Podcasts about cncf

Derek Collison — creator of NATS and Co-founder & CEO of Synadia — joins the show to dive into the origins, design, and evolution of NATS, a high-performance, open-source messaging system built for modern cloud-native systems and part of the CNCF. Derek shares the story behind NATS, what makes it unique, and unpacks the recent tensions between Synadia and the CNCF over the future of the project.

Redis 8, NATS, MCP i dramaty licencyjne czekają w nowym Short #72! Frameworki wspierają Model Context Protocol, a Redis przechodzi na wirusową licencję AGPL. Zespół analizuje kontrowersje NATS vs CNCF. Łukasz krytykuje automatyczne wystawianie endpointów REST jako narzędzi MCP. Szymon prezentuje techniki zarządzania czasem - od Macierzy Eisenhowera po metodę Pomodoro. Prowadzący bezlitośnie punktują błędy w raporcie InfoQ o trendach. Zastanawiasz się, jak uniknąć problemów licencyjnych w swoich projektach? Sprawdź, czy nie używasz wirusowego Redisa! A może warto zastosować technikę 3x3x3 do planowania zadań? Ten odcinek pomoże Ci zoptymalizować czas i uniknąć pato-architektury!   A teraz nie ma co się obijać!

In this episode, Danielle Tal and Thilo Fromm join us to discuss Flatcar Linux. They introduce Flatcar as a Linux operating system designed specifically for containers and Kubernetes workloads, highlighting its automation, self-healing capabilities, and security features. They emphasize how Flatcar simplifies operations for startups and large companies alike by automating OS provisioning and maintenance. We discussed contributor engagement and the project's involvement with the CNCF. They also share intriguing use cases, like a Kubernetes cluster running on a tractor fleet, and stress the importance of community contributions, not just in code but in evangelism and documentation.   00:00 Introduction 01:05 What is Flatcar? 02:01 Flatcar's Automation and Self-Healing Capabilities 04:10 User Experience and Testing 05:06 Ideal Users and Use Cases 10:36 Community and Contributions 13:38 Getting Started with Contributions 16:59 Impact and Future Directions 19:58 Conclusion and Final Thoughts   Guest: Danielle Tal is a Program Manager at Microsoft and an integral part of the team responsible for maintaining Flatcar Container Linux. The team is contributes to Linux OS distributions and Linux Security within Azure and other upstream projects. With a background in supporting diverse enterprise cloud applications as a support engineer, Danielle has transitioned into a management role, overseeing Docker EMEA support before joining the Flatcar team. Thilo Fromm is an engineering manager and works on Community Linux distributions and Linux Security at Azure. Thilo's team helps maintaining Flatcar Container Linux. He has given talks at FOSDEM, FrOSCon, KubeCon, Open Source Summit, Cloud-Native Rejekts, and various meetups like Kubernetes Community Days. Thilo started his career in embedded systems with hardware design and roll-your-own /from scratch embedded Linux, kernel and plumbing level development, and later virtualisation. After working for various cloud providers in engineering and management positions, he went full cloud native in 2019. Nowadays Thilo works on operating systems for cloud-native environments with a special focus on Flatcar Container Linux.  

This week, we unpack what Uber's CEO said, why the CNCF exists, and how companies chase the money. Plus, Coté stands alone in his love for rice cakes. Watch the YouTube Live Recording of Episode 518 (https://www.youtube.com/live/h0RVI_IOZvo?si=tbRl4R8iwhDsLzu7) Runner-up Titles Go feral You've ruined eating for me Cultural tombstone The next step is “I told you so” Culture is what happens when you're not talking about culture. You know, it's terrible to run over someone The robots are just fine Center of Attention Rundown Uber CEO says changing employee benefits 'is a risk we decided to take' (https://www.cnbc.com/2025/05/06/uber-ceo-says-changing-employee-benefits-is-a-risk-we-decided-to-take.html) Waymo is reducing serious crashes and making streets safer for those most at risk (https://waymo.com/blog/2025/05/waymo-making-streets-safer-for-vru) CNCF and Synadia Align on Securing the Future of the NATS.io Project (https://www.cncf.io/announcements/2025/05/01/cncf-and-synadia-align-on-securing-the-future-of-the-nats-io-project/) Oxide and Friends | Shootout at the CNCF Corral (https://oxide-and-friends.transistor.fm/episodes/shootout-at-the-cncf-corral) New D&D core rules are now CC-BY (https://www.dndbeyond.com/srd?srsltid=AfmBOorzpL2Y57RWJ966OdFDTICTiWTAAQL6Dn8FFvcB09HJClZkbWli). ‘Cook chose poorly': how Apple blew up its control over the App Store (https://www.theverge.com/apple/659296/apple-failed-compliance-court-ruling-breakdown) Relevant to your Interests I use Zip Bombs to Protect my Server (https://idiallo.com/blog/zipbomb-protection) "AI-first" is the new Return To Office - Anil Dash (https://www.anildash.com/2025/04/19/ai-first-is-the-new-return-to-office/) Find and Buy with AI: Visa Unveils New Era of Commerce (https://www.businesswire.com/news/home/20250430580204/en/Find-and-Buy-with-AI-Visa-Unveils-New-Era-of-Commerce?utm_source=www.therundown.ai&utm_medium=newsletter&utm_campaign=visa-mastercard-give-ai-credit-cards&_bhlid=3ec615c11c0429835c326dbeaabe5bca0dddaf66) Google dusts off Google Voice and adds three-way calling (https://www.theverge.com/news/659719/google-voice-app-update-call-ui-merge-three-way) Anthropic to Buy Back Employee Shares at $61.5 Billion Valuation (https://www.theinformation.com/articles/anthropic-buy-back-employee-shares-61-5-billion-valuation) IBM unveils capabilities meant to accelerate AI agent adoption (https://siliconangle.com/2025/05/06/ibm-unveils-capabilities-meant-accelerate-ai-agent-adoption/) Getting things "done" in large tech companies (https://www.seangoedecke.com/getting-things-done/) A.I. Is Getting More Powerful, but Its Hallucinations Are Getting Worse (https://www.nytimes.com/2025/05/05/technology/ai-hallucinations-chatgpt-google.html?campaign_id=9&emc=edit_nn_20250505&instance_id=153899&nl=the-morning®i_id=55370892&segment_id=197320&user_id=861fd8fcc0091c6690e3b338636d5995) This NAS brand just called out the competition and says you should own your hardware (https://www.techradar.com/pro/asustor-makes-veiled-dig-at-synologys-proprietary-hard-drive-philosophy-with-open-and-unlocked-stance) Microsoft Earnings, Microsoft's Core Capability, Amazon Earnings (https://stratechery.com/2025/microsoft-earnings-microsofts-core-capability-amazon-earnings/) Amazon beats on top and bottom line but issues light second quarter guidance (https://www.cnbc.com/2025/05/01/amazon-amzn-q1-earnings-report-2025.html) Amazon Takes Aim at Cursor With New AI Coding Service (https://www.theinformation.com/articles/amazon-takes-aim-cursor-new-ai-coding-service) OpenAI caves to pressure, keeps nonprofit in charge (https://www.theregister.com/2025/05/05/openai_keep_nonprofit_in_charge/) OpenAI Reaches Agreement to Buy Startup Windsurf for $3 Billion (https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion) Anysphere, which makes Cursor, has reportedly raised $900M at $9B valuation (https://techcrunch.com/2025/05/04/cursor-is-reportedly-raising-funds-at-9-billion-valuation-from-thrive-a16z-and-accel/) Clouded Judgement 5.2.25 - Cloud Giants Report Q1 '25 (https://open.substack.com/pub/cloudedjudgement/p/clouded-judgement-5225-cloud-giants?r=2l9&utm_medium=ios) Nine Emerging Developer Patterns for the AI Era | Andreessen Horowitz (https://a16z.com/nine-emerging-developer-patterns-for-the-ai-era/?trk=feed_main-feed-card_feed-article-content) Nonsense AI Brings Play-by-Play Commentary To Pong (https://hackaday.com/2025/05/06/ai-brings-play-by-play-commentary-to-pong/) Conferences Fr (https://vmwarereg.fig-street.com/051325-tanzu-workshop/)ee AI workshop (https://vmwarereg.fig-street.com/051325-tanzu-workshop/), May 13th. day before C (https://events.linuxfoundation.org/cloud-foundry-day-north-america/)loud (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) (https://events.linuxfoundation.org/cloud-foundry-day-north-america/)Foundry (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) Day (https://events.linuxfoundation.org/cloud-foundry-day-north-america/). Melbourne Wiz Meet-Up (https://www.wiz.io/events/melbourne-wizdom-meet-up-may-2025), May 13. Matt will be there. Cloud Foundry Day US (https://events.linuxfoundation.org/cloud-foundry-day-north-america/), May 14th, Palo Alto, CA, Coté speaking. KCD Texas Austin 2025 (https://community.cncf.io/events/details/cncf-kcd-texas-presents-kcd-texas-austin-2025/), May 15th, Whitney Lee speaking NDC Oslo (https://ndcoslo.com/), May 21st-23th, Coté speaking. POST/CON 25 (https://fnf.dev/43irTu1), June 3-4, Los Angeles, CA, Brandon representing SDT. Use Code: BRANDON, first 20 people get a free pass SREDay Cologne, June 12th, 2025 (https://sreday.com/2025-cologne-q2/#tickets) - Coté speaking, discount: CLG10, 10% off. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: UniFi Express (https://store.ui.com/us/en/products/ux) , FlexHD (https://store.ui.com/us/en/products/uap-flexhd), U6+ (https://store.ui.com/us/en/products/u6-plus) and US 8 60W (https://store.ui.com/us/en/products/us-8-60w) Matt: Andor (https://www.google.com/aclk?sa=L&ai=DChcSEwi_k_SJq5KNAxVtbn8AHTM9LiAYABAAGgJvYQ&co=1&gclid=CjwKCAjwiezABhBZEiwAEbTPGJm543I3_qXVgfjHny9-ZLEw01E6SYCKzXEqXnLCpru-2Wjkg92ybRoCF8EQAvD_BwE&cce=1&sig=AOD64_1ZVJAYtB5pJD_f0aUN-mZqKPFYXQ&q&adurl&ved=2ahUKEwigq--Jq5KNAxV248kDHbzcLIoQ0Qx6BAgHEAQ) Season 2 (https://www.google.com/aclk?sa=L&ai=DChcSEwi_k_SJq5KNAxVtbn8AHTM9LiAYABAAGgJvYQ&co=1&gclid=CjwKCAjwiezABhBZEiwAEbTPGJm543I3_qXVgfjHny9-ZLEw01E6SYCKzXEqXnLCpru-2Wjkg92ybRoCF8EQAvD_BwE&cce=1&sig=AOD64_1ZVJAYtB5pJD_f0aUN-mZqKPFYXQ&q&adurl&ved=2ahUKEwigq--Jq5KNAxV248kDHbzcLIoQ0Qx6BAgHEAQ) Coté: Batman (https://www.rottentomatoes.com/m/1001781-batman) and Batman Returns (https://www.imdb.com/title/tt0103776/). Photo Credits Header (https://unsplash.com/photos/text-QUQwhUa_B7E)

Gros épisode qui couvre un large spectre de sujets : Java, Scala, Micronaut, NodeJS, l'IA et la compétence des développeurs, le sampling dans les LLMs, les DTO, le vibe coding, les changements chez Broadcom et Red Hat ainsi que plusieurs nouvelles sur les licences open source. Enregistré le 7 mai 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-325.mp3 ou en vidéo sur YouTube. News Langages A l'occasion de JavaOne et du lancement de Java 24, Oracle lance un nouveau site avec des ressources vidéo pour apprendre le langage https://learn.java/ site plutôt à destination des débutants et des enseignants couvre la syntaxe aussi, y compris les ajouts plus récents comme les records ou le pattern matching c'est pas le site le plus trendy du monde. Martin Odersky partage un long article sur l'état de l'écosystème Scala et les évolutions du language https://www.scala-lang.org/blog/2025/03/24/evolving-scala.html Stabilité et besoin d'évolution : Scala maintient sa position (~14ème mondial) avec des bases techniques solides, mais doit évoluer face à la concurrence pour rester pertinent. Axes prioritaires : L'évolution se concentre sur l'amélioration du duo sécurité/convivialité, le polissage du langage (suppression des “rugosités”) et la simplification pour les débutants. Innovation continue : Geler les fonctionnalités est exclu ; l'innovation est clé pour la valeur de Scala. Le langage doit rester généraliste et ne pas se lier à un framework spécifique. Défis et progrès : L'outillage (IDE, outils de build comme sbt, scala-cli, Mill) et la facilité d'apprentissage de l'écosystème sont des points d'attention, avec des améliorations en cours (partenariat pédagogique, plateformes simples). Des strings encore plus rapides ! https://inside.java/2025/05/01/strings-just-got-faster/ Dans JDK 25, la performance de la fonction String::hashCode a été améliorée pour être principalement constant foldable. Cela signifie que si les chaînes de caractères sont utilisées comme clés dans une Map statique et immuable, des gains de performance significatifs sont probables. L'amélioration repose sur l'annotation interne @Stable appliquée au champ privé String.hash. Cette annotation permet à la machine virtuelle de lire la valeur du hash une seule fois et de la considérer comme constante si elle n'est pas la valeur par défaut (zéro). Par conséquent, l'opération String::hashCode peut être remplacée par la valeur de hash connue, optimisant ainsi les lookups dans les Map immuables. Un cas limite est celui où le code de hachage de la chaîne est zéro, auquel cas l'optimisation ne fonctionne pas (par exemple, pour la chaîne vide “”). Bien que l'annotation @Stable soit interne au JDK, un nouveau JEP (JEP 502: Stable Values (Preview)) est en cours de développement pour permettre aux utilisateurs de bénéficier indirectement de fonctionnalités similaires. AtomicHash, une implémentation Java d'une HashMap qui est thread-safe, atomique et non-bloquante https://github.com/arxila/atomichash implémenté sous forme de version immutable de Concurrent Hash Trie Librairies Sortie de Micronaut 4.8.0 https://micronaut.io/2025/04/01/micronaut-framework-4-8-0-released/ Mise à jour de la BOM (Bill of Materials) : La version 4.8.0 met à jour la BOM de la plateforme Micronaut. Améliorations de Micronaut Core : Intégration de Micronaut SourceGen pour la génération interne de métadonnées et d'expressions bytecode. Nombreuses améliorations dans Micronaut SourceGen. Ajout du traçage de l'injection de dépendances pour faciliter le débogage au démarrage et à la création des beans. Nouveau membre definitionType dans l'annotation @Client pour faciliter le partage d'interfaces entre client et serveur. Support de la fusion dans les Bean Mappers via l'annotation @Mapping. Nouvelle liveness probe détectant les threads bloqués (deadlocked) via ThreadMXBean. Intégration Kubernetes améliorée : Mise à jour du client Java Kubernetes vers la version 22.0.1. Ajout du module Micronaut Kubernetes Client OpenAPI, offrant une alternative au client officiel avec moins de dépendances, une configuration unifiée, le support des filtres et la compatibilité Native Image. Introduction d'un nouveau runtime serveur basé sur le serveur HTTP intégré de Java, permettant de créer des applications sans dépendances serveur externes. Ajout dans Micronaut Micrometer d'un module pour instrumenter les sources de données (traces et métriques). Ajout de la condition condition dans l'annotation @MetricOptions pour contrôler l'activation des métriques via une expression. Support des Consul watches dans Micronaut Discovery Client pour détecter les changements de configuration distribuée. Possibilité de générer du code source à partir d'un schéma JSON via les plugins de build (Gradle et Maven). Web Node v24.0.0 passe en version Current: https://nodejs.org/en/blog/release/v24.0.0 Mise à jour du moteur V8 vers la version 13.6 : intégration de nouvelles fonctionnalités JavaScript telles que Float16Array, la gestion explicite des ressources (using), RegExp.escape, WebAssembly Memory64 et Error.isError. npm 11 inclus : améliorations en termes de performance, de sécurité et de compatibilité avec les packages JavaScript modernes. Changement de compilateur pour Windows : abandon de MSVC au profit de ClangCL pour la compilation de Node.js sur Windows. AsyncLocalStorage utilise désormais AsyncContextFrame par défaut : offrant une gestion plus efficace du contexte asynchrone. URLPattern disponible globalement : plus besoin d'importer explicitement cette API pour effectuer des correspondances d'URL. Améliorations du modèle de permissions : le flag expérimental --experimental-permission devient --permission, signalant une stabilité accrue de cette fonctionnalité. Améliorations du test runner : les sous-tests sont désormais attendus automatiquement, simplifiant l'écriture des tests et réduisant les erreurs liées aux promesses non gérées. Intégration d'Undici 7 : amélioration des capacités du client HTTP avec de meilleures performances et un support étendu des fonctionnalités HTTP modernes. Dépréciations et suppressions : Dépréciation de url.parse() au profit de l'API WHATWG URL. Suppression de tls.createSecurePair. Dépréciation de SlowBuffer. Dépréciation de l'instanciation de REPL sans new. Dépréciation de l'utilisation des classes Zlib sans new. Dépréciation du passage de args à spawn et execFile dans child_process. Node.js 24 est actuellement la version “Current” et deviendra une version LTS en octobre 2025. Il est recommandé de tester cette version pour évaluer son impact sur vos applications. Data et Intelligence Artificielle Apprendre à coder reste crucial et l'IA est là pour venir en aide : https://kyrylo.org/software/2025/03/27/learn-to-code-ignore-ai-then-use-ai-to-code-even-better.html Apprendre à coder reste essentiel malgré l'IA. L'IA peut assister la programmation. Une solide base est cruciale pour comprendre et contrôler le code. Cela permet d'éviter la dépendance à l'IA. Cela réduit le risque de remplacement par des outils d'IA accessibles à tous. L'IA est un outil, pas un substitut à la maîtrise des fondamentaux. Super article de Anthropic qui essaie de comprendre comment fonctionne la “pensée” des LLMs https://www.anthropic.com/research/tracing-thoughts-language-model Effet boîte noire : Stratégies internes des IA (Claude) opaques aux développeurs et utilisateurs. Objectif : Comprendre le “raisonnement” interne pour vérifier capacités et intentions. Méthode : Inspiration neurosciences, développement d'un “microscope IA” (regarder quels circuits neuronaux s'activent). Technique : Identification de concepts (“features”) et de “circuits” internes. Multilinguisme : Indice d'un “langage de pensée” conceptuel commun à toutes les langues avant de traduire dans une langue particulière. Planification : Capacité à anticiper (ex: rimes en poésie), pas seulement de la génération mot par mot (token par token). Raisonnement non fidèle : Peut fabriquer des arguments plausibles (“bullshitting”) pour une conclusion donnée. Logique multi-étapes : Combine des faits distincts, ne se contente pas de mémoriser. Hallucinations : Refus par défaut ; réponse si “connaissance” active, sinon risque d'hallucination si erreur. “Jailbreaks” : Tension entre cohérence grammaticale (pousse à continuer) et sécurité (devrait refuser). Bilan : Méthodes limitées mais prometteuses pour la transparence et la fiabilité de l'IA. Le “S” dans MCP veut dire Securité (ou pas !) https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b La spécification MCP pour permettre aux LLMs d'avoir accès à divers outils et fonctions a peut-être été adoptée un peu rapidement, alors qu'elle n'était pas encore prête niveau sécurité L'article liste 4 types d'attaques possibles : vulnérabilité d'injection de commandes attaque d'empoisonnement d'outils redéfinition silencieuse de l'outil le shadowing d'outils inter-serveurs Pour l'instant, MCP n'est pas sécurisé : Pas de standard d'authentification Pas de chiffrement de contexte Pas de vérification d'intégrité des outils Basé sur l'article de InvariantLabs https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks Sortie Infinispan 15.2 - pre rolling upgrades 16.0 https://infinispan.org/blog/2025/03/27/infinispan-15-2 Support de Redis JSON + scripts Lua Métriques JVM désactivables Nouvelle console (PatternFly 6) Docs améliorées (métriques + logs) JDK 17 min, support JDK 24 Fin du serveur natif (performances) Guillaume montre comment développer un serveur MCP HTTP Server Sent Events avec l'implémentation de référence Java et LangChain4j https://glaforge.dev/posts/2025/04/04/mcp-client-and-server-with-java-mcp-sdk-and-langchain4j/ Développé en Java, avec l'implémentation de référence qui est aussi à la base de l'implémentation dans Spring Boot (mais indépendant de Spring) Le serveur MCP est exposé sous forme de servlet dans Jetty Le client MCP lui, est développé avec le module MCP de LangChain4j c'est semi independant de Spring dans le sens où c'est dépendant de Reactor et de ses interface. il y a une conversation sur le github d'anthropic pour trouver une solution, mais cela ne parait pas simple. Les fallacies derrière la citation “AI won't replace you, but humans using AI will” https://platforms.substack.com/cp/161356485 La fallacie de l'automatisation vs. l'augmentation : Elle se concentre sur l'amélioration des tâches existantes avec l'IA au lieu de considérer le changement de la valeur de ces tâches dans un nouveau système. La fallacie des gains de productivité : L'augmentation de la productivité ne se traduit pas toujours par plus de valeur pour les travailleurs, car la valeur créée peut être capturée ailleurs dans le système. La fallacie des emplois statiques : Les emplois sont des constructions organisationnelles qui peuvent être redéfinies par l'IA, rendant les rôles traditionnels obsolètes. La fallacie de la compétition “moi vs. quelqu'un utilisant l'IA” : La concurrence évolue lorsque l'IA modifie les contraintes fondamentales d'un secteur, rendant les compétences existantes moins pertinentes. La fallacie de la continuité du flux de travail : L'IA peut entraîner une réimagination complète des flux de travail, éliminant le besoin de certaines compétences. La fallacie des outils neutres : Les outils d'IA ne sont pas neutres et peuvent redistribuer le pouvoir organisationnel en changeant la façon dont les décisions sont prises et exécutées. La fallacie du salaire stable : Le maintien d'un emploi ne garantit pas un salaire stable, car la valeur du travail peut diminuer avec l'augmentation des capacités de l'IA. La fallacie de l'entreprise stable : L'intégration de l'IA nécessite une restructuration de l'entreprise et ne se fait pas dans un vide organisationnel. Comprendre le “sampling” dans les LLMs https://rentry.co/samplers Explique pourquoi les LLMs utilisent des tokens Les différentes méthodes de “sampling” : càd de choix de tokens Les hyperparamètres comme la température, top-p, et leur influence réciproque Les algorithmes de tokenisation comme Byte Pair Encoding et SentencePiece. Un de moins … OpenAI va racheter Windsurf pour 3 milliards de dollars. https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion l'accord n'est pas encore finalisé Windsurf était valorisé à 1,25 milliards l'an dernier et OpenAI a levé 40 milliards dernièrement portant sa valeur à 300 milliards Le but pour OpenAI est de rentrer dans le monde des assistants de code pour lesquels ils sont aujourd'hui absent Docker desktop se met à l'IA… ? Une nouvelle fonctionnalité dans docker desktop 4.4 sur macos: Docker Model Runner https://dev.to/docker/run-genai-models-locally-with-docker-model-runner-5elb Permet de faire tourner des modèles nativement en local ( https://docs.docker.com/model-runner/ ) mais aussi des serveurs MCP ( https://docs.docker.com/ai/mcp-catalog-and-toolkit/ ) Outillage Jetbrains défend la suppression des commentaires négatifs sur son assistant IA https://devclass.com/2025/04/30/jetbrains-defends-removal-of-negative-reviews-for-unpopular-ai-assistant/?td=rt-3a L'IA Assistant de JetBrains, lancée en juillet 2023, a été téléchargée plus de 22 millions de fois mais n'est notée que 2,3 sur 5. Des utilisateurs ont remarqué que certaines critiques négatives étaient supprimées, ce qui a provoqué une réaction négative sur les réseaux sociaux. Un employé de JetBrains a expliqué que les critiques ont été supprimées soit parce qu'elles mentionnaient des problèmes déjà résolus, soit parce qu'elles violaient leur politique concernant les “grossièretés, etc.” L'entreprise a reconnu qu'elle aurait pu mieux gérer la situation, un représentant déclarant : “Supprimer plusieurs critiques d'un coup sans préavis semblait suspect. Nous aurions dû au moins publier un avis et fournir plus de détails aux auteurs.” Parmi les problèmes de l'IA Assistant signalés par les utilisateurs figurent : un support limité pour les fournisseurs de modèles tiers, une latence notable, des ralentissements fréquents, des fonctionnalités principales verrouillées aux services cloud de JetBrains, une expérience utilisateur incohérente et une documentation insuffisante. Une plainte courante est que l'IA Assistant s'installe sans permission. Un utilisateur sur Reddit l'a qualifié de “plugin agaçant qui s'auto-répare/se réinstalle comme un phénix”. JetBrains a récemment introduit un niveau gratuit et un nouvel agent IA appelé Junie, destiné à fonctionner parallèlement à l'IA Assistant, probablement en réponse à la concurrence entre fournisseurs. Mais il est plus char a faire tourner. La société s'est engagée à explorer de nouvelles approches pour traiter les mises à jour majeures différemment et envisage d'implémenter des critiques par version ou de marquer les critiques comme “Résolues” avec des liens vers les problèmes correspondants au lieu de les supprimer. Contrairement à des concurrents comme Microsoft, AWS ou Google, JetBrains commercialise uniquement des outils et services de développement et ne dispose pas d'une activité cloud distincte sur laquelle s'appuyer. Vos images de README et fichiers Markdown compatibles pour le dark mode de GitHub: https://github.blog/developer-skills/github/how-to-make-your-images-in-markdown-on-github-adjust-for-dark-mode-and-light-mode/ Seulement quelques lignes de pure HTML pour le faire Architecture Alors, les DTOs, c'est bien ou c'est pas bien ? https://codeopinion.com/dtos-mapping-the-good-the-bad-and-the-excessive/ Utilité des DTOs : Les DTOs servent à transférer des données entre les différentes couches d'une application, en mappant souvent les données entre différentes représentations (par exemple, entre la base de données et l'interface utilisateur). Surutilisation fréquente : L'article souligne que les DTOs sont souvent utilisés de manière excessive, notamment pour créer des API HTTP qui ne font que refléter les entités de la base de données, manquant ainsi l'opportunité de composer des données plus riches. Vraie valeur : La valeur réelle des DTOs réside dans la gestion du couplage entre les couches et la composition de données provenant de sources multiples en formes optimisées pour des cas d'utilisation spécifiques. Découplage : Il est suggéré d'utiliser les DTOs pour découpler les modèles de données internes des contrats externes (comme les API), ce qui permet une évolution et une gestion des versions indépendantes. Exemple avec CQRS : Dans le cadre de CQRS (Command Query Responsibility Segregation), les réponses aux requêtes (queries) agissent comme des DTOs spécifiquement adaptés aux besoins de l'interface utilisateur, pouvant inclure des données de diverses sources. Protection des données internes : Les DTOs aident à distinguer et protéger les modèles de données internes (privés) des changements externes (publics). Éviter l'excès : L'auteur met en garde contre les couches de mapping excessives (mapper un DTO vers un autre DTO) qui n'apportent pas de valeur ajoutée. Création ciblée : Il est conseillé de ne créer des DTOs que lorsqu'ils résolvent des problèmes concrets, tels que la gestion du couplage ou la facilitation de la composition de données. Méthodologies Même Guillaume se met au “vibe coding” https://glaforge.dev/posts/2025/05/02/vibe-coding-an-mcp-server-with-micronaut-and-gemini/ Selon Andrey Karpathy, c'est le fait de POC-er un proto, une appli jetable du weekend https://x.com/karpathy/status/1886192184808149383 Mais Simon Willison s'insurge que certains confondent coder avec l'assistance de l'IA avec le vibe coding https://simonwillison.net/2025/May/1/not-vibe-coding/ Guillaume c'est ici amusé à développer un serveur MCP avec Micronaut, en utilisant Gemini, l'IA de Google. Contrairement à Quarkus ou Spring Boot, Micronaut n'a pas encore de module ou de support spécifique pour faciliter la création de serveur MCP Sécurité Une faille de sécurité 10/10 sur Tomcat https://www.it-connect.fr/apache-tomcat-cette-faille-activement-exploitee-seulement-30-heures-apres-sa-divulgation-patchez/ Une faille de sécurité critique (CVE-2025-24813) affecte Apache Tomcat, permettant l'exécution de code à distance Cette vulnérabilité est activement exploitée seulement 30 heures après sa divulgation du 10 mars 2025 L'attaque ne nécessite aucune authentification et est particulièrement simple à exécuter Elle utilise une requête PUT avec une charge utile Java sérialisée encodée en base64, suivie d'une requête GET L'encodage en base64 permet de contourner la plupart des filtres de sécurité Les serveurs vulnérables utilisent un stockage de session basé sur des fichiers (configuration répandue) Les versions affectées sont : 11.0.0-M1 à 11.0.2, 10.1.0-M1 à 10.1.34, et 9.0.0.M1 à 9.0.98 Les mises à jour recommandées sont : 11.0.3+, 10.1.35+ et 9.0.99+ Les experts prévoient des attaques plus sophistiquées dans les prochaines phases d'exploitation (upload de config ou jsp) Sécurisation d'un serveur ssh https://ittavern.com/ssh-server-hardening/ un article qui liste les configurations clés pour sécuriser un serveur SSH par exemple, enlever password authentigfication, changer de port, desactiver le login root, forcer le protocol ssh 2, certains que je ne connaissais pas comme MaxStartups qui limite le nombre de connections non authentifiées concurrentes Port knocking est une technique utile mais demande une approche cliente consciente du protocol Oracle admet que les identités IAM de ses clients ont leaké https://www.theregister.com/2025/04/08/oracle_cloud_compromised/ Oracle a confirmé à certains clients que son cloud public a été compromis, alors que l'entreprise avait précédemment nié toute intrusion. Un pirate informatique a revendiqué avoir piraté deux serveurs d'authentification d'Oracle et volé environ six millions d'enregistrements, incluant des clés de sécurité privées, des identifiants chiffrés et des entrées LDAP. La faille exploitée serait la vulnérabilité CVE-2021-35587 dans Oracle Access Manager, qu'Oracle n'avait pas corrigée sur ses propres systèmes. Le pirate a créé un fichier texte début mars sur login.us2.oraclecloud.com contenant son adresse email pour prouver son accès. Selon Oracle, un ancien serveur contenant des données vieilles de huit ans aurait été compromis, mais un client affirme que des données de connexion aussi récentes que 2024 ont été dérobées. Oracle fait face à un procès au Texas concernant cette violation de données. Cette intrusion est distincte d'une autre attaque contre Oracle Health, sur laquelle l'entreprise refuse de commenter. Oracle pourrait faire face à des sanctions sous le RGPD européen qui exige la notification des parties affectées dans les 72 heures suivant la découverte d'une fuite de données. Le comportement d'Oracle consistant à nier puis à admettre discrètement l'intrusion est inhabituel en 2025 et pourrait mener à d'autres actions en justice collectives. Une GitHub action très populaire compromise https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised Compromission de l'action tj-actions/changed-files : En mars 2025, une action GitHub très utilisée (tj-actions/changed-files) a été compromise. Des versions modifiées de l'action ont exposé des secrets CI/CD dans les logs de build. Méthode d'attaque : Un PAT compromis a permis de rediriger plusieurs tags de version vers un commit contenant du code malveillant. Détails du code malveillant : Le code injecté exécutait une fonction Node.js encodée en base64, qui téléchargeait un script Python. Ce script parcourait la mémoire du runner GitHub à la recherche de secrets (tokens, clés…) et les exposait dans les logs. Dans certains cas, les données étaient aussi envoyées via une requête réseau. Période d'exposition : Les versions compromises étaient actives entre le 12 et le 15 mars 2025. Tout dépôt, particulièrement ceux publiques, ayant utilisé l'action pendant cette période doit être considéré comme potentiellement exposé. Détection : L'activité malveillante a été repérée par l'analyse des comportements inhabituels pendant l'exécution des workflows, comme des connexions réseau inattendues. Réaction : GitHub a supprimé l'action compromise, qui a ensuite été nettoyée. Impact potentiel : Tous les secrets apparaissant dans les logs doivent être considérés comme compromis, même dans les dépôts privés, et régénérés sans délai. Loi, société et organisation Les startup the YCombinateur ont les plus fortes croissances de leur histoire https://www.cnbc.com/2025/03/15/y-combinator-startups-are-fastest-growing-in-fund-history-because-of-ai.html Les entreprises en phase de démarrage à Silicon Valley connaissent une croissance significative grâce à l'intelligence artificielle. Le PDG de Y Combinator, Garry Tan, affirme que l'ensemble des startups de la dernière cohorte a connu une croissance hebdomadaire de 10% pendant neuf mois. L'IA permet aux développeurs d'automatiser des tâches répétitives et de générer du code grâce aux grands modèles de langage. Pour environ 25% des startups actuelles de YC, 95% de leur code a été écrit par l'IA. Cette révolution permet aux entreprises de se développer avec moins de personnel - certaines atteignant 10 millions de dollars de revenus avec moins de 10 employés. La mentalité de “croissance à tout prix” a été remplacée par un renouveau d'intérêt pour la rentabilité. Environ 80% des entreprises présentées lors du “demo day” étaient centrées sur l'IA, avec quelques startups en robotique et semi-conducteurs. Y Combinator investit 500 000 dollars dans les startups en échange d'une participation au capital, suivi d'un programme de trois mois. Red Hat middleware (ex-jboss) rejoint IBM https://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html Les activités Middleware de Red Hat (incluant JBoss, Quarkus, etc.) vont être transférées vers IBM, dans l'unité dédiée à la sécurité des données, à l'IAM et aux runtimes. Ce changement découle d'une décision stratégique de Red Hat de se concentrer davantage sur le cloud hybride et l'intelligence artificielle. Mark Little explique que ce transfert était devenu inévitable, Red Hat ayant réduit ses investissements dans le Middleware ces dernières années. L'intégration vise à renforcer l'innovation autour de Java en réunissant les efforts de Red Hat et IBM sur ce sujet. Les produits Middleware resteront open source et les clients continueront à bénéficier du support habituel sans changement. Mark Little affirme que des projets comme Quarkus continueront à être soutenus et que cette évolution est bénéfique pour la communauté Java. Un an de commonhaus https://www.commonhaus.org/activity/253.html un an, démarré sur les communautés qu'ils connaissaient bien maintenant 14 projets et put en accepter plus confiance, gouvernance legère et proteger le futur des projets automatisation de l'administratif, stabiilité sans complexité, les developpeurs au centre du processus de décision ils ont besoins de members et supporters (financiers) ils veulent accueillir des projets au delà de ceux du cercles des Java Champions Spring Cloud Data Flow devient un produit commercial et ne sera plus maintenu en open source https://spring.io/blog/2025/04/21/spring-cloud-data-flow-commercial Peut-être sous l'influence de Broadcom, Spring se met à mettre en mode propriétaire des composants du portefeuille Spring ils disent que peu de gens l'utilisaent en mode OSS et la majorité venait d'un usage dans la plateforme Tanzu Maintenir en open source le coutent du temps qu'ils son't pas sur ces projets. La CNCF protège le projet NATS, dans la fondation depuis 2018, vu que la société Synadia qui y contribue souhaitait reprendre le contrôle du projet https://www.cncf.io/blog/2025/04/24/protecting-nats-and-the-integrity-of-open-source-cncfs-commitment-to-the-community/ CNCF : Protège projets OS, gouvernance neutre. Synadia vs CNCF : Veut retirer NATS, licence non-OS (BUSL). CNCF : Accuse Synadia de “claw back” (reprise illégitime). Revendications Synadia : Domaine nats.io, orga GitHub. Marque NATS : Synadia n'a pas transféré (promesse rompue malgré aide CNCF). Contestation Synadia : Juge règles CNCF “trop vagues”. Vote interne : Mainteneurs Synadia votent sortie CNCF (sans communauté). Support CNCF : Investissement majeur ($ audits, légal), succès communautaire (>700 orgs). Avenir NATS (CNCF) : Maintien sous Apache 2.0, gouvernance ouverte. Actions CNCF : Health check, appel mainteneurs, annulation marque Synadia, rejet demandes. Mais finalement il semble y avoir un bon dénouement : https://www.cncf.io/announcements/2025/05/01/cncf-and-synadia-align-on-securing-the-future-of-the-nats-io-project/ Accord pour l'avenir de NATS.io : La Cloud Native Computing Foundation (CNCF) et Synadia ont conclu un accord pour sécuriser le futur du projet NATS.io. Transfert des marques NATS : Synadia va céder ses deux enregistrements de marque NATS à la Linux Foundation afin de renforcer la gouvernance ouverte du projet. Maintien au sein de la CNCF : L'infrastructure et les actifs du projet NATS resteront sous l'égide de la CNCF, garantissant ainsi sa stabilité à long terme et son développement en open source sous licence Apache-2.0. Reconnaissance et engagement : La Linux Foundation, par la voix de Todd Moore, reconnaît les contributions de Synadia et son soutien continu. Derek Collison, PDG de Synadia, réaffirme l'engagement de son entreprise envers NATS et la collaboration avec la Linux Foundation et la CNCF. Adoption et soutien communautaire : NATS est largement adopté et considéré comme une infrastructure critique. Il bénéficie d'un fort soutien de la communauté pour sa nature open source et l'implication continue de Synadia. Finalement, Redis revient vers une licence open source OSI, avec la AGPL https://foojay.io/today/redis-is-now-available-under-the-agplv3-open-source-license/ Redis passe à la licence open source AGPLv3 pour contrer l'exploitation par les fournisseurs cloud sans contribution. Le passage précédent à la licence SSPL avait nui à la relation avec la communauté open source. Salvatore Sanfilippo (antirez) est revenu chez Redis. Redis 8 adopte la licence AGPL, intègre les fonctionnalités de Redis Stack (JSON, Time Series, etc.) et introduit les “vector sets” (le support de calcul vectoriel développé par Salvatore). Ces changements visent à renforcer Redis en tant que plateforme appréciée des développeurs, conformément à la vision initiale de Salvatore. Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 mai 2025 : GOSIM AI Paris - Paris (France) 7-9 mai 2025 : Devoxx UK - London (UK) 15 mai 2025 : Cloud Toulouse - Toulouse (France) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 22-23 mai 2025 : Flupa UX Days 2025 - Paris (France) 24 mai 2025 : Polycloud - Montpellier (France) 24 mai 2025 : NG Baguette Conf 2025 - Nantes (France) 3 juin 2025 : TechReady - Nantes (France) 5-6 juin 2025 : AlpesCraft - Grenoble (France) 5-6 juin 2025 : Devquest 2025 - Niort (France) 10-11 juin 2025 : Modern Workplace Conference Paris 2025 - Paris (France) 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12 juin 2025 : Positive Design Days - Strasbourg (France) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 19-21 juin 2025 : Drupal Barcamp Perpignan 2025 - Perpignan (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : Devfest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

In this episode, Michael Lieberman, Co-founder and CTO of Kusari, walks us through the intersection of open source software and security. We discuss Mike's extensive involvement in OpenSSF projects like SLSA and GUAC, which provide essential frameworks for securing the software development life cycle (SDLC) and managing software supply chains. He explains how these tools help verify software provenance and manage vulnerabilities. Additionally, we explore regulatory concerns such as the Cyber Resilience Act (CRA) and the vital role of the recently released Open SSF Security Baseline (OSPS Baseline) in helping organizations comply with such regulations. Mike also shares insights into the evolution of open source security practices, the importance of reducing complexity for developers, and the potential benefits of orchestrating security similarly to Kubernetes. We conclude with a look at upcoming projects and current pilots aiming to simplify and enhance open source security.   00:00 Introduction and Guest Welcome 00:19 Mike's Background and Role in Open Source 01:35 Exploring SLSA and GUAC Projects 04:57 Cyber Resiliency Act Overview 06:54 OpenSSF Security Baseline 11:29 Encouraging Community Involvement 18:39 Final Thoughts   Resources: OpenSSF's OSPS Baseline GUAC SLSA KubeCon Keynote: Cutting Through the Fog: Clarifying CRA Compliance in C... Eddie Knight & Michael Lieberman   Guest: Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF's Secure Software Factory Reference Architecture whitepaper. He is an elected member of the OpenSSF Governing Board and Technical Advisory Council along with CNCF TAG Security Lead and an SLSA steering committee member.  

This week, we discuss the new Slate Pickup, Synadia's attempt to reclaim NATS from the CNCF, and the latest DORA AI report. Plus, Google leaves old Nest thermostats out in the cold. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=Is2JhdgLpIg) 517 (https://www.youtube.com/watch?v=Is2JhdgLpIg) Runner-up Titles We have a dumb house Ultimately I blame myself You can educate people, but they're not going to listen It's hard to have the same level of empathy with a talking logo I don't want a subscription car No Take Backs Rugpulls are part of the landscape now Vacuum Hypothesis Major releases forever Making bad developers 10x faster Spaces or Braces Don't bring tabs into this Rundown Google will stop supporting early Nest thermostats on October 25 (https://techcrunch.com/2025/04/26/google-will-stop-supporting-early-nest-thermostats-on-october-25/) The Slate Truck is a whole new kind of car (https://www.theverge.com/the-vergecast/657836/slate-truck-auto-pickup-screen-time-vergecast) Open Source Regret Syndrome How Synadia's attempt to exit the CNCF by holding a trademark hostage might have backfired (https://www.runtime.news/how-synadias-attempt-to-exit-the-cncf-by-holding-a-trademark-hostage-might-have-backfired/) Protecting NATS and the integrity of open source: CNCF's commitment to the community (https://www.cncf.io/blog/2025/04/24/protecting-nats-and-the-integrity-of-open-source-cncfs-commitment-to-the-community/?ref=runtime.news) DORA Impact of Generative AI in Software Development (https://cloud.google.com/resources/content/dora-impact-of-gen-ai-software-development?hl=en) Duolingo will replace contract workers with AI (https://www.theverge.com/news/657594/duolingo-ai-first-replace-contract-workers) Google launches AI tools for practicing languages through personalized lessons (https://techcrunch.com/2025/04/29/google-launches-ai-tools-for-practicing-languages-through-personalized-lessons/?guccounter=1&guce_referrer=aHR0cHM6Ly9uZXdzLmdvb2dsZS5jb20v&guce_referrer_sig=AQAAACKh9xMr7tOVcmFQP-5C8PDElghg3W1m2SmQAVKY4UhlHXs69qyd-CrNSI5aLcFTcZCQ0_crhAmIf4h3m816HtKLF1FfYof3Tcfai-qMt_sbXeTLDn2ap8l_X54hB-MNXCQtjjpNo0rHs9yMrXlXQbcRqLKfEAERgEh3piRMF_KM) Viral Shopify CEO Manifesto Says AI Now Mandatory For All Employees (https://www.forbes.com/sites/douglaslaney/2025/04/09/selling-ai-strategy-to-employees-shopify-ceos-manifesto/) Introducing the Meta AI App: A New Way to Access Your AI Assistant (https://about.fb.com/news/2025/04/introducing-meta-ai-app-new-way-access-ai-assistant/) Relevant to your Interests 2D Chip Breakthrough: 6,000 Transistors, 3 Atoms Thick (https://spectrum.ieee.org/2d-semiconductors-molybdenum-disulfide) AMD 2.0 – New Sense of Urgency (https://semianalysis.com/2025/04/23/amd-2-0-new-sense-of-urgency-mi450x-chance-to-beat-nvidia-nvidias-new-moat/) Apple Partner TSMC Unveils Advanced 1.4nm Process for 2028 Chips (https://www.macrumors.com/2025/04/24/apple-partner-tsmc-1-4nm-process-2028-chips/) Elon Musk forced back to the boardroom as Doge ‘blowback' pummels Tesla (https://on.ft.com/3Rx0z4z) Amazon CEO Andy Jassy's 2024 Letter to Shareholders—Annotated (https://www.lastweekinaws.com/2024-amazon-ceo-letter-to-shareholders/?ck_subscriber_id=512840665&utm_source=convertkit&utm_medium=email&utm_campaign=%20[Last%20Week%20in%20AWS%20Extras]:%20Amazon%20CEO%20Andy%20Jassy) How Commodore Invented the Mass Market Computer (https://every.to/the-crazy-ones/the-first-king-of-home-computing) Yahoo wants to buy Chrome (https://www.theverge.com/policy/655975/yahoo-search-web-browser-prototype-google-trial-antitrust-chrome) Microsoft launches Recall and AI-powered Windows search for Copilot Plus PCs (https://www.theverge.com/news/656106/microsoft-recall-copilot-plus-pc-available) Tech Workers Are Just Like the Rest of Us: Miserable at Work (https://www.msn.com/en-us/money/companies/tech-workers-are-just-like-the-rest-of-us-miserable-at-work/ar-AA1DDKjh) Backblaze: A Loss-Making Data Storage Business Mired in Lawsuits, Sham Accounting, and Brazen Insider Dumping (https://www.morpheus-research.com/backblaze/) IBM pledges $150 billion to boost U.S. tech growth, computer manufacturing (https://www.cnbc.com/2025/04/28/ibm-to-invest-150-billion-to-boost-us-tech-growth-computer-manufacturing.html) Economic Termites Are Everywhere (https://www.thebignewsletter.com/p/economic-termites-are-everywhere) 40 years ago, Acorn fired up the first Arm processor (https://www.theregister.com/2025/04/29/arm_40/) Nonsense Between 2 Servers - S1E2 - Not THAT Hasselhoff feat. Dr. Kate Holterhoff (https://www.youtube.com/watch?v=v6VrO8rl-iM) Fold 'N Fly » Paper Airplane Folding Instructions (https://www.foldnfly.com/) Conferences Cloud Foundry Day US (https://events.linuxfoundation.org/cloud-foundry-day-north-america/), May 14th, Palo Alto, CA, Coté speaking. KCD Texas Austin 2025 (https://community.cncf.io/events/details/cncf-kcd-texas-presents-kcd-texas-austin-2025/), May 15th, Whitney Lee Speaking Fr (https://vmwarereg.fig-street.com/051325-tanzu-workshop/)ee AI workshop (https://vmwarereg.fig-street.com/051325-tanzu-workshop/), May 13th. day before C (https://events.linuxfoundation.org/cloud-foundry-day-north-america/)loud (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) (https://events.linuxfoundation.org/cloud-foundry-day-north-america/)Foundry (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) Day (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) Melbourne Wiz Meet-Up (https://www.wiz.io/events/melbourne-wizdom-meet-up-may-2025), May 13. Matt will be there NDC Oslo (https://ndcoslo.com/), May 21st-23th, Coté speaking. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Airpod Cleaner Kit (https://www.amazon.com/dp/B0B3CKVRK3?ref=ppx_yo2ov_dt_b_fed_asin_title&th=1) Matt: Soul Coughing Live 2024 (https://li.sten.to/soulcoughinglive2024) Cooking with Beagles (https://www.instagram.com/beagleskiko/) Photo Credits Header (https://unsplash.com/photos/white-thermostat-at-62-mAwE-fqgDXc)

Tim Irnich from SUSE shares his work with Edge computing, focusing on the telecommunications industry. He highlights the importance of standardization and interoperability across the industry, specifically focusing on the widespread adoption of Linux and Kubernetes. Tim also elaborates on Project Sylva, an initiative under the Linux Foundation, aimed at creating a standardized stack for the European telco operators. We also discuss challenges and opportunities presented by the vast array of open source projects within the CNCF landscape and the potential for AI to enhance network efficiency and reliability. The episode provides a comprehensive look into the collaborative efforts and technological advancements shaping the telecom sector. 00:00 Welcome 01:14 Open Source Adoption in the Telco Industry 02:14 Challenges and Standardization in Telco Networks 04:35 Curating Reliable Stacks for Telco 06:11 Project Silva: An Open Source Initiative 18:55 AI in the Telecom Industry 22:11 Conclusion and Final Thoughts   Tim Irnich is the product manager for SUSE Edge for Telco, an open source based horizontal telco cloud solution. He is also a member of the Board of Directors at the LF Europe Sylva Project. Tim has been active in telco related open source communities such as LF Networking, OPNFV, OpenDaylight, OpenStack/OpenInfra for over a decade and held positions on several committees including the LFN TAC, TSC and Board of Directors in OPNFV and OpenDaylight. Before joining SUSE in 2018, Tim worked at Ericsson, where he ran the open source and ecosystem program for Ericsson's cloud business unit and helped found Ericsson's open source development arm that is today known as Ericsson Software Technologies. 

KubeCon Europe 2025 in London has wrapped up, and we're bringing you all the highlights, trends, and behind-the-scenes insights straight from the show floor!In this special recap episode, I'm joined by two CNCF Ambassadors and community powerhouses: Kasper Borg Nissen, the Co-Chair of this KubeCon as well as of the KubeCon 2024 editions, and a Developer Relations Engineer at Dash0; and William Rizzo, Consulting Architect at Mirantis and Linkerd Ambassador.Together, we unpack the major themes from the event—from platform engineering and internal developer platforms, to open source observability, and where Kubernetes is headed next. We also chat about the vibe of the community, emerging projects to watch, and important trends in European tech sphere.Whether you missed the conference or want to catch up on important updates you might have missed, this episode gives you a curated take straight from the experts who know the cloud-native space inside out.The episode was live-streamed on 22 April 2025 and the video is available at https://www.youtube.com/watch?v=JyxJOmOEBvQYou can read the recap post: https://medium.com/p/740258a5fa46OpenObservability Talks episodes are released monthly, on the last Thursday of each month and are available for listening on your favorite podcast app and on YouTube.We live-stream the episodes on Twitch and YouTube Live - tune in to see us live, and chime in with your comments and questions on the live chat.⁠⁠https://www.youtube.com/@openobservabilitytalks⁠  https://www.twitch.tv/openobservability⁠Show Notes:00:00 - intro03:28 - KubeCon impressions09:59 - Backstage turns 518:56 - CNCF turns 10 and CNCF annual survey27:22 - Sovereign cloud in Europe and the NeoNephos initiative33:55 - CI/CD use in production increases36:52 - OpenInfra joins the Linux Foundation40:16 - Cloud native local communities, DEI and the BIPOC initiative 51:11 - Observability query standardization SIG updates59:36 - outroResources:CNCF 2024 Annual Survey https://www.cncf.io/reports/cncf-annual-survey-2024/NeoNephos initiative for sovereign EU cloud: https://www.linkedin.com/feed/update/urn:li:share:7313115943075766273/ OpenInfra Foundation and OpenStack join The Linux Foundation: https://www.linkedin.com/feed/update/urn:li:share:7307839934072066048/ Backstage turns 5: https://www.linkedin.com/feed/update/urn:li:activity:7318163557206966272/ Kubernetes 1.33 release: https://www.linkedin.com/feed/update/urn:li:activity:7321054742174924800/Socials:Twitter:⁠ https://twitter.com/OpenObserv⁠YouTube: ⁠https://www.youtube.com/@openobservabilitytalks⁠Dotan Horovits============Twitter: @horovitsLinkedIn: www.linkedin.com/in/horovitsMastodon: @horovits@fosstodonBlueSky: @horovits.bsky.socialKasper Borg Nissen===============Twitter: https://www.twitter.com/phennexLinkedIn: https://www.linkedin.com/in/kaspernissen/BlueSky: https://bsky.app/profile/kaspernissen.xyz⁠William Rizzo===========Twitter: https://twitter.com/WilliamRizzo19LinkedIn: https://www.linkedin.com/in/william-rizzo/BlueSky: https://bsky.app/profile/williamrizzo.bsky.social

Cloud native patterns and open source developments were on display at the KubeCon + CloudNativeCon Europe conference. The biannual gathering was showing how the container ecosystem continues to mature and analysts Jean Atelsek and William Fellows join host Eric Hanselman to explore their insights. The Cloud Native Computing Foundation (CNCF), part of the Linux Foundation, continues to expand the event and advance the maturity of the open source projects that are part of its purview. Day 2 operations have been gaining focus and the pre-conference FinOps X event was an indication of the emphasis on operational controls as it digs into infrastructure cost management. The opening “Day 0” events at KubeCon, which have been the forum for specialized project meetings, have become a key part of the conference, with over 6,000 attendees, almost half of the reported 13,000 total.  The Kubernetes container management project is now over ten years old and one of the other signs of technology evolution was the integration of the OpenInfra Foundation, which managed the OpenStack project and other infrastructure elements, into the Linux Foundation. Open source projects are gaining wider adoption and one of the messages from projects and vendors at KubeCon, was the hope that it could offer alternatives to enterprise infrastructure stalwart, VMware. The CNCF is expanding its investments in improving security across the projects under its umbrella. There was also continued development of platform engineering initiatives. Bounding the expanding world of open source projects to create consistent development and operational tool chains for enterprise is one more sign of maturity in the container world. More S&P Global Content: AWS, Microsoft Azure and Google Cloud enter the FinOps vortex For S&P Global subscribers: Kubernetes meets the AI moment in Europe with technology, security, investment Data management, GenAI, hybrid cloud are top Kubernetes workloads – Highlights from VotE: DevOps Kubernetes ecosystem tackles new technical and market challenges Kubernetes, serverless adoption evolve with cloud-native maturity – Highlights from VotE: DevOps Credits: Host/Author: Eric Hanselman Guests: Jean Atelsek, William Fellows Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

Did containerization ship away our environmental responsibility? Containers come with the promise of automation, scalability and reliability. The question is how to add sustainability to the list without breaking its other benefits. To talk about these challenges, Gaël Duez welcomes Flavia Paganelli and Niki Manoledaki, 2 experts in Kubernetes who are also pillars of the CNCF TAG Environmental Sustainability workgroup. This episode might beat the record of acronyms: KEIT, CNCF, TAG … And yet Flavia Paganelli and Niki Manoledaki provided crystal clear explanations when they covered:

Jak rozbijać monolity bez rozbijania zespołu? W tym odcinku Patoarchitekci analizują strategie migracji, europejską inicjatywę RISC-V i kontrowersyjny pomysł kierowania ruchu mikroserwisów przez CDN. Szymon preferuje wydzielanie serwisów z najmniejszą liczbą zależności, podczas gdy Łukasz pyta o motywację całego przedsięwzięcia. Od mierzenia produktywności developerów po pragmatyczne podejście do multi-cloud w banku Monzo - odcinek pełen praktycznych wskazówek. Omawiamy również Cloud Native PG w CNCF, zmiany w GitHub Advanced Security i Docker Hub oraz polskiego Iggy w Apache Incubator. Anthropic wyceniony na 61,5 miliarda dolarów! Zastanawiasz się, czy twój monolit zasługuje na rozbicie? Albo jak stworzyć Stand-in z 18 najważniejszych serwisów zamiast całej infrastruktury? Posłuchaj naszego krótkiego odcinka i dowiedz się, dlaczego najlepszy kod to ten, który można łatwo usunąć.   A teraz nie ma co się obijać!

Lior Lieberman is a software engineer lead at Google Cloud focusing on GCE, Kubernetes, and Service Mesh. He is a leading contributor to Gateway API and the maintainer of Ingress2gateway.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod - bluesky: @kubernetespodcast.com   News of the week NFTables mode for kube-proxy | Kubernetes   Kubescape becomes a CNCF incubating project Announcing the Beta Release of OpenTelemetry Go Auto-Instrumentation using eBPF | CNCF  New Phippy Book Guidelines: Enhancing Community Access & Engagement | CNCF Links from the interview Lightning Talk: Why Service Is the Worst API in Kubernetes, & What We're Doing About It - Tim Hockin GitHub - kubernetes-sigs/ingress2gateway: Convert Ingress resources to Gateway API resources Migrating from Ingress Gateway API Inference Extension 0.1.0 release README on GitHub kubernetes-sigs/ingate - an Ingress & Gateway API Controller GAMMA - https://gateway-api.sigs.k8s.io/mesh/  

Send us a textWhat happens when you get Eyvonne, William, and our special guest Nick Eberts in the same conversation? You get a GKE party! In this episode, we dive deep into the world of multi-cluster Kubernetes management with Nick Eberts, Product Manager for GKE Fleets & Teams at Google. Nick shares his expertise on platform engineering, the evolution from traditional infrastructure to cloud-native platforms, and the challenges of managing multiple Kubernetes clusters at scale. We explore the parallels between enterprise architecture and modern platform teams, discuss the future of multi-cluster orchestration, and unpack Google's innovative work with Spanner database integration for GKE. Nick also shares his passion for contributing to open source through SIG Multi-Cluster and provides valuable guidance for those interested in getting involved with the Kubernetes community.Where to Find Nick EbertsLinkedIn: https://www.linkedin.com/in/nicholasebertsTwitter: https://twitter.com/nicholasebertsBluesky: @nickeberts.devShow LinksSIG Multi-Cluster: https://github.com/kubernetes/community/tree/master/sig-multiclusterGoogle Kubernetes Engine (GKE): https://cloud.google.com/kubernetes-engineSpanner Database: https://cloud.google.com/spannerKubernetes: https://kubernetes.io/KubeCon: https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/Argo CD: https://argoproj.github.io/cdFlux: https://fluxcd.io/CNCF: https://www.cncf.io/Follow, Like, and Subscribe!Podcast: https://www.thecloudgambit.com/YouTube: https://www.youtube.com/@TheCloudGambitLinkedIn: https://www.linkedin.com/company/thecloudgambitTwitter: https://twitter.com/TheCloudGambitTikTok: https://www.tiktok.com/@thecloudgambit

Der Mainframe ist tot, lang lebe der Mainframe!“Nobody ever got fired for buying IBM”. So oder so ähnlich hieß bzw. heißt ein Sprichwort in unserer IT-Industrie. Und wenn man sowas hört, hat man oft eins im Sinn: Mainframes. Die dicken Kisten, die in jeder Bank und in jeder Versicherung stehen. Das Ganze sagt sich so schnell. Doch wissen wir wirklich, wovon wir da eigentlich sprechen?In dieser Episode klären wir was eigentlich ein Mainframe ist, was diesen so besonders macht, wie groß und teuer eine solche Maschine ist, was eine z-Architektur ist, ob Mainframes für Greenfield-Projekte genutzt werden, welche Betriebssysteme darauf laufen können, ob wir bei der Software-Entwicklung an COBOL gebunden sind oder ob Go, JavaScript, Rust und Co auch auf einem Mainframe laufen können und inwieweit wir moderne Praktiken wie GitOps, Continuous Delivery, Pre-Production-Testing und Co anwenden können.Am Ende stellen wir uns die Frage, ob der Mainframe im Zeitalter von Cloud, Kubernetes, Commodity Hardware und verteilte Systeme noch eine Rolle spielt, wie wir als Software-Entwickler mal mit der z-Architektur und dem Mainframe spielen können und was für Herausforderungen die Firmen, die heutzutage noch einen Mainframe und alten Quellcode betreiben, so haben.Bonus: Heißt es Der, die oder das Mainframe?Unsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:

One PetaByte is the equivalent of 11000 4k movies. And CERN's Large Hadron Collider (LHC) generates this every single second. Only a fraction of this data (~1 GB/s) is stored and analyzed using a multicluster batch job dispatcher with Kueue running on Kubernetes. In this episode we have Ricardo Rocha, Platform Engineering Lead at CERN and CNCF Advocate, explaining why after 20 years at CERN he is still excited about the work he and his colleagues at CERN are doing. To kick things off we learn about the impact that the CNCF has on the scientific community, how to best balance an implementation of that scale between "easy of use" vs "optimized for throughput". Tune in and learn about custom hardware being built 20 years ago and how the advent of the latest chip generation has impacted the evolution of data scientists around the globeLinks we discussedRicardo's LinkedIn: https://www.linkedin.com/in/ricardo-rocha-739aa718/KubeCon SLC Keynote: https://www.youtube.com/watch?v=xMmskWIlktA&list=PLj6h78yzYM2Pw4mRw4S-1p_xLARMqPkA7&index=5Kueue CNCF Project: https://kubernetes.io/blog/2022/10/04/introducing-kueue/

Send us a textOn this episode:  Joined by special guest KJ, the cast talks with the CNCF's Cassandra Shea to discuss upcoming CayFest & Red Sky @ Night events. Is the country progressing forward for artists? We share some behind the scenes & get a weekend recap.  Who has your Hyundai & what can you do?? An ode to vintage commercials, Honda FiTs, & Galentines. Before taking a call from the Deputy Premier, the cast looks at the racial divide, more robberies but no calls action. RIP Spikey, this & much more! Support the show

In this episode, Henrik Blixt, a product manager at Intuit and Argo maintainer, shares his experiences and insights into managing platform engineering teams that handle Kubernetes, service mesh, API gateways, and more. He emphasizes the importance of product management within platform engineering and discusses his involvement with the CNCF's end user technical advisory board. Henrik also highlights the significance of open source in his professional journey and details the ongoing initiatives and advancements within the Argo project.   00:00 Introduction and Guest Welcome 00:53 Discussion on Argo and Developer Tools 01:41 Open Source Community Involvement 02:06 CNCF End User Technical Advisory Board 03:11 Reference Architectures and Initiatives 08:18 Challenges and Solutions for End Users 13:20 Argo Project Insights 16:03 The Importance of Product Management 17:16 Conclusion and Final Thoughts   Guest: Henrik Blixt leads a Product Management team responsible for the Intuit core platform, where he defines the strategy and direction that has shaped Intuit's cloud native platform based on CNCF projects like Kubernetes, Envoy, Istio, Prometheus, Argo (and many more!) that's used by 7000 developers and serving over 100M users. Being a passionate member of the open source community for almost 30 years, from Linux through OpenStack and Kubernetes, Henrik is currently focused on the Argo project as a core maintainer. He also represents Intuit across other committees, like the CNOE project and the broader Linux Foundation, where he shares experiences and best practices from Intuit's use of open source, making sure end users are heard and their pain points understood. He loves engaging with the community and has been a prolific speaker and event program committee member across ArgoCon, GitOpsCon, Kubecon over the years. A native of Sweden, earning his B.Sc in information systems from the University of Gothenburg, he now resides in California with his family.    

Kakeru is the initiator of the Kubernetes History Inspector or KHI. An open source tool that allows you to visualise Kubernetes Logs and troubleshoot issues. We discussed what the tool does, how it's built and what was the motivation behind Open sourcing it.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod - bluesky: @kubernetespodcast.com   News of the week The Schedule for the KubeCon and CloudNativeCon 2025 Maintainers Summit is live The CNCF 2024 review of the top 30 projects The CNCF End User Case Study for KubeCon Contest Kubernetes Resource Orchestrator Blog Kubernetes Resource Orchestrator Github EKS Hybrid nodes CoreWeave Nvidia GB200 NLV-72 GA   Links from the interview KHI: Kubernetes History Inspector DAG WebGL

Morgan McLean, co-founder of OpenTelemetry and senior director of product management at Splunk, has long tackled the challenges of observability in large-scale systems. In a conversation with Alex Williams onThe New Stack Makers, McLean reflected on his early frustrations debugging high-scale services and the need for better observability tools.OpenTelemetry, formed in 2019 from OpenTracing and OpenCensus, has since become a key part of modern observability strategies. As a Cloud Native Computing Foundation (CNCF) incubating project, it's the second most active open source project after Kubernetes, with over 1,200 developers contributing monthly. McLean highlighted OpenTelemetry's role in solving scaling challenges, particularly in Kubernetes environments, by standardizing distributed tracing, application metrics, and data extraction.Looking ahead, profiling is set to become the fourth major observability signal alongside logs, tracing, and metrics, with general availability expected in 2025. McLean emphasized ongoing improvements, including automation and ease of adoption, predicting even faster OpenTelemetry adoption as friction points are resolved.Learn more from The New Stack about the latest trends in Open Telemetry:What Is OpenTelemetry? The Ultimate GuideObservability in 2025: OpenTelemetry and AI to Fill In GapsHoneycomb.io's Austin Parker: OpenTelemetry In-DepthJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.  

Feature Flagging - some may call them "glorified if-statements" - has been a development practice for decades. But have we reached a stage where organizations are doing "Feature Flag-Driven Development?". After all it took years to establish a test-driven development culture despite having great tools and frameworks available!To learn more we invited Ben Rometsch, Co-Founder of Flagsmith, to chat about the history, state and future of Feature Flagging. He is giving us an update on where the market is heading, how the CNCF project OpenFeature and its community is driving best practices, what the role of AI might be and what he thinks might be next!Couple of links we discussed during the episode:Ben on LinkedIn: https://www.linkedin.com/in/benrometsch/YouTube Video on Observability & Feature Flagging: https://www.youtube.com/watch?v=VZakh1_oEL8OpenFeature: https://openfeature.dev/

William Morgan is the CEO of Buoyant, the company behind Linkerd. You worked at Twitter before as a software engineer and engineering manager and you have a long experience in the field.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod - bluesky: @kubernetespodcast.com   News of the week RedHat blog: Next generation multicluster application connectivity and traffic policy management KubeCon EU 2025 schedule CFP for KubeCon Japan (closes Feb 2, 2025) CFP for KubeCon China (closes Feb 2, 2025) CFP for KubeCon India (closes March 23, 2025) kubezonnet   Links from the interview linkerd.io Linkerd on GitHub Linkerd architecture “Linkerd doesn't use Envoy” Blog Post (2020) envoyproxy.io Sidecar containers in Kubernetes Linkerd2 on GitHub Rust programming language Dynamic Admission Control (Mutating Webhooks) Linkerd Multi-cluster Federated Services KubeCon NA 2024, “Open Source 2.0: The Maintainers' Perspective - Panel” Cloud Native Startup Fest, “​​Panel: Startups With Open Source Projects: Can They Be Successful in the CNCF? And Should They Be?”  

In this episode, Katherine Druckman speaks to Alex Scammon, who leads the Open Source Program Office (OSPO) at G Research. Alex discusses the company's significant contributions to open source projects and their unique operating model. He covers the success of Armada, a CNCF sandbox project for multi-cluster batch scheduling, and the considerable efforts of G Research's OSPO, which includes 30 engineers dedicated to direct open source contributions. Alex also shares insights on the benefits of supporting open source projects, the complexities of project prioritization, and the collaborative efforts in the open source community. The episode emphasizes the importance of sustainable open source involvement and offers a glimpse into G Research's mission to use AI and ML tools to drive financial market predictions.   00:00 Introduction and Guest Welcome 00:08 Overview of Alex's Role and OSPO 03:27 Importance of Open Source Contributions 04:37 Prioritizing Projects and G Research 07:27 Challenges and Collaboration 12:43 Personal Journey in Open Source 18:09 Encouraging Open Source Contributions   Guest: Alex Scammon: Currently, I'm leading a large and intrepid band of open-source engineers engaged in a number of philanthropic upstream contributions on behalf of G-Research. All of our work centers around open-source data science and machine learning tools and the MLOps and HPC infrastructure to support those tools at scale. We're almost certainly hiring.... As part of this work, I'm also leading a discussion around batch scheduling on Kubernetes as the chair of the CNCF's Batch Working Group. Please reach out if this is an area of interest for you -- we'd love to have more voices at the table!

The hardware industry is surging, driven by AI's demanding workloads, with Arm—a 35-year-old pioneer in processor IP—playing a pivotal role. In an episode ofThe New Stack Makersrecorded at KubeCon + CloudNativeCon North America, Pranay Bakre, principal solutions engineer at Arm, discussed how Arm is helping organizations migrate and run applications on its technology.Bakre highlighted Arm's partnership with hyperscalers like AWS, Google, Microsoft, and Oracle, showcasing processors such as AWS Graviton and Google Axion, built on Arm's power-efficient, cost-effective Neoverse IP. This design ethos has spurred wide adoption, with 90-95% of CNCF projects supporting native Arm binaries.Attendees at Arm's booth frequently inquired about its plans to support AI workloads. Bakre noted the performance advantages of Arm-based infrastructure, delivering up to 60% workload improvements over legacy architectures. The episode also features a demo on migrating x86 applications to ARM64 in both cloud and containerized environments, emphasizing Arm's readiness for the AI era.Learn more from The New Stack about Arm: Arm Eyes AI with Its Latest Neoverse Cores and SubsystemBig Three in Cloud Prompts ARM to Rethink SoftwareJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.  

In this episode, Rich speaks with Taylor Dolezal from the CNCF. Topics include: How does the CNCF make money and what is the value it delivers, what is cloud native, what is an end user, imposter syndrome, and Kubernetes at CERN.Links:Taylor's LinkedIn | BlueskyRich's LinkedIn | Bluesky | LinktreeRich's emailJesse Robbins -  Amazon chaos engineeringLachlan EvensonKara Sowles Deloss's FOSDEM presentationCNC Cartografos Working GroupHumans of Cloud NativeThe CNCF LandscapeJoe Beda's first TGIK episodeZero to Merge InitiativeJorge CastroKubernetes at CERNEpisode TranscriptLogo by the amazing Emily Griffin.Music by Monplaisir.Thanks for listening. ★ Support this podcast on Patreon ★

In the last episode of The Business of Open Source recorded at KubeCon Salt Lake City, I spoke with Omri Gazitt, co-founder and CEO of Aserto. Aserto has two open source project that it maintains, one of which it donated to the CNCF. In this episode, we talked about the decision to donate a project to the CNCF — both what the process entailed and what is in for Aserto in having a project at the CNCF. But of course Aserto also has another project, Topaz, which it has not donated to the CNCF. We also talked about why Topaz wasn't donated to the CNCF. A couple things to pull out of this conversation: The complicated calculus of deciding whether to donate a project to a foundation, and how the dynamics of the market change over the years and you have to think very critically about the specifics of your situation before making the decision to donate to a foundationHow every company has slightly different market pressures — sometimes the market pushed you to donate to a foundation, sometimes the market doesn't care. The importance of thinking not just about market share when you're open source, but also how you are going to monetize! It's possible to have vastly smaller market share but make vastly more money. Why being an open source company does not have to mean that your paid solution has to be cheaper than your competitors. Why you don't have to start selling into startups — sometimes your best customers will always be either mid-market or enterprise from the very beginning. We talked about the panel I moderated at CloudNative StartupFest at KubeCon. If you missed it, here's the link to see the replay. We also talked about Adam Jacob's talk at the same event, which you can see here. If you're building a company around an open source project and aren't sure how to manage the relationship between the project and product, you might want to work with me or come to Open Source Founders Summit this May. 

Bret and Nirmal reunite for their traditional annual Holiday Special episode of breaking down the most significant developments in cloud native from 2024 and sharing predictions for 2025.

This special episode recorded live at KubeCon Salt Lake City last November is with Martin Mao, CEO and co-founder at Chronosphere.We talked about how M3 was foundational to the early history of Chronosphere, and how the ability to leverage M3, which Martin and his co-founder had written while they were still working at Uber. One of the most important aspects of this story is that since M3 is the foundation Chronosphere is built on, the fact that it was developed over four years at Uber while they were still on Uber's payroll meant that when they decided to build a company it allowed them to get to market dramatically faster than would have been possible otherwise. Chronosphere's core platform is a proprietary SaaS product, but still has a significant relationship with two other projects: Perses, which was developed at Chronosphere and donated to the CNCF in 2024; and FluentBit, a CNCF graduated project that was originally developed by Calyptia and became part of Chronosphere when it acquired Calyptia. We talked about: The pros and cons of donating projects to the CNCF, from both the perspectives of the company creating the project and the interests of the community and project itselfWhy Chronosphere's core platform isn't open source itselfHow a company can end up getting financial advantages from being the stewards of large open source community, even if the connection doesn't always seem obviousHow product roadmaps are managed for the two projects versus how it's managed for Chronosphere's proprietary products. If you're building a company around an open source project and aren't sure how to manage the relationship between the project and product, you might want to work with me or come to Open Source Founders Summit this May. 

In this episode, Wesley, PJ, and Jason take the opportunity to talk about a new phenomenon - The DevRel Foundation from the Linux Foundation. Learn how folks have gotten involved, what the Foundation intends to do, and how you can share your voice. Topics Discussed: Introduction to the DevRel Foundation: The episode explores the new DevRel Foundation, an initiative under the Linux Foundation, created to address challenges in Developer Relations (DevRel). Wesley Faulkner introduces the foundation, noting that its purpose is to be a nonpartisan hub for discussions about DevRel and to provide resources for defining the profession and its practices. Foundational Goals: The DevRel Foundation aims to address key challenges within DevRel, including defining the role, measuring its impact, and rolling out successful DevRel programs. It seeks to aggregate existing knowledge and create a space for new insights. Wesley discusses his role in the steering committee and mentions the ongoing process of recruiting champions for various topics within DevRel to drive these discussions forward. Open Participation and Community Engagement: The foundation is described as a participative effort, where everyone from managers to community members can contribute. This is highlighted as an important distinction from more passive feedback mechanisms (like town halls). Wesley outlines the process, emphasizing that the foundation is open to diverse perspectives, and all contributions will be available for collaboration through platforms like GitHub and Discord. Challenges of Defining DevRel: A major challenge discussed is the diversity of how DevRel is implemented across different organizations (e.g., startups, enterprises, nonprofits). Wesley talks about the need for an inclusive approach that doesn't exclude any perspectives while ensuring practical outcomes. Jason Hand asks about how the foundation plans to handle these varied implementations, suggesting that a “one-size-fits-all” approach may not work. The Role of the Linux Foundation: The Linux Foundation's role is explained as crucial in providing structure, governance, and logistical support for the foundation. The Linux Foundation's history with supporting open-source projects and fostering community-driven initiatives is seen as a key advantage. Real-World Impact and Job Descriptions: Jason Hand discusses the problem of inconsistent DevRel job descriptions in the industry, which often blur the lines between roles like developer advocate, customer success, and sales engineering. The foundation's work could help standardize expectations for DevRel roles across organizations. The episode touches on how a clearer definition of DevRel could assist job seekers and hiring managers in aligning roles more effectively. Future of the DevRel Foundation: The foundation is still in its early stages, and Wesley emphasizes that while there's hope for the project, it will take time to make significant progress. They encourage participation in calls, Discord, and GitHub to stay updated and contribute. Key Takeaways: - The DevRel Foundation seeks to unify and provide structure to the diverse, evolving field of Developer Relations. Inclusive participation is at the core of the foundation's mission, aiming to gather input from all sectors of the community. - The foundation is driven by volunteer work and community passion, with the support of the Linux Foundation's structure and resources. - GitHub and Discord are key platforms for collaboration, ensuring that community voices are heard and that contributions are open for review and iteration. - The foundation's work will eventually help provide clarity in DevRel role definitions, benefiting both organizations and professionals in the field. Action Items: - Join the DevRel Foundation: Individuals can join calls, participate in discussions, or contribute to the work via GitHub and Discord. - Become a Champion: The foundation is actively seeking managers to lead specific topics within DevRel. - Stay Informed: Engage with the monthly updates and open calls to follow the foundation's progress. Key Words and Themes: DevRel Foundation Developer Relations (DevRel) Linux Foundation Open Participation Inclusive Governance Community-Driven Initiatives Job Descriptions in DevRel GitHub and Discord Collaboration Nonprofit Organization Volunteer-Driven Transcript [00:00:00] PJ Haggerty: Hey everybody. And welcome to another episode of Community Pulse. We're super excited to have you. [00:00:04] PJ Haggerty: This week we decided we would take a look at a new phenomenon, the DevRel Foundation, the Developer Relations Foundation from our friends at the Linux Foundation. [00:00:12] PJ Haggerty: Some of you are probably already aware of it. Some of you are probably in the discord chat. Some people might not know about it at all. So we want to take this opportunity to share some information about it and see what we could find out and how we felt about it. So with that, I am joined by, of course, Jason Hand and Wesley Faulkner. Wesley, you've been doing a lot of work with the DevRel foundation as far as like looking at, working models and how people can actually get things done within the foundation. [00:00:37] PJ Haggerty: So do you want to kick us off and give us a description of what's going on? [00:00:41] Wesley Faulkner: Yes. Let me lay a little bit of the groundwork to understand my involvement and how. So I'm part of the steering committee. There's five of us in total. And I am the newest member of that five person steering committee. [00:00:55] Wesley Faulkner: I've been part of the DevRel foundation since June of this year. [00:01:00] And the foundations, the start of it had, I think, started way before that even before the beginning of the year. And the involvement with the Linux foundation happens like I think in around the February timeframe. And so the thought is that there are Certain types of challenges that are unique to people in dev rel defining what we do is one of them that I think is something that people are familiar with, but others that have been lingering around about how do you measure dev rel and like adequately, like, how do you plan for the future and how do you roll out a developer relations program? [00:01:35] Wesley Faulkner: Those are like the broad strokes of it. So the thought of the Dev Rel foundation is to be a nonpartisan home for these types of discussions. And we are currently set up as the steering committee, as people who are trying to facilitate those conversations, give structure and processing of what timeline we should have these conversations and be helped, like [00:02:00] with the being a home to people to find this, Information once we have it all created and to be a repository for a lot of existing knowledge, but also allow the connection tissue to create new knowledge that is not there right now. [00:02:16] Wesley Faulkner: So that's like the whole arc of it. Depending on when you're listening to this podcast, we are currently enrolling people to take on and champion these specific areas of topics. Here are the lists that we've aggregated from the community of the challenges. [00:02:33] Wesley Faulkner: And we're looking for managers to say I want to champion that and run it to ground to make sure that we actually have things defined to help us all as dev or all practitioners. [00:02:43] PJ Haggerty: And I want to zero in because I think that some people I was in the initial meeting kickoff thing that happened back in June and there was a concern and it was oh, this is a town hall, not really a feedback thing, but more of a town hall where we'll come and tell you what we think is [00:03:00] good and you can come and tell us if you don't think it's good. [00:03:03] PJ Haggerty: But what it really is is a participative activity. Not everybody wants to, and that's okay. But the idea is really behind let's put together a compendium of knowledge about what we do and put that so that when people reference it, they can easily say, this is the way it works. [00:03:22] PJ Haggerty: It's a constantly moving organic body. It's similar to software. There is nothing done on this. Would that, do you think that's accurate? Great. [00:03:31] Wesley Faulkner: Yeah, I think that initially I was on that initial feedback preview call as well. And that session, I think, raised a lot of awareness about how developed the thought was of where things were going to go and how open to input. [00:03:47] Wesley Faulkner: The foundation was to the community and letting the community shape the direction and the focus of the foundation. And I think to its credit, the foundation has taken a lot of that into heart. [00:04:00] And I think that's when I joined actually because of that call or after that call. A lot of the work that I've done, at least on the initial side, was finding a way to make sure that the community's voice is heard. [00:04:12] Wesley Faulkner: And then once we get all of this feedback, how do we actually act on it? Because it feels like if you think about the possibilities, the developer relations, there's just so much out there. How do we choose which ones that we're going to help move forward? And I devised or helped with the rest of the people in the steering committee and other feedback. [00:04:31] Wesley Faulkner: From people like you, PJ, about how we address the needs of the community in a way that doesn't feel exclusionary. [00:04:39] PJ Haggerty: Think exclusionary is the word you're looking for. Yeah. [00:04:40] Wesley Faulkner: And also how do we actually be productive to actually move forward instead of having constant discussions all the time and where do we actually make sure that it was the right time to do action? [00:04:52] Jason Hand: Wesley, I got a question. I feel like a lot of our episodes, we generally take a stance on [00:05:00] when it comes to implementing certain things that it just depends on the situation of the organization, the team, the objectives of the org that they're in, there's always just like so many dependencies and variables that go into an implementation of things to take a stance on, how certain aspects or certain elements of developer relations Has found success. [00:05:23] Jason Hand: I'm wondering if there's plans or if there's been any discussion on including lots of different implementation scenarios rather than trying to be one single source of truth, because I feel like that's probably going to be some pushback and going to be some feedback that maybe we hear from this type of organization or foundation, of what goals do we have about putting into concrete terms what. [00:05:48] Jason Hand: developer relations is or isn't when we know that there's just so many ways to do it, Startups are going to do it one way enterprise is going to do it a different One part of the world's going to do it in one way [00:06:00] versus others so Anyway, just curious what your thoughts are on that [00:06:04] Wesley Faulkner: Yeah, there's different verticals, like there's regulated industries like fintech, there are different areas like nonprofit work and open source software as opposed to closed source software. [00:06:14] Wesley Faulkner: Then there is developer first, and then there's developer plus then you mentioned different languages, but there's also different geos and there's also different access to technologies, like parts of the developing world where steady connected electricity and internet is not something that's. [00:06:31] Wesley Faulkner: So there's many different facets. So the answer is, we are trying to be as inclusive as possible by making sure that people have the opportunity to put forth their specific concern. At the same time, we are requiring that as groups are formed around these topics, that there are at least three managers. [00:06:56] Wesley Faulkner: To each of these topics to make sure that there's not [00:07:00] one perspective that's running the show. And then each of these topics, the managers need to recruit at least eight participants. This is to increase the diversity and the different ways that people see things and to make sure that these edge cases or main cases are incorporated into the final result. [00:07:20] Wesley Faulkner: And last, but not least, this is supposed to be an iterative process. So whatever the group Creates, it will be posted to GitHub and you can, and everyone and anyone can put in pull requests so that their voices are heard and their perspectives are also taken into account. [00:07:39] PJ Haggerty: And you're saying all this and for those of you who are listening to the audio and saying, wow, Wesley really has this down. [00:07:44] PJ Haggerty: Wesley has very much structured this and put it into a GitHub document for people to interact with and understand. And I think this that allayed a lot of my concerns when this first came up, because I was like, is this an exercise in student government where the most popular kids [00:08:00] will be voted into their positions of power. [00:08:01] PJ Haggerty: And everyone else will just sit by the wayside with no voice. And Wesley was very careful to design a way in which that wasn't. I think one of the, one of the things that I liked the most about the structure of this, and we'll add the link to the GitHub and the show notes, but one of the things that I really enjoyed about the structure of this was that anyone who is a manager for only a certain period of time. [00:08:24] PJ Haggerty: This isn't a situation where you are, to use the term, they often use an open source project. You're a benevolent dictator for life. Which is that, that's your Linus's and Your David Heinemeyer Handwritten. It's great that you create this thing. [00:08:37] PJ Haggerty: Please let other people as it evolves, take it over. And that's baked into the design. And I feel like we're laying a lot on Wesley here. And I think that there's varying differences between what even the people on this podcast are doing as far as level of participation. [00:08:51] PJ Haggerty: Like I'm a passive participant. I've been watching what's going on, participating in the discord. Talking to some people about some things, but I'm not a manager. [00:09:00] Wesley's a part of the steering committee. Mary had, is that some of those initial meetings are taking a step back due to some busy work related things. [00:09:07] PJ Haggerty: And Jason, are you in the collective? Are you in the discussion or are you just an external passive observer at this point in time?. [00:09:16] Jason Hand: Definitely a passive observer. I think, just through knowing Wesley and the conversations we have here and there I may be a little closer tHand others in terms of just, when I started hearing about it. [00:09:27] Jason Hand: But yeah, at this point I'm not involved. Other than, like I said, just conversations I've had with Wesley. But definitely curious to learn more about what's going on with it. And I quite honestly, I don't have a lot of depth in knowledge around any of the Linux foundations or any just foundations in general. [00:09:45] Jason Hand: And I don't know if Wesley, if that's something you can dig a little deeper into, like what would somebody who has no knowledge of what the Linux Foundation is and any of the offshoots of that, like what are the core benefits? [00:09:57] Wesley Faulkner: I gotta say that there's something that I have to [00:10:00] say about the Linox Foundation in general is that the foundation is an umbrella of other open source projects. So Linux itself is a Linux Foundation project. Git. Is a Linux foundation project. And there's several other Valky is also big and new and it was just launched at the open source summit. [00:10:21] Wesley Faulkner: In September. [00:10:23] PJ Haggerty: Don't forget about that. Dang Kubernetes that people keep talking about. The kids are all under the coop. Yep. CNCF is [00:10:28] Wesley Faulkner: underneath. Yep. The CNCF is under the Linux foundation. Those projects that you know, and love have come under that same umbrella. [00:10:36] Wesley Faulkner: But I have to say the dev rel foundation is different tHand any of those are in all of the other projects because that this feels more of, A governance body or like a list of documents and not necessarily focused on code and making a product from that standpoint, which I think is a little bit different. [00:10:58] Wesley Faulkner: And the question is [00:11:00] why the Linux foundation, and we have a lot of these addressed in our FAQ, if you go to the But for my take that we wanted a place in a home. That was nonpartisan, meaning like it's not owned by a company or someone with specific interests. One that has a history of supporting software and open source processes and making sure it's community like the way that we come to decisions is open to the community and the community can participate [00:11:32] Wesley Faulkner: I can't think of any that checks all of the boxes. So it's part of the Linux Foundation because it is one that does already have a reputation. They are giving us resources and supporting us from a process standpoint. And it allows us to have access to other projects and maintainers and people who've been doing this way longer tHand we have. [00:11:55] Wesley Faulkner: And so being under that umbrella also gives us that connection and [00:12:00] of the siblings who are also in the project. But also just to make sure that it is noted that we are unfunded product projects under the Linux foundation. So we were not trying to make money. No, one's giving us money. [00:12:14] Wesley Faulkner: It's just right now it's all community and volunteer work. That's in the found formation of this foundation. So it's our passions that are driving it. So if there are better suggestions, we are open to hear it. But right now the Linux Foundation sounds like a really good choice and they've been an excellent partner for us. [00:12:36] Wesley Faulkner: Without her support and her guidance and her doing the intros and her doing a lot of the heavy lifting I think we wouldn't have gotten as far as we have right now. [00:12:47] PJ Haggerty: I think it's interesting you mention that because I know that organically around I had been talking for a couple years with people. Wesley, you and I had a conversation that I think is now two and a half years ago about putting together some sort [00:13:00] governance document, some sort of something to say, this is DevRel. [00:13:05] PJ Haggerty: This is the way it worked. This is, giving some sort of guideline to what this all means. I think that some people might be like the Linux foundation eyebrows raised what's going on here at the same time, I think, without having that logistical support, if not the organizational support, this may never have come off because so many people were working in so many small working groups, but not really getting anywhere because they couldn't figure out that logistical component, like how do we do this and not exclude people? [00:13:32] PJ Haggerty: How do we do this and ensure that we have the good mindshare and the diverse mindshare that we need to actually share this information. These are questions that luckily the Linux foundation has answered before, and therefore they can answer it for this. [00:13:49] Wesley Faulkner: Yeah. I got to say that there's been a lot of reaction to the Linux foundation. [00:13:52] Wesley Faulkner: And even just the DevRel foundation. Let's just talk it from there about one saying, why do we need this? That's one of the feedbacks that we've gotten. The [00:14:00] other is, this is amazing. I, this is, I'm so excited. And then I think what Jason also said is that. I'm going to wait and see, so will we, will this have legs? [00:14:11] Wesley Faulkner: Will this keep going? Will this actually produce anything? Will this make a change? And when we were working on our little project back then, Jason PJ it was, some of the conversations were just like, why are we the two people? Or what, why are we the ones to be able to hold this torch and I think the Linux foundation kind of answers some of those questions in terms of it, are we a trusted organization or who legitimizes us for being a person that could have a voice? [00:14:43] Jason Hand: So one more thing I wanted to touch on because I do see a lot of benefits that can come and clearly there's, great examples from the Linux Foundation of success and how this kind of community effort. Can come together and really help in a lot of ways, but a concrete way that I think really [00:15:00] stands out to me that could help for a lot of those folks who are either new to developer relations or in community in general, or maybe they're out on the market looking for new roles because we do hear so much of a variety in terms of what DevRel can look like. [00:15:15] Jason Hand: And you see it like on new job postings where one company is looking for. With a title as a developer relations professional or some variation of that, but then looking through the description, it looks like it's going to include some roles and responsibilities that have traditionally not aligned with developer relations. [00:15:32] Jason Hand: Oftentimes there's just so much variance in terms of what DevRel roles could look like, but this might actually help. Narrow that a little bit and make it easier for both those who are looking to fill roles and those who are looking to find new roles. We're all speaking the same language on what the expectations are here. [00:15:51] PJ Haggerty: Yeah. There's that centralization concept of, maybe if we can define and say, this is what DevRel looks like, then [00:16:00] maybe the hiring managers and the people at LinkedIn and indeed, and what have you, is Monster.com still a thing? I don't think Monster.com is still a thing. [00:16:07] PJ Haggerty: But maybe the people who are in charge of all of this hiring and doing all these things, maybe they can finally have a good definition to understand that maybe you're not looking for a developer advocate or a developer relations specialist, maybe you're actually looking for someone in marketing. [00:16:24] PJ Haggerty: Maybe you're actually looking for a sales engineer. Who's technically minded, but they're to speak to onboard clients. Maybe you're even looking for customer success. Because like you said, Jason, I've looked at a lot of these job descriptions, especially over here that I was unemployed. [00:16:39] PJ Haggerty: And a lot of these people do not understand that their questions that they're asking or that the positions they're describing are not developer relations positions, but. The buzzwords here. So let's go with what we got. [00:16:52] Wesley Faulkner: And also to be frank, these questions have been answered and probably it's been answered multiple [00:17:00] times by different people and everyone who's been in DevRel for a very long time can see and read these and say, that's actually valid. [00:17:09] Wesley Faulkner: Someone who's brand new may not have that ability to distinguish what is. Actually something that makes sense. I think the DevRel foundation will help those new people to be able to do some of that work for them. [00:17:21] Wesley Faulkner: Not necessarily have to create all this new documentation and resources, but aggregating some of the things that are out there that is really good, high quality work that we can help with bringing them into the fold and allowing people to use us as a central point to jump off and find these other resources. [00:17:38] PJ Haggerty: Yeah, that's awesome. And I think that I'm looking forward to seeing what comes out of it. People should not have an expectation. Let's set some boundaries here. People should not have an expectation that like come January one, the dev rel foundation is about to drop the hottest mixtape you've ever heard about dev rel. [00:17:54] PJ Haggerty: These things are going to take time. Yes, we have hope, but hope takes work. [00:17:59] Wesley Faulkner: [00:18:00] And 1 of the things that we're asking or requiring for all these groups that form is that they give at least a monthly update on 1 of our open calls and open meetings that we do every week. [00:18:10] Wesley Faulkner: If you want to stay abreast about the progress take a look in at. Our GitHub and look at what the process we're working and fostering. And also just, if you have input jump into one of these calls and just talk to the people who are championing these directly. [00:18:26] PJ Haggerty: Or at the very least jump in the discord and see what the conversation is. [00:18:29] PJ Haggerty: Yep. I think there's a lot of good conversation going on over there as well. And with that, thank you for giving us space to talk about this. Enjoy the podcast? Please take a few moments to leave us a review on iTunes (https://itunes.apple.com/us/podcast/community-pulse/id1218368182?mt=2) and follow us on Spotify (https://open.spotify.com/show/3I7g5W9fMSgpWu38zZMjet?si=eb528c7de12b4d7a&nd=1&dlsi=b0c85248dabc48ce), or leave a review on one of the other many podcasting sites that we're on! Your support means a lot to us and helps us continue to produce episodes every month. Like all things Community, this too takes a village. Artwork photo by Ramin Khatibi on Unsplash.

  How is agentic AI reshaping cloud security and what does the future hold for this transformative technology? In today's episode of Tech Talks Daily, I sit down with Loris Degioanni, the founder and CTO of Sysdig, to explore how agentic AI is driving innovation in cloud security. As the creator of Sysdig and the CNCF runtime security tool Falco, Loris brings a wealth of expertise to the conversation, having also been a key contributor to the widely-used open-source network analyzer, Wireshark. We discuss how Sysdig has pioneered the first AI-powered cloud security tool using agentic AI. This groundbreaking approach enables AI agents to function as domain-specific experts, working collaboratively to provide rapid threat detection—reducing response times to under 10 minutes in cloud environments where speed is critical. Loris shares insights into the cultural and technological factors fueling the rise of agentic AI and its potential to revolutionize cybersecurity. The conversation also delves into the promises and pitfalls of agentic AI, such as its ability to handle complex tasks in a way that mimics human teams, alongside challenges like latency and cost. Loris highlights how open-source tools like Falco and Sysdig play a crucial role in advancing AI by making domain-specific knowledge publicly accessible, empowering the broader developer community to optimize AI capabilities. Looking ahead, we explore the future of AI in enterprise and cloud security, including predictions about how conversational interfaces and agentic AI architectures will redefine how businesses interact with and manage security tools. Whether you're curious about the evolution of AI in cybersecurity or interested in learning how Sysdig is leveraging this innovation to address today's challenges, this episode offers a fascinating glimpse into the intersection of technology and security. What are your thoughts on the role of agentic AI in shaping the future of cybersecurity? Join the discussion and share your perspective!

Wie lassen sich IT-Systeme sicherer und gleichzeitig effizienter gestalten? Dimitrij Drus hat mit Heimdall ein Open-Source-Tool entwickelt, das Entwickler:innen den Alltag erleichtert, indem es Authentifizierung und Autorisierung vereinfacht. Im Gespräch mit Anja Kammer berichtet er von der spannenden Entstehungsgeschichte – von den ersten Ideen, den Herausforderungen als One-Man-Show bis zur Einreichung bei der CNCF. Außerdem erzählt er, wie Heimdall weltweit in Projekten eingesetzt wird und welche Erfahrungen aus der Praxis zur Weiterentwicklung des Tools beigetragen haben.

In this special year-end episode of OpenObservability Talks, we are thrilled to host Charity Majors, co-founder and CTO of Honeycomb, for an insightful conversation on the state of observability. Charity and our host Horovits recently delivered keynotes at Open Source Observability Day, which sparked fascinating discussions on the evolution of open observability and its impact on the broader industry. Together, they run a 2024 yearly postmortem on the key insights and trends, exploring what the observability community and industry have accomplished this year. Looking ahead, they also discuss what's on the horizon for observability in 2025 and beyond. Charity Majors pioneered the concept of modern Observability, drawing on her years of experience building and managing massive distributed systems at Parse (acquired by Facebook), Facebook, and Linden Lab building Second Life. She is the co-author of Observability Engineering and Database Reliability Engineering (O'Reilly).  Join us for this fireside chat as we wrap up the year with the influential voices in observability. The episode was live-streamed on 9 December 2024 and the video is available at https://www.youtube.com/watch?v=D7ssNKAmYMs You can read the recap post at https://medium.com/p/94f80fff77e8/ OpenObservability Talks episodes are released monthly, on the last Thursday of each month and are available for listening on your favorite podcast app and on YouTube. We live-stream the episodes on Twitch and YouTube Live - tune in to see us live, and chime in with your comments and questions on the live chat. ⁠⁠https://www.youtube.com/@openobservabilitytalks⁠   https://www.twitch.tv/openobservability⁠ Show Notes: 00:00 - intro 01:51 - major observability trends of 2024 05:14 - OpenTelemetry trends 07:50 - Observability 2.0 14:45 - AI for DevOps and Observability 27:02 - Platform engineering 36:37 - observability query and data analytics 43:40 - observability for business insights 46:53 - how to start observability in Greenfield projects 50:15 - additional use cases for observability 54:11 - controlling cost of observability 58:47 - outro Resources: Practitioner's guide to wide events: https://jeremymorrell.dev/blog/a-practitioners-guide-to-wide-events/ Charity Major's blog on Observability 2.0: https://www.honeycomb.io/blog/time-to-version-observability-signs-point-to-yes Observability Is A Data Analytics Problem: https://insideainews.com/2022/04/07/observability-is-a-data-analytics-problem/ Platform as a Product survey by the CNCF: https://www.linkedin.com/feed/update/urn:li:share:7267977952242397185/ SaaS observability: https://medium.com/p/b2db276305b2 Expensive Metrics: Why Your Monitoring Data and Bill Get Out Of Hand: https://medium.com/p/e5724619e3f1 Sampling best practices: https://logz.io/learn/sampling-in-distributed-tracing-guide/ Socials: Twitter:⁠ https://twitter.com/OpenObserv⁠ YouTube: ⁠https://www.youtube.com/@openobservabilitytalks⁠ Dotan Horovits ============ Twitter: @horovits LinkedIn: www.linkedin.com/in/horovits Mastodon: @horovits@fosstodon BlueSky: @horovits.bsky.social Charity Majors ============ Twitter: https://x.com/mipsytipsy LinkedIn: https://www.linkedin.com/in/charity-majors Mastodon: @mipsytipsy@hachyderm.io BlueSky: https://bsky.app/profile/mipsytipsy.bsky.social

Recebemos uma convidada incrível: uma embaixadora oficial da Cloud Native Computing Foundation (CNCF)! Vamos conhecer sua trajetória, desde os primeiros passos na tecnologia até se tornar referência na comunidade cloud native. Descubra o que é a CNCF, sua contribuição para ferramentas como Kubernetes e Prometheus, e como esses projetos estão moldando o futuro da tecnologia. Além disso, discutimos a importância de participar de comunidades: como elas ajudam a impulsionar carreiras, criar conexões valiosas e acompanhar as últimas tendências do mercado. Edição completa por Rádiofobia Podcast e Multimídia: ⁠⁠https://radiofobia.com.br/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ --- Nos siga no Twitter e no Instagram: @luizalabs @cabecadelab Dúvidas, cabeçadas e sugestões, mande e-mail para o cabecadelab@luizalabs.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ou uma DM no Instagram Participantes: YOHAN RODRIGUES | https://www.linkedin.com/in/yohan-rodrigues/ NATÁLIA GRANATO | https://www.linkedin.com/in/nataliagranato https://www.nataliagranato.xyzhttps://github.com/nataliagranato

Jetstack's cert-manager, a leading open-source project in Kubernetes certificate management, began as a job interview challenge. Co-founder Matt Barker recalls asking a prospective engineer to automate Let's Encrypt within Kubernetes. By Monday, the candidate had created kube-lego, which evolved into cert-manager, now downloaded over 500 million times monthly.Cert-manager's journey to CNCF graduation, achieved in September, began with its donation to the foundation four years ago. Relaunched as cert-manager, the project grew under engineer James Munnelly, becoming the de facto standard for certificate lifecycle management. The thriving community and ecosystem around cert-manager highlighted its suitability for CNCF stewardship. However, maintainers, including Ashley Davis, noted challenges in navigating differing opinions within its vast user base.With graduation achieved, cert-manager's roadmap includes sub-projects like trust-manager, addressing TLS trust bundle management and Istio integration. Barker aims to streamline enterprise-scale deployments and educate security teams on cert-manager's impact. Cert-manager has become integral to cloud-native workflows, promising to simplify hybrid, multicloud, and edge deployments.Learn more from The New Stack about cert-manager:Jetstack's cert-manager Joins the CNCF Sandbox of Cloud Native TechnologiesJetstack Secure Promises to Ease Kubernetes TLS SecurityJoin our community of newsletter subscribers to stay on top of the news and at the top of your game. 

It's that time of the year… Aaron and Brian answer emails and questions for the second half of the year.SHOW: 882SHOW TRANSCRIPT: The Cloudcast #882 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwNEW TO CLOUD? CHECK OUT OUR OTHER PODCAST: "CLOUDCAST BASICS"SHOW NOTES:Question 1 - There was a lot of talk about Broadcom's changes to VMware at the beginning of the year, but not as much since then. What's going on in the world of virtualization?Question 2 - Both of you have talked about working remotely for quite a while. What's your take on RTO mandates? Any suggestions for remote workers? Question 3 - Have either of you found any valuable uses of AI in your day-to-day job? Question 4 - Now that the US elections are over, how do you expect the US Gov't to be involved with the tech industry (anti-trust, CHIPS ACT, AI regulation, etc..)Question 5 - AI models and GPUs  seem to get all the attention in the news. Are there other areas of AI that you think are really important but aren't getting much attention right now?Question 6 - Are cloud skills still considered valuable? Do certifications matter anymore? Question 7 - What's going on in the open source communities like the CNCF? Question 8 - What surprised you the most this year?FEEDBACK?Email: show at the cloudcast dot netBluesky: @cloudcastpod.bsky.socialTwitter/X: @cloudcastpodInstagram: @cloudcastpodTikTok: @cloudcastpod

This week on The Business of Open Source, I have a special episode recorded on-site at KubeCon NA this fall, with Ramiro Berrelleza, the CEO of Okteto. We kicked off the conversation with a discussion about branding. Okteto is the name of the company, the name of the project and the name of the product. We started this conversation because it had been a big part of conversations I had with other founders at KubeCon. Most interesting to me was that while Ramiro explained how that decision was made, he said he was 50% happy with it, 50% not. Which is about the same as what I hear from founders who have made the opposite decision — so maybe there is just no ideal way to approach branding. Some other things we discussed: What's the different from fully embracing open source versus just having an OSI-approved licenseNot donating the project to the CNCF specifically because he wanted to maintain control over the brand; a decision he thinks was a correct one. The specifics of developer marketing, and especially how sometimes developer marketing can be a mix of B2B marketing and B2C. The tensions between the needs and desires of individual users and the needs and desires of their employers. Ramiro and I are on the same wavelength about a couple of things; I particularly appreciated his distinction between users and customers. We ended the conversation with a discussion of the benefits of open source companies — the opportunities that come from being open source that you can't get any other way. Having trouble taking full advantage of your open source project? You might want to work with me, and / or come to Open Source Founders Summit to chat with other open source founders. 

The tech industry faces a paradox: despite high demand for skills, many developers and engineers are unemployed. At KubeCon + CloudNativeCon North America in Salt Lake City, Utah, Andela and the Cloud Native Computing Foundation (CNCF) announced an initiative to train 20,000 technologists in cloud native computing over the next decade. oss O'neill, Senior Program Manager at Andela and Chris Aniszczyk, CNCF's CTO, highlighted the lack of Kubernetes-certified professionals in regions like Africa and emphasized the need for global inclusivity to make cloud native technology ubiquitous.Andela, operating in over 135 countries and founded in Nigeria, views this program as a continuation of its mission to upskill African talent, aligning with its partnerships with tech giants like Google, AWS, and Nvidia. This initiative also addresses the increasing employer demand for Kubernetes and modern cloud skills, reflecting a broader skills mismatch in the tech workforce.Aniszczyk noted that companies urgently seek expertise in cloud native infrastructure, observability, and platform engineering. The partnership aims to bridge these gaps, offering opportunities to meet evolving global tech needs.Learn more from The New Stack about developer talent, skills and needs: Top Developer Skills for AI and Cloud Jobs5 Software Development Skills AI Will Render ObsoleteCloud Native Skill Gaps are Killing Your GainsJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.  

This week on the Business of Open Source, I have an episode recorded on-site at KubeCon SLC last month with Cole Kennedy, co-founder of TestifySec. We kicked off the conversation with a discussion about software development practices in the US Department of Defense and the US government at large — and the challenges involved with deploying quickly and frequently when you have to keep things both compliant and security. Here are some of the take aways from the conversation: Why TestifySec decided to donate Archivista and Witness, their two open source projects, to the CNCF — in particular, because they don't see their business model as directly monetizing either. How they monetize with a SaaS platform instead“Founder-market fit” — Cole used to work as a developer for the Department of Defense, and that gives him a unique perspective on the needs and pain points specific to defense organizations. Changing culture with software. During our conversation, it really struck me that a lot of the problems around compliance are organizational culture problems, not just software problems. How do you use software to change culture? The main advantage of open source, Cole says, is the feedback loop you get with your users, including people using the software in ways you never thought possible. Advertisement time! Are you struggling to figure out how your investment in open source translates to revenue? Do you want to figure how to increase the percentage of users who even know the commercial product exists? You might want to work with me. And if you are a founder of an open source company, consider coming to Open Source Founders Summit, the only conference dedicated to building financially successful and sustainable open source companies. Attendance is restricted to founders and leadership in open source companies. Check it out here. 

Join us as Taylor Dolezal unpacks the intricate workings of the CNCF, covering project lifecycles, technical advisory roles, and the impact of community contributions on open-source evolution.Taylor Dolezal is the Head of Ecosystem at the Cloud Native Computing Foundation (CNCF), where he fosters collaboration and innovation across the cloud-native community. Formerly a Developer Advocate at HashiCorp, supporting tools like Terraform, he also brings experience as a Lead SRE Engineer at Walt Disney Studios.

In this Telemetry News Now episode, Phil, Justin, and Leon discuss the launch of the CNCF's OpenTelemetry certification, security concerns after recent damages in the Baltic Sea, Cisco's partnership with NTT DATA to enhance global 5G connectivity, and Arista Networks' growth driven by AI data centers. And as always, we end with a quick recap of important upcoming events.

The week before Thanksgiving is always busy and this year was packed with great conferences. Super Computing 24 took place in Atlanta and there was plenty to discuss with over 17,000 attendees learning about the latest technology. Let's dive in to a few key announcements. Time Stamps: 0:00 - Welcome to the Rundown 1:29 - Clumio Backtrack Announced by Commvault 7:11 - Aryaka Unveils New Survey Report Exploring Network Security Trends in Manufacturing 11:16 - Techstrong Launches PlatformEngineering.com 15:25 - ISPs Say Their Customer Service is Great 20:23 - Red Hat Donates Tools to CNCF 23:56 - Cybercrime Costs Brits Billions of Bills 28:27 - Announcements from Supercomputing 2024 43:41 - The Weeks Ahead 45:40 - Thanks for Watching Hosts: Tom Hollingsworth: https://www.twitter.com/NetworkingNerd Stephen Foskett: https://www.twitter.com/SFoskett Follow Gestalt IT Website: https://www.GestaltIT.com/ Twitter: https://www.twitter.com/GestaltIT LinkedIn: https://www.linkedin.com/company/Gestalt-IT #Rundown, #Supercomputing24, #Cybersecurity, #Networking, #AI, @ClumioInc, @Commvault, @Aryaka, @TechstrongGroup, @TechstrongTV, @RedHat, @NVIDIA, @HPE, @HammerspaceInc, @Solidigm, @Purestorage, @AMD,

KubeCon North America 2024 took place in Salt Lake City, Utah on Nov 12-15. We interviewed people on the show floor to gather their impressions of the event, what they learned and what they want to see in the future.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod   News of the week Cert-manager is a CNCF graduate project Dapr is a CNCF Graduated project Dapr episode on the Kubernetes Podcast Istio 1.24 release. Ambient Mesh GA Cloud Native Heroes Challenge CNCF Flagship events for 2025 New Cloud Native Certifications Kubernetes certifications prices increase in 2025 wasmCloud is a CNCF incubated project SpectroCloud $75 million Series C funding Solo.io donates Gloo API Gateway to the CNCF   Links from the interview Guests: Rajas Kakodkar Jeremy Rickard Rey Lejano Jimmy Zelinskie Frederic Branczyk Lucy Sweet Sreekaran Srinath Joe Thompson Tag runtime SIG Security SIG Docs WG LTS The Maintainer Monologues - Sarah Christoff, Jason Hall, Scott Rigby, Karen Chu & Ryan Nowak Expanding the Capabilities of Kubernetes Access Control - Jimmy Zelinskie & Lucas Käldström

Catch up on everything you missed at KubeCon North America 2024! Join us for a special recap that brings you closer to the action. This is a special episode in collaboration with the Cloud Native Computing Foundation (CNCF), the foundation behind KubeCon+CloudNativeCon and the cloud-native projects. Dotan Horovits, our host and a CNCF Ambassador, will be joined by an all-star panel of cloud-native experts—CNCF Ambassadors Viktor Farcic and Max Körbächer—each bringing their unique insights and takeaways from the conference. Together, they unpack the major project announcements and key themes from this year's event: the standout talks, co-located events, maintainer meetings and those memorable hallway conversations. Get insights from the experts who know the cloud-native space inside out. Viktor Farcic is a lead rapscallion at Upbound and a published author. He is a host of the YouTube channel DevOps Toolkit and a co-host of DevOps Paradox. Max is Co-Founder at Liquid Reply. He is Co-Chair of the CNCF Environmental Sustainability Technical Advisory Group and served 3 years at the Kubernetes release team. He runs the Munich Kubernetes Meetup as well as the Munich and Ukraine Kubernetes Community Days. Dotan Horovits is a DevOps specialist with special focus on observability solutions and related open source projects such as OpenTelemetry, Jaeger, Prometheus and OpenSearch. He runs the OpenObservability Talks podcast, now in its 5th year. Don't miss this expert-led KubeCon recap, in collaboration with the Cloud Native Computing Foundation's official channel! The episode was live-streamed on 19 November 2024 in collaboration with the Cloud Native Computing Foundation, and the video is available at https://www.youtube.com/watch?v=1TrPev5IzB8 You can read the recap post: https://medium.com/@horovits/1362959030c1 OpenObservability Talks episodes are released monthly, on the last Thursday of each month and are available for listening on your favorite podcast app and on YouTube. We live-stream the episodes on Twitch and YouTube Live - tune in to see us live, and chime in with your comments and questions on the live chat. ⁠⁠https://www.youtube.com/@openobservabilitytalks⁠   https://www.twitch.tv/openobservability⁠ Show Notes: 00:00 - episode and speaker intro 02:45 - KubeCon Salt Lake City stats and trends 05:26 - The cloud-native stack is maturing up 08:12 - KubeCon's role in the cloud-native space 11:23 - Platform Engineering trend 14:07 - Open specifications and Kubernetes API 18:44 - Flatcar joins the CNCF with container focused OS 24:54 - wasmCloud moves to CNCF incubation and WASMCon highlights 31:49 - CNCF Ambassador program and recent Community Awards 35:24 - KubeCon event plan and expansion, and local KCDs 43:34 - Environmental Sustainability TAG 47:46 - Dapr and cert-manager reached CNCF graduation 51:11 - Cloud Native Reference Architectures 54:39 - observability updates for Jaeger, Prometheus and more 58:53 - episode outro Resources: CNCF community awards: https://www.cncf.io/announcements/2024/11/14/cloud-native-computing-foundation-announces-the-2024-community-awards-winners/ Dapr graduation: https://www.cncf.io/announcements/2024/11/12/cloud-native-computing-foundation-announces-dapr-graduation/ wasmCloud moves to incubation: https://www.cncf.io/blog/2024/11/12/cncf-welcomes-wasmcloud-to-the-cncf-incubator/ More on wasmCloud: https://medium.com/p/02a5025c6115 OpenTelemetry expands into CI/CD observability https://www.linkedin.com/feed/update/urn:li:share:7259200802689273856 Jaeger v2 unveiled https://medium.com/p/be612dbee774 Prometheus 3.0 unveiled https://medium.com/p/1c5edca32c87 Flatcar joins the CNCF https://www.linkedin.com/feed/update/urn:li:share:7257278073824288768/ OpenCost matured into incubation https://www.linkedin.com/feed/update/urn:li:share:7257826394179522562 New Cloud Native Reference Architecture hub: https://architecture.cncf.io/ CNCF upcoming events: https://www.cncf.io/events/ Kubernetes Community Days events around the world https://www.cncf.io/kcds/ Socials: Twitter:⁠ https://twitter.com/OpenObserv⁠ YouTube: ⁠https://www.youtube.com/@openobservabilitytalks⁠ Dotan Horovits ============ Twitter: @horovits LinkedIn: www.linkedin.com/in/horovits Mastodon: @horovits@fosstodon BlueSky: @horovits.bsky.social Viktor Farcic =========== Twitter: https://twitter.com/vfarcic LinkedIn: https://www.linkedin.com/in/viktorfarcic BlueSky: https://bsky.app/profile/vfarcic.bsky.social Max Körbächer ============= Twitter: https://twitter.com/mkoerbi LinkedIn: https://www.linkedin.com/in/maxkoerbaecher BlueSky: https://bsky.app/profile/mkoerbi.bsky.social Mastodon: https://fosstodon.org/@mkorbi@mastodon.social

This week, we cover Netflix's streaming hiccups, cloud earnings updates, Red Hat's CNCF donations, and the potential sale of Chrome. Plus, a few thoughts on parenting. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=7qe9xOqN-Lk) 494 (https://www.youtube.com/watch?v=7qe9xOqN-Lk) Runner-up Titles The dog peed on it. Jamin's favorite Excel macros. Change up the noodles. 0.7 good tips there The tiniest of rebellions Win one for the stockholders Candor A datacenter with a gift shop. VP of Cables has cucumber water with VP of Monitors. You can't open source a monitor. Rundown Netflix Netflix's Boxing Event, Customer Acquisition vs. Churn Mitigation, Accounting for Events (https://stratechery.com/2024/netflixs-boxing-event-customer-acquisition-vs-churn-mitigation-accounting-for-events/?access_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InN0cmF0ZWNoZXJ5LnBhc3Nwb3J0Lm9ubGluZSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJzdHJhdGVjaGVyeS5wYXNzcG9ydC5vbmxpbmUiLCJhenAiOiJIS0xjUzREd1Nod1AyWURLYmZQV00xIiwiZW50Ijp7InVyaSI6WyJodHRwczovL3N0cmF0ZWNoZXJ5LmNvbS8yMDI0L25ldGZsaXhzLWJveGluZy1ldmVudC1jdXN0b21lci1hY3F1aXNpdGlvbi12cy1jaHVybi1taXRpZ2F0aW9uLWFjY291bnRpbmctZm9yLWV2ZW50cy8iXX0sImV4cCI6MTczNDYxMzIxMiwiaWF0IjoxNzMyMDIxMjEyLCJpc3MiOiJodHRwczovL2FwaS5wYXNzcG9ydC5vbmxpbmUvb2F1dGgiLCJzY29wZSI6ImZlZWQ6cmVhZCBhcnRpY2xlOnJlYWQgYXNzZXQ6cmVhZCBjYXRlZ29yeTpyZWFkIGVudGl0bGVtZW50cyIsInN1YiI6IlRIMzRnVkN5aHhXZ21uQWZ0WEZtdVMiLCJ1c2UiOiJhY2Nlc3MifQ.AyMwbazpm5LR_zhwZiRLStIqxPaGuHbceNMyKVLcX4NNRg24VPow2YD-dCJbLx5RtePzQE87rXOA3LOTlPuRCJ07Z30HjhTordjCFnw8vz2mLtXe-oe4-It-_VoIvCnAutn5g1bP9rvIbWKvVcA0oteGHOEGMuIVZ7YDxghRvj6elT2Pz5fMcrwwjHKC3N5kIrZcxSTZVxFufWHx2FaYh6uelE8aVrzFOp6_VhvusKvvCkLI8rtRJKMyfLGMQRadts_RKnxXUB19eRcJgs1AiLUs2bmuSLUKvudnwpv3EimElaeKHUh9MqUljEGIXe89dgtImlpotzmvU0VKPy9cIg) Disney sets India Cricket Viewership Record for TV, streaming during World Cup (https://www.bmpsportsevents.com/blog-posts/disney-sets-india-cricket-viewership-record-for-tv-streaming-during-world-cup) Netflix Culture (https://jobs.netflix.com/culture) Earnings Amazon Reports Record $15.3 Billion Profit (https://www.nytimes.com/2024/10/31/business/amazon-q3-earnings.html?smid=nytcore-ios-share&referringSource=articleShare) Clouded Judgement 11.1.24 - Amazon, Google, Microsoft & Meta on AI and CapEx (https://cloudedjudgement.substack.com/p/clouded-judgement-11124-amazon-google?utm_source=post-email-title&publication_id=56878&post_id=150968391&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Amazon Earnings, Robotics and Amazon's Expanding 1P Business (https://stratechery.com/2024/amazon-earnings-robotics-and-amazons-expanding-1p-business/?access_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InN0cmF0ZWNoZXJ5LnBhc3Nwb3J0Lm9ubGluZSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJzdHJhdGVjaGVyeS5wYXNzcG9ydC5vbmxpbmUiLCJhenAiOiJIS0xjUzREd1Nod1AyWURLYmZQV00xIiwiZW50Ijp7InVyaSI6WyJodHRwczovL3N0cmF0ZWNoZXJ5LmNvbS8yMDI0L2FtYXpvbi1lYXJuaW5ncy1yb2JvdGljcy1hbmQtYW1hem9ucy1leHBhbmRpbmctMXAtYnVzaW5lc3MvIl19LCJleHAiOjE3MzM5MjMzMjUsImlhdCI6MTczMTMzMTMyNSwiaXNzIjoiaHR0cHM6Ly9hcGkucGFzc3BvcnQub25saW5lL29hdXRoIiwic2NvcGUiOiJmZWVkOnJlYWQgYXJ0aWNsZTpyZWFkIGFzc2V0OnJlYWQgY2F0ZWdvcnk6cmVhZCBlbnRpdGxlbWVudHMiLCJzdWIiOiJUSDM0Z1ZDeWh4V2dtbkFmdFhGbXVTIiwidXNlIjoiYWNjZXNzIn0.HO5sxW0eBQFKsqs38nWX6yVSp9OQh-tJNkNI7Nyib6zZxAbAEMMnfy2dJDBTZ4ZqZBXqfo5VqJhrBPhELzTg2M_rOrDWOaotGl1eqYHpBiPVdxuXBoXN6_ME7fut7d32Hr9FfAol8201Q3n6sOvQ7YBYyCDBJosEelNtWKICsg98WJ01Sd2EuZz-3XtA3gSziu7yhVsKX5cw_6sLtUPyyUwLaOqutRaJfvdhQVynvKmrgyX5OtlU60MmcwXrPWXDcptcesUUyAwzClRNIOIrSrPVvawNL66mJL24oyrbDFgUUJT4yVYHiuylb_JO1otCftQNhGkv0iOft8N0NPVpfg) Cloud market share shows vendors eyeing a $1T opportunity (https://siliconangle.com/2024/11/16/cloud-market-share-shows-vendors-eyeing-1t-opportunity/) Windows 365 Link is a $349 mini PC that streams Windows from the cloud (https://www.theverge.com/2024/11/19/24299789/microsoft-windows-365-link-device-cloud-pc) Going Open Source Red Hat to Donate Podman Along With Other Container Tools to CNCF (https://cloudnativenow.com/kubecon-cnc-na-2024/red-hat-to-donate-podman-along-with-other-container-tools-to-cncf/) Salesforce's Heroku platform open-sources Twelve Factor project (https://siliconangle.com/2024/11/15/twelve-factor-project-open-source-salesforce-kubecon/) Twelve-Factor App Methodology is now Open Source (https://12factor.net/blog/open-source-announcement) DOJ Will Push Google to Sell off Chrome to Break Search Monopoly (https://www.bloomberg.com/news/articles/2024-11-18/doj-will-push-google-to-sell-off-chrome-to-break-search-monopoly) Relevant to your Interests These are the passwords you definitely shouldn't be using (https://www.theverge.com/2024/11/13/24295543/most-common-passwords-list-2024) Datacenter Anatomy Part 1: Electrical Systems (https://semianalysis.com/2024/10/14/datacenter-anatomy-part-1-electrical/) New Apple security feature reboots iPhones after 3 days, researchers confirm (https://techcrunch.com/2024/11/14/new-apple-security-feature-reboots-iphones-after-3-days-researchers-confirm/) AI companies hit a scaling wall (https://www.platformer.news/openai-google-scaling-laws-anthropic-ai/) Invisible asymptotes — Remains of the Day (https://www.eugenewei.com/blog/2018/5/21/invisible-asymptotes) Clouded Judgement 11.14.24 - Market Tipping to Growth (https://cloudedjudgement.substack.com/p/clouded-judgement-111424-market-tipping) For the first time in 25 years, the number of software engineers dropped (https://x.com/mjovanc/status/1857720025563439295) The CNCF's plan to crowdfight patent trolls (https://www.runtime.news/the-cncfs-plan-to-crowdfight-patent-trolls/?ref=runtime-newsletter) Maybe Bluesky has “won” (https://anderegg.ca/2024/11/15/maybe-bluesky-has-won) Having 30,000 followers makes you a celebrity, UK advertising watchdog rules (https://www.theverge.com/2019/7/4/20682087/instagram-twitter-celebrity-30000-followers-advertising-standards-authority-uk) The Influence of Bell Labs (https://www.construction-physics.com/p/the-influence-of-bell-labs) Leaked Amazon memos identify critical flaws in the upcoming AI version of Alexa (https://fortune.com/2024/11/18/new-ai-alexa-latency-problems-echo-compatibility-uber-opentable/) RIP to RPA: The Rise of Intelligent Automation | Andreessen Horowitz (https://a16z.com/rip-to-rpa-the-rise-of-intelligent-automation/) Twenty is building an open source alternative to Salesforce (https://techcrunch.com/2024/11/18/twenty-is-building-an-open-source-alternative-to-salesforce/) Chips RISC-V — the CPU you didn't know you already have (https://adrianco.medium.com/risc-v-the-cpu-you-didnt-know-you-already-have-ff2f385f7ec6) Arm to Cancel Qualcomm Chip Design License (https://archive.md/FcXRW) The RVA23 profile is now ratified, so RISC-V gets satisfied (https://www.theregister.com/2024/10/23/rva23_profile_ratified/) Intel losses hit $16.6B as restructuring efforts take a toll (https://www.theregister.com/2024/11/01/intel_q3_2024/) Intel Was Just Dropped From the Dow (https://www.fool.com/investing/2024/11/05/intel-dropped-from-dow-djia-history-happen-next/) How much Apple Silicon improves with each release (https://appleinsider.com/articles/24/11/06/generation-gaps-how-much-faster-apple-silicon-gets-with-each-release) Nonsense Bojangles to install ordering kiosks across its system (https://www.restaurantdive.com/news/bojangles-grubbrr-installation-kiosks/732460/) 'Simpsons'-themed broadcast means Bengals-Cowboys won't be flexed (https://www.nytimes.com/athletic/5932410/2024/11/19/bengals-vs-cowboys-mnf-not-flexed-simpsons-alt-cast/?source=user_shared_article) Listener Feedback Deutsche Börse Cloud Exchange AG (https://en.wikipedia.org/wiki/Deutsche_B%C3%B6rse_Cloud_Exchange_AG) LibreLinkUp Status Bar a VS Code extension to display good glucose level in the status bar (https://marketplace.visualstudio.com/items?itemName=borkod.librelinkup-vs-code-extension) Conferences CfgMgmtCamp (https://cfgmgmtcamp.org/ghent2025/), February 2rd to 5th. DevOpsDayLA (https://www.socallinuxexpo.org/scale/22x/events/devopsday-la) at SCALE22x (https://www.socallinuxexpo.org/scale/22x), March 6-9, 2025, discount code DEVOP SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Silo Season 2 (https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwiDr7fyuOmJAxX3Sf8BHXDxOLYYABAAGgJtZA&ae=2&co=1&gclid=Cj0KCQiAi_G5BhDXARIsAN5SX7oulKQPevGaYaSaUDENHbWyKOcMu4Fmlc4iCckvLOeL6efJ5O2cjGwaAhrNEALw_wcB&ohost=www.google.com&cid=CAESVeD2KJUTEM8UiN83N5t9ZLDm6pVzs_bp0Nv22irf8c10iQpHCSaeMICL3a5Z0KW71vqjmjtEZN-nmHWD5NzWkGS6PAdJQ7nzZWHjww4Bd4X7JwFb9yk&sig=AOD64_1o6vDN1m33XOCeIfBmYKhiq2cH7Q&q&adurl&ved=2ahUKEwjckLDyuOmJAxUbw_ACHZelJwUQ0Qx6BAgpEAE) Matt: Followup - Spotify Premium limits audiobooks to 10 hours a month

This week, we cover OpenCost's big incubation milestone, CNCF's graduation rules, and a flurry of tech acquisitions. Plus, some thoughts on teaching kids about passwords. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=nWPR3HLPjfI) 493 (https://www.youtube.com/watch?v=nWPR3HLPjfI) Runner-up Titles Yes, No, Maybe Infinite Password Loop Bring your kids to work day: passwords. Password Talk Escaping characters Stone Cold Steve Austin Don't hire people with pets Eats AWS stuff natively. I compete on my ASCII character set.Stay in the sandbox Enron for cloud purchasing Rundown OpenCost Advances to CNCF Incubation (https://www.opencost.io/blog/cncf-incubation) Episode 492: Aran Khanna on Cloud Insurance (https://www.softwaredefinedtalk.com/492) VMware Reflections from Explore Barcelona and the Challenges of Modern App Delivery (https://news.broadcom.com/app-dev/reflections-from-explore-barcelona-and-the-challenges-of-modern-app-delivery) New SMB subscription may not end VMware migrations (https://arstechnica.com/information-technology/2024/11/new-smb-friendly-subscription-tier-may-be-too-late-to-stop-vmware-migrations/) M&A Apple to Acquire Pixelmator, Maker of Popular Photo-Editing Apps (https://www.bloomberg.com/news/articles/2024-11-01/apple-to-acquire-pixelmator-maker-of-popular-photo-editing-apps?utm_medium=email&utm_source=author_alert&utm_term=241101&utm_campaign=author_19842959) Red Hat acquires AI optimization startup Neural Magic (https://techcrunch.com/2024/11/12/red-hat-acquires-ai-optimization-startup-neural-magic/) IBM's Red Hat Acquisition Will Pay For Itself By Early Next Year (https://www.nextplatform.com/2024/10/24/ibms-red-hat-acquisition-will-pay-for-itself-by-early-next-year/) Snyk Acquires Developer-First DAST Provider Probely (https://www.globenewswire.com/news-release/2024/11/12/2979082/0/en/Snyk-Acquires-Developer-First-DAST-Provider-Probely.html) IBM's Red Hat Acquisition Will Pay For Itself By Early Next Year (https://www.nextplatform.com/2024/10/24/ibms-red-hat-acquisition-will-pay-for-itself-by-early-next-year/) VMware Reflections from Explore Barcelona and the Challenges of Modern App Delivery (https://news.broadcom.com/app-dev/reflections-from-explore-barcelona-and-the-challenges-of-modern-app-delivery) New SMB subscription may not end VMware migrations (https://arstechnica.com/information-technology/2024/11/new-smb-friendly-subscription-tier-may-be-too-late-to-stop-vmware-migrations/) Coté's take on Explore, in last week's Cloud Foundry Weekly (https://www.youtube.com/watch?v=Wkgwl9mKL2Y). RTO Amazon employees are a flight risk after the new return-to-office mandate, research reveals (https://finance.yahoo.com/news/amazon-exec-says-9-10-103742343.html) Remote work reduces child penalties by roughly half (https://x.com/arpitrage/status/1849530101035160031) Read the letter sent to AWS CEO Matt Garman, signed by 500 employees, (https://www.businessinsider.com/amazon-employees-open-letter-aws-ceo-office-return-rto-2024-10) Amazon CEO Andy Jassy denies that 5-day office mandate is a 'backdoor layoff' (https://www.cnbc.com/2024/11/05/amazon-ceo-andy-jassy-5-day-office-mandate-isnt-a-backdoor-layoff.html) Washington Post Employees Ordered Back to Office 5 Days a Week (https://www.nytimes.com/2024/11/07/business/media/washington-post-return-to-office.html?smid=nytcore-ios-share&referringSource=articleShare) Everyone agrees: A shorter workweek is great! (https://thehustle.co/news/everyone-agrees-a-shorter-workweek-is-great) Return-to-office mandates are more than “backdoor layoffs” (https://overcast.fm/+AAQLdtAb8Tc) Relevant to your Interests Google CEO says over 25% of new Google code is generated by AI (https://arstechnica.com/ai/2024/10/google-ceo-says-over-25-of-new-google-code-is-generated-by-ai/) Threads has 275 M Monthly Users (https://www.threads.net/@alexheath/post/DBw02uLSE53?xmt=AQGzqxkKe87WI9ToiqUrcEIU6mxhBohSO8BNX4ve1zqRHQ) Dropbox is laying off 20% of its global workforce (https://www.threads.net/@cnbc/post/DBwYF88uYSr?xmt=AQGz-t_BCEcQFjjZwD05xps9bJGHO7FL25RD1h6JIauuOQ) From IaC to Cloud Management: Pulumi's Evolution Story (https://thenewstack.io/from-iac-to-cloud-management-pulumis-evolution-story/) For Jeff Bezos and his businesses, Washington has become more important (https://www.washingtonpost.com/nation/2024/10/30/bezos-business-federal-government/) Russian court fines Google $2 decillion (https://www.theregister.com/2024/10/29/russian_court_fines_google/) GitHub Next | GitHub Spark (https://githubnext.com/projects/github-spark) The MacBook Air gets a surprise upgrade to 16GB of RAM (https://www.theverge.com/2024/10/30/24282981/apple-macbook-air-m2-m3-16gb-ram-minimum-price-unchanged) Meta says open sourcing Llama models will be a money-saver (https://www.theregister.com/2024/10/31/meta_q3_2024/) Google employees pressure costumed execs at all-hands meeting for clarity on cost cuts (https://www.cnbc.com/2024/11/01/google-employees-pressure-execs-at-all-hands-for-clarity-on-cost-cuts.html) Intel's future laptops will have memory sticks again (https://www.theverge.com/2024/11/1/24285513/intel-ceo-lunar-lake-one-off-memory-package-discrete-gpu) Against Incident Severities and in Favor of Incident Types (https://www.honeycomb.io/blog/against-incident-severities-favor-incident-types) Nintendo Just Launched a Music Streaming App, and It's Surprisingly Good (https://gizmodo.com/nintendo-just-launched-a-music-streaming-app-and-its-surprisingly-good-2000518802) Why The US Military Chose Silicon-Graphene Batteries (https://www.youtube.com/watch?v=l60hjFvj64s) Warren Buffett's GEICO repatriates work from the cloud (https://www.thestack.technology/warren-buffetts-geico-repatriates-work-from-the-cloud-continues-ambitious-infrastructure-overhaul/) Google Confirms Jarvis AI Is Real by Accidentally Leaking It (https://gizmodo.com/google-confirms-jarvis-ai-is-real-by-accidentally-leaking-it-2000521089) Curbside charging is coming to Michigan. (https://www.theverge.com/2024/11/6/24289516/curbside-charging-is-coming-to-michigan) Nintendo says the Switch successor will be compatible with Switch games (https://www.theverge.com/2024/11/5/24284745/switch-2-backward-compatibility-nintendo-online-preservation) Platform vs. DevEx teams: What's the difference? (https://newsletter.getdx.com/p/platform-vs-devex-teams) Why Strava Is a Privacy Risk for the President (and You Too) (https://lifehacker.com/health/stravas-heatmap-privacy-problem) Thunderbolt 5: Only Necessary for the Most Demanding Uses (https://tidbits.com/2024/11/06/thunderbolt-5-only-necessary-for-the-most-demanding-uses/) Guide to Selling Your Company (https://www.onlycfo.io/p/guide-to-selling-your-company) The mystery of Masayoshi Son, SoftBank's great disrupter (https://on.ft.com/3ADujb9) IronCalc (https://www.ironcalc.com/?utm_source=changelog-news) Neptyne is shutting down (https://www.neptyne.com/blog/neptyne-is-shutting-down) OpenAI, Google and Anthropic Are Struggling to Build More Advanced AI (https://www.bloomberg.com/news/articles/2024-11-13/openai-google-and-anthropic-are-struggling-to-build-more-advanced-ai) Matt Mullenweg says Automattic is 'very short-staffed' amid WordPress vs. WP Engine drama (https://techcrunch.com/2024/10/30/matt-mullenweg-says-automattic-is-very-short-staffed-amid-wordpress-vs-wp-engine-drama/) Automattic offered employees another chance to quit — this time with nine months' severance (https://techcrunch.com/2024/10/17/automattic-offered-employees-another-chance-to-quit-this-time-with-nine-months-severance/) Automattic's new site tracks how many websites left WP Engine following feud (https://techcrunch.com/2024/11/07/automattics-new-site-tracks-how-many-websites-left-wp-engine-following-feud-with-matt-mullenweg/) Cloudflare Blocks Automattic's WP Engine Tracker For Phishing (https://www.searchenginejournal.com/cloudflare-blocks-automattics-wp-engine-tracker-for-phishing/532244/) We're leaving Kubernetes - Blog (https://www.gitpod.io/blog/we-are-leaving-kubernetes) Nonsense 'Infinite monkey theorem' challenged by Australian mathematicians (https://www.bbc.com/news/articles/c748kmvwyv9o) Listener Feedback Anova Precision™ Oven 2.0 (https://anovaculinary.com/products/anova-precision-oven?adnet=g&gad_source=1&gbraid=0AAAAADhfRrCJj9bTdq3Z1e0hmcx0uuIQ5&gclid=Cj0KCQiAlsy5BhDeARIsABRc6Zsk_vcmd7dVaCIchSV2jLrJZSMXP3XPo34xTxNMGiCB3cxtJHwzFzIaAob8EALw_wcB) Conferences SREday Amsterdam (https://sreday.com/2024-amsterdam/), Nov 21, 2024, Coté speaking (https://sreday.com/2024-amsterdam/Michael_Cote_VMwarePivotal_We_Fear_Change), 20% off with code SRE20DAY CfgMgmtCamp (https://cfgmgmtcamp.org/ghent2025/), February 2rd to 5th. DevOpsDayLA (https://www.socallinuxexpo.org/scale/22x/events/devopsday-la) at SCALE22x (https://www.socallinuxexpo.org/scale/22x), March 6-9, 2025, discount code DEVOP SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Overcast (https://overcast.fm) features: Queue (https://www.reddit.com/r/OvercastFm/comments/1ehwixl/add_tomove_to_whats_the_difference/) and Uploads (https://thesweetsetup.com/upload-mp3-files-overcast/) Pixelmater Pro (https://www.pixelmator.com/pro/) Matt: Hardcore History: Wrath of the Khans (https://www.dancarlin.com/product/hardcore-history-wrath-of-the-khans-series/) podcast Wiz Ugly Sweaters Giveaway (https://www.linkedin.com/posts/wizsecurity_you-can-get-one-of-our-exclusive-2025-activity-7262464003807887362-fzNY?utm_source=share&utm_medium=member_desktop) Coté: Political Wire (https://politicalwire.com) Photo Credits Header (https://unsplash.com/photos/switched-on-iphone-dk4en2rFOIE) Artwork (https://unsplash.com/photos/person-holding-black-academic-hat-oTglG1D4hRA)

Thank you to the folks at Sustain (https://sustainoss.org/) for providing the hosting account for CHAOSSCast! CHAOSScast – Episode 97 In this episode of CHAOSScast, Harmony Elendu hosts a discussion with Emily Fox from Red Hat and Dawn Foster, the Director of Data Science at CHAOSS. Today, they explore the new Security Practitioner Guide created to help maintainers, who may lack deep security backgrounds, get started with essential security practices. Emily and Dawn highlight actionable steps, key trends, and simplifications to adopt in maintaining a secure project. They also touch on challenges like vulnerability reporting and the importance of consistent monitoring and updating. Additionally, the guide's flexibility, allowing customization and improvement over time, and the significance of community support are emphasized. Press download now to hear more! [00:02:02] Dawn starts out with providing an overview of CHAOSS Project's Practitioner Guides, which helps newcomers to open source understand key metrics and mentions the current focus on the Security Guide. [00:03:24] Dawn gives us an overview of the Security Practitioner Guide as she describes it as a starting point for maintainers, particularly those without a security background. [00:04:10] Emily emphasizes that many maintainers struggle with starting security practices and shares the two primary security focuses on open source: project security design and repository security. [00:05:38] Harmony notes the importance of project design and patterns, asking about security trends and considerations in open source projects. Dawn mentions the Libyears (dependency freshness) and Release Frequency as key security metrics, and Emily adds that OpenSSF best practices contribute to project quality and maturity. [00:08:32] Harmony asks for insights on how contributors can interpret these metrics. Emily suggests various resources and communities, such as CNCF's tag-security, for maintainers looking to improve security. [00:11:39] Emily discusses common issues with vulnerability reporting and the importance of having a process in place, with community resources available for support. Dawn emphasizes the importance of having basic security policies in place early on in a project and suggests starting out with a simple security.md file to outline how to handle vulnerability reports. [00:15:47] Dawn suggests consulting the Practitioners Guide's “Make Improvements” section, which included adding a security.md file and implementing automation to track outdated dependencies and Emily cautions that metrics are only as effective as their relevance, recommending incremental steps for improvement. [00:18:53] Dawn highlights the importance of the OpenSSF scorecard, which helps both maintainers and OSPOs assess project security. [00:20:29] Emily and Dawn simplify the Practitioner Guides into basic steps and Emily reiterates that projects should define their own security goals and commit to them for consistent improvements. [00:23:56] Harmony emphasizes the importance of documentation for continuity in project security and Dawn reminds us that the Practitioner Guides are MIT-licensed and customizable for different projects. [00:25:11] Dawn and Emily explain where you can ask questions or how to implement things in your project using the Practitioner's Guide. Adds (Picks) of the week: [00:26:55] Dawn's pick is 3D printing and learning how to design new things. [00:28:02] Emily's pick is taking a break from the internet and doing something outside. [00:28:45] Harmony's pick is creating personalized templates to help with document preparation and tasks. Panelists: Harmony Elendu Dawn Foster Guest: Emily Fox Links: CHAOSS (https://chaoss.community/) CHAOSS Project X (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) podcast@chaoss.community (mailto:podcast@chaoss.community) Harmony Elendu X (https://x.com/ogaharmony) Dawn Foster X (https://twitter.com/geekygirldawn?lang=en) Emily Fox LinkedIn (https://www.linkedin.com/in/themoxiefox/) CHAOSS Practitioner Guides (https://chaoss.community/about-chaoss-practitioner-guides/) CHAOSS Practitioner Guide: Security (https://chaoss.community/practitioner-guide-security/) Libyears (https://chaoss.community/kb/metric-libyears/#:~:text=Libyears%20measure%20the%20cumulative%20age,pre%2Drelease%20or%20draft%20versions.) Release Frequency (https://chaoss.community/kb/metric-release-frequency/#:~:text=A%20higher%20frequency%20of%20releases,release%20frequency%20is%20highly%20variable.) Cloud Native Contributors Security Guidelines for New Projects (https://contribute.cncf.io/maintainers/security/security-guidelines/?__hstc=14121576.4fb61b7546863875121fa3925ca0436f.1730700856190.1730700856190.1730744858650.2&__hssc=14121576.1.1730744858650&__hsfp=3331628428) GitHub Docs-Adding a security policy to your repository (https://contribute.cncf.io/maintainers/security/security-guidelines/?__hstc=14121576.4fb61b7546863875121fa3925ca0436f.1730700856190.1730700856190.1730744858650.2&__hssc=14121576.1.1730744858650&__hsfp=3331628428) OpenSSF Scorecard (https://scorecard.dev/) OpenSSF-Source Code Management Platform Configuration Best Practices (https://best.openssf.org/SCM-BestPractices/?__hstc=14121576.4fb61b7546863875121fa3925ca0436f.1730700856190.1730700856190.1730744858650.2&__hssc=14121576.1.1730744858650&__hsfp=3331628428) CNCF tag-security: Self-assessment (https://github.com/cncf/tag-security/blob/main/community/assessments/guide/self-assessment.md) CHAOSScast Podcast-Episode 85: Introducing CHAOSS Practitioner Guides: #1 Responsiveness (https://podcast.chaoss.community/85) CHAOSScast Podcast-Episode 88: Practitioner Guides: #2 Contributor Sustainability (https://podcast.chaoss.community/88) CHAOSScast Podcast-Episode 89: Practitioner Guides: #3 Organizational Participation (https://podcast.chaoss.community/89) CHAOSScast Podcast-Episode 93: Guest Episode-Sustain meets CHAOSScast to talk about Practitioner Guides (https://podcast.chaoss.community/93) Dawn Foster- Maker World (https://makerworld.com/en/@user_3491927221) Special Guest: Emily Fox.

Open Source is the Best Thing that happened to IT"! Powerful words from Marcio Lena who has been using and contributing back to open source for the past 20+ years. Besides being a vivid advocate for open source, Marcio also knows the concerns of large enterprises when picking open source projects.Tune in and follow our discussion about how to identify a healthy open-source project, how to balance between vendor and community lock-in, the power of open standards such as OpenTelemetry, open source business models as well as that contributing to open source is not limited to code but includes documentation, education and advocacy as well!Links we discussed:Marcio's LinkedIn Page: https://www.linkedin.com/in/marcio-lena/CNCF DevStats: https://devstats.cncf.io/Linux Foundation Events: https://events.linuxfoundation.org/CNCF Ambassadors: https://www.cncf.io/people/ambassadors/

Welcome to episode 51 of More Than a Refresh, where JD sits down with Dotan Horovitz, CNCF Ambassador and OpenObservability Talks Podcast Host. This episode is part of our series with The Open Source Observability Day Conference, where we're giving conference speakers an opportunity to speak beyond their abstract. In this episode, Dotan and JD discuss buzz word compliance, solutions looking for problems, and observability as more than just three pillars. For more information on The OSOD Conference, please visit ⁠https://osoday.com/ To listen to The OpenObservability Talks Podcast, please visit www.youtube.com/@OpenObservabilityTalks

Guests are Avin Regmi and David Xia from Spotify. We spoke to Avin and David about their work building Spotify's Machine Learning Platform, Hendrix. They also specifically talk about how they use Ray to enable inference and batch workloads. Ray was featured on episode 235 of our show, so make sure you check out that episode too. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week IBM acquired Kubecost KubeCon Japan in 2025 Call for Proposals for KubeCon EU 2025 is now open Artifact Hub is a CNCF incubating project OpenMetrics is dead, long live OpenMetrics Kubecolor 0.4.0 Links from the interview Avin Regmi David Xia Hendrix ML Platform Ray on Kubernetes KubeRay Workbench instances Backstage PyTorch Ray Summit 2024 Kueue