations contain people who do "absolutely nothing"If you fire a person who does no work, there will be no impactThese non-productive roles exist in academics, management, and technical industriesReference to David Graeber's book "Bullshit Jobs" which categorizes meaningless jobs:Task mastersBox tickersGoonsWhen these jobs are eliminated, AI didn't replace them because "the job didn't need to exist"Alternative Explanation 2: Low-Skilled DevelopersSome developers have "very low or no skills, even negative skills"Firing someone who writes "buggy code" and replacing them with a more productive developer (even one using auto-completion tools) isn't AI replacing a jobThese developers have "negative value to an organization"Removing such developers would improve the company regardless of automationUsing better tools, CI/CD, or software engineering best practices to compensate for their removal isn't AI replacementAlternative Explanation 3: Basic Automation with Traditional ToolsSoftware engineers have been automating tasks for decades without AISpeaker's example: At Disney Future Animation (2003), replaced manual weekend maintenance with bash scripts"A bash script is not AI. It has no form of intelligence. It's a for loop with some conditions in it."Many companies have poor processes that can be easily automated with basic scriptsThis automation has "absolutely nothing to do with AI" and has "been happening for the history of software engineering"Alternative Explanation 4: Narrow vs. General IntelligenceUseful applications of machine learning exist:Linear regressionK-means clusteringAutocompletionTranscriptionThese are "narrow components" with "zero intelligence"Each component does a specific task, not general intelligence"When someone says you automated a job with a large language model, what are you talking about? It doesn't make sense."LLMs are not intelligent; they're task-based systemsAlternative Explanation 5: OutsourcingCompanies commonly outsource jobs to lower-cost regionsJobs claimed to be "taken by AI" may have been outsourced to India, Mexico, or ChinaThis practice is common in America despite questionable ethicsOrganizations may falsely claim AI automation when they've simply outsourced workAlternative Explanation 6: Routine Corporate LayoffsLarge companies routinely fire ~3% of their workforce (Apple, Amazon mentioned)Fear is used as a motivational tool in "toxic American corporations"The "AI is coming for your job" narrative creates fear and motivationMore likely explanations: non-productive employees, low-skilled workers, simple automation, etc.The Marketing and Sales DeceptionCEOs (specifically mentions Anthropic and OpenAI) make false claims about agent capabilities"The CEO of a company like Anthropic... is a liar who said that software engineering jobs will be automated with agents"Speaker claims to have used these tools and found "they have no concept of intelligence"Sam Altman (OpenAI) characterized as "a known liar" who "exaggerates about everything"Marketing people with no software engineering background make claims about coding automationCompanies like NVIDIA promote AI hype to sell GPUsConclusion: The Real Problem"AI" is a misnomer for large language modelsThese are "narrow intelligence" or "narrow machine learning" systemsThey "do one task like autocomplete" and chain these tasks togetherThere is "no concept of intelligence embedded inside"The speaker sees a bigger issue: lack of critical thinking in AmericaWarns that LLMs are "dumb as a bag of rocks" but powerful toolsLeft in inexperienced hands, these tools could create "catastrophic software"Rejects the narrative that "AI will replace software engineers" as having "absolutely zero evidence"Key Quotes"We have a real problem with critical thinking in America. And one of the places that is very evident is this false narrative that's been spread about AI automating developers jobs.""If you fire a person that does no work, there will be no impact.""I have been automating people's jobs my entire life... That's what I've been doing with basic scripts. A bash script is not AI.""Large language models are not intelligent. How could they possibly be this mystical thing that's automating things?""By saying that AI is going to come for your job soon, it's a great false narrative to spread fear where people worry about all the AI is coming.""Much more likely the story of AI is that it is a very powerful tool that is dumb as a bag of rocks and left into the hands of the inexperienced and the naive and the fools could create catastrophic software that we don't yet know how bad the effects will be."

William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Actions workflows. This tool addresses inherent security risks in GitHub Actions, such as injection vulnerabilities, permission issues, and mutable tags, by providing static analysis and remediation guidance. Fresh off the heels of the tj-actions/changed-files backdoor, this is a great topic with some things everyone can do right away. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-05-securing-github-actions-william-woodruff/

Gros épisode qui couvre un large spectre de sujets : Java, Scala, Micronaut, NodeJS, l'IA et la compétence des développeurs, le sampling dans les LLMs, les DTO, le vibe coding, les changements chez Broadcom et Red Hat ainsi que plusieurs nouvelles sur les licences open source. Enregistré le 7 mai 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-325.mp3 ou en vidéo sur YouTube. News Langages A l'occasion de JavaOne et du lancement de Java 24, Oracle lance un nouveau site avec des ressources vidéo pour apprendre le langage https://learn.java/ site plutôt à destination des débutants et des enseignants couvre la syntaxe aussi, y compris les ajouts plus récents comme les records ou le pattern matching c'est pas le site le plus trendy du monde. Martin Odersky partage un long article sur l'état de l'écosystème Scala et les évolutions du language https://www.scala-lang.org/blog/2025/03/24/evolving-scala.html Stabilité et besoin d'évolution : Scala maintient sa position (~14ème mondial) avec des bases techniques solides, mais doit évoluer face à la concurrence pour rester pertinent. Axes prioritaires : L'évolution se concentre sur l'amélioration du duo sécurité/convivialité, le polissage du langage (suppression des “rugosités”) et la simplification pour les débutants. Innovation continue : Geler les fonctionnalités est exclu ; l'innovation est clé pour la valeur de Scala. Le langage doit rester généraliste et ne pas se lier à un framework spécifique. Défis et progrès : L'outillage (IDE, outils de build comme sbt, scala-cli, Mill) et la facilité d'apprentissage de l'écosystème sont des points d'attention, avec des améliorations en cours (partenariat pédagogique, plateformes simples). Des strings encore plus rapides ! https://inside.java/2025/05/01/strings-just-got-faster/ Dans JDK 25, la performance de la fonction String::hashCode a été améliorée pour être principalement constant foldable. Cela signifie que si les chaînes de caractères sont utilisées comme clés dans une Map statique et immuable, des gains de performance significatifs sont probables. L'amélioration repose sur l'annotation interne @Stable appliquée au champ privé String.hash. Cette annotation permet à la machine virtuelle de lire la valeur du hash une seule fois et de la considérer comme constante si elle n'est pas la valeur par défaut (zéro). Par conséquent, l'opération String::hashCode peut être remplacée par la valeur de hash connue, optimisant ainsi les lookups dans les Map immuables. Un cas limite est celui où le code de hachage de la chaîne est zéro, auquel cas l'optimisation ne fonctionne pas (par exemple, pour la chaîne vide “”). Bien que l'annotation @Stable soit interne au JDK, un nouveau JEP (JEP 502: Stable Values (Preview)) est en cours de développement pour permettre aux utilisateurs de bénéficier indirectement de fonctionnalités similaires. AtomicHash, une implémentation Java d'une HashMap qui est thread-safe, atomique et non-bloquante https://github.com/arxila/atomichash implémenté sous forme de version immutable de Concurrent Hash Trie Librairies Sortie de Micronaut 4.8.0 https://micronaut.io/2025/04/01/micronaut-framework-4-8-0-released/ Mise à jour de la BOM (Bill of Materials) : La version 4.8.0 met à jour la BOM de la plateforme Micronaut. Améliorations de Micronaut Core : Intégration de Micronaut SourceGen pour la génération interne de métadonnées et d'expressions bytecode. Nombreuses améliorations dans Micronaut SourceGen. Ajout du traçage de l'injection de dépendances pour faciliter le débogage au démarrage et à la création des beans. Nouveau membre definitionType dans l'annotation @Client pour faciliter le partage d'interfaces entre client et serveur. Support de la fusion dans les Bean Mappers via l'annotation @Mapping. Nouvelle liveness probe détectant les threads bloqués (deadlocked) via ThreadMXBean. Intégration Kubernetes améliorée : Mise à jour du client Java Kubernetes vers la version 22.0.1. Ajout du module Micronaut Kubernetes Client OpenAPI, offrant une alternative au client officiel avec moins de dépendances, une configuration unifiée, le support des filtres et la compatibilité Native Image. Introduction d'un nouveau runtime serveur basé sur le serveur HTTP intégré de Java, permettant de créer des applications sans dépendances serveur externes. Ajout dans Micronaut Micrometer d'un module pour instrumenter les sources de données (traces et métriques). Ajout de la condition condition dans l'annotation @MetricOptions pour contrôler l'activation des métriques via une expression. Support des Consul watches dans Micronaut Discovery Client pour détecter les changements de configuration distribuée. Possibilité de générer du code source à partir d'un schéma JSON via les plugins de build (Gradle et Maven). Web Node v24.0.0 passe en version Current: https://nodejs.org/en/blog/release/v24.0.0 Mise à jour du moteur V8 vers la version 13.6 : intégration de nouvelles fonctionnalités JavaScript telles que Float16Array, la gestion explicite des ressources (using), RegExp.escape, WebAssembly Memory64 et Error.isError. npm 11 inclus : améliorations en termes de performance, de sécurité et de compatibilité avec les packages JavaScript modernes. Changement de compilateur pour Windows : abandon de MSVC au profit de ClangCL pour la compilation de Node.js sur Windows. AsyncLocalStorage utilise désormais AsyncContextFrame par défaut : offrant une gestion plus efficace du contexte asynchrone. URLPattern disponible globalement : plus besoin d'importer explicitement cette API pour effectuer des correspondances d'URL. Améliorations du modèle de permissions : le flag expérimental --experimental-permission devient --permission, signalant une stabilité accrue de cette fonctionnalité. Améliorations du test runner : les sous-tests sont désormais attendus automatiquement, simplifiant l'écriture des tests et réduisant les erreurs liées aux promesses non gérées. Intégration d'Undici 7 : amélioration des capacités du client HTTP avec de meilleures performances et un support étendu des fonctionnalités HTTP modernes. Dépréciations et suppressions : Dépréciation de url.parse() au profit de l'API WHATWG URL. Suppression de tls.createSecurePair. Dépréciation de SlowBuffer. Dépréciation de l'instanciation de REPL sans new. Dépréciation de l'utilisation des classes Zlib sans new. Dépréciation du passage de args à spawn et execFile dans child_process. Node.js 24 est actuellement la version “Current” et deviendra une version LTS en octobre 2025. Il est recommandé de tester cette version pour évaluer son impact sur vos applications. Data et Intelligence Artificielle Apprendre à coder reste crucial et l'IA est là pour venir en aide : https://kyrylo.org/software/2025/03/27/learn-to-code-ignore-ai-then-use-ai-to-code-even-better.html Apprendre à coder reste essentiel malgré l'IA. L'IA peut assister la programmation. Une solide base est cruciale pour comprendre et contrôler le code. Cela permet d'éviter la dépendance à l'IA. Cela réduit le risque de remplacement par des outils d'IA accessibles à tous. L'IA est un outil, pas un substitut à la maîtrise des fondamentaux. Super article de Anthropic qui essaie de comprendre comment fonctionne la “pensée” des LLMs https://www.anthropic.com/research/tracing-thoughts-language-model Effet boîte noire : Stratégies internes des IA (Claude) opaques aux développeurs et utilisateurs. Objectif : Comprendre le “raisonnement” interne pour vérifier capacités et intentions. Méthode : Inspiration neurosciences, développement d'un “microscope IA” (regarder quels circuits neuronaux s'activent). Technique : Identification de concepts (“features”) et de “circuits” internes. Multilinguisme : Indice d'un “langage de pensée” conceptuel commun à toutes les langues avant de traduire dans une langue particulière. Planification : Capacité à anticiper (ex: rimes en poésie), pas seulement de la génération mot par mot (token par token). Raisonnement non fidèle : Peut fabriquer des arguments plausibles (“bullshitting”) pour une conclusion donnée. Logique multi-étapes : Combine des faits distincts, ne se contente pas de mémoriser. Hallucinations : Refus par défaut ; réponse si “connaissance” active, sinon risque d'hallucination si erreur. “Jailbreaks” : Tension entre cohérence grammaticale (pousse à continuer) et sécurité (devrait refuser). Bilan : Méthodes limitées mais prometteuses pour la transparence et la fiabilité de l'IA. Le “S” dans MCP veut dire Securité (ou pas !) https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b La spécification MCP pour permettre aux LLMs d'avoir accès à divers outils et fonctions a peut-être été adoptée un peu rapidement, alors qu'elle n'était pas encore prête niveau sécurité L'article liste 4 types d'attaques possibles : vulnérabilité d'injection de commandes attaque d'empoisonnement d'outils redéfinition silencieuse de l'outil le shadowing d'outils inter-serveurs Pour l'instant, MCP n'est pas sécurisé : Pas de standard d'authentification Pas de chiffrement de contexte Pas de vérification d'intégrité des outils Basé sur l'article de InvariantLabs https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks Sortie Infinispan 15.2 - pre rolling upgrades 16.0 https://infinispan.org/blog/2025/03/27/infinispan-15-2 Support de Redis JSON + scripts Lua Métriques JVM désactivables Nouvelle console (PatternFly 6) Docs améliorées (métriques + logs) JDK 17 min, support JDK 24 Fin du serveur natif (performances) Guillaume montre comment développer un serveur MCP HTTP Server Sent Events avec l'implémentation de référence Java et LangChain4j https://glaforge.dev/posts/2025/04/04/mcp-client-and-server-with-java-mcp-sdk-and-langchain4j/ Développé en Java, avec l'implémentation de référence qui est aussi à la base de l'implémentation dans Spring Boot (mais indépendant de Spring) Le serveur MCP est exposé sous forme de servlet dans Jetty Le client MCP lui, est développé avec le module MCP de LangChain4j c'est semi independant de Spring dans le sens où c'est dépendant de Reactor et de ses interface. il y a une conversation sur le github d'anthropic pour trouver une solution, mais cela ne parait pas simple. Les fallacies derrière la citation “AI won't replace you, but humans using AI will” https://platforms.substack.com/cp/161356485 La fallacie de l'automatisation vs. l'augmentation : Elle se concentre sur l'amélioration des tâches existantes avec l'IA au lieu de considérer le changement de la valeur de ces tâches dans un nouveau système. La fallacie des gains de productivité : L'augmentation de la productivité ne se traduit pas toujours par plus de valeur pour les travailleurs, car la valeur créée peut être capturée ailleurs dans le système. La fallacie des emplois statiques : Les emplois sont des constructions organisationnelles qui peuvent être redéfinies par l'IA, rendant les rôles traditionnels obsolètes. La fallacie de la compétition “moi vs. quelqu'un utilisant l'IA” : La concurrence évolue lorsque l'IA modifie les contraintes fondamentales d'un secteur, rendant les compétences existantes moins pertinentes. La fallacie de la continuité du flux de travail : L'IA peut entraîner une réimagination complète des flux de travail, éliminant le besoin de certaines compétences. La fallacie des outils neutres : Les outils d'IA ne sont pas neutres et peuvent redistribuer le pouvoir organisationnel en changeant la façon dont les décisions sont prises et exécutées. La fallacie du salaire stable : Le maintien d'un emploi ne garantit pas un salaire stable, car la valeur du travail peut diminuer avec l'augmentation des capacités de l'IA. La fallacie de l'entreprise stable : L'intégration de l'IA nécessite une restructuration de l'entreprise et ne se fait pas dans un vide organisationnel. Comprendre le “sampling” dans les LLMs https://rentry.co/samplers Explique pourquoi les LLMs utilisent des tokens Les différentes méthodes de “sampling” : càd de choix de tokens Les hyperparamètres comme la température, top-p, et leur influence réciproque Les algorithmes de tokenisation comme Byte Pair Encoding et SentencePiece. Un de moins … OpenAI va racheter Windsurf pour 3 milliards de dollars. https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion l'accord n'est pas encore finalisé Windsurf était valorisé à 1,25 milliards l'an dernier et OpenAI a levé 40 milliards dernièrement portant sa valeur à 300 milliards Le but pour OpenAI est de rentrer dans le monde des assistants de code pour lesquels ils sont aujourd'hui absent Docker desktop se met à l'IA… ? Une nouvelle fonctionnalité dans docker desktop 4.4 sur macos: Docker Model Runner https://dev.to/docker/run-genai-models-locally-with-docker-model-runner-5elb Permet de faire tourner des modèles nativement en local ( https://docs.docker.com/model-runner/ ) mais aussi des serveurs MCP ( https://docs.docker.com/ai/mcp-catalog-and-toolkit/ ) Outillage Jetbrains défend la suppression des commentaires négatifs sur son assistant IA https://devclass.com/2025/04/30/jetbrains-defends-removal-of-negative-reviews-for-unpopular-ai-assistant/?td=rt-3a L'IA Assistant de JetBrains, lancée en juillet 2023, a été téléchargée plus de 22 millions de fois mais n'est notée que 2,3 sur 5. Des utilisateurs ont remarqué que certaines critiques négatives étaient supprimées, ce qui a provoqué une réaction négative sur les réseaux sociaux. Un employé de JetBrains a expliqué que les critiques ont été supprimées soit parce qu'elles mentionnaient des problèmes déjà résolus, soit parce qu'elles violaient leur politique concernant les “grossièretés, etc.” L'entreprise a reconnu qu'elle aurait pu mieux gérer la situation, un représentant déclarant : “Supprimer plusieurs critiques d'un coup sans préavis semblait suspect. Nous aurions dû au moins publier un avis et fournir plus de détails aux auteurs.” Parmi les problèmes de l'IA Assistant signalés par les utilisateurs figurent : un support limité pour les fournisseurs de modèles tiers, une latence notable, des ralentissements fréquents, des fonctionnalités principales verrouillées aux services cloud de JetBrains, une expérience utilisateur incohérente et une documentation insuffisante. Une plainte courante est que l'IA Assistant s'installe sans permission. Un utilisateur sur Reddit l'a qualifié de “plugin agaçant qui s'auto-répare/se réinstalle comme un phénix”. JetBrains a récemment introduit un niveau gratuit et un nouvel agent IA appelé Junie, destiné à fonctionner parallèlement à l'IA Assistant, probablement en réponse à la concurrence entre fournisseurs. Mais il est plus char a faire tourner. La société s'est engagée à explorer de nouvelles approches pour traiter les mises à jour majeures différemment et envisage d'implémenter des critiques par version ou de marquer les critiques comme “Résolues” avec des liens vers les problèmes correspondants au lieu de les supprimer. Contrairement à des concurrents comme Microsoft, AWS ou Google, JetBrains commercialise uniquement des outils et services de développement et ne dispose pas d'une activité cloud distincte sur laquelle s'appuyer. Vos images de README et fichiers Markdown compatibles pour le dark mode de GitHub: https://github.blog/developer-skills/github/how-to-make-your-images-in-markdown-on-github-adjust-for-dark-mode-and-light-mode/ Seulement quelques lignes de pure HTML pour le faire Architecture Alors, les DTOs, c'est bien ou c'est pas bien ? https://codeopinion.com/dtos-mapping-the-good-the-bad-and-the-excessive/ Utilité des DTOs : Les DTOs servent à transférer des données entre les différentes couches d'une application, en mappant souvent les données entre différentes représentations (par exemple, entre la base de données et l'interface utilisateur). Surutilisation fréquente : L'article souligne que les DTOs sont souvent utilisés de manière excessive, notamment pour créer des API HTTP qui ne font que refléter les entités de la base de données, manquant ainsi l'opportunité de composer des données plus riches. Vraie valeur : La valeur réelle des DTOs réside dans la gestion du couplage entre les couches et la composition de données provenant de sources multiples en formes optimisées pour des cas d'utilisation spécifiques. Découplage : Il est suggéré d'utiliser les DTOs pour découpler les modèles de données internes des contrats externes (comme les API), ce qui permet une évolution et une gestion des versions indépendantes. Exemple avec CQRS : Dans le cadre de CQRS (Command Query Responsibility Segregation), les réponses aux requêtes (queries) agissent comme des DTOs spécifiquement adaptés aux besoins de l'interface utilisateur, pouvant inclure des données de diverses sources. Protection des données internes : Les DTOs aident à distinguer et protéger les modèles de données internes (privés) des changements externes (publics). Éviter l'excès : L'auteur met en garde contre les couches de mapping excessives (mapper un DTO vers un autre DTO) qui n'apportent pas de valeur ajoutée. Création ciblée : Il est conseillé de ne créer des DTOs que lorsqu'ils résolvent des problèmes concrets, tels que la gestion du couplage ou la facilitation de la composition de données. Méthodologies Même Guillaume se met au “vibe coding” https://glaforge.dev/posts/2025/05/02/vibe-coding-an-mcp-server-with-micronaut-and-gemini/ Selon Andrey Karpathy, c'est le fait de POC-er un proto, une appli jetable du weekend https://x.com/karpathy/status/1886192184808149383 Mais Simon Willison s'insurge que certains confondent coder avec l'assistance de l'IA avec le vibe coding https://simonwillison.net/2025/May/1/not-vibe-coding/ Guillaume c'est ici amusé à développer un serveur MCP avec Micronaut, en utilisant Gemini, l'IA de Google. Contrairement à Quarkus ou Spring Boot, Micronaut n'a pas encore de module ou de support spécifique pour faciliter la création de serveur MCP Sécurité Une faille de sécurité 10/10 sur Tomcat https://www.it-connect.fr/apache-tomcat-cette-faille-activement-exploitee-seulement-30-heures-apres-sa-divulgation-patchez/ Une faille de sécurité critique (CVE-2025-24813) affecte Apache Tomcat, permettant l'exécution de code à distance Cette vulnérabilité est activement exploitée seulement 30 heures après sa divulgation du 10 mars 2025 L'attaque ne nécessite aucune authentification et est particulièrement simple à exécuter Elle utilise une requête PUT avec une charge utile Java sérialisée encodée en base64, suivie d'une requête GET L'encodage en base64 permet de contourner la plupart des filtres de sécurité Les serveurs vulnérables utilisent un stockage de session basé sur des fichiers (configuration répandue) Les versions affectées sont : 11.0.0-M1 à 11.0.2, 10.1.0-M1 à 10.1.34, et 9.0.0.M1 à 9.0.98 Les mises à jour recommandées sont : 11.0.3+, 10.1.35+ et 9.0.99+ Les experts prévoient des attaques plus sophistiquées dans les prochaines phases d'exploitation (upload de config ou jsp) Sécurisation d'un serveur ssh https://ittavern.com/ssh-server-hardening/ un article qui liste les configurations clés pour sécuriser un serveur SSH par exemple, enlever password authentigfication, changer de port, desactiver le login root, forcer le protocol ssh 2, certains que je ne connaissais pas comme MaxStartups qui limite le nombre de connections non authentifiées concurrentes Port knocking est une technique utile mais demande une approche cliente consciente du protocol Oracle admet que les identités IAM de ses clients ont leaké https://www.theregister.com/2025/04/08/oracle_cloud_compromised/ Oracle a confirmé à certains clients que son cloud public a été compromis, alors que l'entreprise avait précédemment nié toute intrusion. Un pirate informatique a revendiqué avoir piraté deux serveurs d'authentification d'Oracle et volé environ six millions d'enregistrements, incluant des clés de sécurité privées, des identifiants chiffrés et des entrées LDAP. La faille exploitée serait la vulnérabilité CVE-2021-35587 dans Oracle Access Manager, qu'Oracle n'avait pas corrigée sur ses propres systèmes. Le pirate a créé un fichier texte début mars sur login.us2.oraclecloud.com contenant son adresse email pour prouver son accès. Selon Oracle, un ancien serveur contenant des données vieilles de huit ans aurait été compromis, mais un client affirme que des données de connexion aussi récentes que 2024 ont été dérobées. Oracle fait face à un procès au Texas concernant cette violation de données. Cette intrusion est distincte d'une autre attaque contre Oracle Health, sur laquelle l'entreprise refuse de commenter. Oracle pourrait faire face à des sanctions sous le RGPD européen qui exige la notification des parties affectées dans les 72 heures suivant la découverte d'une fuite de données. Le comportement d'Oracle consistant à nier puis à admettre discrètement l'intrusion est inhabituel en 2025 et pourrait mener à d'autres actions en justice collectives. Une GitHub action très populaire compromise https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised Compromission de l'action tj-actions/changed-files : En mars 2025, une action GitHub très utilisée (tj-actions/changed-files) a été compromise. Des versions modifiées de l'action ont exposé des secrets CI/CD dans les logs de build. Méthode d'attaque : Un PAT compromis a permis de rediriger plusieurs tags de version vers un commit contenant du code malveillant. Détails du code malveillant : Le code injecté exécutait une fonction Node.js encodée en base64, qui téléchargeait un script Python. Ce script parcourait la mémoire du runner GitHub à la recherche de secrets (tokens, clés…) et les exposait dans les logs. Dans certains cas, les données étaient aussi envoyées via une requête réseau. Période d'exposition : Les versions compromises étaient actives entre le 12 et le 15 mars 2025. Tout dépôt, particulièrement ceux publiques, ayant utilisé l'action pendant cette période doit être considéré comme potentiellement exposé. Détection : L'activité malveillante a été repérée par l'analyse des comportements inhabituels pendant l'exécution des workflows, comme des connexions réseau inattendues. Réaction : GitHub a supprimé l'action compromise, qui a ensuite été nettoyée. Impact potentiel : Tous les secrets apparaissant dans les logs doivent être considérés comme compromis, même dans les dépôts privés, et régénérés sans délai. Loi, société et organisation Les startup the YCombinateur ont les plus fortes croissances de leur histoire https://www.cnbc.com/2025/03/15/y-combinator-startups-are-fastest-growing-in-fund-history-because-of-ai.html Les entreprises en phase de démarrage à Silicon Valley connaissent une croissance significative grâce à l'intelligence artificielle. Le PDG de Y Combinator, Garry Tan, affirme que l'ensemble des startups de la dernière cohorte a connu une croissance hebdomadaire de 10% pendant neuf mois. L'IA permet aux développeurs d'automatiser des tâches répétitives et de générer du code grâce aux grands modèles de langage. Pour environ 25% des startups actuelles de YC, 95% de leur code a été écrit par l'IA. Cette révolution permet aux entreprises de se développer avec moins de personnel - certaines atteignant 10 millions de dollars de revenus avec moins de 10 employés. La mentalité de “croissance à tout prix” a été remplacée par un renouveau d'intérêt pour la rentabilité. Environ 80% des entreprises présentées lors du “demo day” étaient centrées sur l'IA, avec quelques startups en robotique et semi-conducteurs. Y Combinator investit 500 000 dollars dans les startups en échange d'une participation au capital, suivi d'un programme de trois mois. Red Hat middleware (ex-jboss) rejoint IBM https://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html Les activités Middleware de Red Hat (incluant JBoss, Quarkus, etc.) vont être transférées vers IBM, dans l'unité dédiée à la sécurité des données, à l'IAM et aux runtimes. Ce changement découle d'une décision stratégique de Red Hat de se concentrer davantage sur le cloud hybride et l'intelligence artificielle. Mark Little explique que ce transfert était devenu inévitable, Red Hat ayant réduit ses investissements dans le Middleware ces dernières années. L'intégration vise à renforcer l'innovation autour de Java en réunissant les efforts de Red Hat et IBM sur ce sujet. Les produits Middleware resteront open source et les clients continueront à bénéficier du support habituel sans changement. Mark Little affirme que des projets comme Quarkus continueront à être soutenus et que cette évolution est bénéfique pour la communauté Java. Un an de commonhaus https://www.commonhaus.org/activity/253.html un an, démarré sur les communautés qu'ils connaissaient bien maintenant 14 projets et put en accepter plus confiance, gouvernance legère et proteger le futur des projets automatisation de l'administratif, stabiilité sans complexité, les developpeurs au centre du processus de décision ils ont besoins de members et supporters (financiers) ils veulent accueillir des projets au delà de ceux du cercles des Java Champions Spring Cloud Data Flow devient un produit commercial et ne sera plus maintenu en open source https://spring.io/blog/2025/04/21/spring-cloud-data-flow-commercial Peut-être sous l'influence de Broadcom, Spring se met à mettre en mode propriétaire des composants du portefeuille Spring ils disent que peu de gens l'utilisaent en mode OSS et la majorité venait d'un usage dans la plateforme Tanzu Maintenir en open source le coutent du temps qu'ils son't pas sur ces projets. La CNCF protège le projet NATS, dans la fondation depuis 2018, vu que la société Synadia qui y contribue souhaitait reprendre le contrôle du projet https://www.cncf.io/blog/2025/04/24/protecting-nats-and-the-integrity-of-open-source-cncfs-commitment-to-the-community/ CNCF : Protège projets OS, gouvernance neutre. Synadia vs CNCF : Veut retirer NATS, licence non-OS (BUSL). CNCF : Accuse Synadia de “claw back” (reprise illégitime). Revendications Synadia : Domaine nats.io, orga GitHub. Marque NATS : Synadia n'a pas transféré (promesse rompue malgré aide CNCF). Contestation Synadia : Juge règles CNCF “trop vagues”. Vote interne : Mainteneurs Synadia votent sortie CNCF (sans communauté). Support CNCF : Investissement majeur ($ audits, légal), succès communautaire (>700 orgs). Avenir NATS (CNCF) : Maintien sous Apache 2.0, gouvernance ouverte. Actions CNCF : Health check, appel mainteneurs, annulation marque Synadia, rejet demandes. Mais finalement il semble y avoir un bon dénouement : https://www.cncf.io/announcements/2025/05/01/cncf-and-synadia-align-on-securing-the-future-of-the-nats-io-project/ Accord pour l'avenir de NATS.io : La Cloud Native Computing Foundation (CNCF) et Synadia ont conclu un accord pour sécuriser le futur du projet NATS.io. Transfert des marques NATS : Synadia va céder ses deux enregistrements de marque NATS à la Linux Foundation afin de renforcer la gouvernance ouverte du projet. Maintien au sein de la CNCF : L'infrastructure et les actifs du projet NATS resteront sous l'égide de la CNCF, garantissant ainsi sa stabilité à long terme et son développement en open source sous licence Apache-2.0. Reconnaissance et engagement : La Linux Foundation, par la voix de Todd Moore, reconnaît les contributions de Synadia et son soutien continu. Derek Collison, PDG de Synadia, réaffirme l'engagement de son entreprise envers NATS et la collaboration avec la Linux Foundation et la CNCF. Adoption et soutien communautaire : NATS est largement adopté et considéré comme une infrastructure critique. Il bénéficie d'un fort soutien de la communauté pour sa nature open source et l'implication continue de Synadia. Finalement, Redis revient vers une licence open source OSI, avec la AGPL https://foojay.io/today/redis-is-now-available-under-the-agplv3-open-source-license/ Redis passe à la licence open source AGPLv3 pour contrer l'exploitation par les fournisseurs cloud sans contribution. Le passage précédent à la licence SSPL avait nui à la relation avec la communauté open source. Salvatore Sanfilippo (antirez) est revenu chez Redis. Redis 8 adopte la licence AGPL, intègre les fonctionnalités de Redis Stack (JSON, Time Series, etc.) et introduit les “vector sets” (le support de calcul vectoriel développé par Salvatore). Ces changements visent à renforcer Redis en tant que plateforme appréciée des développeurs, conformément à la vision initiale de Salvatore. Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 mai 2025 : GOSIM AI Paris - Paris (France) 7-9 mai 2025 : Devoxx UK - London (UK) 15 mai 2025 : Cloud Toulouse - Toulouse (France) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 22-23 mai 2025 : Flupa UX Days 2025 - Paris (France) 24 mai 2025 : Polycloud - Montpellier (France) 24 mai 2025 : NG Baguette Conf 2025 - Nantes (France) 3 juin 2025 : TechReady - Nantes (France) 5-6 juin 2025 : AlpesCraft - Grenoble (France) 5-6 juin 2025 : Devquest 2025 - Niort (France) 10-11 juin 2025 : Modern Workplace Conference Paris 2025 - Paris (France) 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12 juin 2025 : Positive Design Days - Strasbourg (France) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 19-21 juin 2025 : Drupal Barcamp Perpignan 2025 - Perpignan (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : Devfest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

This interview was recorded for GOTO Unscripted.gotopia.techRead the full transcription of this interview hereHannah Foxwell - Independent Consultant & Founder of "AI for the rest of us"Charles Humble - Freelance Techie, Podcaster, Editor, Author & ConsultantRESOURCESHannahhttps://bsky.app/profile/hannahfoxwell.nethttps://medium.com/@hannahfoxwellhttps://x.com/HannahFoxwellhttps://github.com/hannahfoxwellhttps://www.linkedin.com/in/hannah-foxwellCharleshttps://bsky.app/profile/charleshumble.bsky.socialhttps://linkedin.com/in/charleshumblehttps://mastodon.social/@charleshumblehttps://conissaunce.comDESCRIPTIONCharles Humble and Hannah Foxwell explore the multifaceted challenges and opportunities presented by emerging technologies, modern work practices, and management dynamics.They emphasize the importance of methodologies like pair programming, flexible work designs, and inclusive team environments, especially for accommodating neurodiverse and introverted individuals.Foxwell introduces the “three-teams model” to guide new managers in aligning with direct reports, leadership peers, and cross-functional collaborators. She underscores the significance of equitable leadership through mentorship, coaching, and sponsorship, particularly for underrepresented groups.Exploring  AI's potential, Foxwell highlights its transformative impact on software development and enterprise processes while cautioning against rushed adoption. She advocates for thoughtful experimentation and user-centric design, noting the need for cultural and structural shifts to fully realize AI's benefits. Ultimately, the conversation centers on intentionality, empathy, and the need for organizations to balance innovation with human-centric practices. [...]RECOMMENDED BOOKSKim, Humble, Debois, Willis & Forsgren • The DevOps HandbookJez Humble & David Farley • Continuous DeliveryBarbara Oakley • A Mind For NumbersPooja K. Agarwal & Patrice M. Bain • Powerful TeachingBarbara Oakley & Olav Schewe • Learn Like a ProDaniel Kahneman • Thinking, Fast and SlowMatthew Skelton & Manuel Pais • Team TopologBlueskyTwitterInstagramLinkedInFacebookCHANNEL MEMBERSHIP BONUSJoin this channel to get early access to videos & other perks:https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/joinLooking for a unique learning experience?Attend the next GOTO conference near you! Get your ticket: gotopia.techSUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted daily!

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

Kubernetes revolutionized the way software is built, deployed, and managed, offering engineers unprecedented agility and portability. But as Edera co-founder and CEO Emily Long shares, the speed and flexibility of containerization came with overlooked tradeoffs—especially in security. What started as a developer-driven movement to accelerate software delivery has now left security and infrastructure teams scrambling to contain risks that were never part of Kubernetes' original design.Emily outlines a critical flaw: Kubernetes wasn't built for multi-tenancy. As a result, shared kernels across workloads—whether across customers or internal environments—introduce lateral movement risks. In her words, “A container isn't real—it's just a set of processes.” And when containers share a kernel, a single exploit can become a system-wide threat.Edera addresses this gap by rethinking how containers are run—not rebuilt. Drawing from hypervisor tech like Xen and modernizing it with memory-safe Rust, Edera creates isolated “zones” for containers that enforce true separation without the overhead and complexity of traditional virtual machines. This isolation doesn't disrupt developer workflows, integrates easily at the infrastructure layer, and doesn't require retraining or restructuring CI/CD pipelines. It's secure by design, without compromising performance or portability.The impact is significant. Infrastructure teams gain the ability to enforce security policies without sacrificing cost efficiency. Developers keep their flow. And security professionals get something rare in today's ecosystem: true prevention. Instead of chasing billions of alerts and layering multiple observability tools in hopes of finding the needle in the haystack, teams using Edera can reduce the noise and gain context that actually matters.Emily also touches on the future—including the role of AI and “vibe coding,” and why true infrastructure-level security is essential as code generation becomes more automated and complex. With GPU security on their radar and a hardware-agnostic architecture, Edera is preparing not just for today's container sprawl, but tomorrow's AI-powered compute environments.This is more than a product pitch—it's a reframing of how we define and implement security at the container level. The full conversation reveals what's possible when performance, portability, and protection are no longer at odds.Learn more about Edera: https://itspm.ag/edera-434868Note: This story contains promotional content. Learn more.Guest: Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/ResourcesLearn more and catch more stories from Edera: https://www.itspmagazine.com/directory/ederaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, emily long, containers, kubernetes, hypervisor, multi-tenancy, devsecops, infrastructure, virtualization, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 

In today's episode of Technical Tips, we're joined by Semaphore engineer Lucas Pinheiro. He's here to share insights on self-hosting agents — including the challenges our engineering team has faced and the solutions we've implemented to manage agents reliably at scale. Whether you're working with self-hosted systems or navigating cloud-specific hurdles, this episode is packed with valuable takeaways. Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.

Episode Notes: Claude Code Review: Pattern Matching, Not IntelligenceSummaryI share my hands-on experience with Anthropic's Claude Code tool, praising its utility while challenging the misleading "AI" framing. I argue these are powerful pattern matching tools, not intelligent systems, and explain how experienced developers can leverage them effectively while avoiding common pitfalls.Key PointsClaude Code offers genuine productivity benefits as a terminal-based coding assistantThe tool excels at make files, test creation, and documentation by leveraging context"AI" is a misleading term - these are pattern matching and data mining systemsAnthropomorphic interfaces create dangerous illusions of competenceMost valuable for experienced developers who can validate suggestionsSimilar to combining CI/CD systems with data mining capabilities, plus NLPThe user, not the tool, provides the critical thinking and expertiseQuote"The intelligence is coming from the human. It's almost like a combination of pattern matching tools combined with traditional CI/CD tools."Best Use CasesTest-driven developmentRefactoring legacy codeConverting between languages (JavaScript → TypeScript) Documentation improvementsAPI work and Git operationsDebugging common issuesRisky Use CasesLegacy systems without sufficient training patternsCutting-edge frameworks not in training dataComplex architectural decisions requiring system-wide consistencyProduction systems where mistakes could be catastrophicBeginners who can't identify problematic suggestionsNext StepsFrame these tools as productivity enhancers, not "intelligent" agentsUse alongside existing development tools like IDEsMaintain vigilant oversight - "watch it like a hawk"Evaluate productivity gains realistically for your specific use cases#ClaudeCode #DeveloperTools #PatternMatching #AIReality #ProductivityTools #CodingAssistant #TerminalTools

Thank you to the folks at Sustain (https://sustainoss.org/) for providing the hosting account for CHAOSSCast! CHAOSScast – Episode 109 In this episode of CHAOSScast, host Georg Link is joined by Cali Dolfi, Senior Data Scientist at Red Hat, and Brittany Istenes, FINOS Ambassador. The discussion delves into the importance of measuring open source community health and the role of Software Bill of Materials (SBOM) in ensuring software security and compliance. They talk about the rising threats in open source software, the need for standardizing SBOMs, and how organizations can leverage these tools to proactively manage risks and project health. Also, they touch on practical steps being taken at Red Hat and other organizations to address these challenges. Hit download now to hear more! [00:00:21] Our guests introduce themselves and their backgrounds. [00:01:55] Georg explains the rise of malicious packages (700%) and the risks of neglected open source components. [00:04:36] What is a SBOM? Brittany explains SBOMs as a list of all software components and libraries in each application and automation and tooling adoption is discussed. [00:06:08] Cali outlines the lack of consensus on SBOM fields and formats and advocates for including upstream repo links to assess project health. Brittany mentions companies being cautious about publicizing SBOMs due to IP concerns. [00:09:12] Georg gives a historical overview about SBOMs began as tools for license compliance and how SBOMs now cover more including cybersecurity, post U.S. Executive Order 14028 (May 2021). [00:15:51] Georg shares three pillars of SBOM strategy: License compliance, Security, and Project Health and how CHAOSS Metrics can be combined with SBOMs to move from reactive to proactive strategies. [00:16:59] Brittany emphasizes risk analysis and good design from project inception and proactive open source strategies save effort later. [00:18:43] Cali talks about using project health metrics and advocates for tracking maintainer activity, patch frequency, and project responsiveness. [00:21:28] Brittany stresses internal engineering education on project health and risk and developer smush understand what makes a project “healthy.” [00:22:55] Georg talks about how open source has evolved and details using CHAOSS metrics for risk assessment and CI/CD integration. [00:27:36] Cali shares Red Hat's efforts to define what makes a project vulnerable and how it's focused on detecting and sunsetting unmaintained dependencies. [00:31:37] Brittany emphasizes risk from version mismatches and misinterpreted CVEs and mentions a CHAOSS doc to read, “Metrics for OSS Viability” by Gary White. [00:34:17] We end with Georg sharing some upcoming events: CHAOSScon North America, June 26 and Open Source Summit North America, June 23-25. Value Adds (Picks) of the week: [00:36:08] Georg's pick is building a platform for his dog to look out the window. [00:37:06] Brittany's pick is spending time with Georg and Cali. [00:38:12] Cali's pick is her great support system since having ACL surgery. *Panelist: * Georg Link Guests: Cali Dolfi Brittany Istenes Links: CHAOSS (https://chaoss.community/) CHAOSS Project X (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) podcast@chaoss.community (mailto:podcast@chaoss.community) Georg Link Website (https://georg.link/) Britany Istenes LinkedIn (https://www.linkedin.com/in/brittany-istenes-91b902152/) Brittany Istenes GitHub (https://github.com/BrittanyIstenes) Cali Dolfi LinkedIn (https://www.linkedin.com/in/calidolfi/) State of the Software Supply Chain (Sonatype) (https://www.sonatype.com/state-of-the-software-supply-chain/introduction) CHAOSScast Podcast-Episode 103: GrimoireLab at FreeBSD (https://podcast.chaoss.community/103) CHAOSS Community: Metrics for OSS Viability by Gary White (https://chaoss.community/viability-metrics-what-its-made-of/) CHAOSScon North America 2025, Denver, CO, June 26 (https://chaoss.community/chaosscon-2025-na/) Open Source Summit North America, Denver CO, June 23-25 (https://events.linuxfoundation.org/open-source-summit-north-america/) Fintech Open Source (FINOS) (https://www.finos.org/) Cyber Resilience Act (European Commission) (https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act) Rising Threat: Understanding Software Supply Chain Cyberattacks And Protecting Against Them(Forbes) (https://www.forbes.com/councils/forbestechcouncil/2024/02/06/rising-threat-understanding-software-supply-chain-cyberattacks-and-protecting-against-them/) Executive Order on Strengthening and Promoting Innovation in the Nation's Cybersecurity (The White House) (https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/) Types of Software Bill of Material (SBOM) Documents (https://www.cisa.gov/sites/default/files/2023-04/sbom-types-document-508c.pdf) OpenSSF Scorecard (https://openssf.org/projects/scorecard/) OSS Project Viability Starter (CHAOSS) (https://chaoss.community/kb/metrics-model-project-viability-starter/) Show Me What You Got: Turning SBOMs Into Actions- Georg Link & Brittany Istenes (https://lfms25.sched.com/event/1urWz) Special Guests: Brittany Istenes and Cali Dolfi.

Valerio Chang from Gearset chats to Jack about the evolving landscape of customer support in SaaS companies. Valerio offers a behind-the-scenes look at how Gearset has built a world-class support team, leaning into the importance of truly understanding customer needs and using documentation to elevate user experiences.Valerio delves into the unique challenges of supporting customers in the Salesforce ecosystem, and how the nature of Salesforce DevOps conversations has matured over time. Valerio discusses Gearset's mission to act not just as a tool provider but as a trusted advisor, helping users navigate complexity through empathy, curiosity, and continuous improvement.Throughout the conversation, Valerio highlights the power of asking the right questions, the role of customer feedback in shaping product development, and the fulfilment that comes from solving meaningful problems. The episode wraps with a thoughtful reflection on the human side of support and the profound impact it can have on the people behind the tickets.About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKW

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

Even if you're not "doing DevOps," understanding it can seriously level up your development career. In this episode, Matt and Mike dive into why every web developer should care about DevOps practices, even at a basic level. They explore how deployment pipelines work, how Git supports safe code changes, and how you can prevent and fix production issues faster. You'll hear real-world examples showing how small habits—like writing good commit messages, checking build logs, and knowing when to rollback—can make you a better teammate and a more reliable developer. Whether you're working with GitHub Actions, Vercel, Jenkins, or another CI/CD system, this episode will help you work smarter, troubleshoot faster, and stay calm under pressure. Show Notes: https://www.htmlallthethings.com/podcasts/what-junior-web-developers-need-to-know-about-devops Use our affiliate link (https://scrimba.com/?via=htmlallthethings) for a 20% discount!! Full details in show notes.

DevOps morreu? Ou o problema é que a gente nunca entendeu direito o que era?No episódio 166 do Kubicast, abrimos o estúdio (e o verbo) pra refletir sobre o verdadeiro papel do DevOps nos times modernos — sem buzzwords e sem teatro.Com uma bagagem prática de quem vive a operação real de times de plataforma, João Brito discute como o conceito de DevOps foi distorcido ao longo dos anos, o impacto da senioridade técnica nesse cenário e por que segurança deveria ser parte (e não acessório) desse processo.Problemas enfrentadosRedução de DevOps a ferramentas de CI/CD, ignorando o aspecto cultural.Falta de senioridade técnica em projetos que deveriam promover boas práticas.Atribuição equivocada de segurança como um elemento isolado e "externo" ao fluxo de desenvolvimento.Times de produto e infraestrutura operando em silos, gerando entregas frágeis e sem confiabilidade.Tentativas frustradas de implementar DevOps sem autonomia real ou alinhamento cultural.Ao longo do episódio, ficou claro que o DevOps ainda faz todo sentido — mas apenas se for entendido como deveria: uma filosofia de colaboração, melhoria contínua e responsabilidade compartilhada. Reduzir DevOps a automação é como dizer que tocar guitarra é só apertar cordas.Alguns links que citamos no episódio:SLSA no DevOps na PraiaPolicies e assinaturas em imagens dockerA cultura de confiabilidade, a segurança pensada desde a origem e o respeito à maturidade técnica dos times precisam caminhar juntos. Caso contrário, DevOps vira só mais um slide bonito no keynote da empresa.O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-stage attack vector and the broader often-overlooked vulnerabilities in our CI/CD pipelines, emphasizing the need to treat these build systems with production-level security rigor instead of ignoring them.   The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-04-tjactions_with_dimitri_stiliadis/

(03:59) Brought to you by Swimm.io.⁠⁠⁠⁠Start modernizing your mainframe faster with Swimm.Understand the what, why, and how of your mainframe code.Use AI to uncover critical code insights for seamless migration, refactoring, or system replacement.Stop fearing Friday and late-night deployments!Discover how the most painful part of software development—deploying to production—can become routine, safe, and even boring.In this episode, I sit down with Valentina Servile (ThoughtWorks lead developer and author of “Continuous Deployment”) to discuss the principles, practices, and mindset shift required to achieve true Continuous Deployment.Key topics discussed:The key differences between Continuous Integration, Continuous Delivery, and Continuous DeploymentWhy “if it hurts, do it more often” is the secret to safer, faster releasesApplying Lean principles like one-piece flow and reducing batch size for higher quality and speedThe importance of removing the final manual deployment gate and automating everythingEssential minimum practices: robust automated testing, feature flags, static analysis, and zero-downtime deploymentsSeparating deployment from release with feature flags and expand/contract patternsOvercoming challenges in regulated industries, technical hurdles, and third-party integrationsThe critical mindset shift: treating production as a first-class citizen and embracing “shift left” for quality and securityCautions and advice on using AI tools in a continuous deployment workflowTune in to level up your software delivery and learn how to make deployments so routine that you'll never dread another release.  Timestamps:(02:00) Career Turning Points(06:05) Tips for Juniors Starting Their Careers(08:00) Continuous Deployment Book(10:16) Definitions of CI, CD, Continuous Deployment(15:42) If It Hurts, Do It More Often(19:18) Why Remove The Final Manual Gate to Production(24:56) Common Challenges in Adopting Continuous Deployment(30:02) Minimum Practices for Continuous Deployment(35:17) Hiding Work-in-Progress(38:46) The Difference Between Deployment vs Release(41:40) Slicing the Work(45:10) Coordinating Changes Between Systems & Third Parties(47:58) The Importance of Backward Compatibility(50:05) The Required Mindset Shift(53:16) AI Caution in Continuous Deployment(55:35) 3 Tech Lead Wisdom_____Valentina Servile's BioValentina Servile is a full-stack software craftswoman and Lead Software Developer at Thoughtworks.She has worked with over a dozen companies in 5 different countries, ranging from start-up to enterprise scale. Her work has been focused on clean code, distributed systems and microservices, CI/CD practices, and evolutionary architectures in a variety of tech stacks. As a technical lead, she also coordinates delivery, and ensures a shared vision around ways of working and technical health in her cross-functional teams.Valentina is passionate about creating an engineering baseline of clean code, testing and automation as the the most fundamental enabler of Agile, Lean and DevOps principles.Follow Valentina:LinkedIn – linkedin.com/in/valentina-servileBluesky – @valentinaservile.bsky.social

KubeCon Europe 2025 in London has wrapped up, and we're bringing you all the highlights, trends, and behind-the-scenes insights straight from the show floor!In this special recap episode, I'm joined by two CNCF Ambassadors and community powerhouses: Kasper Borg Nissen, the Co-Chair of this KubeCon as well as of the KubeCon 2024 editions, and a Developer Relations Engineer at Dash0; and William Rizzo, Consulting Architect at Mirantis and Linkerd Ambassador.Together, we unpack the major themes from the event—from platform engineering and internal developer platforms, to open source observability, and where Kubernetes is headed next. We also chat about the vibe of the community, emerging projects to watch, and important trends in European tech sphere.Whether you missed the conference or want to catch up on important updates you might have missed, this episode gives you a curated take straight from the experts who know the cloud-native space inside out.The episode was live-streamed on 22 April 2025 and the video is available at https://www.youtube.com/watch?v=JyxJOmOEBvQYou can read the recap post: https://medium.com/p/740258a5fa46OpenObservability Talks episodes are released monthly, on the last Thursday of each month and are available for listening on your favorite podcast app and on YouTube.We live-stream the episodes on Twitch and YouTube Live - tune in to see us live, and chime in with your comments and questions on the live chat.⁠⁠https://www.youtube.com/@openobservabilitytalks⁠  https://www.twitch.tv/openobservability⁠Show Notes:00:00 - intro03:28 - KubeCon impressions09:59 - Backstage turns 518:56 - CNCF turns 10 and CNCF annual survey27:22 - Sovereign cloud in Europe and the NeoNephos initiative33:55 - CI/CD use in production increases36:52 - OpenInfra joins the Linux Foundation40:16 - Cloud native local communities, DEI and the BIPOC initiative 51:11 - Observability query standardization SIG updates59:36 - outroResources:CNCF 2024 Annual Survey https://www.cncf.io/reports/cncf-annual-survey-2024/NeoNephos initiative for sovereign EU cloud: https://www.linkedin.com/feed/update/urn:li:share:7313115943075766273/ OpenInfra Foundation and OpenStack join The Linux Foundation: https://www.linkedin.com/feed/update/urn:li:share:7307839934072066048/ Backstage turns 5: https://www.linkedin.com/feed/update/urn:li:activity:7318163557206966272/ Kubernetes 1.33 release: https://www.linkedin.com/feed/update/urn:li:activity:7321054742174924800/Socials:Twitter:⁠ https://twitter.com/OpenObserv⁠YouTube: ⁠https://www.youtube.com/@openobservabilitytalks⁠Dotan Horovits============Twitter: @horovitsLinkedIn: www.linkedin.com/in/horovitsMastodon: @horovits@fosstodonBlueSky: @horovits.bsky.socialKasper Borg Nissen===============Twitter: https://www.twitter.com/phennexLinkedIn: https://www.linkedin.com/in/kaspernissen/BlueSky: https://bsky.app/profile/kaspernissen.xyz⁠William Rizzo===========Twitter: https://twitter.com/WilliamRizzo19LinkedIn: https://www.linkedin.com/in/william-rizzo/BlueSky: https://bsky.app/profile/williamrizzo.bsky.social

In this awesome installment, host Joe Colantonio sits down with Mark Meier and Tom Miseur from Grafana Labs to dive deep into the world of performance testing and how their brand new open source Grafana k6 Studio is making these powerful practices accessible for everyone on your team—from developers to QA and SREs. Try out Insight Hub free for 14 days now: https://testguild.me/insighthub. No credit card required. Listen in as they discuss the evolution of k6 from a developer-first tool to one built for seamless collaboration across teams, the challenges of performance testing in modern DevOps pipelines, and practical advice for avoiding common pitfalls like the dreaded million virtual user myth. You'll also get an insider's look at how k6 Studio simplifies recording, scripting, and correlating test scenarios and how it compares to longtime industry players like JMeter. Discover the team's vision for the future, including enhanced browser testing features, integration with Grafana Cloud, and thoughts on leveraging AI to accelerate performance testing efforts. If you're ready to learn actionable strategies for making performance testing a team sport (not just a developer or QA silo) and want to hear tips on integrating load testing into your CI/CD pipelines, this episode is a must-listen! Check Out Grafana k6 Studio: https://grafana.com/docs/k6/latest/k6-studio/ Watch k6 Studio demo:  https://testguild.me/dzebxa

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the tactics that make managing secrets more secure as we discuss the distinctions between secure architectures, good policies, and developer friendly tools. We've thankfully moved on from forced 90-day user password rotations, but that doesn't mean there isn't a place for rotating secrets. It means that the tooling and processes for ephemeral secrets should be based on secure, efficient mechanisms rather than putting all the burden on users. And it also means that managing secrets shouldn't become an unmanaged risk with new attack surfaces or new points of failure. Segment Resources: https://infisical.com/blog/solving-secret-zero-problem https://infisical.com/blog/gitops-secrets-management Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-327

Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the tactics that make managing secrets more secure as we discuss the distinctions between secure architectures, good policies, and developer friendly tools. We've thankfully moved on from forced 90-day user password rotations, but that doesn't mean there isn't a place for rotating secrets. It means that the tooling and processes for ephemeral secrets should be based on secure, efficient mechanisms rather than putting all the burden on users. And it also means that managing secrets shouldn't become an unmanaged risk with new attack surfaces or new points of failure. Segment Resources: https://infisical.com/blog/solving-secret-zero-problem https://infisical.com/blog/gitops-secrets-management Show Notes: https://securityweekly.com/asw-327

Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the tactics that make managing secrets more secure as we discuss the distinctions between secure architectures, good policies, and developer friendly tools. We've thankfully moved on from forced 90-day user password rotations, but that doesn't mean there isn't a place for rotating secrets. It means that the tooling and processes for ephemeral secrets should be based on secure, efficient mechanisms rather than putting all the burden on users. And it also means that managing secrets shouldn't become an unmanaged risk with new attack surfaces or new points of failure. Segment Resources: https://infisical.com/blog/solving-secret-zero-problem https://infisical.com/blog/gitops-secrets-management Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-327

In this episode of Semaphore Uncut, Patrick Debois—Generative AI and DevOps specialist —joins Darko Fabijan to share his perspective on how AI intersects with DevOps, DevSecOps, and infrastructure as code. Patrick discusses everything from generative tooling to failure handling, and what makes this era of automation both exciting and risky.Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.

Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the tactics that make managing secrets more secure as we discuss the distinctions between secure architectures, good policies, and developer friendly tools. We've thankfully moved on from forced 90-day user password rotations, but that doesn't mean there isn't a place for rotating secrets. It means that the tooling and processes for ephemeral secrets should be based on secure, efficient mechanisms rather than putting all the burden on users. And it also means that managing secrets shouldn't become an unmanaged risk with new attack surfaces or new points of failure. Segment Resources: https://infisical.com/blog/solving-secret-zero-problem https://infisical.com/blog/gitops-secrets-management Show Notes: https://securityweekly.com/asw-327

Docker launched "Docker Model Runner" to run LLMs through llama.cpp with a single "docker model" command. In this episode Bret details examples and some useful use cases for using this way to run LLMs. He breaks down the internals. How it works, when you should use it or not use it; and, how to get started using Open WebUI for a private ChatGPT-like experience.★Topics★Model Runner DocsHub ModelsOCI ArtifactsOpen WebUIMy Open WebUI Compose fileCreators & Guests Cristi Cotovan - Editor Beth Fisher - Producer Bret Fisher - Host (00:00) - Intro (00:46) - Model Runner Elevator Pitch (01:28) - Enabling Docker Model Runner (04:28) - Self Promotion! Is that an ad? For me? (05:03) - Downloading Models (07:11) - Architectrure of Model Runner (10:49) - ORAS (11:09) - What's next for Model Runner? (12:13) - Troubleshooting You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Think database skills are dead in the Salesforce era? Think again. In this episode of DevOps Diaries, Jack McCurdy talks to Chris Starleaf of Zinc Partners, who argues they're more relevant than ever. Listen in as Chris shares insights from his Salesforce journey, exploring why tech pros need sales skills, the crucial balance between quick wins and long-term strategy, and the vital role of data governance. They tackle the generalist vs. specialist debate and discuss how strong leadership and team development drive success. Want to build better data strategies and lead more effectively in the Salesforce ecosystem? Don't miss this episode!About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKWChapters00:00 Introduction to Chris Starleaf and His Journey03:02 The Relevance of Database Management in Salesforce06:00 Sales Skills for Tech Professionals09:12 Understanding Different Roles in Salesforce11:52 Balancing Quick Wins with Long-Term Success14:59 The Importance of Data Governance18:09 The Role of Generalists vs. Specialists20:58 Fostering Pride in Data Management23:55 Building a Data Governance Strategy27:03 Team Leadership and Development29:53 Creating Efficient Processes33:13 Navigating the Salesforce Ecosystem36:08 Conclusion and Contact Information

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

Você já caiu na armadilha da “imagem invulnerável”? Na segunda parte do episódio 164 da sétima temporada do Kubicast, continuamos nosso papo com Alexandre Sieira, fundador da Tenchi Security, entrando de cabeça nos desafios técnicos da segurança prática — aquela do dia a dia, que envolve CVE, GitHub comprometido e decisões que custam caro.Com exemplos reais e reflexões afiadas, Sieira nos mostra por que segurança é mais do que política: é arquitetura, processo e cultura em ação. Problemas enfrentadosImagens de container com base vulnerável sendo tratadas como “seguras”.Falta de visibilidade sobre o que está rodando no pipeline.Risco de dependências excessivas e falta de controle na supply chain.Incidentes reais de comprometimento em ferramentas de CI/CD (como GitHub Actions).Dificuldade em conciliar segurança com performance operacional.Soluções adotadasGestão contínua de vulnerabilidades com foco em redução de superfície de ataque.Uso do SBOM (Software Bill of Materials) como aliado na rastreabilidade.Segregação de ambientes com deploy seguro entre contas e contextos.Otimizações de arquitetura sem abrir mão de práticas seguras.Estreitamento entre times de produto e segurança desde o início da jornada. Ao longo do episódio, ficou claro que segurança eficaz não depende de uma stack perfeita — mas sim de decisões conscientes. Frequentar o mundo real de DevSecOps é entender que agilidade e segurança não só podem coexistir, como se complementam. Releases frequentes, rastreabilidade e cultura de melhoria contínua são fatores que reduzem riscos e aumentam a confiança da operação. Entre as boas práticas discutidas, reforçamos que menos é mais: minimizar dependências, separar ambientes, aplicar princípios como Least Privilege e pensar sempre em blast radius são decisões simples, mas com grande impacto. Além disso, aproximar os times desde a arquitetura ajuda a criar um ambiente de segurança distribuída — e não centralizada como barreira.

Palantir Technologies, CEO Alex Karp & the New Era of Tech Defense Contractors   - AZ TRT S06 EP05 (266) 3-9-2025                 What We Learned This Week Palantir - AI powered automation for every decision Palantir is named after the all seeing stone in Lord of the Rings Software integrates with company software to allow for searching and use of big data Palantir mission is for more accountability within Government Palantir has contracts with the U.S. Government helping with security and fighting terrorism   Notes: Palantir Technologies & CEO Alex Karp Karp background in academics and philosophy, also Stanford law  Palantir founders Karp & Joe Lonsdale worked together at PayPal, funded by Peter Thiel Was not profitable for 3 years - one of the secrets of Silicon Valley, build around an idea, work on how you're going to make money off of it later  Passion project, so need people who are dedicated, not just money driven Every text, email, business, it has all data and need to save somewhere Big data and data centers are one of the fastest growing industries and along with machine learning affect so many aspects of our life, both business, and personal Dataset and Data mining are thriving industries   https://en.wikipedia.org/wiki/Palantir_Technologies Palantir Technologies Inc. is an American publicly traded company that specializes in software platforms[3] for big data analytics. Headquartered in Denver, Colorado, it was founded by Peter Thiel,[4] Stephen Cohen, Joe Lonsdale,[5] and Alex Karp in 2003. The company has four main projects: Palantir Gotham, Palantir Foundry, Palantir Apollo, and Palantir AIP. Palantir Gotham is an intelligence and defense tool used by militaries and counter-terrorism analysts. Its customers included the United States Intelligence Community (USIC) and United States Department of Defense.[6] Their software as a service (SaaS) is one of five offerings authorized for Mission Critical National Security Systems (IL5[7]) by the U.S. Department of Defense.[8][9] Palantir Foundry is used for data integration and analysis by corporate clients such as Morgan Stanley, Merck KGaA, Airbus, Wejo, Lilium, PG&E and Fiat Chrysler Automobiles.[10] Palantir Apollo is a platform to facilitate continuous integration/continuous delivery (CI/CD) across all environments.[11][12] Palantir's original clients were federal agencies of the USIC. It has since expanded its customer base to serve both international as well as state and local governments, and also to private companies.[13]     Palantir software connects data, analytics, and operations to help organizations make decisions and improve efficiency. Palantir's software is used by government agencies and commercial enterprises.  How Palantir works 1.    Connects data: Palantir connects to data systems, data lakes, and platforms.  2.    Analyzes data: Palantir analyzes data to find trends, relationships, and anomalies.  3.    Visualizes data: Palantir visualizes data to help users understand insights.  4.    Automates processes: Palantir automates processes to help users save time and improve efficiency.  5.    Improves decision-making: Palantir helps users make better decisions by providing data-driven insights.    Palantir has multiple platforms, including: ·         Palantir Gotham: Used by government agencies to detect patterns and derive insights from large amounts of data  ·         Palantir Foundry: Used by commercial enterprises to integrate data, perform simulations, and optimize workflows  ·         Palantir AIP: Used to deploy large language models and other AI within a private network    Failure of 911 terrorist attacks where government organizations were not sharing information. Government has to be able to sift through large amounts of data, looking for a terrorist network, the old needle in a haystack. Software allows government to go thru data, and also share information. In the past governments could run spy networks only, now with computer hackers, it could be run by anybody with a computer. Hard to search for terrorist, very creative. In carps view, you have to think like an entrepreneur and be tactical when going after them.   Cannot think in a static fashion, how did they do it in the past. When a terrorist is caught using a cell phone, they adapt to figure out how do they get caught and then use a different method. It's like game theory, you have to think ahead of the terrorist and find their patterns before they even realize they are leaving pattern. Terrorist may think in different terms that society deems as destructive, but it still may be very creative, almost like an entrepreneur. Per carp, you need creative and adaptive thinkers to go after the bad guys.   Cyber war is a real threat and not going anywhere. Need the government to combat it, but also must watch what the government is doing to not trample on civil liberties. Need to be able to track the data to see how the government went about things and did its targeting. Data destruction & Tag data - Know where the data came from, so government can use it lawfully.   You do not want to share data with the government, and then have the government use it against you. Because of technology and computers spying is democracized, a group of three teenagers at a coffee shop can launch a cyber attack. Systems can track down where these terrorists are, and show you the patterns of who they might be even if they can identify them directly.   Government and large health insurance companies already have a lot of data. The question is, how are they using it, is it being used in a lawful way? With Palantir software, you cannot only look for the terrorist, but you can also watch how the government uses the data   Can use Palantir software on top of current software to work through data Palantir and SpaceX companies – achieved $ Billion dollar valuation Unicorn status  Funded at loss for years, took decade to get Govt contracts   Name comes from the seeing stone in Lord of the Rings Powerful technology, that can help watch over the world, has massive, ethical implications Software helps government and businesses look over data and watch on people, but can infringe on privacy - Paradox of security vs freedom Also raises questions about privacy, verse convenience, a kin to the issue with current social media  Solve terrorism problem in big way Fight terrorism on a large scale, verse just smaller tactics with airport security   Fight terrorism at the high-level, verse low level tech with airport security and other measures that are very cumbersome and overbearing Coordinate resources better Hard to start in defense company, and this is the next generation   Palantir is coming up with a simple high-tech solution, to handle a serious and complicated problem Pre-911, government not prepared or organized to handle global terrorist threat, and many of the solutions were over the top and heavy handed   Company provides targeted efficient reactions, verse broad wide solutions There is both philosophical and technological debate on how this software can and should be used They also believe they can be more transparent, show accountability, and actually prevent government overreach Check NSA and FISA courts if used, it is not Security and CIA type orgs need secrecy Palantir could track actions of these orgs for review   Large organization, bureaucracy, often have outdated technology, and reporting, so hard to do oversight, can be very confusing Often these organizations want plausible deniability, so they don't want their accounting to be reviewed, and will list expenditures under different things, this could be seen as fraud Technology is both disruptive and how it can go through data, but also disruptive that I can force accountability and bring stuff to light   Creative accounting and inefficiency could come to an end. This forces people to adapt and change their ways. Human nature is not always open to this. Belief by CEO, how important it is to choose the right partner in person and business You want to work with people who will challenge your ideas, so you have the discipline and rigor to think out and give evidence behind when while your idea is right, or at the very least not wrong   Scale to be plausibly right, and not wrong is very valuable in life  People must be resilient enough to challenge, even their own ideas. Company, culture, fosters, and environment, where people are open to think, challenge, status quo, but also must defend their thoughts. They foster independent thought, and not just one way thinking in the company Also ambition to work on bigger national projects   Future of defense contractors is in software, which they don't have a good history with. A lot of the best defense contractors make hardware. Palantir reviewed what the government was doing to fight terrorism, and how they were spending tens of billions of dollars on it. They were spending it in the wrong way, and the process needed to be rethought. Took years to get in with government. Building software for spies and intelligence industry. Has both commercial private clients and government client.   A few different products that help big organizations analyze their data using AI, and make the data more understandable. This can help a company in many ways, be more efficient, cut cost, raise profits, understand their own company better AI and data are the new languages of the modern world. There's a lot of data and it is critical to keep it organized, but very hard. Their software goes beyond just storing and managing data. It helps them to utilize the data which is key.   Silicon Valley tree - Paypal to Palantir to Anduril Anduril makes Roadrunner – takeoff software **company seems like Stark Industries Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century's most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold.   Anduril's family of systems is powered by Lattice, an AI software platform that turns thousands of data streams into a realtime, 3D command and control center. As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge AI, computer vision, sensor fusion, and networking technology to the military in months, not years.   For more information, visit www.anduril.com. https://investors.palantir.com/news-details/2024/Anduril-and-Palantir-to-Accelerate-AI-Capabilities-for-National-Security/   https://en.wikipedia.org/wiki/Anduril_Industries Anduril Industries, Inc. is an American defense technology company that specializes in autonomous systems. It was cofounded in 2017 by inventor and entrepreneur Palmer Luckey and others.[3][4] Anduril aims to sell to the U.S. Department of Defense, including artificial intelligence and robotics. Anduril's major products include unmanned aerial systems (UAS) and counter-UAS (CUAS), semi-portable autonomous surveillance systems, and networked command and control software.     Related Show: Zero to One - Peter Thiel Contrarian Thinker + Disruption AZ TRT S04 EP50 (213) 12-17-2023   What We Learned This Week Contrarian Thinking – think for yourself and differently than everyone else Innovation great companies have unique products that go from Zero to one, vertical Founders are important and challenge the Status Quo to change the world Competition is for losers, strive for a Monopoly Secrets – What Great Company is No One Building? Disruption in Business & Tech World - How to Handle The Innovator's Dilemma    Zero to One: Notes on Startups, or How to Build the Future (c- 2014) Full Show: Here     PayPal Mafia - The Founders Story & Their Battle w/ EBAY w/ Jimmy Soni  - BRT S03 EP36 (135) 8-7-2022 What We Learned This Week PayPal Mafia – alumni created or involved many other co's – Tesla, SpaceX, Palantir, Yelp, Yammer, LinkedIn, Facebook, YouTube & more PayPal had may contributors & a real long shot to happen during the DOTCOM Crash of 2000 Claude Shannon – creator of Information Theory, predecessor to the modern computer age, & algorithms Bell Labs was a classic Tech Incubator like Fairfield Semiconductor, Xerox Parc, Menlo Park – Edison / GE, Manhattan Project, Tuxedo Park PayPal sold to EBAY in 2002 for $1.5 Billion, prior to this, the two companies were rivals as EBAY wanted a different payment system   Guest: Jimmy Soni, Author https://jimmysoni.com/ https://twitter.com/jimmyasoni   Full Show: Here   AZ TRT 2.0 - Best of Tech Part 1 - Data Centers, IT, EV Charging, Minerals & AI Software AZ TRT S05 EP21 (236) 5-26-2024    What We Learned This Week: Host  Matt on Data Centers + Energy Usage Lucian Aguayo of Redgear on IT Infrastructure Broc TenHouten of Intrinsic Power on EV Charging Brian Stevens of Neural Magic on AI Software Dr. Nick Sakharav of Reclaimed Minerals on Energy   ‘Best of' Clips from previous Tech themed aired in the first half of 2024  Full Show: Here       Biotech Shows: https://brt-show.libsyn.com/category/Biotech-Life+Sciences-Science   AZ Tech Council Shows:  https://brt-show.libsyn.com/size/5/?search=az+tech+council *Includes Best of AZ Tech Council show from 2/12/2023   Tech Topic: https://brt-show.libsyn.com/category/Tech-Startup-VC-Cybersecurity-Energy-Science  Best of Tech: https://brt-show.libsyn.com/size/5/?search=best+of+tech   ‘Best Of' Topic: https://brt-show.libsyn.com/category/Best+of+BRT      Thanks for Listening. Please Subscribe to the AZ TRT Podcast.     AZ Tech Roundtable 2.0 with Matt Battaglia The show where Entrepreneurs, Top Executives, Founders, and Investors come to share insights about the future of business.  AZ TRT 2.0 looks at the new trends in business, & how classic industries are evolving.  Common Topics Discussed: Startups, Founders, Funds & Venture Capital, Business, Entrepreneurship, Biotech, Blockchain / Crypto, Executive Comp, Investing, Stocks, Real Estate + Alternative Investments, and more…    AZ TRT Podcast Home Page: http://aztrtshow.com/ ‘Best Of' AZ TRT Podcast: Click Here Podcast on Google: Click Here Podcast on Spotify: Click Here                    More Info: https://www.economicknight.com/azpodcast/ KFNX Info: https://1100kfnx.com/weekend-featured-shows/     Disclaimer: The views and opinions expressed in this program are those of the Hosts, Guests and Speakers, and do not necessarily reflect the views or positions of any entities they represent (or affiliates, members, managers, employees or partners), or any Station, Podcast Platform, Website or Social Media that this show may air on. All information provided is for educational and entertainment purposes. Nothing said on this program should be considered advice or recommendations in: business, legal, real estate, crypto, tax accounting, investment, etc. Always seek the advice of a professional in all business ventures, including but not limited to: investments, tax, loans, legal, accounting, real estate, crypto, contracts, sales, marketing, other business arrangements, etc.  

Welcome to another exciting episode of the DevOps Toolchain podcast, where we delve into the dynamic world of DevOps, automation, and cloud infrastructure. Today, we're thrilled to have Kedar Kulkarni, a DevOps and cloud infrastructure expert, join us. Kedar has a wealth of experience in CICD, Kubernetes, and what he calls 'automation first' DevOps. He co-authored a popular IT automation ebook and created the AT-CasC framework, an integral part of Red Hat's automation stack. In this episode, we explore his unique approach to infrastructure test automation and the impact of his work in shaping how teams think about testing infrastructure as code. We'll dive deep into GitOps and explore open-source tools, learning what it really takes to build DevOps frameworks that matter. Along the way, Kedar shares insights on the significance of infrastructure as code, how to build a successful opensource project, and his thoughts on the future of DevOps practices. Whether you're a DevOps professional or just dipping your toes into the field, you won't want to miss this conversation. Tune in as we journey through the essentials of building efficient, scalable, and user-friendly DevOps frameworks that help you stay ahead in the game. Try out Insight Hub free for 14 days now: https://testguild.me/insighthub. No credit card required.

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

We're in a season of disruption—political shifts, evolving policies, contracting delays, and social tensions are impacting how business gets done, especially in the federal space. If you're a small business owner or leader trying to make sense of how to stay relevant—or just stay open—you're not alone.In this episode, we're unpacking how to navigate the high-stakes environment of public sector contracting when the rules seem to keep changing. We'll explore how policy, politics, and procurement slowdowns intersect with real-world business survival.Then, we'll shift gears and talk about tangible strategies to pivot smartly—without losing your footing. Whether you're repositioning your offers, realigning with a new customer, or expanding to commercial markets, this conversation is your guide to pivoting with power, not panic.Guest Bio:Shaun Edens founded Lucky Rabbit in 2020 and has since led its growth into a trusted digital modernization partner for agencies like USCIS, OPM, CMS, GSA, and ED, as well as commercial clients like CrabPlace.com. With a background in senior roles at firms including CTEC, TechFlow, Enlightened, and Booz Allen Hamilton, he brings deep expertise in agile transformation, cloud migration, DevSecOps, and enterprise architecture.Shaun holds an MBA from the University of Illinois and a B.S. in Computer Science from Morehouse College. He's certified in SAFe, Scrum, Product Ownership, and AWS, and skilled in tools like ReactJS, Go, Python, and CI/CD pipelines. Focused on innovation and transparency, Shaun continues to lead Lucky Rabbit in delivering human-centered, secure digital solutions that drive real impact.Call(s) to Action:Help spread the word about Unveiled: GovCon Stories: https://shows.acast.com/unveiled-govcon-storiesDo you want to be a guest or recommend a topic that you would like to learn or hear about on the podcast? Let us know through our guest feedback and registration form.Links:Lucky RabbitLucky Rabbit BlueTechFollow Lucky Rabbit on LinkedInSponsors:The views and opinions expressed in this podcast are solely those of the hosts and guests, and do not reflect the views or endorsements of our sponsors.Withum – Diamond Sponsor!Withum is a forward-thinking, technology-driven advisory and accounting firm, helping clients to be in a position of strength in today's complex business environment. Go to Withum's website to learn more about how they can help your business! Hosted on Acast. See acast.com/privacy for more information.

In this episode of Technical Tips, Tommy shares 10 expert tips to keep your CI pipeline fast and efficient. Learn how to improve performance, reduce errors, and ship quality software faster!Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.

Welcome to the TestGuild Automation Podcast! In this episode, host Joe Colantonio sits down with Gaurav Mittal, a cybersecurity, data science, and IT expert with over two decades of experience. Gaurav, recognized for his thought leadership in AI and automation with multiple industry awards, shares his insights on making How To Optimize your Automation CI/CD Pipelines in DevOps more cost-effective. Whether you're a test automation engineer or security professional or work with AI/ML, you'll want to hear Gaurav's take on implementing DevOps pipelines that reduce licensing costs and enhance flexibility without sacrificing your team's productivity. Learn about his experiences with GitHub Actions, Jenkins, and the innovative ways he's optimized CI/CD pipelines to save resources and automate extensive testing processes, all while incorporating strong security measures. Join us as we delve into the innovative strategies and practical advice that can help transform your DevOps practices.

From his early days in the Salesforce ecosystem to becoming a driving force behind Okta's DevOps strategy, Varun shares candid insights and hard-won lessons.Jack McCurdy sits down with Varun Kavoori, Principal Salesforce DevOps Engineer at Okta, for a deep dive into his career journey and the evolving world of Salesforce DevOps. Jack and Varun explore how Okta approaches release management, the power of flexible DevOps practices, and why setting strong guardrails is key to compliance and scale. Varun lifts the lid on the tools and tactics that keep his team running smoothly, especially on high-stakes release days, and looks ahead to the growing role of AI in the DevOps space. Whether you're a seasoned Salesforce engineer or just starting out, this episode is packed with actionable takeaways and fresh perspectives.About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKWChapters:00:00 Introduction to Varun Kavoori and His Journey03:06 Understanding the Role of DevOps in Salesforce06:08 Release Management at Okta08:55 Building a Flexible DevOps Process11:54 Guardrails and Compliance in Releases15:00 Scaling the Team and Managing Growth18:02 Challenges with Metadata and Deployment20:54 Release Day Process and Code Freeze23:51 Tools and Techniques for DevOps Success26:53 Future of DevOps and AI Integration29:53 Excitement for Salesforce Innovations

Lars Wirzenius discusses his innovative CI/CD system Ambient, which uses isolated virtual machines without network access to enhance security, and his work on Radicle, a peer-to-peer Git collaboration platform. Together, these projects offer a glimpse into a more distributed future for software development, addressing key challenges in current CI/CD systems like long wait times, security vulnerabilities, and centralized infrastructure limitations. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-ambient-radicle-lars-wirzenius/

This episode is about what I'm seeing and what I'm doing right now, and then for the rest of the year. There are three parts. First, I talk about what's about to happen for me for the next few weeks re going to London for KubeCon. Then what I'm planning to change in this podcast, as well as my other content on YouTube for the rest of the year. And lastly, I talk about some industry trends that I'm seeing that will force me, I think, to change the format of this show. I recorded the episode on March 22, 2025.★Topics★My work at KubeCon EU in LondonWhat's next for this Podcast and my YouTubeWhat's up with AI for DevOps?Creators & Guests Beth Fisher - Producer Bret Fisher - Host (00:00) - What's Coming in 2025 (01:07) - Highlights I'm excited about re KubeCon (04:35) - Changes to this Podcast (05:58) - What's up with AI and "Agentic DevOps"? (15:11) - Upcoming guests You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

The Docker Bake Build tool just went general availability, and I'm excited about what this means for creating reproducible builds and automation that can run anywhere  CI locally. I love it. Really, and in this video I'm gonna break down some of the features, the benefits and walk through some examples.In this episode I explain why docker buildx bake exists, what it can do, and I walk through multiple examples of Bake files and how it's better than docker build image and docker compose build. I also touch on BuildKit and Docker's GitHub Actions.There's also a video version of this show on YouTube.★Get started with Docker Bake★Walkthough https://docs.docker.com/guides/bake/ Docs: https://docs.docker.com/build/bake/GA Announcement: https://www.docker.com/blog/ga-launch-docker-bake/Creators & Guests Beth Fisher - Producer Bret Fisher - Host (00:00) - Intro (00:04) - / (00:41) - History Lesson (01:29) - Bake Today (02:43) - Ad for... Me! (03:53) - List of Benefits (10:29) - Use Bake Everywhere (12:41) - Leaning into Bake, maybe? You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Show Notes "If you talk to people that have been doing Terraform for many years, they're going to tell you that, "Terraform is the law and Terraform is the way to go." But like you said, there's different tools, I would say, or languages that you can use for infrastructure as code. And it really depends what you want to do, what your developers are used to or are comfortable with and what works with your organization as it should be with any tool in software development. You got to grab the one or use the one that is more appropriate for your use case, your scenario, your organization"— Sam Gomez Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Sam Gomez joined us to talk about Infrastructure as Code, why you might want to think about using something like Terraform and Bicep, and how they can help you to automate your deployments to the public cloud. Sam also talks about best practises for CI/CD and ways to test your Infrastructure as Code ahead of running it--something that we've all felt the pain of in the past, I'm sure. "Terraform has what's called validation for your parameters. So like I said, you can set up a validation that says, "the only values for the SKU for a SQL server are basic," for example. And if somebody tries to give a different value to that particular parameter, it'll stop automatically and say, "okay, this validation has failed. You know, the value allowed is this one." You can do the same thing with Bicep. So that's another added layer of protection against making these kind of mistakes and adding or configuring the wrong values in your deployments"— Sam Gomez Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Podcasthon 2025! One last thing before we start the episode: we're super happy to participate in the 3rd edition of Podcasthon For one week, more than a thousand podcasts will highlight a charity of their choice. And today, I have the pleasure of welcoming Andy's Man Club to the show. Throughout this episode, I'll interrupt the conversation a few times to talk about the importance of mental fitness. The reason that I've picked Andy's Man Club is because mental health support is very important to me. I've used their groups for almost two years and have had the honour of being asked to step up and help run one of those groups. If you'll forgive the name for now, Andy's Man Club is a UK-based charity which organises weekly, informal, peer-to-peer talking groups for anyone over the age of 18 who identifies as male. I'll talk more about Andy's Man Club later in the episode. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/deploying-with-confidence-sam-gomez-on-terraform-bicep-and-infrastructure-as-code/ Music Used In This Episode This contains some copyright free music during the interstitials. Each of the pieces of music (linked below) were created by YouTube user HoobeZa, and we thank them for making their work free to use. If you liked the music we used, check out links to the pieces below: "Lounge" "Mellow" "Golden" "Release" Podcasthon 2025 This episode of the podcast contains support for both Podcasthon, Andy's Man Club, and Capes on the Couch. Please feel free to check out both projects at the links below. Podcasthon! Andy's Man Club Capes on the Couch And please remember to check in on your own mental fitness from time to time. Useful Links Sam on LinkedIn Dad's in Tech The bus factor Terraform Registry Azure Verified Modules Bicep for VS Code Terraform extension for VS Code Terraform CNCF Hashicorp Developer Website Sam's MVP profile Sam on X Sam on BlueSky Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

This is episode 287 recorded on March 13th, 2025 where John & Jason talk the Microsoft Fabric January 2025 Feature Summary including Python Notebooks in preview, Lineage enhancements to spark notebooks, lots of DBA enhancements to Data Warehouse, Tenant Level Private Link for Databases, and CI/CD preview for most of Fabric.

Frank is all in on GitHub actions on his newly updated iOS & Android Apps with .NET 8 and .NET 9. Let's dive through his yaml! Follow Us Frank: Twitter, Blog, GitHub James: Twitter, Blog, GitHub Merge Conflict: Twitter, Facebook, Website, Chat on Discord Music : Amethyst Seer - Citrine by Adventureface ⭐⭐ Review Us (https://itunes.apple.com/us/podcast/merge-conflict/id1133064277?mt=2&ls=1) ⭐⭐ Machine transcription available on http://mergeconflict.fm

Global Agile Summit Preview: Implementing Agile Practices for Data and Analytics Teams with Henrik Reich In this BONUS Global Agile Summit preview episode, we dive into the world of Agile methodologies specifically tailored for data and analytics teams. Henrik Reich, Principal Architect at twoday Data & AI Denmark, shares his expertise on how data teams can adapt Agile principles to their unique needs, the challenges they face, and practical tips for successful implementation. The Evolution of Data Teams "Data and analytics work is moving more and more to be like software development." The landscape of data work is rapidly changing. Henrik explains how data teams are increasingly adopting software development practices, yet there remains a significant knowledge gap in effectively using certain tools. This transition creates both opportunities and challenges for organizations looking to implement Agile methodologies in their data teams. Henrik emphasizes that as data projects become more complex, the need for structured yet flexible approaches becomes critical. Dynamic Teams in the Data and Analytics World "When we do sprint planning, we have to assess who is available. Not always the same people are available." Henrik introduces the concept of "dynamic teams," particularly relevant in consulting environments. Unlike traditional Agile teams with consistent membership, data teams often work with fluctuating resources. This requires a unique approach to sprint planning and task assignment. Henrik describes how this dynamic structure affects team coordination, knowledge sharing, and project continuity, offering practical strategies for maintaining momentum despite changing team composition. Customizing Agile for Data and Analytics Teams "In data and analytics, tools have ignored agile practices for a long time." Henrik emphasizes that Agile isn't a one-size-fits-all solution, especially for data teams. He outlines the unique challenges these teams face: Team members have varying expectations based on their backgrounds Experienced data professionals sometimes skip quality practices Traditional data tools weren't designed with Agile methodologies in mind When adapting Agile for data teams, Henrik recommends focusing on three key areas: People and their expertise Technology selection Architecture decisions The overarching goal remains consistent: "How can we deliver as quickly as possible, and keep the good mood of the team?" Implementing CI/CD in Data Projects "Our first approach is to make CI/CD available in the teams." Continuous Integration and Continuous Deployment (CI/CD) practices are essential but often challenging to implement in data teams. Henrik shares how his organization creates "Accelerators" - tools and practices that enable teams to adopt CI/CD effectively. These accelerators address both technological requirements and new ways of working. Through practical examples, he demonstrates how teams can overcome common obstacles, such as version control challenges specific to data projects. In this segment, we refer to the book How to Succeed with Agile Business Intelligence by Raphael Branger. Practical Tips for Agile Adoption "Start small. Don't ditch scrum, take it as an inspiration." For data teams looking to adopt Agile practices, Henrik offers pragmatic advice: Begin with small, manageable changes Use established frameworks like Scrum as inspiration rather than rigid rules Practice new methodologies together as a team to build collective understanding Adapt processes based on team feedback and project requirements This approach allows data teams to embrace Agile principles while accounting for their unique characteristics and constraints. The Product Owner Challenge "CxOs are the biggest users of these systems." A common challenge in data teams is the emergence of "accidental product owners" - individuals who find themselves in product ownership roles without clear preparation. Henrik explains why this happens and offers solutions: Clearly identify who owns the project from the outset Consider implementing a "Proxy PO" role between executives and Agile data teams Recognize the importance of having the right stakeholder engagement for requirements gathering and feedback Henrik also highlights the diversity within data teams, noting there are typically "people who code for living, and people who live for coding." This diversity presents both challenges and opportunities for Agile implementation. Fostering Creativity in Structured Environments "Use sprint goals to motivate a team, and help everyone contribute." Data work often requires creative problem-solving - something that can seem at odds with structured Agile frameworks. Henrik discusses how to balance these seemingly conflicting needs by: Recognizing individual strengths within the team Organizing work to leverage these diverse abilities Using sprint goals to provide direction while allowing flexibility in approach This balanced approach helps maintain the benefits of Agile structure while creating space for the creative work essential to solving complex data problems. About Henrik Reich Henrik is a Principal Architect and developer in the R&D Department at twoday Data & AI Denmark. With deep expertise in OLTP and OLAP, he is a strong advocate of Agile development, automation, and continuous learning. He enjoys biking, music, technical blogging, and speaking at events on data and AI topics. You can link with Henrik Reich on LinkedIn and follow Henrik Reich's blog.

Global Agile Summit Preview: How to Measure and Visualize Software Improvement for Actionable Results with Mooly Beeri In this BONUS Global Agile Summit preview episode, we explore how to effectively measure and visualize the continuous improvement journey in technology organizations. Mooly Beeri shares his data-driven approach that helps software teams identify where to focus their improvement efforts and how to quantify their progress over time. We discuss practical examples from major organizations like Philips and Aptiv, revealing how visualization creates an internal language of improvement that empowers teams while giving leadership the insights needed to make strategic decisions. Visualizing Software Development Effectiveness "We visualize the entire SDLC end-to-end. All the aspects... we have a grading of each step in the SDLC. It starts with a focus on understanding what needs to be done better." Mooly shares how his approach at Philips helped create visibility across a diverse organization built from numerous acquisitions with different technologies and development cultures. The challenge was helping management understand the status of software craftsmanship across the company. His solution was developing a heat map visualization that examines the entire software development lifecycle (SDLC) - from requirements gathering through deployment and support - with an effectiveness index for each stage. This creates an at-a-glance view where management can quickly identify which teams need support in specific areas like automation, code reviews, or CI/CD processes. This visualization becomes a powerful internal language for improvement discussions, allowing focused investment decisions instead of relying on intuition or which team has the most persuasive argument. The framework creates alignment while empowering teams to determine their own improvement paths. Measuring What Matters: The Code Review Example "We often hear 'we have to do code reviews, of course we do them,' but when we talk about 'how well are they done?', the answer comes 'I don't know, we haven't measured it.'" When one team wanted to double the time invested in code reviews based on conference recommendations, Mooly helped them develop a meaningful measurement approach. They created the concept of "code review escapes" - defects that could have been caught with better code reviews but weren't. By gathering the team to evaluate a sample of defects after each iteration, they could calculate what percentage "escaped" the code review process. This measurement allowed the team to determine if doubling review time actually improved outcomes. If the escape rate remained at 30%, the investment wasn't helping. If it dropped to 20%, they could calculate a benefit ratio. This approach has been expanded to measure "escapes" in requirements, design, architecture, and other SDLC phases, enabling teams to consciously decide where improvement efforts would yield the greatest returns. Balancing Team Autonomy with Organizational Alignment "Our model focuses on giving teams many options on how to improve, not just one like from top-down improvements. We want to focus the teams on improving on what matters the most." Mooly contrasts his approach with traditional top-down improvement mandates, sharing a story from Microsoft where a VP mandated increasing unit test coverage from 70% to 80% across all teams regardless of their specific needs. Instead, his framework agrees on an overall definition of effectiveness while giving teams flexibility to choose their improvement path. Like athletes at different fitness levels, teams with lower effectiveness have many paths to improvement, while high-performing teams have fewer options. This creates a win-win scenario where teams define their own improvement strategy based on their context, while management can still see quantifiable progress in overall organizational effectiveness. Adapting to Different Industry Contexts "TIP: Keep the model of evaluation flexible enough to adapt to a team's context." While working across healthcare, automotive, and other industries, Mooly found that despite surface differences, all software teams face similar fundamental challenges throughout the development lifecycle. His effectiveness framework was born in the diverse Philips environment, where teams built everything from espresso machine firmware to hospital management systems and MRI scanners. The framework maintains flexibility by letting teams define what's critical in their specific context. For example, when measuring dynamic analysis, teams define which runtime components are most important to monitor. For teams releasing once every four years (like medical equipment), continuous integration means something very different than for teams deploying daily updates. The framework adapts to these realities while still providing meaningful measurements. Taking the First Step Toward Measured Improvement "Try to quantify the investment, by defining where to improve by how much. We encourage the team to measure effectiveness of whatever the practices are they need to improve." For leaders looking to implement a more measured approach to improvement, Mooly recommends starting by focusing teams on one simple question: how will we know if our improvement efforts are actually working? Rather than following trends or implementing changes without feedback mechanisms, establish concrete metrics that demonstrate progress and help calculate return on investment. The key insight is that most teams already value continuous improvement but struggle with prioritization and knowing when they've invested enough in one area. By creating a quantifiable framework, teams can make more conscious decisions about where to focus their limited improvement resources and demonstrate their progress to leadership in a language everyone understands. About Mooly Beeri Mooly Beeri is a software transformation expert with nearly 30 years of industry experience. As founder and CEO of BetterSoftware.dev, he developed a very practical and visual approach to visualize and measure the improvements in technology organizations like Microsoft, Phillips, and Aptiv. His data-driven approach helps organizations visualize and optimize their entire software development lifecycle through measurable improvements. You can link with Mooly Beeri on LinkedIn and visit Mooly Beeri's website.