Podcasts about ci cd

Kieron Allen speaks with Chris Pope, Chief Product Officer at AutomatePro, in an in-depth discussion that is part of a broader series of podcasts, articles, and reports on ServiceNow's evolving ecosystem. They explore how intelligent automation and agentic AI are reshaping DevOps and quality assurance. The conversation also highlights how AutomatePro's built-on approach enhances developer productivity, reduces risk, and ensures security, all within the ServiceNow environment.AutomatePro's AI EdgeThe Big ThemesAutomatePro's Core Mission: AutomatePro focuses on solving one of the most time-consuming parts of software delivery: testing and documentation. Pope explains that their goal isn't to replace humans but to augment their efforts through intelligent automation. By embedding deeply within the ServiceNow platform, AutomatePro allows developers and platform owners to automate repetitive tasks early in the development cycle, ensuring higher-quality releases and faster deployment.Human-AI Collaboration Wins: The myth of AI replacing people is outdated. Pope reframes the conversation: it's not about replacement, it's about enablement. The real winners will be those who know how to use AI effectively. Today's Copilots are context-aware, learning from human behavior and adapting to different personas — whether it's a developer, analyst, or HR owner. Prompt engineering is emerging as a vital skill, and the better the prompt, the better the AI-driven output.DevOps Innovation Without Compromise: AutomatePro and ServiceNow are reshaping DevOps by making speed and quality compatible. Historically, faster releases meant riskier ones. With AutomatePro's intelligent testing automation, that tradeoff no longer exists. Frequent, smaller releases — the “fixed forward” model — are now safer thanks to early automation, embedded security, and contextual AI. Pope argues that platform owners and developers are the new heroes in enterprise IT, and equipping them with Copilots, intelligent workflows, and instant feedback loops unlocks untapped value.The Big Quote: "You're not going to be replaced by AI per se, you're going to be replaced by someone that knows how to use AI effectively."More from ServiceNow and AutomatePro:Follow AutomatePro on LinkedIn or learn more about ServiceNow and intelligent automation. Visit Cloud Wars for more.

Animesh Koratana - CEO and Founder of PlayerZero discusses how agentic AI is transforming software quality assurance through predictive code simulation, and how teams can shift from reactive debugging to proactive problem prevention in the era of AI-generated code.SHOW: 967SHOW TRANSCRIPT: The Cloudcast #967 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST: "CLOUDCAST BASICS"SPONSORS:[Interconnected] Interconnected is a new series from Equinix diving into the infrastructure that keeps our digital world running. With expert guests and real-world insights, we explore the systems driving AI, automation, quantum, and more. Just search “Interconnected by Equinix”.[TestKube] TestKube is Kubernetes-native testing platform, orchestrating all your test tools, environments, and pipelines into scalable workflows empowering Continuous Testing. Check it out at TestKube.io/cloudcastSHOW NOTES:PlayerZero websiteTopic 1 - Welcome to the show Animesh. Tell us about your background and your involvement in.Topic 2 - Let's start with the core problem you're solving. What is "predictive software quality" and why is this becoming critical now, especially in the era of AI-generated code?Topic 3 - How does agentic code simulation work, and what makes it different from traditional testing approaches?Topic 4 - This feels like it democratizes software quality beyond just engineering teams. How does PlayerZero work across different roles - developers, QA, product managers, and support teams?Topic 5 - Integration and workflow - how does PlayerZero fit into existing CI/CD pipelines and development workflows? What does the implementation look likeTopic 6 - Let's talk about scale and complexity. How does PlayerZero handle large, distributed systems with microservices, databases, and complex architecturesTopic 7 - If someone out there is interested and wants to get started, what is the best place to started?FEEDBACK?Email: show at the cloudcast dot netBluesky: @cloudcastpod.bsky.socialTwitter/X: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod

What's the most overlooked element in a successful DevOps strategy? According to Salesforce Architect and community leader Raksha Sanganee, it's culture.In this powerful episode of DevOps Diaries, Jack McCurdy sits down with Raksha to uncover her remarkable journey from a school finance officer to a respected DevOps consultant. She shares the invaluable lessons learned while training over 300 people in Salesforce for free and unpacks her core principles for transforming a team's software delivery lifecycle.Tune in to learn why "seeing is believing" is the key to overcoming client skepticism, how to build unbreakable trust, and why you should never, ever forget your backups!About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKWChapters:00:00 Introduction to Raksha Her Journey04:23 Transitioning to Salesforce and Community Impact09:13 Understanding DevOps: Culture and Trust13:41 Common Mistakes in DevOps and Importance of Automation18:24 Building Trust with Clients and Overcoming Skepticism23:02 The Role of Training and Demos in DevOps27:29 Data Strategy and Best Practices in Salesforce32:00 The Importance of Community and Continuous Learning36:31 Parting Wisdom and Final Thoughts

Rick Doten, cybersecurity startup advisor and AI researcher, joins the show to unpack how AI-assisted development is reshaping software—and what it means for security. From startups rushing to ship faster code to the unseen risks of “vibe coding,” Rick explains how engineering teams can balance innovation with secure, resilient design.If your dev team is using AI tools to boost velocity, this conversation might change how you think about your SDLC, code review, and even your threat model.Key Takeaways• AI-assisted coding speeds up output but can multiply security risks if context isn't baked in.• Startups often trade speed for security early on—and that can be expensive to unwind later.• Traditional fundamentals like OWASP and BSIMM still apply, even as architectures evolve with agents and MCP.• AI creates a widening gap between companies that can secure their models and those that can't.• “Vibe coding”—non-devs using AI to build—introduces a new wave of shadow code leaders must prepare for.Timestamped Highlights[02:09] The real range of how startups are using AI-assisted tools—and why security is often an afterthought.[05:12] Why AI-generated code is not just another form of third-party code.[09:40] The hidden risk: code volume grows faster than your ability to secure it.[15:51] How AI is widening the gap between resource-rich enterprises and everyone else.[18:25] The new fragility of systems—where architecture and resilience start to break.[22:07] Rethinking SDLC: integrating AI tools without losing security fundamentals.[25:29] “Vibe coding” and what happens when non-engineers start shipping code.Memorable Insight“AI isn't lazy like humans—it doesn't just fix one thing. It rewrites everything. That's why every line has to be re-scrutinized.”Pro TipsIf your startup doesn't have a dedicated security function yet, start with the basics: integrate OWASP checks into your CI/CD, use non-human accounts correctly, and automate code review gates early. Don't wait until production to harden your systems.Call to ActionIf this episode sparked ideas for your dev or security team, share it with someone who's experimenting with AI-assisted tools. Follow The Tech Trek for more conversations at the intersection of engineering, AI, and leadership.

Bret is joined by Philip Andrews and Dan Muret of Cast AI to discuss pod live migration between nodes in a Kubernetes cluster.

Neste episódio do Cabeça de Lab, mergulhamos no universo da Qualidade de Software (QA) com um foco especial nos Testes Regressivos, a "rede de segurança" que garante que nenhuma nova funcionalidade quebre aquilo que já estava funcionando perfeitamente. Discutimos a importância fundamental desses testes, diferenciando-os dos testes unitários e de integração, e exploramos os principais desafios de sua implementação e manutenção.Além disso, abordamos o equilíbrio ideal entre testes manuais e automação, como essa prática se alinha à agilidade e à velocidade de entrega de produtos, e a necessidade de uma cultura de qualidade compartilhada por desenvolvedores, QAs e times de produto. Por fim, trouxemos dicas de ferramentas, boas práticas como "começar pequeno" e a tendência da integração de CI/CD, Feature Flags e Inteligência Artificial no futuro dos testes.Edição completa por Rádiofobia Podcast e Multimídia: ⁠⁠https://radiofobia.com.br/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠---Nos siga no Twitter e no Instagram: @luizalabs @cabecadelabDúvidas, cabeçadas e sugestões, mande e-mail para o cabecadelab@luizalabs.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ou uma DM no InstagramParticipantes: ICARO BELMIRO | https://www.linkedin.com/in/icarobelmiro/MARCIANO CADORE | https://www.linkedin.com/in/marciano-cadore-a615b125/VICTORIA GABRIELLA | https://www.linkedin.com/in/victoria-gabriella-91392a1b2/ANA CAROLINA FONSECA BARRETO | https://www.linkedin.com/in/anacarolinafonsecabarreto/

Peter Ritchie is a veteran software architect and consultant with over 35 years of experience in the tech industry. Peter is renowned for his deep expertise in .NET development, distributed systems, and agile methodologies. He's an accomplished author of several technical books, a former Microsoft MVP, and a sought-after international speaker. Peter is also actively involved in the .NET community and was a candidate for the .NET Foundation Board of Directors, reflecting his commitment to open-source and developer advocacy. Through his consulting work, he helps teams elevate their architecture, code quality, and development practices — especially in areas like ASP.NET, Clean Architecture, and CI/CD pipelines.   Topics of Discussion: [3:45] Overview of .NET Foundation. [5:33] Support for User Groups and .NET 10. [5:48] The upcoming release of .NET 10 and Visual Studio 2026. [6:39] Stability and backward compatibility. [9:10] Challenges and approaches to business logic. [11:24] Repository structure and team organization. [15:27] Testing and continuous integration. [17:12] The role of experienced developers in mentoring and reviewing the work of junior developers. [20:02] Jeffrey mentions a recent blog post of Peter's and how we can define clear user stories, including roles, actions, criteria, and benefits, to ensure developers understand the requirements. [24:15] The importance of context in AI-driven development and how it applies to working with people. [25:06] How the AI revolution can lead to better understanding and communication within development teams.   Mentioned in this Episode: Clear Measure Way Architect Forum Software Engineer Forum Peter Ritchie LinkedIn     Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.  

An airhacks.fm conversation with Alvaro Hernandez (@ahachete) about: Framework laptop experience and build process with DIY edition, modular connectors and upgradability, running Ubuntu 25.10 beta with nix package manager, automating installation with YAML and Ansible, comparison with IBM AS/400 feature activation model, docker adoption history for server maintenance and documentation, PostgreSQL extensions, upgradability and security concerns, challenges with packing 1000+ extensions into container images, security concerns with large monolithic images containing unused extensions, dynamic extension injection using sidecar pod local controller in kubernetes, problems with mutating running containers and security tool compliance, traditional Docker build approach requiring users to become image maintainers, challenging assumptions about container image immutability and Merkle tree, container images as JSON manifests pointing to tar file layers, Dynamic OCI Registry concept for composing images on-the-fly, generating manifests dynamically in milliseconds without Docker build, interface-based approach for mapping user preferences to layer digests, PostgreSQL-specific implementation with extension URL patterns, metadata storage in PostgreSQL database for layer digest resolution, potential applications for quarkus and Java microservices, serverless deployment possibilities with AWS Lambda, comparison with Cloudflare's serverless OCI registry, enterprise use cases for automated patching and security updates, integration possibilities with AWS EventBridge for CI/CD pipelines, transparency to Docker clients with only registry change required, stackgres platform using 4 million lines of Java code, ongres company services including PostgreSQL training and Oracle migrations, Alvaro's website: aht.es Alvaro Hernandez on twitter: @ahachete

Мок-интервью для junior/начинающего middle DevOps: CI/CD, Git-ветки, AWS (VPC, S3), Kubernetes (probes, DaemonSet), Terraform. Разбираем основы, типовые вопросы и ошибки — простым языком.

70% of critical security debt stems from third-party code - what can be done upstream?How real-time threat intelligence and policy enforcement are closing the gapWhy DORA and modern CI/CD pipelines demand pre-emptive visibility and automation Thom Langford, Host, teissTalkhttps://www.linkedin.com/in/thomlangford/Paul Holland, Cyber Capability Manager, Royal Mailhttps://www.linkedin.com/in/paulinfosec/Tiago Rosado, Chief Information Security Officer, Asitehttps://www.linkedin.com/in/tiagorosado/Jean Carlos, Information Security Lead, Trade Republichttps://www.linkedin.com/in/jeanpcarlos/John Smith, CTO of EMEA, Veracodehttps://www.linkedin.com/in/jtsmith123

Send us a textDive into the critical world of software development security with Sean Gerber as he tackles Domain 8.3 in this knowledge-packed CISSP Question Thursday episode. We examine fifteen challenging questions that address the security controls essential for protecting code throughout the development lifecycle.Discover why static application security testing integrated directly into your CICD pipeline stands as the gold standard for catching vulnerabilities early, and why developer arguments about "unlikely" buffer overflow exploits should never persuade you to leave vulnerabilities unaddressed. The podcast breaks down the crucial difference between partial mitigations and proper vulnerability elimination, providing you with the decision-making framework you'll need both for the CISSP exam and real-world security leadership.The episode doesn't shy away from controversial topics, including the persistent myth of "security through obscurity" and why it fails as a protection strategy. You'll learn why security code reviews by senior developers remain irreplaceable for identifying business logic vulnerabilities, while generic security checklists prove ineffective against sophisticated threats. For those working with cloud platforms, open-source libraries, or outsourced development, Sean offers targeted guidance on the controls that matter most in each scenario.Beyond the technical content, Sean shares his passion for helping adoptive families through the nonprofit initiative supported by purchases at CISSPCyberTraining.com. Every training package purchased contributes to providing grants and low-interest loans to families looking to adopt children who need loving homes.Ready to strengthen your understanding of software security while preparing for your CISSP certification? This episode delivers actionable insights, exam-ready knowledge, and the confidence to tackle Domain 8.3 questions with expertise. Listen now and take another step toward mastering the crucial intersection of development and security that today's organizations desperately need.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

In this episode, Darko welcomes Sarah Novotny, a technology leader with 25+ years of experience. From shaping Kubernetes governance at Google to her current work on AI security with the Coalition for Secure AI, Sarah brings deep insight into how open source and governance shape the future of tech.Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.

Scaling CI/CD for mobile apps is hard. Faster test runs often lead to more tests, more infrastructure, and more complexity. So how do you keep your pipelines healthy and reliable while still shipping at speed? In this episode, we sit down with Anton Malinski of Marathon Labs to explore the real-world lessons he's learned building and optimizing mobile CI/CD pipelines. You'll discover: How to scale mobile test automation without introducing friction What “healthy CI growth” looks like in practice Why real devices still matter, even with a massive emulator fleet How backend mocking and dedicated mobile API gateways transform shift-left testing Practical advice for teams evolving from weekly releases to on-every-commit confidence Whether you're a QA leader, automation engineer, or DevOps practitioner, this conversation gives you the insights and metrics you need to take your mobile testing pipelines to the next level.

In the world of tech, it's easy to get lost in the code, the pipelines, and the deadlines. But what truly separates a good team from a great one? In this episode of DevOps Diaries, Conlan makes the case that it's a culture built on trust and continuous improvement.Conlan shares his experience managing a complex Salesforce project management application where the stakes are high. He reveals how his team navigates the strict world of SOX compliance, not as a burden, but as a driver for quality. We explore his passion for automation, from CI/CD pipelines that supercharge efficiency to automated deployments that eliminate human error.However, the real magic lies in the human element. Conlan explains how creating psychological safety and running blameless post-mortems transforms mistakes into learning opportunities, and why true collaboration only happens when every single person, including contractors, feels like a core part of the team. If you want to build systems and teams that last, this episode is for you.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKWChapters:00:00 Introduction to Conlan02:11 Managing Compliance in Project Management Applications07:04 The Intersection of Compliance and Data Quality08:32 Importance of DevOps in Delivery Processes12:02 Automation and Change Management in Salesforce17:37 Correction of Errors and Continuous Improvement20:40 Continuous Quality Improvement in Software Development22:42 Creating a Culture of Psychological Safety24:50 Anomaly Reports vs. Correction of Errors27:21 Empowering Team Members to Speak Up31:03 Integrating Contractors into Team Culture37:00 Ensuring Quality Oversight in Contractor Work39:32 Exciting Innovations on the Salesforce Platform

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

In this episode of the IoT For All Podcast, Gaurav Johri, co-founder and CEO of Doppelio, joins Ryan Chacon to discuss software validation and testing in IoT. The conversation covers the vital role of virtualization, the increasing complexity and distributed nature of connected products, the benefits of combining physical and virtual testing labs, the pitfalls of simulator-based approaches, intelligent automation in DevOps, the ROI of early validation, and future trends in AI, edge computing, and 5G.Gaurav Johri brings a wealth of expertise with over 25 years in steering multinational enterprises through the digital age. He has held global leadership positions at Mindtree, Onmobile, and Infosys. Johri's vision and passion for a future built on connected products shaped Doppelio as a pioneer in IoT testing. He is also a regular speaker at connected world events, such as AutomotiveIQ and IoT Tech Expo.Doppelio is a leading IoT test automation platform that enables enterprises to rapidly test connected products through advanced device virtualization at scale. Their solution creates "Doppels" (data twins) across diverse protocols, eliminating physical device dependency while enabling seamless co-existence of physical and virtual testing labs. They support comprehensive testing from simple sensors to complex industrial equipment, delivering 10x faster testing speeds, 80-90% coverage, and millions in operational savings. Trusted by Fortune 500 companies across connected elevators, medical devices, automotive, and security industries, Doppelio accelerates time-to-market while reducing field failure risks through intelligent automation.Discover more about IoT at https://www.iotforall.comFind IoT solutions: https://marketplace.iotforall.comMore about Doppelio: https://doppelio.comConnect with Gaurav: https://www.linkedin.com/in/gaurav-johri/(00:00) Intro(00:21) Gaurav Johri and Doppelio(00:56) IoT testing and its importance(03:56) Virtualization in IoT testing(06:10) Real-world examples of IoT testing(08:32) Physical vs. virtual testing labs(10:22) Limitations of simulator-based approaches(12:25) How do you enable rapid, scalable validation?(14:12) Role of intelligent automation in DevOps and CI/CD(15:43) The ROI of performing early software validation(17:35) Advice for modernizing IoT testing(19:26) Future of IoT testing with AI, edge, 5G(20:52) Learn more and follow upSubscribe to the Channel: https://bit.ly/2NlcEwmJoin Our Newsletter: https://newsletter.iotforall.comFollow Us on Social: https://linktr.ee/iot4all

Katia, Emmanuel et Guillaume discutent Java, Kotlin, Quarkus, Hibernate, Spring Boot 4, intelligence artificielle (modèles Nano Banana, VO3, frameworks agentiques, embedding). On discute les vulnerabilités OWASP pour les LLMs, les personalités de codage des différents modèles, Podman vs Docker, comment moderniser des projets legacy. Mais surtout on a passé du temps sur les présentations de Luc Julia et les différents contre points qui ont fait le buzz sur les réseaux. Enregistré le 12 septembre 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-330.mp3 ou en vidéo sur YouTube. News Langages Dans cette vidéo, José détaille les nouveautés de Java entre Java 21 et 25 https://inside.java/2025/08/31/roadto25-java-language/ Aperçu des nouveautés du JDK 25 : Introduction des nouvelles fonctionnalités du langage Java et des changements à venir [00:02]. Programmation orientée données et Pattern Matching [00:43] : Évolution du “pattern matching” pour la déconstruction des “records” [01:22]. Utilisation des “sealed types” dans les expressions switch pour améliorer la lisibilité et la robustesse du code [01:47]. Introduction des “unnamed patterns” (_) pour indiquer qu'une variable n'est pas utilisée [04:47]. Support des types primitifs dans instanceof et switch (en preview) [14:02]. Conception d'applications Java [00:52] : Simplification de la méthode main [21:31]. Exécution directe des fichiers .java sans compilation explicite [22:46]. Amélioration des mécanismes d'importation [23:41]. Utilisation de la syntaxe Markdown dans la Javadoc [27:46]. Immuabilité et valeurs nulles [01:08] : Problème d'observation de champs final à null pendant la construction d'un objet [28:44]. JEP 513 pour contrôler l'appel à super() et restreindre l'usage de this dans les constructeurs [33:29]. JDK 25 sort le 16 septembre https://openjdk.org/projects/jdk/25/ Scoped Values (JEP 505) - alternative plus efficace aux ThreadLocal pour partager des données immutables entre threads Structured Concurrency (JEP 506) - traiter des groupes de tâches concurrentes comme une seule unité de travail, simplifiant la gestion des threads Compact Object Headers (JEP 519) - Fonctionnalité finale qui réduit de 50% la taille des en-têtes d'objets (de 128 à 64 bits), économisant jusqu'à 22% de mémoire heap Flexible Constructor Bodies (JEP 513) - Relaxation des restrictions sur les constructeurs, permettant du code avant l'appel super() ou this() Module Import Declarations (JEP 511) - Import simplifié permettant d'importer tous les éléments publics d'un module en une seule déclaration Compact Source Files (JEP 512) - Simplification des programmes Java basiques avec des méthodes main d'instance sans classe wrapper obligatoire Primitive Types in Patterns (JEP 455) - Troisième preview étendant le pattern matching et instanceof aux types primitifs dans switch et instanceof Generational Shenandoah (JEP 521) - Le garbage collector Shenandoah passe en mode générationnel pour de meilleures performances JFR Method Timing & Tracing (JEP 520) - Nouvel outillage de profilage pour mesurer le temps d'exécution et tracer les appels de méthodes Key Derivation API (JEP 510) - API finale pour les fonctions de dérivation de clés cryptographiques, remplaçant les implémentations tierces Améliorations du traitement des annotations dans Kotlin 2.2 https://blog.jetbrains.com/idea/2025/09/improved-annotation-handling-in-kotlin-2-2-less-boilerplate-fewer-surprises/ Avant Kotlin 2.2, les annotations sur les paramètres de constructeur n'étaient appliquées qu'au paramètre, pas à la propriété ou au champ Cela causait des bugs subtils avec Spring et JPA où la validation ne fonctionnait qu'à la création d'objet, pas lors des mises à jour La solution précédente nécessitait d'utiliser explicitement @field: pour chaque annotation, créant du code verbeux Kotlin 2.2 introduit un nouveau comportement par défaut qui applique les annotations aux paramètres ET aux propriétés/champs automatiquement Le code devient plus propre sans avoir besoin de syntaxe @field: répétitive Pour l'activer, ajouter -Xannotation-default-target=param-property dans les options du compilateur Gradle IntelliJ IDEA propose un quick-fix pour activer ce comportement à l'échelle du projet Cette amélioration rend l'intégration Kotlin plus fluide avec les frameworks majeurs comme Spring et JPA Le comportement peut être configuré pour garder l'ancien mode ou activer un mode transitoire avec avertissements Cette mise à jour fait partie d'une initiative plus large pour améliorer l'expérience Kotlin + Spring Librairies Sortie de Quarkus 3.26 avec mises à jour d'Hibernate et autres fonctionnalités - https://quarkus.io/blog/quarkus-3-26-released/ mettez à jour vers la 3.26.x car il y a eu une regression vert.x Jalon important vers la version LTS 3.27 prévue fin septembre, basée sur cette version Mise à jour vers Hibernate ORM 7.1, Hibernate Search 8.1 et Hibernate Reactive 3.1 Support des unités de persistance nommées et sources de données dans Hibernate Reactive Démarrage hors ligne et configuration de dialecte pour Hibernate ORM même si la base n'est pas accessible Refonte de la console HQL dans Dev UI avec fonctionnalité Hibernate Assistant intégrée Exposition des capacités Dev UI comme fonctions MCP pour pilotage via outils IA Rafraîchissement automatique des tokens OIDC en cas de réponse 401 des clients REST Extension JFR pour capturer les données runtime (nom app, version, extensions actives) Bump de Gradle vers la version 9.0 par défaut, suppression du support des classes config legacy Guide de démarrage avec Quarkus et A2A Java SDK 0.3.0 (pour faire discuter des agents IA avec la dernière version du protocole A2A) https://quarkus.io/blog/quarkus-a2a-java-0-3-0-alpha-release/ Sortie de l'A2A Java SDK 0.3.0.Alpha1, aligné avec la spécification A2A v0.3.0. Protocole A2A : standard ouvert (Linux Foundation), permet la communication inter-agents IA polyglottes. Version 0.3.0 plus stable, introduit le support gRPC. Mises à jour générales : changements significatifs, expérience utilisateur améliorée (côté client et serveur). Agents serveur A2A : Support gRPC ajouté (en plus de JSON-RPC). HTTP+JSON/REST à venir. Implémentations basées sur Quarkus (alternatives Jakarta existent). Dépendances spécifiques pour chaque transport (ex: a2a-java-sdk-reference-jsonrpc, a2a-java-sdk-reference-grpc). AgentCard : décrit les capacités de l'agent. Doit spécifier le point d'accès primaire et tous les transports supportés (additionalInterfaces). Clients A2A : Dépendance principale : a2a-java-sdk-client. Support gRPC ajouté (en plus de JSON-RPC). HTTP+JSON/REST à venir. Dépendance spécifique pour gRPC : a2a-java-sdk-client-transport-grpc. Création de client : via ClientBuilder. Sélectionne automatiquement le transport selon l'AgentCard et la configuration client. Permet de spécifier les transports supportés par le client (withTransport). Comment générer et éditer des images en Java avec Nano Banana, le “photoshop killer” de Google https://glaforge.dev/posts/2025/09/09/calling-nano-banana-from-java/ Objectif : Intégrer le modèle Nano Banana (Gemini 2.5 Flash Image preview) dans des applications Java. SDK utilisé : GenAI Java SDK de Google. Compatibilité : Supporté par ADK for Java ; pas encore par LangChain4j (limitation de multimodalité de sortie). Capacités de Nano Banana : Créer de nouvelles images. Modifier des images existantes. Assembler plusieurs images. Mise en œuvre Java : Quelle dépendance utiliser Comment s'authentifier Comment configurer le modèle Nature du modèle : Nano Banana est un modèle de chat qui peut retourner du texte et une image (pas simplement juste un modèle générateur d'image) Exemples d'utilisation : Création : Via un simple prompt textuel. Modification : En passant l'image existante (tableau de bytes) et les instructions de modification (prompt). Assemblage : En passant plusieurs images (en bytes) et les instructions d'intégration (prompt). Message clé : Toutes ces fonctionnalités sont accessibles en Java, sans nécessiter Python. Générer des vidéos IA avec le modèle Veo 3, mais en Java ! https://glaforge.dev/posts/2025/09/10/generating-videos-in-java-with-veo3/ Génération de vidéos en Java avec Veo 3 (via le GenAI Java SDK de Google). Veo 3: Annoncé comme GA, prix réduits, support du format 9:16, résolution jusqu'à 1080p. Création de vidéos : À partir d'une invite textuelle (prompt). À partir d'une image existante. Deux versions différentes du modèle : veo-3.0-generate-001 (qualité supérieure, plus coûteux, plus lent). veo-3.0-fast-generate-001 (qualité inférieure, moins coûteux, mais plus rapide). Rod Johnson sur ecrire des aplication agentic en Java plus facilement qu'en python avec Embabel https://medium.com/@springrod/you-can-build-better-ai-agents-in-java-than-python-868eaf008493 Rod the papa de Spring réécrit un exemple CrewAI (Python) qui génère un livre en utilisant Embabel (Java) pour démontrer la supériorité de Java L'application utilise plusieurs agents AI spécialisés : un chercheur, un planificateur de livre et des rédacteurs de chapitres Le processus suit trois étapes : recherche du sujet, création du plan, rédaction parallèle des chapitres puis assemblage CrewAI souffre de plusieurs problèmes : configuration lourde, manque de type safety, utilisation de clés magiques dans les prompts La version Embabel nécessite moins de code Java que l'original Python et moins de fichiers de configuration YAML Embabel apporte la type safety complète, éliminant les erreurs de frappe dans les prompts et améliorant l'outillage IDE La gestion de la concurrence est mieux contrôlée en Java pour éviter les limites de débit des APIs LLM L'intégration avec Spring permet une configuration externe simple des modèles LLM et hyperparamètres Le planificateur Embabel détermine automatiquement l'ordre d'exécution des actions basé sur leurs types requis L'argument principal : l'écosystème JVM offre un meilleur modèle de programmation et accès à la logique métier existante que Python Il y a pas mal de nouveaux framework agentic en Java, notamment le dernier LAngchain4j Agentic Spring lance un serie de blog posts sur les nouveautés de Spring Boot 4 https://spring.io/blog/2025/09/02/road_to_ga_introduction baseline JDK 17 mais rebase sur Jakarta 11 Kotlin 2, Jackson 3 et JUnit 6 Fonctionnalités de résilience principales de Spring : @ConcurrencyLimit, @Retryable, RetryTemplate Versioning d'API dans Spring Améliorations du client de service HTTP L'état des clients HTTP dans Spring Introduction du support Jackson 3 dans Spring Consommateur partagé - les queues Kafka dans Spring Kafka Modularisation de Spring Boot Autorisation progressive dans Spring Security Spring gRPC - un nouveau module Spring Boot Applications null-safe avec Spring Boot 4 OpenTelemetry avec Spring Boot Repos Ahead of Time (Partie 2) Web Faire de la recherche sémantique directement dans le navigateur en local, avec EmbeddingGemma et Transformers.js https://glaforge.dev/posts/2025/09/08/in-browser-semantic-search-with-embeddinggemma/ EmbeddingGemma: Nouveau modèle d'embedding (308M paramètres) de Google DeepMind. Objectif: Permettre la recherche sémantique directement dans le navigateur. Avantages clés de l'IA côté client: Confidentialité: Aucune donnée envoyée à un serveur. Coûts réduits: Pas besoin de serveurs coûteux (GPU), hébergement statique. Faible latence: Traitement instantané sans allers-retours réseau. Fonctionnement hors ligne: Possible après le chargement initial du modèle. Technologie principale: Modèle: EmbeddingGemma (petit, performant, multilingue, support MRL pour réduire la taille des vecteurs). Moteur d'inférence: Transformers.js de HuggingFace (exécute les modèles AI en JavaScript dans le navigateur). Déploiement: Site statique avec Vite/React/Tailwind CSS, déployé sur Firebase Hosting via GitHub Actions. Gestion du modèle: Fichiers du modèle trop lourds pour Git; téléchargés depuis HuggingFace Hub pendant le CI/CD. Fonctionnement de l'app: Charge le modèle, génère des embeddings pour requêtes/documents, calcule la similarité sémantique. Conclusion: Démonstration d'une recherche sémantique privée, économique et sans serveur, soulignant le potentiel de l'IA embarquée dans le navigateur. Data et Intelligence Artificielle Docker lance Cagent, une sorte de framework multi-agent IA utilisant des LLMs externes, des modèles de Docker Model Runner, avec le Docker MCP Tookit. Il propose un format YAML pour décrire les agents d'un système multi-agents. https://github.com/docker/cagent des agents “prompt driven” (pas de code) et une structure pour decrire comment ils sont deployés pas clair comment ils sont appelés a part dans la ligne de commande de cagent fait par david gageot L'owasp décrit l'independance excessive des LLM comme une vulnerabilité https://genai.owasp.org/llmrisk2023-24/llm08-excessive-agency/ L'agence excessive désigne la vulnérabilité qui permet aux systèmes LLM d'effectuer des actions dommageables via des sorties inattendues ou ambiguës. Elle résulte de trois causes principales : fonctionnalités excessives, permissions excessives ou autonomie excessive des agents LLM. Les fonctionnalités excessives incluent l'accès à des plugins qui offrent plus de capacités que nécessaire, comme un plugin de lecture qui peut aussi modifier ou supprimer. Les permissions excessives se manifestent quand un plugin accède aux systèmes avec des droits trop élevés, par exemple un accès en lecture qui inclut aussi l'écriture. L'autonomie excessive survient quand le système effectue des actions critiques sans validation humaine préalable. Un scénario d'attaque typique : un assistant personnel avec accès email peut être manipulé par injection de prompt pour envoyer du spam via la boîte de l'utilisateur. La prévention implique de limiter strictement les plugins aux fonctions minimales nécessaires pour l'opération prévue. Il faut éviter les fonctions ouvertes comme “exécuter une commande shell” au profit d'outils plus granulaires et spécifiques. L'application du principe de moindre privilège est cruciale : chaque plugin doit avoir uniquement les permissions minimales requises. Le contrôle humain dans la boucle reste essentiel pour valider les actions à fort impact avant leur exécution. Lancement du MCP registry, une sorte de méta-annuaire officiel pour référencer les serveurs MCP https://www.marktechpost.com/2025/09/09/mcp-team-launches-the-preview-version-of-the-mcp-registry-a-federated-discovery-layer-for-enterprise-ai/ MCP Registry : Couche de découverte fédérée pour l'IA d'entreprise. Fonctionne comme le DNS pour le contexte de l'IA, permettant la découverte de serveurs MCP publics ou privés. Modèle fédéré : Évite les risques de sécurité et de conformité d'un registre monolithique. Permet des sous-registres privés tout en conservant une source de vérité “upstream”. Avantages entreprises : Découverte interne sécurisée. Gouvernance centralisée des serveurs externes. Réduction de la prolifération des contextes. Support pour les agents IA hybrides (données privées/publiques). Projet open source, actuellement en version preview. Blog post officiel : https://blog.modelcontextprotocol.io/posts/2025-09-08-mcp-registry-preview/ Exploration des internals du transaction log SQL Server https://debezium.io/blog/2025/09/08/sqlserver-tx-log/ C'est un article pour les rugeux qui veulent savoir comment SQLServer marche à l'interieur Debezium utilise actuellement les change tables de SQL Server CDC en polling périodique L'article explore la possibilité de parser directement le transaction log pour améliorer les performances Le transaction log est divisé en Virtual Log Files (VLFs) utilisés de manière circulaire Chaque VLF contient des blocs (512B à 60KB) qui contiennent les records de transactions Chaque record a un Log Sequence Number (LSN) unique pour l'identifier précisément Les données sont stockées dans des pages de 8KB avec header de 96 bytes et offset array Les tables sont organisées en partitions et allocation units pour gérer l'espace disque L'utilitaire DBCC permet d'explorer la structure interne des pages et leur contenu Cette compréhension pose les bases pour parser programmatiquement le transaction log dans un prochain article Outillage Les personalités des codeurs des différents LLMs https://www.sonarsource.com/blog/the-coding-personalities-of-leading-llms-gpt-5-update/ GPT-5 minimal ne détrône pas Claude Sonnet 4 comme leader en performance fonctionnelle malgré ses 75% de réussite GPT-5 génère un code extrêmement verbeux avec 490 000 lignes contre 370 000 pour Claude Sonnet 4 sur les mêmes tâches La complexité cyclomatique et cognitive du code GPT-5 est dramatiquement plus élevée que tous les autres modèles GPT-5 introduit 3,90 problèmes par tâche réussie contre seulement 2,11 pour Claude Sonnet 4 Point fort de GPT-5 : sécurité exceptionnelle avec seulement 0,12 vulnérabilité par 1000 lignes de code Faiblesse majeure : densité très élevée de “code smells” (25,28 par 1000 lignes) nuisant à la maintenabilité GPT-5 produit 12% de problèmes liés à la complexité cognitive, le taux le plus élevé de tous les modèles Tendance aux erreurs logiques fondamentales avec 24% de bugs de type “Control-flow mistake” Réapparition de vulnérabilités classiques comme les failles d'injection et de traversée de chemin Nécessité d'une gouvernance renforcée avec analyse statique obligatoire pour gérer la complexité du code généré Pourquoi j'ai abandonné Docker pour Podman https://codesmash.dev/why-i-ditched-docker-for-podman-and-you-should-too Problème Docker : Le daemon dockerd persistant s'exécute avec des privilèges root, posant des risques de sécurité (nombreuses CVEs citées) et consommant des ressources inutilement. Solution Podman : Sans Daemon : Pas de processus d'arrière-plan persistant. Les conteneurs s'exécutent comme des processus enfants de la commande Podman, sous les privilèges de l'utilisateur. Sécurité Renforcée : Réduction de la surface d'attaque. Une évasion de conteneur compromet un utilisateur non privilégié sur l'hôte, pas le système entier. Mode rootless. Fiabilité Accrue : Pas de point de défaillance unique ; le crash d'un conteneur n'affecte pas les autres. Moins de Ressources : Pas de daemon constamment actif, donc moins de mémoire et de CPU. Fonctionnalités Clés de Podman : Intégration Systemd : Génération automatique de fichiers d'unité systemd pour gérer les conteneurs comme des services Linux standards. Alignement Kubernetes : Support natif des pods et capacité à générer des fichiers Kubernetes YAML directement (podman generate kube), facilitant le développement local pour K8s. Philosophie Unix : Se concentre sur l'exécution des conteneurs, délègue les tâches spécialisées à des outils dédiés (ex: Buildah pour la construction d'images, Skopeo pour leur gestion). Migration Facile : CLI compatible Docker : podman utilise les mêmes commandes que docker (alias docker=podman fonctionne). Les Dockerfiles existants sont directement utilisables. Améliorations incluses : Sécurité par défaut (ports privilégiés en mode rootless), meilleure gestion des permissions de volume, API Docker compatible optionnelle. Option de convertir Docker Compose en Kubernetes YAML. Bénéfices en Production : Sécurité améliorée, utilisation plus propre des ressources. Podman représente une évolution plus sécurisée et mieux alignée avec les pratiques modernes de gestion Linux et de déploiement de conteneurs. Guide Pratique (Exemple FastAPI) : Le Dockerfile ne change pas. podman build et podman run remplacent directement les commandes Docker. Déploiement en production via Systemd. Gestion d'applications multi-services avec les “pods” Podman. Compatibilité Docker Compose via podman-compose ou kompose. Détection améliorée des APIs vulnérables dans les IDEs JetBrains et Qodana - https://blog.jetbrains.com/idea/2025/09/enhanced-vulnerable-api-detection-in-jetbrains-ides-and-qodana/ JetBrains s'associe avec Mend.io pour renforcer la sécurité du code dans leurs outils Le plugin Package Checker bénéficie de nouvelles données enrichies sur les APIs vulnérables Analyse des graphes d'appels pour couvrir plus de méthodes publiques des bibliothèques open-source Support de Java, Kotlin, C#, JavaScript, TypeScript et Python pour la détection de vulnérabilités Activation des inspections via Paramètres > Editor > Inspections en recherchant “Vulnerable API” Surlignage automatique des méthodes vulnérables avec détails des failles au survol Action contextuelle pour naviguer directement vers la déclaration de dépendance problématique Mise à jour automatique vers une version non affectée via Alt+Enter sur la dépendance Fenêtre dédiée “Vulnerable Dependencies” pour voir l'état global des vulnérabilités du projet Méthodologies Le retour de du sondage de Stack Overflow sur l'usage de l'IA dans le code https://medium.com/@amareshadak/stack-overflow-just-exposed-the-ugly-truth-about-ai-coding-tools-b4f7b5992191 84% des développeurs utilisent l'IA quotidiennement, mais 46% ne font pas confiance aux résultats. Seulement 3,1% font “hautement confiance” au code généré. 66% sont frustrés par les solutions IA “presque correctes”. 45% disent que déboguer le code IA prend plus de temps que l'écrire soi-même. Les développeurs seniors (10+ ans) font moins confiance à l'IA (2,6%) que les débutants (6,1%), créant un écart de connaissances dangereux. Les pays occidentaux montrent moins de confiance - Allemagne (22%), UK (23%), USA (28%) - que l'Inde (56%). Les créateurs d'outils IA leur font moins confiance. 77% des développeurs professionnels rejettent la programmation en langage naturel, seuls 12% l'utilisent réellement. Quand l'IA échoue, 75% se tournent vers les humains. 35% des visites Stack Overflow concernent maintenant des problèmes liés à l'IA. 69% rapportent des gains de productivité personnels, mais seulement 17% voient une amélioration de la collaboration d'équipe. Coûts cachés : temps de vérification, explication du code IA aux équipes, refactorisation et charge cognitive constante. Les plateformes humaines dominent encore : Stack Overflow (84%), GitHub (67%), YouTube (61%) pour résoudre les problèmes IA. L'avenir suggère un “développement augmenté” où l'IA devient un outil parmi d'autres, nécessitant transparence et gestion de l'incertitude. Mentorat open source et défis communautaires par les gens de Microcks https://microcks.io/blog/beyond-code-open-source-mentorship/ Microcks souffre du syndrome des “utilisateurs silencieux” qui bénéficient du projet sans contribuer Malgré des milliers de téléchargements et une adoption croissante, l'engagement communautaire reste faible Ce manque d'interaction crée des défis de durabilité et limite l'innovation du projet Les mainteneurs développent dans le vide sans feedback des vrais utilisateurs Contribuer ne nécessite pas de coder : documentation, partage d'expérience, signalement de bugs suffisent Parler du project qu'on aime autour de soi est aussi super utile Microcks a aussi des questions specifiques qu'ils ont posé dans le blog, donc si vous l'utilisez, aller voir Le succès de l'open source dépend de la transformation des utilisateurs en véritables partenaires communautaires c'est un point assez commun je trouve, le ratio parlant / silencieux est tres petit et cela encourage les quelques grandes gueules La modernisation du systemes legacy, c'est pas que de la tech https://blog.scottlogic.com/2025/08/27/holistic-approach-successful-legacy-modernisation.html Un artcile qui prend du recul sur la modernisation de systemes legacy Les projets de modernisation legacy nécessitent une vision holistique au-delà du simple focus technologique Les drivers business diffèrent des projets greenfield : réduction des coûts et mitigation des risques plutôt que génération de revenus L'état actuel est plus complexe à cartographier avec de nombreuses dépendances et risques de rupture Collaboration essentielle entre Architectes, Analystes Business et Designers UX dès la phase de découverte Approche tridimensionnelle obligatoire : Personnes, Processus et Technologie (comme un jeu d'échecs 3D) Le leadership doit créer l'espace nécessaire pour la découverte et la planification plutôt que presser l'équipe Communication en termes business plutôt que techniques vers tous les niveaux de l'organisation Planification préalable essentielle contrairement aux idées reçues sur l'agilité Séquencement optimal souvent non-évident et nécessitant une analyse approfondie des interdépendances Phases projet alignées sur les résultats business permettent l'agilité au sein de chaque phase Sécurité Cyber Attaque su Musée Histoire Naturelle https://www.franceinfo.fr/internet/securite-sur-internet/cyberattaques/le-museum-nati[…]e-d-une-cyberattaque-severe-une-plainte-deposee_7430356.html Compromission massive de packages npm populaires par un malware crypto https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised 18 packages npm très populaires compromis le 8 septembre 2025, incluant chalk, debug, ansi-styles avec plus de 2 milliards de téléchargements hebdomadaires combinés duckdb s'est rajouté à la liste Code malveillant injecté qui intercepte silencieusement l'activité crypto et web3 dans les navigateurs des utilisateurs Le malware manipule les interactions de wallet et redirige les paiements vers des comptes contrôlés par l'attaquant sans signes évidents Injection dans les fonctions critiques comme fetch, XMLHttpRequest et APIs de wallets (window.ethereum, Solana) pour intercepter le trafic Détection et remplacement automatique des adresses crypto sur multiple blockchains (Ethereum, Bitcoin, Solana, Tron, Litecoin, Bitcoin Cash) Les transactions sont modifiées en arrière-plan même si l'interface utilisateur semble correcte et légitime Utilise des adresses “sosies” via correspondance de chaînes pour rendre les échanges moins évidents à détecter Le mainteneur compromis par email de phishing provenant du faux domaine “mailto:support@npmjs.help|support@npmjs.help” enregistré 3 jours avant l'attaque sur une demande de mise a jour de son autheotnfication a deux facteurs après un an Aikido a alerté le mainteneur via Bluesky qui a confirmé la compromission et commencé le nettoyage des packages Attaque sophistiquée opérant à plusieurs niveaux: contenu web, appels API et manipulation des signatures de transactions Les anti-cheats de jeux vidéo : une faille de sécurité majeure ? - https://tferdinand.net/jeux-video-et-si-votre-anti-cheat-etait-la-plus-grosse-faille/ Les anti-cheats modernes s'installent au Ring 0 (noyau système) avec privilèges maximaux Ils obtiennent le même niveau d'accès que les antivirus professionnels mais sans audit ni certification Certains exploitent Secure Boot pour se charger avant le système d'exploitation Risque de supply chain : le groupe APT41 a déjà compromis des jeux comme League of Legends Un attaquant infiltré pourrait désactiver les solutions de sécurité et rester invisible Menace de stabilité : une erreur peut empêcher le démarrage du système (référence CrowdStrike) Conflits possibles entre différents anti-cheats qui se bloquent mutuellement Surveillance en temps réel des données d'utilisation sous prétexte anti-triche Dérive dangereuse selon l'auteur : des entreprises de jeux accèdent au niveau EDR Alternatives limitées : cloud gaming ou sandboxing avec impact sur performances donc faites gaffe aux jeux que vos gamins installent ! Loi, société et organisation Luc Julia au Sénat - Monsieur Phi réagi et publie la vidéo Luc Julia au Sénat : autopsie d'un grand N'IMPORTE QUOI https://www.youtube.com/watch?v=e5kDHL-nnh4 En format podcast de 20 minutes, sorti au même moment et à propos de sa conf à Devoxx https://www.youtube.com/watch?v=Q0gvaIZz1dM Le lab IA - Jérôme Fortias - Et si Luc Julia avait raison https://www.youtube.com/watch?v=KScI5PkCIaE Luc Julia au Senat https://www.youtube.com/watch?v=UjBZaKcTeIY Luc Julia se défend https://www.youtube.com/watch?v=DZmxa7jJ8sI Intelligence artificielle : catastrophe imminente ? - Luc Julia vs Maxime Fournes https://www.youtube.com/watch?v=sCNqGt7yIjo Tech and Co Monsieur Phi vs Luc Julia (put a click) https://www.youtube.com/watch?v=xKeFsOceT44 La tronche en biais https://www.youtube.com/live/zFwLAOgY0Wc Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 15 septembre 2025 : Agile Tour Montpellier - Montpellier (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 22-24 septembre 2025 : Kernel Recipes - Paris (France) 22-27 septembre 2025 : La Mélée Numérique - Toulouse (France) 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 23-24 septembre 2025 : AI Engineer Paris - Paris (France) 25 septembre 2025 : Agile Game Toulouse - Toulouse (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 30 septembre 2025-1 octobre 2025 : PyData Paris 2025 - Paris (France) 2 octobre 2025 : Nantes Craft - Nantes (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-7 octobre 2025 : Swift Connection 2025 - Paris (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 7-8 octobre 2025 : Agile en Seine - Issy-les-Moulineaux (France) 8-10 octobre 2025 : SIG 2025 - Paris (France) & Online 9 octobre 2025 : DevCon #25 : informatique quantique - Paris (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16 octobre 2025 : Power 365 - 2025 - Lille (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 17 octobre 2025 : Sylius Con 2025 - Lyon (France) 17 octobre 2025 : ScalaIO 2025 - Paris (France) 17-19 octobre 2025 : OpenInfra Summit Europe - Paris (France) 20 octobre 2025 : Codeurs en Seine - Rouen (France) 23 octobre 2025 : Cloud Nord - Lille (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 5-6 novembre 2025 : Tech Show Paris - Paris (France) 5-6 novembre 2025 : Red Hat Summit: Connect Paris 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 6 novembre 2025 : Agile Tour Aix-Marseille 2025 - Gardanne (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 19 novembre 2025 : SREday Paris 2025 Q4 - Paris (France) 19-21 novembre 2025 : Agile Grenoble - Grenoble (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : DevFest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 1-2 décembre 2025 : Tech Rocks Summit 2025 - Paris (France) 4-5 décembre 2025 : Agile Tour Rennes - Rennes (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 9-11 décembre 2025 : APIdays Paris - Paris (France) 9-11 décembre 2025 : Green IO Paris - Paris (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 11 décembre 2025 : Normandie.ai 2025 - Rouen (France) 14-17 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 12-13 février 2026 : Touraine Tech #26 - Tours (France) 22-24 avril 2026 : Devoxx France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) 4 septembre 2026 : JUG SUmmer Camp 2026 - La Rochelle (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

Segurança em Go não é só "rodar um scanner e rezar". Neste episódio, nós destrinchamos como escrever Go com cabeça de atacante: governança de dependências (e os perigos do type‑squatting), revisão de go.mod, uso criterioso da Standard Library e por que não usar latest em imagens. Também conectamos tecnologia com processo: repositórios privados, políticas de aprovação e pipeline que barra regressão antes do deploy.A conversa nasce de casos reais: do typo em (GHCR vs GHRC) que captura credenciais até a confusão com pacotes falsos tipo BoltDB look‑alike. Discutimos supply chain ponta a ponta, cache do Go Proxy, licenças (quando fugir de GPL) e boas práticas para autenticação.E claro, vamos além do código: SBOM no build, assinatura e verificação de imagens, OPA/Admission Control para políticas em Kubernetes, capabilities mínimas e validação de entradas com timeouts bem definidos. É papo prático, com nosso humor de sempre, para deixar segurança como padrão — não como tarefa de último minuto.Links Importantes: - Marcelo Pires - https://www.linkedin.com/in/marcpires/ - Matheus Faria - https://www.linkedin.com/in/matheusfm/ - João Brito - https://www.linkedin.com/in/juniorjbn - Assista ao FilmeTEArapia - https://youtu.be/M4QFmW_HZh0?si=HIXBDWZJ8yPbpflM - Post sobre ghrc.io - https://www.linkedin.com/posts/juniorjbn_someone-is-typosquatting-ghrcio-not-github-activity-7364387040618045441-UB88/ - Typosquat - https://devops.com/typosquat-supply-chain-attack-targets-go-developers/ - https://go.dev/doc/tutorial/govulncheck - vuln.go.dev - https://github.com/anchore/syft - https://github.com/anchore/grype - https://github.com/google/capslock - https://github.com/aquasecurity/trivy - LFD121 - https://training.linuxfoundation.org/training/developing-secure-software-lfd121/ - https://deps.dev/ - https://devops.com/typosquat-supply-chain-attack-targets-go-developers/Participe de nosso programa de acesso antecipado e tenha um ambiente mais seguro em instantes! https://getup.io/zerocve

Ole Lensmarm, Founder/CTO at TestKube, discusses how Kubernetes-native testing platforms are designed to address limitations in traditional CI/CD testing workflows. The conversation covers how TestKube differs from existing testing environments, expands test coverage opportunities for development and QA teams, and provides best practices for testing in Kubernetes environments.SHOW: 957SHOW TRANSCRIPT: The Cloudcast #957 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST: "CLOUDCAST BASICS" SPONSORS:[Interconnected] Interconnected is a new series from Equinix diving into the infrastructure that keeps our digital world running. With expert guests and real-world insights, we explore the systems driving AI, automation, quantum, and more. Just search Interconnected by Equinix.[TestKube] TestKube is Kubernetes-native testing platform, orchestrating all your test tools, environments, and pipelines into scalable workflows empowering Continuous Testing. Check it out at TestKube.io/cloudcast[DoIT] Visit doit.com (that's d-o-i-t.com) to unlock intent-aware FinOps at scale with DoiT Cloud Intelligence.SHOW NOTES:TestKube - A Kubernetes-native platform that powers Continuous Testing for today's AI-accelerated developmentTestKube (open source)Why did we start TestKube (Ole Lensmar)Topic 1 - Welcome to the show. Tell us about your background and what led you to start TestKube.Topic 2 - Let's talk about the origins of TestKube. What were some areas where you saw people having frustrations or limitations that were holding back their ability to do proper testing to get things into production?Topic 3 - Let's talk about the basics of TestKube. Can you talk about how it's different from existing testing environments, or how people use CI/CD todayTopic 4 - Does TestKube expand what a typical Dev-team, or QA-team would test, or does it create new opportunities for test coverage that were very difficult before? Topic 5 - What are some of the results or feedback you've heard from people using TestKube?Topic 6 - What are some best practices you're seeing as people begin to evolve how they test for their Kubernetes environments?Topic 7 - What's the best way for people to get started with TestKubeFEEDBACK?Email: show at the cloudcast dot netBluesky: @cloudcastpod.bsky.socialTwitter/X: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

As the Building Better Developers with AI season nears its close, Rob Broadhead and Michael Meloche revisit a topic every team faces but few get right: code consistency. In this episode, they explore how shared conventions, smart tooling, and simple documentation transform messy projects into scalable, high-quality systems. The Hidden Cost of Inconsistency Picture opening a project where every file tells a different story: mixed naming styles, conflicting error handling, and folders arranged on a whim. Before you can fix a bug or add a feature, you're lost in formatting chaos. Callout: Inconsistency wastes time, complicates onboarding, and hides defects—long before code reaches production. Rob notes that AI can now help. Define your preferred patterns—naming, structure, logging—and tools like ChatGPT can propose refactors that enforce uniformity. What Code Consistency Looks Like Consistency isn't about stifling creativity—it's about shared, predictable choices that reduce cognitive load. The essentials include: Naming & Structure – Clear, conventional names; sensible modules/packages. File Organization – Standard project layouts (Maven for Java, src/app folders in web projects). Comments & Docs – Concise explanations paired with readable code. Error Handling & Logging – A single, unified approach across the app. Michael highlights that without these agreements, containerized deployments break easily and new developers struggle to contribute. Why Teams Benefit from Code Consistency Rob compares a consistent codebase to a band playing in sync: individual instruments can vary, but the music holds together. That's the impact of code consistency. Benefits include: Communication: Developers spend less time deciphering quirks. Maintainability: Predictable structure accelerates debugging and onboarding. Quality: Automated tools enforce standards and prevent regressions. Professionalism: Consistent code signals engineering maturity, not just coding skill. Tools That Do the Heavy Lifting Michael insists that every team should enforce linters, formatters, and pre-commit hooks. Without them, a small change can appear as a full-file rewrite, confusing reviews and merges. Start with community standards like PEP8, Google Java Style, or eslint/prettier. Add checks to CI/CD pipelines. Document expectations in CONTRIBUTING.md or a team wiki. Pro Tip: One rule set, many editors. Don't let each IDE invent its own defaults. Debunking the Myths of Code Consistency “Standards kill creativity.” True creativity lies in solving problems, not inventing new brace styles. “It slows us down.” Alignment may take effort initially, but it saves hours of confusion later. “Every project is different.” Standards should evolve as living guidelines, not rigid laws. Michael adds that consistent libraries allow teams to reuse components across projects instead of duplicating them. How to Put Standards Into Practice Here's a simple rollout path: Choose a baseline such as PEP8 or Google Style. Automate formatting and linting. Add pre-commit hooks to stop violations early. Focus reviews on consistency, not just correctness. Document standards and revisit them quarterly. Encourage adoption. Praise clean diffs and fast merges. Your Developer Challenge Here's your action step: Pick one project and audit three files. How many naming styles, error-handling patterns, or file structures do you find? Then: Apply a linter or formatter. Document two conventions (naming + logging). Share them with your team. Small steps toward code consistency will save your team time, money, and frustration down the road. Stay Connected: Join the Developreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Contact us at info@develpreneur.com with your questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources Coding Standards – A Personal Approach Look More Professional With Personal Coding Standards One-Offs, Side Projects, and Veering From Standards Updating Developer Tools: Keeping Your Tools Sharp and Efficient The Developer Journey Videos – With Bonus Content Building Better Developers With AI Podcast Videos – With Bonus Content

In this episode of Technical Tips, we break down GPT-OSS — OpenAI's open-source LLMs you can run anywhere. From local setup to cloud hosting, fine-tuning, and performance tips — here's everything you need to get started with GPT-OSS.Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.

Making Invisible Work VisibleLately I noticed, sprint velocity looked fine and Jira showed progress. But none of the key tests, critical analysis and silent validations are tracked.After my observations I questioned: How much of our real work is visible?In Agile teams, productivity is often measured by delivered outputs: written code, released features, completed user stories, increasing metrics in dashboards, sprint completion rates, closed Jira tasks, the number of successful CI/CD runs, pull requests deployed to production, or customer-facing new functionalities.These are all important indicators. However, the behind-the-scenes efforts that make these visible outcomes possible are just as valuable.How to connect with AgileDad:- [website] https://www.agiledad.com/- [instagram] https://www.instagram.com/agile_coach/- [facebook] https://www.facebook.com/RealAgileDad/- [Linkedin] https://www.linkedin.com/in/leehenson/

Microsoft MVP Emanuel Palm joins The PowerShell Podcast to share his journey from managing printers in Sweden to being a Microsoft MVP who is automating the cloud with PowerShell and Azure. He talks about building the AZAuth module for OAuth authentication, using GitHub Actions for CI/CD, and the importance of blogging and community involvement. Plus, Emanuel reveals his unique side hobby... roasting coffee!   Key Takeaways From printers to the cloud: Emanuel's career shows how PowerShell can open doors, from automating IT tasks to driving cloud automation and DevOps practices. Community and sharing matter: Blogging, presenting, and contributing help you grow your own understanding while creating opportunities for others. Automation and authentication: With tools like GitHub Actions and his AZAuth module, Emanuel demonstrates how to simplify workflows and securely interact with APIs. Guest Bio Emanuel Palm is a Microsoft MVP based in Sweden, where he is a consultant focused on Microsoft technologies and is active in the PowerShell community. Emanuel is the creator of the AZAuth module, a lightweight solution for handling OAuth authentication in PowerShell, and a frequent speaker at events like PowerShell Conference Europe. Beyond tech, Emanuel is a coffee enthusiast who even roasts his own beans as a side hobby.   Resource Links Emanuel's Blog: https://pipe.how GitHub – Emanuel Palm: https://github.com/palmemanuel X / BlueSky: @palmemanuel AZAuth Module on GitHub: https://github.com/PalmEmanuel/AzAuth Emanuel's PS Wednesday: https://www.youtube.com/watch?v=trP2LLDynA0 Arkanum Coffee (Emanuel's hobby project): https://arkanum.coffee PDQ Discord: https://discord.gg/pdq Connect with Andrew: https://andrewpla.tech/links The PowerShell Podcast on YouTube: https://youtu.be/-uHHGVH1Kcc The PowerShell Podcast hub: https://pdq.com/the-powershell-podcast 

Is your Salesforce org as secure as you think? Many common configurations leave companies vulnerable, but mastering a few core principles can transform your security posture.In this episode of DevOps Diaries, Jack McCurdy is joined by Technical Program Manager and Salesforce security author Alice Jessop to demystify the art of protecting your CRM. They cut through the noise to deliver actionable insights for admins, developers, and managers.Alice unpacks the modern challenges of Salesforce security, from debunking dangerous misconceptions to navigating the complexities of user management. You'll learn the critical difference between Profiles and Permission Sets, why the principle of least privilege is non-negotiable, and how to cultivate a security-first mindset within your team.Tune in to explore:- The Evolution of Salesforce Security: How to stay ahead in the ever-changing Salesforce landscape.- Profiles vs. Permission Sets: Finally understand when and how to use each for optimal security.- The role of humans in security: Why your biggest vulnerability might not be technical.- The future of AI in security: How artificial intelligence is poised to change Salesforce security forever.- Actionable advice: Concrete tips on data classification and career growth for Salesforce professionals.Whether you're new to the ecosystem or a seasoned architect, this conversation provides a crucial framework for building a more resilient and secure Salesforce environment.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKWChapters:00:00 Introduction to Salesforce Security02:41 Evolution of Salesforce Security05:23 Common Misconceptions About Salesforce Security07:56 The Role of Admins in Security10:45 Profiles vs. Permission Sets13:30 Balancing Business and User Needs16:01 Building a Security Mindset18:25 Human Factors in Security21:00 The Exciting Intersection of AI and Security24:07 Data Management: The Foundation for AI Agents27:14 Experimenting with AI: Low-Risk Environments31:15 Conducting Effective Security Reviews35:24 The Future of Salesforce: Admins and AI37:55 Career Advice: Adapting in a Changing Landscape38:48 Humor and Learning: Insights from a Unique Journey

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

Guest: Rick Correa,Uber TL Google SecOps, Google Cloud Topics: On the 3rd anniversary of Curated Detections, you've grown from 70 rules to over 4700. Can you walk us through that journey? What were some of the key inflection points and what have been the biggest lessons learned in scaling a detection portfolio so massively? Historically the SecOps Curated Detection content was opaque, which led to, understandably, a bit of customer friction. We've recently made nearly all of that content transparent and editable by users. What were the challenges in that transition? You make a distinction between "Detection-as-Code" and a more mature "Software Engineering" paradigm. What gets better for a security team when they move beyond just version control and a CI/CD pipeline and start incorporating things like unit testing, readability reviews, and performance testing for their detections? The idea of a "Goldilocks Zone" for detections is intriguing – not too many, not too few. How do you find that balance, and what are the metrics that matter when measuring the effectiveness of a detection program? You mentioned customer feedback is important, but a confusion matrix isn't possible, why is that? You talk about enabling customers to use your "building blocks" to create their own detections. Can you give us a practical example of how a customer might use a building block for something like detecting VPN and Tor traffic to augment their security? You have started using LLMs for reviewing the explainability of human-generated metadata. Can you expand on that? What have you found are the ripe areas for AI in detection engineering, and can you share any anecdotes of where AI has succeeded and where it has failed?    Resources EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective EP231 Beyond the Buzzword: Practical Detection as Code in the Enterprise EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams EP139 What is Chronicle? Beyond XDR and into the Next Generation of Security Operations EP123 The Good, the Bad, and the Epic of Threat Detection at Scale with Panther “Back to Cooking: Detection Engineer vs Detection Consumer, Again?” blog “On Trust and Transparency in Detection” blog “Detection Engineering Weekly” newsletter “Practical Threat Detection Engineering” book

In this episode, Darko welcomes Mathias Buus Madsen, CEO of Holepunch and creator of Pear Runtime. Mathias shares how peer-to-peer tech and modular architecture let developers build apps without AWS or cloud lock-in.Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.

The enterprise network is under pressure like never before. Hybrid environments, cloud migrations, edge deployments, and the sudden surge in AI workloads have made it increasingly difficult to keep application connectivity secure and reliable. The old model of device-by-device, rule-based network management can't keep up with today's hyperconnected, API-driven world. In this episode of Tech Talks Daily, I sit down with Kyle Wickert, Field Chief Technology Officer at AlgoSec, to discuss the future of network management in the age of platformization. With more than a decade at AlgoSec and years of hands-on experience working with some of the world's largest enterprises, Kyle brings an unfiltered view of the challenges and opportunities that IT leaders are facing right now. We talk about why enterprises are rapidly shifting to platform-based models to simplify network security, but also why that strategy can start to break down when dealing with multi-vendor environments. Kyle explains the fragmentation across cloud, on-prem, and edge infrastructure that keeps CIOs awake at night, and why spreadsheets and manual change processes are still far too common in 2025. He also shares why visibility, intent-based policies, and policy automation are becoming non-negotiable in reducing risk and friction. Kyle doesn't just talk theory. He shares a real-world case study of a European financial institution that automated policy provisioning across firewalls and cloud infrastructure, integrated it with CI/CD pipelines, and reduced its change rejection rate from 25% to 4%. It's a compelling example of how the right approach to network management can deliver measurable improvements in agility, security, and business satisfaction.  

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

Every developer has war stories about a project that went sideways—too many abstractions, tests that didn't catch what mattered, or a late-night deploy with no rollback plan. In this episode, Matt and Mike dig into the seven biggest mistakes teams make when building web apps and how to avoid them. From over- and under-engineering, leaving hard problems until the last minute, and wasting time in low-impact areas, to skipping security basics, ignoring observability, and neglecting CI/CD, we cover the traps that derail projects. Along the way, we share practical strategies—like building for 10× growth (not 100×), using tracer-bullet proofs of concept, scoping by impact, and shipping behind feature flags. Whether you're launching your first SaaS or scaling an enterprise app, these lessons will help you build faster, safer, and smarter. Show Notes: https://www.htmlallthethings.com/podcasts/top-mistakes-that-developers-make-when-building-a-web-app-and-how-to-prevent-them Powered by CodeRabbit - AI Code Reviews: https://coderabbit.link/htmlallthethings Use our Scrimba affiliate link (https://scrimba.com/?via=htmlallthethings) for a 20% discount!! Full details in show notes.

Deploying and managing cloud workloads is a complex task that requires developers to handle infrastructure, scaling, CI/CD pipelines, and database hosting. Configuring and maintaining Kubernetes, ensuring smooth deployments, and integrating various services efficiently is a common challenge. Will Stewart is the co-founder and CEO of Northflank, which is a platform focused on streamlining application deployment The post Complex Workload Deployment with Will Stewart appeared first on Software Engineering Daily.

The Building Better Developers with AI podcast continues its season of revisiting past episodes with fresh insights. In this discussion, Rob Broadhead and Michael Meloche revisit the classic topic of breaking through career plateaus and reframe it through the lens of developer career growth. The original episode shared practical strategies for accelerating progress. This version adds AI-driven perspectives, personal stories, and a reminder that developers must be intentional about growth in a rapidly evolving industry. Recognizing Developer Career Growth Roadblocks Career plateaus are rarely obvious. Instead, they surface gradually through symptoms like: Completing tasks on autopilot A lack of new responsibilities or ownership Months without learning a new tool, framework, or design pattern As Rob explains, being “comfortable” often means you're falling behind. In technology, a developer's career growth demands continuous movement forward. If you haven't challenged yourself in six months, your developer career growth may already be stuck. Why Developer Career Growth Plateaus Happen Rob frames the plateau as a “gamer problem”—your XP bar fills, but the level-up screen never appears. Routine work, a lack of internal visibility, or failure to market oneself can all hinder a developer's career growth. Michael emphasizes the importance of self-reflection. Sometimes the issue isn't a lack of opportunity, but a lack of initiative. Are you doing the bare minimum, or seeking challenges that stretch you? He shares how experimenting with signature tablets and webcams—well outside his role—kept him learning and growing. That curiosity didn't move him up in that company, but it paved the way to a higher-paying role elsewhere. Expanding Beyond Code for Developer Career Growth Not all growth is about coding more. Rob points out that developer career growth also comes from: Taking on design and architecture work Mentoring and teaching others Exploring leadership or project ownership Michael reinforces the power of teaching. Sharing knowledge sharpens communication skills, broadens perspective, and strengthens problem-solving abilities. Strategies to Accelerate Developer Career Growth The episode outlines clear steps for reigniting progress: Stretch Projects – Volunteer for cross-team or challenging work. Skill Stacking – Add complementary abilities like UX, DevOps, or CI/CD. Mentorship 2.0 – Learn from mentors, but also mentor others. Visibility Boosts – Blog, present at meetups, or contribute to open source. Side Hustles – Build projects outside work to push yourself into new learning. Side projects are “cheat codes” for developer career growth. Even small shifts—such as switching IDEs or adopting new tools—can help shake off stagnation and sharpen your adaptability. AI's Role in Developer Career Growth Michael warns against ignoring AI. Some developers resist learning it, believing their existing skills will always be in demand. History shows otherwise—just as COBOL programmers saw demand collapse after Y2K, today's developers risk irrelevance by avoiding new technologies. Embracing AI isn't optional anymore. It's the new baseline for sustaining developer career growth. Episode Challenge: Take Charge of Your Developer Career Growth Your challenge this week: Identify one area where your growth has stalled, and take one intentional step forward. Options include: Learning a new framework or tool Volunteering for a stretch assignment Mentoring a junior colleague Starting a side project outside your comfort zone Don't wait for others to create opportunities. Own your developer career growth starting today. Final Thoughts Breaking through plateaus isn't about endless reinvention—it's about steady, intentional growth. Rob and Michael agree: if your current environment doesn't provide chances to grow, then create them—or find a place that will. Developer career growth is not optional. In a fast-moving industry, standing still means falling behind. Stay Connected: Join the Developreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Please get in touch with us at info@develpreneur.com with any questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources Essential Habits for Software Developers: Boosting Productivity and Career Growth Pivoting: How to Embrace Change and Fuel Your Professional Growth Are Technology Certifications Necessary For Career Growth? Be Intentional In Choosing Tasks For Career Growth The Developer Journey Videos – With Bonus Content Building Better Developers With AI Podcast Videos – With Bonus Content

Deploying and managing cloud workloads is a complex task that requires developers to handle infrastructure, scaling, CI/CD pipelines, and database hosting. Configuring and maintaining Kubernetes, ensuring smooth deployments, and integrating various services efficiently is a common challenge. Will Stewart is the co-founder and CEO of Northflank, which is a platform focused on streamlining application deployment The post Complex Workload Deployment with Will Stewart appeared first on Software Engineering Daily.

Bret discusses exciting news about Swarm being maintained until 2030.

Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show

Join Automox CISO and SVP of Product Jason Kikta for a recap of Black Hat and DEF CON 2025. In this episode, Jason shares his take on the conversation around AI in cybersecurity shifting from hype to practical tools for defenders. Hear why integrating AI into your CI/CD pipeline, alert triage, and vulnerability management could be a game changer, plus thoughts on choosing the right security events for your personality and goals. Whether you're a conference veteran or a curious first-timer, this episode offers insights, humor, and encouragement to get more involved in the security community.

Bret and Nirmal are joined by Michael Irwin to discuss Docker's comprehensive AI toolkit, covering everything from local model deployment to cloud-based container orchestration across multiple interconnected tools and services.

Kohsuke Kawaguchi is a prominent software engineer, best known as the creator of Jenkins, an open-source automation server that is widely used for continuous integration and continuous delivery (CI/CD). He is currently the Co-Head of AI at leading DevOps provider, CloudBees and the former Co-CEO of Launchable, an AI platform that speeds up testing to help teams expedite their continuous integration (CI) and delivery pipelines, which was acquired by CloudBees in 2024.Kawaguchi developed Jenkins as a side project when working at Sun Microsystems in 2011. Since then, it has become an essential tool for developers and DevOps professionals around the world helping teams automate parts of software development, testing, and deployment.In addition to his work on Jenkins, Kawaguchi has contributed to the broader open-source community and has worked with various technologies related to software development, automation, and cloud computing. He is also known for his contributions to the world of Java and DevOps.You can find Kohsuke on the following sites:WebsiteXLinkedInGitHubHere are some links provided by Kohsuke:CloudBeesPLEASE SUBSCRIBE TO THE PODCASTSpotifyApple PodcastsYouTube MusicAmazon MusicRSS FeedYou can check out more episodes of Coffee and Open Source on https://www.coffeeandopensource.comCoffee and Open Source is hosted by Isaac Levin

How does someone with a non-traditional background end up leading Developer Relations for a tech giant like Slack? In this episode, host Jack McCurdy dives deep into the incredible story of Kurt Kemple.Kurt pulls back the curtain on his journey and shares the hard-won lessons that shaped his philosophy on community, collaboration, and creating meaningful tech. He reveals the critical importance of developer enablement and challenges a "build it and they will come" mentality.Get ready for a powerful conversation about the human side of DevOps. You'll hear Kurt's take on the future of community, the one framework that clarifies every project, and why building relationships is the ultimate key to shared success.About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKWChapters:00:00 Introduction to Kurt Kemple and Slack02:56 Kurt's Journey into Tech and Developer Relations05:34 The Importance of Tech Enablement08:42 Building a Career in Tech11:35 The Role of Community in Tech14:16 Job to Be Done Framework and Its Impact17:25 The Future of Community and Connection19:57 Reflections on Personal Communities and Growth24:53 The Power of Community in Professional Growth26:40 Aligning Business with User Needs28:23 Building Internal Communities30:08 Overcoming Resistance in Internal Teams31:41 The Importance of User Feedback33:51 Empathy in Community Building35:40 The Flywheel Effect in Developer Relations37:36 Collaborative Language and Shared Ownership39:44 The Role of Developer Relations41:54 Education and Enablement through Community43:13 Leveraging Slack for Effective Collaboration47:02 The Future of Slack and Developer Experience

Topics covered in this episode: rumdl - A Markdown Linter written in Rust * Coverage 7.10.0: patch* * aioboto3* * You might not need a Python class* Extras Joke Watch on YouTube About the show Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: rumdl - A Markdown Linter written in Rust via Owen Lamont Supports toml file config settings Install via uv tool install rumdl. ⚡️ Built for speed with Rust - significantly faster than alternatives

Rob Zuber sits down with Tara Hernandez, VP of Developer Productivity at MongoDB and former Netscape engineer who helped create early continuous integration systems, to explore strategic frameworks for build vs. buy decisions in modern software delivery.Hernandez shares insights from scaling MongoDB's proprietary CI system—processing 10 engineer years of compute daily—and reveals how organizations can evaluate when custom infrastructure drives competitive advantage versus when strategic partnerships accelerate growth. Her perspective on navigating the evolving landscape of CI/CD tooling offers actionable guidance for engineering leaders balancing innovation with operational efficiency.Have someone in mind you'd like to hear on the show? Reach out to us on X at @CircleCI!

➡ Prevent Risk At The Source with Cortex Cloud: https://www.paloaltonetworks.com/cortex/cloud/application-security In this sponsored conversation, I speak with Sarit Tager, VP of Product Management at Palo Alto Networks, about how Prisma Cloud and their new ASPM solution are transforming cloud and application security by unifying data and deeply integrating business context into AppSec workflows. We talk about: Unifying AppSec, Cloud, and SOC into One Data Lake How Palo Alto merged their products into a single system that consolidates runtime, code, identity, cloud, and SOC data, allowing for true context-aware risk prioritization and faster response times across the board. From Detection to Dynamic Prevention Why the future of application security isn’t just about discovering vulnerabilities, but enforcing smart, context-based guardrails during development, CI/CD, and build processes to prevent issues before they reach production. AI-Powered Insight and the Future of Secure DevOpsHow their system uses AI to analyze the full security posture, enrich findings, simulate attack paths, and recommend precise mitigations. The platform even helps guide security and engineering teams through better workflows, boosting velocity, and not blocking it. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters: 00:00 – Sarit’s Background and the Goal of Unifying Security Context01:50 – Building a Single Data Lake for Cloud, SOC, and AppSec04:28 – From Noise to Clarity: Fixing the Prioritization Problem in AppSec06:47 – Using Business Context to Drive Risk-Based Decisions10:18 – True App Ownership, Developer Velocity, and Aligning with Business Impact13:12 – Continuous Discovery and Bringing External Signals Into One View15:25 – Why App Grouping and Context-Rich Policies Increase Velocity17:58 – How Attackers Are Already Building Their Own Unified Context (UEC)20:45 – Prisma’s Control Points: IDE, PR, CI/CD, Image, Admission Control21:56 – Bringing In Data From External Scanners and Enriching Coverage24:23 – Ecosystem Signals, Query Language, and Intelligent Workflow Automation25:05 – Closing Thoughts: Security and Developers Working TogetherBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

Bret is joined by Andrew Tunall, the President and Chief Product Officer at Embrace, to discuss his prediction that we'll all start shipping non-QA'd code (buggier code in production) and QA will need to be replaced with better observability.

Every enterprise is legit rushing to build AI agents.But there's no instructions. So, what do you do? How do you make sure it works? How do you track reliability and traceability? We dive in and find out.Newsletter: Sign up for our free daily newsletterMore on this Episode: Episode PageJoin the discussion: Have a question? Join the convo here.Upcoming Episodes: Check out the upcoming Everyday AI Livestream lineupWebsite: YourEverydayAI.comEmail The Show: info@youreverydayai.comConnect with Jordan on LinkedInTopics Covered in This Episode:Google Gemini's Veo 3 Video Creation ToolTrust & Reliability in AI AgentsBuilding Reliable AI Agents GuideAgentic AI for Mission-Critical TasksMicro Agentic System Architecture DiscussionNondeterministic Software Challenges for EnterprisesGalileo's Agent Leaderboard OverviewMulti-Agent Systems: Future ProtocolsTimestamps:00:00 "Building Reliable Agentic AI"05:23 The Future of Autonomous AI Agents08:43 Chatbots vs. Agents: Key Differences10:48 "Galileo Drives Enterprise AI Adoption"13:24 Utilizing AI in Regulated Industries18:10 Test-Driven Development for Reliable Agents22:07 Evolving AI Models and Tools24:05 "Multi-Agent Systems Revolution"27:40 Ensuring Reliability in Single AgentsKeywords:Google Gemini, Agentic AI, reliable AI agents, mission-critical tasks, large language models, AI reliability platform, AI implementation, microservices, micro agents, ChuckGPT, AI observability, enterprise applications, nondeterministic software, multi-agentic systems, AI trust, AI authentication, AI communication, AI production, test-driven development, agent EVALS, Hugging Face space, tool calls, expert protocol, MCP protocol, Google A2A protocol, multi-agent systems, agent reliability, real-time prevention, CICD aspect, mission-critical agents, nondeterministic world, reliable software, Galileo, agent leaderboard, AI planning, AI execution, observability feedback, API calls, tool selection quality.Send Everyday AI and Jordan a text message. (We can't reply back unless you leave contact info) Ready for ROI on GenAI? Go to youreverydayai.com/partner

Luke Marsden, CEO and Founder, HelixML talks about Private GenAI. What is it? Why do you need it? We also discuss integration into CI/CD pipelines, the layers of a Private GenAI Stack, and why most organizations are opting for RAG over fine-tuning LLMs.SHOW: 943SHOW TRANSCRIPT: The Cloudcast #943 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET NEW TO CLOUD? CHECK OUT OUR OTHER PODCAST:  "CLOUDCAST BASICS" SPONSORS:[DoIT] Visit doit.com (that's d-o-i-t.com) to unlock intent-aware FinOps at scale with DoiT Cloud Intelligence.[FCTR] Try FCTR.io (that's F-C-T-R dot io) free for 60 days. Modern security demands modern solutions. Check out Fctr's Tako AI, the first AI agent for Okta, on their website[VASION] Vasion Print eliminates the need for print servers by enabling secure, cloud-based printing from any device, anywhere. Get a custom demo to see the difference for yourself.SHOW NOTES:HelixML websiteHelixML GitHubHelix 1.0 Announcement BlogTopic 1 - Welcome to the show Luke. Give everyone a brief intro.Topic 2 - Let's start with Priavte GenAI. What is it? Why should organizations out there consider it? Why not just use OpenAI GPT's and fine tune them?Topic 2a Follow up - Regulatory Compliance - take the opposing forces in the EU for instance to using SaaS based services based in the United States.Topic 3 - Let's break down the layers in a typical Private AI stack. I'm seen various ways to represent this such as infrastructure layer, MLOps layer, models, data layer (typically RAG), etc. How do you break up the stack into individual componentsTopic 4 - My mind immediately jumps to similarities in the DevOps space. Abstraction layers and components like Docker and containers comes to mind, integration into CI/CD pipelines, etc. I feel like MLOps is it's own thing with specific tools and workflows. Does this all come together and if so how?Topic 5 - Also, what does this mean for versioning and lifecycle management of the models and the data?Topic 6 - We are seeing more and more data pipelines with backed by multiple models, sometimes in multiple locations. How do handle this from both a scheduling and interface standpoint? Is everything hidden behind APIs for instance?Topic 7 - If anyone is interested, what's the best way to get started?FEEDBACK?Email: show at the cloudcast dot netBluesky: @cloudcastpod.bsky.socialTwitter/X: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod

#308: In this episode, hosts Darin and Viktor are joined by guest Ricardo Castro to delve into the complexities and misconceptions surrounding Continuous Integration (CI) and Continuous Deployment (CD). The discussion begins with Ricardo's insights from a previous talk on the overestimation of automated systems in CI/CD and transitions into a broader conversation about the true essence of CI/CD practices. Key points include the critical distinctions between CI and CD, the importance of small batch deployments, the role of automation in scaling these processes, and the vital connection between CI/CD and business needs. The episode also touches on the contributions to open source projects and the need for balancing automation with risk management, ultimately questioning whether CI/CD can ever be truly solved.   Ricardo's contact information: LinkedIn: https://www.linkedin.com/in/mccricardo/ X: https://x.com/mccricardo   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

In this episode of Elixir Wizards, Dan Ivovich and Charles Suggs sit down with Norbert “NobbZ” Melzer to discuss how Nix enables reproducible builds, consistent development environments, and reliable deployments for Elixir projects. Norbert shares his journey from Ruby to Elixir, contrasts Nix with NixOS, and walks us through flakes, nix-shell workflows, sandboxed builds, and rollback capabilities. Along the way, we cover real-world tips for managing Hex authentication, integrating Nix into CI/CD, wrapping Mix releases in Docker, and avoiding common pitfalls, such as flake performance traps. Whether you're spinning up your first dev shell or rolling out a production release on NixOS, you'll come away with a clear, gradual adoption path and pointers to the community mentors and resources that can help you succeed. Key topics discussed in this episode: Reproducible, sandboxed builds vs. traditional package managers Nix flakes for locked dependency graphs and version pinning nix-shell: creating consistent development environments across teams Rollback and immutable deployment strategies with Nix/NixOS Integrating Nix with the Elixir toolchain: Hex, Mix, and CI/CD pipelines Flakes vs. standard shells: when and how to transition Handling private Hex repositories and authentication in Nix Cross-platform support (macOS/Darwin, Linux variants) Channels, overlays, and overrides for customizing builds Dockerizing Elixir releases using Nix-based images Home Manager for personal environment configuration Security patching workflows in a Nix-managed infrastructure Common pitfalls: flake performance, sandbox workarounds, and symlink behavior Community resources and the importance of human mentorship Links mentioned: https://jobrad-loop.com/ https://nixos.org/ https://nix.dev/ https://nix.dev/manual/nix/2.18/command-ref/nix-shell https://github.com/nix-darwin/nix-darwin https://asdf-vm.com/ https://go.dev/ https://docs.redhat.com/en/documentation/redhatenterpriselinux/8/html/packaginganddistributingsoftware/introduction-to-rpm_packaging-and-distributing-software Nix Flake templates for Elixir https://github.com/jurraca/elixir-templates https://www.docker.com/ https://www.sudo.ws/ https://ubuntu.com/ https://archlinux.org/ Nobbz's blog https://blog.nobbz.dev/blog/ https://ayats.org/blog/nix-workflow @nobbz.dev on BlueSky @NobbZ1981 on Twitter https://www.linkedin.com/in/norbert-melzer/ https://youtu.be/HbtbdLolHeM?si=6M7fulTQZmuWGGCM (talk on CodeBEAM)

In this special live episode recorded amidst the rain-soaked streets of Malmö duringPSConfEU 2025, host Andrew Pla brings us a vibrant, multi-guest edition of the PowerShell Podcast. From impromptu bar chats to in-depth discussions on PowerShell modules, CI/CD pipelines, career growth, and community culture, this episode captures the heart of the PowerShell community in full force. Hear from speakers, first-time attendees, longtime community contributors, and PowerShell legends as they share their stories, projects, career journeys, favorite sessions, and the human side of tech.   Guests: Harm Veenstra (PowerShellIsFun, MVP and Legend) Constantin Hager (PS Framework user & Inn-Salzach PowerShell Group organizer) Thomas Hadin (Swedish consultant, Discord regular) James Ruskin (Chocolatey engineer, bigtime PowerSheller, kind and smart) Emanuel Palm (Microsoft MVP and PSConfEU speaker) Suresh "SK" Krishnan (IAM pro & PowerShell podcast superfan) Topics Covered: Favorite PSConfEU 2025 sessions and key takeaways GitHub Actions & GitHub Apps deep dive Lightning talks & community demo formats User group organizing and mentoring new speakers Tools: PS Framework, Spectre.Console, AI Shell, ModuleBuilder PowerShell remoting, PSDefaultParameterValues, and CI pipelines Career development insights, perspective shifts, and personal growth Building friendships and networks in the PowerShell community Highlights: “There's no magic” – a recurring theme reminding listeners to understand what they're running. Reflections on how empathy and perspective can transform your IT career. A shoutout to the PowerShell Discord community and lesser-known contributors like weq and Chris Dent. Real stories of overcoming stage fright, pushing past visa issues, and finding belonging through tech. Links: https://discord.gg/pdq https://psconf.eu https://andrewpla.tech/links Watch PowerShell Wednesday: https://www.youtube.com/playlist?list=PL1mL90yFExsix-L0havb8SbZXoYRPol0B PSConfEU 2025 sessions: https://www.youtube.com/watch?v=9CJWhWdbTGU&list=PLDCEho7foSoo6tc8iNDSrxp27dG_gtm6g The PowerShell Podcast Hub: https://pdq.com/the-powershell-podcast  The PowerShell Podcast on YouTube: https://youtu.be/RoVlp5XmXBc