POPULARITY
Categories
RJJ Software's Software Development Service This episode of The Modern .NET Show is supported, in part, by RJJ Software's Software Development Services, whether your company is looking to elevate its UK operations or reshape its US strategy, we can provide tailored solutions that exceed expectations. Show Notes "Yeah, exactly. In fact, one of the central premises of Dapr has, you know, one of its goals is not only to be multi-language, in that anyone can use the APIs from any language they come from. So it has SDKs. First, you can call it HTTP if that's all you care about. But it has SDKs for Java, JavaScript, of course, .NET, Python, and Go."— Mark Fussell Welcome friends to The Modern .NET Show; the premier .NET podcast, focusing entirely on the knowledge, tools, and frameworks that all .NET developers should have in their toolbox. We are the go-to podcast for .NET developers worldwide, and I am your host: Jamie “GaProgMan” Taylor. In this episode, Mark Fussell from Diagrid joins us to talk about Dapr—that's D-A-P-R—the Distributed Application Runtime, which aims to make it trivial to build applications in a distributed manner: covering things like service discovery, Pubsub messaging, and distribution of your microservice-based applications. "And the reason why I mentioned that is because, going to your AI discussion, is that we had an amazing contributor actually from Microsoft, actually he's ex-Microsoft now, a guy called Roberto Rodriguez, who worked in Microsoft Research, We built an agentic AI framework on top of Dapr workflows because it had this power of being able to do recoverability and coordination."— Mark Fussell Along the way, we cover the history of Dapr, how it started as a Microsoft incubator project (and was heavily inspired by Project Tye), and how it's now a full graduated project of the CNCF (Cloud Native Computing Foundation). Anyway, without further ado, let's sit back, open up a terminal, type in `dotnet new podcast` and we'll dive into the core of Modern .NET. Supporting the Show If you find this episode useful in any way, please consider supporting the show by either leaving a review (check our review page for ways to do that), sharing the episode with a friend or colleague, buying the host a coffee, or considering becoming a Patron of the show. Full Show Notes The full show notes, including links to some of the things we discussed and a full transcription of this episode, can be found at: https://dotnetcore.show/season-7/dapr-the-secret-sauce-to-simplifying-distributed-applications-with-mark-fussell/ Useful Links: DAPR Web Services Enhancement Diagrid Dapper Tye Spiffie mTLS istio Linkerd Dapr/quickstarts Dapr university Diagrid Conductor Workflow Engines: Comunda Apache Airflow Azure Logic Apps AWS Step Functions Episode 21 - Orleans with Russell Hammett CNCF Dapr Catalyst Dapr on Discord Supporting the show: Leave a rating or review Buy the show a coffee Become a patron Getting in Touch: Via the contact page Joining the Discord Remember to rate and review the show on Apple Podcasts, Podchaser, or wherever you find your podcasts, this will help the show's audience grow. Or you can just share the show with a friend. And don't forget to reach out via our Contact page. We're very interested in your opinion of the show, so please get in touch. You can support the show by making a monthly donation on the show's Patreon page at: https://www.patreon.com/TheDotNetCorePodcast. Music created by Mono Memory Music, licensed to RJJ Software for use in The Modern .NET Show
Tobi Knaup (@superguenter, VP/GM of Cloud Native @Nutanix) talks about the evolution of the cloud-native ecosystem, the intersection of AI and Kubernetes, and expectations of the next few years. SHOW: 931SHOW TRANSCRIPT: The Cloudcast #931 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST: "CLOUDCAST BASICS" SPONSORS:[VASION] Vasion Print eliminates the need for print servers by enabling secure, cloud-based printing from any device, anywhere. Get a custom demo to see the difference for yourself.[US CLOUD] Cut Enterprise IT Support Costs by 30-50% with US CloudSHOW NOTES:Nutanix Cloud NativeThe Cloudcast #211 - Mesosphere DCOSTopic 1 - Welcome to the show! Full disclosure for everyone out there, I worked for Tobi at Nutanix. Give everyone a brief introduction and a little about your background.Topic 2 - This is a throwback for our long-time listeners. We had Ben Hindman on episode #211 almost 10 years ago, when D2IQ was Mesosphere, and we also spoke to Dave Lester, who was at Twitter back in 2014. I'm not going to ask you to catch everyone up on 10 years of your company and the history… but I will encourage everyone to go back and listen to that podcast. It is an excellent snapshot of the early days of cloud native and containers. Today, we will talk a bit about the state of cloud native. The most recent KubeCon EU was a few months ago. What were your thoughts around the event and the current state of the industry? Topic 3 - What are the most prominent challenges organizations face today with Cloud Native adoption? You hear about the complexity, you hear about Kubernetes is a platform to build platforms… still true?Topic 4 - Where do you think Cloud Native goes in the next 2-3 years? What technologies or design patterns (besides AI, we'll talk about that later) evolve, and where does the next round of adoption come from?Topic 5 - Let's talk about storage and data services quickly. Data services for K8s is messy, really messy at times. Give everyone an overview of the problem at scale and the challenges, especially in multi-cloud environments, which I'm finding more and more.Topic 6 - I'd be remiss if I didn't mention AI and its impact in the space. AI came along and sucked all the air out of the room for a time. How do you think about AI today, now that the dust has settled a bit? Is it just an “app” to run on top? How will AI impact cloud native longer term?FEEDBACK?Email: show at the cloudcast dot netBluesky: @cloudcastpod.bsky.socialTwitter/X: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod
In deze aflevering van De Nederlandse Kubernetes Podcast spreken hosts Ronald Kers (CNCF Ambassador) en Jan Stomphorst (Solutions Architect bij ACC ICT) met Evelien Schellekens, Solutions Architect bij Elastic. We ontmoeten haar tijdens een live opname op de Veluwe, waar de sfeer informeel en energiek is – een perfecte setting voor een spontaan en inhoudelijk gesprek over Kubernetes, logging, observability en certificering.Van astronautendroom naar Kubernetes-certificeringen Evelien vertelt hoe haar IT-carrière begon met het open schroeven van computers samen met haar vader. Inmiddels heeft ze haar sporen verdiend met meerdere Kubernetes-certificeringen – vier in drie dagen tijd! Ze deelt haar aanpak, hoe ze zich voorbereidt, waarom AI soms helpt (en soms juist niet), en wat haar dreef om zich in recordtempo te certificeren.Elastic: meer dan Elasticsearch Ze legt uit hoe Elastic geëvolueerd is tot een veelzijdig Search AI Platform met drie hoofdoplossingen:Search: van productzoekmachines tot document indexingObservability: metrics, logs, tracing, profilingSecurity: SIEM, endpoint protection en anomaly detectionElastic draait perfect op Kubernetes met behulp van de Elastic Cloud on Kubernetes (ECK) operator. We bespreken best practices zoals het gebruik van CRD's, het vermijden van single points of failure, en waarom drie master nodes het minimum zijn voor een productiecluster.Logging zonder sidecars Een interessant deel van het gesprek gaat over logging: hoe je zonder sidecars volledige observability kunt realiseren via agents zoals Filebeat of Elastic Agent. Evelien legt uit hoe je debug-logging onder controle houdt met ingest pipelines en log-retentiebeleid, en waarom sommige developers nét iets te enthousiast debug inschakelen.De toekomst: OpenTelemetry Volgens Evelien ligt de toekomst van observability in OpenTelemetry, een CNCF-project dat snel aan populariteit wint. Net zoals Kubernetes nu de standaard is voor container orchestration, ziet zij OpenTelemetry als de aanstaande standaard voor vendor-neutrale observability én security-integratie.Eindconclusie Evelien combineert technische diepgang met een heldere uitleg van concepten. Of het nu gaat om logbeheer, schaalbaarheid op Kubernetes, of de rol van Elastic binnen moderne DevOps-praktijken – deze aflevering zit vol praktische inzichten én een flinke dosis energie.Stuur ons een bericht.Dutch Cloud Native Day 2025Koop je tickets met kortingscode: Community30 en ontvang 30% korting! https://acc-ict.com/liveSupport the showLike and subscribe! It helps out a lot.You can also find us on:De Nederlandse Kubernetes Podcast - YouTubeNederlandse Kubernetes Podcast (@k8spodcast.nl) | TikTokDe Nederlandse Kubernetes PodcastWhere can you meet us:EventsThis Podcast is powered by:ACC ICT - IT-Continuïteit voor Bedrijfskritische Applicaties | ACC ICT
In this episode, we hear from Andrey Velichkevich, a key contributor to the Kubeflow project, an ecosystem of open source projects to streamline the AI and ML lifecycle on Kubernetes. Andrey shares his extensive experience with the project, explains the various components and their use cases, and discusses the community's focus on accessibility and collaboration. They cover the project's evolution, the unique challenges and solutions offered, and the importance of engaging new contributors through initiatives like Google Summer of Code. The conversation highlights the future roadmap for Kubeflow, the significance of cross-project collaboration, and the key to creating a supportive and rewarding contributor environment. 00:00 Introduction and Greetings 00:14 Overview of the Kubeflow Project 01:20 Kubeflow's Ecosystem and Components 02:54 Target Audience and Use Cases 05:12 Future Roadmap and Goals 09:38 Community Engagement and Contributions 19:09 Conclusion and Final Thoughts Guest: Andrey Velichkevich is a member of Kubeflow Steering Committee and a co-chair of Kubeflow AutoML and Training WG. Additionally, Andrey is an active member of the CNCF WG AI. He is one of the authors of the CNCF AI white paper and he is helping with various AI initiatives from the CNCF community.
On this episode of The Defense Unicorns Podcast, host Rebecca Lively sits down with Brandt Keller, software engineer and CNCF ambassador, to explore what happens when a former Marine brings his frontline mindset to DevSecOps. Brandt's story is one of relentless problem-solving, especially in disconnected, air-gapped environments where “cloud-native” has to mean something entirely different.Brandt unpacks how open source can be both a lifeline and a liability in government systems, and why just consuming it isn't enough—real security means showing up, contributing, and understanding what's under the hood. He shares his perspective on trust, transparency, and why the U.S. government's lack of contribution to critical tools like Kubernetes might be the real risk. The conversation also explores the cultural shift required to embrace open ecosystems in highly regulated spaces.From debates over supply chain security and SBOMs to the practical challenges of deploying software in classified settings, this episode offers a grounded, behind-the-scenes look at what it takes to build tools that truly work at the tactical edge. Key Quote:“ When you try to take something that is not airgap friendly and make it airgap friendly, you quickly find out that you made a lot of assumptions about how this thing would be used and where, and kind of the underlying infrastructure and when you try to work back for them that it's, it, it's difficult. It's not something you can't overcome. It's not insurmountable, but it is difficult. But you also find out that there's just a lot of areas for. Resiliency that you didn't also plan for, that applied to connected environments. And so this is where I've kind of been diving into this more and more lately to try and to describe, and build some knowledge to around why this is important for kind of building any application today. It may be a little niche to go to the extreme of air gap, but I believe like there's still some of these underlying cloud native fundamentals that is like, if you start with the ability for knowing how your architecture adapts to varying levels of connectivity, then you're probably building a stronger, more resilient system overall.”Brandt KellerTime Stamps:(03:19) The Defense Sector and Career Path(06:15) Becoming a Cloud Native Computing Foundation Ambassador(09:48) Open Source Contributions and the Challenges(14:14) Government and the lack of Open Source(32:53) Kubernetes and Foreign Contributions(37:24) The Importance of Air Gap in Cloud Native Tools(53:16) Lightning Round Links:Connect with Brandt KellerConnect with Rebecca LivelyLearn More About Defense Unicorns
Derek Collison — creator of NATS and Co-founder & CEO of Synadia — joins the show to dive into the origins, design, and evolution of NATS, a high-performance, open-source messaging system built for modern cloud-native systems and part of the CNCF. Derek shares the story behind NATS, what makes it unique, and unpacks the recent tensions between Synadia and the CNCF over the future of the project.
Derek Collison — creator of NATS and Co-founder & CEO of Synadia — joins the show to dive into the origins, design, and evolution of NATS, a high-performance, open-source messaging system built for modern cloud-native systems and part of the CNCF. Derek shares the story behind NATS, what makes it unique, and unpacks the recent tensions between Synadia and the CNCF over the future of the project.
Redis 8, NATS, MCP i dramaty licencyjne czekają w nowym Short #72! Frameworki wspierają Model Context Protocol, a Redis przechodzi na wirusową licencję AGPL. Zespół analizuje kontrowersje NATS vs CNCF. Łukasz krytykuje automatyczne wystawianie endpointów REST jako narzędzi MCP. Szymon prezentuje techniki zarządzania czasem - od Macierzy Eisenhowera po metodę Pomodoro. Prowadzący bezlitośnie punktują błędy w raporcie InfoQ o trendach. Zastanawiasz się, jak uniknąć problemów licencyjnych w swoich projektach? Sprawdź, czy nie używasz wirusowego Redisa! A może warto zastosować technikę 3x3x3 do planowania zadań? Ten odcinek pomoże Ci zoptymalizować czas i uniknąć pato-architektury! A teraz nie ma co się obijać!
In this episode, Danielle Tal and Thilo Fromm join us to discuss Flatcar Linux. They introduce Flatcar as a Linux operating system designed specifically for containers and Kubernetes workloads, highlighting its automation, self-healing capabilities, and security features. They emphasize how Flatcar simplifies operations for startups and large companies alike by automating OS provisioning and maintenance. We discussed contributor engagement and the project's involvement with the CNCF. They also share intriguing use cases, like a Kubernetes cluster running on a tractor fleet, and stress the importance of community contributions, not just in code but in evangelism and documentation. 00:00 Introduction 01:05 What is Flatcar? 02:01 Flatcar's Automation and Self-Healing Capabilities 04:10 User Experience and Testing 05:06 Ideal Users and Use Cases 10:36 Community and Contributions 13:38 Getting Started with Contributions 16:59 Impact and Future Directions 19:58 Conclusion and Final Thoughts Guest: Danielle Tal is a Program Manager at Microsoft and an integral part of the team responsible for maintaining Flatcar Container Linux. The team is contributes to Linux OS distributions and Linux Security within Azure and other upstream projects. With a background in supporting diverse enterprise cloud applications as a support engineer, Danielle has transitioned into a management role, overseeing Docker EMEA support before joining the Flatcar team. Thilo Fromm is an engineering manager and works on Community Linux distributions and Linux Security at Azure. Thilo's team helps maintaining Flatcar Container Linux. He has given talks at FOSDEM, FrOSCon, KubeCon, Open Source Summit, Cloud-Native Rejekts, and various meetups like Kubernetes Community Days. Thilo started his career in embedded systems with hardware design and roll-your-own /from scratch embedded Linux, kernel and plumbing level development, and later virtualisation. After working for various cloud providers in engineering and management positions, he went full cloud native in 2019. Nowadays Thilo works on operating systems for cloud-native environments with a special focus on Flatcar Container Linux.
This week, we unpack what Uber's CEO said, why the CNCF exists, and how companies chase the money. Plus, Coté stands alone in his love for rice cakes. Watch the YouTube Live Recording of Episode 518 (https://www.youtube.com/live/h0RVI_IOZvo?si=tbRl4R8iwhDsLzu7) Runner-up Titles Go feral You've ruined eating for me Cultural tombstone The next step is “I told you so” Culture is what happens when you're not talking about culture. You know, it's terrible to run over someone The robots are just fine Center of Attention Rundown Uber CEO says changing employee benefits 'is a risk we decided to take' (https://www.cnbc.com/2025/05/06/uber-ceo-says-changing-employee-benefits-is-a-risk-we-decided-to-take.html) Waymo is reducing serious crashes and making streets safer for those most at risk (https://waymo.com/blog/2025/05/waymo-making-streets-safer-for-vru) CNCF and Synadia Align on Securing the Future of the NATS.io Project (https://www.cncf.io/announcements/2025/05/01/cncf-and-synadia-align-on-securing-the-future-of-the-nats-io-project/) Oxide and Friends | Shootout at the CNCF Corral (https://oxide-and-friends.transistor.fm/episodes/shootout-at-the-cncf-corral) New D&D core rules are now CC-BY (https://www.dndbeyond.com/srd?srsltid=AfmBOorzpL2Y57RWJ966OdFDTICTiWTAAQL6Dn8FFvcB09HJClZkbWli). ‘Cook chose poorly': how Apple blew up its control over the App Store (https://www.theverge.com/apple/659296/apple-failed-compliance-court-ruling-breakdown) Relevant to your Interests I use Zip Bombs to Protect my Server (https://idiallo.com/blog/zipbomb-protection) "AI-first" is the new Return To Office - Anil Dash (https://www.anildash.com/2025/04/19/ai-first-is-the-new-return-to-office/) Find and Buy with AI: Visa Unveils New Era of Commerce (https://www.businesswire.com/news/home/20250430580204/en/Find-and-Buy-with-AI-Visa-Unveils-New-Era-of-Commerce?utm_source=www.therundown.ai&utm_medium=newsletter&utm_campaign=visa-mastercard-give-ai-credit-cards&_bhlid=3ec615c11c0429835c326dbeaabe5bca0dddaf66) Google dusts off Google Voice and adds three-way calling (https://www.theverge.com/news/659719/google-voice-app-update-call-ui-merge-three-way) Anthropic to Buy Back Employee Shares at $61.5 Billion Valuation (https://www.theinformation.com/articles/anthropic-buy-back-employee-shares-61-5-billion-valuation) IBM unveils capabilities meant to accelerate AI agent adoption (https://siliconangle.com/2025/05/06/ibm-unveils-capabilities-meant-accelerate-ai-agent-adoption/) Getting things "done" in large tech companies (https://www.seangoedecke.com/getting-things-done/) A.I. Is Getting More Powerful, but Its Hallucinations Are Getting Worse (https://www.nytimes.com/2025/05/05/technology/ai-hallucinations-chatgpt-google.html?campaign_id=9&emc=edit_nn_20250505&instance_id=153899&nl=the-morning®i_id=55370892&segment_id=197320&user_id=861fd8fcc0091c6690e3b338636d5995) This NAS brand just called out the competition and says you should own your hardware (https://www.techradar.com/pro/asustor-makes-veiled-dig-at-synologys-proprietary-hard-drive-philosophy-with-open-and-unlocked-stance) Microsoft Earnings, Microsoft's Core Capability, Amazon Earnings (https://stratechery.com/2025/microsoft-earnings-microsofts-core-capability-amazon-earnings/) Amazon beats on top and bottom line but issues light second quarter guidance (https://www.cnbc.com/2025/05/01/amazon-amzn-q1-earnings-report-2025.html) Amazon Takes Aim at Cursor With New AI Coding Service (https://www.theinformation.com/articles/amazon-takes-aim-cursor-new-ai-coding-service) OpenAI caves to pressure, keeps nonprofit in charge (https://www.theregister.com/2025/05/05/openai_keep_nonprofit_in_charge/) OpenAI Reaches Agreement to Buy Startup Windsurf for $3 Billion (https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion) Anysphere, which makes Cursor, has reportedly raised $900M at $9B valuation (https://techcrunch.com/2025/05/04/cursor-is-reportedly-raising-funds-at-9-billion-valuation-from-thrive-a16z-and-accel/) Clouded Judgement 5.2.25 - Cloud Giants Report Q1 '25 (https://open.substack.com/pub/cloudedjudgement/p/clouded-judgement-5225-cloud-giants?r=2l9&utm_medium=ios) Nine Emerging Developer Patterns for the AI Era | Andreessen Horowitz (https://a16z.com/nine-emerging-developer-patterns-for-the-ai-era/?trk=feed_main-feed-card_feed-article-content) Nonsense AI Brings Play-by-Play Commentary To Pong (https://hackaday.com/2025/05/06/ai-brings-play-by-play-commentary-to-pong/) Conferences Fr (https://vmwarereg.fig-street.com/051325-tanzu-workshop/)ee AI workshop (https://vmwarereg.fig-street.com/051325-tanzu-workshop/), May 13th. day before C (https://events.linuxfoundation.org/cloud-foundry-day-north-america/)loud (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) (https://events.linuxfoundation.org/cloud-foundry-day-north-america/)Foundry (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) Day (https://events.linuxfoundation.org/cloud-foundry-day-north-america/). Melbourne Wiz Meet-Up (https://www.wiz.io/events/melbourne-wizdom-meet-up-may-2025), May 13. Matt will be there. Cloud Foundry Day US (https://events.linuxfoundation.org/cloud-foundry-day-north-america/), May 14th, Palo Alto, CA, Coté speaking. KCD Texas Austin 2025 (https://community.cncf.io/events/details/cncf-kcd-texas-presents-kcd-texas-austin-2025/), May 15th, Whitney Lee speaking NDC Oslo (https://ndcoslo.com/), May 21st-23th, Coté speaking. POST/CON 25 (https://fnf.dev/43irTu1), June 3-4, Los Angeles, CA, Brandon representing SDT. Use Code: BRANDON, first 20 people get a free pass SREDay Cologne, June 12th, 2025 (https://sreday.com/2025-cologne-q2/#tickets) - Coté speaking, discount: CLG10, 10% off. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: UniFi Express (https://store.ui.com/us/en/products/ux) , FlexHD (https://store.ui.com/us/en/products/uap-flexhd), U6+ (https://store.ui.com/us/en/products/u6-plus) and US 8 60W (https://store.ui.com/us/en/products/us-8-60w) Matt: Andor (https://www.google.com/aclk?sa=L&ai=DChcSEwi_k_SJq5KNAxVtbn8AHTM9LiAYABAAGgJvYQ&co=1&gclid=CjwKCAjwiezABhBZEiwAEbTPGJm543I3_qXVgfjHny9-ZLEw01E6SYCKzXEqXnLCpru-2Wjkg92ybRoCF8EQAvD_BwE&cce=1&sig=AOD64_1ZVJAYtB5pJD_f0aUN-mZqKPFYXQ&q&adurl&ved=2ahUKEwigq--Jq5KNAxV248kDHbzcLIoQ0Qx6BAgHEAQ) Season 2 (https://www.google.com/aclk?sa=L&ai=DChcSEwi_k_SJq5KNAxVtbn8AHTM9LiAYABAAGgJvYQ&co=1&gclid=CjwKCAjwiezABhBZEiwAEbTPGJm543I3_qXVgfjHny9-ZLEw01E6SYCKzXEqXnLCpru-2Wjkg92ybRoCF8EQAvD_BwE&cce=1&sig=AOD64_1ZVJAYtB5pJD_f0aUN-mZqKPFYXQ&q&adurl&ved=2ahUKEwigq--Jq5KNAxV248kDHbzcLIoQ0Qx6BAgHEAQ) Coté: Batman (https://www.rottentomatoes.com/m/1001781-batman) and Batman Returns (https://www.imdb.com/title/tt0103776/). Photo Credits Header (https://unsplash.com/photos/text-QUQwhUa_B7E)
Gros épisode qui couvre un large spectre de sujets : Java, Scala, Micronaut, NodeJS, l'IA et la compétence des développeurs, le sampling dans les LLMs, les DTO, le vibe coding, les changements chez Broadcom et Red Hat ainsi que plusieurs nouvelles sur les licences open source. Enregistré le 7 mai 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-325.mp3 ou en vidéo sur YouTube. News Langages A l'occasion de JavaOne et du lancement de Java 24, Oracle lance un nouveau site avec des ressources vidéo pour apprendre le langage https://learn.java/ site plutôt à destination des débutants et des enseignants couvre la syntaxe aussi, y compris les ajouts plus récents comme les records ou le pattern matching c'est pas le site le plus trendy du monde. Martin Odersky partage un long article sur l'état de l'écosystème Scala et les évolutions du language https://www.scala-lang.org/blog/2025/03/24/evolving-scala.html Stabilité et besoin d'évolution : Scala maintient sa position (~14ème mondial) avec des bases techniques solides, mais doit évoluer face à la concurrence pour rester pertinent. Axes prioritaires : L'évolution se concentre sur l'amélioration du duo sécurité/convivialité, le polissage du langage (suppression des “rugosités”) et la simplification pour les débutants. Innovation continue : Geler les fonctionnalités est exclu ; l'innovation est clé pour la valeur de Scala. Le langage doit rester généraliste et ne pas se lier à un framework spécifique. Défis et progrès : L'outillage (IDE, outils de build comme sbt, scala-cli, Mill) et la facilité d'apprentissage de l'écosystème sont des points d'attention, avec des améliorations en cours (partenariat pédagogique, plateformes simples). Des strings encore plus rapides ! https://inside.java/2025/05/01/strings-just-got-faster/ Dans JDK 25, la performance de la fonction String::hashCode a été améliorée pour être principalement constant foldable. Cela signifie que si les chaînes de caractères sont utilisées comme clés dans une Map statique et immuable, des gains de performance significatifs sont probables. L'amélioration repose sur l'annotation interne @Stable appliquée au champ privé String.hash. Cette annotation permet à la machine virtuelle de lire la valeur du hash une seule fois et de la considérer comme constante si elle n'est pas la valeur par défaut (zéro). Par conséquent, l'opération String::hashCode peut être remplacée par la valeur de hash connue, optimisant ainsi les lookups dans les Map immuables. Un cas limite est celui où le code de hachage de la chaîne est zéro, auquel cas l'optimisation ne fonctionne pas (par exemple, pour la chaîne vide “”). Bien que l'annotation @Stable soit interne au JDK, un nouveau JEP (JEP 502: Stable Values (Preview)) est en cours de développement pour permettre aux utilisateurs de bénéficier indirectement de fonctionnalités similaires. AtomicHash, une implémentation Java d'une HashMap qui est thread-safe, atomique et non-bloquante https://github.com/arxila/atomichash implémenté sous forme de version immutable de Concurrent Hash Trie Librairies Sortie de Micronaut 4.8.0 https://micronaut.io/2025/04/01/micronaut-framework-4-8-0-released/ Mise à jour de la BOM (Bill of Materials) : La version 4.8.0 met à jour la BOM de la plateforme Micronaut. Améliorations de Micronaut Core : Intégration de Micronaut SourceGen pour la génération interne de métadonnées et d'expressions bytecode. Nombreuses améliorations dans Micronaut SourceGen. Ajout du traçage de l'injection de dépendances pour faciliter le débogage au démarrage et à la création des beans. Nouveau membre definitionType dans l'annotation @Client pour faciliter le partage d'interfaces entre client et serveur. Support de la fusion dans les Bean Mappers via l'annotation @Mapping. Nouvelle liveness probe détectant les threads bloqués (deadlocked) via ThreadMXBean. Intégration Kubernetes améliorée : Mise à jour du client Java Kubernetes vers la version 22.0.1. Ajout du module Micronaut Kubernetes Client OpenAPI, offrant une alternative au client officiel avec moins de dépendances, une configuration unifiée, le support des filtres et la compatibilité Native Image. Introduction d'un nouveau runtime serveur basé sur le serveur HTTP intégré de Java, permettant de créer des applications sans dépendances serveur externes. Ajout dans Micronaut Micrometer d'un module pour instrumenter les sources de données (traces et métriques). Ajout de la condition condition dans l'annotation @MetricOptions pour contrôler l'activation des métriques via une expression. Support des Consul watches dans Micronaut Discovery Client pour détecter les changements de configuration distribuée. Possibilité de générer du code source à partir d'un schéma JSON via les plugins de build (Gradle et Maven). Web Node v24.0.0 passe en version Current: https://nodejs.org/en/blog/release/v24.0.0 Mise à jour du moteur V8 vers la version 13.6 : intégration de nouvelles fonctionnalités JavaScript telles que Float16Array, la gestion explicite des ressources (using), RegExp.escape, WebAssembly Memory64 et Error.isError. npm 11 inclus : améliorations en termes de performance, de sécurité et de compatibilité avec les packages JavaScript modernes. Changement de compilateur pour Windows : abandon de MSVC au profit de ClangCL pour la compilation de Node.js sur Windows. AsyncLocalStorage utilise désormais AsyncContextFrame par défaut : offrant une gestion plus efficace du contexte asynchrone. URLPattern disponible globalement : plus besoin d'importer explicitement cette API pour effectuer des correspondances d'URL. Améliorations du modèle de permissions : le flag expérimental --experimental-permission devient --permission, signalant une stabilité accrue de cette fonctionnalité. Améliorations du test runner : les sous-tests sont désormais attendus automatiquement, simplifiant l'écriture des tests et réduisant les erreurs liées aux promesses non gérées. Intégration d'Undici 7 : amélioration des capacités du client HTTP avec de meilleures performances et un support étendu des fonctionnalités HTTP modernes. Dépréciations et suppressions : Dépréciation de url.parse() au profit de l'API WHATWG URL. Suppression de tls.createSecurePair. Dépréciation de SlowBuffer. Dépréciation de l'instanciation de REPL sans new. Dépréciation de l'utilisation des classes Zlib sans new. Dépréciation du passage de args à spawn et execFile dans child_process. Node.js 24 est actuellement la version “Current” et deviendra une version LTS en octobre 2025. Il est recommandé de tester cette version pour évaluer son impact sur vos applications. Data et Intelligence Artificielle Apprendre à coder reste crucial et l'IA est là pour venir en aide : https://kyrylo.org/software/2025/03/27/learn-to-code-ignore-ai-then-use-ai-to-code-even-better.html Apprendre à coder reste essentiel malgré l'IA. L'IA peut assister la programmation. Une solide base est cruciale pour comprendre et contrôler le code. Cela permet d'éviter la dépendance à l'IA. Cela réduit le risque de remplacement par des outils d'IA accessibles à tous. L'IA est un outil, pas un substitut à la maîtrise des fondamentaux. Super article de Anthropic qui essaie de comprendre comment fonctionne la “pensée” des LLMs https://www.anthropic.com/research/tracing-thoughts-language-model Effet boîte noire : Stratégies internes des IA (Claude) opaques aux développeurs et utilisateurs. Objectif : Comprendre le “raisonnement” interne pour vérifier capacités et intentions. Méthode : Inspiration neurosciences, développement d'un “microscope IA” (regarder quels circuits neuronaux s'activent). Technique : Identification de concepts (“features”) et de “circuits” internes. Multilinguisme : Indice d'un “langage de pensée” conceptuel commun à toutes les langues avant de traduire dans une langue particulière. Planification : Capacité à anticiper (ex: rimes en poésie), pas seulement de la génération mot par mot (token par token). Raisonnement non fidèle : Peut fabriquer des arguments plausibles (“bullshitting”) pour une conclusion donnée. Logique multi-étapes : Combine des faits distincts, ne se contente pas de mémoriser. Hallucinations : Refus par défaut ; réponse si “connaissance” active, sinon risque d'hallucination si erreur. “Jailbreaks” : Tension entre cohérence grammaticale (pousse à continuer) et sécurité (devrait refuser). Bilan : Méthodes limitées mais prometteuses pour la transparence et la fiabilité de l'IA. Le “S” dans MCP veut dire Securité (ou pas !) https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b La spécification MCP pour permettre aux LLMs d'avoir accès à divers outils et fonctions a peut-être été adoptée un peu rapidement, alors qu'elle n'était pas encore prête niveau sécurité L'article liste 4 types d'attaques possibles : vulnérabilité d'injection de commandes attaque d'empoisonnement d'outils redéfinition silencieuse de l'outil le shadowing d'outils inter-serveurs Pour l'instant, MCP n'est pas sécurisé : Pas de standard d'authentification Pas de chiffrement de contexte Pas de vérification d'intégrité des outils Basé sur l'article de InvariantLabs https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks Sortie Infinispan 15.2 - pre rolling upgrades 16.0 https://infinispan.org/blog/2025/03/27/infinispan-15-2 Support de Redis JSON + scripts Lua Métriques JVM désactivables Nouvelle console (PatternFly 6) Docs améliorées (métriques + logs) JDK 17 min, support JDK 24 Fin du serveur natif (performances) Guillaume montre comment développer un serveur MCP HTTP Server Sent Events avec l'implémentation de référence Java et LangChain4j https://glaforge.dev/posts/2025/04/04/mcp-client-and-server-with-java-mcp-sdk-and-langchain4j/ Développé en Java, avec l'implémentation de référence qui est aussi à la base de l'implémentation dans Spring Boot (mais indépendant de Spring) Le serveur MCP est exposé sous forme de servlet dans Jetty Le client MCP lui, est développé avec le module MCP de LangChain4j c'est semi independant de Spring dans le sens où c'est dépendant de Reactor et de ses interface. il y a une conversation sur le github d'anthropic pour trouver une solution, mais cela ne parait pas simple. Les fallacies derrière la citation “AI won't replace you, but humans using AI will” https://platforms.substack.com/cp/161356485 La fallacie de l'automatisation vs. l'augmentation : Elle se concentre sur l'amélioration des tâches existantes avec l'IA au lieu de considérer le changement de la valeur de ces tâches dans un nouveau système. La fallacie des gains de productivité : L'augmentation de la productivité ne se traduit pas toujours par plus de valeur pour les travailleurs, car la valeur créée peut être capturée ailleurs dans le système. La fallacie des emplois statiques : Les emplois sont des constructions organisationnelles qui peuvent être redéfinies par l'IA, rendant les rôles traditionnels obsolètes. La fallacie de la compétition “moi vs. quelqu'un utilisant l'IA” : La concurrence évolue lorsque l'IA modifie les contraintes fondamentales d'un secteur, rendant les compétences existantes moins pertinentes. La fallacie de la continuité du flux de travail : L'IA peut entraîner une réimagination complète des flux de travail, éliminant le besoin de certaines compétences. La fallacie des outils neutres : Les outils d'IA ne sont pas neutres et peuvent redistribuer le pouvoir organisationnel en changeant la façon dont les décisions sont prises et exécutées. La fallacie du salaire stable : Le maintien d'un emploi ne garantit pas un salaire stable, car la valeur du travail peut diminuer avec l'augmentation des capacités de l'IA. La fallacie de l'entreprise stable : L'intégration de l'IA nécessite une restructuration de l'entreprise et ne se fait pas dans un vide organisationnel. Comprendre le “sampling” dans les LLMs https://rentry.co/samplers Explique pourquoi les LLMs utilisent des tokens Les différentes méthodes de “sampling” : càd de choix de tokens Les hyperparamètres comme la température, top-p, et leur influence réciproque Les algorithmes de tokenisation comme Byte Pair Encoding et SentencePiece. Un de moins … OpenAI va racheter Windsurf pour 3 milliards de dollars. https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion l'accord n'est pas encore finalisé Windsurf était valorisé à 1,25 milliards l'an dernier et OpenAI a levé 40 milliards dernièrement portant sa valeur à 300 milliards Le but pour OpenAI est de rentrer dans le monde des assistants de code pour lesquels ils sont aujourd'hui absent Docker desktop se met à l'IA… ? Une nouvelle fonctionnalité dans docker desktop 4.4 sur macos: Docker Model Runner https://dev.to/docker/run-genai-models-locally-with-docker-model-runner-5elb Permet de faire tourner des modèles nativement en local ( https://docs.docker.com/model-runner/ ) mais aussi des serveurs MCP ( https://docs.docker.com/ai/mcp-catalog-and-toolkit/ ) Outillage Jetbrains défend la suppression des commentaires négatifs sur son assistant IA https://devclass.com/2025/04/30/jetbrains-defends-removal-of-negative-reviews-for-unpopular-ai-assistant/?td=rt-3a L'IA Assistant de JetBrains, lancée en juillet 2023, a été téléchargée plus de 22 millions de fois mais n'est notée que 2,3 sur 5. Des utilisateurs ont remarqué que certaines critiques négatives étaient supprimées, ce qui a provoqué une réaction négative sur les réseaux sociaux. Un employé de JetBrains a expliqué que les critiques ont été supprimées soit parce qu'elles mentionnaient des problèmes déjà résolus, soit parce qu'elles violaient leur politique concernant les “grossièretés, etc.” L'entreprise a reconnu qu'elle aurait pu mieux gérer la situation, un représentant déclarant : “Supprimer plusieurs critiques d'un coup sans préavis semblait suspect. Nous aurions dû au moins publier un avis et fournir plus de détails aux auteurs.” Parmi les problèmes de l'IA Assistant signalés par les utilisateurs figurent : un support limité pour les fournisseurs de modèles tiers, une latence notable, des ralentissements fréquents, des fonctionnalités principales verrouillées aux services cloud de JetBrains, une expérience utilisateur incohérente et une documentation insuffisante. Une plainte courante est que l'IA Assistant s'installe sans permission. Un utilisateur sur Reddit l'a qualifié de “plugin agaçant qui s'auto-répare/se réinstalle comme un phénix”. JetBrains a récemment introduit un niveau gratuit et un nouvel agent IA appelé Junie, destiné à fonctionner parallèlement à l'IA Assistant, probablement en réponse à la concurrence entre fournisseurs. Mais il est plus char a faire tourner. La société s'est engagée à explorer de nouvelles approches pour traiter les mises à jour majeures différemment et envisage d'implémenter des critiques par version ou de marquer les critiques comme “Résolues” avec des liens vers les problèmes correspondants au lieu de les supprimer. Contrairement à des concurrents comme Microsoft, AWS ou Google, JetBrains commercialise uniquement des outils et services de développement et ne dispose pas d'une activité cloud distincte sur laquelle s'appuyer. Vos images de README et fichiers Markdown compatibles pour le dark mode de GitHub: https://github.blog/developer-skills/github/how-to-make-your-images-in-markdown-on-github-adjust-for-dark-mode-and-light-mode/ Seulement quelques lignes de pure HTML pour le faire Architecture Alors, les DTOs, c'est bien ou c'est pas bien ? https://codeopinion.com/dtos-mapping-the-good-the-bad-and-the-excessive/ Utilité des DTOs : Les DTOs servent à transférer des données entre les différentes couches d'une application, en mappant souvent les données entre différentes représentations (par exemple, entre la base de données et l'interface utilisateur). Surutilisation fréquente : L'article souligne que les DTOs sont souvent utilisés de manière excessive, notamment pour créer des API HTTP qui ne font que refléter les entités de la base de données, manquant ainsi l'opportunité de composer des données plus riches. Vraie valeur : La valeur réelle des DTOs réside dans la gestion du couplage entre les couches et la composition de données provenant de sources multiples en formes optimisées pour des cas d'utilisation spécifiques. Découplage : Il est suggéré d'utiliser les DTOs pour découpler les modèles de données internes des contrats externes (comme les API), ce qui permet une évolution et une gestion des versions indépendantes. Exemple avec CQRS : Dans le cadre de CQRS (Command Query Responsibility Segregation), les réponses aux requêtes (queries) agissent comme des DTOs spécifiquement adaptés aux besoins de l'interface utilisateur, pouvant inclure des données de diverses sources. Protection des données internes : Les DTOs aident à distinguer et protéger les modèles de données internes (privés) des changements externes (publics). Éviter l'excès : L'auteur met en garde contre les couches de mapping excessives (mapper un DTO vers un autre DTO) qui n'apportent pas de valeur ajoutée. Création ciblée : Il est conseillé de ne créer des DTOs que lorsqu'ils résolvent des problèmes concrets, tels que la gestion du couplage ou la facilitation de la composition de données. Méthodologies Même Guillaume se met au “vibe coding” https://glaforge.dev/posts/2025/05/02/vibe-coding-an-mcp-server-with-micronaut-and-gemini/ Selon Andrey Karpathy, c'est le fait de POC-er un proto, une appli jetable du weekend https://x.com/karpathy/status/1886192184808149383 Mais Simon Willison s'insurge que certains confondent coder avec l'assistance de l'IA avec le vibe coding https://simonwillison.net/2025/May/1/not-vibe-coding/ Guillaume c'est ici amusé à développer un serveur MCP avec Micronaut, en utilisant Gemini, l'IA de Google. Contrairement à Quarkus ou Spring Boot, Micronaut n'a pas encore de module ou de support spécifique pour faciliter la création de serveur MCP Sécurité Une faille de sécurité 10/10 sur Tomcat https://www.it-connect.fr/apache-tomcat-cette-faille-activement-exploitee-seulement-30-heures-apres-sa-divulgation-patchez/ Une faille de sécurité critique (CVE-2025-24813) affecte Apache Tomcat, permettant l'exécution de code à distance Cette vulnérabilité est activement exploitée seulement 30 heures après sa divulgation du 10 mars 2025 L'attaque ne nécessite aucune authentification et est particulièrement simple à exécuter Elle utilise une requête PUT avec une charge utile Java sérialisée encodée en base64, suivie d'une requête GET L'encodage en base64 permet de contourner la plupart des filtres de sécurité Les serveurs vulnérables utilisent un stockage de session basé sur des fichiers (configuration répandue) Les versions affectées sont : 11.0.0-M1 à 11.0.2, 10.1.0-M1 à 10.1.34, et 9.0.0.M1 à 9.0.98 Les mises à jour recommandées sont : 11.0.3+, 10.1.35+ et 9.0.99+ Les experts prévoient des attaques plus sophistiquées dans les prochaines phases d'exploitation (upload de config ou jsp) Sécurisation d'un serveur ssh https://ittavern.com/ssh-server-hardening/ un article qui liste les configurations clés pour sécuriser un serveur SSH par exemple, enlever password authentigfication, changer de port, desactiver le login root, forcer le protocol ssh 2, certains que je ne connaissais pas comme MaxStartups qui limite le nombre de connections non authentifiées concurrentes Port knocking est une technique utile mais demande une approche cliente consciente du protocol Oracle admet que les identités IAM de ses clients ont leaké https://www.theregister.com/2025/04/08/oracle_cloud_compromised/ Oracle a confirmé à certains clients que son cloud public a été compromis, alors que l'entreprise avait précédemment nié toute intrusion. Un pirate informatique a revendiqué avoir piraté deux serveurs d'authentification d'Oracle et volé environ six millions d'enregistrements, incluant des clés de sécurité privées, des identifiants chiffrés et des entrées LDAP. La faille exploitée serait la vulnérabilité CVE-2021-35587 dans Oracle Access Manager, qu'Oracle n'avait pas corrigée sur ses propres systèmes. Le pirate a créé un fichier texte début mars sur login.us2.oraclecloud.com contenant son adresse email pour prouver son accès. Selon Oracle, un ancien serveur contenant des données vieilles de huit ans aurait été compromis, mais un client affirme que des données de connexion aussi récentes que 2024 ont été dérobées. Oracle fait face à un procès au Texas concernant cette violation de données. Cette intrusion est distincte d'une autre attaque contre Oracle Health, sur laquelle l'entreprise refuse de commenter. Oracle pourrait faire face à des sanctions sous le RGPD européen qui exige la notification des parties affectées dans les 72 heures suivant la découverte d'une fuite de données. Le comportement d'Oracle consistant à nier puis à admettre discrètement l'intrusion est inhabituel en 2025 et pourrait mener à d'autres actions en justice collectives. Une GitHub action très populaire compromise https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised Compromission de l'action tj-actions/changed-files : En mars 2025, une action GitHub très utilisée (tj-actions/changed-files) a été compromise. Des versions modifiées de l'action ont exposé des secrets CI/CD dans les logs de build. Méthode d'attaque : Un PAT compromis a permis de rediriger plusieurs tags de version vers un commit contenant du code malveillant. Détails du code malveillant : Le code injecté exécutait une fonction Node.js encodée en base64, qui téléchargeait un script Python. Ce script parcourait la mémoire du runner GitHub à la recherche de secrets (tokens, clés…) et les exposait dans les logs. Dans certains cas, les données étaient aussi envoyées via une requête réseau. Période d'exposition : Les versions compromises étaient actives entre le 12 et le 15 mars 2025. Tout dépôt, particulièrement ceux publiques, ayant utilisé l'action pendant cette période doit être considéré comme potentiellement exposé. Détection : L'activité malveillante a été repérée par l'analyse des comportements inhabituels pendant l'exécution des workflows, comme des connexions réseau inattendues. Réaction : GitHub a supprimé l'action compromise, qui a ensuite été nettoyée. Impact potentiel : Tous les secrets apparaissant dans les logs doivent être considérés comme compromis, même dans les dépôts privés, et régénérés sans délai. Loi, société et organisation Les startup the YCombinateur ont les plus fortes croissances de leur histoire https://www.cnbc.com/2025/03/15/y-combinator-startups-are-fastest-growing-in-fund-history-because-of-ai.html Les entreprises en phase de démarrage à Silicon Valley connaissent une croissance significative grâce à l'intelligence artificielle. Le PDG de Y Combinator, Garry Tan, affirme que l'ensemble des startups de la dernière cohorte a connu une croissance hebdomadaire de 10% pendant neuf mois. L'IA permet aux développeurs d'automatiser des tâches répétitives et de générer du code grâce aux grands modèles de langage. Pour environ 25% des startups actuelles de YC, 95% de leur code a été écrit par l'IA. Cette révolution permet aux entreprises de se développer avec moins de personnel - certaines atteignant 10 millions de dollars de revenus avec moins de 10 employés. La mentalité de “croissance à tout prix” a été remplacée par un renouveau d'intérêt pour la rentabilité. Environ 80% des entreprises présentées lors du “demo day” étaient centrées sur l'IA, avec quelques startups en robotique et semi-conducteurs. Y Combinator investit 500 000 dollars dans les startups en échange d'une participation au capital, suivi d'un programme de trois mois. Red Hat middleware (ex-jboss) rejoint IBM https://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html Les activités Middleware de Red Hat (incluant JBoss, Quarkus, etc.) vont être transférées vers IBM, dans l'unité dédiée à la sécurité des données, à l'IAM et aux runtimes. Ce changement découle d'une décision stratégique de Red Hat de se concentrer davantage sur le cloud hybride et l'intelligence artificielle. Mark Little explique que ce transfert était devenu inévitable, Red Hat ayant réduit ses investissements dans le Middleware ces dernières années. L'intégration vise à renforcer l'innovation autour de Java en réunissant les efforts de Red Hat et IBM sur ce sujet. Les produits Middleware resteront open source et les clients continueront à bénéficier du support habituel sans changement. Mark Little affirme que des projets comme Quarkus continueront à être soutenus et que cette évolution est bénéfique pour la communauté Java. Un an de commonhaus https://www.commonhaus.org/activity/253.html un an, démarré sur les communautés qu'ils connaissaient bien maintenant 14 projets et put en accepter plus confiance, gouvernance legère et proteger le futur des projets automatisation de l'administratif, stabiilité sans complexité, les developpeurs au centre du processus de décision ils ont besoins de members et supporters (financiers) ils veulent accueillir des projets au delà de ceux du cercles des Java Champions Spring Cloud Data Flow devient un produit commercial et ne sera plus maintenu en open source https://spring.io/blog/2025/04/21/spring-cloud-data-flow-commercial Peut-être sous l'influence de Broadcom, Spring se met à mettre en mode propriétaire des composants du portefeuille Spring ils disent que peu de gens l'utilisaent en mode OSS et la majorité venait d'un usage dans la plateforme Tanzu Maintenir en open source le coutent du temps qu'ils son't pas sur ces projets. La CNCF protège le projet NATS, dans la fondation depuis 2018, vu que la société Synadia qui y contribue souhaitait reprendre le contrôle du projet https://www.cncf.io/blog/2025/04/24/protecting-nats-and-the-integrity-of-open-source-cncfs-commitment-to-the-community/ CNCF : Protège projets OS, gouvernance neutre. Synadia vs CNCF : Veut retirer NATS, licence non-OS (BUSL). CNCF : Accuse Synadia de “claw back” (reprise illégitime). Revendications Synadia : Domaine nats.io, orga GitHub. Marque NATS : Synadia n'a pas transféré (promesse rompue malgré aide CNCF). Contestation Synadia : Juge règles CNCF “trop vagues”. Vote interne : Mainteneurs Synadia votent sortie CNCF (sans communauté). Support CNCF : Investissement majeur ($ audits, légal), succès communautaire (>700 orgs). Avenir NATS (CNCF) : Maintien sous Apache 2.0, gouvernance ouverte. Actions CNCF : Health check, appel mainteneurs, annulation marque Synadia, rejet demandes. Mais finalement il semble y avoir un bon dénouement : https://www.cncf.io/announcements/2025/05/01/cncf-and-synadia-align-on-securing-the-future-of-the-nats-io-project/ Accord pour l'avenir de NATS.io : La Cloud Native Computing Foundation (CNCF) et Synadia ont conclu un accord pour sécuriser le futur du projet NATS.io. Transfert des marques NATS : Synadia va céder ses deux enregistrements de marque NATS à la Linux Foundation afin de renforcer la gouvernance ouverte du projet. Maintien au sein de la CNCF : L'infrastructure et les actifs du projet NATS resteront sous l'égide de la CNCF, garantissant ainsi sa stabilité à long terme et son développement en open source sous licence Apache-2.0. Reconnaissance et engagement : La Linux Foundation, par la voix de Todd Moore, reconnaît les contributions de Synadia et son soutien continu. Derek Collison, PDG de Synadia, réaffirme l'engagement de son entreprise envers NATS et la collaboration avec la Linux Foundation et la CNCF. Adoption et soutien communautaire : NATS est largement adopté et considéré comme une infrastructure critique. Il bénéficie d'un fort soutien de la communauté pour sa nature open source et l'implication continue de Synadia. Finalement, Redis revient vers une licence open source OSI, avec la AGPL https://foojay.io/today/redis-is-now-available-under-the-agplv3-open-source-license/ Redis passe à la licence open source AGPLv3 pour contrer l'exploitation par les fournisseurs cloud sans contribution. Le passage précédent à la licence SSPL avait nui à la relation avec la communauté open source. Salvatore Sanfilippo (antirez) est revenu chez Redis. Redis 8 adopte la licence AGPL, intègre les fonctionnalités de Redis Stack (JSON, Time Series, etc.) et introduit les “vector sets” (le support de calcul vectoriel développé par Salvatore). Ces changements visent à renforcer Redis en tant que plateforme appréciée des développeurs, conformément à la vision initiale de Salvatore. Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 mai 2025 : GOSIM AI Paris - Paris (France) 7-9 mai 2025 : Devoxx UK - London (UK) 15 mai 2025 : Cloud Toulouse - Toulouse (France) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 22-23 mai 2025 : Flupa UX Days 2025 - Paris (France) 24 mai 2025 : Polycloud - Montpellier (France) 24 mai 2025 : NG Baguette Conf 2025 - Nantes (France) 3 juin 2025 : TechReady - Nantes (France) 5-6 juin 2025 : AlpesCraft - Grenoble (France) 5-6 juin 2025 : Devquest 2025 - Niort (France) 10-11 juin 2025 : Modern Workplace Conference Paris 2025 - Paris (France) 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12 juin 2025 : Positive Design Days - Strasbourg (France) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 19-21 juin 2025 : Drupal Barcamp Perpignan 2025 - Perpignan (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : Devfest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/
In this episode, Michael Lieberman, Co-founder and CTO of Kusari, walks us through the intersection of open source software and security. We discuss Mike's extensive involvement in OpenSSF projects like SLSA and GUAC, which provide essential frameworks for securing the software development life cycle (SDLC) and managing software supply chains. He explains how these tools help verify software provenance and manage vulnerabilities. Additionally, we explore regulatory concerns such as the Cyber Resilience Act (CRA) and the vital role of the recently released Open SSF Security Baseline (OSPS Baseline) in helping organizations comply with such regulations. Mike also shares insights into the evolution of open source security practices, the importance of reducing complexity for developers, and the potential benefits of orchestrating security similarly to Kubernetes. We conclude with a look at upcoming projects and current pilots aiming to simplify and enhance open source security. 00:00 Introduction and Guest Welcome 00:19 Mike's Background and Role in Open Source 01:35 Exploring SLSA and GUAC Projects 04:57 Cyber Resiliency Act Overview 06:54 OpenSSF Security Baseline 11:29 Encouraging Community Involvement 18:39 Final Thoughts Resources: OpenSSF's OSPS Baseline GUAC SLSA KubeCon Keynote: Cutting Through the Fog: Clarifying CRA Compliance in C... Eddie Knight & Michael Lieberman Guest: Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF's Secure Software Factory Reference Architecture whitepaper. He is an elected member of the OpenSSF Governing Board and Technical Advisory Council along with CNCF TAG Security Lead and an SLSA steering committee member.
Bentornati e bentornate su Azure Italia Podcast, il podcast in italiano su Microsoft Azure!Per non perderti nessun nuovo episodio clicca sul tasto FOLLOW del tuo player
This week, we discuss the new Slate Pickup, Synadia's attempt to reclaim NATS from the CNCF, and the latest DORA AI report. Plus, Google leaves old Nest thermostats out in the cold. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=Is2JhdgLpIg) 517 (https://www.youtube.com/watch?v=Is2JhdgLpIg) Runner-up Titles We have a dumb house Ultimately I blame myself You can educate people, but they're not going to listen It's hard to have the same level of empathy with a talking logo I don't want a subscription car No Take Backs Rugpulls are part of the landscape now Vacuum Hypothesis Major releases forever Making bad developers 10x faster Spaces or Braces Don't bring tabs into this Rundown Google will stop supporting early Nest thermostats on October 25 (https://techcrunch.com/2025/04/26/google-will-stop-supporting-early-nest-thermostats-on-october-25/) The Slate Truck is a whole new kind of car (https://www.theverge.com/the-vergecast/657836/slate-truck-auto-pickup-screen-time-vergecast) Open Source Regret Syndrome How Synadia's attempt to exit the CNCF by holding a trademark hostage might have backfired (https://www.runtime.news/how-synadias-attempt-to-exit-the-cncf-by-holding-a-trademark-hostage-might-have-backfired/) Protecting NATS and the integrity of open source: CNCF's commitment to the community (https://www.cncf.io/blog/2025/04/24/protecting-nats-and-the-integrity-of-open-source-cncfs-commitment-to-the-community/?ref=runtime.news) DORA Impact of Generative AI in Software Development (https://cloud.google.com/resources/content/dora-impact-of-gen-ai-software-development?hl=en) Duolingo will replace contract workers with AI (https://www.theverge.com/news/657594/duolingo-ai-first-replace-contract-workers) Google launches AI tools for practicing languages through personalized lessons (https://techcrunch.com/2025/04/29/google-launches-ai-tools-for-practicing-languages-through-personalized-lessons/?guccounter=1&guce_referrer=aHR0cHM6Ly9uZXdzLmdvb2dsZS5jb20v&guce_referrer_sig=AQAAACKh9xMr7tOVcmFQP-5C8PDElghg3W1m2SmQAVKY4UhlHXs69qyd-CrNSI5aLcFTcZCQ0_crhAmIf4h3m816HtKLF1FfYof3Tcfai-qMt_sbXeTLDn2ap8l_X54hB-MNXCQtjjpNo0rHs9yMrXlXQbcRqLKfEAERgEh3piRMF_KM) Viral Shopify CEO Manifesto Says AI Now Mandatory For All Employees (https://www.forbes.com/sites/douglaslaney/2025/04/09/selling-ai-strategy-to-employees-shopify-ceos-manifesto/) Introducing the Meta AI App: A New Way to Access Your AI Assistant (https://about.fb.com/news/2025/04/introducing-meta-ai-app-new-way-access-ai-assistant/) Relevant to your Interests 2D Chip Breakthrough: 6,000 Transistors, 3 Atoms Thick (https://spectrum.ieee.org/2d-semiconductors-molybdenum-disulfide) AMD 2.0 – New Sense of Urgency (https://semianalysis.com/2025/04/23/amd-2-0-new-sense-of-urgency-mi450x-chance-to-beat-nvidia-nvidias-new-moat/) Apple Partner TSMC Unveils Advanced 1.4nm Process for 2028 Chips (https://www.macrumors.com/2025/04/24/apple-partner-tsmc-1-4nm-process-2028-chips/) Elon Musk forced back to the boardroom as Doge ‘blowback' pummels Tesla (https://on.ft.com/3Rx0z4z) Amazon CEO Andy Jassy's 2024 Letter to Shareholders—Annotated (https://www.lastweekinaws.com/2024-amazon-ceo-letter-to-shareholders/?ck_subscriber_id=512840665&utm_source=convertkit&utm_medium=email&utm_campaign=%20[Last%20Week%20in%20AWS%20Extras]:%20Amazon%20CEO%20Andy%20Jassy) How Commodore Invented the Mass Market Computer (https://every.to/the-crazy-ones/the-first-king-of-home-computing) Yahoo wants to buy Chrome (https://www.theverge.com/policy/655975/yahoo-search-web-browser-prototype-google-trial-antitrust-chrome) Microsoft launches Recall and AI-powered Windows search for Copilot Plus PCs (https://www.theverge.com/news/656106/microsoft-recall-copilot-plus-pc-available) Tech Workers Are Just Like the Rest of Us: Miserable at Work (https://www.msn.com/en-us/money/companies/tech-workers-are-just-like-the-rest-of-us-miserable-at-work/ar-AA1DDKjh) Backblaze: A Loss-Making Data Storage Business Mired in Lawsuits, Sham Accounting, and Brazen Insider Dumping (https://www.morpheus-research.com/backblaze/) IBM pledges $150 billion to boost U.S. tech growth, computer manufacturing (https://www.cnbc.com/2025/04/28/ibm-to-invest-150-billion-to-boost-us-tech-growth-computer-manufacturing.html) Economic Termites Are Everywhere (https://www.thebignewsletter.com/p/economic-termites-are-everywhere) 40 years ago, Acorn fired up the first Arm processor (https://www.theregister.com/2025/04/29/arm_40/) Nonsense Between 2 Servers - S1E2 - Not THAT Hasselhoff feat. Dr. Kate Holterhoff (https://www.youtube.com/watch?v=v6VrO8rl-iM) Fold 'N Fly » Paper Airplane Folding Instructions (https://www.foldnfly.com/) Conferences Cloud Foundry Day US (https://events.linuxfoundation.org/cloud-foundry-day-north-america/), May 14th, Palo Alto, CA, Coté speaking. KCD Texas Austin 2025 (https://community.cncf.io/events/details/cncf-kcd-texas-presents-kcd-texas-austin-2025/), May 15th, Whitney Lee Speaking Fr (https://vmwarereg.fig-street.com/051325-tanzu-workshop/)ee AI workshop (https://vmwarereg.fig-street.com/051325-tanzu-workshop/), May 13th. day before C (https://events.linuxfoundation.org/cloud-foundry-day-north-america/)loud (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) (https://events.linuxfoundation.org/cloud-foundry-day-north-america/)Foundry (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) Day (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) Melbourne Wiz Meet-Up (https://www.wiz.io/events/melbourne-wizdom-meet-up-may-2025), May 13. Matt will be there NDC Oslo (https://ndcoslo.com/), May 21st-23th, Coté speaking. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Airpod Cleaner Kit (https://www.amazon.com/dp/B0B3CKVRK3?ref=ppx_yo2ov_dt_b_fed_asin_title&th=1) Matt: Soul Coughing Live 2024 (https://li.sten.to/soulcoughinglive2024) Cooking with Beagles (https://www.instagram.com/beagleskiko/) Photo Credits Header (https://unsplash.com/photos/white-thermostat-at-62-mAwE-fqgDXc)
Tim Irnich from SUSE shares his work with Edge computing, focusing on the telecommunications industry. He highlights the importance of standardization and interoperability across the industry, specifically focusing on the widespread adoption of Linux and Kubernetes. Tim also elaborates on Project Sylva, an initiative under the Linux Foundation, aimed at creating a standardized stack for the European telco operators. We also discuss challenges and opportunities presented by the vast array of open source projects within the CNCF landscape and the potential for AI to enhance network efficiency and reliability. The episode provides a comprehensive look into the collaborative efforts and technological advancements shaping the telecom sector. 00:00 Welcome 01:14 Open Source Adoption in the Telco Industry 02:14 Challenges and Standardization in Telco Networks 04:35 Curating Reliable Stacks for Telco 06:11 Project Silva: An Open Source Initiative 18:55 AI in the Telecom Industry 22:11 Conclusion and Final Thoughts Tim Irnich is the product manager for SUSE Edge for Telco, an open source based horizontal telco cloud solution. He is also a member of the Board of Directors at the LF Europe Sylva Project. Tim has been active in telco related open source communities such as LF Networking, OPNFV, OpenDaylight, OpenStack/OpenInfra for over a decade and held positions on several committees including the LFN TAC, TSC and Board of Directors in OPNFV and OpenDaylight. Before joining SUSE in 2018, Tim worked at Ericsson, where he ran the open source and ecosystem program for Ericsson's cloud business unit and helped found Ericsson's open source development arm that is today known as Ericsson Software Technologies.
Last week the kerfuffle between Synadia and CNCF, tussling over the ownership and futures of NATS, bled into the public. The outcome may cast a long shadow for open source and for the CNCF. Bryan and Adam were joined by Rachel Stephens and Adam Jacob to discuss how we got here and possible outcomes.In addition to Bryan Cantrill and Adam Leventhal, we were joined by Rachel Stephens Adam Jacob, and Eliza Weisman.Some of the topics we hit on, in the order that we hit them:Goats in sweatersCNCF Slide: Why You Should Host Your Project at CNCFCNCF NATS documentsNATS GitHub discussionThe uncashed $10k checkCNCF landscapeCNCF blog on NATS / SynadiaSynadia response to the CNCFPostscript:The CNCF updated its blog with proof that the ACH transfer of $10,000 was completed [still very funny! -ahl].Derek Collison--as reported by Runtime News--has agreed to transfer the NATS trademark to the CNCF "because we just feel that the damage to the ecosystem and the ugliness is not worth it for anyone."If we got something wrong or missed something, please file a PR! Our next show will likely be on Monday at 5p Pacific Time on our Discord server; stay tuned to our Mastodon feeds for details, or subscribe to this calendar. We'd love to have you join us, as we always love to hear from new speakers!
Today on The Business of Open Source I spoke with Liz Rice, Chief Open Source Officer at Isovalent, which is now part of Cisco. We addressed two subjects: How to be successful as a company that donates their project to the CNCF, and the story of Isovalent's acquisition by Cisco and the role open source played in that acquisition. We talked about: Trademarks. This is a very important part of what you donate when you donate a project to the CNCF (or other foundations). We talked about what you can and can not do with the name and logo of “your” project when it becomes part of the CNCF, and what that means for the competitive landscape you're a part of. How to best take advantage of the marketing benefits that being part of the CNCF brings. How to create a link between the CNCF project and the company that donated it. The role that Cilium and eBPF played in Isovalent's acquisition by Cisco. Why Isovalent's relationship with open source is valuable to Cisco in and of itself. How open source companies can increase the likelihood that they'll be able to continue investing in open source post-acquisition. Why it's so important to find opportunities for collaboration. Want help making the link between your CNCF project and your commercial product? You might want to work with me.
KubeCon Europe 2025 in London has wrapped up, and we're bringing you all the highlights, trends, and behind-the-scenes insights straight from the show floor!In this special recap episode, I'm joined by two CNCF Ambassadors and community powerhouses: Kasper Borg Nissen, the Co-Chair of this KubeCon as well as of the KubeCon 2024 editions, and a Developer Relations Engineer at Dash0; and William Rizzo, Consulting Architect at Mirantis and Linkerd Ambassador.Together, we unpack the major themes from the event—from platform engineering and internal developer platforms, to open source observability, and where Kubernetes is headed next. We also chat about the vibe of the community, emerging projects to watch, and important trends in European tech sphere.Whether you missed the conference or want to catch up on important updates you might have missed, this episode gives you a curated take straight from the experts who know the cloud-native space inside out.The episode was live-streamed on 22 April 2025 and the video is available at https://www.youtube.com/watch?v=JyxJOmOEBvQYou can read the recap post: https://medium.com/p/740258a5fa46OpenObservability Talks episodes are released monthly, on the last Thursday of each month and are available for listening on your favorite podcast app and on YouTube.We live-stream the episodes on Twitch and YouTube Live - tune in to see us live, and chime in with your comments and questions on the live chat.https://www.youtube.com/@openobservabilitytalks https://www.twitch.tv/openobservabilityShow Notes:00:00 - intro03:28 - KubeCon impressions09:59 - Backstage turns 518:56 - CNCF turns 10 and CNCF annual survey27:22 - Sovereign cloud in Europe and the NeoNephos initiative33:55 - CI/CD use in production increases36:52 - OpenInfra joins the Linux Foundation40:16 - Cloud native local communities, DEI and the BIPOC initiative 51:11 - Observability query standardization SIG updates59:36 - outroResources:CNCF 2024 Annual Survey https://www.cncf.io/reports/cncf-annual-survey-2024/NeoNephos initiative for sovereign EU cloud: https://www.linkedin.com/feed/update/urn:li:share:7313115943075766273/ OpenInfra Foundation and OpenStack join The Linux Foundation: https://www.linkedin.com/feed/update/urn:li:share:7307839934072066048/ Backstage turns 5: https://www.linkedin.com/feed/update/urn:li:activity:7318163557206966272/ Kubernetes 1.33 release: https://www.linkedin.com/feed/update/urn:li:activity:7321054742174924800/Socials:Twitter: https://twitter.com/OpenObservYouTube: https://www.youtube.com/@openobservabilitytalksDotan Horovits============Twitter: @horovitsLinkedIn: www.linkedin.com/in/horovitsMastodon: @horovits@fosstodonBlueSky: @horovits.bsky.socialKasper Borg Nissen===============Twitter: https://www.twitter.com/phennexLinkedIn: https://www.linkedin.com/in/kaspernissen/BlueSky: https://bsky.app/profile/kaspernissen.xyzWilliam Rizzo===========Twitter: https://twitter.com/WilliamRizzo19LinkedIn: https://www.linkedin.com/in/william-rizzo/BlueSky: https://bsky.app/profile/williamrizzo.bsky.social
Cloud native patterns and open source developments were on display at the KubeCon + CloudNativeCon Europe conference. The biannual gathering was showing how the container ecosystem continues to mature and analysts Jean Atelsek and William Fellows join host Eric Hanselman to explore their insights. The Cloud Native Computing Foundation (CNCF), part of the Linux Foundation, continues to expand the event and advance the maturity of the open source projects that are part of its purview. Day 2 operations have been gaining focus and the pre-conference FinOps X event was an indication of the emphasis on operational controls as it digs into infrastructure cost management. The opening “Day 0” events at KubeCon, which have been the forum for specialized project meetings, have become a key part of the conference, with over 6,000 attendees, almost half of the reported 13,000 total. The Kubernetes container management project is now over ten years old and one of the other signs of technology evolution was the integration of the OpenInfra Foundation, which managed the OpenStack project and other infrastructure elements, into the Linux Foundation. Open source projects are gaining wider adoption and one of the messages from projects and vendors at KubeCon, was the hope that it could offer alternatives to enterprise infrastructure stalwart, VMware. The CNCF is expanding its investments in improving security across the projects under its umbrella. There was also continued development of platform engineering initiatives. Bounding the expanding world of open source projects to create consistent development and operational tool chains for enterprise is one more sign of maturity in the container world. More S&P Global Content: AWS, Microsoft Azure and Google Cloud enter the FinOps vortex For S&P Global subscribers: Kubernetes meets the AI moment in Europe with technology, security, investment Data management, GenAI, hybrid cloud are top Kubernetes workloads – Highlights from VotE: DevOps Kubernetes ecosystem tackles new technical and market challenges Kubernetes, serverless adoption evolve with cloud-native maturity – Highlights from VotE: DevOps Credits: Host/Author: Eric Hanselman Guests: Jean Atelsek, William Fellows Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith
Did containerization ship away our environmental responsibility? Containers come with the promise of automation, scalability and reliability. The question is how to add sustainability to the list without breaking its other benefits. To talk about these challenges, Gaël Duez welcomes Flavia Paganelli and Niki Manoledaki, 2 experts in Kubernetes who are also pillars of the CNCF TAG Environmental Sustainability workgroup. This episode might beat the record of acronyms: KEIT, CNCF, TAG … And yet Flavia Paganelli and Niki Manoledaki provided crystal clear explanations when they covered:
Lior Lieberman is a software engineer lead at Google Cloud focusing on GCE, Kubernetes, and Service Mesh. He is a leading contributor to Gateway API and the maintainer of Ingress2gateway. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod - bluesky: @kubernetespodcast.com News of the week NFTables mode for kube-proxy | Kubernetes Kubescape becomes a CNCF incubating project Announcing the Beta Release of OpenTelemetry Go Auto-Instrumentation using eBPF | CNCF New Phippy Book Guidelines: Enhancing Community Access & Engagement | CNCF Links from the interview Lightning Talk: Why Service Is the Worst API in Kubernetes, & What We're Doing About It - Tim Hockin GitHub - kubernetes-sigs/ingress2gateway: Convert Ingress resources to Gateway API resources Migrating from Ingress Gateway API Inference Extension 0.1.0 release README on GitHub kubernetes-sigs/ingate - an Ingress & Gateway API Controller GAMMA - https://gateway-api.sigs.k8s.io/mesh/
Send us a textWhat happens when you get Eyvonne, William, and our special guest Nick Eberts in the same conversation? You get a GKE party! In this episode, we dive deep into the world of multi-cluster Kubernetes management with Nick Eberts, Product Manager for GKE Fleets & Teams at Google. Nick shares his expertise on platform engineering, the evolution from traditional infrastructure to cloud-native platforms, and the challenges of managing multiple Kubernetes clusters at scale. We explore the parallels between enterprise architecture and modern platform teams, discuss the future of multi-cluster orchestration, and unpack Google's innovative work with Spanner database integration for GKE. Nick also shares his passion for contributing to open source through SIG Multi-Cluster and provides valuable guidance for those interested in getting involved with the Kubernetes community.Where to Find Nick EbertsLinkedIn: https://www.linkedin.com/in/nicholasebertsTwitter: https://twitter.com/nicholasebertsBluesky: @nickeberts.devShow LinksSIG Multi-Cluster: https://github.com/kubernetes/community/tree/master/sig-multiclusterGoogle Kubernetes Engine (GKE): https://cloud.google.com/kubernetes-engineSpanner Database: https://cloud.google.com/spannerKubernetes: https://kubernetes.io/KubeCon: https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/Argo CD: https://argoproj.github.io/cdFlux: https://fluxcd.io/CNCF: https://www.cncf.io/Follow, Like, and Subscribe!Podcast: https://www.thecloudgambit.com/YouTube: https://www.youtube.com/@TheCloudGambitLinkedIn: https://www.linkedin.com/company/thecloudgambitTwitter: https://twitter.com/TheCloudGambitTikTok: https://www.tiktok.com/@thecloudgambit
Der Mainframe ist tot, lang lebe der Mainframe!“Nobody ever got fired for buying IBM”. So oder so ähnlich hieß bzw. heißt ein Sprichwort in unserer IT-Industrie. Und wenn man sowas hört, hat man oft eins im Sinn: Mainframes. Die dicken Kisten, die in jeder Bank und in jeder Versicherung stehen. Das Ganze sagt sich so schnell. Doch wissen wir wirklich, wovon wir da eigentlich sprechen?In dieser Episode klären wir was eigentlich ein Mainframe ist, was diesen so besonders macht, wie groß und teuer eine solche Maschine ist, was eine z-Architektur ist, ob Mainframes für Greenfield-Projekte genutzt werden, welche Betriebssysteme darauf laufen können, ob wir bei der Software-Entwicklung an COBOL gebunden sind oder ob Go, JavaScript, Rust und Co auch auf einem Mainframe laufen können und inwieweit wir moderne Praktiken wie GitOps, Continuous Delivery, Pre-Production-Testing und Co anwenden können.Am Ende stellen wir uns die Frage, ob der Mainframe im Zeitalter von Cloud, Kubernetes, Commodity Hardware und verteilte Systeme noch eine Rolle spielt, wie wir als Software-Entwickler mal mit der z-Architektur und dem Mainframe spielen können und was für Herausforderungen die Firmen, die heutzutage noch einen Mainframe und alten Quellcode betreiben, so haben.Bonus: Heißt es Der, die oder das Mainframe?Unsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:
One PetaByte is the equivalent of 11000 4k movies. And CERN's Large Hadron Collider (LHC) generates this every single second. Only a fraction of this data (~1 GB/s) is stored and analyzed using a multicluster batch job dispatcher with Kueue running on Kubernetes. In this episode we have Ricardo Rocha, Platform Engineering Lead at CERN and CNCF Advocate, explaining why after 20 years at CERN he is still excited about the work he and his colleagues at CERN are doing. To kick things off we learn about the impact that the CNCF has on the scientific community, how to best balance an implementation of that scale between "easy of use" vs "optimized for throughput". Tune in and learn about custom hardware being built 20 years ago and how the advent of the latest chip generation has impacted the evolution of data scientists around the globeLinks we discussedRicardo's LinkedIn: https://www.linkedin.com/in/ricardo-rocha-739aa718/KubeCon SLC Keynote: https://www.youtube.com/watch?v=xMmskWIlktA&list=PLj6h78yzYM2Pw4mRw4S-1p_xLARMqPkA7&index=5Kueue CNCF Project: https://kubernetes.io/blog/2022/10/04/introducing-kueue/
Send us a textOn this episode: Joined by special guest KJ, the cast talks with the CNCF's Cassandra Shea to discuss upcoming CayFest & Red Sky @ Night events. Is the country progressing forward for artists? We share some behind the scenes & get a weekend recap. Who has your Hyundai & what can you do?? An ode to vintage commercials, Honda FiTs, & Galentines. Before taking a call from the Deputy Premier, the cast looks at the racial divide, more robberies but no calls action. RIP Spikey, this & much more! Support the show
In this episode, Henrik Blixt, a product manager at Intuit and Argo maintainer, shares his experiences and insights into managing platform engineering teams that handle Kubernetes, service mesh, API gateways, and more. He emphasizes the importance of product management within platform engineering and discusses his involvement with the CNCF's end user technical advisory board. Henrik also highlights the significance of open source in his professional journey and details the ongoing initiatives and advancements within the Argo project. 00:00 Introduction and Guest Welcome 00:53 Discussion on Argo and Developer Tools 01:41 Open Source Community Involvement 02:06 CNCF End User Technical Advisory Board 03:11 Reference Architectures and Initiatives 08:18 Challenges and Solutions for End Users 13:20 Argo Project Insights 16:03 The Importance of Product Management 17:16 Conclusion and Final Thoughts Guest: Henrik Blixt leads a Product Management team responsible for the Intuit core platform, where he defines the strategy and direction that has shaped Intuit's cloud native platform based on CNCF projects like Kubernetes, Envoy, Istio, Prometheus, Argo (and many more!) that's used by 7000 developers and serving over 100M users. Being a passionate member of the open source community for almost 30 years, from Linux through OpenStack and Kubernetes, Henrik is currently focused on the Argo project as a core maintainer. He also represents Intuit across other committees, like the CNOE project and the broader Linux Foundation, where he shares experiences and best practices from Intuit's use of open source, making sure end users are heard and their pain points understood. He loves engaging with the community and has been a prolific speaker and event program committee member across ArgoCon, GitOpsCon, Kubecon over the years. A native of Sweden, earning his B.Sc in information systems from the University of Gothenburg, he now resides in California with his family.
Kakeru is the initiator of the Kubernetes History Inspector or KHI. An open source tool that allows you to visualise Kubernetes Logs and troubleshoot issues. We discussed what the tool does, how it's built and what was the motivation behind Open sourcing it. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod - bluesky: @kubernetespodcast.com News of the week The Schedule for the KubeCon and CloudNativeCon 2025 Maintainers Summit is live The CNCF 2024 review of the top 30 projects The CNCF End User Case Study for KubeCon Contest Kubernetes Resource Orchestrator Blog Kubernetes Resource Orchestrator Github EKS Hybrid nodes CoreWeave Nvidia GB200 NLV-72 GA Links from the interview KHI: Kubernetes History Inspector DAG WebGL
Morgan McLean, co-founder of OpenTelemetry and senior director of product management at Splunk, has long tackled the challenges of observability in large-scale systems. In a conversation with Alex Williams onThe New Stack Makers, McLean reflected on his early frustrations debugging high-scale services and the need for better observability tools.OpenTelemetry, formed in 2019 from OpenTracing and OpenCensus, has since become a key part of modern observability strategies. As a Cloud Native Computing Foundation (CNCF) incubating project, it's the second most active open source project after Kubernetes, with over 1,200 developers contributing monthly. McLean highlighted OpenTelemetry's role in solving scaling challenges, particularly in Kubernetes environments, by standardizing distributed tracing, application metrics, and data extraction.Looking ahead, profiling is set to become the fourth major observability signal alongside logs, tracing, and metrics, with general availability expected in 2025. McLean emphasized ongoing improvements, including automation and ease of adoption, predicting even faster OpenTelemetry adoption as friction points are resolved.Learn more from The New Stack about the latest trends in Open Telemetry:What Is OpenTelemetry? The Ultimate GuideObservability in 2025: OpenTelemetry and AI to Fill In GapsHoneycomb.io's Austin Parker: OpenTelemetry In-DepthJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.
Feature Flagging - some may call them "glorified if-statements" - has been a development practice for decades. But have we reached a stage where organizations are doing "Feature Flag-Driven Development?". After all it took years to establish a test-driven development culture despite having great tools and frameworks available!To learn more we invited Ben Rometsch, Co-Founder of Flagsmith, to chat about the history, state and future of Feature Flagging. He is giving us an update on where the market is heading, how the CNCF project OpenFeature and its community is driving best practices, what the role of AI might be and what he thinks might be next!Couple of links we discussed during the episode:Ben on LinkedIn: https://www.linkedin.com/in/benrometsch/YouTube Video on Observability & Feature Flagging: https://www.youtube.com/watch?v=VZakh1_oEL8OpenFeature: https://openfeature.dev/
William Morgan is the CEO of Buoyant, the company behind Linkerd. You worked at Twitter before as a software engineer and engineering manager and you have a long experience in the field. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod - bluesky: @kubernetespodcast.com News of the week RedHat blog: Next generation multicluster application connectivity and traffic policy management KubeCon EU 2025 schedule CFP for KubeCon Japan (closes Feb 2, 2025) CFP for KubeCon China (closes Feb 2, 2025) CFP for KubeCon India (closes March 23, 2025) kubezonnet Links from the interview linkerd.io Linkerd on GitHub Linkerd architecture “Linkerd doesn't use Envoy” Blog Post (2020) envoyproxy.io Sidecar containers in Kubernetes Linkerd2 on GitHub Rust programming language Dynamic Admission Control (Mutating Webhooks) Linkerd Multi-cluster Federated Services KubeCon NA 2024, “Open Source 2.0: The Maintainers' Perspective - Panel” Cloud Native Startup Fest, “Panel: Startups With Open Source Projects: Can They Be Successful in the CNCF? And Should They Be?”
In this episode, Katherine Druckman speaks to Alex Scammon, who leads the Open Source Program Office (OSPO) at G Research. Alex discusses the company's significant contributions to open source projects and their unique operating model. He covers the success of Armada, a CNCF sandbox project for multi-cluster batch scheduling, and the considerable efforts of G Research's OSPO, which includes 30 engineers dedicated to direct open source contributions. Alex also shares insights on the benefits of supporting open source projects, the complexities of project prioritization, and the collaborative efforts in the open source community. The episode emphasizes the importance of sustainable open source involvement and offers a glimpse into G Research's mission to use AI and ML tools to drive financial market predictions. 00:00 Introduction and Guest Welcome 00:08 Overview of Alex's Role and OSPO 03:27 Importance of Open Source Contributions 04:37 Prioritizing Projects and G Research 07:27 Challenges and Collaboration 12:43 Personal Journey in Open Source 18:09 Encouraging Open Source Contributions Guest: Alex Scammon: Currently, I'm leading a large and intrepid band of open-source engineers engaged in a number of philanthropic upstream contributions on behalf of G-Research. All of our work centers around open-source data science and machine learning tools and the MLOps and HPC infrastructure to support those tools at scale. We're almost certainly hiring.... As part of this work, I'm also leading a discussion around batch scheduling on Kubernetes as the chair of the CNCF's Batch Working Group. Please reach out if this is an area of interest for you -- we'd love to have more voices at the table!
The hardware industry is surging, driven by AI's demanding workloads, with Arm—a 35-year-old pioneer in processor IP—playing a pivotal role. In an episode ofThe New Stack Makersrecorded at KubeCon + CloudNativeCon North America, Pranay Bakre, principal solutions engineer at Arm, discussed how Arm is helping organizations migrate and run applications on its technology.Bakre highlighted Arm's partnership with hyperscalers like AWS, Google, Microsoft, and Oracle, showcasing processors such as AWS Graviton and Google Axion, built on Arm's power-efficient, cost-effective Neoverse IP. This design ethos has spurred wide adoption, with 90-95% of CNCF projects supporting native Arm binaries.Attendees at Arm's booth frequently inquired about its plans to support AI workloads. Bakre noted the performance advantages of Arm-based infrastructure, delivering up to 60% workload improvements over legacy architectures. The episode also features a demo on migrating x86 applications to ARM64 in both cloud and containerized environments, emphasizing Arm's readiness for the AI era.Learn more from The New Stack about Arm: Arm Eyes AI with Its Latest Neoverse Cores and SubsystemBig Three in Cloud Prompts ARM to Rethink SoftwareJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.
In this episode, Rich speaks with Taylor Dolezal from the CNCF. Topics include: How does the CNCF make money and what is the value it delivers, what is cloud native, what is an end user, imposter syndrome, and Kubernetes at CERN.Links:Taylor's LinkedIn | BlueskyRich's LinkedIn | Bluesky | LinktreeRich's emailJesse Robbins - Amazon chaos engineeringLachlan EvensonKara Sowles Deloss's FOSDEM presentationCNC Cartografos Working GroupHumans of Cloud NativeThe CNCF LandscapeJoe Beda's first TGIK episodeZero to Merge InitiativeJorge CastroKubernetes at CERNEpisode TranscriptLogo by the amazing Emily Griffin.Music by Monplaisir.Thanks for listening. ★ Support this podcast on Patreon ★
In the last episode of The Business of Open Source recorded at KubeCon Salt Lake City, I spoke with Omri Gazitt, co-founder and CEO of Aserto. Aserto has two open source project that it maintains, one of which it donated to the CNCF. In this episode, we talked about the decision to donate a project to the CNCF — both what the process entailed and what is in for Aserto in having a project at the CNCF. But of course Aserto also has another project, Topaz, which it has not donated to the CNCF. We also talked about why Topaz wasn't donated to the CNCF. A couple things to pull out of this conversation: The complicated calculus of deciding whether to donate a project to a foundation, and how the dynamics of the market change over the years and you have to think very critically about the specifics of your situation before making the decision to donate to a foundationHow every company has slightly different market pressures — sometimes the market pushed you to donate to a foundation, sometimes the market doesn't care. The importance of thinking not just about market share when you're open source, but also how you are going to monetize! It's possible to have vastly smaller market share but make vastly more money. Why being an open source company does not have to mean that your paid solution has to be cheaper than your competitors. Why you don't have to start selling into startups — sometimes your best customers will always be either mid-market or enterprise from the very beginning. We talked about the panel I moderated at CloudNative StartupFest at KubeCon. If you missed it, here's the link to see the replay. We also talked about Adam Jacob's talk at the same event, which you can see here. If you're building a company around an open source project and aren't sure how to manage the relationship between the project and product, you might want to work with me or come to Open Source Founders Summit this May.
Bret and Nirmal reunite for their traditional annual Holiday Special episode of breaking down the most significant developments in cloud native from 2024 and sharing predictions for 2025.
This special episode recorded live at KubeCon Salt Lake City last November is with Martin Mao, CEO and co-founder at Chronosphere.We talked about how M3 was foundational to the early history of Chronosphere, and how the ability to leverage M3, which Martin and his co-founder had written while they were still working at Uber. One of the most important aspects of this story is that since M3 is the foundation Chronosphere is built on, the fact that it was developed over four years at Uber while they were still on Uber's payroll meant that when they decided to build a company it allowed them to get to market dramatically faster than would have been possible otherwise. Chronosphere's core platform is a proprietary SaaS product, but still has a significant relationship with two other projects: Perses, which was developed at Chronosphere and donated to the CNCF in 2024; and FluentBit, a CNCF graduated project that was originally developed by Calyptia and became part of Chronosphere when it acquired Calyptia. We talked about: The pros and cons of donating projects to the CNCF, from both the perspectives of the company creating the project and the interests of the community and project itselfWhy Chronosphere's core platform isn't open source itselfHow a company can end up getting financial advantages from being the stewards of large open source community, even if the connection doesn't always seem obviousHow product roadmaps are managed for the two projects versus how it's managed for Chronosphere's proprietary products. If you're building a company around an open source project and aren't sure how to manage the relationship between the project and product, you might want to work with me or come to Open Source Founders Summit this May.
In this episode, Wesley, PJ, and Jason take the opportunity to talk about a new phenomenon - The DevRel Foundation from the Linux Foundation. Learn how folks have gotten involved, what the Foundation intends to do, and how you can share your voice. Topics Discussed: Introduction to the DevRel Foundation: The episode explores the new DevRel Foundation, an initiative under the Linux Foundation, created to address challenges in Developer Relations (DevRel). Wesley Faulkner introduces the foundation, noting that its purpose is to be a nonpartisan hub for discussions about DevRel and to provide resources for defining the profession and its practices. Foundational Goals: The DevRel Foundation aims to address key challenges within DevRel, including defining the role, measuring its impact, and rolling out successful DevRel programs. It seeks to aggregate existing knowledge and create a space for new insights. Wesley discusses his role in the steering committee and mentions the ongoing process of recruiting champions for various topics within DevRel to drive these discussions forward. Open Participation and Community Engagement: The foundation is described as a participative effort, where everyone from managers to community members can contribute. This is highlighted as an important distinction from more passive feedback mechanisms (like town halls). Wesley outlines the process, emphasizing that the foundation is open to diverse perspectives, and all contributions will be available for collaboration through platforms like GitHub and Discord. Challenges of Defining DevRel: A major challenge discussed is the diversity of how DevRel is implemented across different organizations (e.g., startups, enterprises, nonprofits). Wesley talks about the need for an inclusive approach that doesn't exclude any perspectives while ensuring practical outcomes. Jason Hand asks about how the foundation plans to handle these varied implementations, suggesting that a “one-size-fits-all” approach may not work. The Role of the Linux Foundation: The Linux Foundation's role is explained as crucial in providing structure, governance, and logistical support for the foundation. The Linux Foundation's history with supporting open-source projects and fostering community-driven initiatives is seen as a key advantage. Real-World Impact and Job Descriptions: Jason Hand discusses the problem of inconsistent DevRel job descriptions in the industry, which often blur the lines between roles like developer advocate, customer success, and sales engineering. The foundation's work could help standardize expectations for DevRel roles across organizations. The episode touches on how a clearer definition of DevRel could assist job seekers and hiring managers in aligning roles more effectively. Future of the DevRel Foundation: The foundation is still in its early stages, and Wesley emphasizes that while there's hope for the project, it will take time to make significant progress. They encourage participation in calls, Discord, and GitHub to stay updated and contribute. Key Takeaways: - The DevRel Foundation seeks to unify and provide structure to the diverse, evolving field of Developer Relations. Inclusive participation is at the core of the foundation's mission, aiming to gather input from all sectors of the community. - The foundation is driven by volunteer work and community passion, with the support of the Linux Foundation's structure and resources. - GitHub and Discord are key platforms for collaboration, ensuring that community voices are heard and that contributions are open for review and iteration. - The foundation's work will eventually help provide clarity in DevRel role definitions, benefiting both organizations and professionals in the field. Action Items: - Join the DevRel Foundation: Individuals can join calls, participate in discussions, or contribute to the work via GitHub and Discord. - Become a Champion: The foundation is actively seeking managers to lead specific topics within DevRel. - Stay Informed: Engage with the monthly updates and open calls to follow the foundation's progress. Key Words and Themes: DevRel Foundation Developer Relations (DevRel) Linux Foundation Open Participation Inclusive Governance Community-Driven Initiatives Job Descriptions in DevRel GitHub and Discord Collaboration Nonprofit Organization Volunteer-Driven Transcript [00:00:00] PJ Haggerty: Hey everybody. And welcome to another episode of Community Pulse. We're super excited to have you. [00:00:04] PJ Haggerty: This week we decided we would take a look at a new phenomenon, the DevRel Foundation, the Developer Relations Foundation from our friends at the Linux Foundation. [00:00:12] PJ Haggerty: Some of you are probably already aware of it. Some of you are probably in the discord chat. Some people might not know about it at all. So we want to take this opportunity to share some information about it and see what we could find out and how we felt about it. So with that, I am joined by, of course, Jason Hand and Wesley Faulkner. Wesley, you've been doing a lot of work with the DevRel foundation as far as like looking at, working models and how people can actually get things done within the foundation. [00:00:37] PJ Haggerty: So do you want to kick us off and give us a description of what's going on? [00:00:41] Wesley Faulkner: Yes. Let me lay a little bit of the groundwork to understand my involvement and how. So I'm part of the steering committee. There's five of us in total. And I am the newest member of that five person steering committee. [00:00:55] Wesley Faulkner: I've been part of the DevRel foundation since June of this year. [00:01:00] And the foundations, the start of it had, I think, started way before that even before the beginning of the year. And the involvement with the Linux foundation happens like I think in around the February timeframe. And so the thought is that there are Certain types of challenges that are unique to people in dev rel defining what we do is one of them that I think is something that people are familiar with, but others that have been lingering around about how do you measure dev rel and like adequately, like, how do you plan for the future and how do you roll out a developer relations program? [00:01:35] Wesley Faulkner: Those are like the broad strokes of it. So the thought of the Dev Rel foundation is to be a nonpartisan home for these types of discussions. And we are currently set up as the steering committee, as people who are trying to facilitate those conversations, give structure and processing of what timeline we should have these conversations and be helped, like [00:02:00] with the being a home to people to find this, Information once we have it all created and to be a repository for a lot of existing knowledge, but also allow the connection tissue to create new knowledge that is not there right now. [00:02:16] Wesley Faulkner: So that's like the whole arc of it. Depending on when you're listening to this podcast, we are currently enrolling people to take on and champion these specific areas of topics. Here are the lists that we've aggregated from the community of the challenges. [00:02:33] Wesley Faulkner: And we're looking for managers to say I want to champion that and run it to ground to make sure that we actually have things defined to help us all as dev or all practitioners. [00:02:43] PJ Haggerty: And I want to zero in because I think that some people I was in the initial meeting kickoff thing that happened back in June and there was a concern and it was oh, this is a town hall, not really a feedback thing, but more of a town hall where we'll come and tell you what we think is [00:03:00] good and you can come and tell us if you don't think it's good. [00:03:03] PJ Haggerty: But what it really is is a participative activity. Not everybody wants to, and that's okay. But the idea is really behind let's put together a compendium of knowledge about what we do and put that so that when people reference it, they can easily say, this is the way it works. [00:03:22] PJ Haggerty: It's a constantly moving organic body. It's similar to software. There is nothing done on this. Would that, do you think that's accurate? Great. [00:03:31] Wesley Faulkner: Yeah, I think that initially I was on that initial feedback preview call as well. And that session, I think, raised a lot of awareness about how developed the thought was of where things were going to go and how open to input. [00:03:47] Wesley Faulkner: The foundation was to the community and letting the community shape the direction and the focus of the foundation. And I think to its credit, the foundation has taken a lot of that into heart. [00:04:00] And I think that's when I joined actually because of that call or after that call. A lot of the work that I've done, at least on the initial side, was finding a way to make sure that the community's voice is heard. [00:04:12] Wesley Faulkner: And then once we get all of this feedback, how do we actually act on it? Because it feels like if you think about the possibilities, the developer relations, there's just so much out there. How do we choose which ones that we're going to help move forward? And I devised or helped with the rest of the people in the steering committee and other feedback. [00:04:31] Wesley Faulkner: From people like you, PJ, about how we address the needs of the community in a way that doesn't feel exclusionary. [00:04:39] PJ Haggerty: Think exclusionary is the word you're looking for. Yeah. [00:04:40] Wesley Faulkner: And also how do we actually be productive to actually move forward instead of having constant discussions all the time and where do we actually make sure that it was the right time to do action? [00:04:52] Jason Hand: Wesley, I got a question. I feel like a lot of our episodes, we generally take a stance on [00:05:00] when it comes to implementing certain things that it just depends on the situation of the organization, the team, the objectives of the org that they're in, there's always just like so many dependencies and variables that go into an implementation of things to take a stance on, how certain aspects or certain elements of developer relations Has found success. [00:05:23] Jason Hand: I'm wondering if there's plans or if there's been any discussion on including lots of different implementation scenarios rather than trying to be one single source of truth, because I feel like that's probably going to be some pushback and going to be some feedback that maybe we hear from this type of organization or foundation, of what goals do we have about putting into concrete terms what. [00:05:48] Jason Hand: developer relations is or isn't when we know that there's just so many ways to do it, Startups are going to do it one way enterprise is going to do it a different One part of the world's going to do it in one way [00:06:00] versus others so Anyway, just curious what your thoughts are on that [00:06:04] Wesley Faulkner: Yeah, there's different verticals, like there's regulated industries like fintech, there are different areas like nonprofit work and open source software as opposed to closed source software. [00:06:14] Wesley Faulkner: Then there is developer first, and then there's developer plus then you mentioned different languages, but there's also different geos and there's also different access to technologies, like parts of the developing world where steady connected electricity and internet is not something that's. [00:06:31] Wesley Faulkner: So there's many different facets. So the answer is, we are trying to be as inclusive as possible by making sure that people have the opportunity to put forth their specific concern. At the same time, we are requiring that as groups are formed around these topics, that there are at least three managers. [00:06:56] Wesley Faulkner: To each of these topics to make sure that there's not [00:07:00] one perspective that's running the show. And then each of these topics, the managers need to recruit at least eight participants. This is to increase the diversity and the different ways that people see things and to make sure that these edge cases or main cases are incorporated into the final result. [00:07:20] Wesley Faulkner: And last, but not least, this is supposed to be an iterative process. So whatever the group Creates, it will be posted to GitHub and you can, and everyone and anyone can put in pull requests so that their voices are heard and their perspectives are also taken into account. [00:07:39] PJ Haggerty: And you're saying all this and for those of you who are listening to the audio and saying, wow, Wesley really has this down. [00:07:44] PJ Haggerty: Wesley has very much structured this and put it into a GitHub document for people to interact with and understand. And I think this that allayed a lot of my concerns when this first came up, because I was like, is this an exercise in student government where the most popular kids [00:08:00] will be voted into their positions of power. [00:08:01] PJ Haggerty: And everyone else will just sit by the wayside with no voice. And Wesley was very careful to design a way in which that wasn't. I think one of the, one of the things that I liked the most about the structure of this, and we'll add the link to the GitHub and the show notes, but one of the things that I really enjoyed about the structure of this was that anyone who is a manager for only a certain period of time. [00:08:24] PJ Haggerty: This isn't a situation where you are, to use the term, they often use an open source project. You're a benevolent dictator for life. Which is that, that's your Linus's and Your David Heinemeyer Handwritten. It's great that you create this thing. [00:08:37] PJ Haggerty: Please let other people as it evolves, take it over. And that's baked into the design. And I feel like we're laying a lot on Wesley here. And I think that there's varying differences between what even the people on this podcast are doing as far as level of participation. [00:08:51] PJ Haggerty: Like I'm a passive participant. I've been watching what's going on, participating in the discord. Talking to some people about some things, but I'm not a manager. [00:09:00] Wesley's a part of the steering committee. Mary had, is that some of those initial meetings are taking a step back due to some busy work related things. [00:09:07] PJ Haggerty: And Jason, are you in the collective? Are you in the discussion or are you just an external passive observer at this point in time?. [00:09:16] Jason Hand: Definitely a passive observer. I think, just through knowing Wesley and the conversations we have here and there I may be a little closer tHand others in terms of just, when I started hearing about it. [00:09:27] Jason Hand: But yeah, at this point I'm not involved. Other than, like I said, just conversations I've had with Wesley. But definitely curious to learn more about what's going on with it. And I quite honestly, I don't have a lot of depth in knowledge around any of the Linux foundations or any just foundations in general. [00:09:45] Jason Hand: And I don't know if Wesley, if that's something you can dig a little deeper into, like what would somebody who has no knowledge of what the Linux Foundation is and any of the offshoots of that, like what are the core benefits? [00:09:57] Wesley Faulkner: I gotta say that there's something that I have to [00:10:00] say about the Linox Foundation in general is that the foundation is an umbrella of other open source projects. So Linux itself is a Linux Foundation project. Git. Is a Linux foundation project. And there's several other Valky is also big and new and it was just launched at the open source summit. [00:10:21] Wesley Faulkner: In September. [00:10:23] PJ Haggerty: Don't forget about that. Dang Kubernetes that people keep talking about. The kids are all under the coop. Yep. CNCF is [00:10:28] Wesley Faulkner: underneath. Yep. The CNCF is under the Linux foundation. Those projects that you know, and love have come under that same umbrella. [00:10:36] Wesley Faulkner: But I have to say the dev rel foundation is different tHand any of those are in all of the other projects because that this feels more of, A governance body or like a list of documents and not necessarily focused on code and making a product from that standpoint, which I think is a little bit different. [00:10:58] Wesley Faulkner: And the question is [00:11:00] why the Linux foundation, and we have a lot of these addressed in our FAQ, if you go to the But for my take that we wanted a place in a home. That was nonpartisan, meaning like it's not owned by a company or someone with specific interests. One that has a history of supporting software and open source processes and making sure it's community like the way that we come to decisions is open to the community and the community can participate [00:11:32] Wesley Faulkner: I can't think of any that checks all of the boxes. So it's part of the Linux Foundation because it is one that does already have a reputation. They are giving us resources and supporting us from a process standpoint. And it allows us to have access to other projects and maintainers and people who've been doing this way longer tHand we have. [00:11:55] Wesley Faulkner: And so being under that umbrella also gives us that connection and [00:12:00] of the siblings who are also in the project. But also just to make sure that it is noted that we are unfunded product projects under the Linux foundation. So we were not trying to make money. No, one's giving us money. [00:12:14] Wesley Faulkner: It's just right now it's all community and volunteer work. That's in the found formation of this foundation. So it's our passions that are driving it. So if there are better suggestions, we are open to hear it. But right now the Linux Foundation sounds like a really good choice and they've been an excellent partner for us. [00:12:36] Wesley Faulkner: Without her support and her guidance and her doing the intros and her doing a lot of the heavy lifting I think we wouldn't have gotten as far as we have right now. [00:12:47] PJ Haggerty: I think it's interesting you mention that because I know that organically around I had been talking for a couple years with people. Wesley, you and I had a conversation that I think is now two and a half years ago about putting together some sort [00:13:00] governance document, some sort of something to say, this is DevRel. [00:13:05] PJ Haggerty: This is the way it worked. This is, giving some sort of guideline to what this all means. I think that some people might be like the Linux foundation eyebrows raised what's going on here at the same time, I think, without having that logistical support, if not the organizational support, this may never have come off because so many people were working in so many small working groups, but not really getting anywhere because they couldn't figure out that logistical component, like how do we do this and not exclude people? [00:13:32] PJ Haggerty: How do we do this and ensure that we have the good mindshare and the diverse mindshare that we need to actually share this information. These are questions that luckily the Linux foundation has answered before, and therefore they can answer it for this. [00:13:49] Wesley Faulkner: Yeah. I got to say that there's been a lot of reaction to the Linux foundation. [00:13:52] Wesley Faulkner: And even just the DevRel foundation. Let's just talk it from there about one saying, why do we need this? That's one of the feedbacks that we've gotten. The [00:14:00] other is, this is amazing. I, this is, I'm so excited. And then I think what Jason also said is that. I'm going to wait and see, so will we, will this have legs? [00:14:11] Wesley Faulkner: Will this keep going? Will this actually produce anything? Will this make a change? And when we were working on our little project back then, Jason PJ it was, some of the conversations were just like, why are we the two people? Or what, why are we the ones to be able to hold this torch and I think the Linux foundation kind of answers some of those questions in terms of it, are we a trusted organization or who legitimizes us for being a person that could have a voice? [00:14:43] Jason Hand: So one more thing I wanted to touch on because I do see a lot of benefits that can come and clearly there's, great examples from the Linux Foundation of success and how this kind of community effort. Can come together and really help in a lot of ways, but a concrete way that I think really [00:15:00] stands out to me that could help for a lot of those folks who are either new to developer relations or in community in general, or maybe they're out on the market looking for new roles because we do hear so much of a variety in terms of what DevRel can look like. [00:15:15] Jason Hand: And you see it like on new job postings where one company is looking for. With a title as a developer relations professional or some variation of that, but then looking through the description, it looks like it's going to include some roles and responsibilities that have traditionally not aligned with developer relations. [00:15:32] Jason Hand: Oftentimes there's just so much variance in terms of what DevRel roles could look like, but this might actually help. Narrow that a little bit and make it easier for both those who are looking to fill roles and those who are looking to find new roles. We're all speaking the same language on what the expectations are here. [00:15:51] PJ Haggerty: Yeah. There's that centralization concept of, maybe if we can define and say, this is what DevRel looks like, then [00:16:00] maybe the hiring managers and the people at LinkedIn and indeed, and what have you, is Monster.com still a thing? I don't think Monster.com is still a thing. [00:16:07] PJ Haggerty: But maybe the people who are in charge of all of this hiring and doing all these things, maybe they can finally have a good definition to understand that maybe you're not looking for a developer advocate or a developer relations specialist, maybe you're actually looking for someone in marketing. [00:16:24] PJ Haggerty: Maybe you're actually looking for a sales engineer. Who's technically minded, but they're to speak to onboard clients. Maybe you're even looking for customer success. Because like you said, Jason, I've looked at a lot of these job descriptions, especially over here that I was unemployed. [00:16:39] PJ Haggerty: And a lot of these people do not understand that their questions that they're asking or that the positions they're describing are not developer relations positions, but. The buzzwords here. So let's go with what we got. [00:16:52] Wesley Faulkner: And also to be frank, these questions have been answered and probably it's been answered multiple [00:17:00] times by different people and everyone who's been in DevRel for a very long time can see and read these and say, that's actually valid. [00:17:09] Wesley Faulkner: Someone who's brand new may not have that ability to distinguish what is. Actually something that makes sense. I think the DevRel foundation will help those new people to be able to do some of that work for them. [00:17:21] Wesley Faulkner: Not necessarily have to create all this new documentation and resources, but aggregating some of the things that are out there that is really good, high quality work that we can help with bringing them into the fold and allowing people to use us as a central point to jump off and find these other resources. [00:17:38] PJ Haggerty: Yeah, that's awesome. And I think that I'm looking forward to seeing what comes out of it. People should not have an expectation. Let's set some boundaries here. People should not have an expectation that like come January one, the dev rel foundation is about to drop the hottest mixtape you've ever heard about dev rel. [00:17:54] PJ Haggerty: These things are going to take time. Yes, we have hope, but hope takes work. [00:17:59] Wesley Faulkner: [00:18:00] And 1 of the things that we're asking or requiring for all these groups that form is that they give at least a monthly update on 1 of our open calls and open meetings that we do every week. [00:18:10] Wesley Faulkner: If you want to stay abreast about the progress take a look in at. Our GitHub and look at what the process we're working and fostering. And also just, if you have input jump into one of these calls and just talk to the people who are championing these directly. [00:18:26] PJ Haggerty: Or at the very least jump in the discord and see what the conversation is. [00:18:29] PJ Haggerty: Yep. I think there's a lot of good conversation going on over there as well. And with that, thank you for giving us space to talk about this. Enjoy the podcast? Please take a few moments to leave us a review on iTunes (https://itunes.apple.com/us/podcast/community-pulse/id1218368182?mt=2) and follow us on Spotify (https://open.spotify.com/show/3I7g5W9fMSgpWu38zZMjet?si=eb528c7de12b4d7a&nd=1&dlsi=b0c85248dabc48ce), or leave a review on one of the other many podcasting sites that we're on! Your support means a lot to us and helps us continue to produce episodes every month. Like all things Community, this too takes a village. Artwork photo by Ramin Khatibi on Unsplash.
How is agentic AI reshaping cloud security and what does the future hold for this transformative technology? In today's episode of Tech Talks Daily, I sit down with Loris Degioanni, the founder and CTO of Sysdig, to explore how agentic AI is driving innovation in cloud security. As the creator of Sysdig and the CNCF runtime security tool Falco, Loris brings a wealth of expertise to the conversation, having also been a key contributor to the widely-used open-source network analyzer, Wireshark. We discuss how Sysdig has pioneered the first AI-powered cloud security tool using agentic AI. This groundbreaking approach enables AI agents to function as domain-specific experts, working collaboratively to provide rapid threat detection—reducing response times to under 10 minutes in cloud environments where speed is critical. Loris shares insights into the cultural and technological factors fueling the rise of agentic AI and its potential to revolutionize cybersecurity. The conversation also delves into the promises and pitfalls of agentic AI, such as its ability to handle complex tasks in a way that mimics human teams, alongside challenges like latency and cost. Loris highlights how open-source tools like Falco and Sysdig play a crucial role in advancing AI by making domain-specific knowledge publicly accessible, empowering the broader developer community to optimize AI capabilities. Looking ahead, we explore the future of AI in enterprise and cloud security, including predictions about how conversational interfaces and agentic AI architectures will redefine how businesses interact with and manage security tools. Whether you're curious about the evolution of AI in cybersecurity or interested in learning how Sysdig is leveraging this innovation to address today's challenges, this episode offers a fascinating glimpse into the intersection of technology and security. What are your thoughts on the role of agentic AI in shaping the future of cybersecurity? Join the discussion and share your perspective!
In this special year-end episode of OpenObservability Talks, we are thrilled to host Charity Majors, co-founder and CTO of Honeycomb, for an insightful conversation on the state of observability. Charity and our host Horovits recently delivered keynotes at Open Source Observability Day, which sparked fascinating discussions on the evolution of open observability and its impact on the broader industry. Together, they run a 2024 yearly postmortem on the key insights and trends, exploring what the observability community and industry have accomplished this year. Looking ahead, they also discuss what's on the horizon for observability in 2025 and beyond. Charity Majors pioneered the concept of modern Observability, drawing on her years of experience building and managing massive distributed systems at Parse (acquired by Facebook), Facebook, and Linden Lab building Second Life. She is the co-author of Observability Engineering and Database Reliability Engineering (O'Reilly). Join us for this fireside chat as we wrap up the year with the influential voices in observability. The episode was live-streamed on 9 December 2024 and the video is available at https://www.youtube.com/watch?v=D7ssNKAmYMs You can read the recap post at https://medium.com/p/94f80fff77e8/ OpenObservability Talks episodes are released monthly, on the last Thursday of each month and are available for listening on your favorite podcast app and on YouTube. We live-stream the episodes on Twitch and YouTube Live - tune in to see us live, and chime in with your comments and questions on the live chat. https://www.youtube.com/@openobservabilitytalks https://www.twitch.tv/openobservability Show Notes: 00:00 - intro 01:51 - major observability trends of 2024 05:14 - OpenTelemetry trends 07:50 - Observability 2.0 14:45 - AI for DevOps and Observability 27:02 - Platform engineering 36:37 - observability query and data analytics 43:40 - observability for business insights 46:53 - how to start observability in Greenfield projects 50:15 - additional use cases for observability 54:11 - controlling cost of observability 58:47 - outro Resources: Practitioner's guide to wide events: https://jeremymorrell.dev/blog/a-practitioners-guide-to-wide-events/ Charity Major's blog on Observability 2.0: https://www.honeycomb.io/blog/time-to-version-observability-signs-point-to-yes Observability Is A Data Analytics Problem: https://insideainews.com/2022/04/07/observability-is-a-data-analytics-problem/ Platform as a Product survey by the CNCF: https://www.linkedin.com/feed/update/urn:li:share:7267977952242397185/ SaaS observability: https://medium.com/p/b2db276305b2 Expensive Metrics: Why Your Monitoring Data and Bill Get Out Of Hand: https://medium.com/p/e5724619e3f1 Sampling best practices: https://logz.io/learn/sampling-in-distributed-tracing-guide/ Socials: Twitter: https://twitter.com/OpenObserv YouTube: https://www.youtube.com/@openobservabilitytalks Dotan Horovits ============ Twitter: @horovits LinkedIn: www.linkedin.com/in/horovits Mastodon: @horovits@fosstodon BlueSky: @horovits.bsky.social Charity Majors ============ Twitter: https://x.com/mipsytipsy LinkedIn: https://www.linkedin.com/in/charity-majors Mastodon: @mipsytipsy@hachyderm.io BlueSky: https://bsky.app/profile/mipsytipsy.bsky.social
Recebemos uma convidada incrível: uma embaixadora oficial da Cloud Native Computing Foundation (CNCF)! Vamos conhecer sua trajetória, desde os primeiros passos na tecnologia até se tornar referência na comunidade cloud native. Descubra o que é a CNCF, sua contribuição para ferramentas como Kubernetes e Prometheus, e como esses projetos estão moldando o futuro da tecnologia. Além disso, discutimos a importância de participar de comunidades: como elas ajudam a impulsionar carreiras, criar conexões valiosas e acompanhar as últimas tendências do mercado. Edição completa por Rádiofobia Podcast e Multimídia: https://radiofobia.com.br/ --- Nos siga no Twitter e no Instagram: @luizalabs @cabecadelab Dúvidas, cabeçadas e sugestões, mande e-mail para o cabecadelab@luizalabs.com ou uma DM no Instagram Participantes: YOHAN RODRIGUES | https://www.linkedin.com/in/yohan-rodrigues/ NATÁLIA GRANATO | https://www.linkedin.com/in/nataliagranato https://www.nataliagranato.xyzhttps://github.com/nataliagranato
Jetstack's cert-manager, a leading open-source project in Kubernetes certificate management, began as a job interview challenge. Co-founder Matt Barker recalls asking a prospective engineer to automate Let's Encrypt within Kubernetes. By Monday, the candidate had created kube-lego, which evolved into cert-manager, now downloaded over 500 million times monthly.Cert-manager's journey to CNCF graduation, achieved in September, began with its donation to the foundation four years ago. Relaunched as cert-manager, the project grew under engineer James Munnelly, becoming the de facto standard for certificate lifecycle management. The thriving community and ecosystem around cert-manager highlighted its suitability for CNCF stewardship. However, maintainers, including Ashley Davis, noted challenges in navigating differing opinions within its vast user base.With graduation achieved, cert-manager's roadmap includes sub-projects like trust-manager, addressing TLS trust bundle management and Istio integration. Barker aims to streamline enterprise-scale deployments and educate security teams on cert-manager's impact. Cert-manager has become integral to cloud-native workflows, promising to simplify hybrid, multicloud, and edge deployments.Learn more from The New Stack about cert-manager:Jetstack's cert-manager Joins the CNCF Sandbox of Cloud Native TechnologiesJetstack Secure Promises to Ease Kubernetes TLS SecurityJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.
It's that time of the year… Aaron and Brian answer emails and questions for the second half of the year.SHOW: 882SHOW TRANSCRIPT: The Cloudcast #882 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST: "CLOUDCAST BASICS"SHOW NOTES:Question 1 - There was a lot of talk about Broadcom's changes to VMware at the beginning of the year, but not as much since then. What's going on in the world of virtualization?Question 2 - Both of you have talked about working remotely for quite a while. What's your take on RTO mandates? Any suggestions for remote workers? Question 3 - Have either of you found any valuable uses of AI in your day-to-day job? Question 4 - Now that the US elections are over, how do you expect the US Gov't to be involved with the tech industry (anti-trust, CHIPS ACT, AI regulation, etc..)Question 5 - AI models and GPUs seem to get all the attention in the news. Are there other areas of AI that you think are really important but aren't getting much attention right now?Question 6 - Are cloud skills still considered valuable? Do certifications matter anymore? Question 7 - What's going on in the open source communities like the CNCF? Question 8 - What surprised you the most this year?FEEDBACK?Email: show at the cloudcast dot netBluesky: @cloudcastpod.bsky.socialTwitter/X: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod
The tech industry faces a paradox: despite high demand for skills, many developers and engineers are unemployed. At KubeCon + CloudNativeCon North America in Salt Lake City, Utah, Andela and the Cloud Native Computing Foundation (CNCF) announced an initiative to train 20,000 technologists in cloud native computing over the next decade. oss O'neill, Senior Program Manager at Andela and Chris Aniszczyk, CNCF's CTO, highlighted the lack of Kubernetes-certified professionals in regions like Africa and emphasized the need for global inclusivity to make cloud native technology ubiquitous.Andela, operating in over 135 countries and founded in Nigeria, views this program as a continuation of its mission to upskill African talent, aligning with its partnerships with tech giants like Google, AWS, and Nvidia. This initiative also addresses the increasing employer demand for Kubernetes and modern cloud skills, reflecting a broader skills mismatch in the tech workforce.Aniszczyk noted that companies urgently seek expertise in cloud native infrastructure, observability, and platform engineering. The partnership aims to bridge these gaps, offering opportunities to meet evolving global tech needs.Learn more from The New Stack about developer talent, skills and needs: Top Developer Skills for AI and Cloud Jobs5 Software Development Skills AI Will Render ObsoleteCloud Native Skill Gaps are Killing Your GainsJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.
In this Telemetry News Now episode, Phil, Justin, and Leon discuss the launch of the CNCF's OpenTelemetry certification, security concerns after recent damages in the Baltic Sea, Cisco's partnership with NTT DATA to enhance global 5G connectivity, and Arista Networks' growth driven by AI data centers. And as always, we end with a quick recap of important upcoming events.
KubeCon North America 2024 took place in Salt Lake City, Utah on Nov 12-15. We interviewed people on the show floor to gather their impressions of the event, what they learned and what they want to see in the future. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week Cert-manager is a CNCF graduate project Dapr is a CNCF Graduated project Dapr episode on the Kubernetes Podcast Istio 1.24 release. Ambient Mesh GA Cloud Native Heroes Challenge CNCF Flagship events for 2025 New Cloud Native Certifications Kubernetes certifications prices increase in 2025 wasmCloud is a CNCF incubated project SpectroCloud $75 million Series C funding Solo.io donates Gloo API Gateway to the CNCF Links from the interview Guests: Rajas Kakodkar Jeremy Rickard Rey Lejano Jimmy Zelinskie Frederic Branczyk Lucy Sweet Sreekaran Srinath Joe Thompson Tag runtime SIG Security SIG Docs WG LTS The Maintainer Monologues - Sarah Christoff, Jason Hall, Scott Rigby, Karen Chu & Ryan Nowak Expanding the Capabilities of Kubernetes Access Control - Jimmy Zelinskie & Lucas Käldström
This week, we cover Netflix's streaming hiccups, cloud earnings updates, Red Hat's CNCF donations, and the potential sale of Chrome. Plus, a few thoughts on parenting. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=7qe9xOqN-Lk) 494 (https://www.youtube.com/watch?v=7qe9xOqN-Lk) Runner-up Titles The dog peed on it. Jamin's favorite Excel macros. Change up the noodles. 0.7 good tips there The tiniest of rebellions Win one for the stockholders Candor A datacenter with a gift shop. VP of Cables has cucumber water with VP of Monitors. You can't open source a monitor. Rundown Netflix Netflix's Boxing Event, Customer Acquisition vs. Churn Mitigation, Accounting for Events (https://stratechery.com/2024/netflixs-boxing-event-customer-acquisition-vs-churn-mitigation-accounting-for-events/?access_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InN0cmF0ZWNoZXJ5LnBhc3Nwb3J0Lm9ubGluZSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJzdHJhdGVjaGVyeS5wYXNzcG9ydC5vbmxpbmUiLCJhenAiOiJIS0xjUzREd1Nod1AyWURLYmZQV00xIiwiZW50Ijp7InVyaSI6WyJodHRwczovL3N0cmF0ZWNoZXJ5LmNvbS8yMDI0L25ldGZsaXhzLWJveGluZy1ldmVudC1jdXN0b21lci1hY3F1aXNpdGlvbi12cy1jaHVybi1taXRpZ2F0aW9uLWFjY291bnRpbmctZm9yLWV2ZW50cy8iXX0sImV4cCI6MTczNDYxMzIxMiwiaWF0IjoxNzMyMDIxMjEyLCJpc3MiOiJodHRwczovL2FwaS5wYXNzcG9ydC5vbmxpbmUvb2F1dGgiLCJzY29wZSI6ImZlZWQ6cmVhZCBhcnRpY2xlOnJlYWQgYXNzZXQ6cmVhZCBjYXRlZ29yeTpyZWFkIGVudGl0bGVtZW50cyIsInN1YiI6IlRIMzRnVkN5aHhXZ21uQWZ0WEZtdVMiLCJ1c2UiOiJhY2Nlc3MifQ.AyMwbazpm5LR_zhwZiRLStIqxPaGuHbceNMyKVLcX4NNRg24VPow2YD-dCJbLx5RtePzQE87rXOA3LOTlPuRCJ07Z30HjhTordjCFnw8vz2mLtXe-oe4-It-_VoIvCnAutn5g1bP9rvIbWKvVcA0oteGHOEGMuIVZ7YDxghRvj6elT2Pz5fMcrwwjHKC3N5kIrZcxSTZVxFufWHx2FaYh6uelE8aVrzFOp6_VhvusKvvCkLI8rtRJKMyfLGMQRadts_RKnxXUB19eRcJgs1AiLUs2bmuSLUKvudnwpv3EimElaeKHUh9MqUljEGIXe89dgtImlpotzmvU0VKPy9cIg) Disney sets India Cricket Viewership Record for TV, streaming during World Cup (https://www.bmpsportsevents.com/blog-posts/disney-sets-india-cricket-viewership-record-for-tv-streaming-during-world-cup) Netflix Culture (https://jobs.netflix.com/culture) Earnings Amazon Reports Record $15.3 Billion Profit (https://www.nytimes.com/2024/10/31/business/amazon-q3-earnings.html?smid=nytcore-ios-share&referringSource=articleShare) Clouded Judgement 11.1.24 - Amazon, Google, Microsoft & Meta on AI and CapEx (https://cloudedjudgement.substack.com/p/clouded-judgement-11124-amazon-google?utm_source=post-email-title&publication_id=56878&post_id=150968391&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Amazon Earnings, Robotics and Amazon's Expanding 1P Business (https://stratechery.com/2024/amazon-earnings-robotics-and-amazons-expanding-1p-business/?access_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InN0cmF0ZWNoZXJ5LnBhc3Nwb3J0Lm9ubGluZSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJzdHJhdGVjaGVyeS5wYXNzcG9ydC5vbmxpbmUiLCJhenAiOiJIS0xjUzREd1Nod1AyWURLYmZQV00xIiwiZW50Ijp7InVyaSI6WyJodHRwczovL3N0cmF0ZWNoZXJ5LmNvbS8yMDI0L2FtYXpvbi1lYXJuaW5ncy1yb2JvdGljcy1hbmQtYW1hem9ucy1leHBhbmRpbmctMXAtYnVzaW5lc3MvIl19LCJleHAiOjE3MzM5MjMzMjUsImlhdCI6MTczMTMzMTMyNSwiaXNzIjoiaHR0cHM6Ly9hcGkucGFzc3BvcnQub25saW5lL29hdXRoIiwic2NvcGUiOiJmZWVkOnJlYWQgYXJ0aWNsZTpyZWFkIGFzc2V0OnJlYWQgY2F0ZWdvcnk6cmVhZCBlbnRpdGxlbWVudHMiLCJzdWIiOiJUSDM0Z1ZDeWh4V2dtbkFmdFhGbXVTIiwidXNlIjoiYWNjZXNzIn0.HO5sxW0eBQFKsqs38nWX6yVSp9OQh-tJNkNI7Nyib6zZxAbAEMMnfy2dJDBTZ4ZqZBXqfo5VqJhrBPhELzTg2M_rOrDWOaotGl1eqYHpBiPVdxuXBoXN6_ME7fut7d32Hr9FfAol8201Q3n6sOvQ7YBYyCDBJosEelNtWKICsg98WJ01Sd2EuZz-3XtA3gSziu7yhVsKX5cw_6sLtUPyyUwLaOqutRaJfvdhQVynvKmrgyX5OtlU60MmcwXrPWXDcptcesUUyAwzClRNIOIrSrPVvawNL66mJL24oyrbDFgUUJT4yVYHiuylb_JO1otCftQNhGkv0iOft8N0NPVpfg) Cloud market share shows vendors eyeing a $1T opportunity (https://siliconangle.com/2024/11/16/cloud-market-share-shows-vendors-eyeing-1t-opportunity/) Windows 365 Link is a $349 mini PC that streams Windows from the cloud (https://www.theverge.com/2024/11/19/24299789/microsoft-windows-365-link-device-cloud-pc) Going Open Source Red Hat to Donate Podman Along With Other Container Tools to CNCF (https://cloudnativenow.com/kubecon-cnc-na-2024/red-hat-to-donate-podman-along-with-other-container-tools-to-cncf/) Salesforce's Heroku platform open-sources Twelve Factor project (https://siliconangle.com/2024/11/15/twelve-factor-project-open-source-salesforce-kubecon/) Twelve-Factor App Methodology is now Open Source (https://12factor.net/blog/open-source-announcement) DOJ Will Push Google to Sell off Chrome to Break Search Monopoly (https://www.bloomberg.com/news/articles/2024-11-18/doj-will-push-google-to-sell-off-chrome-to-break-search-monopoly) Relevant to your Interests These are the passwords you definitely shouldn't be using (https://www.theverge.com/2024/11/13/24295543/most-common-passwords-list-2024) Datacenter Anatomy Part 1: Electrical Systems (https://semianalysis.com/2024/10/14/datacenter-anatomy-part-1-electrical/) New Apple security feature reboots iPhones after 3 days, researchers confirm (https://techcrunch.com/2024/11/14/new-apple-security-feature-reboots-iphones-after-3-days-researchers-confirm/) AI companies hit a scaling wall (https://www.platformer.news/openai-google-scaling-laws-anthropic-ai/) Invisible asymptotes — Remains of the Day (https://www.eugenewei.com/blog/2018/5/21/invisible-asymptotes) Clouded Judgement 11.14.24 - Market Tipping to Growth (https://cloudedjudgement.substack.com/p/clouded-judgement-111424-market-tipping) For the first time in 25 years, the number of software engineers dropped (https://x.com/mjovanc/status/1857720025563439295) The CNCF's plan to crowdfight patent trolls (https://www.runtime.news/the-cncfs-plan-to-crowdfight-patent-trolls/?ref=runtime-newsletter) Maybe Bluesky has “won” (https://anderegg.ca/2024/11/15/maybe-bluesky-has-won) Having 30,000 followers makes you a celebrity, UK advertising watchdog rules (https://www.theverge.com/2019/7/4/20682087/instagram-twitter-celebrity-30000-followers-advertising-standards-authority-uk) The Influence of Bell Labs (https://www.construction-physics.com/p/the-influence-of-bell-labs) Leaked Amazon memos identify critical flaws in the upcoming AI version of Alexa (https://fortune.com/2024/11/18/new-ai-alexa-latency-problems-echo-compatibility-uber-opentable/) RIP to RPA: The Rise of Intelligent Automation | Andreessen Horowitz (https://a16z.com/rip-to-rpa-the-rise-of-intelligent-automation/) Twenty is building an open source alternative to Salesforce (https://techcrunch.com/2024/11/18/twenty-is-building-an-open-source-alternative-to-salesforce/) Chips RISC-V — the CPU you didn't know you already have (https://adrianco.medium.com/risc-v-the-cpu-you-didnt-know-you-already-have-ff2f385f7ec6) Arm to Cancel Qualcomm Chip Design License (https://archive.md/FcXRW) The RVA23 profile is now ratified, so RISC-V gets satisfied (https://www.theregister.com/2024/10/23/rva23_profile_ratified/) Intel losses hit $16.6B as restructuring efforts take a toll (https://www.theregister.com/2024/11/01/intel_q3_2024/) Intel Was Just Dropped From the Dow (https://www.fool.com/investing/2024/11/05/intel-dropped-from-dow-djia-history-happen-next/) How much Apple Silicon improves with each release (https://appleinsider.com/articles/24/11/06/generation-gaps-how-much-faster-apple-silicon-gets-with-each-release) Nonsense Bojangles to install ordering kiosks across its system (https://www.restaurantdive.com/news/bojangles-grubbrr-installation-kiosks/732460/) 'Simpsons'-themed broadcast means Bengals-Cowboys won't be flexed (https://www.nytimes.com/athletic/5932410/2024/11/19/bengals-vs-cowboys-mnf-not-flexed-simpsons-alt-cast/?source=user_shared_article) Listener Feedback Deutsche Börse Cloud Exchange AG (https://en.wikipedia.org/wiki/Deutsche_B%C3%B6rse_Cloud_Exchange_AG) LibreLinkUp Status Bar a VS Code extension to display good glucose level in the status bar (https://marketplace.visualstudio.com/items?itemName=borkod.librelinkup-vs-code-extension) Conferences CfgMgmtCamp (https://cfgmgmtcamp.org/ghent2025/), February 2rd to 5th. DevOpsDayLA (https://www.socallinuxexpo.org/scale/22x/events/devopsday-la) at SCALE22x (https://www.socallinuxexpo.org/scale/22x), March 6-9, 2025, discount code DEVOP SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Silo Season 2 (https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwiDr7fyuOmJAxX3Sf8BHXDxOLYYABAAGgJtZA&ae=2&co=1&gclid=Cj0KCQiAi_G5BhDXARIsAN5SX7oulKQPevGaYaSaUDENHbWyKOcMu4Fmlc4iCckvLOeL6efJ5O2cjGwaAhrNEALw_wcB&ohost=www.google.com&cid=CAESVeD2KJUTEM8UiN83N5t9ZLDm6pVzs_bp0Nv22irf8c10iQpHCSaeMICL3a5Z0KW71vqjmjtEZN-nmHWD5NzWkGS6PAdJQ7nzZWHjww4Bd4X7JwFb9yk&sig=AOD64_1o6vDN1m33XOCeIfBmYKhiq2cH7Q&q&adurl&ved=2ahUKEwjckLDyuOmJAxUbw_ACHZelJwUQ0Qx6BAgpEAE) Matt: Followup - Spotify Premium limits audiobooks to 10 hours a month
This week, we cover OpenCost's big incubation milestone, CNCF's graduation rules, and a flurry of tech acquisitions. Plus, some thoughts on teaching kids about passwords. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=nWPR3HLPjfI) 493 (https://www.youtube.com/watch?v=nWPR3HLPjfI) Runner-up Titles Yes, No, Maybe Infinite Password Loop Bring your kids to work day: passwords. Password Talk Escaping characters Stone Cold Steve Austin Don't hire people with pets Eats AWS stuff natively. I compete on my ASCII character set.Stay in the sandbox Enron for cloud purchasing Rundown OpenCost Advances to CNCF Incubation (https://www.opencost.io/blog/cncf-incubation) Episode 492: Aran Khanna on Cloud Insurance (https://www.softwaredefinedtalk.com/492) VMware Reflections from Explore Barcelona and the Challenges of Modern App Delivery (https://news.broadcom.com/app-dev/reflections-from-explore-barcelona-and-the-challenges-of-modern-app-delivery) New SMB subscription may not end VMware migrations (https://arstechnica.com/information-technology/2024/11/new-smb-friendly-subscription-tier-may-be-too-late-to-stop-vmware-migrations/) M&A Apple to Acquire Pixelmator, Maker of Popular Photo-Editing Apps (https://www.bloomberg.com/news/articles/2024-11-01/apple-to-acquire-pixelmator-maker-of-popular-photo-editing-apps?utm_medium=email&utm_source=author_alert&utm_term=241101&utm_campaign=author_19842959) Red Hat acquires AI optimization startup Neural Magic (https://techcrunch.com/2024/11/12/red-hat-acquires-ai-optimization-startup-neural-magic/) IBM's Red Hat Acquisition Will Pay For Itself By Early Next Year (https://www.nextplatform.com/2024/10/24/ibms-red-hat-acquisition-will-pay-for-itself-by-early-next-year/) Snyk Acquires Developer-First DAST Provider Probely (https://www.globenewswire.com/news-release/2024/11/12/2979082/0/en/Snyk-Acquires-Developer-First-DAST-Provider-Probely.html) IBM's Red Hat Acquisition Will Pay For Itself By Early Next Year (https://www.nextplatform.com/2024/10/24/ibms-red-hat-acquisition-will-pay-for-itself-by-early-next-year/) VMware Reflections from Explore Barcelona and the Challenges of Modern App Delivery (https://news.broadcom.com/app-dev/reflections-from-explore-barcelona-and-the-challenges-of-modern-app-delivery) New SMB subscription may not end VMware migrations (https://arstechnica.com/information-technology/2024/11/new-smb-friendly-subscription-tier-may-be-too-late-to-stop-vmware-migrations/) Coté's take on Explore, in last week's Cloud Foundry Weekly (https://www.youtube.com/watch?v=Wkgwl9mKL2Y). RTO Amazon employees are a flight risk after the new return-to-office mandate, research reveals (https://finance.yahoo.com/news/amazon-exec-says-9-10-103742343.html) Remote work reduces child penalties by roughly half (https://x.com/arpitrage/status/1849530101035160031) Read the letter sent to AWS CEO Matt Garman, signed by 500 employees, (https://www.businessinsider.com/amazon-employees-open-letter-aws-ceo-office-return-rto-2024-10) Amazon CEO Andy Jassy denies that 5-day office mandate is a 'backdoor layoff' (https://www.cnbc.com/2024/11/05/amazon-ceo-andy-jassy-5-day-office-mandate-isnt-a-backdoor-layoff.html) Washington Post Employees Ordered Back to Office 5 Days a Week (https://www.nytimes.com/2024/11/07/business/media/washington-post-return-to-office.html?smid=nytcore-ios-share&referringSource=articleShare) Everyone agrees: A shorter workweek is great! (https://thehustle.co/news/everyone-agrees-a-shorter-workweek-is-great) Return-to-office mandates are more than “backdoor layoffs” (https://overcast.fm/+AAQLdtAb8Tc) Relevant to your Interests Google CEO says over 25% of new Google code is generated by AI (https://arstechnica.com/ai/2024/10/google-ceo-says-over-25-of-new-google-code-is-generated-by-ai/) Threads has 275 M Monthly Users (https://www.threads.net/@alexheath/post/DBw02uLSE53?xmt=AQGzqxkKe87WI9ToiqUrcEIU6mxhBohSO8BNX4ve1zqRHQ) Dropbox is laying off 20% of its global workforce (https://www.threads.net/@cnbc/post/DBwYF88uYSr?xmt=AQGz-t_BCEcQFjjZwD05xps9bJGHO7FL25RD1h6JIauuOQ) From IaC to Cloud Management: Pulumi's Evolution Story (https://thenewstack.io/from-iac-to-cloud-management-pulumis-evolution-story/) For Jeff Bezos and his businesses, Washington has become more important (https://www.washingtonpost.com/nation/2024/10/30/bezos-business-federal-government/) Russian court fines Google $2 decillion (https://www.theregister.com/2024/10/29/russian_court_fines_google/) GitHub Next | GitHub Spark (https://githubnext.com/projects/github-spark) The MacBook Air gets a surprise upgrade to 16GB of RAM (https://www.theverge.com/2024/10/30/24282981/apple-macbook-air-m2-m3-16gb-ram-minimum-price-unchanged) Meta says open sourcing Llama models will be a money-saver (https://www.theregister.com/2024/10/31/meta_q3_2024/) Google employees pressure costumed execs at all-hands meeting for clarity on cost cuts (https://www.cnbc.com/2024/11/01/google-employees-pressure-execs-at-all-hands-for-clarity-on-cost-cuts.html) Intel's future laptops will have memory sticks again (https://www.theverge.com/2024/11/1/24285513/intel-ceo-lunar-lake-one-off-memory-package-discrete-gpu) Against Incident Severities and in Favor of Incident Types (https://www.honeycomb.io/blog/against-incident-severities-favor-incident-types) Nintendo Just Launched a Music Streaming App, and It's Surprisingly Good (https://gizmodo.com/nintendo-just-launched-a-music-streaming-app-and-its-surprisingly-good-2000518802) Why The US Military Chose Silicon-Graphene Batteries (https://www.youtube.com/watch?v=l60hjFvj64s) Warren Buffett's GEICO repatriates work from the cloud (https://www.thestack.technology/warren-buffetts-geico-repatriates-work-from-the-cloud-continues-ambitious-infrastructure-overhaul/) Google Confirms Jarvis AI Is Real by Accidentally Leaking It (https://gizmodo.com/google-confirms-jarvis-ai-is-real-by-accidentally-leaking-it-2000521089) Curbside charging is coming to Michigan. (https://www.theverge.com/2024/11/6/24289516/curbside-charging-is-coming-to-michigan) Nintendo says the Switch successor will be compatible with Switch games (https://www.theverge.com/2024/11/5/24284745/switch-2-backward-compatibility-nintendo-online-preservation) Platform vs. DevEx teams: What's the difference? (https://newsletter.getdx.com/p/platform-vs-devex-teams) Why Strava Is a Privacy Risk for the President (and You Too) (https://lifehacker.com/health/stravas-heatmap-privacy-problem) Thunderbolt 5: Only Necessary for the Most Demanding Uses (https://tidbits.com/2024/11/06/thunderbolt-5-only-necessary-for-the-most-demanding-uses/) Guide to Selling Your Company (https://www.onlycfo.io/p/guide-to-selling-your-company) The mystery of Masayoshi Son, SoftBank's great disrupter (https://on.ft.com/3ADujb9) IronCalc (https://www.ironcalc.com/?utm_source=changelog-news) Neptyne is shutting down (https://www.neptyne.com/blog/neptyne-is-shutting-down) OpenAI, Google and Anthropic Are Struggling to Build More Advanced AI (https://www.bloomberg.com/news/articles/2024-11-13/openai-google-and-anthropic-are-struggling-to-build-more-advanced-ai) Matt Mullenweg says Automattic is 'very short-staffed' amid WordPress vs. WP Engine drama (https://techcrunch.com/2024/10/30/matt-mullenweg-says-automattic-is-very-short-staffed-amid-wordpress-vs-wp-engine-drama/) Automattic offered employees another chance to quit — this time with nine months' severance (https://techcrunch.com/2024/10/17/automattic-offered-employees-another-chance-to-quit-this-time-with-nine-months-severance/) Automattic's new site tracks how many websites left WP Engine following feud (https://techcrunch.com/2024/11/07/automattics-new-site-tracks-how-many-websites-left-wp-engine-following-feud-with-matt-mullenweg/) Cloudflare Blocks Automattic's WP Engine Tracker For Phishing (https://www.searchenginejournal.com/cloudflare-blocks-automattics-wp-engine-tracker-for-phishing/532244/) We're leaving Kubernetes - Blog (https://www.gitpod.io/blog/we-are-leaving-kubernetes) Nonsense 'Infinite monkey theorem' challenged by Australian mathematicians (https://www.bbc.com/news/articles/c748kmvwyv9o) Listener Feedback Anova Precision™ Oven 2.0 (https://anovaculinary.com/products/anova-precision-oven?adnet=g&gad_source=1&gbraid=0AAAAADhfRrCJj9bTdq3Z1e0hmcx0uuIQ5&gclid=Cj0KCQiAlsy5BhDeARIsABRc6Zsk_vcmd7dVaCIchSV2jLrJZSMXP3XPo34xTxNMGiCB3cxtJHwzFzIaAob8EALw_wcB) Conferences SREday Amsterdam (https://sreday.com/2024-amsterdam/), Nov 21, 2024, Coté speaking (https://sreday.com/2024-amsterdam/Michael_Cote_VMwarePivotal_We_Fear_Change), 20% off with code SRE20DAY CfgMgmtCamp (https://cfgmgmtcamp.org/ghent2025/), February 2rd to 5th. DevOpsDayLA (https://www.socallinuxexpo.org/scale/22x/events/devopsday-la) at SCALE22x (https://www.socallinuxexpo.org/scale/22x), March 6-9, 2025, discount code DEVOP SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Overcast (https://overcast.fm) features: Queue (https://www.reddit.com/r/OvercastFm/comments/1ehwixl/add_tomove_to_whats_the_difference/) and Uploads (https://thesweetsetup.com/upload-mp3-files-overcast/) Pixelmater Pro (https://www.pixelmator.com/pro/) Matt: Hardcore History: Wrath of the Khans (https://www.dancarlin.com/product/hardcore-history-wrath-of-the-khans-series/) podcast Wiz Ugly Sweaters Giveaway (https://www.linkedin.com/posts/wizsecurity_you-can-get-one-of-our-exclusive-2025-activity-7262464003807887362-fzNY?utm_source=share&utm_medium=member_desktop) Coté: Political Wire (https://politicalwire.com) Photo Credits Header (https://unsplash.com/photos/switched-on-iphone-dk4en2rFOIE) Artwork (https://unsplash.com/photos/person-holding-black-academic-hat-oTglG1D4hRA)
Thank you to the folks at Sustain (https://sustainoss.org/) for providing the hosting account for CHAOSSCast! CHAOSScast – Episode 97 In this episode of CHAOSScast, Harmony Elendu hosts a discussion with Emily Fox from Red Hat and Dawn Foster, the Director of Data Science at CHAOSS. Today, they explore the new Security Practitioner Guide created to help maintainers, who may lack deep security backgrounds, get started with essential security practices. Emily and Dawn highlight actionable steps, key trends, and simplifications to adopt in maintaining a secure project. They also touch on challenges like vulnerability reporting and the importance of consistent monitoring and updating. Additionally, the guide's flexibility, allowing customization and improvement over time, and the significance of community support are emphasized. Press download now to hear more! [00:02:02] Dawn starts out with providing an overview of CHAOSS Project's Practitioner Guides, which helps newcomers to open source understand key metrics and mentions the current focus on the Security Guide. [00:03:24] Dawn gives us an overview of the Security Practitioner Guide as she describes it as a starting point for maintainers, particularly those without a security background. [00:04:10] Emily emphasizes that many maintainers struggle with starting security practices and shares the two primary security focuses on open source: project security design and repository security. [00:05:38] Harmony notes the importance of project design and patterns, asking about security trends and considerations in open source projects. Dawn mentions the Libyears (dependency freshness) and Release Frequency as key security metrics, and Emily adds that OpenSSF best practices contribute to project quality and maturity. [00:08:32] Harmony asks for insights on how contributors can interpret these metrics. Emily suggests various resources and communities, such as CNCF's tag-security, for maintainers looking to improve security. [00:11:39] Emily discusses common issues with vulnerability reporting and the importance of having a process in place, with community resources available for support. Dawn emphasizes the importance of having basic security policies in place early on in a project and suggests starting out with a simple security.md file to outline how to handle vulnerability reports. [00:15:47] Dawn suggests consulting the Practitioners Guide's “Make Improvements” section, which included adding a security.md file and implementing automation to track outdated dependencies and Emily cautions that metrics are only as effective as their relevance, recommending incremental steps for improvement. [00:18:53] Dawn highlights the importance of the OpenSSF scorecard, which helps both maintainers and OSPOs assess project security. [00:20:29] Emily and Dawn simplify the Practitioner Guides into basic steps and Emily reiterates that projects should define their own security goals and commit to them for consistent improvements. [00:23:56] Harmony emphasizes the importance of documentation for continuity in project security and Dawn reminds us that the Practitioner Guides are MIT-licensed and customizable for different projects. [00:25:11] Dawn and Emily explain where you can ask questions or how to implement things in your project using the Practitioner's Guide. Adds (Picks) of the week: [00:26:55] Dawn's pick is 3D printing and learning how to design new things. [00:28:02] Emily's pick is taking a break from the internet and doing something outside. [00:28:45] Harmony's pick is creating personalized templates to help with document preparation and tasks. Panelists: Harmony Elendu Dawn Foster Guest: Emily Fox Links: CHAOSS (https://chaoss.community/) CHAOSS Project X (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) podcast@chaoss.community (mailto:podcast@chaoss.community) Harmony Elendu X (https://x.com/ogaharmony) Dawn Foster X (https://twitter.com/geekygirldawn?lang=en) Emily Fox LinkedIn (https://www.linkedin.com/in/themoxiefox/) CHAOSS Practitioner Guides (https://chaoss.community/about-chaoss-practitioner-guides/) CHAOSS Practitioner Guide: Security (https://chaoss.community/practitioner-guide-security/) Libyears (https://chaoss.community/kb/metric-libyears/#:~:text=Libyears%20measure%20the%20cumulative%20age,pre%2Drelease%20or%20draft%20versions.) Release Frequency (https://chaoss.community/kb/metric-release-frequency/#:~:text=A%20higher%20frequency%20of%20releases,release%20frequency%20is%20highly%20variable.) Cloud Native Contributors Security Guidelines for New Projects (https://contribute.cncf.io/maintainers/security/security-guidelines/?__hstc=14121576.4fb61b7546863875121fa3925ca0436f.1730700856190.1730700856190.1730744858650.2&__hssc=14121576.1.1730744858650&__hsfp=3331628428) GitHub Docs-Adding a security policy to your repository (https://contribute.cncf.io/maintainers/security/security-guidelines/?__hstc=14121576.4fb61b7546863875121fa3925ca0436f.1730700856190.1730700856190.1730744858650.2&__hssc=14121576.1.1730744858650&__hsfp=3331628428) OpenSSF Scorecard (https://scorecard.dev/) OpenSSF-Source Code Management Platform Configuration Best Practices (https://best.openssf.org/SCM-BestPractices/?__hstc=14121576.4fb61b7546863875121fa3925ca0436f.1730700856190.1730700856190.1730744858650.2&__hssc=14121576.1.1730744858650&__hsfp=3331628428) CNCF tag-security: Self-assessment (https://github.com/cncf/tag-security/blob/main/community/assessments/guide/self-assessment.md) CHAOSScast Podcast-Episode 85: Introducing CHAOSS Practitioner Guides: #1 Responsiveness (https://podcast.chaoss.community/85) CHAOSScast Podcast-Episode 88: Practitioner Guides: #2 Contributor Sustainability (https://podcast.chaoss.community/88) CHAOSScast Podcast-Episode 89: Practitioner Guides: #3 Organizational Participation (https://podcast.chaoss.community/89) CHAOSScast Podcast-Episode 93: Guest Episode-Sustain meets CHAOSScast to talk about Practitioner Guides (https://podcast.chaoss.community/93) Dawn Foster- Maker World (https://makerworld.com/en/@user_3491927221) Special Guest: Emily Fox.
Guests are Avin Regmi and David Xia from Spotify. We spoke to Avin and David about their work building Spotify's Machine Learning Platform, Hendrix. They also specifically talk about how they use Ray to enable inference and batch workloads. Ray was featured on episode 235 of our show, so make sure you check out that episode too. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week IBM acquired Kubecost KubeCon Japan in 2025 Call for Proposals for KubeCon EU 2025 is now open Artifact Hub is a CNCF incubating project OpenMetrics is dead, long live OpenMetrics Kubecolor 0.4.0 Links from the interview Avin Regmi David Xia Hendrix ML Platform Ray on Kubernetes KubeRay Workbench instances Backstage PyTorch Ray Summit 2024 Kueue