Podcasts about GitHub

Shoot us a Text.Episode #1098: Rivian is laying foundations in Georgia with a new East Coast HQ and massive EV factory. A brave deacon turns his F-150 into a life-saving shield, and gets rewarded. And OpenAI's latest ChatGPT upgrade puts real-world task management on autopilot.Rivian is plugging into Atlanta as it sets the stage for its next major manufacturing move. The EV maker is launching an East Coast HQ to support its second plant, with big plans to expand.The Atlanta office opens late 2025, expands in 2026 to support the nearby Georgia plant.An initial staff of 100 will grow to around 500.The new $6B+ factory in Stanton Springs to begin vertical construction in 2026 which will produce R2 and R3 models starting 2028, span 16 million sq. ft., and employ 7,500.CEO RJ Scaringe: “Atlanta embodies so much that makes Georgia great — top talent, exceptional creativity, and a desire to always be moving forward.”Some heroes don't wear capes, they drive F-150s. When Richard Pryor saw a man pulling a weapon outside Crosspointe Church during Vacation Bible School, he didn't freeze. He floored it. The deacon used his truck to stop what could've been a tragic day in Wayne, MI.Though he saved countless lives that day, unfortunately his truck didn't survive the harrowing incident after taking a round and crashingWhen Demmer Ford heard what Richard had done, they handed him the keys to a new 2025 F-150 as a gesture of appreciation for his courage and quick action.We may not all have Richard's bravery, but every one of us has the power to do something that matters. The key is keeping your eyes open and your heart ready.OpenAI has launched a game-changing upgrade to ChatGPT, giving it its own virtual computer. This move turns the AI into a fully-fledged assistant that can execute complex tasks—start to finish—without skipping a beat.ChatGPT Agent can now handle real-world work like analyzing competitors, booking travel, and updating spreadsheets, all from your single prompt.It blends the strengths of previous tools—Operator and deep research—into one powerful, task-completing system.The AI can click, scroll, code, and summarize, even logging into your Gmail or GitHub (with permission) to grab the info it needs.New benchmarks show it beats human-level accuracy across investment banking, data science, and spreadsheet modeling tasks.“You're always in control,” says OpenAI. “You can take over the browser, pause tasks, or get a real-time progress summary.”Starting today (July 17–18), it's available to Pro, Plus, and Team subscribers. Just toggle “Agent Mode” in the tools dropdown during any chatJoin Paul J Daly and Kyle Mountsier every morning for the Automotive State of the Union podcast as they connect the dots across car dealerships, retail trends, emerging tech like AI, and cultural shifts—bringing clarity, speed, and people-first insight to automotive leaders navigating a rapidly changing industry.Get the Daily Push Back email at https://www.asotu.com/ JOIN the conversation on LinkedIn at: https://www.linkedin.com/company/asotu/

Sami goes behind the scenes of Ruby on Rails (https://rubyonrails.org/) with Rosa Gutierrez, principle programer at 37Signals (https://37signals.com/), to discover what its like to work on one of the most widely used frameworks out there. Rosa breaks down how the team at 37Signals work and implement new tools for Ruby, the challenges of working remotely, as well as the current practical use of AI within the development space and how we can expect it to change in the years to come. — Check out Sami's blog on AI vs Human-led Coding (https://thoughtbot.com/blog/ai-led-or-human-led-coding-you-decide) for a more in-depth look on his thoughts from this episode. You can get in touch with Rosa directly and find all her various social links through her website (https://rosa.codes). Your host for this episode has been Sami Birnbaum. Sami can be found through his website (https://samibirnbaum.com) or via LinkedIn (https://www.linkedin.com/in/samibirnbaum/). If you would like to support the show, head over to our GitHub page (https://github.com/sponsors/thoughtbot), or check out our website (https://podcast.thoughtbot.com). Got a question or comment about the show? Why not write to our hosts: hosts@giantrobots.fm This has been a thoughtbot (https://thoughtbot.com/) podcast. Stay up to date by following us on social media - LinkedIn (https://www.linkedin.com/company/150727/) - Mastodon (https://thoughtbot.social/@thoughtbot) - Bluesky (https://bsky.app/profile/thoughtbot.com) © 2025 thoughtbot, inc.

Episode 131: In this episode of Critical Thinking - Bug Bounty Podcast we're covering Christmas in July with several banger articles from Searchlight Cyber, as well as covering things like Raycast for Windows, Third-Person prompting, and touch on the recent McDonalds LeakFollow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter: https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Today's Sponsor is Adobe. Use code CTBBP0907 in your first report on Adobe Behance, Portfolio, Fonts or Acrobat Web, and earn a one-time 10% bonus reward!====== Resources ======v1 Instance Metadata Service protections bypassWould you like an IDOR with that? Leaking 64 million McDonald's job applicationsHow we got persistent XSS on every AEM cloud site, thriceGoogle docs now supports export as markdownAbusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)How I Scanned all of GitHub's “Oops Commits” for Leaked SecretsBug bounty, feedback, strategy and alchemy====== Timestamps ======(00:00:00) Introduction(00:05:39) Metadata Service protections bypass & Mcdonalds Leak(00:12:30) Christmas in July with Searchlight Cyber Pt 1(00:19:43) Export as Markdown, Raycast for Windows, & Third-Person prompting(00:23:56) Christmas in July with Searchlight Cyber Pt 2(00:27:39) GitHub's “Oops Commits” for Leaked Secrets(00:36:53) Bug bounty, feedback, strategy and alchemy

David is the creator of Ruby on Rails, Co-Owner of 37signals, best-selling author, Le Mans class-winning racing driver, antitrust advocate, investor in Danish startups, frequent podcast guest, and family man.He writes regularly on HEY World and speaks on The REWORK Podcast. Hundreds of thousands of programmers around the world have built amazing applications using Ruby on Rails, an open-source web framework he created in 2003, and continues to develop to this day. Some of the more famous include Github, Shopify, Airbnb, Square, Coinbase, and Zendesk.For my newest episode of From Start-Up to Grown-Up, I talk with David Heinemeier Hansson, Co-Founder of 37signals, to explore his journey of innovation, remote work, and unconventional management.Learn more about DHH | Websitehttps://dhh.dk/Connect with Alisa! Follow Alisa Cohn on Instagram: @alisacohn Twitter: @alisacohn Facebook: facebook.com/alisa.cohn LinkedIn: https://www.linkedin.com/in/alisacohn/ Website: http://www.alisacohn.com Download her 5 scripts for delicate conversations (and 1 to make your life better) Grab a copy of From Start-Up to Grown-Up by Alisa Cohn from Amazon

This show has been flagged as Clean by the host. Hello, this is your host, Archer72 for another episode of Hacker Public Radio In this episode, I talk about how I use Newsboat and Podboat for a couple of tasks. I don't always use Podboat for podcasts, but it is useful when listening from my laptop For my other podcast listening, I used Antennapod Newsboat source of feeds is from a url list in ~/.config/newsboat/urls Newsboat url list # (Bible) https://feeds.feedburner.com/hl-int-tv-en-kjv "Bible" (Bible) # (Reddit) https://www.reddit.com/r/commandline.rss "Commandline" (Reddit) https://www.reddit.com/r/raspberry_pi.rss "~Raspberry Pi" (Reddit) # (Lemmy) https://lemmy.sdf.org/feeds/local.xml?sort=New "Lemmy SDF" (Lemmy) # (Podcasts) http://gnuworldorder.info/ogg.xml "Gnu_World_Order" # Tuxjam.Otherside.Network https://tuxjam.otherside.network/feed "TuxJam" https://tuxjam.otherside.network/feed/uncut "TuxJam Uncut" https://thebugcast.org/category/podcast/feed "The Bugcast" # Hacker Public Radio http://hackerpublicradio.org/rss-future.php HackerPublicRadio_future_feed "~Hacker Public Radio ~ Future feed" (HPR) http://hackerpublicradio.org/hpr_ogg_rss.php "HPR_two_week_feed" (HPR) http://hackerpublicradio.org/comments_rss.php HPR_comment_feed "HPR_Comments" (HPR) https://archive.org/services/collection-rss.php?collection=dlarc-hackerpublicradio "~HPR Amateur Radio - Archive.org" (HPR) # Other Tech podcasts https://feeds.fireside.fm/asknoah/rss "The Ask Noah Show" https://feeds.feedburner.com/urandom-podcast/ogg "Urandom Podcast" https://ubuntu.social/@linuxmatters # (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UC2eYFnH61tmytImy1mTYvhA "Luke Smith" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCH6ttJZ3T5gA-r_7PYkHk9g "SGOTI" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCVls1GmFKf6WlTraIb_IaJg "DistroTube" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UC9x0AN7BWHpCDHSm9NiJFJQ "Network Chuck" (Youtube) # Import from Newpipe https://www.youtube.com/feeds/videos.xml?channel_id=UC_SLthyNX_ivd-dmsFgmJVg "Jeremy Fielding" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCJ0-OtVpF0wOKEqT2Z1HEtA "ElectroBOOM" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCv1Kcz-CuGM6mxzL3B1_Eiw "Gardiner Bryant" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UC3s0BtrBJpwNDaflRSoiieQ "Hak5" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCR-DXc1voovS8nhAvccRZhg "Jeff Geerling" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCzgA9CBrIXPtkB2yNTTiy1w "Level 2 Jeff" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCLx053rWZxCiYWsBETgdKrQ "LGR" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCXuqSBlHAE6Xw-yeJA0Tunw "Linus Tech Tips" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCm9K6rby98W8JigLoZOh6FQ "LockPickingLawyer" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCjFaPUcJU1vwk193mnW_w1w "Modern Vintage Gamer" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCP8QhVVoM7IKD0YwnvnPPbg "Pater Practicus" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCjr2bPAyPV7t35MvcgT3W8Q "The Hated One" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCo71RUe6DX4w-Vd47rFLXPg "typecraft" (Youtube) ## From Mrs. Archer https://www.youtube.com/feeds/videos.xml?channel_id=UCld68syR8Wi-GY_n4CaoJGA "Brodie Robertson" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCg6gPGh8HU2U01vaFCAsvmQ "Chris Titus Tech" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCoryWpk4QVYKFCJul9KBdyw "Switched To Linux" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCJf7AT2BzFT-31z0d-bc8Rg "Windows, computers and Technology" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UC5UAwBUum7CPN5buc-_N1Fw "The Linux Experiment" (Youtube) https://www.youtube.com/feeds/videos.xml?channel_id=UCmyGZ0689ODyReHw3rsKLtQ "Michael Tunnell" (Youtube) # (News) https://olfconference.org/feed/ "OLF Conference" (News) To organize the url list, tags can be used, along with a description of the feed. This only give an internal description, as the Main title is determined by the RSS feed itself. This can be manually set, for example, in the HPR Future feed. The default feed title is the same as the feed for two weeks. To set manually, us a tilde ~ before the Feed Title shown in this example. Tags follow the Feed Title, typed in parentheses and with no spaces. Multiple tags can be used here. http://hackerpublicradio.org/rss-future.php HackerPublicRadio_future_feed "~Hacker Public Radio ~ Future feed" (HPR) Not all feeds in the url list are podcasts. Some are Reddit feeds, while others are youtube channels. The first item I go to in the morning is my Bible daily verse. I heard one new host mention that he reads some, and thought it might be interesting to include this. The next 2 entries are from Reddit, and can be modified to contain the rss feed in this way: Replace the /r/commandline with /r/commandline.rss add "Title" and "(Tag)" https://www.reddit.com/r/commandline.rss "Commandline" (Reddit) The next entry, which I only include one, is the Lemmy instance for lemmy.sdf.org Lemmy is part of the Fediverse, and became popular after the June 2023 controversy involving charging excessive money for Reddit's API. This in turn, caused third party Reddit apps to be no longer viable. Alternativeto.net - API Charging Policy Wikipedia - Lemmy_(social_network) Next, we'll start on the ~/.config/newsboat/config file Newsboat config file # Podboat download-path "~/Downloads/podcasts/%h/%n" # %h - Hostname # %n - Podcast name # Example: hub.hackerpublicradio.org # gnuworldorder.info # media.blubrry.com/The Bugcast # archive.org/TuxJam download-filename-format "%n - %t.%u" # %n - Name of the podcast feed # %t - Title of the podcast episode # %u - Indicates the file extension podlist-format "%4i [%6dMB/%6tMB] [%5p %%] %-10S %b" # Table 7. Available Identifiers for podlist-format # %i - Download index, 4 indicating number of digits # %6dMB/%6tMB - Downloaded (in MB) / Total file size (in MB) # [%5p %%] - Percent downloaded # %-10S - Status - {queued, downloading, ready, played, deleted} # # 4.18. Format Strings # %b - Boolean string # load URLS on launch auto-reload yes # vim binds bind-key j down bind-key k up bind-key j next articlelist bind-key k prev articlelist bind-key J next-feed articlelist bind-key K prev-feed articlelist bind-key G end bind-key g home # bind-key d pagedown - default bind-key D pagedown bind-key u pageup bind-key l open bind-key h quit bind-key a toggle-article-read bind-key n next-unread bind-key N prev-unread # bind-key D pb-download - default bind-key d pb-download bind-key U show-urls bind-key x pb-delete # Colors highlight article "^Feed:.*" color5 color0 highlight article "^Title:.*" color3 color0 bold highlight article "^Author:.*" color2 color0 highlight article "^Date:.*" color223 color0 highlight article "^Link:.*" color4 color0 highlight article "^Flags:.*" color9 color0 highlight article "[[0-9][0-9]*]" color66 default bold highlight article "[image [0-9][0-9]*]" color109 default bold color listnormal cyan default color listfocus black yellow standout bold color listnormal_unread cyan default color listfocus_unread yellow default bold color info red black bold color article cyan default # macro setup browser linkhandler macro , open-in-browser # download-path ~/.newsboat/queue player "mpv --vid=no" macro 1 set browser "mpv --vid=no"; one; set browser lynx # launch video player macro v set browser "setsid -f mpv" ; open-in-browser ; set browser linkhandler # download video macro d set browser "yt-dlp"; open-in-browser ; set browser linkhandler # download audio only macro a set browser "yt-dlp --embed-metadata -xic -f bestaudio/best" ; open-in-browser ; set browser linkhandler When enqueing a podcast for Podboat, I changed the default download path to ~/Downloads/podcasts/ using download-path "~/Downloads/podcasts/%h/%n" Where %h is the Hostname, and %n is the Podcast name The file name is formatted in the following way %n - %t.%u Where %n is the podcast name, %t is the podcast title and %u indicates the file extension Finally, there is a custom line for podlist-format which for podcast purposes I won't list out. This includes a Download index to 4 places, percentage of each podcast downloaded, and Podcast status When I use Podboat, after the set of podcasts are enqued I found a way to monitor the bluetooth connection, in order to pause a show with the bluetooth button on an earbud. The first part of this puzzle is to have mpris-proxy, which is included in the bluez-utils Archwiki - MPRIS Then enable the service with systemctl --user enable mpris-proxy.service and systemctl --user start mpris-proxy.service After that, git clone https://github.com/hoyon/mpv-mpris.git from Github - hoyon/mpv-mpris cd mpv-mpris and make, with the resulting mpris.so copied to ~/.config/mpv/scripts/ Newsboat documentation Newsboat Documentation page Format strings Newsboat Documentation page - Format Strings Provide feedback on this episode.

Controla tu casa, #linux y todo desde #android con HTTP Shortcuts. Acciones rápidas para tu servidor y dispositivos. ¡Automatiza con un toque!Una de las preguntas mas recurrentes cuando hago algún episodio sobre IA, modelos de lenguaje, etc, donde utilizo alguno de los player mas habituales como ChatGPT o Gemini, es si lo mismo se puede hacer con una IA local. Ya hice, hace algún tiempo algún que otro vídeo sobre utilizar modelos de lenguaje de forma local, es decir, sin conexión a internet, pero siempre desde el mi equipo de escritorio Linux. Sin embargo, creo que hoy, es mas interesante tener la posibilidad de recurrir a una IA local en el móvil, porque al fin y al cabo, lo que siempre llevamos con nosotros es el móvil, y lo que nos puede sacar de un apuro, en un momento concreto, es precisamente una IA… o no, depende de lo imaginativa que sea. Sea como fuere este episodio trata precisamente de como puedes tener una IA local en tu Android, toda la potencia, sin conexión.Más información y enlaces en las notas del episodio

Significant Data Breaches and VulnerabilitiesMcDonald's AI-driven hiring platform, Olivia (by Paradox.ai), exposed 64 million applicant records due to weak security, including a password as simple as "123456." In Sweden, security personnel inadvertently revealed Prime Minister Ulf Kristersson's whereabouts by sharing fitness routes on Strava. Qantas suffered a breach affecting 5.7 million customers, with personal details like addresses and phone numbers exposed via a third-party platform compromised by the Scattered Spider group. These cases demonstrate the risks of inadequate security in automated systems and third-party integrations.Skepticism Around Jack Dorsey's Bitchat AppJack Dorsey's Bitchat, a decentralized messaging app using Bluetooth and end-to-end encryption, faces skepticism due to its lack of external security audits. Researchers identified flaws, such as a broken identity verification system enabling impersonation. Dorsey's warnings on GitHub advise against using the app until properly vetted, raising concerns about premature launches of privacy-focused tools.“Contagious Interview” AI-Powered ScamThe “Contagious Interview” scam, linked to North Korean hackers, targets job-seekers on platforms like LinkedIn. Posing as recruiters from fake companies (e.g., BlockNovas LLC), hackers use AI-generated personas and fake profiles to trick victims into installing malware disguised as interview tools. This malware, including BeaverTail and InvisibleFerret, steals passwords and cryptocurrency data, showing the potent combination of AI and social engineering in cybercrime.Quantum Computing Threat to EncryptionQuantum computing's rise threatens current encryption methods like RSA and ECC, posing risks to data security in industries like finance and healthcare. Experts recommend adopting post-quantum cryptography (PQC) by inventorying encryption-reliant systems, requiring vendors to provide PQC migration plans, and updating firmware to quantum-resistant signatures to protect against future decryption threats.OpenAI's Challenge to Productivity SoftwareOpenAI is poised to disrupt Microsoft 365 and Google Workspace with an AI-powered productivity suite. Leveraging generative AI, it offers collaborative writing, editing, brainstorming, and graphics assistance, potentially at a lower cost than Microsoft's Copilot. This move signals a shift toward AI-driven productivity tools, challenging established market leaders.xAI API Key LeakA DOGE employee, Marko Elez, accidentally exposed an xAI API key on GitHub, granting access to over 52 AI models, including grok-4-0709. Elez's role in DOGE, with access to sensitive U.S. government data, amplifies the risk. The unrevoked key and prior DOGE leaks suggest systemic security negligence, endangering AI models and government data.Cybersecurity TakeawaysThese incidents emphasize the need for robust cybersecurity in automated systems, thorough vetting of third-party platforms, caution with digital footprints (e.g., fitness apps), and external security reviews for new apps. Vigilance against AI-driven scams is critical, with users urged to verify sources and software.Broader Cyber Threat TrendsThe reliance on vulnerable third-party platforms, sophisticated AI-powered social engineering, internal security lapses, and the looming quantum computing threat demonstrate the need for proactive, future-proof cybersecurity strategies to safeguard sensitive data and systems.

Controla tu casa, #linux y todo desde #android con HTTP Shortcuts. Acciones rápidas para tu servidor y dispositivos. ¡Automatiza con un toque!Una de las preguntas mas recurrentes cuando hago algún episodio sobre IA, modelos de lenguaje, etc, donde utilizo alguno de los player mas habituales como ChatGPT o Gemini, es si lo mismo se puede hacer con una IA local. Ya hice, hace algún tiempo algún que otro vídeo sobre utilizar modelos de lenguaje de forma local, es decir, sin conexión a internet, pero siempre desde el mi equipo de escritorio Linux. Sin embargo, creo que hoy, es mas interesante tener la posibilidad de recurrir a una IA local en el móvil, porque al fin y al cabo, lo que siempre llevamos con nosotros es el móvil, y lo que nos puede sacar de un apuro, en un momento concreto, es precisamente una IA… o no, depende de lo imaginativa que sea. Sea como fuere este episodio trata precisamente de como puedes tener una IA local en tu Android, toda la potencia, sin conexión.Más información y enlaces en las notas del episodio

Hey everyone, Alex here

Keylogger Data Stored in an ADS Xavier came across a keystroke logger that stores data in alternate data streams. The data includes keystroke logs as well as clipboard data https://isc.sans.edu/diary/Keylogger%20Data%20Stored%20in%20an%20ADS/32108 Malvertising Homebrew An attacker has been attempting to trick users into installing a malicious version of Homebrew. The fake software is advertised via paid Google ads and directs users to the attacker s GitHub repo. https://medium.com/deriv-tech/brewing-trouble-dissecting-a-macos-malware-campaign-90c2c24de5dc CVE-2025-5333: Remote Code Execution in Broadcom Altiris IRM LRQA have discovered a critical unauthenticated remote code execution (RCE) vulnerability in the Broadcom Symantec Altiris Inventory Rule Management (IRM) component of Symantec Endpoint Management. https://www.lrqa.com/en/cyber-labs/remote-code-execution-in-broadcom-altiris-irm/ Code highlighting with Cursor AI for $500,000 A syntax highlighting extension for Cursor AI was used to compromise a developer s workstation and steal $500,000 in cryptocurrency. https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/

In this episode, Mary Moore-Simmons, VP of Engineering at Keebo, shares her journey from early tech interests to leadership roles at SendGrid, GitHub, and Keebo. She discusses navigating career transitions, the value of mentorship, and her passion for building innovative developer tools and empowering teams.00:00 Introduction07:48 First Memory of a Computer10:30 Interest in Languages16:00 Highschool / College23:00 Engineering in University 27:40 Joining the Work Force38:05 First Job in Software48:00 Project Management 54:00 Working in DevOps1:05:30 Working in Crypto/Blockchain1:14:00 Leadership Aspirations 1:20:00 Team Dynamics1:32:00 AI Tooling1:42:00 Contact Info Connect with Mary: Linkedin: https://www.linkedin.com/in/mmooresimmons/Mentioned in this Episode:Keebo: https://keebo.aiSendGrid: https://sendgrid.com/en-usGithub: https://github.comWant more from Ardan Labs? You can learn Go, Kubernetes, Docker & more through our video training, live events, or through our blog!Online Courses : https://ardanlabs.com/education/ Live Events : https://www.ardanlabs.com/live-training-events/ Blog : https://www.ardanlabs.com/blog Github : https://github.com/ardanlabs

EP 251. This week's update with a side of Fries....McDonald's AI-driven hiring platform faces scrutiny after a critical security flaw exposed millions of applicants' personal data to potential hackers.  Swedish security personnel inadvertently disclosed Prime Minister Ulf Kristersson's private whereabouts through fitness app Strava, raising national security concerns. Qantas confirms a massive data breach affecting 5.7 million customers, exposing personal details via a third-party platform breach by the Scattered Spider group. Jack Dorsey's Bitchat app, touted for secure decentralized messaging, faces skepticism as untested security vulnerabilities spark concerns among researchers. As quantum computing nears, industries are urged to adopt post-quantum cryptography to safeguard sensitive data against future decryption threats. North Korean hackers deploy the sophisticated “Contagious Interview” scam, using AI-driven personas to trick job-seekers into installing malicious software.  OpenAI challenges Microsoft with a forthcoming AI-powered productivity suite, aiming to disrupt the dominance of Microsoft 365 and Google Workspace.  A DOGE employee's accidental leak of xAI's API key on GitHub provides access to advanced AI models, all r  adding up to some pretty silly security lapses.Please pass the ketchup!For this week's full transcript and additional links, click here.

Dans cet épisode, Emmanuel et Antonio discutent de divers sujets liés au développement: Applets (et oui), app iOS développées sous Linux, le protocole A2A, l'accessibilité, les assistants de code AI en ligne de commande (vous n'y échapperez pas)… Mais aussi des approches méthodologiques et architecturales comme l'architecture hexagonale, les tech radars, l'expert généraliste et bien d'autres choses encore. Enregistré le 11 juillet 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-328.mp3 ou en vidéo sur YouTube. News Langages Les Applets Java c'est terminé pour de bon… enfin, bientot: https://openjdk.org/jeps/504 Les navigateurs web ne supportent plus les applets. L'API Applet et l'outil appletviewer ont été dépréciés dans JDK 9 (2017). L'outil appletviewer a été supprimé dans JDK 11 (2018). Depuis, impossible d'exécuter des applets avec le JDK. L'API Applet a été marquée pour suppression dans JDK 17 (2021). Le Security Manager, essentiel pour exécuter des applets de façon sécurisée, a été désactivé définitivement dans JDK 24 (2025). Librairies Quarkus 3.24 avec la notion d'extensions qui peuvent fournir des capacités à des assistants https://quarkus.io/blog/quarkus-3-24-released/ les assistants typiquement IA, ont accès a des capacités des extensions Par exemple générer un client à partir d'openAPI Offrir un accès à la,base de données en dev via le schéma. L'intégration d'Hibernate 7 dans Quarkus https://quarkus.io/blog/hibernate7-on-quarkus/ Jakarta data api restriction nouvelle Injection du SchemaManager Sortie de Micronaut 4.9 https://micronaut.io/2025/06/30/micronaut-framework-4-9-0-released/ Core : Mise à jour vers Netty 4.2.2 (attention, peut affecter les perfs). Nouveau mode expérimental “Event loop Carrier” pour exécuter des virtual threads sur l'event loop Netty. Nouvelle annotation @ClassImport pour traiter des classes déjà compilées. Arrivée des @Mixin (Java uniquement) pour modifier les métadonnées d'annotations Micronaut sans altérer les classes originales. HTTP/3 : Changement de dépendance pour le support expérimental. Graceful Shutdown : Nouvelle API pour un arrêt en douceur des applications. Cache Control : API fluente pour construire facilement l'en-tête HTTP Cache-Control. KSP 2 : Support de KSP 2 (à partir de 2.0.2) et testé avec Kotlin 2. Jakarta Data : Implémentation de la spécification Jakarta Data 1.0. gRPC : Support du JSON pour envoyer des messages sérialisés via un POST HTTP. ProjectGen : Nouveau module expérimental pour générer des projets JVM (Gradle ou Maven) via une API. Un super article sur experimenter avec les event loops reactives dans les virtualthreads https://micronaut.io/2025/06/30/transitioning-to-virtual-threads-using-the-micronaut-loom-carrier/ Malheureusement cela demander le hacker le JDK C'est un article de micronaut mais le travail a ete collaboratif avec les equipes de Red Hat OpenJDK, Red Hat perf et de Quarkus et Vert.x Pour les curieux c'est un bon article Ubuntu offre un outil de creation de container pour Spring notamment https://canonical.com/blog/spring-boot-containers-made-easy creer des images OCI pour les applications Spring Boot basées sur Ubuntu base images bien sur utilise jlink pour reduire la taille pas sur de voir le gros avantage vs d'autres solutions plus portables d'ailleurs Canonical entre dans la danse des builds d'openjdk Le SDK Java de A2A contribué par Red Hat est sorti https://quarkus.io/blog/a2a-project-launches-java-sdk/ A2A est un protocole initié par Google et donne à la fondation Linux Il permet à des agents de se décrire et d'interagir entre eux Agent cards, skills, tâche, contexte A2A complémente MCP Red hat a implémenté le SDK Java avec le conseil des équipes Google En quelques annotations et classes on a un agent card, un client A2A et un serveur avec l'échange de messages via le protocole A2A Comment configurer mockito sans warning après java 21 https://rieckpil.de/how-to-configure-mockito-agent-for-java-21-without-warning/ les agents chargés dynamiquement sont déconseillés et seront interdis bientôt Un des usages est mockito via bytebuddy L'avantage est que la,configuration était transparente Mais bon sécurité oblige c'est fini. Donc l'article décrit comment configurer maven gradle pour mettre l'agent au démarrage des tests Et aussi comment configurer cela dans IntelliJ idea. Moins simple malheureusement Web Des raisons “égoïstes” de rendre les UIs plus accessibles https://nolanlawson.com/2025/06/16/selfish-reasons-for-building-accessible-uis/ Raisons égoïstes : Des avantages personnels pour les développeurs de créer des interfaces utilisateurs (UI) accessibles, au-delà des arguments moraux. Débogage facilité : Une interface accessible, avec une structure sémantique claire, est plus facile à déboguer qu'un code désordonné (la « soupe de div »). Noms standardisés : L'accessibilité fournit un vocabulaire standard (par exemple, les directives WAI-ARIA) pour nommer les composants d'interface, ce qui aide à la clarté et à la structuration du code. Tests simplifiés : Il est plus simple d'écrire des tests automatisés pour des éléments d'interface accessibles, car ils peuvent être ciblés de manière plus fiable et sémantique. Après 20 ans de stagnation, la spécification du format d'image PNG évolue enfin ! https://www.programmax.net/articles/png-is-back/ Objectif : Maintenir la pertinence et la compétitivité du format. Recommandation : Soutenu par des institutions comme la Bibliothèque du Congrès américain. Nouveautés Clés :Prise en charge du HDR (High Dynamic Range) pour une plus grande gamme de couleurs. Reconnaissance officielle des PNG animés (APNG). Support des métadonnées Exif (copyright, géolocalisation, etc.). Support Actuel : Déjà intégré dans Chrome, Safari, Firefox, iOS, macOS et Photoshop. Futur :Prochaine édition : focus sur l'interopérabilité entre HDR et SDR. Édition suivante : améliorations de la compression. Avec le projet open source Xtool, on peut maintenant construire des applications iOS sur Linux ou Windows, sans avoir besoin d'avoir obligatoirement un Mac https://xtool.sh/tutorials/xtool/ Un tutoriel très bien fait explique comment faire : Création d'un nouveau projet via la commande xtool new. Génération d'un package Swift avec des fichiers clés comme Package.swift et xtool.yml. Build et exécution de l'app sur un appareil iOS avec xtool dev. Connexion de l'appareil en USB, gestion du jumelage et du Mode Développeur. xtool gère automatiquement les certificats, profils de provisionnement et la signature de l'app. Modification du code de l'interface utilisateur (ex: ContentView.swift). Reconstruction et réinstallation rapide de l'app mise à jour avec xtool dev. xtool est basé sur VSCode sur la partie IDE Data et Intelligence Artificielle Nouvelle edition du best seller mondial “Understanding LangChain4j” : https://www.linkedin.com/posts/agoncal_langchain4j-java-ai-activity-7342825482830200833-rtw8/ Mise a jour des APIs (de LC4j 0.35 a 1.1.0) Nouveaux Chapitres sur MCP / Easy RAG / JSon Response Nouveaux modeles (GitHub Model, DeepSeek, Foundry Local) Mise a jour des modeles existants (GPT-4.1, Claude 3.7…) Google donne A2A a la Foundation Linux https://developers.googleblog.com/en/google-cloud-donates-a2a-to-linux-foundation/ Annonce du projet Agent2Agent (A2A) : Lors du sommet Open Source Summit North America, la Linux Foundation a annoncé la création du projet Agent2Agent, en partenariat avec Google, AWS, Microsoft, Cisco, Salesforce, SAP et ServiceNow. Objectif du protocole A2A : Ce protocole vise à établir une norme ouverte pour permettre aux agents d'intelligence artificielle (IA) de communiquer, collaborer et coordonner des tâches complexes entre eux, indépendamment de leur fournisseur. Transfert de Google à la communauté open source : Google a transféré la spécification du protocole A2A, les SDK associés et les outils de développement à la Linux Foundation pour garantir une gouvernance neutre et communautaire. Soutien de l'industrie : Plus de 100 entreprises soutiennent déjà le protocole. AWS et Cisco sont les derniers à l'avoir validé. Chaque entreprise partenaire a souligné l'importance de l'interopérabilité et de la collaboration ouverte pour l'avenir de l'IA. Objectifs de la fondation A2A : Établir une norme universelle pour l'interopérabilité des agents IA. Favoriser un écosystème mondial de développeurs et d'innovateurs. Garantir une gouvernance neutre et ouverte. Accélérer l'innovation sécurisée et collaborative. parler de la spec et surement dire qu'on aura l'occasion d'y revenir Gemini CLI :https://blog.google/technology/developers/introducing-gemini-cli-open-source-ai-agent/ Agent IA dans le terminal : Gemini CLI permet d'utiliser l'IA Gemini directement depuis le terminal. Gratuit avec compte Google : Accès à Gemini 2.5 Pro avec des limites généreuses. Fonctionnalités puissantes : Génère du code, exécute des commandes, automatise des tâches. Open source : Personnalisable et extensible par la communauté. Complément de Code Assist : Fonctionne aussi avec les IDE comme VS Code. Au lieu de blocker les IAs sur vos sites vous pouvez peut-être les guider avec les fichiers LLMs.txt https://llmstxt.org/ Exemples du projet angular: llms.txt un simple index avec des liens : https://angular.dev/llms.txt lllms-full.txt une version bien plus détaillée : https://angular.dev/llms-full.txt Outillage Les commits dans Git sont immuables, mais saviez vous que vous pouviez rajouter / mettre à jour des “notes” sur les commits ? https://tylercipriani.com/blog/2022/11/19/git-notes-gits-coolest-most-unloved-feature/ Fonctionnalité méconnue : git notes est une fonctionnalité puissante mais peu utilisée de Git. Ajout de métadonnées : Permet d'attacher des informations à des commits existants sans en modifier le hash. Cas d'usage : Idéal pour ajouter des données issues de systèmes automatisés (builds, tickets, etc.). Revue de code distribuée : Des outils comme git-appraise ont été construits sur git notes pour permettre une revue de code entièrement distribuée, indépendante des forges (GitHub, GitLab). Peu populaire : Son interface complexe et le manque de support des plateformes de forge ont limité son adoption (GitHub n'affiche même pas/plus les notes). Indépendance des forges : git notes offre une voie vers une plus grande indépendance vis-à-vis des plateformes centralisées, en distribuant l'historique du projet avec le code lui-même. Un aperçu dur Spring Boot debugger dans IntelliJ idea ultimate https://blog.jetbrains.com/idea/2025/06/demystifying-spring-boot-with-spring-debugger/ montre cet outil qui donne du contexte spécifique à Spring comme les beans non activés, ceux mockés, la valeur des configs, l'état des transactions Il permet de visualiser tous les beans Spring directement dans la vue projet, avec les beans non instanciés grisés et les beans mockés marqués en orange pour les tests Il résout le problème de résolution des propriétés en affichant la valeur effective en temps réel dans les fichiers properties et yaml, avec la source exacte des valeurs surchargées Il affiche des indicateurs visuels pour les méthodes exécutées dans des transactions actives, avec les détails complets de la transaction et une hiérarchie visuelle pour les transactions imbriquées Il détecte automatiquement toutes les connexions DataSource actives et les intègre avec la fenêtre d'outils Database d'IntelliJ IDEA pour l'inspection Il permet l'auto-complétion et l'invocation de tous les beans chargés dans l'évaluateur d'expression, fonctionnant comme un REPL pour le contexte Spring Il fonctionne sans agent runtime supplémentaire en utilisant des breakpoints non-suspendus dans les bibliothèques Spring Boot pour analyser les données localement Une liste communautaire sur les assistants IA pour le code, lancée par Lize Raes https://aitoolcomparator.com/ tableau comparatif qui permet de voir les différentes fonctionnalités supportées par ces outils Architecture Un article sur l'architecture hexagonale en Java https://foojay.io/today/clean-and-modular-java-a-hexagonal-architecture-approach/ article introductif mais avec exemple sur l'architecture hexagonale entre le domaine, l'application et l‘infrastructure Le domain est sans dépendance L‘appli spécifique à l'application mais sans dépendance technique explique le flow L'infrastructure aura les dépendances à vos frameworks spring, Quarkus Micronaut, Kafka etc Je suis naturellement pas fan de l'architecture hexagonale en terme de volume de code vs le gain surtout en microservices mais c'est toujours intéressant de se challenger et de regarder le bénéfice coût. Gardez un œil sur les technologies avec les tech radar https://www.sfeir.dev/cloud/tech-radar-gardez-un-oeil-sur-le-paysage-technologique/ Le Tech Radar est crucial pour la veille technologique continue et la prise de décision éclairée. Il catégorise les technologies en Adopt, Trial, Assess, Hold, selon leur maturité et pertinence. Il est recommandé de créer son propre Tech Radar pour l'adapter aux besoins spécifiques, en s'inspirant des Radars publics. Utilisez des outils de découverte (Alternativeto), de tendance (Google Trends), de gestion d'obsolescence (End-of-life.date) et d'apprentissage (roadmap.sh). Restez informé via les blogs, podcasts, newsletters (TLDR), et les réseaux sociaux/communautés (X, Slack). L'objectif est de rester compétitif et de faire des choix technologiques stratégiques. Attention à ne pas sous-estimer son coût de maintenance Méthodologies Le concept d'expert generaliste https://martinfowler.com/articles/expert-generalist.html L'industrie pousse vers une spécialisation étroite, mais les collègues les plus efficaces excellent dans plusieurs domaines à la fois Un développeur Python expérimenté peut rapidement devenir productif dans une équipe Java grâce aux concepts fondamentaux partagés L'expertise réelle comporte deux aspects : la profondeur dans un domaine et la capacité d'apprendre rapidement Les Expert Generalists développent une maîtrise durable au niveau des principes fondamentaux plutôt que des outils spécifiques La curiosité est essentielle : ils explorent les nouvelles technologies et s'assurent de comprendre les réponses au lieu de copier-coller du code La collaboration est vitale car ils savent qu'ils ne peuvent pas tout maîtriser et travaillent efficacement avec des spécialistes L'humilité les pousse à d'abord comprendre pourquoi les choses fonctionnent d'une certaine manière avant de les remettre en question Le focus client canalise leur curiosité vers ce qui aide réellement les utilisateurs à exceller dans leur travail L'industrie doit traiter “Expert Generalist” comme une compétence de première classe à nommer, évaluer et former ca me rappelle le technical staff Un article sur les métriques métier et leurs valeurs https://blog.ippon.fr/2025/07/02/monitoring-metier-comment-va-vraiment-ton-service-2/ un article de rappel sur la valeur du monitoring métier et ses valeurs Le monitoring technique traditionnel (CPU, serveurs, API) ne garantit pas que le service fonctionne correctement pour l'utilisateur final. Le monitoring métier complète le monitoring technique en se concentrant sur l'expérience réelle des utilisateurs plutôt que sur les composants isolés. Il surveille des parcours critiques concrets comme “un client peut-il finaliser sa commande ?” au lieu d'indicateurs abstraits. Les métriques métier sont directement actionnables : taux de succès, délais moyens et volumes d'erreurs permettent de prioriser les actions. C'est un outil de pilotage stratégique qui améliore la réactivité, la priorisation et le dialogue entre équipes techniques et métier. La mise en place suit 5 étapes : dashboard technique fiable, identification des parcours critiques, traduction en indicateurs, centralisation et suivi dans la durée. Une Definition of Done doit formaliser des critères objectifs avant d'instrumenter tout parcours métier. Les indicateurs mesurables incluent les points de passage réussis/échoués, les temps entre actions et le respect des règles métier. Les dashboards doivent être intégrés dans les rituels quotidiens avec un système d'alertes temps réel compréhensibles. Le dispositif doit évoluer continuellement avec les transformations produit en questionnant chaque incident pour améliorer la détection. La difficulté c'est effectivement l'évolution métier par exemple peu de commandes la nuit etc ça fait partie de la boîte à outils SRE Sécurité Toujours à la recherche du S de Sécurité dans les MCP https://www.darkreading.com/cloud-security/hundreds-mcp-servers-ai-models-abuse-rce analyse des serveurs mcp ouverts et accessibles beaucoup ne font pas de sanity check des parametres si vous les utilisez dans votre appel genAI vous vous exposer ils ne sont pas mauvais fondamentalement mais n'ont pas encore de standardisation de securite si usage local prefferer stdio ou restreindre SSE à 127.0.0.1 Loi, société et organisation Nicolas Martignole, le même qui a créé le logo des Cast Codeurs, s'interroge sur les voies possibles des développeurs face à l'impact de l'IA sur notre métier https://touilleur-express.fr/2025/06/23/ni-manager-ni-contributeur-individuel/ Évolution des carrières de développeur : L'IA transforme les parcours traditionnels (manager ou expert technique). Chef d'Orchestre d'IA : Ancien manager qui pilote des IA, définit les architectures et valide le code généré. Artisan Augmenté : Développeur utilisant l'IA comme un outil pour coder plus vite et résoudre des problèmes complexes. Philosophe du Code : Un nouveau rôle centré sur le “pourquoi” du code, la conceptualisation de systèmes et l'éthique de l'IA. Charge cognitive de validation : Nouvelle charge mentale créée par la nécessité de vérifier le travail des IA. Réflexion sur l'impact : L'article invite à choisir son impact : orchestrer, créer ou guider. Entraîner les IAs sur des livres protégés (copyright) est acceptable (fair use) mais les stocker ne l'est pas https://www.reuters.com/legal/litigation/anthropic-wins-key-ruling-ai-authors-copyright-lawsuit-2025-06-24/ Victoire pour Anthropic (jusqu'au prochain procès): L'entreprise a obtenu gain de cause dans un procès très suivi concernant l'entraînement de son IA, Claude, avec des œuvres protégées par le droit d'auteur. “Fair Use” en force : Le juge a estimé que l'utilisation des livres pour entraîner l'IA relevait du “fair use” (usage équitable) car il s'agit d'une transformation du contenu, pas d'une simple reproduction. Nuance importante : Cependant, le stockage de ces œuvres dans une “bibliothèque centrale” sans autorisation a été jugé illégal, ce qui souligne la complexité de la gestion des données pour les modèles d'IA. Luc Julia, son audition au sénat https://videos.senat.fr/video.5486945_685259f55eac4.ia–audition-de-luc-julia-concepteur-de-siri On aime ou pas on aide pas Luc Julia et sa vision de l'IA . C'est un eversion encore plus longue mais dans le même thème que sa keynote à Devoxx France 2025 ( https://www.youtube.com/watch?v=JdxjGZBtp_k ) Nature et limites de l'IA : Luc Julia a insisté sur le fait que l'intelligence artificielle est une “évolution” plutôt qu'une “révolution”. Il a rappelé qu'elle repose sur des mathématiques et n'est pas “magique”. Il a également alerté sur le manque de fiabilité des informations fournies par les IA génératives comme ChatGPT, soulignant qu'« on ne peut pas leur faire confiance » car elles peuvent se tromper et que leur pertinence diminue avec le temps. Régulation de l'IA : Il a plaidé pour une régulation “intelligente et éclairée”, qui devrait se faire a posteriori afin de ne pas freiner l'innovation. Selon lui, cette régulation doit être basée sur les faits et non sur une analyse des risques a priori. Place de la France : Luc Julia a affirmé que la France possédait des chercheurs de très haut niveau et faisait partie des meilleurs mondiaux dans le domaine de l'IA. Il a cependant soulevé le problème du financement de la recherche et de l'innovation en France. IA et Société : L'audition a traité des impacts de l'IA sur la vie privée, le monde du travail et l'éducation. Luc Julia a souligné l'importance de développer l'esprit critique, notamment chez les jeunes, pour apprendre à vérifier les informations générées par les IA. Applications concrètes et futures : Le cas de la voiture autonome a été discuté, Luc Julia expliquant les différents niveaux d'autonomie et les défis restants. Il a également affirmé que l'intelligence artificielle générale (AGI), une IA qui dépasserait l'homme dans tous les domaines, est “impossible” avec les technologies actuelles. Rubrique débutant Les weakreferences et le finalize https://dzone.com/articles/advanced-java-garbage-collection-concepts un petit rappel utile sur les pièges de la méthode finalize qui peut ne jamais être invoquée Les risques de bug si finalize ne fini jamais Finalize rend le travail du garbage collector beaucoup plus complexe et inefficace Weak references sont utiles mais leur libération n'est pas contrôlable. Donc à ne pas abuser. Il y a aussi les soft et phantom references mais les usages ne sont assez subtils et complexe en fonction du GC. Le sériel va traiter les weak avant les soft, parallel non Le g1 ça dépend de la région Z1 ça dépend car le traitement est asynchrone Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 14-19 juillet 2025 : DebConf25 - Brest (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 22-24 septembre 2025 : Kernel Recipes - Paris (France) 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2 octobre 2025 : Nantes Craft - Nantes (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-7 octobre 2025 : Swift Connection 2025 - Paris (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9 octobre 2025 : DevCon #25 : informatique quantique - Paris (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16 octobre 2025 : Power 365 - 2025 - Lille (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 17 octobre 2025 : Sylius Con 2025 - Lyon (France) 17 octobre 2025 : ScalaIO 2025 - Paris (France) 20 octobre 2025 : Codeurs en Seine - Rouen (France) 23 octobre 2025 : Cloud Nord - Lille (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 5-6 novembre 2025 : Tech Show Paris - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 6 novembre 2025 : Agile Tour Aix-Marseille 2025 - Gardanne (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 19 novembre 2025 : SREday Paris 2025 Q4 - Paris (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : DevFest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 1-2 décembre 2025 : Tech Rocks Summit 2025 - Paris (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 9-11 décembre 2025 : APIdays Paris - Paris (France) 9-11 décembre 2025 : Green IO Paris - Paris (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 12-13 février 2026 : Touraine Tech #26 - Tours (France) 22-24 avril 2026 : Devoxx France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

A DOGE employee leaks private API keys to GitHub. North Korea's “Contagious Interview” campaign has a new malware loader. A New Jersey diagnostic lab suffers a ransomware attack. A top-grossing dark web marketplace goes dark in what experts believe is an exit scam. MITRE launches a cybersecurity framework to address threats in cryptocurrency and digital financial systems. Experts fear steep budget cuts and layoffs under the Trump administration may undermine cybersecurity information sharing. A Maryland IT contractor settles federal allegations of cyber fraud. Kim Jones and Ethan Cook reflect on CISO perspectives. A crypto hacker goes hero and gets a hefty reward.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Kim Jones, host of CISO perspectives, sits down with N2K's analyst Ethan Cook to reflect on highlights from this season of CISO Perspectives. They revisit key moments, discuss recurring themes like the cybersecurity workforce gap, and get Ethan's outsider take on the conversations. It's all part of a special wrap-up to close out the season finale. If you like this conversation and want to hear more from CISO Perspectives, check it out here. Selected Reading DOGE Employee exposes AI API Keys in source code, giving access to advanced xAI models (Beyond Machines) DOGE Denizen Marko Elez Leaked API Key for xAI (Krebs on Security) North Korean Actors Expand Contagious Interview Campaign with New Malware Loader (Infosecurity Magazine) Avantic Medical Lab hit by ransomware attack, data breach (Beyond Machines) Abacus Market Shutters After Exit Scam, Say Experts (Infosecurity Magazine) MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats (SecurityWeek) How Trump's Cyber Cuts Dismantle Federal Information Sharing (BankInfo Security) UK launches vulnerability research program for external experts (Bleeping Computer) Federal IT contractor to pay $14.75 fine over ‘cyber fraud' allegations (The Record) Crypto Hacker Who Drained $42,000,000 From GMX Goes White Hat, Returns Funds in Exchange for $5,000,000 Bounty (The Daily Hodl) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of Practical AI, Chris and Daniel explore the fascinating world of agentic AI for drone and robotic swarms, which is Chris's passion and professional focus. They unpack how autonomous vehicles (UxV), drones (UaV), and other autonomous multi-agent systems can collaborate without centralized control while exhibiting complex emergent behavior with agency and self-governance to accomplish a mission or shared goals. Chris and Dan delve into the role of AI real-time inference and edge computing to enable complex agentic multi-model autonomy, especially in challenging environments like disaster zones and remote industrial operations.Featuring:Chris Benson – Website, LinkedIn, Bluesky, GitHub, XDaniel Whitenack – Website, GitHub, XLinks:ROS - Robotic Operating SystemGazeboHugging Face Agents CourseSwarm Robotics | WikipediaChris's definition of Swarming:Swarming occurs when numerous independent fully-autonomous multi-agentic platforms exhibit highly-coordinated locomotive and emergent behaviors with agency and self-governance in any domain (air, ground, sea, undersea, space), functioning as a single independent logical distributed decentralized decisioning entity for purposes of C3 (command, control, communications) with human operators on-the-loop, to implement actions that achieve strategic, tactical, or operational effects in the furtherance of a mission.© 2025 Chris BensonSponsors:Outshift by Cisco: AGNTCY is an open source collective building the Internet of Agents. It's a collaboration layer where AI agents can communicate, discover each other, and work across frameworks. For developers, this means standardized agent discovery tools, seamless protocols for inter-agent communication, and modular components to compose and scale multi-agent workflows.

AGNTCY - Unlock agents at scale with an open Internet of Agents. Visit https://agntcy.org/ and add your support.   In this episode, GitHub CEO Thomas Dohmke joins us for a deep dive into the evolution of software development — from decentralized version control to the rise of AI coding agents. With over 150 million developers on GitHub and tools like Copilot rewriting the rules of software engineering, we explore what it really means to build in an AI-native future.   Thomas shares the origin story of Copilot, how GitHub is shifting from human-to-human to human-to-agent collaboration, and why he believes natural language is becoming the universal programming language. We also cover the technical architecture behind Coding Agents, the feedback loop between developers and AI, and what it takes to scale multi-agent systems in the real world.   Like and subscribe for more!     Stay Updated: Craig Smith on X:https://x.com/craigss Eye on A.I. on X: https://x.com/EyeOn_AI     (00:00) The Future of AI-Powered Coding (02:04) Thomas Dohmke's Journey (05:16) GitHub's Origin Story & Evolution (08:45) Life Before GitHub: Early Version Control Systems (10:40) What is Git? And Why GitHub Matters (12:36) The Birth of GitHub Copilot (16:17) The Rise of AI Agents (17:52) How Kids Are Learning to Code with Copilot (22:38) Can Non-Coders Use Copilot Agents Effectively? (26:01) What the Coding Agent Actually Does Behind the Scenes (31:30) The Models Behind GitHub Copilot & Developer Choice (35:22) How Much Code Is Now Written by AI? (38:51) GitHub's Innovation Strategy (41:54) What's Next for GitHub (45:24) From 150M to 1B Developers: Empowering the World to Build (47:51) GitHub Universe & Galaxy Events (49:53) GitHub's Innovation Graph and the Power of Open Collaboration

xAI, the artificial intelligence company led by Elon Musk, announced new efforts Monday to get its generative AI tool, Grok, into the hands of federal government officials. In a post to X, the company announced “Grok for Government,” which it described as a suite of products aimed at U.S. government customers. FedScoop reported on the General Services Administration's interest in Grok last week. xAI disclosed two new government partnerships: a new contract with the Defense Department, which we'll get to in a moment, and that the tool was available to purchase through GSA. “This allows every federal government department, agency, or office, to purchase xAI products,” the post added. “We're hiring mission driven engineers who want to join the cause.” The new products from xAI follow the introduction of government-specific AI intelligence platforms from companies like Anthropic and OpenAI. The announcement was made just days after xAI's formal apology for the chatbot's recent antisemitic outputs. Last Thursday, FedScoop reported that government coders at GSA were discussing, on GitHub, incorporating Grok into a testing sandbox associated with a yet-to-launch tool called AI.gov and GSAi, a GSA-created AI platform. Anthropic, Google and xAI will join OpenAI on the CDAO's nascent effort to partner with industry on pioneering artificial intelligence projects focused on national security applications. Under the individual contracts — each worth up to $200 million — the Pentagon will have access to some of the most advanced AI capabilities developed by the four companies, including large language models, agentic AI workflows, cloud-based infrastructure and more. Chief Digital and AI Officer Doug Matty said in a statement: “The adoption of AI is transforming the Department's ability to support our warfighters and maintain strategic advantage over our adversaries. Leveraging commercially available solutions into an integrated capabilities approach will accelerate the use of advanced AI as part of our Joint mission essential tasks in our warfighting domain as well as intelligence, business, and enterprise information systems.” OpenAI received the first contract for the effort June 17 and will create prototypes of agentic workflows for national security missions. According to CDAO, work with all four vendors will expand the Pentagon's experience with emerging AI capabilities, as well as give the companies better insights into how their technology can benefit the department. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Controla tu Android desde el PC con scrcpy. Duplica la pantalla, maneja apps, transfiere archivos y escribe cómodamente. ¡Libera el potencial de tu móvil!Llevo ya algunos años sin programar ninguna aplicación para Android, y es solamente ver lo bien que funciona la herramienta que hoy te traigo me entran ganas de lanzarme a implementar una aplicación de lo que sea. Y simplemente por tener el gusto de utilizar esta fantástica herramienta. Pero por ponerte los dientes largos, ¿te imaginas poder ver la pantalla de tu móvil directamente en tu ordenador?¿Y poder controlar tu móvil con el ratón y el teclado?. Pues precisamente eso es lo que hace scrcpy. Hacía ya algún tiempo que no la utilizaba, pero estos últimos días que la he estado utilizando para grabar algún que otro vídeo, lo cierto es que es una auténtica maravilla. Todas las interacciones que haces con scrcpy desde tu equipo con Linux, son inmediatas, yo no he apreciado lag alguno. En fin, una auténtica maravilla la que hoy te traigo en este nuevo episodio.Más información y enlaces en las notas del episodio

In this episode of Semaphore Uncut, we chat with Sara Vieira—developer, speaker, and hardware hacker—about her unconventional path into tech, the communities that shaped her, and why she's diving into Game Boys and 3D printing while everyone else is chasing AI.Like this episode? Be sure to leave a ⭐️⭐️⭐️⭐️⭐️ review on the podcast player of your choice and share it with your friends.

Controla tu Android desde el PC con scrcpy. Duplica la pantalla, maneja apps, transfiere archivos y escribe cómodamente. ¡Libera el potencial de tu móvil!Llevo ya algunos años sin programar ninguna aplicación para Android, y es solamente ver lo bien que funciona la herramienta que hoy te traigo me entran ganas de lanzarme a implementar una aplicación de lo que sea. Y simplemente por tener el gusto de utilizar esta fantástica herramienta. Pero por ponerte los dientes largos, ¿te imaginas poder ver la pantalla de tu móvil directamente en tu ordenador?¿Y poder controlar tu móvil con el ratón y el teclado?. Pues precisamente eso es lo que hace scrcpy. Hacía ya algún tiempo que no la utilizaba, pero estos últimos días que la he estado utilizando para grabar algún que otro vídeo, lo cierto es que es una auténtica maravilla. Todas las interacciones que haces con scrcpy desde tu equipo con Linux, son inmediatas, yo no he apreciado lag alguno. En fin, una auténtica maravilla la que hoy te traigo en este nuevo episodio.Más información y enlaces en las notas del episodio

Join me as I chat with Ras Mic to discuss the current landscape of AI development tools, evaluating each as overrated or underrated based on their potential impact for both technical and non-technical users. We particularly highlight Claude Code as "extremely underrated" and discuss how tools like Devin and CodeRabbit are changing development workflows. The conversation also addresses my controversial viral tweet about building profitable SaaS businesses with AI tools. Timestamps: 00:00 - Intro 01:32 - n8n 06:35 - LindyAI 07:31 - Claude Code 12:09 - Devin/Code Rabbit 19:56 - Bolt/Lovable/Tempo 23:12 - Figma Make/Hostinger/Airtable 27:25 - ManusAI 30:10 - VAPI 31:08 - MCP 35:46 - Vibe Coding Profitable SaaS 51:11 - GitHub Key Points: • Ras Mic and I evaluate various AI tools as "overrated" or "underrated," including n8n, String, Claude Code, Devon, and CodeRabbit • They discuss the potential of MCP (Multi-Context Protocol) and its impact on non-technical users • They analyze Greg's viral tweet about building a $50K/month SaaS business using AI tools • Ras Mic provides a simple GitHub crash course explaining branching and workflow best practices Get Your Complete Financial OS at https://www.brex.com/sip LCA helps Fortune 500s and fast-growing startups build their future - from Warner Music to Fortnite to Dropbox. We turn 'what if' into reality with AI, apps, and next-gen products https://latecheckout.agency/ Boringmarketing - Vibe Marketing for Companies: http://boringmarketing.com/ The Vibe Marketer - Join the Community and Learn: http://thevibemarketer.com/ Startup Empire - a membership for builders who want to build cash-flowing businesses https://www.skool.com/startupempire/about FIND ME ON SOCIAL X/Twitter: https://twitter.com/gregisenberg Instagram: https://instagram.com/gregisenberg/ LinkedIn: https://www.linkedin.com/in/gisenberg/ FIND MIC ON SOCIAL X/Twitter: https://x.com/rasmickyy Youtube: https://www.youtube.com/@rasmic

Frank has explored the VS Code AI Chat Agent Mode code base. We discuss. Follow Us Frank: Twitter, Blog, GitHub James: Twitter, Blog, GitHub Merge Conflict: Twitter, Facebook, Website, Chat on Discord Music : Amethyst Seer - Citrine by Adventureface ⭐⭐ Review Us (https://itunes.apple.com/us/podcast/merge-conflict/id1133064277?mt=2&ls=1) ⭐⭐ Machine transcription available on http://mergeconflict.fm

Employees at the General Services Administration appear poised to test Grok 3, the artificial intelligence tool built by Elon Musk's company xAI, according to a GitHub page referencing the agency's work. The GitHub page operated by GSA and its digital government group Technology Transformation Services references the Grok AI model as one it is testing and that the team is actively discussing as part of its 10x AI Sandbox. A GSA spokesperson told FedScoop in a response to an inquiry about the agency's work with Grok “GSA is evaluating the use of several top-tier AI solutions to empower agencies and our public servants to best achieve their goals. We welcome all American companies and models who abide by our terms and conditions.”A post from Tuesday shows what appears to be one GSA employee trying to access Grok 3 for testing, but struggling to do so. Several names of the people active on the GitHub page match those of workers affiliated with GSA. The 10x AI Sandbox project is described on GitHub as “a venture studio in collaboration with the General Services Administration (GSA). Its primary goal is to enable federal agencies to experiment with artificial intelligence (AI) in a secure, FedRAMP-compliant environment.” It continues: “By providing access to base models from leading AI companies and offering advanced UI features, the sandbox empowers agencies to test and validate new AI use cases efficiently.” The public version of the 10x AI Sandbox project page on GitHub was taken down after the publication of this story, redirecting now to a 404 error page. Interest in testing Grok comes as GSA continues to work on GSAi, an artificial intelligence tool built by the agency and meant to help employees access multiple AI models. At launch, the GSAi tool included access to several systems, including tools from Anthropic and Meta. Notably, Grok came under fire last week after promoting various antisemitic statements on the Musk-owned social media platform X. A top digital rights group is pushing back on the IRS's data-sharing agreement with the Department of Homeland Security, writing in a new court filing that the pact violates federal tax code and fails to take into account the real-world consequences of bulk data disclosure. In an amicus brief filed in the U.S. Court of Appeals for the D.C. Circuit, the Electronic Frontier Foundation argued that the “historical context” of the tax code section that ensures confidentiality of returns and return information “favors a narrow interpretation of disclosure provisions.” EFF also made the case for why the bulk disclosure of taxpayer information — in this case to Immigration and Customs Enforcement — is especially harmful due to “record linkage errors” that set the stage for “an increase in mistaken and dangerous ICE enforcement actions against taxpayers.” Nonprofit groups sued the Trump administration in March, shortly after the data-sharing deal between the IRS and ICE was announced. Soon after, the tax agency's then-acting commissioner resigned, reportedly in protest. In May, a Trump-appointed federal judge refused to block the agreement, allowing the IRS to continue delivering taxpayer data to ICE. The ruling, DHS said in a statement, was “a victory for the American people and for common sense.” As the D.C. Circuit Court considers the appeal, the Electronic Frontier Foundation wants to make sure that the “historical context” of tax and privacy law is taken into account. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Foundations of Amateur Radio Recently I was given some radio data captured on the 40m band. Using a piece of software called "Universal Radio Hacker", I attempted to decode it. At the time I thought that this might be Morse code, since then I've been told by someone who has been using Morse longer than I've been alive, that it isn't. I shared the data on my VK6FLAB GitHub repository where you can download it and see what you learn, and perhaps repeat what I did, or better still, improve on it. Over the years I've talked a little about how Software Defined Radio or SDR works, essentially it's a glorified Analogue to Digital converter, much like the sound card in your computer, which does the same, albeit at a much lower frequency. As it happens, you can represent the signal that comes into your radio antenna as a series of values. Essentially, the stronger the signal, the bigger the number, the weaker the signal, the lower the number. Let's talk about the characteristics of this signal. It consists of two parallel signals, in opposition to each other. The first signal jumps intermittently between 7 kHz and 40 kHz, where the second jumps between -7 kHz and -40 kHz. The recording is marked 7.06 MHz, so if we think of that as the central frequency, the whole signal sits between 7.02 and 7.1 MHz. This 80 kHz wide signal is not something you'd typically be able to hear using a standard amateur radio receiver which tops out at about 3 kHz bandwidth. It's so wide that you couldn't even hear more than one of the four tones at the same time. Randall VK6WR, who supplied the recording, spotted it on a waterfall display showing a chunk of radio spectrum, in fact, a $25 RTL-SDR dongle could receive this signal. Aside from the fact that this is a really wide signal, well at least in traditional amateur radio terms, it was interesting in that it was heard on the 40m band. As it happens, just after I shared my initial exploration, I was told by several other amateurs that they had heard the signal. I even saw it on a WebSDR in India and attempted to record it, but failed. As it happens, a few weeks ago, I was playing with something called "CAN Bus", or Controller Area Network, a technology that was designed in 1983 and is used all over cars for things like sensors for speed, engine temperature, oxygen level, detonation timing and anything else that's happening inside a car. You might know the end-user view of this called OBD2 or On Board Diagnostics, second generation. I was looking into it because my car has been acting up and I've been trying to track down the root cause. Anyway, I learned that CAN Bus is implemented using something neat, "differential signalling", where two wires each carry the same, but opposite signal, so they can be combined to ensure that in an electrically noisy environment like a car, the information still gets where it needs to go. Seeing the radio signal Randall shared, reminded me of this. Noise immunity is a useful attribute in digital HF communication, so I can understand why it was done like this, but it also means that either signal was sufficient to start to decode the information. We can use Universal Radio Hacker to show us only half the signal using a band pass filter. I then decided that the 40 kHz frequency was "on" and represented by a "one" and the 7 kHz frequency was "off", represented by a "zero". Of course that's entirely arbitrary, there's no reason that it cannot be the other way around, but for our purposes it doesn't matter at this time. That said, we don't yet have enough to decode the actual signal. We need to figure out how long each switch, or bit, lasts, because two zero's side-by-side or two ones side-by-side would look like a long "off" or a long "on". Using that logic, you could also say that the shortest possible duration for a 40 kHz or a 7 kHz tone would represent a single "one" or a single "zero". Of course, this is a simplified view of the world. For example, the data file contains more than thirteen and a half million bytes. Half of those are for the I in I/Q, the other for the Q. I'm purposefully glossing over a bunch of stuff here, specifically the notion of so-called I/Q signals, that's for another time. In computing a single byte can represent 256 different values. It means that if the signal is represented by a single byte, a voltage from the antenna at maximum amplitude can be represented as 255 and the minimum amplitude as 0. As it happens, voltages go up and down around zero, so, now we're only using half a byte, 127 for maximum, -128 for minimum. If we use two bytes, we get significantly more resolution, -32,768 as the minimum and 32,767 as the max. A little trial and error using another tool, "inspectrum", told me that the data was organised as two bytes per sample. Which brings the next point. How many samples per signal? Said differently, we're measuring the antenna voltage several times per second, let's say twice per second. If a tone of 7 kHz lasts a second, then we get two samples showing 7 kHz. If it lasts half a second, we only get one. As it happens, we're measuring over 22,000 times per second and using the cursor feature on Universal Radio Hacker, we can determine that each signal lasts 2,500 samples. It's roughly a rate of 100 bits per second. The "inspectrum" tool puts it at 91.81 Baud. It's not a standard Baud rate, sitting between 75 and 110 Baud. Using Universal Radio Hacker, I was able to decode 1,416 bits. You'll find them on my GitHub page next to the signal. Now for the fun. What does it mean? I started with looking for structure, by looking for zeroes. In short order I discovered several sequences of zero, then I noticed that there appeared to be a repeating pattern. After some trial and error, using the "grep" and "fold" commands on my Linux terminal, I discovered that the pattern repeats, more or less, every 255 bits. I say more or less, because there are a few bits that are not the same. I suspect that this is a decoding error which could potentially have been eliminated by using the noise immunity features associated with the differential signalling, but I don't yet know how to do that. Here's what I think I'm looking at. It appears to be a signal that's a unique identifier, specifically so that it can be used to synchronise two things together. In this case, I suspect that it's an over the horizon radar and the sequence is used to synchronise the transmitter and the receiver. I think that the signal strength variations are what allows reflections to be measured and I suspect that the actual transmitter and receiver are using more than two bytes to represent each sample, but I'm speculating. If you have an alternative explanation, I'm all ears. I'm Onno VK6FLAB

This is the Engineering Culture Podcast, from the people behind InfoQ.com and the QCon conferences. In this podcast, Shane Hastie, Lead Editor for Culture & Methods, spoke to Idan Gazit and Eddie Aftandilian from GitHub Next how their research and prototyping team operates as a "department of fool around and find out", exploring AI-powered developer tools through rapid experimentation and user feedback. Read a transcript of this interview: http://bit.ly/45XoUsP Subscribe to the Software Architects' Newsletter for your monthly guide to the essential news and experience from industry peers on emerging patterns and technologies: https://www.infoq.com/software-architects-newsletter Upcoming Events: InfoQ Dev Summit Munich (October 15-16, 2025) Essential insights on critical software development priorities. https://devsummit.infoq.com/conference/munich2025 QCon San Francisco 2025 (November 17-21, 2025) Get practical inspiration and best practices on emerging software trends directly from senior software developers at early adopter companies. https://qconsf.com/ QCon AI New York 2025 (December 16-17, 2025) https://ai.qconferences.com/ The InfoQ Podcasts: Weekly inspiration to drive innovation and build great teams from senior software leaders. Listen to all our podcasts and read interview transcripts: - The InfoQ Podcast https://www.infoq.com/podcasts/ - Engineering Culture Podcast by InfoQ https://www.infoq.com/podcasts/#engineering_culture - Generally AI: https://www.infoq.com/generally-ai-podcast/ Follow InfoQ: - Mastodon: https://techhub.social/@infoq - X: https://x.com/InfoQ?from=@ - LinkedIn: https://www.linkedin.com/company/infoq/ - Facebook: https://www.facebook.com/InfoQdotcom# - Instagram: https://www.instagram.com/infoqdotcom/?hl=en - Youtube: https://www.youtube.com/infoq - Bluesky: https://bsky.app/profile/infoq.com Write for InfoQ: Learn and share the changes and innovations in professional software development. - Join a community of experts. - Increase your visibility. - Grow your career. https://www.infoq.com/write-for-infoq

Chad dives into a different kind of development with Jon Gamble, CTO of Fordje (https://www.fordje.com/), as they talk all things city code and construction. Jon breakdowns the different types of construction Fordje (https://www.fordje.com/) covers and the clients they aim to serve, the reality of building a new starter business with a such a small team, the value of trust and communication when developing such a business, and how being the only developer on the team drives creativity and a desire to succeed. — Stay up to date with the work that Jon does with Fordje (https://www.fordje.com/) over on their LinkedIn page (https://www.linkedin.com/company/fordje/), or by connecting with him directly (https://www.linkedin.com/in/jonfgamble/). Your host for this episode has been Chad Pytel. You can find Chad all over social media as @cpytel, or over on LinkedIn (https://www.linkedin.com/in/cpytel/). If you would like to support the show, head over to our GitHub page (https://github.com/sponsors/thoughtbot), or check out our website (https://podcast.thoughtbot.com). Got a question or comment about the show? Why not write to our hosts: hosts@giantrobots.fm This has been a thoughtbot (https://thoughtbot.com/) podcast. Stay up to date by following us on social media - LinkedIn (https://www.linkedin.com/company/150727/) - Mastodon (https://thoughtbot.social/@thoughtbot) - Bluesky (https://bsky.app/profile/thoughtbot.com) © 2025 thoughtbot, inc.

In episode 39 of Generationship, Rachel speaks with Simon Willison, founder of Datasette and co-creator of Django. Simon discusses the surprising resurgence of blogging, his coining of the term “prompt injection,” the power of learning in public, and how he uses GitHub issues as an external brain to manage hundreds of projects. This quick-witted and humorous conversation offers a pragmatic look at leveraging today's tools for maximum productivity and impact.

Tududi es una aplicación de gestión de tareas de código abierto, construida con tecnologías web modernas como React para el frontend y Express.js para el backend. Su principal atractivo radica en su capacidad de ser autoalojada, lo que te brinda la libertad de gestionar tus tareas sin depender de servicios de terceros. Además, ofrece soporte multi-idioma y una interesante integración con Telegram para una gestión de tareas aún más accesible.Más información, enlaces y notas en https://atareao.es/podcast/710

In episode 39 of Generationship, Rachel speaks with Simon Willison, founder of Datasette and co-creator of Django. Simon discusses the surprising resurgence of blogging, his coining of the term “prompt injection,” the power of learning in public, and how he uses GitHub issues as an external brain to manage hundreds of projects. This quick-witted and humorous conversation offers a pragmatic look at leveraging today's tools for maximum productivity and impact.

This episode introduces a weekend project that will give you authentic experience working with existing code—a crucial skill that most tutorials and coding platforms simply don't teach. Using Kyle Simpson's YouPeriod GitHub repository, you'll learn to navigate a codebase written by someone else, which is exactly what you'll do in your first development job. This particular project is perfect for beginners because it uses fundamental web technologies (HTML, CSS, and vanilla JavaScript) rather than complex frameworks like React or TypeScript.Here's the Github repo: https://github.com/getify/youperiod.appThis weekend project will teach you more about real development work than weeks of guided exercises. If you're completely new to JavaScript, check out our Dev30 program at dev30.xyz, where you can learn the fundamentals and beyond.Send us a textShameless Plugs

"There's a lot of hype with the AI agents and their productivity and potential outcomes. AI Agents are quite amazing, says Eric Paulsen, EMEA Field CTO at Coder.In this episode of the Tech Transformed podcast, Shubhangi Dua, Podcast Host and Producer at EM360Tech, talks to Paulsen about the constantly advancing role of AI agents in development environments. Paulsen explains how AI agents can help developers by handling simpler tasks, almost like having assistants or junior developers to assist them. Not only would this boost productivity and time efficiency, but the technology will also ensure human oversight. The conversation further explores how AI fits into cloud development environments, especially in regulated areas like finance, where security and scalability matter most. Paulsen stresses the value of internal AI models and points out Coder's unique role in offering infrastructure-neutral solutions that meet various enterprise needs.AI Agents Are More Than Just Code WritersWhen people hear "agentic AI" or "coding agents," there's often a misconception about fully autonomous coders. However, Paulsen clarifies, "That's a far stretch from where we currently have been, which is with just AI-assisted IDE extensions such as GitHub, Copilot, Amazon Q Developer and systems of that nature." Coder focuses on agentic solutions that have a human developer in the loop, emphasising Paulsen. “Think of an AI agent as a junior engineer working alongside you,” Paulsen explains. "If anything, it's improving the output of the human engineer by having an autonomous or artificial or AI process. In the same development environment, working on other tasks that might not necessarily be as complex," he adds. This means developers can offload simple tasks like bug fixes or dependency updates, freeing them to focus on more complex features.How to Scale AI Agents Securely in Enterprises?For large financial institutions that have hundreds and even thousands of software engineers, deploying AI agents at scale requires a consistent and secure approach. Cloud development environments provide the best way to deliver and package these agents for developers.The main concern for enterprises is ensuring data security in addition to stopping AI agents from "running wild on a laptop." Paulsen stresses the need for agents to work within an "isolated compute," with "boundaries around those agents inside of that isolated compute." Such a secure environment provides guardrails to synchronise and boost productivity between humans and AI while preventing sensitive data breaches or "hallucinations" from the AI.Additionally, financial institutions are now increasingly developing their own internal AI models. Paulsen mentions, "What these institutions need is an AI agent that is trained on the internal dataset and internal LLM that is built within the firm so that it can make those decisions and return the relevant output to the data scientist or software engineer." This move towards self-hosted LLMs and internal AI infrastructure is essential for adopting enterprise-grade AI.The ultimate message is that cloud development environments should provide the framework where AI agents are running inside an enterprise's infrastructure. “AI agents have access to the data, and they're observed and governed by a set of security standards that you have internally,” says the EMEA Field CTO at Coder.TakeawaysAI agents can assist developers by handling simpler...

Preston Pysh welcomes back NVK, renowned Bitcoin expert and founder of Coinkite, for an in-depth conversation on the future of Bitcoin, the evolving dynamics of its core development, and the promising rise of decentralized platforms like Nostr. IN THIS EPISODE YOU'LL LEARN: 00:00 - Intro  02:01 - How Bitcoin's increasing price may sustain mining incentives post-halving 09:37 - The evolution from Satoshi's original code to the current Bitcoin Core 14:15 - Insights into Bitcoin Knots and the separation of wallet and consensus code 19:41 - Critiques of Bitcoin's development scene and current conference culture 20:09 - The controversy surrounding Bitcoin Core's GitHub governance 24:22 - Debates around removing the OP_RETURN 83-byte limit 32:23 - Nostr's potential to revolutionize identity and AI communication 35:45 - Key adoption challenges facing Nostr and possible solutions 44:44 - The philosophy and features behind Coinkite's hardware wallets Disclaimer: Slight discrepancies in the timestamps may occur due to podcast platform differences. BOOKS AND RESOURCES NVK's Company: ColdCard Bitcoin Hardware Wallets. Join NOSTR at Primal. Check out all the books mentioned and discussed in our podcast episodes⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠here⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Enjoy ad-free episodes when you subscribe to our⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠Premium Feed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. NEW TO THE SHOW? Join the exclusive ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠TIP Mastermind Community⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ to engage in meaningful stock investing discussions with Stig, Clay, Kyle, and the other community members. Follow our official social media accounts: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠X (Twitter)⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ | ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠LinkedIn⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ | ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Instagram⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ | ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Facebook⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ | ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠TikTok⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Check out our ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Bitcoin Fundamentals Starter Packs⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Browse through all our episodes (complete with transcripts) ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠here⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Try our tool for picking stock winners and managing our portfolios: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠TIP Finance Tool⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Enjoy exclusive perks from our ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠favorite Apps and Services⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Get smarter about valuing businesses in just a few minutes each week through our newsletter, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠The Intrinsic Value Newsletter⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Learn how to better start, manage, and grow your business with the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠best business podcasts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. SPONSORS Support our free podcast by supporting our ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠sponsors⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠: SimpleMining Hardblock AnchorWatch Human Rights Foundation Unchained Vanta Shopify Onramp Learn more about your ad choices. Visit megaphone.fm/adchoices Support our show by becoming a premium member! https://theinvestorspodcastnetwork.supportingcast.fm

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by Grifter, the legendary Black Hat NOC lead, and Lintile, host of Hacker Jeopardy, to go behind the scenes of DEF CON and Black Hat. They unpack the chaos of managing the world's most hostile networks, share advice for first-time attendees, and explore the vibrant hacker community that thrives on connection, contests, and lifelong friendships. The conversation also covers how to submit compelling CFP abstracts, why live events matter, and the controlled mayhem that defines Hacker Jeopardy each year in Las Vegas.  Heading to Black Hat? Join us at booth #2246 where we will be recording new episodes, and request to attend the VIP Mixer. We'll also be hosting the BlueHat podcast, our friends from GitHub, and experts from our incident response team.  In this episode you'll learn:       Why skipping talks at DEF CON to join contests and villages can be more valuable  Tips for crafting compelling CFP abstracts that stand out among 1,000+ submissions  The importance of connection and niche technical discussions in the hacker community    Some questions we ask:      What advice would you give to someone who has never been to DEF CON?  How does the team plan traps and misdirection in Hacker Jeopardy questions?  What do you think the community should focus on getting out of DEF CON?  Resources:   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Get the latest threat intelligence insights and guidance at Microsoft Security Insider  The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Welcome back to Not Fintech Investment Advice, where Simon Taylor and I talk about fintech companies that we're definitely not giving investment advice on. We kick things off with Polar (think Stripe Billing but for LLMs). Polar tracks things like token usage, execution time, and even GitHub access to handle metered billing for AI-native products. It's not even payments; it's pre-payments, too. Polar helps you charge for the thing before the thing happens. Hey, as AI agents start shopping for themselves, someone has to keep the receipts… Next up is Multiply Mortgage. “Mortgage-as-a-benefit” sounds cursed, but here we are. Multiply partners with employers to offer discounted mortgages (plus human advisors) to employees with zero cost to the company. Their bet is housing is the new healthcare: too broken to fix individually, but too big for employers to ignore. Especially useful in tech, where compensation is equity-heavy and underwriting gets weird. But it's also a bet on this macro moment in time; if rates drop or unemployment spikes, the model may crack. Then there's OpenTrade. Yield-as-a-service for stablecoins. Most stablecoins can't offer interest directly (thanks, regulators), but OpenTrade does the regulatory gymnastics to plug stablecoins into money market funds via tokenized swaps. But I wonder what's more disruptive: the yield or the regulatory workarounds? You can't stop yield from sneaking in the side door (and honestly, why try?). Last up is Spinwheel (think Plaid, but for liabilities). While Plaid figured out the asset side of your balance sheet, Spinwheel builds pipes for the other half: credit cards, BNPL, student loans, and more. They started with embedded debt repayment and found their niche by giving lenders the kind of granular, real-time liability data that credit bureaus can't (or won't) offer. With Section 1033 on life support, is Spinwheel poised to become the only player with coverage that actually matters? Plus, manifestations: can someone please build a public credit bureau (kind of like a USPS for liabilities)? And while we're at it, a stablecoin for the unbanked/underbanked that isn't built on Tron? Sign up for Alex's Fintech Takes newsletter for the latest insightful analysis on fintech trends, along with a heaping pile of pop culture references and copious footnotes. Every Monday and Thursday: https://workweek.com/brand/fintech-takes/ And for more exclusive insider content, don't forget to check out my YouTube page. Follow Simon: LinkedIn: https://www.linkedin.com/in/sytaylor/ Substack: https://sytaylor.substack.com   Follow Alex:  YouTube: https://www.youtube.com/channel/UCJgfH47QEwbQmkQlz1V9rQA/videos LinkedIn: https://www.linkedin.com/in/alexhjohnson Twitter: https://www.twitter.com/AlexH_Johnson Companies featured: https://polar.sh/ https://www.multiplymortgage.com/ https://www.opentrade.io/ https://spinwheel.io/

News includes LiveDebugger v0.3.0 with enhanced debugging capabilities for Phoenix LiveView including redirect following and dead process state browsing, Oban 1.6 featuring sub-workflows and cascading workflows, YOLO v0.2.0 bringing YOLOX support for faster image detection in Elixir, a discussion on the importance of testing and how AI tools are making test creation easier, helpful LiveView tips for opening unique URLs in new tabs, and progress updates on the new Expert LSP project for improved Elixir language server capabilities, and more! Show Notes online - http://podcast.thinkingelixir.com/260 (http://podcast.thinkingelixir.com/260) Elixir Community News https://www.honeybadger.io/ (https://www.honeybadger.io/utm_source=thinkingelixir&utm_medium=podcast) – Honeybadger.io is sponsoring today's show! Keep your apps healthy and your customers happy with Honeybadger! It's free to get started, and setup takes less than five minutes. https://bsky.app/profile/membrane-swmansion.bsky.social/post/3lsgrudmtgk2u (https://bsky.app/profile/membrane-swmansion.bsky.social/post/3lsgrudmtgk2u?utm_source=thinkingelixir&utm_medium=shownotes) – LiveDebugger v0.3.0 release announcement on BlueSky https://github.com/software-mansion/live-debugger (https://github.com/software-mansion/live-debugger?utm_source=thinkingelixir&utm_medium=shownotes) – LiveDebugger GitHub repository - browser-based tool for debugging Phoenix LiveView applications https://bsky.app/profile/oban.pro/post/3lstnmlzd7226 (https://bsky.app/profile/oban.pro/post/3lstnmlzd7226?utm_source=thinkingelixir&utm_medium=shownotes) – Oban 1.6 release announcement on BlueSky https://oban.pro/docs/pro/1.6.0/changelog.html (https://oban.pro/docs/pro/1.6.0/changelog.html?utm_source=thinkingelixir&utm_medium=shownotes) – Oban 1.6 changelog with sub-workflows, cascading workflows, grafting, and more features https://github.com/poeticoding/yolo_elixir (https://github.com/poeticoding/yolo_elixir?utm_source=thinkingelixir&utm_medium=shownotes) – YOLO v0.2.0 GitHub repository - image detection library for Elixir https://www.poeticoding.com/elixir-yolo-v0-2-0-yolox-support-custom-models-and-performance-boost/ (https://www.poeticoding.com/elixir-yolo-v0-2-0-yolox-support-custom-models-and-performance-boost/?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post about YOLO v0.2.0 major release with YOLOX support https://github.com/poeticoding/yolo_elixir/releases/tag/0.2.0 (https://github.com/poeticoding/yolo_elixir/releases/tag/0.2.0?utm_source=thinkingelixir&utm_medium=shownotes) – YOLO v0.2.0 release notes https://bsky.app/profile/germsvel.com/post/3lslzsazcys2r (https://bsky.app/profile/germsvel.com/post/3lslzsazcys2r?utm_source=thinkingelixir&utm_medium=shownotes) – German Velasco's BlueSky post about the importance of testing https://www.germanvelasco.com/blog/why-we-test (https://www.germanvelasco.com/blog/why-we-test?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post by German Velasco on why we test and the benefits of automated testing https://x.com/philipbrown/status/1939630205875663017 (https://x.com/philipbrown/status/1939630205875663017?utm_source=thinkingelixir&utm_medium=shownotes) – Philip Brown's Twitter tip about generating unique URLs from LiveView that open in new tabs https://expert-lsp.org/ (https://expert-lsp.org/?utm_source=thinkingelixir&utm_medium=shownotes) – Expert LSP project website placeholder for the new Elixir Language Server https://bsky.app/profile/expert-lsp.org/post/3lsqragb4ns23 (https://bsky.app/profile/expert-lsp.org/post/3lsqragb4ns23?utm_source=thinkingelixir&utm_medium=shownotes) – Expert LSP BlueSky account first teaser post about the new Elixir Language Server project Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)

In Season 25, Episode 10 of the "Building Better Developers with AI" podcast, Rob Broadhead and Michael Meloche revisit one of their most practical episodes: decluttering your code and digital life. However, this time, they utilize AI tools like ChatGPT to elevate the conversation and provide even more actionable ways to streamline your workflow, sharpen focus, and enhance developer productivity. Why Developers Should Declutter—and Level Up Developer clutter goes far beyond messy code. It creeps into your tabs, your file system, your brain, and your workflow. Rob and Michael explore how revisiting the original topic through the lens of AI created deeper, more structured insights. AI not only confirmed their past advice—it elevated it. As Rob puts it: “Clutter doesn't show up in your IDE, but it absolutely shows up in your performance.” AI helped them reframe the conversation into clear action steps that help you level up your development workflow by decluttering at every level—from code to cognition. Clean Code Is Smart Code: Use AI to Level Up Your Refactoring A central theme of the episode is simple: Great developers delete code. Michael and Rob walk through common bad habits—commented-out code, legacy logic, stale TODOs—and how they quietly accumulate technical debt. They recommend using tools like ESLint, Prettier, or Flake8 to automatically flag issues. More importantly, they encourage developers to make cleanup a weekly routine, not a once-a-year emergency. AI Tip: Utilize ChatGPT to refactor lengthy methods, rename ambiguous variables, or break down complex classes into more manageable components. It's a quick way to make your code easier to read, test, and maintain. Optimize Your Tools: Streamline and Standardize Your Workspace If you want to level up your development workflow truly, decluttering extends beyond the codebase. Your workspace setup—browser tabs, IDE extensions, terminal scripts—can either streamline your productivity or sabotage it. Rob's key practices: Limit browser tabs to 10 or fewer Disable unused plugins and extensions Stick to a consistent folder structure Use shell scripts, makefiles, or Git aliases to speed up routine tasks Michael reinforces the idea with his “kitchen sink” app concept—a reusable codebase that acts as both a portfolio and a best-practices toolkit. Silence the Noise: Declutter Your Developer Brain Clutter isn't just digital—it's cognitive. Rob and Michael emphasize how context-switching kills focus and creativity. To combat this, they recommend: Turning off nonessential notifications (on phone, desktop, and wearables) Using time boxing (e.g., Pomodoro technique) Auditing your calendar weekly Creating interruption-free zones for deep work Pro Tip: Play white noise or ambient focus tracks to drown out distractions and stay locked in. These habits allow you to protect your most important asset as a developer—your attention. Make Decluttering a Weekly Habit and Watch Your Workflow Level Up Don't wait for a meltdown to clean house. Rob and Michael suggest building decluttering directly into your dev rhythm—especially at the end of each sprint or workweek. Their weekly checklist: Archive stale Git branches Delete unused files and TODOs Refactor one file for clarity Restart your system Review your inbox and calendar Even a 15-minute Friday cleanup session can give you a cleaner slate and a sharper mind going into Monday. Bonus: Fewer Tools, More Flow Tool overload is another form of workflow clutter. Michael recommends consolidating everything into one platform—whether it's GitHub, Jira, or Notion. “Let the business be disorganized,” he says. “You bring the order.” Rob echoes this with a challenge: Take one week to migrate everything from your old tools into your primary stack. You'll save time and reduce friction moving forward. Final Thoughts: Use AI to Clean, Simplify, and Level Up Decluttering isn't just about tidiness—it's about creating space to do your best work. And with AI now in your toolkit, you can automate, refactor, and optimize like never before. Stay Connected: Join the Developreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Contact us at info@develpreneur.com with your questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources Balance Your Time in a Busy World: Tools and Techniques Boost Your Developer Efficiency: Automation Tips for Developers Code Refactoring: Maintaining Clean, Efficient Code Cleaning Your Task List Building Better Developers With AI Podcast Videos – With Bonus Content

The current phase of software development is probably the most insecure era ever — there's so much more application and code that's vulnerable, according to Snyk CEO Peter McKay. “It was a struggle for security teams to keep up with the pace of software development prior to generative AI, and now with generative and copilot and Windsurf and all the tools that are out there, you know, they're moving even faster and security is struggling to keep up.” McKay joins Bloomberg Intelligence's head of technology research, Mandeep Singh, to discuss the application of large-language models for securing the use of tools, including Cursor and Github copilots. He also talks about the addressable market for DevSecOps (the development, security and operations approach), potential automation driven by AI and Snyk's acquisitions for both talent and product features as the attack surface expands in cybersecurity.

In this ep, we chat with Rodrigo Girão Serrão about his journey from mathematician to Pythonista. What started as a colleague's tip turned into 11 years of Python exploration. Rodrigo shares how his background in APL reshaped the way he writes Python, helping him embrace list comprehensions and functional patterns more intuitively.We dig into his latest side project—a bytecode compiler written in Python—and what that reveals about how Python really works under the hood. Rodrigo unpacks dunder methods, decorators, and how Python's consistent design makes building elegant, expressive code a joy.He also shares great advice on giving talks: from deep diving into topics to letting ideas evolve before structuring a presentation. His love for community and clarity in coding is contagious.Whether you're new to Python or a seasoned dev, this conversation will give you a deeper appreciation for the language we all love.Connect with Rodrigo on socials:Github: https://github.com/rodrigogiraoserraoLinkedIn: https://www.linkedin.com/in/rodrigo-gir%C3%A3o-serr%C3%A3o/Check our these links for some further reading/viewing:RP podcast: https://realpython.com/podcasts/rpp/252/The categorisation of the module itertools: https://mathspp.com/blog/module-itertools-overviewA tutorial on decorators: https://mathspp.com/blog/pydonts/decoratorsAn article about dunder methods: https://mathspp.com/blog/pydonts/dunder-methodsWhy APL is a language worth knowing (article): https://mathspp.com/blog/why-apl-is-a-language-worth-knowingHow APL made me a better Python developer (talk/video): https://www.youtube.com/watch?v=tDy-to9fgawThe series of articles with the compiler/interpreter: https://mathspp.com/blog/tags/bpciA tutorial is not a long talk: https://mathspp.com/blog/a-tutorial-is-not-a-long-talkHow I prepare a technical talk: https://mathspp.com/blog/how-i-prepare-a-technical-talk Structural pattern matching: https://peps.python.org/pep-0636/ ___

In dieser Episode nehmen wir dich mit auf eine Reise hinter die Kulissen von Home Assistant – dem Open-Source-Giganten für Home Automation, der den Smart-Home-Markt im Sturm erobert hat. Es geht um eine Frage, die (fast) jede Tech-Community irgendwann beschäftigt: Ab welchem Punkt reicht Ehrenamt nicht mehr aus, und wie schafft man Strukturen, die weltweit Wirkung entfalten?Zusammen mit Pascal Vizeli – Co-Founder und CFO von Nabu Casa und Gründungsvorstand der Open Home Foundation – tauchen wir tief ein: Wie wächst ein Open-Source-Projekt von einer Freizeitidee zum internationalen Backbone für Smart Homes? Warum braucht es eine Schweizer Stiftung, um Kommerzialisierung zu verhindern? Und was hat es mit Works With Home Assistant, lizenzierten Produkten, Hardware-Innovationen und politischen Ambitionen auf sich?Spannend wird's, wenn Pascal erzählt, wie es gelingt, aus Community-Engagement professionelle Jobs zu machen, warum Datenschutz und Nachhaltigkeit zentrale Werte sind und wie Open Source endlich auch die großen Hersteller in die Pflicht nimmt. Dazu gibt's jede Menge Insights aus der Welt des Home Assistant, von Cloud-Diensten und Lizenzmodellen bis hin zum Kampf für offene Standards, Transparenz und das Recht an den eigenen Daten.Eine Folge, die nicht nur Smart-Home-Fans elektrisiert, sondern zeigt, wie Open Source zu echtem gesellschaftlichen Impact wird. Jetzt reinhören und Open Source mit ganz neuen Augen sehen!Bonus: Wer immer schon wissen wollte, warum Vereinsbuchhaltung manchmal wichtiger ist als Programmieren und wie man mit einer Non-Profit-Stiftung weltweit Standards definiert – hier kommt die Antwort.Unsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:

It's lightning topic time! AI Assisted Coding, Archiving a Library, .NET MAUI XAML in .NET 10, 1 Month of Switch 2, CarPlay Live Activities, and new .NET MAUI 10 features. Follow Us Frank: Twitter, Blog, GitHub James: Twitter, Blog, GitHub Merge Conflict: Twitter, Facebook, Website, Chat on Discord Music : Amethyst Seer - Citrine by Adventureface ⭐⭐ Review Us (https://itunes.apple.com/us/podcast/merge-conflict/id1133064277?mt=2&ls=1) ⭐⭐ Machine transcription available on http://mergeconflict.fm

In the first episode of an "AI in the shadows" theme, Chris and Daniel explore the increasing concerning world of agentic misalignment. Starting out with a reminder about hallucinations and reasoning models, they break down how today's models only mimic reasoning, which can lead to serious ethical considerations. They unpack a fascinating (and slightly terrifying) new study from Anthropic, where agentic AI models were caught simulating blackmail, deception, and even sabotage — all in the name of goal completion and self-preservation. Featuring:Chris Benson – Website, LinkedIn, Bluesky, GitHub, XDaniel Whitenack – Website, GitHub, XLinks:Agentic Misalignment: How LLMs could be insider threatsHugging Face Agents CourseRegister for upcoming webinars here!

Kyle Daigle is the Chief Operating Officer at GitHub, the world's largest host of source code with more than 100 million developers and 420 million repositories. He joined GitHub in 2013 and later served as VP of Strategy and Chief of Staff to the CEO, playing a key role in the company's 2018 acquisition by Microsoft. Kyle is also the public face of GitHub Copilot, the AI coding assistant launched in 2021 that now helps over 15 million users. Earlier in his career, he was a partner at Digitalworkbox and VP of Product Development at Geezeo.In this conversation, we discuss:Kyle's journey from studying fine arts to leading operations at the world's largest code platformWhy GitHub Copilot is about freeing developers to focus on creativity and solving meaningful problemsWhat it means to bring pragmatism into AI development and why usefulness always wins over hypeHow AI is lowering the barriers to software creation while keeping humans at the center of accountabilityThe responsibility of platforms like GitHub to protect users from flawed code and teach safe coding by designKyle's vision for “ambient AI” and why the future should feel personal, context-aware, and privacy-consciousResources:Subscribe to the AI & The Future of Work NewsletterConnect with Kyle on LinkedInAI fun fact articleOn How to Discuss Regulation for LLMs and Legal Advice for EntrepreneursPast episodes mentioned in this conversation: [With Patty Hatter, tech exec/board member/advisor] - On the best advice for women in technology 

Der Messengerdienst Signal oder das Betriebssystem Linux basieren auf Open-Source-Software, das heißt auf freier und kostenloser Software. Das Besondere daran ist, dass der Quellcode bei Open-Source-Software offen liegt. Im Gegensatz zu kommerziellen Angeboten, die oft teuer sind. Getragen wird diese Open-Source-Idee von Millionen Freiwilligen auf der ganzen Welt, die in ihrer Freizeit und meistens unbezahlt coden und auch Fehler im Internet reparieren. Davon profitieren alle. Doch sie tun das manchmal bis zum Burnout. In dieser 11KM-Folge erzählt BR-Journalist André Dér-Hörmeyer vom Podcast Wild Wild Web von der Motivation der Open-Source-Maintainer und warum das Internet ohne sie unsicherer wird. Hier geht's zum Podcast von André Dér-Hörmeyer: „Wild Wild Web“: https://1.ard.de/wild-wild-web In der 11KM-Folge “Kampf um die Wahrheit: Wikipedia in Gefahr” geht es auch um Schwarmintelligenz bzw. Open-Source-Content: https://1.ard.de/11KM_Wikipedia_in_Gefahr Diese und viele weitere Folgen von 11KM findet ihr überall da, wo es Podcasts gibt, auch hier in der ARD Audiothek: https://www.ardaudiothek.de/sendung/11km-der-tagesschau-podcast/12200383/ An dieser Folge waren beteiligt: Folgenautor: Christian Schepsmeier Mitarbeit: Claudia Schaffer, Marc Hoffmann Host: David Krause Produktion: Timo Lindemann, Fabian Zweck, Regina Staerke und Hanna Brünjes Planung: Nicole Dienemann und Hardy Funk Distribution: Kerstin Ammermann Redaktionsleitung: Fumiko Lipp und Lena Gürtler 11KM: der tagesschau-Podcast wird produziert von BR24 und NDR Info. Die redaktionelle Verantwortung für diese Episode liegt beim NDR.

Descubre Syncthing, la herramienta de sincronización de archivos P2P que respeta tu privacidad. Sincroniza carpetas entre dispositivos sin la nube.Desde la llegada de Gemini Cli a mi stack tecnológico se ha producido una revolución, y esto me ha llevado a darle una vuelta a mi flujo de trabajo. Quiero buscar como exprimir al máximo esta herramienta, y sacarle mucho mas partido, algo que se que es posible. Sin embargo, inevitablemente, algunas cosas tienen que cambiar. Necesito, que todos mis archivos estén de forma completamente transparente para que Gemini Cli, pueda leerlos, incluso si puede ser con control de versiones, todavía mejor, y todo por hacerle la vida mas fácil, que al final es hacernos la vidad mas fácil a nosotros. En este sentido, estaba buscando como sincronizar todos los archivos de mis dispositivos de otra forma. Fue entonces cuando me acordé de Syncthing, una herramienta que estuve utilizando hace ya algunos años, pero que había abandonado, y era el momento de recuperar.Más información y enlaces en las notas del episodio

本期节目应嘉宾的要求，我们只发布了文字稿。带来的不便还请各位听众谅解。 嘉宾 tanloong 链接 gh-133390: Support SQL keyword completion for sqlite3 CLI by tanloong · Pull Request #133393 · python/cpython SQLite Keywords QuantWiki - 中文量化百科 《阳光马达棒球场！》 文字稿 laike9m: 哈喽大家好，欢迎来到最新一期的《捕蛇者说》。我们今天请到了谭龙，然后让他来聊一聊给 CPython 做贡献的经历。谭龙其实最近给 CPython 提了一个 PR，然后也是他第一次给 CPython 做贡献。然后呢，这个贡献是给 SQLite 的那个命令行加了一些命令补全，就是可以补全 SQLite 的关键字。我们今天另外一位主播是 Manjusaka。 Manjusaka: 请叫我 Nadeshiko Manju，对吧？OK，大家好，好久不见，我又回来了。然后今天很高兴又来和 laike9m 进行搭档，来。 laike9m: 好，然后这是我们今天的嘉宾谭龙，你要不先简单介绍一下自己吧。 tanloong: Hello，大家好，我叫谭龙，我是山东的。然后 18 年的时候是来青岛上大学，然后大学本科毕业之后就在这找工作了。我本科不是计算机的，毕业之后找工作也找了一些计算机相关的工作，也有一些其他方面的工作，中间也换了好几次工作。最近是刚刚入职一家新的公司，然后是做数据分析方面的工作。谢谢。 laike9m: 所以你说你本科不是学计算机，方便透露一下吗？你本科学的是什么？ tanloong: 我本科是英语的。 laike9m: 哦，这个跨度很大。 tanloong: 对，确实。其实我本科最开始填志愿的时候，我录取的专业也不是英语，是一个调剂的专业，叫生态学。然后我是大一下学期的时候想转专业，然后正好我们学校有转专业的政策，我就从高中学的那几门课里，我觉得英语我学得还可以，然后当时也比较喜欢，所以我就决定转英语了。直到后来快毕业的时候才有点接触到这个计算机方面的这个东西。 laike9m: 然后就发现自己还是更喜欢计算机一些。那所以你之后是进行一些自学吗？然后就去找工作还是？ tanloong: 对，基本上是自学。最开始接触计算机是大一的寒假，我们辅导员让学生回家的时候在假期要学点东西，然后开学让交学习笔记。我当时从一个中国大学 MOOC 上注册了一个账号，然后它弹出来的，第一个给我推荐的课程就是 Python。那我就学这个吧。所以当时我就学，就学了这个。当时学得很不明白，然后就把 PPT 跟着敲了一遍，但是也云里雾里的。直到后来后面的几个寒暑假才看了一些成体系的 Python 的入门的书，然后算是入门 Python 了。 laike9m: 所以换句话说就是你其实一开始学，你并不知道 Python 是干嘛的，就是并没有特别地抱着某种目的，比如说我就想找一个程序员的工作这样子。 tanloong: 没有，开始的原因只是巧合，但后面坚持下来，应该也算是因为比较喜欢吧。我觉得比较有意思。 laike9m: 那还是挺有意思的，对，感觉是命运的安排。 Manjusaka: 咱行看起来都是转行的。诶，那 laike9m 你是转行吗？ laike9m: 我本科也不是学计算机的，然后我知道你本科也不是，所以。 Manjusaka: 对，那看起来大家这三个人跟少女乐队一样，这三个人里面抽不出一张计算机本科学位。 laike9m: 对，但我觉得还是你的英语这个跨度最大。 Manjusaka: 啊，对，然后，哇，卧槽。啊，现在要是学日语的，我突然就想问一下为什么要学日语。 laike9m: 学日语的转计算机还真没见过，但是很多程序员都会日语。 Manjusaka: 有，可能在大连那边还真有。 laike9m: 啊，对，大连日本人比较多。 Manjusaka: 对，对，对，日语外包会多一些。 laike9m: 嗯，好，对，说回正题，就是你相当于一开始接触的编程语言就是 Python, 然后后来相当于你在工作中可以理解也是主要用 Python, 对吗？ tanloong: 对的，我有两份工作是跟计算机相关，然后都是写 Python 的。第一个工作是之前的一份是写图形界面的，用的是 PySide, 然后就写一个称重系统。他们是一个建桥公司，就是他们需要统计他们的货车送多少货进他们工厂，然后运多少货出来，写一个这个图形界面，然后放在那个他们的磅站去，然后货车过磅的时候来统计数据。另一个工作是现在的工作是在一个私募公司做数据分析。我之前没接触过股票证券这方面的东西，现在还在学习。 laike9m: 你是开发算法吗，还是给他们开发一些内部工具或者界面之类的？ tanloong: 内部工具，我们组三个人有写算法的，但是我是属于比较初级的那种，只能写一些帮他们节省时间的工具。 laike9m: OK，对，因为我感觉那种像交易的算法可能更需要用 C++ 一些，对吧？还是说其实也有用 Python，比较好奇。 tanloong: 我们公司开发部应该是写 C++ 的，然后应该也有写 Python, 但是数据分析我们那个组主要是做一些因子的构建，就分析哪些因子它对你的这个股票的收益率贡献比较大，就这种的，我们就主要是写 Python，不写 C++。 laike9m: 明白，好的。所以就是到了今天我们要聊这个话题，然后你给 CPython 做了一个贡献。那我相信就是百分之可能 99.99% 的用过 Python 的人都没有给 Python 做过贡献，那么你一开始是怎么有这个想法的？然后就是后来你是怎么去一步一步实施这个的？ tanloong: 我最开始有这个想法是应该从天哥，就是 B 站的那个，对，他当时成为 Python Core Dev 之后，在直播的时候就有人在直播间问一个给 Python 做贡献的问题，做贡献难不难呢？这些之类的。但是天哥说，如果你想给 Python 做贡献，你是会发现有很多事可以做的，做贡献并不难。然后后来就是之前我在写称重系统的时候，需要用到 SQLite 去查用户存的那个本地的数据库。然后当时我就发现 Python 的 SQLite 的命令行界面有点不好使，就是如果它能有那个补全就好了，所以当时是有那个想法。然后实施是在后来我前段时间没有工作，然后就每天比较闲，然后我想找点事做，然后我想起来之前我想给那个 SQLite 的加补全的这个想法，我就试试吧。然后我就去 GitHub 上找，我就试了一下。然后试的时候我发现，我本来觉得这个应该是挺难的，因为我完全不知道它这个补全要怎么实现。但是我去看了一下 PDB，就是天哥维护的那个 PDB 里面的代码，它里面实现补全是那样写的，然后我就照着 PDB 的补全，然后给 SQLite 加了一个补全，然后就交了 PR。 laike9m: 所以其实也是从你的实际工作需求出发，然后加上高天的激励。对，你知道高天也来过我们这边好几次吧？ tanloong: 对，两次。 laike9m: 老听众，看来是。对，然后我觉得这个还挺有意思，就是也是算是榜样的力量吧。就是我不知道还有没有其他人是这样，就是因为听到就是有个人跟他说，哎，其实做贡献没有那么难，然后去做了，但这样挺好的。我算吧。你也算吗？ Manjusaka: 对，我算。当时我是先认识张翔老师，然后后面然后跟他聊了一些，就包括我可能当时，那位你可能还认识，那个 Ezio Melotti。谁？18 年北京的那位嘉宾，Ezio。 laike9m: 你说 PyCon。 Manjusaka: 对，就是当时我们不是邀请到另外一位来北京。 laike9m: 哦。PyCon China Beijing 2018。2018 吗？2018 我去了吗？我有点不记得了。没事你继续说吧。 Manjusaka: 你在北京，你当时还没 transfer 去美国，然后你从上海来北京。 laike9m: OK。 Manjusaka: 然后我当时聊了一下，就后面开始，正好 18 年，后面我就说我正好在休息，后面就开始陆陆续续提一些贡献，对。 laike9m: 嗯，对对，其实我觉得翔哥一定程度上也是当时给了我一些激励或者指导嘛，对。 Manjusaka: 对，张翔老师还是非常 nice 的。 laike9m: 对，就给听众们如果有不知道，就是张翔是中国的第一个 CPython core developer, 第一个核心开发者，对，然后高天是第二个。 Manjusaka: 对，然后张翔老师应该是在 16 年晋升的。嗯，反正是老前辈了，老前辈了。 laike9m: 但其实他当时就是更多是因为工作中会需要改一些 CPython 代码，他当时在华为嘛，对吧？ Manjusaka: 然后。哦，不不不，他晋升成为 CPython Core 的时候，我记得没错，是在新浪，然后他就开始编的。 laike9m: 哦，新浪，OK。 Manjusaka: 对，然后他去华为其实做的也不是跟 CPython 本身相关的，他是去做的 OpenStack 相关的东西。对，然后他对就是说是整个生态工具链会比较熟，所以说他可能跟高天老师就是说是有一点不一样，是张翔老师对于各种非常疑难问题的 debug 非常擅长，这也是我记得介绍人给他在他的 promote 介绍里面说的，对。 laike9m: 嗯，我记得他当时那个演讲。 Manjusaka: 对对对，然后我的很多 debug 技巧也来自于张翔老师，对。 laike9m: Anyway，我觉得后人都是在前人的一些基础上去做工作的。 Manjusaka: 是的，没错。 laike9m: 好，那说回谭龙的这个 PR，我其实也简单看了一下，其实我原来也不知道补全要怎么加，但发现其实还真的挺简单的。你可以跟听众们大概说一下这个流程吗？比如说我要给一个像 Python 的 SQLite 命令行加补全，它大概要做些什么工作？ tanloong: 它是写一个 context manager，然后在你进那个 readline 的时候，你把 readline 的那个 completor 给替换成你自己的函数，然后在退出的时候再把它替换回你替换之前的那个函数，就你替换之前的那种 readline 的默认的 completor。然后你自己写的那个函数是还有一个 state, 就是 readline 调你的函数拿补全的时候，它会先给你发一个 state 等于 0, 这个时候你判断了 state 等于 0 的时候，你去生成一个完整的，就根据用户当前输入的那个 text, 生成一个完整的 completion candidate 的列表。然后 readline 会继续给你发 state 等于 1, 2, 3，这个时候你把你之前生成的 candidates 按照它发的 state 做个 index, 返回你的 candidates 对应的要补全的词。然后这中间就是 state=0 的时候，你的 candidates 最好需要缓存一下，不要在每次 readline 给你发 state=1, 2, 3 的时候你再重新生成，那样会比较耗时间，注意一下性能的问题。然后基本就是这样。 laike9m: OK，我说一下我看到的那个 PR 里面，我觉得比较关键的地方就是它其实就是一个首字母的匹配，就相当于首先你有一个关键词的列表，对吧？你要构建一个说哪些单词是 SQLite 关键词，比如说 SELECT 啊 JOIN 这种。然后我发现你是当用户每输入一个字符，然后你就会去跟这些关键词的前缀做一个匹配，对吧？然后发现如果有能 match 上的，你就把它作为一个 candidate 返回，作为补全的一个。 tanloong: 就其实那个关键字最开始的，你要拿到那个 SQLite 的完整的关键字的列表，当时对我来说还是挺难的。我最开始是从 SQLite 的文档里直接复制它的完整的所有的 147 个关键字，然后硬编码到 Python 里。但是有 core dev 说这样写不太好，而且其中有一个关键字并不是在所有的 SQLite 编译出来的时候都会支持的，是一个 V 开头的关键字。希望就是这个 SQLite 这个关键字能够动态生成。然后我当时查了一下，就是如果你想动态生成需要在 C level 去写，但是我这个 C 学的不太好，虽然之前学过一个学期的公开课，但是我完全不知道就是用我查到的 SQLite 文档里说生成关键字列表的那两个函数，去生产，我不知道要怎么写，然后我也不知道怎么把它放进 Python, 所以我当时说这个对我有点难。后来有一天晚上我看到那个消息里，那位 core dev 又说了一遍，就是非常希望这个关键字列表它是能从 C 里拿到的，而不是从 Python 里拿。我当时其实有点理解错了，我以为他的意思是让我把那个硬编码的关键字列表从 Python 给移到 C 里，然后我当时就把它移到 C 里了。虽然我对那个 Python 的 C 要怎么写，然后怎么把它暴露出来，暴露给 Python 的代码去能够访问，我用了一下 AI，当时是用的豆包，问怎么在 Python 的那个 C 里面存一个列表，然后能让它暴露出来，给 Python 的代码调用。然后当时豆包写上，然后我试了一下豆包给的结果，然后是可以的，然后我就直接硬编码到 C 里，然后问那个 core dev 行不行。但是 core dev 后来回复说他的意思是不是在 C 里硬编码，而是在 C 里要动态生成。当时我就，我感觉我理解错了。然后后来是另一位 core dev 帮忙给写的，然后他写了之后给发了一个 PR 到我的那个 fork 里，然后我合并进去，然后我的 fork 再合并到 CPython 的 main。 laike9m: 我还在想，就是因为我也看到你的那个 keywords 那部分是从 C 的 module 里 import 的。这个他当时说为什么要动态生成，其实我还是不太理解。可能就是 OK，我明白，但就是你编译的时候，你会根据你的 CPython 版本有不同的关键词，这样你就不用在那个 Python 里面写，比如说 if 是什么版本，然后你的关键字要加或者减一些东西是吧？ tanloong: 对的，SQLite 它应该是在编译的时候有一个选项，如果你开了某个选项，那么它的关键词会有变化。 laike9m: 明白明白。 tanloong: 哦。 laike9m: 这个确实还挺 tricky 的，对，感觉是这个 PR 里面最困难的部分。 tanloong: 确实。 Manjusaka: 嗯。 laike9m: 那所以就是总体这个流程下来你有什么感受吗？因为我知道你的那个 PR 还被因为把 test break 了还被 revert 了一次，对吧？ tanloong: 对，它是有一个测试在运行那个 run_pty 的时候，它是用那个 run_pty 生成一个 sudo terminal, 就在一个伪终端里去模拟用户的输入，然后查看它给的 candidates 是不是符合预期。但是在那个伪终端里，它给的 candidates 是带颜色的。就是你的 candidates，它的两边会有那个控制符。 laike9m: 它那个颜色码嘛，然后就不对了。 tanloong: 对，然后测试就 fail 了。当时是在那个 buildbot 上跑构建，就是构建失败，我找了一下，但是我想就是在那个 buildbot 上最好能有一个 interactive 的，就我能像在终端里我手动敲命令一样，我可以人为的去测试，然后看一下它中间到底是什么样子，再修改那个测试。但是 buildbot 我找不到我要怎么就进那个交互式的模式，也可能根本就没有。然后这个问题我解决不了。然后当时是有个 core dev 说他去找那个 buildbot 的 owner，然后问他要 SSH 的权限，然后他去调试。 laike9m: 等一下，我有一个疑问，就是为什么你这个 PR 感觉大家都很 helpful? 因为你知道一般的 CPython PR 就是你提了之后，可能很长时间都没有人理。这点你是怎么看的？就是感觉大家都会去帮你去 debug 或者帮你写些代码，这个是自然的吗？还是说他们本来就对这个很有兴趣还是怎么样？ Manjusaka: 嗯，从我的角度出发的话，我不太确定，高天老师那边可能有其他的 input, 但是就我观察来看，这个取决于 core dev 风格。不过他们整体来说，对新人是比较友好的。而且去 buildbot 里面调试这种东西的话，我觉得这个东西其实也还好，你去翻看 CPython 的 PR 其实这种事情也有不少，所以说我觉得这个相对来说还好。但是对于一些争议或者说是还在试图达成共识的过程中，那确实是比较头疼的。但是如果说是已经达成共识要去实施的一个 PR, 那我觉得相对来说会好一些。 laike9m: 明白，所以就是这种没有什么争议性的，只是实现或者一些 debug 问题就会推进的比较快，然后大家也会帮忙。 Manjusaka: 对，而且这种东西我理解主要是你添加新的 feature，而不是更改 API 的话，那这种东西就会好很多。就像我上周的时候，我当时想改 sys._enable_profile() 那个 API, 就是新增加的那个远程 debug 的接口，我想新增加在它的 audit event 里面增加一些元数据。这就牵扯到了 API 的更改以及更内部的一些细节上的更改。然后我就和三个 core dev，然后 Victor, Paul，还有哪一位，然后就 battle 了两天，然后最后 I gave up。 laike9m: 好吧，他们可能有一些 concern。 Manjusaka: 对，就这种你增加一些新的 API 之类的，就是会有一些比较 concern, 但是如果说你是实现一个全新的 feature, 大家觉得你这个 feature 不是为了实现而去实现，那这种情况下相对来说还是会比较顺利的。 laike9m: 嗯，嗯，理解。还有一点就是我知道那个 CPython 的不同模块，它其实是不同的人来维护的嘛。 Manjusaka: 啊，是的，没错。 laike9m: 就可能恰好就是 SQLite 这个维护者，他就是比较积极，比较热心，就是反应比较快，所以。 Manjusaka: 啊，是的，没错。它是比较活跃的，就是 SQLite 这种东西。我就又说到一个伤心事。在改一个东西，然后被 Mark 直接给拒了，然后我现在都还推不动，虽然大家都说有需求，但是 Mark 就觉得说这个东西没需求，然后但是就给拒了，对。 laike9m: 我知道 Mark Shannon 这个人比较固执，对，也是跟人的性格有很大关系。 Manjusaka: 对，是的，没错，跟这个看具体的开发者的问题，对。 laike9m: 对，就是其实你会发现像 Python，如果你不了解，可能会觉得 Python 是一个有一个很庞大团队去维护的这么一个精密复杂的系统，但你真正去看它里面到底是怎么实现的，或者说去提 PR 才会发现可能每一个文件它就是那么一两个人懂，然后你就是要找那一两个 stakeholder, 如果你想做一些更改的话，然后你只要能比如说说服他们，然后你就可以做你想做的。对，它相当的扁平吧。 Manjusaka: 对，我觉得主要还是怎么说服。 laike9m: OK，所以说回谭龙你这个 PR 的话，然后就你把那个 core developer 帮你把测试修好了，对吧？然后你就重新提交，这样子。 tanloong: 对的。就我感觉给 CPython 这个维护者，在这些维护者之间就是它是有一个小圈子的，然后你作为一个新人去给他们交 PR 也是一个交际的过程。就是你要积极主动一点，然后就一般新人你第一次交 PR 的时候，比较容易会被带着审视的态度去看你的工作。然后你交 PR 的时候，你最好是把你之前想到的一些可能会拒绝你 PR 的理由给解释清楚，然后你为什么这样做，然后让他们就是在他们提出问题之前就看到你的解释，这样会就是更容易沟通，然后更容易让你的 PR 更顺利一点。 Manjusaka: 嗯，对。 laike9m: 我看到你其实你之前提了一个 issue 对吧，就是你说你希望能够在 SQLite 的命令行里支持这些补全。所以你提那个 issue 的时候当时就想说自己去实现这个吗？还是说你本来期待说其他人可以去做这个？ tanloong: 是的，我是准备自己实现的。因为 Python 的 dev guide 里面写，如果你想交一个 PR，你应该先写一个 issue, 除非你交的 PR 是 typo fix。所以我就是先写的那个 issue，然后就紧接着交了 PR。当然那个 issue 题目写得有点大了，我那个 PR 只做了关键字的补全，但是 issue 是所有的补全。比如说你以后也许还会需要补全你的那个 SQLite 里面的表名，还有列名，还有函数名，这些目前还不支持。 Manjusaka: 明白。 laike9m: 所以你未来打算就是继续在这方面做一些事情吗？还是说就先到此为止？ tanloong: 也许会吧。但是这个刚才说的表名、列名、函数名，我目前还没有想到就是要怎么才能实现它。我看到就是 Python 的 PyPI 上有一个第三方的 SQLite 的命令行是支持表名、列名、函数名的，而且它是 context-sensitive，就是它会检测你当前是不是需要输入一个表名或者列名，比如说你是在 SELECT 后面，那它就会给你补全列名。就像这种就是非常智能的补全，我还没有想到就是怎么在 CPython 里支持，也许没有那个能力去支持它，总之就是还不确定。 laike9m: 明白。对，那个可能要就是回溯一下，不光得去做一个前缀匹配，对，会更复杂一点感觉。但我觉得是一个好的开始吧，就是你有一个这种框架，就会有更多人去加更多的 feature 进去。也许未来就会有。 tanloong: 是的，确实。就那个关键字的 PR 合进去之后，过了几天，有另一位 contributor 交了一个 dot commands completion 的 PR, 现在给加了那个 dot commands 的补全。目前 Python 的 SQLite 的命令行就有三个 dot commands，就是 .help, .version, .exit。.exit 还是 .quit 就来着，总之是推出的那个 .command。然后那个 PR 现在正是就是刚刚建不久，然后还没有 core dev 留言，但是它实现的有一点简单，就是有一些问题，但是应该后面会就是慢慢给修上，然后给合进去。 laike9m: 其实你可以去那个 review，因为你比较熟，你是最熟的其实。 tanloong: 是，我还真给看了一下，然后写了两个评论。但是写的第一个评论就是那位交 PR 的人，他觉得没有必要，就是他持反对意见。然后第二个评论，那位交 PR 的人还没有回复，然后其他人也没有回复。 laike9m: 嗯，我觉得挺好，就是因为我知道就是如果你比如说在一些 issue 里面回复的比较多，然后就会被那个提拔成 triager 的权限，对吧？然后其实这个是 core dev 之前的一步。 tanloong: 对，确实。然后我看就是交那个 dot command completion PR 的那个人，他的评论比较多，一般 CPython 有什么新的 issue，他都会先跑到底下去评论，然后有时候评论这个 issue 和之前的某个 issue 有联系。就像这种之类的，或者有人交 PR，然后他会去给 review。但是我还没有太多追踪 CPython 的那些 issue 和 PR，然后没有评论多少，就主要是我自己参与的那些 issue 跟 PR。 laike9m: 对，我觉得每个人有不同的风格吧，也不用一定去迫使自己要怎么样之类的。像高天那种，就是从 PDB 模块开始，然后把 PDB 弄得特别熟，然后通过成为 PDB 的维护者，然后来成为 core dev，这个路径也挺好的。我觉得可能更实际一点吧，因为我觉得你要去就是对于一些每一个 change 做一些评论，这个还挺难的。 tanloong: 确实从一个单独的模块开始做，你确实你的那个在 CPython 社区里面的成长会更容易一点。因为你是这个模块的专家，然后别人有什么问题就只能来找你。但是我也觉得这个也挺难的。天哥是从一个完全的 CPython 的陌生人，然后进入到 CPython 一点点做贡献，最后成为 core dev。就像你从一个外人进一家公司，然后慢慢走到管理层，都是非常难的步骤，你要获得信任，然后你做的每一个工作你都要给解释清楚，然后让别人就是认为你是可以承担更重要的角色。我觉得这也是非常难的一个过程。 laike9m: 嗯，是的是的。对，其实说回来就是那个，像给 CPython 做贡献不光是一个技术面上的事情，它还有很多这种交流，对吧？然后尤其是当你和这些外国人交流，你不是用你的母语，然后他们的一些交流的习惯可能也不太一样，所以这个方面也会有一些壁垒吧？就是谭龙，因为你是英文专业，所以这方面你觉得说你的本科教育有帮到你吗？ tanloong: 我觉得是有的。如果我没有选英语专业，我应该还停留在高中的那个状态，就是虽然当时英文成绩还可以，但是如果让我看一个全英文的网站，我是心里发怵的，我是心里有那个牴触的心理。但是大学接触英语比较多，然后主要是你抵触心理没有了，然后你愿意去哪怕接受自己写出来的英语没有那么完美，哪怕也不像母语，也不够 native-like, 你也可以接受自己写出来的这些句子，然后去交流。因为你只要能把意思给表达清楚，让对方看懂就可以。其实你放下这个心理负担，你会发现写英语还是没有那么难的。 laike9m: 是的，是的，同意，对。 Manjusaka: 我现在是有一个做简单的 workflow, 然后我会交给 AI 来帮我润色，然后扩展一下我单纯的观点。对，我觉得这是 AI 的一个很好的使用场景。 laike9m: 你用的是哪个工具呢？还是就是手动复制？ Manjusaka: 我是直接在 Claude AI 上面给他固定了一组 prompt。 laike9m: 明白，明白。 Manjusaka: 我觉得这就是这一块东西很好用的方式，特别是在我跟他们长篇大论地 battle 的时候，还是挺好用的。 laike9m: 帮我写一个回复去反驳这个人。 Manjusaka: 对，我一般是 prompt 就是说是我引用的那一段，然后我首先给他一个正面的肯定，然后其次列出我对他的观点，一 ABC，然后对，然后就这样。 laike9m: 你写 prompt 的时候是拿中文写吗？ Manjusaka: 我拿中文写。 laike9m: 嗯，OK，这样表意更准确一些。 Manjusaka: 对对对，你可以看我群里发的那个 issue，然后那个就是很多大段的，就是我是用 AI 生成出来的。 laike9m: 我想到之前在推特上看到一个段子，就是说在 AI coding 的时代，以前不都是什么 “Talk is cheap, show me the code” 吗？现在是 “Code is cheap, show me the talk”。 Manjusaka: 确实。Code is cheap, show me the talk. laike9m: 一个哥们他在他的 GitHub repo 里面就是把所有的他的那个跟 AI 的聊天记录全都传上去了。这个就是挺好玩的。 Manjusaka: 挺好玩的，挺好玩的。 laike9m: 对，像谭龙，我觉得你之前本来要在 C 模块里面写死 keyword 的时候，你也是用 AI 生成的，虽然后来发现那个路径是不对的，但是至少这方面 AI 的助力还是挺大的。 tanloong: 确实，如果我当时在紧接着问 AI 怎么不要硬编码，然后整个动态生成的话，也许我当时就能直接把动态生成的代码给交进去了，而不是让另一位 core dev 帮忙给写。嗯。 Manjusaka: 是的。 laike9m: 所以就是你对于这个给 CPython 第一次做贡献的这个流程，你有什么其他的一些感受吗？就是我们刚才还没有聊到的，你想分享的。 tanloong: 我没有了。 laike9m: 哦，行，那也没关系，好。我们也是觉得给 CPython 做贡献的人越多越好，然后可能也是能够给听众们一个激励吧。然后感觉这期其实录的挺快的，然后不知道有没有什么你想推荐的东西，就是如果你听我们之前节目的话，你应该知道有这个环节，对吧？ tanloong: 我推荐一个网站是跟量化金融有关的，算是一个给入门的学习者的一个索引吧。那个网站叫 QuantWiki。是量化金融中文百科，然后里面有一些就是量化金融相关的入门的概念，还有一些前沿的证券公司发的研究报告，还收录了其他的类似的 Python Data Training 这方面的 GitHub 的 repo 的链接。如果是这方面像我这样的刚入门的学习者的话，可以就是了解一下。 laike9m: 我看了一下，这个写的还挺好的，就是他把各种概念和一些工具都列出来了，对。嗯，我们之前也请过大伟来聊，就是他开发了一些交易相关的工具，所以其实这方面 Python 应用也是挺多的，对。 Manjusaka: 哎，反正我觉得给 Python 做贡献，就觉得还是希望像谭龙这样的人越来越多。是的，是的。对，而且现在他们就感觉是整体都非常缺人的感觉。 laike9m: 哪个看上去像不缺人？ Manjusaka: 嗯，这倒也是，确实。反正就之前我给 Brandon 和 Ken Jin 然后请教问题的时候他们都表示很新奇，我操居然还有 Freshman 对我们现在做的这块感兴趣。对，居然还有新人对我们感兴趣？Freshman，哦 Freshman。啊对，反正我觉得从他们视野来看，就整体的很多的地方都会很缺人。 laike9m: 嗯，是的是的，尤其是像你做的那些 debugging 啊，然后 tracing 的一些东西，我觉得懂的人真的很少。 Manjusaka: 我觉得就没人管的状态。而且就我现在对他们的 tracing 的部分有很大的怨言，就主要是 Mark 上面说... 哎，我后面会试着再推一推，但是就哎，随缘吧。 laike9m: 嗯，行。好的。Manjusaka 你有没有什么想推荐的东西。 Manjusaka: 我推荐一部番吧，《阳光马达棒球场！》，非常很不错的一部番，我推荐大家去看看。然后可能国内有很多朋友对于传统的国外的可能说足球或者其他也好，这种体育文化他并不清楚，这种体育文化到底应该是怎么样的，它是怎么样遍布在人的日常生活中的，然后有些人不清楚，那么我建议大家可以去看一下，然后挺治愈的一部番。 laike9m: 嗯，好的好的。啊，我先不推荐了吧，以后再说吧。对，我最近在看一些书，但是还没有看完，所以，对。好，其实我们这期是比较短的一期，然后但是也希望听众们可以从中学到一些东西，然后如果要记住一点的话，就是可能给 CPython 做贡献也没有那么难。对，好，我们这期就到此结束，然后各位听众我们就下期再见，大家拜拜。 众人: 拜拜。

Joel and Aaron explain why every project should start in the client's own GitHub organization—even when the client has never heard of Git. They share scripts, onboarding tips, and war-stories that show how small setup shortcuts turn into big headaches later. You'll learn a repeatable way to protect both your reputation and your client's code base.(00:00) - Intro & episode setup (01:15) - Create the repo in their org (02:15) - Quick hack versus right process (03:30) - Project-setup technical-debt risks (05:00) - Declaring non-negotiables to clients (06:45) - Docs that survive “hit-by-bus” events (08:00) - Solo-dev reputation boosters (08:45) - Silly bit Want to level up your skills as a Laravel developer?

Sami talks with Henrique Cardoso about his unified commerce platform BSPK (https://www.bspk.com) and the challenges of organising a large scale developer conference. Henrique talks in depth about the bespoke nature of BSPK and how it differs from other CRM tools, how they went about unifying all the major commerce platforms to fit under one platform, as well as the hurdles he faced when tasked with re-engaging a community of developers with his upcoming conference Euroko 2025. — Check out BSPK (https://www.bspk.com) to find how it can enhance and personalise your business to deliver the best possible experience for you and your customers. If you're a developer based in Europe consider checking out Euruko 2025 (2025.euruko.org/) to connect and meet with other Ruby devs this September! You can connect with Henrique Cardoso through his socials on X or LinkedIn, or get in touch with him directly via email - organisers@euruko.org Your host for this episode has been Sami Birnbaum. Sami can be found through his website (https://samibirnbaum.com) or via LinkedIn (https://www.linkedin.com/in/samibirnbaum/). If you would like to support the show, head over to our GitHub page (https://github.com/sponsors/thoughtbot), or check out our website (https://podcast.thoughtbot.com). Got a question or comment about the show? Why not write to our hosts: hosts@giantrobots.fm This has been a thoughtbot (https://thoughtbot.com/) podcast. Stay up to date by following us on social media - LinkedIn (https://www.linkedin.com/company/150727/) - Mastodon (https://thoughtbot.social/@thoughtbot) - YouTube (https://www.youtube.com/thoughtbotvideo) - Bluesky (https://bsky.app/profile/thoughtbot.com) © 2025 thoughtbot, inc.

We welcome Freya Holmér back into the clubhouse to talk about 3D game development for independent game developers. We get into the specifics of the tools available for devs and why they work and don't work for different teams, but it's mostly an excuse to talk about Freya's new 3D modeling software.Half-Edge - Freya HolmérShader Forge - Freya Holmér, GitHubShapes - Freya Holmér, Unity Asset Store3D Workflows for Indie DevsGame DesignToolsUI / UXValve Hammer Editor - Valve Developer CommunityPicoCAD - Johan Peitz, itch.ioTrenchBroom - GitHubCrocotile 3DWhat's the difference between OBJ and FBX? And when to you what - RedditFreya HolmérGuestFreya Holmér is game developer, co-founder of Neat Corporation (makers of VR stealth game Budget Cuts), and creator of developer tools including Shader Forge and Shapes. She spends a significant amount of time interacting with people on her gamedev Twitch stream.External linkFreya on TwitchFreya on Twitter @FreyaHolmerFreya on YouTubeFreya on Instagram @freya_holmerNeat Corporation's WebsiteNeat Corp on Twitter @neatcorpBudget Cuts on SteamBudget Cuts on OcculusShader Forge on GitHub

Joël continues his preparations for the last RailsConf as he talks with Matheus about how to make the most of your time at the conference. Hear their tips to connect and communicate with other attendees, the different ways to take notes at the various talks you can attend, what to do when your discussions have a lull, as well as how to draw inspiration from others talks and using it to your advantage. — Don't miss out on the final RailsConf (https://railsconf.org/) which takes place July 8th - July 10th in Philadelphia, PA! Thanks to our sponsors for this episode Judoscale - Autoscale the Right Way (https://judoscale.com/bikeshed) (check the link for your free gift!), and Scout Monitoring (https://www.scoutapm.com/). You can connect with Matheus via LinkedIn (https://www.linkedin.com/in/matheus-richard/), or check out some of the topics he's written about over on his thoughtbot blog (https://thoughtbot.com/blog/authors/matheus-richard). Your host for this episode has been Joël Quenneville (https://www.linkedin.com/in/joel-quenneville-96b18b58/). If you would like to support the show, head over to our GitHub page (https://github.com/sponsors/thoughtbot), or check out our website (https://bikeshed.thoughtbot.com). Got a question or comment about the show? Why not write to our hosts: hosts@bikeshed.fm This has been a thoughtbot (https://thoughtbot.com/) podcast. Stay up to date by following us on social media - YouTube (https://www.youtube.com/@thoughtbot/streams) - LinkedIn (https://www.linkedin.com/company/150727/) - Mastodon (https://thoughtbot.social/@thoughtbot) - BlueSky (https://bsky.app/profile/thoughtbot.com) © 2025 thoughtbot, inc.

For years, the conversation around remote work has been stuck in binary debates. Home vs. office? Productivity vs. flexibility? Control vs. chaos? But what if we zoomed out and asked a better question: What kind of future is possible if people could actually work from anywhere? This week, Rodney and Sam sit down with Raj Choudhury (Harvard Business School professor and author of The World Is Your Office) to explore what happens when companies stop fixating on location and start designing for freedom, trust, and real human needs. From engineering serendipity to reimagining hybrid models, they unpack how truly distributed work changes everything: how we meet, how we lead, how we grow talent, and how we build a more equitable future. Learn more about Raj and his work by following him on LinkedIn and reading his new book: The World Is Your Office: How Work from Anywhere Boosts Talent, Productivity and Innovation. -------------------------------- Let's work together: ⁠⁠https://www.theready.com/working-together⁠⁠ Get our newsletter: ⁠⁠Sign up here⁠⁠⁠⁠. Follow us: ⁠⁠⁠⁠LinkedIn⁠⁠⁠⁠ ⁠⁠⁠⁠Instagram⁠⁠⁠⁠ -------------------------------- Mentioned References: US Patent Office study TEAPP (Telework Enhancement Act Pilot Program) Sid Sijbrandij and GitHub episode: BNW Ep. 35 Darren Murph The Allen curve homophily Tulsa Remote Zapier and "Wade Bot" algorithm aversion 00:00 Intro + Check-In: What's your favorite aspect of being able to work from anywhere? 03:49 Central focus: How do organizations access distant talent? 08:20 How work from anywhere is different from work from home 11:08 Rethinking in-person days 19:23 The data doesn't support RTO mandates 24:13 Dispelling productivity concerns 27:15 Unlocking digital twins in the workplace 34:05 Small towns being competitive for talent 38:04 AI's role in work from anywhere 45:09 Where to look ahead for the next 5 years 47:10 Wrap up: Leave us a review and share this show with a coworker! Sound engineering and design by Taylor Marvin of ⁠⁠⁠⁠⁠Coupe Studios⁠⁠⁠⁠⁠.