POPULARITY
Categories
Mike & Tommy are joined one last time by Mathias as they talk technical process and strategy.Get in touch:Send in your questions or topics you want us to discuss by tweeting to @PowerBITips with the hashtag #empMailbag or submit on the PowerBI.tips Podcast Page.Visit PowerBI.tips: https://powerbi.tips/Watch the episodes live every Tuesday and Thursday morning at 730am CST on YouTube: https://www.youtube.com/powerbitipsSubscribe on Spotify: https://open.spotify.com/show/230fp78XmHHRXTiYICRLVvSubscribe on Apple: https://podcasts.apple.com/us/podcast/explicit-measures-podcast/id1568944083Check Out Community Jam: https://jam.powerbi.tipsFollow Mike: https://www.linkedin.com/in/michaelcarlo/Follow Seth: https://www.linkedin.com/in/seth-bauer/Follow Tommy: https://www.linkedin.com/in/tommypuglia/
Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show
Updating developer tools is essential for developers who want to stay efficient, secure, and competitive. In this episode of Building Better Developers with AI, Rob Broadhead and Michael Meloche explore how maintaining modern toolsets helps individuals and teams deliver better software, faster. With support from AI-generated analysis and real-world experience, they outline the risks of falling behind—and how to move forward. Listen to the full episode of Building Better Developers with AI for practical insights and ideas you can start applying today. Efficiency and Profitability When Updating Developer Tools AI captured the core message well: using outdated tools slows down delivery, creates unnecessary friction, and ultimately reduces profitability. For side hustlers and teams alike, this loss of efficiency can make or break a project. Rob pointed out that many developers begin their careers using only basic tools. Without proper exposure to modern IDEs like IntelliJ, Visual Studio Code, or Eclipse, they miss out on powerful features such as debugging tools, plugin support, container integration, and real-time collaboration. Warning Signs You Should Be Updating Developer Tools How do you know it's time to update your development tools? Rob and Michael discussed key red flags: Frequent crashes or poor performance Lack of support for modern languages or frameworks Weak integration with tools like GitHub Actions or Docker Outdated or unsupported plugins Inconsistent tooling across team members Neglecting to update developer tools can lead to slow onboarding, poor collaboration, and increased bugs—especially in fast-paced or regulated environments. Tool Standardization vs. Flexibility When Updating Tools There's a balance between letting developers choose their tools and ensuring consistency across a team. While personal comfort can boost productivity, it may also cause challenges when teams debug or collaborate. Rob and Michael recommend hosting internal hackathons to explore new toolchains or standardize workflows. These events give teams a structured way to evaluate tools and share findings. The Security Risk of Not Updating Developer Tools Michael highlighted that outdated tooling doesn't just slow developers down—it creates serious security and compliance risks. Being just one or two versions behind can open vulnerabilities that violate standards like HIPPA, OWASP or SOX. Regular updates to SDKs, plugins, and IDEs are essential for staying compliant, especially in sensitive industries like finance or healthcare. How to Evaluate New Tools Before Updating Developer Toolchains Rob offered a practical framework for evaluating new tools: Does it solve a real pain point? Start with a side project or proof of concept. Check for strong community support and documentation. Balance between stable and innovative. Michael added a note of caution: avoid adopting tools with little community activity or long-term support. If a GitHub project has only a couple of contributors and poor maintenance, it's a red flag. Developer Tools to Review and Update Regularly To keep your development environment current, Rob suggested reviewing these tool categories often: IDEs and code editors Version control tools CI/CD systems and build automation Testing and QA frameworks Package managers and dependency systems Containerization and environment management platforms Using AI to convert simple apps into different frameworks can also help evaluate new tools—just make sure not to share proprietary code. Final Thoughts Modern development demands modern tooling. From cleaner code to faster deployment and stronger team collaboration, the benefits of updating developer tools are clear. Whether you're an independent developer or part of a larger organization, regularly reviewing and upgrading your toolset is a habit worth forming. Stay Connected: Join the Developreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Contact us at info@develpreneur.com with your questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources Navigating Communication Tools in Modern Workplaces Building a Portable Development Environment That is OS-agnostic Modern Tools For Monetizing Content Updating Developer Tools: Keeping Your Tools Sharp and Efficient Building Better Developers With AI Podcast Videos – With Bonus Content
What happens when you give every employee access to the paid version of ChatGPT? At Knownwell, it wasn't just a tech decision—it was a culture shift. Knownwell CMO Courtney Baker, CEO David DeWolf, and Chief Product & Technology Officer Mohan Rao explore the real-world implications of a strategic move: providing company-wide access to ChatGPT. They share what sparked the decision and how a structured rollout strategy transformed productivity, communication, and innovation across the team. They also dive into what smart deployment looks like, from setting enterprise controls to embedding AI within your company's OKRs. Pete Buer kicks off the episode with an eye-opening look at Apple's latest research into large language model reasoning and why businesses must approach AI tools with both optimism and caution. He unpacks the importance of human-AI collaboration and encourages leaders to ditch the “magic wand” mindset. Also in this episode: Part two of Pete's interview with Ardy Tripathy, AI lead at OpsCanvas. Ardy reveals how AI can help eliminate “zombie resources” in cloud infrastructure, streamline CI/CD pipelines, and enhance visibility across systems. He also offers practical tips for CEOs on how to lead AI experimentation without losing control. This episode is a must-listen for leaders navigating the AI learning curve, and for teams wondering what enterprise-wide access really unlocks. Watch this episode on YouTube: https://youtu.be/NneA_LgHEYc Curious what your company's data looks like on Knownwell? Schedule a demo at www.knownwell.com.
Antoine Tanguy est DataOps chez Brevo, la licorne française qui propose une solution de marketing automation. Arrivé il y a 4 ans chez Brevo, il a évolué du poste de SRE vers celui de Data Ops il y a 1 an et demi. Il accompagne une équipe Data de 15 personnes répartie en 3 sous-équipes : Data Science, Data Engineering et Data Analytics.On aborde :
In this season of the Analytics Engineering podcast, Tristan is digging deep into the world of developer tools and databases. There are few more widely used developer tools than Docker. From its launch back in 2013, Docker has completely changed how developers ship applications. In this episode, Tristan talks to Solomon Hykes, the founder and creator of Docker. They trace Docker's rise from startup obscurity to becoming foundational infrastructure in modern software development. Solomon explains the technical underpinnings of containerization, the pivotal shift from platform-as-a-service to open-source engine, and why Docker's developer experience was so revolutionary. The conversation also dives into his next venture Dagger, and how it aims to solve the messy, overlooked workflows of software delivery. Bonus: Solomon shares how AI agents are reshaping how CI/CD gets done and why the next revolution in DevOps might already be here. For full show notes and to read 6+ years of back issues of the podcast's companion newsletter, head to https://roundup.getdbt.com. The Analytics Engineering Podcast is sponsored by dbt Labs.
In this episode of Building Better Developers, hosts Rob Broadhead and Michael Meloche explore how to improve team collaboration in software development through the lens of AI-driven insights. Whether you're a solo developer, part of a tight-knit team, or scaling across departments, collaboration remains the backbone of efficiency and success. What Does Collaboration Mean in Development? AI kicked off the discussion with a powerful insight: define “efficiency” in context. But more importantly, it highlighted that collaboration fuels efficiency, not just working faster, but working better. Effective collaboration avoids: Redundant work Misunderstood requirements Tech debt and burnout Rob emphasized that a productive team isn't rushing through tasks but solving the correct problems—together—on the first try. Collaboration Strategies for Solo Developers Even solo developers need structured collaboration between their tools, their future selves, and their automation stack. Top collaboration tips for independent devs: Use opinionated frameworks like Next.js or Rails to minimize decision fatigue. Automate repetitive tasks early to save time in the long run. Commit code regularly with meaningful messages. Document workflows using Notion, Obsidian, or Jira—even if you're the only one using them. Containerize development environments for repeatability and rapid setup. “Solo doesn't mean siloed. Collaborate with your tools, your past decisions, and future goals.” Enhancing Collaboration in Small Development Teams For teams of 2–10 developers, Rob and Michael discussed how tight feedback loops and structured communication are essential to avoid chaos. Recommended practices for small team collaboration: Short, focused daily standups Shared development environments Lightweight Agile or Kanban boards Early investment in CI/CD pipelines Use of pair programming or mob programming for knowledge sharing Michael emphasized Agile's power in synchronizing team efforts, avoiding duplicated work, and solving problems more efficiently as a unit. “Agile helps teams collaborate—not just communicate. It keeps everyone moving in the same direction.” Solving Common Bottlenecks Together AI highlighted four universal collaboration pain points and solutions: Slow Code Reviews - Use SLAs and rotate reviewers Unclear Requirements - Kick off with 15-minute clarification huddles Testing Paralysis - Focus on integration tests and avoid overtesting Context Switching - Block dedicated focus hours Michael zeroed in on testing paralysis, especially in early-stage projects, where developers are too busy scaffolding to write tests. Without collaboration on testing plans, critical issues may be overlooked until it is too late. Rob addressed context switching, warning against excessive meetings that fragment developer flow. Leads should shield devs from distraction by delivering distilled, actionable feedback. Final Thoughts on Collaborative Development As teams grow, minor issues scale fast, and so do inefficiencies. Tools, meetings, workflows, and expectations must all scale intentionally. Rob reminded leaders to summarize and distill information before passing it to their teams and to make clever use of tools like AI, recordings, and summaries to keep everyone aligned without wasting time. “If you're building better developers, you're also building better collaborators.” Take Action: Build Collaboration Into Your Workflow Reassess your standups and review cycles Empower solo devs with documentation and CI/CD Streamline onboarding with containers Test early, test together Protect team focus time Stay Connected: Join the Developreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Contact us at info@develpreneur.com with your questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources Embrace Feedback for Better Teams Using Offshore Teams and Resources – Interview With Tanika De Souza Moving To Mobile Teams and Building Them – Sebastian Schieke Building Better Developers With AI Podcast Videos – With Bonus Content
Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show
Parce que… c'est l'épisode 0x602! Shameless plug 27 et 29 juin 2025 - LeHACK 12 au 17 octobre 2025 - Objective by the sea v8 10 au 12 novembre 2025 - IAQ - Le Rendez-vous IA Québec 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2065 Description Introduction et contexte François Proulx fait son retour pour présenter l'évolution de ses recherches sur la sécurité des chaînes d'approvisionnement (supply chain) depuis sa présentation de l'année précédente. Ses travaux portent sur la détection de vulnérabilités dans les pipelines de construction (build pipelines) des projets open source, un sujet qui avait suscité beaucoup d'intérêt suite à l'incident XZ Utils. Évolution de la méthodologie de recherche Depuis l'année dernière, l'équipe de François a considérablement amélioré ses outils et sa stratégie de détection. Plutôt que de scanner massivement tous les dépôts disponibles, ils ont adopté une approche plus ciblée en se concentrant sur des entités majeures comme Google, Red Hat, Nvidia et Microsoft. Ces organisations sont des contributeurs importants de projets open source critiques et bien maintenus. Cette nouvelle approche leur permet de découvrir des centaines d'organisations GitHub par entité, chacune contenant parfois des milliers de dépôts. L'objectif reste le même : détecter des vulnérabilités zero-day dans les build pipelines qui permettent de compiler, tester et distribuer les projets open source, notamment via GitHub Actions. La problématique fondamentale des CI/CD François présente une analogie frappante pour expliquer la dangerosité des systèmes d'intégration continue : “un CI/CD, c'est juste du RCE as a service” (Remote Code Execution as a Service). Ces systèmes sont des applications web qui attendent de recevoir des déclencheurs sur une interface publique accessible via Internet. Dans le cas de GitHub Actions, il suffit d'ouvrir une pull request pour déclencher automatiquement l'exécution de tests. Cette situation rappelle les vulnérabilités des années 1990-2000 avec les débordements de pointeurs. François utilise une formule percutante : “les build pipelines ressemblent à une application PHP moyenne de 2005 en termes de codage sécurisé”. Cette comparaison souligne que malgré les décennies d'évolution en sécurité informatique, les mêmes erreurs fondamentales se répètent dans de nouveaux contextes. Les mécanismes d'exploitation Les vulnérabilités exploitent principalement les entrées non fiables (untrusted input) provenant des pull requests. Même les brouillons de contributions peuvent déclencher automatiquement l'exécution de tests avant qu'un mainteneur soit notifié. Le problème s'aggrave quand les pipelines nécessitent des secrets pour communiquer avec des systèmes externes (notifications Slack, télémétrie, etc.). Par défaut, GitHub Actions hérite parfois d'anciennes permissions en lecture-écriture, ce qui permet aux tests d'avoir accès à un token avec des droits d'écriture sur le dépôt. Cette configuration peut permettre à un attaquant d'écrire dans le dépôt de manière non visible. Résultats impressionnants des analyses L'équipe a considérablement affiné ses outils de détection. À partir de 200 000 résultats initiaux, ils appliquent des règles plus précises pour identifier environ 10 000 cas intéressants. Ces règles valident non seulement la présence de vulnérabilités, mais aussi les critères d'exploitation et la présence de secrets exploitables. Après validation manuelle, environ 25% de ces 10 000 cas s'avèrent facilement exploitables. Ces chiffres démontrent l'ampleur du problème dans l'écosystème open source, même en reconnaissant l'existence probable de nombreux faux négatifs. Cas concrets : Google et les régressions François rapporte avoir découvert des vulnérabilités dans 22 dépôts appartenant à Google, notamment dans un projet lié à Google Cloud (probablement Data Flow). Après avoir signalé et reçu une récompense pour la correction, une régression est survenue une semaine plus tard dans le même workflow, leur valant une seconde récompense. Cette situation illustre un problème récurrent : même les grandes organisations comme Google peuvent reproduire les mêmes erreurs après correction, souvent par méconnaissance des mécanismes sous-jacents de ces nouvelles techniques d'exploitation. L'affaire Ultralytics : un cas d'école L'incident le plus marquant concerne la bibliothèque Python Ultralytics, très populaire pour la détection d'images par apprentissage automatique. En août, l'équipe avait détecté une vulnérabilité dans ce projet mais s'était concentrée sur les découvertes chez Google, négligeant de signaler cette faille. En décembre, Ultralytics a été compromis par l'injection d'un crypto-mineur, exploitant précisément la vulnérabilité identifiée quatre mois plus tôt. Cette attaque était particulièrement ingénieuse car elle ciblait des environnements avec des GPU puissants (utilisés pour le machine learning), parfaits pour le minage de cryptomonnaies, tout en restant discrète dans un contexte où une forte consommation GPU est normale. Pivot vers la détection proactive Cet incident a motivé un changement stratégique majeur : passer de la simple détection de vulnérabilités à la détection proactive d'exploitations en cours. L'équipe ingère désormais le “firehose” des événements publics GitHub, soit environ 5,5 millions d'événements quotidiens. Après filtrage sur les projets critiques avec des build pipelines, ils analysent environ 500 000 événements intéressants par jour. En appliquant leurs analyses sophistiquées et en croisant avec leurs connaissances des vulnérabilités, ils obtiennent environ 45 événements suspects à investiguer quotidiennement. Validation forensique avec Kong Cette nouvelle approche s'est rapidement avérée efficace. Pendant les vacances de Noël, leur système a continué d'ingérer les données automatiquement. Au retour, l'incident Kong (un contrôleur Ingress pour Kubernetes) leur a permis de créer une timeline forensique détaillée grâce aux données accumulées pendant leur absence. Découverte sur les forums cybercriminels La collaboration avec Flare, spécialisée dans l'analyse du dark web, a révélé des informations troublantes. En recherchant “Ultralytics” sur Breach Forum avec un filtrage temporel précis, François a découvert qu'un utilisateur avait créé un compte 24 heures avant l'attaque, publié exactement la vulnérabilité du pipeline Ultralytics en mentionnant l'utilisation de “Poutine” (leur outil), puis confirmé 24 heures après l'exploitation avoir gagné des Monero grâce à cette attaque. Cette découverte confirme que les cybercriminels utilisent activement les outils de recherche en sécurité pour identifier et exploiter des vulnérabilités, transformant ces outils défensifs en armes offensives. Implications et recommandations Cette situation soulève des questions importantes sur la responsabilité des chercheurs en sécurité. François insiste sur le fait que Poutine, leur outil de détection, devrait devenir le minimum absolu pour tout projet open source. Il compare cette nécessité à l'interdiction d'avoir des dépôts Git pour ceux qui n'implementent pas ces vérifications de base. L'analogie avec PHP 2005 reste pertinente : il a fallu des années pour que la communauté PHP matûrisse ses pratiques de sécurité. Les build pipelines traversent actuellement la même phase d'évolution, avec des erreurs fondamentales répétées massivement dans l'écosystème. Défis techniques et limites François reconnaît honnêtement les limitations de leur approche. Leur système ne détecte que les attaques les moins sophistiquées - des “low hanging fruits”. Des attaques complexes comme celle de XZ Utils ne seraient probablement pas détectées par leurs outils actuels, car elles sont trop bien camouflées. Le défi principal reste de filtrer efficacement le bruit dans les millions d'événements quotidiens pour obtenir un nombre d'alertes gérable par une petite équipe d'analystes. Ils reconnaissent que la majorité des incidents leur échappe probablement encore. Perspective d'avenir François exprime l'espoir que la maturation de l'écosystème des build pipelines sera plus rapide que les 20 ans qu'il a fallu pour sécuriser PHP. Leur travail de pionnier contribue à cette évolution en sensibilisant la communauté et en fournissant des outils concrets. L'angle d'analyse des build pipelines est particulièrement pertinent car il se situe à la croisée des chemins entre le code source et sa distribution, avec des possibilités d'exécution de code qui en font un point critique de la chaîne d'approvisionnement logicielle. Cette présentation illustre parfaitement l'évolution rapide des menaces dans l'écosystème open source moderne et la nécessité d'une vigilance constante pour sécuriser les infrastructures critiques dont dépend l'ensemble de l'industrie logicielle. Notes François Proulx Collaborateurs Nicolas-Loïc Fortin François Proulx Crédits Montage par Intrasecure inc Locaux réels par Northsec
This is episode 296 recorded on June 6th, 2025, where John & Jason talk the Microsoft Fabric May 2025 Feature Summary including a REST API updates for Fabric, updates to User Data Functions, Copilot in Power BI support for Fabric data agents, CosmosDB in Fabric, DataFlows Gen 2 CI/CD support is now GA, updates to Data Pipelines & Mirroring, and much more. For show notes please visit www.bifocal.show
If you like what you hear, please subscribe, leave us a review and tell a friend!
In this episode of Semaphore Uncut, Gou Rao—AI infrastructure veteran and co-founder of Neubird—joins Darko to explore how LLMs can support DevOps teams not just with suggestions, but with reasoning, context gathering, and real-time incident diagnosis. He shares the vision behind Hawkeye, Neubird's “digital engineer,” and what it means to build agentic systems that think and operate like humans.Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.
In a tech-driven world, human connection is more critical than ever. In this episode of DevOps Diaries, Jack McCurdy sits down with Jon Cline to explore the power of a people-first approach in the Salesforce ecosystem and beyond. Discover strategies for navigating high-pressure situations, resolving conflict with emotional intelligence, and turning chaos into compliments. Learn how to foster a culture that attracts and retains top talent by focusing on what truly matters: your people.About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKWChapters00:00 Introduction to the Salesforce Ecosystem03:02 The People-First Method: Transforming Teams06:05 Conflict Resolution and Project Success09:08 Embracing Discomfort in Professional Growth11:48 The Importance of Face-to-Face Interactions14:50 Navigating High-Pressure Situations17:50 The Future of Human Engagements20:53 Recognizing Dynamics in Team Interactions26:19 Navigating Political Challenges in Team Dynamics29:16 The Power of Small Talk in Team Collaboration30:43 Establishing a Culture of Values and Recognition33:41 Attracting and Retaining Talent in a Competitive Market35:31 Demonstrating Authentic Company Culture36:32 Transforming Chaos into Compliments40:50 People-First Approach to Leadership and Change
Every enterprise is legit rushing to build AI agents.But there's no instructions. So, what do you do? How do you make sure it works? How do you track reliability and traceability? We dive in and find out.Newsletter: Sign up for our free daily newsletterMore on this Episode: Episode PageJoin the discussion: Have a question? Join the convo here.Upcoming Episodes: Check out the upcoming Everyday AI Livestream lineupWebsite: YourEverydayAI.comEmail The Show: info@youreverydayai.comConnect with Jordan on LinkedInTopics Covered in This Episode:Google Gemini's Veo 3 Video Creation ToolTrust & Reliability in AI AgentsBuilding Reliable AI Agents GuideAgentic AI for Mission-Critical TasksMicro Agentic System Architecture DiscussionNondeterministic Software Challenges for EnterprisesGalileo's Agent Leaderboard OverviewMulti-Agent Systems: Future ProtocolsTimestamps:00:00 "Building Reliable Agentic AI"05:23 The Future of Autonomous AI Agents08:43 Chatbots vs. Agents: Key Differences10:48 "Galileo Drives Enterprise AI Adoption"13:24 Utilizing AI in Regulated Industries18:10 Test-Driven Development for Reliable Agents22:07 Evolving AI Models and Tools24:05 "Multi-Agent Systems Revolution"27:40 Ensuring Reliability in Single AgentsKeywords:Google Gemini, Agentic AI, reliable AI agents, mission-critical tasks, large language models, AI reliability platform, AI implementation, microservices, micro agents, ChuckGPT, AI observability, enterprise applications, nondeterministic software, multi-agentic systems, AI trust, AI authentication, AI communication, AI production, test-driven development, agent EVALS, Hugging Face space, tool calls, expert protocol, MCP protocol, Google A2A protocol, multi-agent systems, agent reliability, real-time prevention, CICD aspect, mission-critical agents, nondeterministic world, reliable software, Galileo, agent leaderboard, AI planning, AI execution, observability feedback, API calls, tool selection quality.Send Everyday AI and Jordan a text message. (We can't reply back unless you leave contact info) Try Google Veo 3 today! Sign up at gemini.google to get started. Try Google Veo 3 today! Sign up at gemini.google to get started.
Mark Ericksen, creator of the Elixir LangChain framework, joins the Elixir Wizards to talk about LLM integration in Elixir apps. He explains how LangChain abstracts away the quirks of different AI providers (OpenAI, Anthropic's Claude, Google's Gemini) so you can work with any LLM in one more consistent API. We dig into core features like conversation chaining, tool execution, automatic retries, and production-grade fallback strategies. Mark shares his experiences maintaining LangChain in a fast-moving AI world: how it shields developers from API drift, manages token budgets, and handles rate limits and outages. He also reveals testing tactics for non-deterministic AI outputs, configuration tips for custom authentication, and the highlights of the new v0.4 release, including “content parts” support for thinking-style models. Key topics discussed in this episode: • Abstracting LLM APIs behind a unified Elixir interface • Building and managing conversation chains across multiple models • Exposing application functionality to LLMs through tool integrations • Automatic retries and fallback chains for production resilience • Supporting a variety of LLM providers • Tracking and optimizing token usage for cost control • Configuring API keys, authentication, and provider-specific settings • Handling rate limits and service outages with degradation • Processing multimodal inputs (text, images) in Langchain workflows • Extracting structured data from unstructured LLM responses • Leveraging “content parts” in v0.4 for advanced thinking-model support • Debugging LLM interactions using verbose logging and telemetry • Kickstarting experiments in LiveBook notebooks and demos • Comparing Elixir LangChain to the original Python implementation • Crafting human-in-the-loop workflows for interactive AI features • Integrating Langchain with the Ash framework for chat-driven interfaces • Contributing to open-source LLM adapters and staying ahead of API changes • Building fallback chains (e.g., OpenAI → Azure) for seamless continuity • Embedding business logic decisions directly into AI-powered tools • Summarization techniques for token efficiency in ongoing conversations • Batch processing tactics to leverage lower-cost API rate tiers • Real-world lessons on maintaining uptime amid LLM service disruptions Links mentioned: https://rubyonrails.org/ https://fly.io/ https://zionnationalpark.com/ https://podcast.thinkingelixir.com/ https://github.com/brainlid/langchain https://openai.com/ https://claude.ai/ https://gemini.google.com/ https://www.anthropic.com/ Vertex AI Studio https://cloud.google.com/generative-ai-studio https://www.perplexity.ai/ https://azure.microsoft.com/ https://hexdocs.pm/ecto/Ecto.html https://oban.pro/ Chris McCord's ElixirConf EU 2025 Talk https://www.youtube.com/watch?v=ojL_VHc4gLk Getting started: https://hexdocs.pm/langchain/gettingstarted.html https://ash-hq.org/ https://hex.pm/packages/langchain https://hexdocs.pm/igniter/readme.html https://www.youtube.com/watch?v=WM9iQlQSFg @brainlid on Twitter and BlueSky Special Guest: Mark Ericksen.
Mike & Tommy run through the latest developments with Git, CI/CD, and Data Ops at Microsoft Build 2025.Get in touch:Send in your questions or topics you want us to discuss by tweeting to @PowerBITips with the hashtag #empMailbag or submit on the PowerBI.tips Podcast Page.Visit PowerBI.tips: https://powerbi.tips/Watch the episodes live every Tuesday and Thursday morning at 730am CST on YouTube: https://www.youtube.com/powerbitipsSubscribe on Spotify: https://open.spotify.com/show/230fp78XmHHRXTiYICRLVvSubscribe on Apple: https://podcasts.apple.com/us/podcast/explicit-measures-podcast/id1568944083Check Out Community Jam: https://jam.powerbi.tipsFollow Mike: https://www.linkedin.com/in/michaelcarlo/Follow Seth: https://www.linkedin.com/in/seth-bauer/Follow Tommy: https://www.linkedin.com/in/tommypuglia/
Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show
Packaging MLOps Tech Neatly for Engineers and Non-engineers // MLOps Podcast #322 with Jukka Remes, Senior Lecturer (SW dev & AI), AI Architect at Haaga-Helia UAS, Founder & CTO at 8wave AI. Join the Community: https://go.mlops.community/YTJoinInGet the newsletter: https://go.mlops.community/YTNewsletter// AbstractAI is already complex—adding the need for deep engineering expertise to use MLOps tools only makes it harder, especially for SMEs and research teams with limited resources. Yet, good MLOps is essential for managing experiments, sharing GPU compute, tracking models, and meeting AI regulations. While cloud providers offer MLOps tools, many organizations need flexible, open-source setups that work anywhere—from laptops to supercomputers. Shared setups can boost collaboration, productivity, and compute efficiency.In this session, Jukka introduces an open-source MLOps platform from Silo AI, now packaged for easy deployment across environments. With Git-based workflows and CI/CD automation, users can focus on building models while the platform handles the MLOps.// BioFounder & CTO, 8wave AI | Senior Lecturer, Haaga-Helia University of Applied SciencesJukka Remes has 28+ years of experience in software, machine learning, and infrastructure. Starting with SW dev in the late 1990s and analytics pipelines of fMRI research in early 2000s, he's worked across deep learning (Nokia Technologies), GPU and cloud infrastructure (IBM), and AI consulting (Silo AI), where he also led MLOps platform development. Now a senior lecturer at Haaga-Helia, Jukka continues evolving that open-source MLOps platform with partners like the University of Helsinki. He leads R&D on GenAI and AI-enabled software, and is the founder of 8wave AI, which develops AI Business Operations software for next-gen AI enablement, including regulatory compliance of AI.// Related LinksOpen source -based MLOps k8s platform setup originally developed by Jukka's team at Silo AI - free for any use and installable in any environment from laptops to supercomputing: https://github.com/OSS-MLOPS-PLATFORM/oss-mlops-platformJukka's new company:https://8wave.ai~~~~~~~~ ✌️Connect With Us ✌️ ~~~~~~~Catch all episodes, blogs, newsletters, and more: https://go.mlops.community/TYExploreJoin our Slack community [https://go.mlops.community/slack]Follow us on X/Twitter [@mlopscommunity](https://x.com/mlopscommunity) or [LinkedIn](https://go.mlops.community/linkedin)] Sign up for the next meetup: [https://go.mlops.community/register]MLOps Swag/Merch: [https://shop.mlops.community/]Connect with Demetrios on LinkedIn: /dpbrinkmConnect with Jukka on LinkedIn: /jukka-remesTimestamps:[00:00] Jukka's preferred coffee[00:39] Open-Source Platform Benefits[01:56] Silo MLOps Platform Explanation[05:18] AI Model Production Processes[10:42] AI Platform Use Cases[16:54] Reproducibility in Research Models[26:51] Pipeline setup automation[33:26] MLOps Adoption Journey[38:31] EU AI Act and Open Source[41:38] MLOps and 8wave AI[45:46] Optimizing Cross-Stakeholder Collaboration[52:15] Open Source ML Platform[55:06] Wrap up
Julián Duque from Heroku joins me to explain and demo their new AI platform.Check out the video podcast version here https://youtu.be/BGqlLZHdRDsCreators & Guests Cristi Cotovan - Editor Bret Fisher - Host Beth Fisher - Producer Julián Duque - Guest You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com (00:00) - Introduction (05:12) - Deep Dive into Heroku's AI Capabilities (14:23) - Heroku MCP server (28:27) - Describing MCP Tool Interactions (30:48) - DevOps Automation with Heroku MCP server (37:02) - Heroku AI and Future Prospects
In this episode, Dan and I (Steve) dove deep into what turned out to be a surprisingly complex, yet incredibly insightful topic: gradually migrating a massive legacy JavaScript project over to TypeScript. We're talking about nearly 1,000 JS files, 70,000+ lines of code, and years of developer history—all transitioning carefully to a typed, modern future.Dan walked us through how he started by setting up the project for success before converting even one file—getting CI/CD ready, setting up tsconfig.json, sorting out test dependencies, dealing with mock leaks, and even grappling with quirks between VS Code and WebStorm debugging.We talked tools (like TS-ESLint, concurrently, and ts-node), why strict typing actually uncovered real bugs (and made the code better!), and why it's crucial not to touch any .js files until your TypeScript setup is rock solid.Key Takeaways:Gradual migration is 100% possible—and often better—than ripping the bandaid off.TypeScript can and will catch bugs hiding in your JavaScript. Be prepared!Use VS Code extensions or TS-Node to support your devs' tooling preferences.Don't underestimate the setup phase—it's the foundation of long-term success.Start small: Dan's team converted just one file at first to test the whole pipeline.If you're sitting on a legacy JS project and dreaming of TypeScript, this episode is your blueprint—and your warning sign.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show
Launching our new Podcast: https://agenticdevops.fmBret and Nirmal are at KubeCon London and record their ideas about how AI Agents will change DevOps, platform engineering, SRE, automation, troubleshooting, and more.Creators & Guests Cristi Cotovan - Editor Bret Fisher - Host Beth Fisher - Producer Nirmal Mehta - Host You can also support my content by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com
Join us for an in-depth conversation with Ari Mahpour, Embedded Systems Engineer at Rivian, as he reveals how AI is revolutionizing embedded development and testing workflows on this episode of the OnTrack Podcast. From voice-controlled Arduino programming to automated hardware-in-the-loop testing, discover cutting-edge techniques that are transforming the industry. Learn about embedded DevOps, Cloud-driven testing infrastructure, and how AI agents can write, compile, and test code autonomously. Explore the intersection of hardware and software development, from NASA's space missions to modern automotive systems. Ari shares practical insights on bridging the gap between electronics design and software development, implementing CI/CD pipelines for embedded systems, and leveraging AI for everything from data sheet analysis to automated test generation. Resources from this episode: - Check out the Octopart YouTube Channel: https://www.youtube.com/@Octopart - Browse all of Ari's Tutorials on Octopart: https://youtube.com/playlist?list=PLtZurp7-0DcVXIR-fvnjVU0UyxgVSgSYu&si=kXqnNeSoAkGEh6oz - Connect with Ari here: https://www.linkedin.com/in/arimahpour/
Solomon most famously created Docker and now runs Dagger… which has something special to share with you on Thursday. Catch Dagger at: - Tuesday: Dagger's workshop https://www.ai.engineer/schedule#ship-agents-that-ship-a-hands-on-workshop-for-swe-agent-builders - Wednesday: Dagger's talk: https://www.ai.engineer/schedule#how-to-trust-an-agent-with-software-delivery - Thursday: Solomon's Keynote https://www.ai.engineer/schedule#containing-agent-chaos Chapters 00:00 Introduction & Guest Background 00:29 What is Dagger? Post-Development Automation 01:08 Dagger's Community & Platform Engineers 02:32 AI Agents and Developer Workflows 03:40 Environment Isolation & The Power of Containers 06:28 The Need for Standards in Agent Environments 07:25 Design Constraints & Challenges for Dev Environments 11:26 Limitations of Current Tools & Agent-Native UX 14:11 Modularity, Customization, and the Lego Analogy 16:24 Convergence of CICD and Agentic Systems 17:41 Ephemeral Apps, Resource Constraints, and Local Execution 21:01 Adoption, Ecosystem, and the Role of Open Source 23:30 Dagger's Modular Approach & Integration Philosophy 25:38 Looking Ahead: Workshops, Keynotes, and the Future of Agentic Infrastructure
Today, we're diving deep into Semaphore's architecture with Radosław Woźniak, Software Architect at Semaphore. He's here to break down the inner workings of our CI/CD platform — from its 30+ microservices to how a simple git push triggers a series of interactions across Semaphore's infrastructure. Whether you're a contributor looking to understand the system or just curious about how Semaphore handles complex workflows, this episode is packed with valuable insights. Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.
Get featured on the show by leaving us a Voice Mail: https://bit.ly/MIPVM
Sudheer Amgothu is a seasoned DevOps engineer with over a decade of experience, renowned for his expertise in cloud technologies, infrastructure automation, and DevOps practices. His career spans various industries, where he has implemented DevOps strategies to accelerate software development cycles, improve system reliability, and enhance operational efficiency."I started my career as a traditional systems engineer," Sudheer says, reflecting on his journey. "I was always drawn to automation, seeing the inefficiencies in manual processes, especially around deployments and monitoring. That's what pulled me into the world of DevOps." His early work in infrastructure automation on AWS laid the foundation for his expertise in the field. "At Elevation, I led efforts to automate the entire infrastructure stack using Terraform and Ansible, which empowered development teams to work faster with less friction."In addition to his technical prowess, Sudheer is an advocate for the cultural transformation DevOps fosters within organizations. "DevOps is more than just automation or tools. It's a culture that brings development and operations teams together with a shared goal of delivering software faster, more reliably, and with higher quality," he explains. "It emphasizes collaboration, continuous feedback, and a mindset of continuous improvement."Sudheer's new book, Mastering DevOps with Kubernetes and Cloud: A Practical Guide, draws from his vast experience and is designed as a hands-on resource for mastering DevOps. "I wanted to create a practical guide, not a theory-heavy textbook," he says. "It's loaded with real-world war stories, step-by-step walkthroughs, and diagrams that show how tools like Terraform, Jenkins, and Kubernetes work together in modern DevOps pipelines."His book, which covers everything from the basics to advanced techniques, was inspired by his conversations with junior engineers and site reliability engineers (SREs). "They understood what DevOps is but struggled with the 'why' and 'how,'" he recalls. "I realized the need for a guide that answers those questions and provides actionable insights."Sudheer's expertise extends beyond DevOps to cloud platforms and Kubernetes, where he has successfully scaled microservices platforms and implemented observability practices. "At Pega, we centralized Prometheus and Grafana dashboards to ensure real-time visibility into production issues," he says. "This proactive approach helped us detect anomalies before they became incidents, improving both system reliability and customer satisfaction."For aspiring DevOps professionals, Sudheer advises, "Don't rush. Start with the basics. Pick a tool like Jenkins, learn how a CI/CD pipeline works, and build from there. The most important thing is hands-on practice and experimentation." His dedication to mentoring the next generation of engineers is evident in his personal approach to career growth, encouraging others to document their learning and contribute to open-source projects.Sudheer's passion for DevOps, cloud technologies, and continuous improvement makes him a respected figure in the field, and his book stands as an essential resource for anyone looking to excel in modern IT environments.You read read the full interview transcript here: https://shoutradio.org.uk/RNH/SudheerAmgothuInterview.pdfAnd find his book here: https://a.co/d/ecU0gzEHighlights from Toby Gribben's Friday afternoon show on Shout Radio. Featuring chat with top showbiz guests. Hosted on Acast. See acast.com/privacy for more information.
LMArena cofounders Anastasios N. Angelopoulos, Wei-Lin Chiang, and Ion Stoica sit down with a16z general partner Anjney Midha to talk about the future of AI evaluation. As benchmarks struggle to keep up with the pace of real-world deployment, LMArena is reframing the problem: what if the best way to test AI models is to put them in front of millions of users and let them vote? The team discusses how Arena evolved from a research side project into a key part of the AI stack, why fresh and subjective data is crucial for reliability, and what it means to build a CI/CD pipeline for large models.They also explore:Why expert-only benchmarks are no longer enough.How user preferences reveal model capabilities — and their limits.What it takes to build personalized leaderboards and evaluation SDKs.Why real-time testing is foundational for mission-critical AI.Follow everyone on X:Anastasios N. AngelopoulosWei-Lin ChiangIon StoicaAnjney MidhaTimestamps0:04 - LLM evaluation: From consumer chatbots to mission-critical systems6:04 - Style and substance: Crowdsourcing expertise18:51 - Building immunity to overfitting and gaming the system29:49 - The roots of LMArena41:29 - Proving the value of academic AI research48:28 - Scaling LMArena and starting a company59:59 - Benchmarks, evaluations, and the value of ranking LLMs1:12:13 - The challenges of measuring AI reliability1:17:57 - Expanding beyond binary rankings as models evolve1:28:07 - A leaderboard for each prompt1:31:28 - The LMArena roadmap1:34:29 - The importance of open source and openness1:43:10 - Adapting to agents (and other AI evolutions) Check out everything a16z is doing with artificial intelligence here, including articles, projects, and more podcasts.
In the Season 14 premiere, hosts Dan Ivovich and Sundi Myint chat with Isaac Yonemoto, creator of the Zigler library, to explore how Zigler brings Zig's performance and safety to Elixir through Native Implemented Functions (NIFs). Isaac walks through the core design of Zigler and how it auto-generates the Elixir-to-Zig bridge, enforces type safety, and exposes multiple execution modes (normal, dirty, threaded). The conversation covers real-world applications, from SIMD-powered token selection for LLM hardware acceleration to OTP-style fault tolerance in low-level code. Isaac shares his own journey: stepping back from professional software work to launch a biotech startup focused on reducing drug manufacturing costs while continuing to maintain Zigler and even leveraging Elixir for bioinformatics pipelines. Topics discussed in this episode: What is the Zigler library and what does it do? What does it mean to run a "dirty NIF"? Async mode is temporarily removed from Zig (therefore, yielding NIFs is temporarily deprecated in Zigler) Zigler's three execution modes (normal, dirty, and threaded) and how you switch modes with a single config change Isaac's journey from professional software work to launching a biotech startup How Isaac leverages Elixir in bioinformatics pipelines at his startup LLM hardware acceleration using Zigler NIFs and SIMD-powered token picking Fault-tolerant load balancing of NIF workloads via OTP principles Transparent handling and recovery from hardware failures through monitoring Potential future memory-safety features in Zig and their implications The Elixir-based borrow-checker prototype: purpose and design Unit-checking for scientific computations to enforce correctness New OS support in Zigler 0.14: macOS, Windows, and FreeBSD Inline Zig code authoring directly within Elixir modules Isaac's commitment to maintain Zigler through its 1.0 release (...and beyond?) Links mentioned: https://github.com/E-xyza/zigler https://github.com/ziglang/zig https://vidalalabs.com/ Zig Programming Language: https://ziglang.org/ https://obsidian.md/ https://hexdocs.pm/elixir/macros.html https://erlang.org/documentation/doc-4.7.3/doc/extensions/macros.html A Deep Dive Into the Elixir AST: https://dorgan.ar/posts/2021/04/theelixirast/ https://www.erlang.org/doc/system/nif.html https://nodejs.org/en Llama Open-Source LLM: https://www.llama.com/ Mixtral Open-Source LLM: https://mistral.ai/news/mixtral-of-experts https://Fly.io SIMD: https://en.wikipedia.org/wiki/Singleinstruction,multiple_data https://opentrons.com/ CI/CD: https://en.wikipedia.org/wiki/CI/CD https://hexdocs.pm/zigler/Zig.html http://www.x.com/DNAutics https://bsky.app/profile/dnautics.bsky.social
In this episode of DevOps Diaries, host Jack McCurdy sits down with Dangsenpenan, a Salesforce Analyst at RSPCA. Discover Dangsenpenan's inspiring self-taught journey into the Salesforce world and how he's paying it forward by founding West Africa Dreaming. Learn about the power of accountability, the strength of the global Salesforce Ohana in fostering local talent, and the challenges of event sponsorship. Dangsenpenan also shares insights on engaging the next generation in tech and the evolving definition of community in the digital age. Tune in for a story of passion, community building, and the transformative impact of non-profit work.About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKWChapters:00:00 Introduction to Dangsenpenan's Journey02:53 The Path to Salesforce: A Unique Journey05:53 Self-Learning and Overcoming Challenges09:02 The Importance of Accountability in Learning11:51 Building a Community: West Africa Dreaming14:53 Creating Opportunities for Others17:59 The Global Salesforce Community and Its Impact20:59 Vision for the Future: Expanding the Community25:37 Building Community Through Ohana Spirit30:29 Overcoming Challenges in Sponsorship35:47 The Power of Non-Profit Work41:48 Engaging the Next Generation in Tech45:03 Redefining Community in the Digital Age
Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show
At KubeCon EU 2025 in London, Nirmal and I discussed the important (and not-so-important) things you might have missed. There's also a video version of this show on YouTube.Creators & Guests Cristi Cotovan - Editor Beth Fisher - Producer Bret Fisher - Host Nirmal Mehta - Host (00:00) - DDT Audio Podcast Edited (00:04) - Intro (01:24) - KubeCon 2025 EU Overview (03:24) - Platform Engineering and AI Trends (07:03) - AI and Machine Learning in Kubernetes (15:38) - Project Pavilions at KubeCon (17:05) - FinOps and Cost Optimization (20:39) - HAProxy and AI Gateways (24:00) - Proxy Intelligence and Network Layer Optimization (26:52) - Developer Experience and Organizational Challenges (29:23) - Platform Engineering and Cognitive Load (35:54) - End of Life for CNCF Projects You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com
#ptyxis se ha confirmado como la próxima terminal por defecto en #ubuntu 25.10 enfocada en el uso de contenedores y otras características interesantesVivimos en una época en la que la forma de desarrollar, desplegar y mantener software ha cambiado radicalmente. Cada vez es más común que tanto en el entorno profesional como en el personal trabajemos con contenedores, como Docker, Podman o herramientas como Distrobox o Toolbox, que nos permiten encapsular aplicaciones o entornos completos de desarrollo.En este nuevo paradigma, conceptos como DevOps, CI/CD y la automatización de despliegues ya no son exclusivos de grandes empresas. Cada vez más desarrolladores individuales, administradores de sistemas y entusiastas de Linux los incorporan en su flujo de trabajo diario.Además, con la proliferación de proyectos en múltiples lenguajes, versiones de dependencias y entornos, la necesidad de mantener sistemas aislados y reproducibles se ha convertido en una prioridad. Aquí es donde los contenedores se vuelven esenciales: no solo para ejecutar aplicaciones, sino también para desarrollar, probar y depurar.Y en medio de todo esto, la terminal sigue siendo la herramienta principal. Pero una terminal tradicional, pensada para un sistema único, empieza a quedarse corta frente a las necesidades de entornos híbridos, múltiples contenedores, sesiones aisladas, y monitoreo de procesos.Ahí es donde entra Ptyxis. Una terminal pensada específicamente para este nuevo contexto.Más información y enlaces en las notas del episodio
Вторая часть подкаста про такую неоднозначную тему, как запуск полноценных виртуалок в кубернетесе. Кто: Андрей Квапил. CEO & Founder Ænix, core-разработчик платформы Cozystack Георг Гаал. CTO & Co-founder Ænix Про что: Cozystack приняли в CNCF Как устроена сеть в kubvirt (харвейстер, козистек, опеншифт) в сравнении с обычной виртуализации Кубернетес в кубернетесе Базы данных как сервис и как осуществляется доступ к ним? Обычные виртуалки и все приблуды для CI/CD (argocd и всякое такое вместе с ансиблом/тераформом) Как попробовать Cozystack?
Cloud Posse holds LIVE "Office Hours" every Wednesday to answer questions on all things related to AWS, DevOps, Terraform, Kubernetes, CI/CD. Register at https://cloudposse.com/office-hoursSupport the show
In this episode of Semaphore Uncut, Darko Fabijan welcomes Marcelo Calbucci—engineer, startup founder, and author of The PR FAQ Book. Marcelo shares insights from his time at Amazon, where he encountered a decision-making framework that changed how he thinks about product development: the PR FAQ.What starts as an internal press release quickly becomes a strategic tool to align teams, evaluate product ideas, and make better decisions—before writing a single line of code.Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.
Where does the next phase of AI-assistants for software development go next? Is it an evolution of developer productivity, or a complete rethinking of the barriers and limitations for broader software development? SHOW: 924SHOW TRANSCRIPT: The Cloudcast #924 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST: "CLOUDCAST BASICS"SHOW SPONSORS:Cut Enterprise IT Support Costs by 30-50% with US CloudSHOW NOTES:WHERE DO AI DEVELOPER-ASSISTANTS GO NEXT?A year ago it felt like co-pilots were one of the entry point use-cases for AI.Since then we've seen numbers say the uplift is 10-20% productivity.Microsoft claims that 20-30% of their code is now written by AIs.We've seen many senior developers speakout that it's not replacement level technology and they don't trust it.Companies like Cursor have a $9-10B valuation. Windsurf just got purchased for $3B by OpenAI.Microsoft has Co-Pilot (based on OpenAI models). Google and Amazon are rumored to be launching their own.Lots of companies are launching agents (IBM, Salesforce, Oracle, etc.), and lots of agent frameworks now exist. So where does it go next? Is it just wide-spead adoption of developer productivity? Is it specialized functions within developer workflows? (e.g. CI/CD, documentation, security evaluations, bug fixes, long-term maintenance, etc.)How far are we from teams being just a few architects, leads, Sr. Devs, and then teams of AI's (agents, etc.)?Is that a good thing for Sr. Dev personalities that didn't want to focus on soft-skills?Does that allow for greater experimentation against feature-requests or stories, since they can create more, test more, etc.?Do we start to see companies create skunkworks teams/groups that try to adopt this approach? Are product managers ready to have zero-backlogs and the demand for new ideas to increase?FEEDBACK?Email: show at the cloudcast dot netTwitter/X: @cloudcastpodBlueSky: @cloudcastpod.bsky.socialInstagram: @cloudcastpodTikTok: @cloudcastpod
Codemagic CEO Martin Remmelgas joins Robin and Mazen to talk mobile CI/CD in 2025: Why build tooling still has rough edges, how Codemagic handles versioning and code signing, and where the developer experience still needs work.Show NotesReact Native CI/CD with CodemagicCodemagicConnect With Us!Martin Remmelgas: @martinjeretRobin Heinze: @robinheinzeMazen Chami: @mazenchamiReact Native Radio: @ReactNativeRdioThis episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.
Ever wondered what it takes to climb the ladder from Salesforce developer to Salesforce architect to Salesforce manager in the complex and fast-paced ecosystem we live in? In this episode of DevOps Diaries, host Jack McCurdy sits down with Salesforce leader Jessica Riffe to uncover her incredible journey. Get ready for a deep dive into the evolution of Salesforce DevOps, the secrets to impactful documentation, and the real-world challenges (and triumphs!) of growing a high-performing team. If you're navigating your own DevOps transformation or looking to elevate your team's collaboration, Jessica's hard-won insights on pipelines, understanding DevOps user needs, and effective communication are pure gold. Don't miss these invaluable lessons – listen to the full episode now!About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKW
Mat X, JD, and special guest Rod Christensen from Emily Carr University invite you to the next exciting chapter of the MacDevOps YVR podcast. In this episode, the conversation spans across the adoption of DevOps practices in managing Macs, ongoing experiences with various software tools, and the shared thrill of transforming workflows into more efficient systems. It's an engaging mix of personal anecdotes, technical insights, and lively banter that showcases how fostering collaboration within the tech community can lead to innovation and success.
Bu bölümde ekiplerin ve bireylerin omuzlarındaki “bilişsel yük” kavramını masaya yatırıyoruz. Codefiction ekibi, context-switching'in verimliliği nasıl düşürdüğünü, ölçek büyüdükçe teknoloji setinin çeşitlenmesinin ve sorumlulukların yayılmasının geliştiricinin zihinsel kapasitesini nasıl zorladığını örneklerle anlatıyor. Front-end'den veri tabanına, CI/CD pipeline'larına insan-kaynakları işlemlerine kadar uzanan dağınık görevlerin, doğru kurgulanmamış süreçler ve eksik dokümantasyonla birleşince ne kadar görünmez bir “yavaşlatıcı”ya dönüştüğü açıklanıyor. İkinci kısımda bilişsel yükün hem ekip çıktısını hem de çalışan sağlığını (burn-out riskini) nasıl etkilediği tartışılıyor; Team Topologies, Developer Experience ekipleri, “discovery” time-box'ları, standardize teknoloji seçimleri, net domain sınırları ve iyi yazılmış dokümantasyon gibi çözümler tartışılıyor. Teknik borcun ve sürekli toplantı trafiğinin yaratabileceği gizli maliyetlere değinilirken, yöneticilerin olduğu kadar ekip üyelerinin de yükü ölçme-dile-getirme sorumluluğu vurgulanıyor. Bölüm, “her şeyi yapmaya çalışmak yerine önceliklendirmek, sınırlar koymak ve odaklanmak” çağrısıyla kapanıyor. Katılımcılar;Fırat ÖzbolatDeniz İrginMert SusurDeniz ÖzgenBarış ÖzaydınOnur Aykaç
William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Actions workflows. This tool addresses inherent security risks in GitHub Actions, such as injection vulnerabilities, permission issues, and mutable tags, by providing static analysis and remediation guidance. Fresh off the heels of the tj-actions/changed-files backdoor, this is a great topic with some things everyone can do right away. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-05-securing-github-actions-william-woodruff/
Kubernetes revolutionized the way software is built, deployed, and managed, offering engineers unprecedented agility and portability. But as Edera co-founder and CEO Emily Long shares, the speed and flexibility of containerization came with overlooked tradeoffs—especially in security. What started as a developer-driven movement to accelerate software delivery has now left security and infrastructure teams scrambling to contain risks that were never part of Kubernetes' original design.Emily outlines a critical flaw: Kubernetes wasn't built for multi-tenancy. As a result, shared kernels across workloads—whether across customers or internal environments—introduce lateral movement risks. In her words, “A container isn't real—it's just a set of processes.” And when containers share a kernel, a single exploit can become a system-wide threat.Edera addresses this gap by rethinking how containers are run—not rebuilt. Drawing from hypervisor tech like Xen and modernizing it with memory-safe Rust, Edera creates isolated “zones” for containers that enforce true separation without the overhead and complexity of traditional virtual machines. This isolation doesn't disrupt developer workflows, integrates easily at the infrastructure layer, and doesn't require retraining or restructuring CI/CD pipelines. It's secure by design, without compromising performance or portability.The impact is significant. Infrastructure teams gain the ability to enforce security policies without sacrificing cost efficiency. Developers keep their flow. And security professionals get something rare in today's ecosystem: true prevention. Instead of chasing billions of alerts and layering multiple observability tools in hopes of finding the needle in the haystack, teams using Edera can reduce the noise and gain context that actually matters.Emily also touches on the future—including the role of AI and “vibe coding,” and why true infrastructure-level security is essential as code generation becomes more automated and complex. With GPU security on their radar and a hardware-agnostic architecture, Edera is preparing not just for today's container sprawl, but tomorrow's AI-powered compute environments.This is more than a product pitch—it's a reframing of how we define and implement security at the container level. The full conversation reveals what's possible when performance, portability, and protection are no longer at odds.Learn more about Edera: https://itspm.ag/edera-434868Note: This story contains promotional content. Learn more.Guest: Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/ResourcesLearn more and catch more stories from Edera: https://www.itspmagazine.com/directory/ederaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, emily long, containers, kubernetes, hypervisor, multi-tenancy, devsecops, infrastructure, virtualization, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Thank you to the folks at Sustain (https://sustainoss.org/) for providing the hosting account for CHAOSSCast! CHAOSScast – Episode 109 In this episode of CHAOSScast, host Georg Link is joined by Cali Dolfi, Senior Data Scientist at Red Hat, and Brittany Istenes, FINOS Ambassador. The discussion delves into the importance of measuring open source community health and the role of Software Bill of Materials (SBOM) in ensuring software security and compliance. They talk about the rising threats in open source software, the need for standardizing SBOMs, and how organizations can leverage these tools to proactively manage risks and project health. Also, they touch on practical steps being taken at Red Hat and other organizations to address these challenges. Hit download now to hear more! [00:00:21] Our guests introduce themselves and their backgrounds. [00:01:55] Georg explains the rise of malicious packages (700%) and the risks of neglected open source components. [00:04:36] What is a SBOM? Brittany explains SBOMs as a list of all software components and libraries in each application and automation and tooling adoption is discussed. [00:06:08] Cali outlines the lack of consensus on SBOM fields and formats and advocates for including upstream repo links to assess project health. Brittany mentions companies being cautious about publicizing SBOMs due to IP concerns. [00:09:12] Georg gives a historical overview about SBOMs began as tools for license compliance and how SBOMs now cover more including cybersecurity, post U.S. Executive Order 14028 (May 2021). [00:15:51] Georg shares three pillars of SBOM strategy: License compliance, Security, and Project Health and how CHAOSS Metrics can be combined with SBOMs to move from reactive to proactive strategies. [00:16:59] Brittany emphasizes risk analysis and good design from project inception and proactive open source strategies save effort later. [00:18:43] Cali talks about using project health metrics and advocates for tracking maintainer activity, patch frequency, and project responsiveness. [00:21:28] Brittany stresses internal engineering education on project health and risk and developer smush understand what makes a project “healthy.” [00:22:55] Georg talks about how open source has evolved and details using CHAOSS metrics for risk assessment and CI/CD integration. [00:27:36] Cali shares Red Hat's efforts to define what makes a project vulnerable and how it's focused on detecting and sunsetting unmaintained dependencies. [00:31:37] Brittany emphasizes risk from version mismatches and misinterpreted CVEs and mentions a CHAOSS doc to read, “Metrics for OSS Viability” by Gary White. [00:34:17] We end with Georg sharing some upcoming events: CHAOSScon North America, June 26 and Open Source Summit North America, June 23-25. Value Adds (Picks) of the week: [00:36:08] Georg's pick is building a platform for his dog to look out the window. [00:37:06] Brittany's pick is spending time with Georg and Cali. [00:38:12] Cali's pick is her great support system since having ACL surgery. *Panelist: * Georg Link Guests: Cali Dolfi Brittany Istenes Links: CHAOSS (https://chaoss.community/) CHAOSS Project X (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) podcast@chaoss.community (mailto:podcast@chaoss.community) Georg Link Website (https://georg.link/) Britany Istenes LinkedIn (https://www.linkedin.com/in/brittany-istenes-91b902152/) Brittany Istenes GitHub (https://github.com/BrittanyIstenes) Cali Dolfi LinkedIn (https://www.linkedin.com/in/calidolfi/) State of the Software Supply Chain (Sonatype) (https://www.sonatype.com/state-of-the-software-supply-chain/introduction) CHAOSScast Podcast-Episode 103: GrimoireLab at FreeBSD (https://podcast.chaoss.community/103) CHAOSS Community: Metrics for OSS Viability by Gary White (https://chaoss.community/viability-metrics-what-its-made-of/) CHAOSScon North America 2025, Denver, CO, June 26 (https://chaoss.community/chaosscon-2025-na/) Open Source Summit North America, Denver CO, June 23-25 (https://events.linuxfoundation.org/open-source-summit-north-america/) Fintech Open Source (FINOS) (https://www.finos.org/) Cyber Resilience Act (European Commission) (https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act) Rising Threat: Understanding Software Supply Chain Cyberattacks And Protecting Against Them(Forbes) (https://www.forbes.com/councils/forbestechcouncil/2024/02/06/rising-threat-understanding-software-supply-chain-cyberattacks-and-protecting-against-them/) Executive Order on Strengthening and Promoting Innovation in the Nation's Cybersecurity (The White House) (https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/) Types of Software Bill of Material (SBOM) Documents (https://www.cisa.gov/sites/default/files/2023-04/sbom-types-document-508c.pdf) OpenSSF Scorecard (https://openssf.org/projects/scorecard/) OSS Project Viability Starter (CHAOSS) (https://chaoss.community/kb/metrics-model-project-viability-starter/) Show Me What You Got: Turning SBOMs Into Actions- Georg Link & Brittany Istenes (https://lfms25.sched.com/event/1urWz) Special Guests: Brittany Istenes and Cali Dolfi.
Valerio Chang from Gearset chats to Jack about the evolving landscape of customer support in SaaS companies. Valerio offers a behind-the-scenes look at how Gearset has built a world-class support team, leaning into the importance of truly understanding customer needs and using documentation to elevate user experiences.Valerio delves into the unique challenges of supporting customers in the Salesforce ecosystem, and how the nature of Salesforce DevOps conversations has matured over time. Valerio discusses Gearset's mission to act not just as a tool provider but as a trusted advisor, helping users navigate complexity through empathy, curiosity, and continuous improvement.Throughout the conversation, Valerio highlights the power of asking the right questions, the role of customer feedback in shaping product development, and the fulfilment that comes from solving meaningful problems. The episode wraps with a thoughtful reflection on the human side of support and the profound impact it can have on the people behind the tickets.About DevOps Diaries: Salesforce DevOps Advocate Jack McCurdy chats to members of the Salesforce community about their experience in the Salesforce ecosystem. Expect to hear and learn from inspirational stories of personal growth and business success, whilst discovering all the trials, tribulations, and joy that comes with delivering Salesforce for companies of all shapes and sizes. New episodes bi-weekly on YouTube as well as on your preferred podcast platform.Podcast produced and sponsored by Gearset. Learn more about Gearset: https://grst.co/4iCnas2Subscribe to Gearset's YouTube channel: https://grst.co/4cTAAxmLinkedIn: https://www.linkedin.com/company/gearsetX/Twitter: https://x.com/GearsetHQFacebook: https://www.facebook.com/gearsethqAbout Gearset: Gearset is the leading Salesforce DevOps platform, with powerful solutions for metadata and CPQ deployments, CI/CD, automated testing, sandbox seeding and backups. It helps Salesforce teams apply DevOps best practices to their development and release process, so they can rapidly and securely deliver higher-quality projects. Get full access to all of Gearset's features for free with a 30-day trial: https://grst.co/4iKysKW
HTML All The Things - Web Development, Web Design, Small Business
Even if you're not "doing DevOps," understanding it can seriously level up your development career. In this episode, Matt and Mike dive into why every web developer should care about DevOps practices, even at a basic level. They explore how deployment pipelines work, how Git supports safe code changes, and how you can prevent and fix production issues faster. You'll hear real-world examples showing how small habits—like writing good commit messages, checking build logs, and knowing when to rollback—can make you a better teammate and a more reliable developer. Whether you're working with GitHub Actions, Vercel, Jenkins, or another CI/CD system, this episode will help you work smarter, troubleshoot faster, and stay calm under pressure. Show Notes: https://www.htmlallthethings.com/podcasts/what-junior-web-developers-need-to-know-about-devops Use our affiliate link (https://scrimba.com/?via=htmlallthethings) for a 20% discount!! Full details in show notes.
Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-stage attack vector and the broader often-overlooked vulnerabilities in our CI/CD pipelines, emphasizing the need to treat these build systems with production-level security rigor instead of ignoring them. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-04-tjactions_with_dimitri_stiliadis/
Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the tactics that make managing secrets more secure as we discuss the distinctions between secure architectures, good policies, and developer friendly tools. We've thankfully moved on from forced 90-day user password rotations, but that doesn't mean there isn't a place for rotating secrets. It means that the tooling and processes for ephemeral secrets should be based on secure, efficient mechanisms rather than putting all the burden on users. And it also means that managing secrets shouldn't become an unmanaged risk with new attack surfaces or new points of failure. Segment Resources: https://infisical.com/blog/solving-secret-zero-problem https://infisical.com/blog/gitops-secrets-management Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-327