Podcasts about ci cd

Docker launched "Docker Model Runner" to run LLMs through llama.cpp with a single "docker model" command. In this episode Bret details examples and some useful use cases for using this way to run LLMs. He breaks down the internals. How it works, when you should use it or not use it; and, how to get started using Open WebUI for a private ChatGPT-like experience.★Topics★Model Runner DocsHub ModelsOCI ArtifactsOpen WebUIMy Open WebUI Compose fileCreators & Guests Cristi Cotovan - Editor Beth Fisher - Producer Bret Fisher - Host (00:00) - Intro (00:46) - Model Runner Elevator Pitch (01:28) - Enabling Docker Model Runner (04:28) - Self Promotion! Is that an ad? For me? (05:03) - Downloading Models (07:11) - Architectrure of Model Runner (10:49) - ORAS (11:09) - What's next for Model Runner? (12:13) - Troubleshooting You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Nuke è una libreria che permette di realizzare una pipeline di build utilizzando codice C#, e può facilmente integrarsi con qualsiasi strumento di CI/CD come Azure Pipelines, GitHub Actions.Altro vantaggio è dato dalla possibilità di poter utilizzare qualsiasi libreria .NET, e riutilizzando un linguaggio famigliare per uno sviluppatore.https://nuke.build/https://github.com/nuke-build/nukehttps://www.youtube.com/watch?v=Y0eeoDBqFAohttps://learn.microsoft.com/it-it/shows/on-dotnet/build-automation-with-nuke#dotnet #nukebuild #dotnetinpillole #podcast #github #azure

Think database skills are dead in the Salesforce era? Think again. In this episode of DevOps Diaries, Jack McCurdy talks to Chris Starleaf of Zinc Partners, who argues they're more relevant than ever. Listen in as Chris shares insights from his Salesforce journey, exploring why tech pros need sales skills, the crucial balance between quick wins and long-term strategy, and the vital role of data governance. They tackle the generalist vs. specialist debate and discuss how strong leadership and team development drive success. Want to build better data strategies and lead more effectively in the Salesforce ecosystem? Don't miss this episode!About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKWChapters00:00 Introduction to Chris Starleaf and His Journey03:02 The Relevance of Database Management in Salesforce06:00 Sales Skills for Tech Professionals09:12 Understanding Different Roles in Salesforce11:52 Balancing Quick Wins with Long-Term Success14:59 The Importance of Data Governance18:09 The Role of Generalists vs. Specialists20:58 Fostering Pride in Data Management23:55 Building a Data Governance Strategy27:03 Team Leadership and Development29:53 Creating Efficient Processes33:13 Navigating the Salesforce Ecosystem36:08 Conclusion and Contact Information

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

Você já caiu na armadilha da “imagem invulnerável”? Na segunda parte do episódio 164 da sétima temporada do Kubicast, continuamos nosso papo com Alexandre Sieira, fundador da Tenchi Security, entrando de cabeça nos desafios técnicos da segurança prática — aquela do dia a dia, que envolve CVE, GitHub comprometido e decisões que custam caro.Com exemplos reais e reflexões afiadas, Sieira nos mostra por que segurança é mais do que política: é arquitetura, processo e cultura em ação. Problemas enfrentadosImagens de container com base vulnerável sendo tratadas como “seguras”.Falta de visibilidade sobre o que está rodando no pipeline.Risco de dependências excessivas e falta de controle na supply chain.Incidentes reais de comprometimento em ferramentas de CI/CD (como GitHub Actions).Dificuldade em conciliar segurança com performance operacional.Soluções adotadasGestão contínua de vulnerabilidades com foco em redução de superfície de ataque.Uso do SBOM (Software Bill of Materials) como aliado na rastreabilidade.Segregação de ambientes com deploy seguro entre contas e contextos.Otimizações de arquitetura sem abrir mão de práticas seguras.Estreitamento entre times de produto e segurança desde o início da jornada. Ao longo do episódio, ficou claro que segurança eficaz não depende de uma stack perfeita — mas sim de decisões conscientes. Frequentar o mundo real de DevSecOps é entender que agilidade e segurança não só podem coexistir, como se complementam. Releases frequentes, rastreabilidade e cultura de melhoria contínua são fatores que reduzem riscos e aumentam a confiança da operação. Entre as boas práticas discutidas, reforçamos que menos é mais: minimizar dependências, separar ambientes, aplicar princípios como Least Privilege e pensar sempre em blast radius são decisões simples, mas com grande impacto. Além disso, aproximar os times desde a arquitetura ajuda a criar um ambiente de segurança distribuída — e não centralizada como barreira.

Palantir Technologies, CEO Alex Karp & the New Era of Tech Defense Contractors   - AZ TRT S06 EP05 (266) 3-9-2025                 What We Learned This Week Palantir - AI powered automation for every decision Palantir is named after the all seeing stone in Lord of the Rings Software integrates with company software to allow for searching and use of big data Palantir mission is for more accountability within Government Palantir has contracts with the U.S. Government helping with security and fighting terrorism   Notes: Palantir Technologies & CEO Alex Karp Karp background in academics and philosophy, also Stanford law  Palantir founders Karp & Joe Lonsdale worked together at PayPal, funded by Peter Thiel Was not profitable for 3 years - one of the secrets of Silicon Valley, build around an idea, work on how you're going to make money off of it later  Passion project, so need people who are dedicated, not just money driven Every text, email, business, it has all data and need to save somewhere Big data and data centers are one of the fastest growing industries and along with machine learning affect so many aspects of our life, both business, and personal Dataset and Data mining are thriving industries   https://en.wikipedia.org/wiki/Palantir_Technologies Palantir Technologies Inc. is an American publicly traded company that specializes in software platforms[3] for big data analytics. Headquartered in Denver, Colorado, it was founded by Peter Thiel,[4] Stephen Cohen, Joe Lonsdale,[5] and Alex Karp in 2003. The company has four main projects: Palantir Gotham, Palantir Foundry, Palantir Apollo, and Palantir AIP. Palantir Gotham is an intelligence and defense tool used by militaries and counter-terrorism analysts. Its customers included the United States Intelligence Community (USIC) and United States Department of Defense.[6] Their software as a service (SaaS) is one of five offerings authorized for Mission Critical National Security Systems (IL5[7]) by the U.S. Department of Defense.[8][9] Palantir Foundry is used for data integration and analysis by corporate clients such as Morgan Stanley, Merck KGaA, Airbus, Wejo, Lilium, PG&E and Fiat Chrysler Automobiles.[10] Palantir Apollo is a platform to facilitate continuous integration/continuous delivery (CI/CD) across all environments.[11][12] Palantir's original clients were federal agencies of the USIC. It has since expanded its customer base to serve both international as well as state and local governments, and also to private companies.[13]     Palantir software connects data, analytics, and operations to help organizations make decisions and improve efficiency. Palantir's software is used by government agencies and commercial enterprises.  How Palantir works 1.    Connects data: Palantir connects to data systems, data lakes, and platforms.  2.    Analyzes data: Palantir analyzes data to find trends, relationships, and anomalies.  3.    Visualizes data: Palantir visualizes data to help users understand insights.  4.    Automates processes: Palantir automates processes to help users save time and improve efficiency.  5.    Improves decision-making: Palantir helps users make better decisions by providing data-driven insights.    Palantir has multiple platforms, including: ·         Palantir Gotham: Used by government agencies to detect patterns and derive insights from large amounts of data  ·         Palantir Foundry: Used by commercial enterprises to integrate data, perform simulations, and optimize workflows  ·         Palantir AIP: Used to deploy large language models and other AI within a private network    Failure of 911 terrorist attacks where government organizations were not sharing information. Government has to be able to sift through large amounts of data, looking for a terrorist network, the old needle in a haystack. Software allows government to go thru data, and also share information. In the past governments could run spy networks only, now with computer hackers, it could be run by anybody with a computer. Hard to search for terrorist, very creative. In carps view, you have to think like an entrepreneur and be tactical when going after them.   Cannot think in a static fashion, how did they do it in the past. When a terrorist is caught using a cell phone, they adapt to figure out how do they get caught and then use a different method. It's like game theory, you have to think ahead of the terrorist and find their patterns before they even realize they are leaving pattern. Terrorist may think in different terms that society deems as destructive, but it still may be very creative, almost like an entrepreneur. Per carp, you need creative and adaptive thinkers to go after the bad guys.   Cyber war is a real threat and not going anywhere. Need the government to combat it, but also must watch what the government is doing to not trample on civil liberties. Need to be able to track the data to see how the government went about things and did its targeting. Data destruction & Tag data - Know where the data came from, so government can use it lawfully.   You do not want to share data with the government, and then have the government use it against you. Because of technology and computers spying is democracized, a group of three teenagers at a coffee shop can launch a cyber attack. Systems can track down where these terrorists are, and show you the patterns of who they might be even if they can identify them directly.   Government and large health insurance companies already have a lot of data. The question is, how are they using it, is it being used in a lawful way? With Palantir software, you cannot only look for the terrorist, but you can also watch how the government uses the data   Can use Palantir software on top of current software to work through data Palantir and SpaceX companies – achieved $ Billion dollar valuation Unicorn status  Funded at loss for years, took decade to get Govt contracts   Name comes from the seeing stone in Lord of the Rings Powerful technology, that can help watch over the world, has massive, ethical implications Software helps government and businesses look over data and watch on people, but can infringe on privacy - Paradox of security vs freedom Also raises questions about privacy, verse convenience, a kin to the issue with current social media  Solve terrorism problem in big way Fight terrorism on a large scale, verse just smaller tactics with airport security   Fight terrorism at the high-level, verse low level tech with airport security and other measures that are very cumbersome and overbearing Coordinate resources better Hard to start in defense company, and this is the next generation   Palantir is coming up with a simple high-tech solution, to handle a serious and complicated problem Pre-911, government not prepared or organized to handle global terrorist threat, and many of the solutions were over the top and heavy handed   Company provides targeted efficient reactions, verse broad wide solutions There is both philosophical and technological debate on how this software can and should be used They also believe they can be more transparent, show accountability, and actually prevent government overreach Check NSA and FISA courts if used, it is not Security and CIA type orgs need secrecy Palantir could track actions of these orgs for review   Large organization, bureaucracy, often have outdated technology, and reporting, so hard to do oversight, can be very confusing Often these organizations want plausible deniability, so they don't want their accounting to be reviewed, and will list expenditures under different things, this could be seen as fraud Technology is both disruptive and how it can go through data, but also disruptive that I can force accountability and bring stuff to light   Creative accounting and inefficiency could come to an end. This forces people to adapt and change their ways. Human nature is not always open to this. Belief by CEO, how important it is to choose the right partner in person and business You want to work with people who will challenge your ideas, so you have the discipline and rigor to think out and give evidence behind when while your idea is right, or at the very least not wrong   Scale to be plausibly right, and not wrong is very valuable in life  People must be resilient enough to challenge, even their own ideas. Company, culture, fosters, and environment, where people are open to think, challenge, status quo, but also must defend their thoughts. They foster independent thought, and not just one way thinking in the company Also ambition to work on bigger national projects   Future of defense contractors is in software, which they don't have a good history with. A lot of the best defense contractors make hardware. Palantir reviewed what the government was doing to fight terrorism, and how they were spending tens of billions of dollars on it. They were spending it in the wrong way, and the process needed to be rethought. Took years to get in with government. Building software for spies and intelligence industry. Has both commercial private clients and government client.   A few different products that help big organizations analyze their data using AI, and make the data more understandable. This can help a company in many ways, be more efficient, cut cost, raise profits, understand their own company better AI and data are the new languages of the modern world. There's a lot of data and it is critical to keep it organized, but very hard. Their software goes beyond just storing and managing data. It helps them to utilize the data which is key.   Silicon Valley tree - Paypal to Palantir to Anduril Anduril makes Roadrunner – takeoff software **company seems like Stark Industries Anduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century's most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold.   Anduril's family of systems is powered by Lattice, an AI software platform that turns thousands of data streams into a realtime, 3D command and control center. As the world enters an era of strategic competition, Anduril is committed to bringing cutting-edge AI, computer vision, sensor fusion, and networking technology to the military in months, not years.   For more information, visit www.anduril.com. https://investors.palantir.com/news-details/2024/Anduril-and-Palantir-to-Accelerate-AI-Capabilities-for-National-Security/   https://en.wikipedia.org/wiki/Anduril_Industries Anduril Industries, Inc. is an American defense technology company that specializes in autonomous systems. It was cofounded in 2017 by inventor and entrepreneur Palmer Luckey and others.[3][4] Anduril aims to sell to the U.S. Department of Defense, including artificial intelligence and robotics. Anduril's major products include unmanned aerial systems (UAS) and counter-UAS (CUAS), semi-portable autonomous surveillance systems, and networked command and control software.     Related Show: Zero to One - Peter Thiel Contrarian Thinker + Disruption AZ TRT S04 EP50 (213) 12-17-2023   What We Learned This Week Contrarian Thinking – think for yourself and differently than everyone else Innovation great companies have unique products that go from Zero to one, vertical Founders are important and challenge the Status Quo to change the world Competition is for losers, strive for a Monopoly Secrets – What Great Company is No One Building? Disruption in Business & Tech World - How to Handle The Innovator's Dilemma    Zero to One: Notes on Startups, or How to Build the Future (c- 2014) Full Show: Here     PayPal Mafia - The Founders Story & Their Battle w/ EBAY w/ Jimmy Soni  - BRT S03 EP36 (135) 8-7-2022 What We Learned This Week PayPal Mafia – alumni created or involved many other co's – Tesla, SpaceX, Palantir, Yelp, Yammer, LinkedIn, Facebook, YouTube & more PayPal had may contributors & a real long shot to happen during the DOTCOM Crash of 2000 Claude Shannon – creator of Information Theory, predecessor to the modern computer age, & algorithms Bell Labs was a classic Tech Incubator like Fairfield Semiconductor, Xerox Parc, Menlo Park – Edison / GE, Manhattan Project, Tuxedo Park PayPal sold to EBAY in 2002 for $1.5 Billion, prior to this, the two companies were rivals as EBAY wanted a different payment system   Guest: Jimmy Soni, Author https://jimmysoni.com/ https://twitter.com/jimmyasoni   Full Show: Here   AZ TRT 2.0 - Best of Tech Part 1 - Data Centers, IT, EV Charging, Minerals & AI Software AZ TRT S05 EP21 (236) 5-26-2024    What We Learned This Week: Host  Matt on Data Centers + Energy Usage Lucian Aguayo of Redgear on IT Infrastructure Broc TenHouten of Intrinsic Power on EV Charging Brian Stevens of Neural Magic on AI Software Dr. Nick Sakharav of Reclaimed Minerals on Energy   ‘Best of' Clips from previous Tech themed aired in the first half of 2024  Full Show: Here       Biotech Shows: https://brt-show.libsyn.com/category/Biotech-Life+Sciences-Science   AZ Tech Council Shows:  https://brt-show.libsyn.com/size/5/?search=az+tech+council *Includes Best of AZ Tech Council show from 2/12/2023   Tech Topic: https://brt-show.libsyn.com/category/Tech-Startup-VC-Cybersecurity-Energy-Science  Best of Tech: https://brt-show.libsyn.com/size/5/?search=best+of+tech   ‘Best Of' Topic: https://brt-show.libsyn.com/category/Best+of+BRT      Thanks for Listening. Please Subscribe to the AZ TRT Podcast.     AZ Tech Roundtable 2.0 with Matt Battaglia The show where Entrepreneurs, Top Executives, Founders, and Investors come to share insights about the future of business.  AZ TRT 2.0 looks at the new trends in business, & how classic industries are evolving.  Common Topics Discussed: Startups, Founders, Funds & Venture Capital, Business, Entrepreneurship, Biotech, Blockchain / Crypto, Executive Comp, Investing, Stocks, Real Estate + Alternative Investments, and more…    AZ TRT Podcast Home Page: http://aztrtshow.com/ ‘Best Of' AZ TRT Podcast: Click Here Podcast on Google: Click Here Podcast on Spotify: Click Here                    More Info: https://www.economicknight.com/azpodcast/ KFNX Info: https://1100kfnx.com/weekend-featured-shows/     Disclaimer: The views and opinions expressed in this program are those of the Hosts, Guests and Speakers, and do not necessarily reflect the views or positions of any entities they represent (or affiliates, members, managers, employees or partners), or any Station, Podcast Platform, Website or Social Media that this show may air on. All information provided is for educational and entertainment purposes. Nothing said on this program should be considered advice or recommendations in: business, legal, real estate, crypto, tax accounting, investment, etc. Always seek the advice of a professional in all business ventures, including but not limited to: investments, tax, loans, legal, accounting, real estate, crypto, contracts, sales, marketing, other business arrangements, etc.  

Czy jesteś programistą jednego języka? W najnowszym odcinku Short #71 rozmawiamy o niepokojącym trendzie specjalizacji w jednej technologii. Dyskutujemy też o migracji kompilatora TypeScript do Go i natywnym wsparciu dla TypeScript w Node.js. Analizujemy ekosystem Mercado Libre z ich 30 tysiącami mikroserwisów i platformą IDP. Sprawdzamy kontrowersyjną metrykę "Time on Keyboard" stosowaną przez Adidasa. Omawiamy również nadchodzące zmiany w Kafka 4.0 i zastąpienie Zookeepera implementacją Rafta. Zastanawiasz się, czy Twój zespół potrzebuje CI/CD zamiast FTP? Posłuchaj naszej dyskusji o sensownej ewolucji praktyk inżynieryjnych. A jeśli budujesz platformę, nie zapomnij o producentach - to brakujący element dobrego Platform Engineeringu!   A teraz nie ma co się obijać!

Welcome to another exciting episode of the DevOps Toolchain podcast, where we delve into the dynamic world of DevOps, automation, and cloud infrastructure. Today, we're thrilled to have Kedar Kulkarni, a DevOps and cloud infrastructure expert, join us. Kedar has a wealth of experience in CICD, Kubernetes, and what he calls 'automation first' DevOps. He co-authored a popular IT automation ebook and created the AT-CasC framework, an integral part of Red Hat's automation stack. In this episode, we explore his unique approach to infrastructure test automation and the impact of his work in shaping how teams think about testing infrastructure as code. We'll dive deep into GitOps and explore open-source tools, learning what it really takes to build DevOps frameworks that matter. Along the way, Kedar shares insights on the significance of infrastructure as code, how to build a successful opensource project, and his thoughts on the future of DevOps practices. Whether you're a DevOps professional or just dipping your toes into the field, you won't want to miss this conversation. Tune in as we journey through the essentials of building efficient, scalable, and user-friendly DevOps frameworks that help you stay ahead in the game. Try out Insight Hub free for 14 days now: https://testguild.me/insighthub. No credit card required.

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

* Cyber Attacks Target Multiple Australian Super Funds, Half Million Dollars Stolen* Intelligence Agencies Warn of "Fast Flux" Threat to National Security* SpotBugs Token Theft Revealed as Origin of Multi-Stage GitHub Supply Chain Attack* ASIC Secures Court Orders to Shut Down 95 "Hydra-Like" Scam Companies* Oracle Acknowledges "Legacy Environment" Breach After Weeks of DenialCyber Attacks Target Multiple Australian Super Funds, Half Million Dollars Stolenhttps://www.itnews.com.au/news/aussie-super-funds-targeted-by-fraudsters-using-stolen-creds-616269https://www.abc.net.au/news/2025-04-04/superannuation-cyber-attack-rest-afsa/105137820Multiple Australian superannuation funds have been hit by a wave of cyber attacks, with AustralianSuper confirming that four members have lost a combined $500,000 in retirement savings. The nation's largest retirement fund has reportedly faced approximately 600 attempted cyber attacks in the past month alone.AustralianSuper has now confirmed that "up to 600" of its members were impacted by the incident. Chief member officer Rose Kerlin stated, "This week we identified that cyber criminals may have used up to 600 members' stolen passwords to log into their accounts in attempts to commit fraud." The fund has taken "immediate action to lock these accounts" and notify affected members.Rest Super has also been impacted, with CEO Vicki Doyle confirming that "less than one percent" of its members were affected—equivalent to fewer than 20,000 accounts based on recent membership reports. Rest detected "unauthorised activity" on its member access portal "over the weekend of 29-30 March" and "responded immediately by shutting down the member access portal, undertaking investigations and launching our cyber security incident response protocols."While Rest stated that no member funds were transferred out of accounts, "limited personal information" was likely accessed. "We are in the process of contacting impacted members to work through what this means for them and provide support," Doyle said.HostPlus has confirmed it is "actively investigating the situation" but stated that "no HostPlus member losses have occurred" so far. Several other funds including Insignia and Australian Retirement were also reportedly affected.Members across multiple funds have reported difficulty accessing their accounts online, with some logging in to find alarming $0 balances displayed. The disruption has caused considerable anxiety among account holders.National cyber security coordinator Lieutenant General Michelle McGuinness confirmed that "cyber criminals are targeting individual account holders of a number of superannuation funds" and is coordinating with government agencies and industry stakeholders in response. The Australian Prudential Regulation Authority (APRA) and Australian Securities and Investments Commission (ASIC) are engaging with all potentially impacted funds.AustralianSuper urged members to log into their accounts "to check that their bank account and contact details are correct and make sure they have a strong and unique password that is not used for other sites." The fund also noted it has been working with "the Australian Signals Directorate, the National Office of Cyber Security, regulators and other authorities" since detecting the unauthorised access.If you're a member of any of those funds, watch for official communications and be wary of potential phishing attempts that may exploit the situation.Intelligence Agencies Warn of "Fast Flux" Threat to National Securityhttps://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/fast-flux-national-security-threatMultiple intelligence agencies have issued a joint cybersecurity advisory warning organizations about a significant defensive gap in many networks against a technique known as "fast flux." The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), FBI, Australian Signals Directorate, Canadian Centre for Cyber Security, and New Zealand National Cyber Security Centre have collaborated to raise awareness about this growing threat.Fast flux is a domain-based technique that enables malicious actors to rapidly change DNS records associated with a domain, effectively concealing the locations of malicious servers and creating resilient command and control infrastructure. This makes tracking and blocking such malicious activities extremely challenging for cybersecurity professionals."This technique poses a significant threat to national security, enabling malicious cyber actors to consistently evade detection," states the advisory. Threat actors employ two common variants: single flux, where a single domain links to numerous rotating IP addresses, and double flux, which adds an additional layer by frequently changing the DNS name servers responsible for resolving the domain.The advisory highlights several advantages that fast flux networks provide to cybercriminals: increased resilience against takedown attempts, rendering IP blocking ineffective due to rapid address turnover, and providing anonymity that complicates investigations. Beyond command and control communications, fast flux techniques are also deployed in phishing campaigns and to maintain cybercriminal forums and marketplaces.Notably, some bulletproof hosting providers now advertise fast flux as a service differentiator. One such provider boasted on a dark web forum about protecting clients from Spamhaus blocklists through easily enabled fast flux capabilities.The advisory recommends organizations implement a multi-layered defense approach, including leveraging threat intelligence feeds, analyzing DNS query logs for anomalies, reviewing time-to-live values in DNS records, and monitoring for inconsistent geolocation. It also emphasizes the importance of DNS and IP blocking, reputation filtering, enhanced monitoring, and information sharing among cybersecurity communities."Organizations should not assume that their Protective DNS providers block malicious fast flux activity automatically, and should contact their providers to validate coverage of this specific cyber threat," the advisory warns.Intelligence agencies are urging all stakeholders—both government and providers—to collaborate in developing scalable solutions to close this ongoing security gap that enables threat actors to maintain persistent access to compromised systems while evading detection.SpotBugs Token Theft Revealed as Origin of Multi-Stage GitHub Supply Chain Attackhttps://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/Security researchers have traced the sophisticated supply chain attack that targeted Coinbase in March 2025 back to its origin point: the theft of a personal access token (PAT) associated with the popular open-source static analysis tool SpotBugs.Palo Alto Networks Unit 42 revealed in their latest update that while the attack against cryptocurrency exchange Coinbase occurred in March 2025, evidence suggests the malicious activity began as early as November 2024, demonstrating the attackers' patience and methodical approach."The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs," Unit 42 explained. This initial compromise allowed the threat actors to move laterally between repositories until gaining access to reviewdog, another open-source project that became a crucial link in the attack chain.Investigators determined that the SpotBugs maintainer was also an active contributor to the reviewdog project. When the attackers stole this maintainer's PAT, they gained the ability to push malicious code to both repositories.The breach sequence began when attackers pushed a malicious GitHub Actions workflow file to the "spotbugs/spotbugs" repository using a disposable account named "jurkaofavak." Even more concerning, this account had been invited to join the repository by one of the project maintainers on March 11, 2025 – suggesting the attackers had already compromised administrative access.Unit 42 revealed the attackers exploited a vulnerability in the repository's CI/CD process. On November 28, 2024, the SpotBugs maintainer modified a workflow in the "spotbugs/sonar-findbugs" repository to use their personal access token while troubleshooting technical difficulties. About a week later, attackers submitted a malicious pull request that exploited a GitHub Actions feature called "pull_request_target," which allows workflows from forks to access secrets like the maintainer's PAT.This compromise initiated what security experts call a "poisoned pipeline execution attack" (PPE). The stolen credentials were later used to compromise the reviewdog project, which in turn affected "tj-actions/changed-files" – a GitHub Action used by numerous organizations including Coinbase.One puzzling aspect of the attack is the three-month delay between the initial token theft and the Coinbase breach. Security researchers speculate the attackers were carefully monitoring high-value targets that depended on the compromised components before launching their attack.The SpotBugs maintainer has since confirmed the stolen PAT was the same token later used to invite the malicious account to the repository. All tokens have now been rotated to prevent further unauthorized access.Security experts remain puzzled by one aspect of the attack: "Having invested months of effort and after achieving so much, why did the attackers print the secrets to logs, and in doing so, also reveal their attack?" Unit 42 researchers noted, suggesting there may be more to this sophisticated operation than currently understood.ASIC Secures Court Orders to Shut Down 95 "Hydra-Like" Scam Companieshttps://asic.gov.au/about-asic/news-centre/find-a-media-release/2025-releases/25-052mr-asic-warns-of-threat-from-hydra-like-scammers-after-obtaining-court-orders-to-shut-down-95-companies/The Australian Securities and Investments Commission (ASIC) has successfully obtained Federal Court orders to wind up 95 companies suspected of involvement in sophisticated online investment and romance baiting scams, commonly known as "pig butchering" schemes.ASIC Deputy Chair Sarah Court warned consumers to remain vigilant when engaging with online investment websites and mobile applications, describing the scam operations as "hydra-like" – when one is shut down, two more emerge in its place."Scammers will use every tool they can think of to steal people's money and personal information," Court said. "ASIC takes action to frustrate their efforts, including by prosecuting those that help facilitate their conduct and taking down over 130 scam websites each week."The Federal Court granted ASIC's application after the regulator discovered most of the companies had been incorporated using false information. Justice Stewart described the case for winding up each company as "overwhelming," citing a justifiable lack of confidence in their conduct and management.ASIC believes many of these companies were established to provide a "veneer of credibility" by purporting to offer genuine services. The regulator has taken steps to remove numerous related websites and applications that allegedly facilitated scam activity by tricking consumers into making investments in fraudulent foreign exchange, digital assets, or commodities trading platforms.In some cases, ASIC suspects the companies were incorporated using stolen identities, highlighting the increasingly sophisticated techniques employed by scammers. These operations often create professional-looking websites and applications designed to lull victims into a false sense of security.The action represents the latest effort in ASIC's ongoing battle against investment scams. The regulator reports removing approximately 130 scam websites weekly, with more than 10,000 sites taken down to date – including 7,227 fake investment platforms, 1,564 phishing scam hyperlinks, and 1,257 cryptocurrency investment scams.Oracle Acknowledges "Legacy Environment" Breach After Weeks of Denialhttps://www.bloomberg.com/news/articles/2025-04-02/oracle-tells-clients-of-second-recent-hack-log-in-data-stolenOracle has finally admitted to select customers that attackers breached a "legacy environment" and stole client credentials, according to a Bloomberg report. The tech giant characterized the compromised data as old information from a platform last used in 2017, suggesting it poses minimal risk.However, this account conflicts with evidence provided by the threat actor from late 2024 and posted records from 2025 on a hacking forum. The attacker, known as "rose87168," listed 6 million data records for sale on BreachForums on March 20, including sample databases, LDAP information, and company lists allegedly stolen from Oracle Cloud's federated SSO login servers.Oracle has reportedly informed customers that cybersecurity firm CrowdStrike and the FBI are investigating the incident. According to cybersecurity firm CybelAngel, Oracle told clients that attackers gained access to the company's Gen 1 servers (Oracle Cloud Classic) as early as January 2025 by exploiting a 2020 Java vulnerability to deploy a web shell and additional malware.The breach, detected in late February, reportedly involved the exfiltration of data from the Oracle Identity Manager database, including user emails, hashed passwords, and usernames.When initially questioned about the leaked data, Oracle firmly stated: "There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data." However, cybersecurity expert Kevin Beaumont noted this appears to be "wordplay," explaining that "Oracle rebadged old Oracle Cloud services to be Oracle Classic. Oracle Classic has the security incident." This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

We're in a season of disruption—political shifts, evolving policies, contracting delays, and social tensions are impacting how business gets done, especially in the federal space. If you're a small business owner or leader trying to make sense of how to stay relevant—or just stay open—you're not alone.In this episode, we're unpacking how to navigate the high-stakes environment of public sector contracting when the rules seem to keep changing. We'll explore how policy, politics, and procurement slowdowns intersect with real-world business survival.Then, we'll shift gears and talk about tangible strategies to pivot smartly—without losing your footing. Whether you're repositioning your offers, realigning with a new customer, or expanding to commercial markets, this conversation is your guide to pivoting with power, not panic.Guest Bio:Shaun Edens founded Lucky Rabbit in 2020 and has since led its growth into a trusted digital modernization partner for agencies like USCIS, OPM, CMS, GSA, and ED, as well as commercial clients like CrabPlace.com. With a background in senior roles at firms including CTEC, TechFlow, Enlightened, and Booz Allen Hamilton, he brings deep expertise in agile transformation, cloud migration, DevSecOps, and enterprise architecture.Shaun holds an MBA from the University of Illinois and a B.S. in Computer Science from Morehouse College. He's certified in SAFe, Scrum, Product Ownership, and AWS, and skilled in tools like ReactJS, Go, Python, and CI/CD pipelines. Focused on innovation and transparency, Shaun continues to lead Lucky Rabbit in delivering human-centered, secure digital solutions that drive real impact.Call(s) to Action:Help spread the word about Unveiled: GovCon Stories: https://shows.acast.com/unveiled-govcon-storiesDo you want to be a guest or recommend a topic that you would like to learn or hear about on the podcast? Let us know through our guest feedback and registration form.Links:Lucky RabbitLucky Rabbit BlueTechFollow Lucky Rabbit on LinkedInSponsors:The views and opinions expressed in this podcast are solely those of the hosts and guests, and do not reflect the views or endorsements of our sponsors.Withum – Diamond Sponsor!Withum is a forward-thinking, technology-driven advisory and accounting firm, helping clients to be in a position of strength in today's complex business environment. Go to Withum's website to learn more about how they can help your business! Hosted on Acast. See acast.com/privacy for more information.

In this episode of Technical Tips, Tommy shares 10 expert tips to keep your CI pipeline fast and efficient. Learn how to improve performance, reduce errors, and ship quality software faster!Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.

Welcome to the TestGuild Automation Podcast! In this episode, host Joe Colantonio sits down with Gaurav Mittal, a cybersecurity, data science, and IT expert with over two decades of experience. Gaurav, recognized for his thought leadership in AI and automation with multiple industry awards, shares his insights on making How To Optimize your Automation CI/CD Pipelines in DevOps more cost-effective. Whether you're a test automation engineer or security professional or work with AI/ML, you'll want to hear Gaurav's take on implementing DevOps pipelines that reduce licensing costs and enhance flexibility without sacrificing your team's productivity. Learn about his experiences with GitHub Actions, Jenkins, and the innovative ways he's optimized CI/CD pipelines to save resources and automate extensive testing processes, all while incorporating strong security measures. Join us as we delve into the innovative strategies and practical advice that can help transform your DevOps practices.

From his early days in the Salesforce ecosystem to becoming a driving force behind Okta's DevOps strategy, Varun shares candid insights and hard-won lessons.Jack McCurdy sits down with Varun Kavoori, Principal Salesforce DevOps Engineer at Okta, for a deep dive into his career journey and the evolving world of Salesforce DevOps. Jack and Varun explore how Okta approaches release management, the power of flexible DevOps practices, and why setting strong guardrails is key to compliance and scale. Varun lifts the lid on the tools and tactics that keep his team running smoothly, especially on high-stakes release days, and looks ahead to the growing role of AI in the DevOps space. Whether you're a seasoned Salesforce engineer or just starting out, this episode is packed with actionable takeaways and fresh perspectives.About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKWChapters:00:00 Introduction to Varun Kavoori and His Journey03:06 Understanding the Role of DevOps in Salesforce06:08 Release Management at Okta08:55 Building a Flexible DevOps Process11:54 Guardrails and Compliance in Releases15:00 Scaling the Team and Managing Growth18:02 Challenges with Metadata and Deployment20:54 Release Day Process and Code Freeze23:51 Tools and Techniques for DevOps Success26:53 Future of DevOps and AI Integration29:53 Excitement for Salesforce Innovations

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

Lars Wirzenius discusses his innovative CI/CD system Ambient, which uses isolated virtual machines without network access to enhance security, and his work on Radicle, a peer-to-peer Git collaboration platform. Together, these projects offer a glimpse into a more distributed future for software development, addressing key challenges in current CI/CD systems like long wait times, security vulnerabilities, and centralized infrastructure limitations. The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-03-ambient-radicle-lars-wirzenius/

This episode is about what I'm seeing and what I'm doing right now, and then for the rest of the year. There are three parts. First, I talk about what's about to happen for me for the next few weeks re going to London for KubeCon. Then what I'm planning to change in this podcast, as well as my other content on YouTube for the rest of the year. And lastly, I talk about some industry trends that I'm seeing that will force me, I think, to change the format of this show. I recorded the episode on March 22, 2025.★Topics★My work at KubeCon EU in LondonWhat's next for this Podcast and my YouTubeWhat's up with AI for DevOps?Creators & Guests Beth Fisher - Producer Bret Fisher - Host (00:00) - What's Coming in 2025 (01:07) - Highlights I'm excited about re KubeCon (04:35) - Changes to this Podcast (05:58) - What's up with AI and "Agentic DevOps"? (15:11) - Upcoming guests You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

„Ein paar Probleme, vor denen man sitzt – da ist wirklich Kreativität gefragt.“ – Muhi über Infrastruktur, Automatisierung und den Reiz komplexer Herausforderungen.In dieser Jobcast®-Episode spricht Muhi über seine Arbeit bei x-cellent im Bereich Kubernetes Operations und über ein internes Projekt, das Open Source Charakter hat – mit dem Ziel, komplexe Infrastruktur auf Knopfdruck verfügbar zu machen.Dabei geht es nicht nur um Technik, sondern auch um eine Unternehmenskultur, in der man sich gehört fühlt, Probleme offen ansprechen darf und gemeinsam nach Lösungen gesucht wird.✅ Aufbau einer automatisierten Infrastruktur mit Metalstack✅ Kubernetes-Cluster-Management auf Bare Metal✅ Remote-Konfiguration über Switche, Firewalls & Netzwerke✅ Open Source Mindset & Release-Vorfreude✅ Fehlerkultur & Teamzusammenhalt bei x-cellent

The Docker Bake Build tool just went general availability, and I'm excited about what this means for creating reproducible builds and automation that can run anywhere  CI locally. I love it. Really, and in this video I'm gonna break down some of the features, the benefits and walk through some examples.In this episode I explain why docker buildx bake exists, what it can do, and I walk through multiple examples of Bake files and how it's better than docker build image and docker compose build. I also touch on BuildKit and Docker's GitHub Actions.There's also a video version of this show on YouTube.★Get started with Docker Bake★Walkthough https://docs.docker.com/guides/bake/ Docs: https://docs.docker.com/build/bake/GA Announcement: https://www.docker.com/blog/ga-launch-docker-bake/Creators & Guests Beth Fisher - Producer Bret Fisher - Host (00:00) - Intro (00:04) - / (00:41) - History Lesson (01:29) - Bake Today (02:43) - Ad for... Me! (03:53) - List of Benefits (10:29) - Use Bake Everywhere (12:41) - Leaning into Bake, maybe? You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Show Notes "If you talk to people that have been doing Terraform for many years, they're going to tell you that, "Terraform is the law and Terraform is the way to go." But like you said, there's different tools, I would say, or languages that you can use for infrastructure as code. And it really depends what you want to do, what your developers are used to or are comfortable with and what works with your organization as it should be with any tool in software development. You got to grab the one or use the one that is more appropriate for your use case, your scenario, your organization"— Sam Gomez Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie "GaProgMan" Taylor. In this episode, Sam Gomez joined us to talk about Infrastructure as Code, why you might want to think about using something like Terraform and Bicep, and how they can help you to automate your deployments to the public cloud. Sam also talks about best practises for CI/CD and ways to test your Infrastructure as Code ahead of running it--something that we've all felt the pain of in the past, I'm sure. "Terraform has what's called validation for your parameters. So like I said, you can set up a validation that says, "the only values for the SKU for a SQL server are basic," for example. And if somebody tries to give a different value to that particular parameter, it'll stop automatically and say, "okay, this validation has failed. You know, the value allowed is this one." You can do the same thing with Bicep. So that's another added layer of protection against making these kind of mistakes and adding or configuring the wrong values in your deployments"— Sam Gomez Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Podcasthon 2025! One last thing before we start the episode: we're super happy to participate in the 3rd edition of Podcasthon For one week, more than a thousand podcasts will highlight a charity of their choice. And today, I have the pleasure of welcoming Andy's Man Club to the show. Throughout this episode, I'll interrupt the conversation a few times to talk about the importance of mental fitness. The reason that I've picked Andy's Man Club is because mental health support is very important to me. I've used their groups for almost two years and have had the honour of being asked to step up and help run one of those groups. If you'll forgive the name for now, Andy's Man Club is a UK-based charity which organises weekly, informal, peer-to-peer talking groups for anyone over the age of 18 who identifies as male. I'll talk more about Andy's Man Club later in the episode. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/deploying-with-confidence-sam-gomez-on-terraform-bicep-and-infrastructure-as-code/ Music Used In This Episode This contains some copyright free music during the interstitials. Each of the pieces of music (linked below) were created by YouTube user HoobeZa, and we thank them for making their work free to use. If you liked the music we used, check out links to the pieces below: "Lounge" "Mellow" "Golden" "Release" Podcasthon 2025 This episode of the podcast contains support for both Podcasthon, Andy's Man Club, and Capes on the Couch. Please feel free to check out both projects at the links below. Podcasthon! Andy's Man Club Capes on the Couch And please remember to check in on your own mental fitness from time to time. Useful Links Sam on LinkedIn Dad's in Tech The bus factor Terraform Registry Azure Verified Modules Bicep for VS Code Terraform extension for VS Code Terraform CNCF Hashicorp Developer Website Sam's MVP profile Sam on X Sam on BlueSky Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show

Megan Tuano shares her unique journey into the tech industry, the importance of communication, questions, and the value of empathy in customer service. She discusses her experiences with Salesforce and the significance of building relationships, emphasizing that success comes from being authentic and understanding the human aspect of technology. Megan and Jack also explore various themes surrounding customer service, the journey of content creation on YouTube, the challenges of balancing careers and parenthood.They wrap up by discussing the impact of artificial intelligence on business analysis, how to craft effective user stories, and how shifting left collaboratively harnesses the best results. Learn more:- Salesforce release management best practices.- How to deploy Agentforce.- DevOps for enterprise Salesforce implementations.About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset.Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial.Chapters00:00 Introduction03:08 Breaking into Tech: Overcoming Misconceptions05:53 The Role of Communication in Tech08:49 The Importance of Asking Questions11:59 Shift Left: Identifying Issues Early15:01 Building Relationships in Tech18:02 Empathy in Customer Service20:58 Salesforce Experience and Insights23:54 The Relationship Between Customer Service and Tech28:00 Navigating Customer Service Challenges30:55 Creating on YouTube33:57 Balancing Parenthood and Careers35:57 The Role of AI in Business Analysis40:00 Crafting Effective User Stories43:02 Collaboration Between Teams for Success47:04 Building Community and Finding Your Why

This is episode 287 recorded on March 13th, 2025 where John & Jason talk the Microsoft Fabric January 2025 Feature Summary including Python Notebooks in preview, Lineage enhancements to spark notebooks, lots of DBA enhancements to Data Warehouse, Tenant Level Private Link for Databases, and CI/CD preview for most of Fabric.

AI agents are set to transform software development, but software itself isn't going anywhere—despite the dramatic predictions. On this episode of The New Stack Makers, Mark Hinkle, CEO and Founder of Peripety Labs, discusses how AI agents relate to serverless technologies, infrastructure-as-code (IaC), and configuration management. Hinkle envisions AI agents as “dumb robots” handling tasks like querying APIs and exchanging data, while the real intelligence remains in large language models (LLMs). These agents, likely implemented as serverless functions in Python or JavaScript, will automate software development processes dynamically. LLMs, leveraging vast amounts of open-source code, will enable AI agents to generate bespoke, task-specific tools on the fly—unlike traditional cloud tools from HashiCorp or configuration management tools like Chef and Puppet. As AI-generated tooling becomes more prevalent, managing and optimizing these agents will require strong observability and evaluation practices. According to Hinkle, this shift marks the future of software, where AI agents dynamically create, call, and manage tools for CI/CD, monitoring, and beyond. Check out the full episode for more insights. Learn more from The New Stack about emerging trends in AI agents: Lessons From Kubernetes and the Cloud Should Steer the AI RevolutionAI Agents: Why Workflows Are the LLM Use Case to Watch Join our community of newsletter subscribers to stay on top of the news and at the top of your game. 

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

In this episode of Semaphore Uncut, Ken Kocienda, co-founder and CTO of InFactory, joins Darko Fabijan to discuss how his company is building AI systems that are both useful and dependable. Ken, a veteran software engineer known for his work on Safari, iPhone auto-correct, and Apple's UI innovations, shares his insights on how AI can move from a black-box guessing machine to a fully transparent and enterprise-ready system.Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.

Frank is all in on GitHub actions on his newly updated iOS & Android Apps with .NET 8 and .NET 9. Let's dive through his yaml! Follow Us Frank: Twitter, Blog, GitHub James: Twitter, Blog, GitHub Merge Conflict: Twitter, Facebook, Website, Chat on Discord Music : Amethyst Seer - Citrine by Adventureface ⭐⭐ Review Us (https://itunes.apple.com/us/podcast/merge-conflict/id1133064277?mt=2&ls=1) ⭐⭐ Machine transcription available on http://mergeconflict.fm

Global Agile Summit Preview: Implementing Agile Practices for Data and Analytics Teams with Henrik Reich In this BONUS Global Agile Summit preview episode, we dive into the world of Agile methodologies specifically tailored for data and analytics teams. Henrik Reich, Principal Architect at twoday Data & AI Denmark, shares his expertise on how data teams can adapt Agile principles to their unique needs, the challenges they face, and practical tips for successful implementation. The Evolution of Data Teams "Data and analytics work is moving more and more to be like software development." The landscape of data work is rapidly changing. Henrik explains how data teams are increasingly adopting software development practices, yet there remains a significant knowledge gap in effectively using certain tools. This transition creates both opportunities and challenges for organizations looking to implement Agile methodologies in their data teams. Henrik emphasizes that as data projects become more complex, the need for structured yet flexible approaches becomes critical. Dynamic Teams in the Data and Analytics World "When we do sprint planning, we have to assess who is available. Not always the same people are available." Henrik introduces the concept of "dynamic teams," particularly relevant in consulting environments. Unlike traditional Agile teams with consistent membership, data teams often work with fluctuating resources. This requires a unique approach to sprint planning and task assignment. Henrik describes how this dynamic structure affects team coordination, knowledge sharing, and project continuity, offering practical strategies for maintaining momentum despite changing team composition. Customizing Agile for Data and Analytics Teams "In data and analytics, tools have ignored agile practices for a long time." Henrik emphasizes that Agile isn't a one-size-fits-all solution, especially for data teams. He outlines the unique challenges these teams face: Team members have varying expectations based on their backgrounds Experienced data professionals sometimes skip quality practices Traditional data tools weren't designed with Agile methodologies in mind When adapting Agile for data teams, Henrik recommends focusing on three key areas: People and their expertise Technology selection Architecture decisions The overarching goal remains consistent: "How can we deliver as quickly as possible, and keep the good mood of the team?" Implementing CI/CD in Data Projects "Our first approach is to make CI/CD available in the teams." Continuous Integration and Continuous Deployment (CI/CD) practices are essential but often challenging to implement in data teams. Henrik shares how his organization creates "Accelerators" - tools and practices that enable teams to adopt CI/CD effectively. These accelerators address both technological requirements and new ways of working. Through practical examples, he demonstrates how teams can overcome common obstacles, such as version control challenges specific to data projects. In this segment, we refer to the book How to Succeed with Agile Business Intelligence by Raphael Branger. Practical Tips for Agile Adoption "Start small. Don't ditch scrum, take it as an inspiration." For data teams looking to adopt Agile practices, Henrik offers pragmatic advice: Begin with small, manageable changes Use established frameworks like Scrum as inspiration rather than rigid rules Practice new methodologies together as a team to build collective understanding Adapt processes based on team feedback and project requirements This approach allows data teams to embrace Agile principles while accounting for their unique characteristics and constraints. The Product Owner Challenge "CxOs are the biggest users of these systems." A common challenge in data teams is the emergence of "accidental product owners" - individuals who find themselves in product ownership roles without clear preparation. Henrik explains why this happens and offers solutions: Clearly identify who owns the project from the outset Consider implementing a "Proxy PO" role between executives and Agile data teams Recognize the importance of having the right stakeholder engagement for requirements gathering and feedback Henrik also highlights the diversity within data teams, noting there are typically "people who code for living, and people who live for coding." This diversity presents both challenges and opportunities for Agile implementation. Fostering Creativity in Structured Environments "Use sprint goals to motivate a team, and help everyone contribute." Data work often requires creative problem-solving - something that can seem at odds with structured Agile frameworks. Henrik discusses how to balance these seemingly conflicting needs by: Recognizing individual strengths within the team Organizing work to leverage these diverse abilities Using sprint goals to provide direction while allowing flexibility in approach This balanced approach helps maintain the benefits of Agile structure while creating space for the creative work essential to solving complex data problems. About Henrik Reich Henrik is a Principal Architect and developer in the R&D Department at twoday Data & AI Denmark. With deep expertise in OLTP and OLAP, he is a strong advocate of Agile development, automation, and continuous learning. He enjoys biking, music, technical blogging, and speaking at events on data and AI topics. You can link with Henrik Reich on LinkedIn and follow Henrik Reich's blog.

Global Agile Summit Preview: How to Measure and Visualize Software Improvement for Actionable Results with Mooly Beeri In this BONUS Global Agile Summit preview episode, we explore how to effectively measure and visualize the continuous improvement journey in technology organizations. Mooly Beeri shares his data-driven approach that helps software teams identify where to focus their improvement efforts and how to quantify their progress over time. We discuss practical examples from major organizations like Philips and Aptiv, revealing how visualization creates an internal language of improvement that empowers teams while giving leadership the insights needed to make strategic decisions. Visualizing Software Development Effectiveness "We visualize the entire SDLC end-to-end. All the aspects... we have a grading of each step in the SDLC. It starts with a focus on understanding what needs to be done better." Mooly shares how his approach at Philips helped create visibility across a diverse organization built from numerous acquisitions with different technologies and development cultures. The challenge was helping management understand the status of software craftsmanship across the company. His solution was developing a heat map visualization that examines the entire software development lifecycle (SDLC) - from requirements gathering through deployment and support - with an effectiveness index for each stage. This creates an at-a-glance view where management can quickly identify which teams need support in specific areas like automation, code reviews, or CI/CD processes. This visualization becomes a powerful internal language for improvement discussions, allowing focused investment decisions instead of relying on intuition or which team has the most persuasive argument. The framework creates alignment while empowering teams to determine their own improvement paths. Measuring What Matters: The Code Review Example "We often hear 'we have to do code reviews, of course we do them,' but when we talk about 'how well are they done?', the answer comes 'I don't know, we haven't measured it.'" When one team wanted to double the time invested in code reviews based on conference recommendations, Mooly helped them develop a meaningful measurement approach. They created the concept of "code review escapes" - defects that could have been caught with better code reviews but weren't. By gathering the team to evaluate a sample of defects after each iteration, they could calculate what percentage "escaped" the code review process. This measurement allowed the team to determine if doubling review time actually improved outcomes. If the escape rate remained at 30%, the investment wasn't helping. If it dropped to 20%, they could calculate a benefit ratio. This approach has been expanded to measure "escapes" in requirements, design, architecture, and other SDLC phases, enabling teams to consciously decide where improvement efforts would yield the greatest returns. Balancing Team Autonomy with Organizational Alignment "Our model focuses on giving teams many options on how to improve, not just one like from top-down improvements. We want to focus the teams on improving on what matters the most." Mooly contrasts his approach with traditional top-down improvement mandates, sharing a story from Microsoft where a VP mandated increasing unit test coverage from 70% to 80% across all teams regardless of their specific needs. Instead, his framework agrees on an overall definition of effectiveness while giving teams flexibility to choose their improvement path. Like athletes at different fitness levels, teams with lower effectiveness have many paths to improvement, while high-performing teams have fewer options. This creates a win-win scenario where teams define their own improvement strategy based on their context, while management can still see quantifiable progress in overall organizational effectiveness. Adapting to Different Industry Contexts "TIP: Keep the model of evaluation flexible enough to adapt to a team's context." While working across healthcare, automotive, and other industries, Mooly found that despite surface differences, all software teams face similar fundamental challenges throughout the development lifecycle. His effectiveness framework was born in the diverse Philips environment, where teams built everything from espresso machine firmware to hospital management systems and MRI scanners. The framework maintains flexibility by letting teams define what's critical in their specific context. For example, when measuring dynamic analysis, teams define which runtime components are most important to monitor. For teams releasing once every four years (like medical equipment), continuous integration means something very different than for teams deploying daily updates. The framework adapts to these realities while still providing meaningful measurements. Taking the First Step Toward Measured Improvement "Try to quantify the investment, by defining where to improve by how much. We encourage the team to measure effectiveness of whatever the practices are they need to improve." For leaders looking to implement a more measured approach to improvement, Mooly recommends starting by focusing teams on one simple question: how will we know if our improvement efforts are actually working? Rather than following trends or implementing changes without feedback mechanisms, establish concrete metrics that demonstrate progress and help calculate return on investment. The key insight is that most teams already value continuous improvement but struggle with prioritization and knowing when they've invested enough in one area. By creating a quantifiable framework, teams can make more conscious decisions about where to focus their limited improvement resources and demonstrate their progress to leadership in a language everyone understands. About Mooly Beeri Mooly Beeri is a software transformation expert with nearly 30 years of industry experience. As founder and CEO of BetterSoftware.dev, he developed a very practical and visual approach to visualize and measure the improvements in technology organizations like Microsoft, Phillips, and Aptiv. His data-driven approach helps organizations visualize and optimize their entire software development lifecycle through measurable improvements. You can link with Mooly Beeri on LinkedIn and visit Mooly Beeri's website.

Migrating to Expo in 4 days! Alfred Lieth Årøe joins Robin and Mazen to share how he pulled off a smooth transition, the challenges he tackled, and why Expo was the right move for his app. He dives into upgrading dependencies, improving CI/CD, and how Expo simplified his workflow. Tune in!Show NotesAlfred's Blog Post on ExpoEvan's blog on WidgetsConnect With Us!Alfred Lieth Årøe: @appfr3dRobin Heinze: @robinheinzeMazen Chami: @mazenchamiReact Native Radio: @ReactNativeRdioThis episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.

How do DORA metrics apply to the unique challenges of Salesforce development? Join Jack McCurdy and Nathan Harvey as they dive into the evolving landscape of software delivery, exploring the intersection of platform engineering, AI, and human performance. They discuss practical strategies for implementing DORA metrics, navigating the shift to agile, and reducing developer burnout. In this episode they uncover how to foster empathy, improve team collaboration, and leverage AI to enhance your Salesforce development processes. Expect insights on effective tooling, communication strategies, and the importance of questioning the status quo to drive innovation.Learn more:- Everything you need to know about Agentforce- Insights from the latest DORA report- How to apply DORA metrics to SalesforceAbout DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset.Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial.Chapters00:00 Introduction to DORA and Its Importance02:57 Understanding Software Delivery Performance Metrics06:01 Challenges in Measuring Metrics in Salesforce09:04 The Role of Platform Engineering12:04 AI's Impact on Software Delivery17:57 Navigating AI in Development and Deployment29:38 Understanding Customer Needs in AI Development30:43 The Journey of Continuous Improvement32:45 Collaboration in Salesforce Teams36:07 Effective Communication Strategies40:12 The Shift from Waterfall to Continuous Improvement42:25 Reducing Developer Burnout48:24 Building Empathy with Users53:10 Challenging the Status Quo

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

In this episode of Technical Tips, Tommy breaks down flaky tests—those unpredictable tests that pass sometimes and fail other times. Learn how to spot, manage, and fix them to keep your CI/CD pipeline reliable!Listen to the full episode or read the transcript on the Semaphore blog.Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

Josh Goldberg joins Amy and Brad to unpack the recent ESLint V9 release and its impact on the TypeScript ecosystem. From explaining the nuances of flat config migration to debating the proper separation between Prettier and ESLint, Josh offers practical advice for improving developer workflows. The conversation covers Josh's journey as a full-time open source maintainer, the Open Source Pledge initiative, and best practices for implementing linting in CI/CD pipelines. Plus, Josh shares behind-the-scenes details from the inaugural SquiggleConf event.Chapter Marks00:00 - Intro00:48 - Welcome Josh Goldberg01:06 - Working in open source and getting paid03:10 - The Open Source Pledge04:49 - ESLint V9 and flat config changes07:25 - Migration challenges with flat config09:52 - Understanding ESLint config format11:50 - How most people use ESLint16:20 - Prettier vs ESLint responsibilities18:47 - Conflict between Prettier and ESLint21:26 - TypeScript's role in ESLint25:01 - TypeScript ESLint packages explained27:43 - Linters for other languages29:31 - ESLint in CI/CD pipelines32:03 - Auto-fixing in different environments37:14 - AI's role in linting and formatting41:45 - SquiggleConf discussion44:15 - Conference tooling and Q&A system46:33 - Future SquiggleConf plans47:13 - Picks and PlugsBrad GarropyPick: Philips Hue smart lighting system - Set up Christmas lights with Hue smart outlets for easy control via phone or voice commandsPlug: Brad's BlueSky account - @bradgarropy.comJosh GoldbergPick: BlueSky social network - Appreciates how it feels like early Twitter without spam bots and complicated server setupsPlug: SquiggleConf - Web development tooling conference returning in September 2025Amy DuttonPick: The Inheritance Games (book) - Describes it as an easy-to-read young adult fiction with puzzles, similar to Knives OutPlug: Amy's BlueSky account - @selfteachmeLinksMentioned in the EpisodeTypeScript ESLintESLint v9 migration docsESLint Config InspectorSentry Grave $750k to Open Source MaintainersOpen Source Pledge initiativeSquiggle Conf websitePrisma PulsePhilips Hue smart lightingThe Inheritance Games (book mentioned by Amy)Social Media AccountsBrad's BlueSky account: @bradgarropy.comAmy's BlueSky account: @selfteachmeJosh Goldberg's BlueSky Account: @joshuakgoldberg.comRelated ResourcesESLint Stylistic projectESLint Config PrettierESLint Plugin Prettier"Create TypeScript Apps" project (Josh's tooling package)Awesome ESLint repo (collection of ESLint plugins)Manual to Magical: AI in Developer Tooling: Tobbe's talk on using AI to write code modsNicholas Zakas discussing the ESLint config system on Syntax podcastTools MentionedHuskyLint-stagedCursorBiome and OXLint (Rust-based linters)GitHub Actions

Send us a textUnlock the secrets to fortifying your software development practices with expert insights from Shon Gerber. As we navigate the complex landscape of cybersecurity, we delve deep into the urgent risks posed by TP-Link routers, used by a staggering portion of U.S. households. Discover practical strategies for protecting your network, like firmware updates and firewall configurations, and learn how potential geopolitical threats could reshape your tech choices. This episode arms you with the knowledge to safeguard your digital ecosystem against looming threats and prepares you for possible shifts in government regulations.Venture into the vibrant world of programming languages and development environments, tracing their evolution from archaic beginnings with BASIC and C# to today's dynamic platforms like Python and Ruby on Rails. Shon unravels the intricacies of runtime environments and libraries, emphasizing why sourcing trusted libraries is non-negotiable in preventing security breaches. For those new to programming, we demystify Integrated Development Environments (IDEs) and offer insights into why securing these tools is paramount, especially as AI makes coding more accessible than ever before.As we wrap up, Shon guides you through best practices for securing both your development and runtime environments. From addressing vulnerabilities inherent in IDEs to ensuring robust CI/CD pipeline security, we cover it all. Learn about the pivotal role Dynamic Application Security Testing (DAST) plays and how to seamlessly integrate it within your development processes. This episode is a trove of actionable advice, aimed at equipping you with the skills and foresight needed to enhance your cybersecurity strategies and development protocols. Don't miss this comprehensive guide to making informed decisions and fortifying your software's security posture.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Continuous Integration / Continuous Deployment (CI/CD) is a framework that developers use to help them manage and integrate frequent code changes. As network automation evolves, should network engineers adopt CI/CD? Guest Tony Bourke joins us to talk about CI/CD pipelines: what they are, how they’re used, and how they can support network automation efforts. We... Read more »

Continuous Integration / Continuous Deployment (CI/CD) is a framework that developers use to help them manage and integrate frequent code changes. As network automation evolves, should network engineers adopt CI/CD? Guest Tony Bourke joins us to talk about CI/CD pipelines: what they are, how they’re used, and how they can support network automation efforts. We... Read more »

Continuous Integration / Continuous Deployment (CI/CD) is a framework that developers use to help them manage and integrate frequent code changes. As network automation evolves, should network engineers adopt CI/CD? Guest Tony Bourke joins us to talk about CI/CD pipelines: what they are, how they’re used, and how they can support network automation efforts. We... Read more »

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

How do you manage your CI/CD pipeline resources? Richard chats with Eliza Tarasila about Managed DevOps Pools in Azure DevOps. Eliza tells the story of discovering that teams were using Azure DevOps internally at Microsoft but would need to build their tooling to stand up the resources for testing and deployment. Managed DevOps Pools became the standard way to specify resources like virtual machines and assign them to projects so that they would start up automatically. The resources in the pool can be custom resources in Azure or even on-premises servers! And, more importantly, you don't need to care and feed for the infrastructure used in the pipelines, Azure DevOps will do it for you.LinksAzure DevOpsCreate and Manage PoolsManaged DevOps Pool Origin StoryAzure DevOps PricingAzure Spot Virtual MachinesManaged DevOps Pools DocumentationRecorded January 6, 2025

Summary In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the importance of securing CI/CD environments, highlighting the risks associated with these systems and the best practices for mitigating vulnerabilities. They delve into specific threats, including insecure code and supply chain compromises, and emphasize the need for a collaborative approach between security professionals and developers to ensure secure software development practices. ---------------------------------------------------- YouTube Video Link:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠https://youtu.be/zQwFAN6PHrE ---------------------------------------------------- Documentation: https://www.cisa.gov/news-events/alerts/2023/06/28/cisa-and-nsa-release-joint-guidance-defending-continuous-integrationcontinuous-delivery-cicd https://owasp.org/www-project-top-10-ci-cd-security-risks/ ---------------------------------------------------- Contact Us: Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.com Bluesky: https://bsky.app/profile/bluesecuritypod.com LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpod YouTube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Bluesky: https://bsky.app/profile/ajawzero.com LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠ ---------------------------------------------------- Adam Brewer Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewer LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

François Proulx, a supply chain security researcher at Boost Security, discusses how continuous integration (CI) and build pipeline security represents a critical and overlooked hole in our supply chain security. It seems like most supply chain compromises are actually from CI system breaches rather than direct code compromise, yet we seem to obsess over everything on either side of the CI system. François has a bunch of really good practical suggestions for how we can start to improve our CI security today.   The blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-02-ignoring_ci_security_francois_proulx/

I've been a big fan of Swarm since it was launched over a decade ago and I've made multiple courses on it that still sell. But, we recently got some news out of Mirantis that might be bad news. So I talked about it last week on my live stream.There's also a video version of this show on YouTube.★Topics★Blog post that sparked this discussion:https://www.portainer.io/blog/portainer-the-essential-tool-for-docker-swarm-users-facing-a-kubernetes-futureCreators & Guests Cristi Cotovan - Editor Beth Fisher - Producer Bret Fisher - Host (00:00) - Intro (00:34) - Mirantis' Role in Swarm's Future (01:52) - The Hope of Swarm being shipped in Docker Engine (02:43) - Portainer's Perspective on Swarm's Viability (04:27) - Swarm Community and Support (05:47) - One Sentence Signals Change? (08:37) - Swarm in Maintenance Mode (10:47) - The Docker-Swarm Stack (11:43) - Future of Swarm in Docker Engine (13:52) - Integration Challenges You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Jack McCurdy is joined by Ian Gotts and Jack Lavous from Elements.cloud to discuss the transformative impact of Agentforce within the Salesforce ecosystem.In this episode we explore how Elements.cloud implemented Agentforce internally, emphasizing the importance of well-defined business processes and the role of business analysis in building effective agents. The conversation delves into the Job to Be Done framework, the challenges organizations face in adopting agents, and the necessity of documentation and structured approaches to ensure success.Jack Lavous offers insights into the actual build process of agents and the importance of making documentation AI-ready, how to use prompt templates, data cloud strategies, and deployment using Gearset. They also discuss the significance of internal trust and the return on investment from implementing AI agents, while also expressing excitement for the future of AI technology in business.Learn more:- Deploy Agentforce with Gearset- What is Agentforce?- How to effectively document Salesforce processesAbout DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset.Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial.Chapters00:00 Introduction to Agentforce and Its Impact01:47 Elements Cloud's Implementation Journey06:00 Understanding Topics and Their Importance09:59 The Role of Business Analysis in Building Agents13:56 Applying the Job to Be Done Framework17:54 Challenges in Building Agents and Organizational Readiness22:00 Starting the Fix: Documentation and Business Processes25:57 The Implementation Process of Agents28:14 Understanding AI Language and Communication33:10 The Learning Curve of AI Agents35:47 Designing Effective Prompt Templates37:57 The Role of Data Cloud in AI Implementation43:11 Return on Investment and Internal Trust51:06 Looking Ahead: The Future of AI Agents

Are you ready to go from zero to hero in GitNops? On today's podcast, we talk with Tom McGonagle, who shares and explains git, CI/CD and DevOps and how that all fits into network engineering. The conversation also covers the evolution of containerization and Kubernetes, highlighting their roles in modern network automation.  Tom also encourages... Read more »

Are you ready to go from zero to hero in GitNops? On today's podcast, we talk with Tom McGonagle, who shares and explains git, CI/CD and DevOps and how that all fits into network engineering. The conversation also covers the evolution of containerization and Kubernetes, highlighting their roles in modern network automation.  Tom also encourages... Read more »

In this episode, Dave and Jamison answer these questions: After a decade as a Senior front-end engineer in companies stuck in legacy ways of working—paying lip service to true agility while clinging to control-heavy, waterfall practices—I'm frustrated and exhausted by meetings and largely apathetic, outsourced teams who don't match my enthusiasm for product-thinking or improving things. It seems allowed and normalised everywhere I go. How can I escape this cycle of big tech, unfulfilled as an engineer, and find a team with a strong product engineering culture where I can do high-impact work with similarly empowered teams? Thank you, and sorry if this is a bit verbose! Thanks guys. Martin ‌ How do you judge your competency in a technical skill and when should you include it on your resume? Should you include a skills that you haven't used in a while, skills you've only used in personal projects, or skills that you feel you only have a basic understanding of? I'm a frontend developer and I've seen some job descriptions include requirements (not nice-to-haves) like backend experience, Java, CI/CD, and UI/UX design using tools like Figma and Photoshop. I could make designs or write the backend code for a basic CRUD app, but it would take me some time, especially if I'm building things from scratch. I've seen some resumes where the writer lists a bunch of programming languages and technical skills, and I often wonder if they truly are competent in all of those skills.

Josh Marpet is a seasoned entrepreneur and a renowned authority in the field of information security, compliance, and risk management. With a rich background in law enforcement, Josh has translated his diverse experiences into shaping security protocols in various high-risk environments. He serves as the Chief Strategy Officer at Cyturus, where he drives advancements in compliance process products. Notably, Josh contributes to the esteemed IANS faculty and co-hosts the well-known Paul's Security Weekly podcast. His efforts also extend to organizing BSides Delaware, further cementing his influence and dedication to the cybersecurity community.He shares his diverse career journey from law enforcement to tech support and finally into cybersecurity leadership. Listeners gain insight into his work with compliance frameworks like CMMC and SPDX, and his strategic approach at Cyturus, focusing on "dynamic risk monitoring" as a forward-thinking solution for mitigating risks. This episode also delves into the global regulatory landscape, comparing U.S. frameworks with those abroad and discussing AI regulation insights. As always, the conversation is enriched with amusing anecdotes and expert advice, making it not only educational but also engaging.TIMESTAMPS:0:00 - Exploring Security, Compliance, and Innovation3:05 - Reviving In-Person Tech Conferences Post-COVID Challenges11:58 - From Tech Support to Cybersecurity and Compliance19:12 - The Challenges and Importance of Software Bill of Materials24:25 - The Global Regulatory Landscape and Its Impact on AI Development28:37 - HIPAA Compliance Challenges for Lawyers and Medical Startups30:00 - Dynamic Risk Monitoring as a Compliance and Revenue Driver34:32 - The Impact of Podcasts on the Cybersecurity Community40:14 - Exploring Unique Bars and Crafting Cybersecurity-Themed CocktailsSYMLINKSCyturus Website - https://cyturus.comOfficial website for Cyturus, a leader in compliance process products and solutions, focusing on dynamic risk monitoring and governance.Josh Marpet on LinkedIn - https://www.linkedin.com/in/joshuaviktor/Josh Marpet's professional LinkedIn profile for networking and insights.Paul's Security Weekly - https://securityweekly.comOne of the top cybersecurity podcasts, providing news, insights, and discussions on emerging threats and best practices in security.SPDX (Software Package Data Exchange) - https://spdx.devOfficial resource for SPDX, an ISO-certified standard for managing Software Bill of Materials (SBOM).CycloneDX - https://cyclonedx.orgA standard designed for the SBOM, with a focus on integration with CI/CD pipelines and automated systems.Executive Order 14028 - https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/U.S. Executive Order mandating the use of Software Bill of Materials (SBOM) for federal software contracts to improve cybersecurity.Helen Oakley - https://www.linkedin.com/in/helen-oakley/Profile and resources related to Helen Oakley, a professional working on AI Bill of Materials.NIST AI RMF (Risk Management Framework) - https://nist.gov/ai/rmfU.S. NationCONNECT WITH USwww.barcodesecurity.comBecome a SponsorFollow us on LinkedInTweet us at @BarCodeSecurityEmail us at info@barcodesecurity.com

Florian Rappl, solutions architect at smapiot GmbH, joins the podcast to give insights on micro frontends, discussing the misconceptions, architectural patterns, challenges, and exciting benefits of using micro frontends over traditional monolithic applications. Links https://florian-rappl.de https://github.com/FlorianRappl https://x.com/FlorianRappl https://bsky.app/profile/florianrappl.bsky.social https://www.linkedin.com/in/florian-rappl https://dev.to/florianrappl We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Florian Rappl.