Podcasts about Git

Building High-Performing WordPress Sites: Insights from Meeky Hwang, CEO of NdevrIn this episode of The Thoughtful Entrepreneur, host Josh Elledge speaks with Meeky Hwang, CEO and Co-Founder of Ndevr, a development firm specializing in high-performing WordPress solutions. Meeky shares how digital publishers can scale effectively, the "three-legged stool" framework for site success, and how to secure and optimize WordPress for high traffic and e-commerce.The Three-Legged Stool of WordPress SuccessMeeky emphasizes that a successful WordPress site rests on three foundational pillars: audience experience, editor experience, and developer experience. For site visitors, speed, mobile responsiveness, and accessibility are crucial. A seamless front-end experience keeps users engaged and ensures compliance with accessibility standards.From an editorial standpoint, she advises leveraging the Gutenberg block editor and custom workflows to streamline publishing. An intuitive backend not only enhances productivity but also reduces content errors and improves team morale. Editors need tools that fit their workflow, not ones they must work around.For developers, Meeky recommends maintaining a clean codebase, using version control systems like Git, and implementing continuous integration and deployment pipelines. This technical foundation supports performance, security, and scalability—especially critical for high-traffic sites. All three experiences must work in harmony for a WordPress site to perform at its best.About Meeky Hwang:Meeky Hwang is the CEO and Co-Founder of Ndevr, a WordPress development agency trusted by leading digital media and enterprise companies. With over 20 years of experience in web development and open-source technology, she specializes in optimizing complex digital ecosystems, strengthening DevOps, and aligning technology decisions with business goals. A passionate advocate for women in tech, Meeky is also a frequent contributor to Forbes, BuiltIn, and Thrive Global, where she shares leadership and digital strategy insights.About Ndevr:Ndevr is a WordPress development agency focused on high-traffic digital publishers and WooCommerce-driven e-commerce businesses. Their services include site audits, performance optimization, custom development, and strategic consulting.Links Mentioned in this Episode:Meeky Hwang on LinkedInNdevr Official WebsiteEpisode Highlights:The "three-legged stool" framework: audience, editor, and developer experience.Key WordPress best practices for high traffic and enterprise-grade publishing.How Ndevr grows through partnerships and referrals.WooCommerce security and performance strategies.Why regular audits and managed hosting are essential for WordPress success.ConclusionJosh and Meeky highlight the importance of strategic infrastructure and balanced user experiences in building successful WordPress sites. From scalability to security, Ndevr's insights provide a blueprint for digital publishers and e-commerce leaders aiming to optimize performance. Whether you're a growing brand or a seasoned media company, implementing Meeky's advice will help future-proof your web presence.Apply to be a Guest on The Thoughtful Entrepreneur: https://go.upmyinfluence.com/podcast-guestMore from UpMyInfluence:We are...

Menú de novedades que comienza con Neil Young y su "Talking to the trees", el álbum que el canadiense ha grabado al frente de su nueva banda, The Chrome Hearts. Suena una buena andanada de curiosas y dispares versiones localizadas en discos recientes, y te presentamos los últimos trabajos de dos interesantes bandas de Nueva York, Mike Mok and The Em-Tones y The Mooks, que harán gira conjunta por España en los próximos días.Playlist;NEIL YOUNG and THE CHROME HEARTS “Dark mirage” (Talking to the trees)VAN MORRISON “If it wasn’t for Ray” (Remembering now)ROBERT FORSTER “Strawberries” (Strawberries)GRINGO STAR “Little Red Riding Hood” (Sweetheart)KEITH STRENG “I’m a boy, I’m a girl” (The king of queens)PAUL WELLER “I started a joke” (Find El Dorado)THE UNTAMED YOUTH “I’m on fire” (Git up and go)THE BREADMAKERS “Mojo Hannah” (Lonesome sundown)Versión y Original; HENRY LUMPKIN “Mojo Hannah” (1962)EZEZEZ “New York” (Kabakriba)MIKE MOK and THE EM-TONES “What a girl” (What a girl)THE MOOKS “Never go back home” (Just a couple of Mooks)LOS ETERNOS “Canto eu te amei” (San Antonio)Escuchar audio

El consejo del Sótano ha elegido su “Disco Subterráneo del Verano”. Y el galardón recae en “Git up and go!” (Hi-Tide Recordings), el álbum de regreso de The Untamed Youth tras cuarto de siglo de silencio discográfico. Dieciséis canciones sobre coches, olas, chicas y cerveza donde la banda de Missouri comandada por Deke Dickerson mantiene intacto el espíritu que los convirtió en la gran banda de surf garage frat rock’n’roll de los años 90. El segundo tramo del programa lo pasamos acompañados por Spencer Evoy, Zig y Dan Criscuolo del combo británico MFC Chicken. La banda más fiestera del gallinero baja a presentarnos su nuevo disco “Milk Chicken” (Folc records).Playlist;(sintonía) THE UNTAMED YOUTH “Reverb bum” (Git up and go)THE UNTAMED YOUTH “Party goin down the street” (Git up and go)THE UNTAMED YOUTH “Beer” (Git up and go)THE UNTAMED YOUTH “Don’t fight it” (Git up and go)THE UNTAMED YOUTH “Roaches” (Git up and go)THE UNTAMED YOUTH “What do I get” (Grit and go)CHARLIE HALLORAN and THE TROPICALES feat ÁNGELA FLECHA “Sol tropical” (Jump up)LOS FRENÉTICOS “Cinerama” (Cinerama)MFC CHICKEN “Chicken is the answer” (Milk chicken)MFC CHICKEN “Milk chicken” (Milk chicken)MFC CHICKEN “Who-ba-dee-how” (Milk chicken)MFC CHICKEN “Take me back out and shoot me” (Milk chicken)MFC CHICKEN “What a life” (Milk chicken)Escuchar audio

Parce que… c'est l'épisode 0x602! Shameless plug 27 et 29 juin 2025 - LeHACK 12 au 17 octobre 2025 - Objective by the sea v8 10 au 12 novembre 2025 - IAQ - Le Rendez-vous IA Québec 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2065 Description Introduction et contexte François Proulx fait son retour pour présenter l'évolution de ses recherches sur la sécurité des chaînes d'approvisionnement (supply chain) depuis sa présentation de l'année précédente. Ses travaux portent sur la détection de vulnérabilités dans les pipelines de construction (build pipelines) des projets open source, un sujet qui avait suscité beaucoup d'intérêt suite à l'incident XZ Utils. Évolution de la méthodologie de recherche Depuis l'année dernière, l'équipe de François a considérablement amélioré ses outils et sa stratégie de détection. Plutôt que de scanner massivement tous les dépôts disponibles, ils ont adopté une approche plus ciblée en se concentrant sur des entités majeures comme Google, Red Hat, Nvidia et Microsoft. Ces organisations sont des contributeurs importants de projets open source critiques et bien maintenus. Cette nouvelle approche leur permet de découvrir des centaines d'organisations GitHub par entité, chacune contenant parfois des milliers de dépôts. L'objectif reste le même : détecter des vulnérabilités zero-day dans les build pipelines qui permettent de compiler, tester et distribuer les projets open source, notamment via GitHub Actions. La problématique fondamentale des CI/CD François présente une analogie frappante pour expliquer la dangerosité des systèmes d'intégration continue : “un CI/CD, c'est juste du RCE as a service” (Remote Code Execution as a Service). Ces systèmes sont des applications web qui attendent de recevoir des déclencheurs sur une interface publique accessible via Internet. Dans le cas de GitHub Actions, il suffit d'ouvrir une pull request pour déclencher automatiquement l'exécution de tests. Cette situation rappelle les vulnérabilités des années 1990-2000 avec les débordements de pointeurs. François utilise une formule percutante : “les build pipelines ressemblent à une application PHP moyenne de 2005 en termes de codage sécurisé”. Cette comparaison souligne que malgré les décennies d'évolution en sécurité informatique, les mêmes erreurs fondamentales se répètent dans de nouveaux contextes. Les mécanismes d'exploitation Les vulnérabilités exploitent principalement les entrées non fiables (untrusted input) provenant des pull requests. Même les brouillons de contributions peuvent déclencher automatiquement l'exécution de tests avant qu'un mainteneur soit notifié. Le problème s'aggrave quand les pipelines nécessitent des secrets pour communiquer avec des systèmes externes (notifications Slack, télémétrie, etc.). Par défaut, GitHub Actions hérite parfois d'anciennes permissions en lecture-écriture, ce qui permet aux tests d'avoir accès à un token avec des droits d'écriture sur le dépôt. Cette configuration peut permettre à un attaquant d'écrire dans le dépôt de manière non visible. Résultats impressionnants des analyses L'équipe a considérablement affiné ses outils de détection. À partir de 200 000 résultats initiaux, ils appliquent des règles plus précises pour identifier environ 10 000 cas intéressants. Ces règles valident non seulement la présence de vulnérabilités, mais aussi les critères d'exploitation et la présence de secrets exploitables. Après validation manuelle, environ 25% de ces 10 000 cas s'avèrent facilement exploitables. Ces chiffres démontrent l'ampleur du problème dans l'écosystème open source, même en reconnaissant l'existence probable de nombreux faux négatifs. Cas concrets : Google et les régressions François rapporte avoir découvert des vulnérabilités dans 22 dépôts appartenant à Google, notamment dans un projet lié à Google Cloud (probablement Data Flow). Après avoir signalé et reçu une récompense pour la correction, une régression est survenue une semaine plus tard dans le même workflow, leur valant une seconde récompense. Cette situation illustre un problème récurrent : même les grandes organisations comme Google peuvent reproduire les mêmes erreurs après correction, souvent par méconnaissance des mécanismes sous-jacents de ces nouvelles techniques d'exploitation. L'affaire Ultralytics : un cas d'école L'incident le plus marquant concerne la bibliothèque Python Ultralytics, très populaire pour la détection d'images par apprentissage automatique. En août, l'équipe avait détecté une vulnérabilité dans ce projet mais s'était concentrée sur les découvertes chez Google, négligeant de signaler cette faille. En décembre, Ultralytics a été compromis par l'injection d'un crypto-mineur, exploitant précisément la vulnérabilité identifiée quatre mois plus tôt. Cette attaque était particulièrement ingénieuse car elle ciblait des environnements avec des GPU puissants (utilisés pour le machine learning), parfaits pour le minage de cryptomonnaies, tout en restant discrète dans un contexte où une forte consommation GPU est normale. Pivot vers la détection proactive Cet incident a motivé un changement stratégique majeur : passer de la simple détection de vulnérabilités à la détection proactive d'exploitations en cours. L'équipe ingère désormais le “firehose” des événements publics GitHub, soit environ 5,5 millions d'événements quotidiens. Après filtrage sur les projets critiques avec des build pipelines, ils analysent environ 500 000 événements intéressants par jour. En appliquant leurs analyses sophistiquées et en croisant avec leurs connaissances des vulnérabilités, ils obtiennent environ 45 événements suspects à investiguer quotidiennement. Validation forensique avec Kong Cette nouvelle approche s'est rapidement avérée efficace. Pendant les vacances de Noël, leur système a continué d'ingérer les données automatiquement. Au retour, l'incident Kong (un contrôleur Ingress pour Kubernetes) leur a permis de créer une timeline forensique détaillée grâce aux données accumulées pendant leur absence. Découverte sur les forums cybercriminels La collaboration avec Flare, spécialisée dans l'analyse du dark web, a révélé des informations troublantes. En recherchant “Ultralytics” sur Breach Forum avec un filtrage temporel précis, François a découvert qu'un utilisateur avait créé un compte 24 heures avant l'attaque, publié exactement la vulnérabilité du pipeline Ultralytics en mentionnant l'utilisation de “Poutine” (leur outil), puis confirmé 24 heures après l'exploitation avoir gagné des Monero grâce à cette attaque. Cette découverte confirme que les cybercriminels utilisent activement les outils de recherche en sécurité pour identifier et exploiter des vulnérabilités, transformant ces outils défensifs en armes offensives. Implications et recommandations Cette situation soulève des questions importantes sur la responsabilité des chercheurs en sécurité. François insiste sur le fait que Poutine, leur outil de détection, devrait devenir le minimum absolu pour tout projet open source. Il compare cette nécessité à l'interdiction d'avoir des dépôts Git pour ceux qui n'implementent pas ces vérifications de base. L'analogie avec PHP 2005 reste pertinente : il a fallu des années pour que la communauté PHP matûrisse ses pratiques de sécurité. Les build pipelines traversent actuellement la même phase d'évolution, avec des erreurs fondamentales répétées massivement dans l'écosystème. Défis techniques et limites François reconnaît honnêtement les limitations de leur approche. Leur système ne détecte que les attaques les moins sophistiquées - des “low hanging fruits”. Des attaques complexes comme celle de XZ Utils ne seraient probablement pas détectées par leurs outils actuels, car elles sont trop bien camouflées. Le défi principal reste de filtrer efficacement le bruit dans les millions d'événements quotidiens pour obtenir un nombre d'alertes gérable par une petite équipe d'analystes. Ils reconnaissent que la majorité des incidents leur échappe probablement encore. Perspective d'avenir François exprime l'espoir que la maturation de l'écosystème des build pipelines sera plus rapide que les 20 ans qu'il a fallu pour sécuriser PHP. Leur travail de pionnier contribue à cette évolution en sensibilisant la communauté et en fournissant des outils concrets. L'angle d'analyse des build pipelines est particulièrement pertinent car il se situe à la croisée des chemins entre le code source et sa distribution, avec des possibilités d'exécution de code qui en font un point critique de la chaîne d'approvisionnement logicielle. Cette présentation illustre parfaitement l'évolution rapide des menaces dans l'écosystème open source moderne et la nécessité d'une vigilance constante pour sécuriser les infrastructures critiques dont dépend l'ensemble de l'industrie logicielle. Notes François Proulx Collaborateurs Nicolas-Loïc Fortin François Proulx Crédits Montage par Intrasecure inc Locaux réels par Northsec

Secrets trickle out through misconfigurations, poor tooling, and rushed Git commits. Today's guest, John Howard, joins us on Packet Protector to walk through practical secrets management with Vault and TruffleHog to help make sure you don’t expose your privates. John discusses work he’s done to build an automated process in his organization for developers and... Read more »

Secrets trickle out through misconfigurations, poor tooling, and rushed Git commits. Today's guest, John Howard, joins us on Packet Protector to walk through practical secrets management with Vault and TruffleHog to help make sure you don’t expose your privates. John discusses work he’s done to build an automated process in his organization for developers and... Read more »

Mike & Tommy run through the latest developments with Git, CI/CD, and Data Ops at Microsoft Build 2025.Get in touch:Send in your questions or topics you want us to discuss by tweeting to @PowerBITips with the hashtag #empMailbag or submit on the PowerBI.tips Podcast Page.Visit PowerBI.tips: https://powerbi.tips/Watch the episodes live every Tuesday and Thursday morning at 730am CST on YouTube: https://www.youtube.com/powerbitipsSubscribe on Spotify: https://open.spotify.com/show/230fp78XmHHRXTiYICRLVvSubscribe on Apple: https://podcasts.apple.com/us/podcast/explicit-measures-podcast/id1568944083‎Check Out Community Jam: https://jam.powerbi.tipsFollow Mike: https://www.linkedin.com/in/michaelcarlo/Follow Seth: https://www.linkedin.com/in/seth-bauer/Follow Tommy: https://www.linkedin.com/in/tommypuglia/

Clément "Kero" Renault wanted to be an architect when he was younger. During that time, he also learned about computers and built his first website - and he never stopped building. Funny story, he lost that first website cause it wasn't on Git. Outside of his professional life, he likes to draw, craft and to cook. He also enjoys video games, and mentioned Hidden Reign was his favorite game of all time, alongside the likes of Cyberpunk.Seven years ago, Kero was in school, and he wanted to build a solid search experience, but not just a general search - one that indexed your data, and allowed you to have a "Google" just for your info. After winning a school hackathon, Kero and his mates wanted to take it to the next level.This is the creation story of Meilisearch.SponsorsPaddle.comSema SoftwarePropelAuthLinkshttps://www.meilisearch.com/https://www.linkedin.com/in/kerollmops/Our Sponsors:* Check out Kinsta: https://kinsta.com* Check out Vanta: https://vanta.com/CODESTORYSupport this podcast at — https://redcircle.com/code-story/donationsAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

El excongresista propone una reforma profunda a la justicia indígena tras el brutal castigo a una menor en el resguardo Gitó Dokabú, en Risaralda.

A series of court rulings has thrown Donald Trump's global trade war into legal limbo. The guiding philosophy of the new Liberal government's approach to infrastructure projects is the same one as Larry the Cable Guy's: “Git-r-done.”

Walt receives a threat of a punch to the mouth, Git em is accused of sordid acts, Q busts out his fish nets and loses his possessions in real time, is Lindsay REALLY a hero?

Topics covered in this episode: git-flight-rules Uravelling t-strings neohtop Introducing Pyrefly: A new type checker and IDE experience for Python Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: git-flight-rules What are "flight rules"? A guide for astronauts (now, programmers using Git) about what to do when things go wrong. Flight Rules are the hard-earned body of knowledge recorded in manuals that list, step-by-step, what to do if X occurs, and why. Essentially, they are extremely detailed, scenario-specific standard operating procedures. [...] NASA has been capturing our missteps, disasters and solutions since the early 1960s, when Mercury-era ground teams first started gathering "lessons learned" into a compendium that now lists thousands of problematic situations, from engine failure to busted hatch handles to computer glitches, and their solutions. Steps for common operations and actions I want to start a local repository What did I just commit? I want to discard specific unstaged changes Restore a deleted file Brian #2: Uravelling t-strings Brett Cannon Article walks through Evaluating the Python expression Applying specified conversions Applying format specs Using an Interpolation class to hold details of replacement fields Using Template class to hold parsed data Plus, you don't have to have Python 3.14.0b1 to try this out. The end result is very close to an example used in PEP 750, which you do need 3.14.0b1 to try out. See also: I've written a pytest version, Unravelling t-strings with pytest, if you want to run all the examples with one file. Michael #3: neohtop Blazing-fast system monitoring for your desktop Features Real-time process monitoring CPU and Memory usage tracking Beautiful, modern UI with dark/light themes Advanced process search and filtering Pin important processes Process management (kill processes) Sort by any column Auto-refresh system stats Brian #4: Introducing Pyrefly: A new type checker and IDE experience for Python From Facebook / Meta Another Python type checker written in Rust Built with IDE integration in mind from the beginning Principles Performance IDE first Inference (inferring types in untyped code) Open source I mistakenly tried this on the project I support with the most horrible abuses of the dynamic nature of Python, pytest-check. It didn't go well. But perhaps the project is ready for some refactoring. I'd like to try it soon on a more well behaved project. Extras Brian: Python: The Documentary Official Trailer Tim Hopper added Setting up testing with ptyest and uv to his “Python Developer Tooling Handbook” For a more thorough intro on pytest, check out courses.pythontest.com pocket is closing, I'm switching to Raindrop I got one question about code formatting. It's not highlighted, but otherwise not bad. Michael: New course! Polars for Power Users: Transform Your Data Analysis Game Apache Airflow 3.0 Released Paste 5 Joke: Theodore Roosevelt's Man in the Arena, but for programming

Robert Bryne, director of marketing at Allspice.io, joins Geoffrey Hazelett of FreedomCAD, Matt Leary of Newgrange Design and Mike Buetow of PCEA to talk about the five-year-old company's GIT hardware platform that helps hardware and electrical engineers streamline hardware design reviews. We discuss the ECAD formats that Allspice engages with, the templates used, why GitHub matters for software teams, and the company's target markets. Recorded live on the show floor at PCB East 2025.

Guests Ben Nickolls | Andrew Nesbitt Panelist Richard Littauer Show Notes In this episode of Sustain, host Richard is joined by guests Ben Nickolls and Andrew Nesbitt to discuss the ecosyste.ms project. They explore how ecosyste.ms collects and analyzes metadata from various open-source projects to create a comprehensive database that can help improve funding allocation. The discussion covers the importance of funding the most critical open-source projects, the existing gaps in funding, and the partnership between ecosyste.ms and Open Source Collective to create funding algorithms that support entire ecosystems. They also talk about the challenges of maintaining data, reaching out to project maintainers, and the broader implications for the open-source community. Hit the download button now! [00:01:58] Andrew and Ben explain ecosyste.ms, what it does, and how it compares to Libraries.io. [00:04:59] Ecosyste.ms tracks metadata, not the packages themselves, and enriches data via dependency graphs, committers, issues, SBOMs, and more. [00:06:54] Andrew talks about finding 1,890 Git hosts and how many critical projects live outside GitHub. [00:08:37] There's a conversation on metadata uses and SBOM parsing. [00:12:49] Richard inquires about the ecosystem.ms funds on their website which Andrew explains it's a collaboration between Open Collective and ecosyste.ms. that algorithmically distributes funds to the most used, not most popular packages. [00:15:45] Ben shares how this is different from previous projects and brings up a past project, “Back Your Stack” and explains how ecosyste.ms is doing two things differently. [00:18:59] Ben explains how it supports payouts to other platforms and encourages maintainers to adopt funding YAML files for automation. Andrew touches on efficient outreach, payout management, and API usage (GraphQL). [00:25:36] Ben elaborates on how companies can fund ecosyste.ms (like Django) instead of curating their own lists and being inspired by Sentry's work with the Open Source Pledge. [00:29:32] Andrew speaks about scaling and developer engagement and emphasizes their focus is on high-impact sustainability. [00:32:48] Richard asks, “Why does it matter?” Ben explains that most current funding goes to popular, not most used projects and ecosyste.ms aims to fix the gap with data backed funding, and he suggests use of open standards like 360Giving and Open Contracting Data. [00:35:46] Andrew shares his thoughts on funding the right projects by improving 1% of OSS, you uplift the quality of millions of dependent projects with healthier infrastructure, faster security updates, and more resilient software. [00:38:35] Find out where you can follow ecosyste.ms and the blog on the web. Quotes [00:11:18] “I call them interesting forks. If a fork is referenced by a package, it'll get indexed.” [00:22:07] We've built a service that now moves like $25 million a year between OSS maintainers on OSC.” [00:33:23] “We don't have enough information to make collective decisions about which projects, communities, maintainers, should receive more funding.” [00:34:23] “The NSF POSE Program has distributed hundreds of millions of dollars of funding to open source communities alone.” [00:35:47] “If you have ten, twenty thousand really critical open source projects, that actually isn't unachievable to make those projects sustainable.” Spotlight [00:39:35] Ben's spotlight is Jellyfin. [00:40:20] Andrew's spotlight is zizmor. [00:42:21] Richard's spotlight is The LaTeX Project. Links SustainOSS (https://sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) richard@sustainoss.org (mailto:richard@sustainoss.org) SustainOSS Discourse (https://discourse.sustainoss.org/) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) SustainOSS Bluesky (https://bsky.app/profile/sustainoss.bsky.social) SustainOSS LinkedIn (https://www.linkedin.com/company/sustainoss/) Open Collective-SustainOSS (Contribute) (https://opencollective.com/sustainoss) Richard Littauer Socials (https://www.burntfen.com/2023-05-30/socials) Ben Nickolls LinkedIn (https://www.linkedin.com/in/benjamuk/) Andrew Nesbitt Website (https://nesbitt.io/) Andrew Nesbitt Mastodon (https://mastodon.social/@andrewnez) Octobox (https://github.com/octobox) ecosyste.ms (https://ecosyste.ms/) ecosyste.ms Blog (https://blog.ecosyste.ms/) Open Source Collective (https://oscollective.org/) Open Source Collective Updates (https://opencollective.com/opensource/updates) Open Source Collective Contributions (https://opencollective.com/opensource) Open Source Collective Contributors (https://opencollective.com/open-source) Open Collective (https://opencollective.com/) 24 Pull Requests (https://24pullrequests.com/) Libraries.io (https://libraries.io/) The penumbra of open source (EPJ Data Science) (https://epjdatascience.springeropen.com/articles/10.1140/epjds/s13688-022-00345-7) FOSDEM '25- Open source funding: you're doing it wrong (Andrew and Ben) (https://fosdem.org/2025/schedule/event/fosdem-2025-5576-open-source-funding-you-re-doing-it-wrong/) Vue.js (https://vuejs.org/) thanks.dev (https://thanks.dev/home) StackAid (https://www.stackaid.us/) Back Your Stack (https://backyourstack.com/) NSF POSE (https://www.nsf.gov/funding/initiatives/pathways-enable-open-source-ecosystems) Django (https://www.djangoproject.com/) GitHub Sponsors (https://github.com/sponsors) Sustain Podcast-Episode 80: Emma Irwin and the Foss Fund Program (https://podcast.sustainoss.org/80) Sustain Podcast- 3 Episodes featuring Chad Whitacre (https://podcast.sustainoss.org/guests/chad-whitacre) Sustain Podcast- Episode 218: Karthik Ram & James Howison on Research Software Visibility Infrastructure Priorities (https://podcast.sustainoss.org/218) Sustain Podcast-Episode 247: Chad Whitacre on the Open Source Pledge (https://podcast.sustainoss.org/247) Invest in Open Infrastructure (https://investinopen.org/) 360Giving (https://www.360giving.org/) Open Contracting Data Standard (https://standard.open-contracting.org/latest/en/) Jellyfin (https://opencollective.com/jellyfin) zizmor (https://github.com/zizmorcore/zizmor) The LaTeX Project (https://www.latex-project.org/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guests: Andrew Nesbitt and Benjamin Nickolls.

Have you wanted a chance to rewrite your own history? With Git, you certainly can! We learn that and other amazing tips to supercharge your version control skills. Plus a promising new package to let your Shiny app users make the call on their preferred layouts, and how mocking is not something to dread when you build unit tests interacting with external services.Episode LinksThis week's curator: Jon Calder - @jonmcalder@fosstodon.org (Mastodon) & @jonmcalder (X/Twitter)Hack your way to a good Git history (SLC-RUG May) (slides)Introducing dockViewR 0.1.0: a layout manager for R and Shiny.Mock Them All: Simulate to Better Test with testthatEntire issue available at rweekly.org/2025-W21Supplement Resources{saperpolette} Exercises (playgrounds) to go with oh (****) Git and beyond, for R users https://docs.ropensci.org/saperlipopette/No code data analysis with {blockr} (R/Pharma 2024 Workshop) https://www.youtube.com/watch?v=PQvTQqcmadYPrototype Shiny apps in Excalidraw with Shinydraw https://github.com/MikeJohnPage/shinydrawMulti-language pipelines with rixpress https://brodrigues.co/posts/2025-05-13-test_rixpress.htmlR/Medicine 2025 https://rconsortium.github.io/RMedicine_website/Fonts in R https://www.tidyverse.org/blog/2025/05/fonts-in-r/Supporting the showUse the contact page at https://serve.podhome.fm/custompage/r-weekly-highlights/contact to send us your feedbackR-Weekly Highlights on the Podcastindex.org - You can send a boost into the show directly in the Podcast Index. First, top-up with Alby, and then head over to the R-Weekly Highlights podcast entry on the index.A new way to think about value: https://value4value.infoGet in touch with us on social mediaEric Nantz: @rpodcast@podcastindex.social (Mastodon), @rpodcast.bsky.social (BlueSky) and @theRcast (X/Twitter)Mike Thomas: @mike_thomas@fosstodon.org (Mastodon), @mike-thomas.bsky.social (BlueSky), and @mike_ketchbrook (X/Twitter) Music credits powered by OCRemixDovahkiin in Jamaica- The Elder Scrolls V: Skyrim - M Benson, Ben Cureton - https://ocremix.org/remix/OCR04390Crysis Crystal - Megaman 9: Back in Blue - k-wix - https://backinblue.ocremix.org/music.php

As a part of my job, I often work with customers on how they can get database code into a version control system. That's Git for the most part today, which is the most popular system in the world. I'm comfortable using Git for many basic tasks, but I am not an expert by any means. I've used version control for years, and quite a few systems, and I like Git as a way of managing code. I have been surprised how many people aren't comfortable with version control or Git. Many don't have the habit, but are amenable to it. What I'm amazed by in 2025 is how many people don't use it, given that so many tools we use to work with databases, and even other systems, will store items in Git. This isn't just for development code, but also for infrastructure code. Lots of data tools and servers can store data in Git and use it to deploy changes to all kinds of systems. I'd have expected more people to know Git. Read the rest of Does Version Control Scare You

Enjoy this week's episode with LA SANTA, head honcho of Redolent Music, along with CHUS, DJ & producer influenced by Classical Music, Jazz, Bossa Nova, Soul, and World Music. This amalgamation of cultures allowed her to blend them into a unique scent. She creates a unique and extraordinary sense of belonging, enhanced through an inner journey. Her DJ sets are filled with sensitivity, harmony, high doses of groove, drums & ethnic roots. Redolent Music is her most recent project, a new independent boutique record label, event producer, management agency, and lifestyle concept, created alongside renowned artist, DJ, and Producer CHUS, whose purpose is to cater to the evolving music industry and develop emerging talent. La Santa & Chus recently launched Slave To The Rhythm, an event curated by Stereo Productions & Redolent debuting on the Island of Gods, Bali and have been already in Miami, Tulum, Ibiza & coming to Bali , Australia, Cyprus, Pakistan, Morocco, Dubai… Walid Martinez - Nawe feat. Lin Njoroge (Original Mix) REDOLENT Aura, Emanuele Esposito, Gianni Romano, Trick Beat, Djarah Kan - Water (2023 Recap) Cristian Vinci, Stones & Bones - People Of The Sun (Original Mix) Nulu Coflo - Metallurgy feat. Rawb Boss (Original Mix) adala B, DJ Spen, Thommy Davis - The Solution (Open & Thommy's Git da Hobo Aphro Phunk Remix) Berkan, Orkun Bozdemir - Jungle Crossing Mr. V, Dario D'Attis - Back To The Old (Joeski Remix) Gone Deville - Dirty For The Funk (Cioz Remix) Cool, Mama Stacey - Y'all Need Jesus (Extended Mix) La Santa - Mamba (Original Mix) REDOLENT Daniel Steinberg - Tobago (Original Mix) Luis Radio, Pietro Nicosia - Bem Assim (Unreleased Instrumental Mix) WNOISE, Jo Choneca - Nenascido (Original Mix) Nulu This show is syndicated & distributed exclusively by Syndicast. If you are a radio station interested in airing the show or would like to distribute your podcast / radio show please register here: https://syndicast.co.uk/distribution/registration

In this episode I talk with Yegor Denisov-Blanch and Simon Obstbaum about their Stanford research on developer productivity. They share findings about "ghost engineers" (9.5% of developers who do minimal work), discuss challenges in measuring engineering output versus productivity, and explain their data-driven approach to software engineering assessment. The conversation explores how different developers contribute varying value, how life circumstances impact work motivation, and their methodology examining source code and Git metadata. The researchers highlight the importance of quantifying engineering contributions and have collected data from over 50,000 engineers in their ongoing study.

In this episode, I (Steve Edwards) flew solo on the mic but had the pleasure of hosting a truly insightful conversation with Gilad Shoham, VP of Engineering at Bit.Cloud. Gilad brought the heat from Israel as we explored how Bit is revolutionizing enterprise software architecture—and how AI is being layered on top to supercharge developer productivity.We started by breaking down Bit's core platform, which helps teams compose applications from reusable, independently versioned components. Think Lego blocks, but for your codebase. It's all about boosting dev velocity, reducing duplication, and making collaboration across teams more seamless.Gilad walked us through some jaw-dropping features: versioning without Git, deep component CI pipelines, and even Bit's ability to replace monolithic repositories with a graph of decoupled components. Everything is Node + TypeScript under the hood, and while it's currently JS-focused, the ambition is clearly broader.Then came the big twist: AI. Bit is now leveraging AI not to just write code, but to compose it using existing components. Instead of bloating your codebase with endless variations of the same button, Bit's AI understands your graph and builds features by intelligently reusing what's already there. It's like Copilot with a memory—and architectural sense.Key takeaways:Bit components wrap your existing code (like React/Vue) with metadata, testing, and versioning.Their infrastructure makes it possible to build and test components independently and in parallel.The AI strategy is reuse-first: generate only when needed, always compose from what already exists.Even massive enterprise codebases can gradually migrate to Bit without a full rewrite.Expect a human-in-the-loop process, but with most of the heavy lifting handled by AI.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

Forecast = Cloudy with a chance of zero-days-watch for Spellbinder storms and scattered Git leaks! ‍ On this episode of Storm⚡️Watch, the crew dives into the fast-moving world of vulnerability tracking and threat intelligence, spotlighting how defenders are moving beyond the traditional CVE system to keep pace with real-world attacks. The show kicks off with a look at the latest listener poll, always a source of lively debate, before jumping into some of the most pressing cybersecurity stories of the week. A major focus of this episode is the recent revelation that a China-aligned APT group, dubbed TheWizards, is using a tool called Spellbinder to abuse IPv6 SLAAC for adversary-in-the-middle attacks. This technique lets attackers move laterally through networks by hijacking software update mechanisms-specifically targeting popular Chinese applications like Sogou Pinyin and Tencent QQ-to deliver malicious payloads such as the modular WizardNet backdoor. The crew unpacks how this approach leverages IPv6's stateless address autoconfiguration to intercept and redirect legitimate traffic, underscoring the evolving sophistication of lateral movement techniques in targeted campaigns. The episode then turns to Google's 2024 zero-day exploitation analysis, which reports a drop in the total number of zero-days exploited compared to last year but highlights a worrying shift: attackers are increasingly targeting enterprise products and infrastructure. Microsoft, Ivanti, Palo Alto Networks, and Cisco are among the most targeted vendors, with nearly half of all zero-day exploits now aimed at enterprise systems and network appliances. The discussion covers how attackers are chaining vulnerabilities for more impactful breaches and why defenders need to be vigilant as threat actors pivot to harder-to-monitor enterprise environments. Censys is in the spotlight for its recent research and tooling, including a new Ports & Protocols Dashboard that gives organizations granular visibility into their attack surface across all ports and protocols. This helps teams quickly spot risky exposures and misconfigurations, making it easier to prioritize remediation efforts and automate alerting for high-risk assets. The crew also highlights Censys's collaborative work on botnet hunting and their ongoing push to retire stale threat indicators, all of which are reshaping proactive defense strategies. runZero's latest insights emphasize the importance of prioritizing risks at the asset stack level, not just by CVE. The crew explains how misconfigurations, outdated software, and weak network segmentation can create stacked risks that traditional scanners might miss, urging listeners to adopt a more holistic approach to asset management and vulnerability prioritization. Rounding out the episode, GreyNoise shares new research on a dramatic spike in scanning for Ivanti Connect Secure VPNs and a surge in crawling activity targeting Git configuration files. These trends highlight the persistent risk of codebase exposure and the critical need to secure developer infrastructure, as exposed Git configs can lead to the leak of sensitive credentials and even entire codebases. As always, the show wraps up with some final thoughts and goodbyes, leaving listeners with actionable insights and a reminder to stay vigilant in the face of rapidly evolving cyber threats. If you have questions or want to hear more about any of these topics, let us know-what's on your mind this week? Storm Watch Homepage >> Learn more about GreyNoise >>  

Topics covered in this episode: pirel: Python release cycle in your terminal FastAPI Cloud Python's new t-strings Extras Joke Watch on YouTube About the show Sponsored by NordLayer: pythonbytes.fm/nordlayer Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: pirel: Python release cycle in your terminal pirel check shows release information about your active Python interpreter. If the active version is end-of-life, the program exits with code 1. If no active Python interpreter is found, the program exits with code 2. pirel list lists all Python releases in a table. Your active Python interpreter is highlighted. A picture is worth many words Brian #2: FastAPI Cloud Sebastián Ramírez, creator of FastAPI, announced today the formation of a new Company, FastAPI Cloud. Here's the announcement blog post: FastAPI Cloud - By The Same Team Behind FastAPI There's a wait list to try it out. Promises to turns deployment into fastapi login; fastapi deploy Side note: announcement includes quote from Daft Punk: Build Harder, Better, Faster, Stronger I just included this in a talk I'm gave last week (and will again next week), where I modify this to “Build Easier, Better, Faster, Stronger” Sebastian and I are both fans of the rocket emoji. BTW, we first covered FastAPI on episode 123 in 2019 Brian #3: Python's new t-strings Dave Peck, one of the authors of PEP 750, which will go into Python 3.14 We covered t-strings in ep 428 In article t-strings security benefits over f-strings How to work with t-strings A Pig Latin example Also, I think I have always done this wrong Is it the first consonant to the end? or the first consonant cluster? So… Brian → Rianbay? or Ianbray? BTW, this is an example of nerdgassing What's next once t-strings ship? On thing that's next (in Python 3.15, maybe, is using t-strings in shlex and subprocess) PEP 787 – Safer subprocess usage using t-strings deferred to 3.15 Michael #4: zev A simple CLI tool to help you remember terminal commands. Examples: # Find running processes zev 'show all running python processes' # File operations zev 'find all .py files modified in the last 24 hours' # System information zev 'show disk usage for current directory' # Network commands zev 'check if google.com is reachable' # Git operations zev 'show uncommitted changes in git' Again, picture worth many words: Extras Brian: Holy Grail turns 50 nerdgassing Michael: Transcripts are a bit better now. Zen is better now Joke: Can my friend come in?

Send a text and I may answer it on next episode (I cannot reply from this service

Even if you're not "doing DevOps," understanding it can seriously level up your development career. In this episode, Matt and Mike dive into why every web developer should care about DevOps practices, even at a basic level. They explore how deployment pipelines work, how Git supports safe code changes, and how you can prevent and fix production issues faster. You'll hear real-world examples showing how small habits—like writing good commit messages, checking build logs, and knowing when to rollback—can make you a better teammate and a more reliable developer. Whether you're working with GitHub Actions, Vercel, Jenkins, or another CI/CD system, this episode will help you work smarter, troubleshoot faster, and stay calm under pressure. Show Notes: https://www.htmlallthethings.com/podcasts/what-junior-web-developers-need-to-know-about-devops Use our affiliate link (https://scrimba.com/?via=htmlallthethings) for a 20% discount!! Full details in show notes.

Forecast = Scattered phishing attempts with a 90% chance of encrypted clouds. ‍ In this episode of Storm⚡️Watch, the crew dissects the evolving vulnerability tracking landscape and the challenges facing defenders as they move beyond the aging CVE system. The show also highlights the rise of sophisticated bot traffic, the expansion of GreyNoise's Global Observation Grid, and fresh tools from VulnCheck and Censys that are helping security teams stay ahead of real-time threats. In our listener poll this week, we ask: what would you do if you found a USB stick? It's a classic scenario that always sparks debate about curiosity versus caution in cybersecurity. It's officially cyber report season, and we're breaking down the latest findings from some of the industry's most influential threat intelligence teams. GreyNoise's new research spotlights the growing risk from resurgent vulnerabilities-those old flaws that go quiet for years before suddenly making a comeback, often targeting edge devices like routers and VPNs. The FBI's 2024 IC3 report is out, revealing a record $16.6 billion in reported losses last year, with phishing, extortion, and business email compromise topping the charts. Mandiant's M-Trends 2025, VulnCheck's Q1 exploitation trends, and other reports all point to a relentless pace of vulnerability weaponization, with nearly a third of new CVEs being exploited within 24 hours of disclosure. We also dig into a series of ace blog posts and research from Censys, including their push to end stale indicators and their deep dives into the sharp rise in attacks targeting edge security devices. Their recent work with GreyNoise and CursorAI on botnet hunting, as well as their new threat hunting module, are changing the game for proactive defense. VulnCheck's quarterly report is raising eyebrows with the revelation that 159 vulnerabilities were exploited in Q1 2025 alone, and 28% of those were weaponized within a single day of disclosure. This underscores how quickly attackers are operationalizing new exploits and why defenders need to move faster than ever. We round out the show with the latest from runZero and a look at GreyNoise's recent findings, including a ninefold surge in Ivanti Connect Secure scanning and a spike in Git configuration crawling-both of which highlight the ongoing risk of codebase exposure and the need for continuous vigilance. Storm Watch Homepage >> Learn more about GreyNoise >>  

00:00:00 - Gyűrűk Ura mémek00:01:28 - Mémek és könyvjelzők00:05:18 - HH jegyzetek, témák és a témakereső00:15:51 - Alkoholista majmok00:18:21 - Sivatagi show00:19:53 - Vásárlásokkal és előfizetésekkel menőzni00:25:47 - Gitártudás00:28:13 - Balázs hatalma00:28:53 - Boomerek és szlengek00:30:28 - PC-ség és zavaró dolgok filmekben00:35:29 - (Erőltetett?) női szerepek filmekben00:45:24 - Zavaró kulturális változások?00:49:37 - Elfogadod, vagy nem? Szereted, vagy nem?00:57:41 - “Senkit nem illet meg a jog, hogy egy burokban éljen”00:58:50 - Befejezés

Ubuntu and Fedora are out! And Git turns 20! Cosmic is showing up everywhere, Framework has an impressive AMD-powered 13-inch laptop, and Thunderbird is rolling out the Thundermail service! For tips we have vidir for renaming multiple files at once, pw-mon for monitoring pipewire, g as a go replacement for ls, and todist-rs for a TUI take on todoist. It's a great show, and the notes are at https://bit.ly/4lzTAWt thanks for coming! Host: Jonathan Bennett Co-Hosts: Jeff Massie, Ken McDonald, and Rob Campbell Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

In this episode, I, Stewart Alsop III, sat down with AJ Beckner to walk through how non-technical founders can build a deeper understanding of their codebase using AI tools like Cursor and Claude. We explored the reality of navigating an IDE as a beginner, demystified Git and GitHub version control, and walked through practical ways to clone a repo, open it safely in Cursor, and start asking questions about your app's structure and functionality without breaking anything. AJ shared his curiosity about finding specific text in his app and how to track that down across branches. We also looked at using AI-powered tools for tasks like dependency analysis and visualizing app architecture, with a focus on empowering non-devs to gain confidence and clarity in their product's code. You can connect with AJ through Twitter at @thisistheaj.Check out this GPT we trained on the conversation!Timestamps00:00 – Stewart introduces Cursor as a fork of Visual Studio Code and explains the concept of an IDE to AJ, who has zero prior experience. They talk about the complexity of coding and the importance of developer curiosity.05:00 – They walk through cloning a GitHub repository using the git clone command. Stewart highlights that AJ won't break anything and introduces the idea of a local playground for exploration.10:00 – Stewart explains Git vs GitHub, the purpose of version control, and how to use the terminal for navigation. They begin setting up the project in Cursor using the terminal rather than GUI options.15:00 – They realize only a README was cloned, leading to a discussion about branches—specifically the difference between main and development branches—and how to clone the right one.20:00 – Using git fetch, they get access to the development branch. Stewart explains how to disconnect from Git safely to avoid pushing changes.25:00 – AJ and Stewart begin exploring Cursor's AI features, including the chat interface. Stewart encourages AJ to start asking natural-language questions about the app structure.30:00 – Stewart demonstrates how to ask for a dependency analysis and create mermaid diagrams for visualizing how app modules are connected.35:00 – They begin identifying specific UI components, including finding and editing the home screen title. AJ uploads a screenshot to use as reference in Cursor.40:00 – They successfully trace the UI text to an index.tsx file and discuss the layout's dependency structure. AJ learns how to use search and command-F effectively.45:00 – They begin troubleshooting issues with Claude's GitHub integration, exploring Claude MCP servers and configuration files to fix broken tools.50:00 – Stewart guides AJ through using npm to install missing packages, explains what Node Package Manager is, and reflects on the interconnected nature of modern development.55:00 – Final troubleshooting steps and next steps. Stewart suggests bringing in Phil for deeper debugging. AJ reflects on how empowered he now feels navigating the codebase.Key InsightsYou don't need to be a developer to understand your app's codebase: AJ Beckner starts the session with zero familiarity with IDEs, but through Stewart's guidance, he begins navigating Cursor and GitHub confidently. The key idea is that non-technical founders can develop real intuition about their code—enough to communicate better with developers, find what they need, and build trust with the systems behind their product.Cursor makes AI-native development accessible to beginners: One of the biggest unlocks in this episode is seeing how Cursor, a VS Code fork with AI baked in, can answer questions about your codebase in plain English. By cloning the GitHub repo and indexing it, AJ is able to ask, “Where do I change this text in the app?” and get direct, actionable guidance. Stewart points out that this shifts the role of a founder from passively waiting on answers to actively exploring and editing.Version control doesn't have to be scary—with the right framing: Git and GitHub come across as overwhelming to many non-engineers, but Stewart breaks it down simply: Git is the local system that helps keep changes organized and non-destructive, and GitHub is the cloud-based sharing tool layered on top. Together, they allow safe experimentation, like cloning a development branch and disconnecting it from the main repo to create a playground environment.Branching strategies reflect how work gets done behind the scenes: The episode includes a moment of discovery: AJ cloned the main branch and only got a README. Stewart explains that the real work often lives in a “development” branch, while “main” is kept stable for production. Understanding this distinction helps AJ (and listeners) know where to look when trying to understand how features are actually being built and tested.Command line basics give you superpowers: Rather than relying solely on visual tools, Stewart introduces AJ to the terminal—explaining simple commands like cd, git clone, and git fetch—and emphasizes that the terminal has been the backbone of developer work for decades. It's empowering to learn that you can use just a few lines of text to download and explore an entire app.Modern coding is less about code and more about managing complexity: A recurring theme in the conversation is the sheer number of dependencies, frameworks, and configuration files that make up any modern app. Stewart compares this to a reflection of modern life—interconnected and layered. Understanding this complexity (rather than being defeated by it) becomes a mindset that AJ embraces as part of becoming technically fluent.AI will keep lowering the bar to entry, but learning fundamentals still matters: Stewart shares how internal OpenAI coding models went from being some of the worst performers two years ago to now ranking among the top 50 in the world. While this progress promises an easier future for non-devs, Stewart emphasizes the value of understanding what's happening under the hood. Tools like Claude and Cursor are incredibly powerful, but knowing what they're doing—and when to be skeptical—is still key.

Take a Network Break! Guest co-host Ned Bellavance steps in for Johna this week. We start with a Fortinet vulnerability, and then opine on a memo from Shopify’s CEO on the company requiring and measuring AI use by employees. Git celebrates 20 years, DARPA names 15 companies to participate in a Quantum Benchmarking Initiative to... Read more »

Google announces an open protocol for AI agent collaboration, Datastar is an Alpine.js / htmx love child, Matthias Endler documents things he finds common in the best programmers, turns out Linus Torvalds built Git in 10 days & Zev is a CLI that helps you remember (or discover) terminal commands using natural language.

Take a Network Break! Guest co-host Ned Bellavance steps in for Johna this week. We start with a Fortinet vulnerability, and then opine on a memo from Shopify’s CEO on the company requiring and measuring AI use by employees. Git celebrates 20 years, DARPA names 15 companies to participate in a Quantum Benchmarking Initiative to... Read more »

Take a Network Break! Guest co-host Ned Bellavance steps in for Johna this week. We start with a Fortinet vulnerability, and then opine on a memo from Shopify’s CEO on the company requiring and measuring AI use by employees. Git celebrates 20 years, DARPA names 15 companies to participate in a Quantum Benchmarking Initiative to... Read more »

video: https://youtu.be/G5_NNCKF4yc In this episode, we take a look at the alpha release of Deepin 25. We also reflect on 20 years of Git and its impact on software development. Plus, we discuss the role of immutability in modern Linux systems. So let's get on the road towards Destination Linux. Forum Discussion Thread (https://destinationlinux.net/forum) Download as MP3 (https://aphid.fireside.fm/d/1437767933/32f28071-0b08-4ea1-afcc-37af75bd83d6/81451a8a-3ddd-4536-a0ac-d2512d49022b.mp3) Support the show by becoming a patron at tuxdigital.com/membership (https://tuxdigital.com/membership) or get some swag at tuxdigital.com/store (https://tuxdigital.com/store) Hosted by: Ryan (DasGeek) = dasgeek.net (https://dasgeek.net) Jill Bryant = jilllinuxgirl.com (https://jilllinuxgirl.com) Michael Tunnell = michaeltunnell.com (https://michaeltunnell.com) Chapters: 00:00:00 Intro 00:02:24 Community Feedback 00:08:38 Sandfly Security 00:12:05 Deepin 25 Alpha: Eye Candy Meets AI 00:22:43 Deepin Dilemma: Trust, Transparency, and Telemetry 00:28:56 Git Turns 20: A Look Back at Its Impact 00:36:55 Jill's Island Under Fire — via Git Rocket! 00:37:57 The Rise of Immutable Distros 00:52:14 Teasing the Future: COSMIC desktop 00:53:52 Ryan Says: No Skipping — Go Back to Episode 1 00:55:09 Duck.ai: When AI Meets Privacy 00:58:28 Can AI Decode the DL Stool Joke? 01:03:01 Wait, Are We Talking Immutable Distros Again? 01:04:28 Support the Show 01:10:06 Outro Links: Community Feedback https://destinationlinux.net/comments (https://destinationlinux.net/comments) https://destinationlinux.net/forum (https://destinationlinux.net/forum) Sandfly Security https://destinationlinux.net/sandfly (https://destinationlinux.net/sandfly) https://destinationlinux.net/409 (https://destinationlinux.net/409) Deepin 25 Alpha: Eye Candy Meets AI https://www.deepin.org.cn/v25/en/ (https://www.deepin.org.cn/v25/en/) Git Turns 20: A Look Back at Its Impact https://www.tomshardware.com/software/git-turns-20-as-we-celebrate-decades-of-open-source-software-distribution (https://www.tomshardware.com/software/git-turns-20-as-we-celebrate-decades-of-open-source-software-distribution) https://github.blog/open-source/git/git-turns-20-a-qa-with-linus-torvalds/ (https://github.blog/open-source/git/git-turns-20-a-qa-with-linus-torvalds/) The Rise of Immutable Distros https://fedoraproject.org/atomic-desktops/silverblue/ (https://fedoraproject.org/atomic-desktops/silverblue/) https://fedoraproject.org/atomic-desktops/kinoite/ (https://fedoraproject.org/atomic-desktops/kinoite/) https://universal-blue.org/ (https://universal-blue.org/) https://bazzite.gg/ (https://bazzite.gg/) Teasing the Future: COSMIC desktop https://system76.com/cosmic/ (https://system76.com/cosmic/) Duck.ai: When AI Meets Privacy https://duckduckgo.com/?q=DuckDuckGo+AI+Chat&ia=chat&duckai=1 (https://duckduckgo.com/?q=DuckDuckGo+AI+Chat&ia=chat&duckai=1) Support the Show https://tuxdigital.com/membership (https://tuxdigital.com/membership) https://store.tuxdigital.com/ (https://store.tuxdigital.com/)

Apple's software is going rotten, while Linux sneaks up as the better Mac. Linus grumbles through Git's 20th birthday, and we spot a hardware window Linux better not slam shut.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. ConfigCat Feature Flags: Manage features and change your software configuration using ConfigCat feature flags, without the need to re-deploy code. Support LINUX UnpluggedLinks:

Apple's software is going rotten, while Linux sneaks up as the better Mac. Linus grumbles through Git's 20th birthday, and we spot a hardware window Linux better not slam shut.

Together with Yoav Git, we'll explore how market conditions are shifting and what that means for investors, especially in light of recent bond market movements. It's been a wild ride lately, with unexpected changes in correlations between stocks and bonds, and we're here to break it all down. We'll also touch on the implications for trend-following strategies and how they can adapt in these turbulent times. So, whether you're a seasoned investor or just curious, hang tight as we unravel these complex topics together!-----50 YEARS OF TREND FOLLOWING BOOK AND BEHIND-THE-SCENES VIDEO FOR ACCREDITED INVESTORS - CLICK HERE-----Follow Niels on Twitter, LinkedIn, YouTube or via the TTU website.IT's TRUE ? – most CIO's read 50+ books each year – get your FREE copy of the Ultimate Guide to the Best Investment Books ever written here.And you can get a free copy of my latest book “Ten Reasons to Add Trend Following to Your Portfolio” here.Learn more about the Trend Barometer here.Send your questions to info@toptradersunplugged.comAnd please share this episode with a like-minded friend and leave an honest Rating & Review on iTunes or Spotify so more people can discover the podcast.Follow Yoav on LinkedIn.Episode TimeStamps:01:21 - What has caught our attention recently?04:39 - Are there more to the Trump Tariffs than meets the eyes?09:53 - What is actually a safe haven asset today?11:50 - Industry performance update15:15 - Git's trend following perspective on fixed income17:25 - Trend following performance numbers21:39 - What you can expect from trend following during a crisis period30:31 - What we can learn from the current economic events34:27 - Key insights to achieving diversification40:40 - Achieving better performance through trend predictors45:01 - How CTAs interpret diversification in a unique way50:03 - Are we experiencing more dispersion today than previously?57:57 - The symbiotic relation between time and price in a trend following...

This week, we discuss the rise of MCP, Google's Agent2Agent protocol, and 20 years of Git. Plus, lazy ways to get rid of your junk. Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/o2bmkzXOzHE?si=bPrbuPlKYODQj88s) 514 (https://www.youtube.com/live/o2bmkzXOzHE?si=bPrbuPlKYODQj88s) Runner-up Titles They like to keep it tight, but I'll distract them Bring some SDT energy Salesforce is where AI goes to struggle I like words Rundown MCP The Strategy Behind MCP (https://fintanr.com/links/2025/03/31/mcp-strategy.html?utm_source=substack&utm_medium=email) Google's Agent2Agent Protocol Helps AI Agents Talk to Each Other (https://thenewstack.io/googles-agent2agent-protocol-helps-ai-agents-talk-to-each-other/) Announcing the Agent2Agent Protocol (A2A)- Google Developers Blog (https://developers.googleblog.com/en/a2a-a-new-era-of-agent-interoperability/) MCP: What It Is and Why It Matters (https://addyo.substack.com/p/mcp-what-it-is-and-why-it-matters) 20 years of Git. Still weird, still wonderful. (https://blog.gitbutler.com/20-years-of-git/) A love letter to the CSV format (https://github.com/medialab/xan/blob/master/docs/LOVE_LETTER.md?ref=labnotes.org) Relevant to your Interests JFrog Survey Surfaces Limited DevSecOps Gains - DevOps.com (https://substack.com/redirect/dc38a19b-484e-47bc-83ec-f0413af42718?j=eyJ1IjoiMmw5In0.XyGUvWHNbIDkkVfjKDkxiDWJVFXc4dKUhxHaMrlgmdI) Raspberry Pi's sliced profits are easier to swallow than its valuation (https://on.ft.com/42d3mol) 'I begin spying for Deel': (https://www.yahoo.com/news/begin-spying-deel-rippling-employee-151407449.html) Bill Gates Publishes Original Microsoft Source Code in a Blog Post (https://www.cnet.com/tech/computing/bill-gates-publishes-original-microsoft-source-code-in-a-blog-post/) WordPress.com owner Automattic is laying off 16 percent of workers (https://www.theverge.com/news/642187/automattic-wordpress-layoffs-matt-mullenweg) Intel, TSMC recently discussed chipmaking joint venture (https://www.reuters.com/technology/intel-tsmc-tentatively-agree-form-chipmaking-joint-venture-information-reports-2025-04-03/) TikTok deal scuttled because of Trump's tariffs on China (https://www.nbcnews.com/politics/politics-news/trump-tiktok-ban-extension-rcna199394) NVIDIA Finally Adds Native Python Support to CUDA (https://thenewstack.io/nvidia-finally-adds-native-python-support-to-cuda/) Cloudflare Acquires Outerbase (https://www.cloudflare.com/press-releases/2025/cloudflare-acquires-outerbase-to-expand-developer-experience/) UK loses bid to keep Apple appeal against demand for iPhone 'backdoor' a secret (https://www.cnbc.com/2025/04/07/uk-loses-bid-to-keep-apple-appeal-against-iphone-backdoor-a-secret.html) Cloud Asteroids | Wiz (https://www.wiz.io/asteroids) Unpacking Google Cloud Platform's Acquisition Of Wiz (https://moorinsightsstrategy.com/unpacking-google-cloud-platforms-acquisition-of-wiz/) Trade, Tariffs, and Tech (https://stratechery.com/2025/trade-tariffs-and-tech/?access_token=eyJhbGciOiJSUzI1NiIsImtpZCI6InN0cmF0ZWNoZXJ5LnBhc3Nwb3J0Lm9ubGluZSIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJzdHJhdGVjaGVyeS5wYXNzcG9ydC5vbmxpbmUiLCJhenAiOiJIS0xjUzREd1Nod1AyWURLYmZQV00xIiwiZW50Ijp7InVyaSI6WyJodHRwczovL3N0cmF0ZWNoZXJ5LmNvbS8yMDI1L3RyYWRlLXRhcmlmZnMtYW5kLXRlY2gvIl19LCJleHAiOjE3NDY2MjA4MTAsImlhdCI6MTc0NDAyODgxMCwiaXNzIjoiaHR0cHM6Ly9hcHAucGFzc3BvcnQub25saW5lL29hdXRoIiwic2NvcGUiOiJmZWVkOnJlYWQgYXJ0aWNsZTpyZWFkIGFzc2V0OnJlYWQgY2F0ZWdvcnk6cmVhZCBlbnRpdGxlbWVudHMiLCJzdWIiOiJDS1RtckdldHdmM1lYa3FCYkpKaUgiLCJ1c2UiOiJhY2Nlc3MifQ.pVeppxFZcYy960AbHM--oz5gzQdMEa_mv3ZPrqrZmbw9PhwL3iCEQ7_PtfPEKgInTfvSGWofXW0ZjAN-G_Eug5BlvwlF8T6HhXOCNJlwJJeqkWKvNdjvVz0t6bc5fOjn4Tbt_JobtrwxIEe-4-L7QRMhzFj9ajiiRqU6KNi3qYxWScg3XWfYmuhRdItQsgWINcSyW9iLaTkDLga_m95MMBNAat-CXDhEeKKCrAApZBM_RoNFaQ3s679vslz2IbJuCIAN1jVvZYR2Vg18lDbwubPiddDQAOkjs77PZRX_tCnMSwVXtOq0S1cCn4GZIw1qPY8j0qWWmkUck_izqPAveg) Google Workspace gets automation flows, podcast-style summaries (https://techcrunch.com/2025/04/09/google-workspace-gets-automation-flows-podcast-style-summaries/?guccounter=1&guce_referrer=aHR0cHM6Ly9uZXdzLmdvb2dsZS5jb20v&guce_referrer_sig=AQAAAAm5axmZnaAYjPgnDoqozIFkZHFPG8FHWa9y8pWwoQMN-oJ8MvJjY0IOg7Ej35bBB1Y2Ej192X3dHr5Q8PZ4i8WP_VNeXKj4f1n-KXFgqrpjfjUbiUvE4eGIl1j1VPWIg62ApISVGhYQ-__bXdIteBex8_k5-wxcpSYtfmlAFxsk) Zelle is shutting down its app. Here's how you can still use the service (https://www.cnn.com/2025/04/03/business/zelle-cash-transferring-app-shuts-down/index.html) One year ago Redis changed its license – and lost most of its external contributors (https://devclass.com/2025/04/01/one-year-ago-redis-changed-its-license-and-lost-most-of-its-external-contributors/?ck_subscriber_id=512840665&utm_source=convertkit&utm_medium=email&utm_campaign=[Last%20Week%20in%20AWS]%20Issue%20#417:%20Way%20of%20the%20Weasel,%20RDS%20and%20SageMaker%20Edition%20-%2017192200) Tailscale raises $160 Million (USD) Series C to build the New Internet (https://tailscale.com/blog/series-c) Nonsense NFL announces use of virtual measurement technology for first downs (https://www.nytimes.com/athletic/6247338/2025/04/01/nfl-announces-virtual-first-down-measurement-technology/?source=athletic_scoopcity_newsletter&campaign=13031970&userId=56655) Listener Feedback GitJobs (https://gitjobs.dev/) Freecycle (https://www.freecycle.org) Conferences Tanzu Annual Update AI PARTY! (https://go-vmware.broadcom.com/april-moment-2025?utm_source=cote&utm_campaign=devrel&utm_medium=newsletter), April 16th, Coté speaking DevOps Days Atlanta (https://devopsdays.org/events/2025-atlanta/welcome/), April 29th-30th Cloud Foundry Day US (https://events.linuxfoundation.org/cloud-foundry-day-north-america/), May 14th, Palo Alto, CA, Coté speaking Fr (https://vmwarereg.fig-street.com/051325-tanzu-workshop/)ee AI workshop (https://vmwarereg.fig-street.com/051325-tanzu-workshop/), May 13th. day before C (https://events.linuxfoundation.org/cloud-foundry-day-north-america/)loud (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) (https://events.linuxfoundation.org/cloud-foundry-day-north-america/)Foundry (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) Day (https://events.linuxfoundation.org/cloud-foundry-day-north-america/) NDC Oslo (https://ndcoslo.com/), May 21st-23th, Coté speaking SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: KONNWEI KW208 12V Car Battery Tester (https://www.amazon.com/dp/B08MPXGSGN?ref=ppx_yo2ov_dt_b_fed_asin_title) Matt: Search Engine: The Memecoin Casino (https://www.searchengine.show/planet-money-the-memecoin-casino/) Coté: :Knipex Cobra High-Tech Water Pump Pliers (https://www.amazon.com/atramentized-125-self-service-87-01/dp/B098D1HNGY/) Photo Credits Header (https://unsplash.com/photos/a-bicycle-parked-on-the-side-of-a-road-next-to-a-traffic-sign-wPv1QV_i8ek)

Topics covered in this episode: Git Town solves the problem that using the Git CLI correctly PEP 751 – A file format to record Python dependencies for installation reproducibility git-who and watchgha Share Python Scripts Like a Pro: uv and PEP 723 for Easy Deployment Extras Joke Watch on YouTube About the show Sponsored by Posit Package Manager: pythonbytes.fm/ppm Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Git Town solves the problem that using the Git CLI correctly Git Town is a reusable implementation of Git workflows for common usage scenarios like contributing to a centralized code repository on platforms like GitHub, GitLab, or Gitea. Think of Git Town as your Bash scripts for Git, but fully engineered with rock-solid support for many use cases, edge cases, and error conditions. Keep using Git the way you do now, but with extra commands to create various branch types, keep them in sync, compress, review, and ship them efficiently. Basic workflow Commands to create, work on, and ship features. git town hack - create a new feature branch git town sync - update the current branch with all ongoing changes git town switch - switch between branches visually git town propose - propose to ship a branch git town ship - deliver a completed feature branch Additional workflow commands Commands to deal with edge cases. git town delete - delete a feature branch git town rename - rename a branch git town repo - view the Git repository in the browser Brian #2: PEP 751 – A file format to record Python dependencies for installation reproducibility Accepted From Brett Cannon “PEP 751 has been accepted! This means Python now has a lock file standard that can act as an export target for tools that can create some sort of lock file. And for some tools the format can act as their primary lock file format as well instead of some proprietary format.” File name: pylock.toml or at least something that starts with pylock and ends with .toml It's exciting to see the start of a standardized lock file Michael #3: git-who and watchgha git-who is a command-line tool for answering that eternal question: Who wrote this code?! Unlike git blame, which can tell you who wrote a line of code, git-who tells you the people responsible for entire components or subsystems in a codebase. You can think of git-who sort of like git blame but for file trees rather than individual files. And watchgha - Live display of current GitHub action runs by Ned Batchelder Brian #4: Share Python Scripts Like a Pro: uv and PEP 723 for Easy Deployment Dave Johnson Nice full tutorial discussing single file Python scripts using uv with external dependencies Starting with a script with dependencies. Using uv add --script [HTML_REMOVED] [HTML_REMOVED] to add a /// script block to the top Using uv run Adding #!/usr/bin/env -S uv run --script shebang Even some Windows advice Extras Brian: April 1 pranks done well BREAKING: Guido van Rossum Returns as Python's BDFL including Brett Cannon noted as “Famous Python Quotationist” Guido taking credit for “I came for the language but I stayed for the community” which was from Brett then Brett's title of “Famous Python Quotationist” is crossed out. Barry Warsaw asking Guido about releasing Python 2.8 Barry is the FLUFL, “Friendly Language Uncle For Life “ Mariatta can't get Guido to respond in chat until she addresses him as “my lord”. “… becoming one with whitespace.” “Indentation is Enlightenment” Upcoming new keyword: maybe Like “if” but more Pythonic as in Maybe: print("Python The Documentary - Coming This Summer!") I'm really hoping there is a documentary April 1 pranks done poorly Note: pytest-repeat works fine with Python 3.14, and never had any problems If you have to explain the joke, maybe it's not funny. The explanation pi, an irrational number, as in it cannot be expressed by a ratio of two integers, starts with 3.14159 and then keeps going, and never repeats. Python 3.14 is in alpha and people could be testing with it for packages Test & Code is doing a series on pytest plugins pytest-repeat is a pytest plugin, and it happened to not have any tests for 3.14 yet. Now the “joke”. I pretended that I had tried pytest-repeat with Python 3.14 and it didn't work. Test & Code: Python 3.14 won't repeat with pytest-repeat Thus, Python 3.14 won't repeat. Also I mentioned that there was no “rational” explanation. And pi is an irrational number. Michael: pysqlscribe v0.5.0 has the “parse create scripts” feature I suggested! Markdown follow up Prettier to format Markdown via Hugo Been using mdformat on some upcoming projects including the almost done Talk Python in Production book. Command I like is mdformat --number --wrap no ./ uv tool install --with is indeed the pipx inject equivalent, but requires multiple --with's: pipx inject mdformat mdformat-gfm mdformat-frontmatter mdformat-footnote mdformat-gfm-alerts uv tool install mdformat --with mdformat-gfm --with mdformat-frontmatter --with mdformat-footnote --with mdformat-gfm-alerts uv follow up From James Falcon As a fellow uv enthusiast, I was still holding out for a use case that uv hasn't solved. However, after last week's episode, you guys finally convinced me to switch over fully, so I figured I'd explain the use case and how I'm working around uv's limitations. I maintain a python library supported across multiple python versions and occasionally need to deal with bugs specific to a python version. Because of that, I have multiple virtualenvs for one project. E.g., mylib38 (for python 3.8), mylib313 (for python 3.13), etc. I don't want a bunch of .venv directories littering my project dir. For this, pyenv was fantastic. You could create the venv with pyenv virtualenv 3.13.2 mylib313, then either activate the venv with pyenv activate mylib313 and create a .python-version file containing mylib313 so I never had to manually activate the env I want to use by default on that project. uv doesn't have a great solution for this use case, but I switched to a workflow that works well enough for me: Define my own central location for venvs. For me that's ~/v Create venvs with something like uv venv --python 3.13 ~/v/mylib313 Add a simple function to my bashrc: `workon() { source ~/v/$1/bin/activate } so now I can run workon mylib313orworkon mylib38when I need to work in a specific environment. uv's.python-version` support works much differently than pyenv's, and that lack of support is my biggest frustration with this approach, but I am willing to live without it. Do you Firefox but not Zen? You can now make pure Firefox more like Zen's / Arc's layout. Joke: So here it will stay See the follow up thread too! Also: Guido as Lord Python via Nick Muoh

Topics covered in this episode: mdformat pre-commit-uv PEP 758 and 781 Serie: rich git commit graph in your terminal, like magic Extras Joke Watch on YouTube About the show Sponsored by Posit Connect Cloud: pythonbytes.fm/connect-cloud Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: mdformat Suggested by Matthias Schöttle Last episode Michael covered blacken-docs, and I mentioned it'd be nice to have an autoformatter for text markdown. Matthias delivered with suggesting mdformat “Mdformat is an opinionated Markdown formatter that can be used to enforce a consistent style in Markdown files.” A python project that can be run on the command line. Uses a style guide I mostly agree with. I'm not a huge fan of numbered list items all being “1.”, but that can be turned off with --number, so I'm happy. Converts underlined headings to #, ##, etc. headings. Lots of other sane conventions. The numbering thing is also sane, I just think it also makes the raw markdown hard to read. Has a plugin system to format code blocks Michael #2: pre-commit-uv via Ben Falk Use uv to create virtual environments and install packages for pre-commit. Brian #3: PEP 758 and 781 PEP 758 – Allow except and except* expressions without parentheses accepted PEP 781 – Make TYPE_CHECKING a built-in constant draft status Also, PEP Index by Category kinda rocks Michael #4: Serie: rich git commit graph in your terminal, like magic While some users prefer to use Git via CLI, they often rely on a GUI or feature-rich TUI to view commit logs. Others may find git log --graph sufficient. Goals Provide a rich git log --graph experience in the terminal. Offer commit graph-centric browsing of Git repositories. Extras Michael: Sunsetting Search? (Startpage) Ruff in or out? Joke: Wishing for wishes