Podcasts about GitLab

This week on The Business of Open Source, I spoke with Nick Veenhof, Director of Contributor Success at GitLab. GitLab has probably the most well-articulated open source strategy out there, and we talked about the two main prongs of that strategy, the co-create strategy and the dual flywheel strategy. We also talked about incentivizing individuals versus incentivizing companies and how to build recognition system as part of the way to encourage people to contribute. We also talked about how to make sure that contributing is accessible — thinking about the “time to success” for contributors in a similar way as how you would think about time to value for software users. The dual flywheel strategy This strategy is based on the idea that as an open source company you want to simultaneously push growth in your open source user base and your customer base, and that the two should reinforce each other.  The co-create strategyThe co-create strategy involves encouraging paying customers to contribute to the open source project. In other words, customers who are already paying are encouraged to also invest engineering resources to improve the product. Nick said that this has obvious benefits for GitLab, but it also has benefits for the customers. They end up with a much better understanding of the product, and end up getting more out of the product then they would otherwise. If you want to learn more, I highly recommend having a look at the GitLab Handbook, particularly the section on strategy. And if you want more information about working with me, check out the options here. 

Most AI in healthcare promises superintelligence—but what if that's the wrong goal entirely?In this episode, Michael and Halle speak with Othman Laraki, co-founder and CEO of Color Health, to talk about why real-world care doesn't need a perfect model—it needs a better system. Othman breaks down how Color evolved from a consumer genetics startup into a nationwide virtual cancer clinic, why most diagnostics businesses fail, and how AI can actually support clinicians without trying to replace them.We cover:

I denne uges episode ser vi nærmere på, hvordan den aktuelle geopolitiske uro mellem Israel og Iran har sendt markederne sydpå. Vi dykker også ned i de seneste AI-nyheder og yderligere markedsnyheder. Ugens tema handler om en masse nye teknologi-selskaber, der er gået på børsen – hvilke er mest lovende, og hvad er potentialet? Derudover gennemgår vi GitLabs seneste regnskab. Alt dette og meget mere! Denne episode er sponsoreret af NewDeal Invests nye webinar om teknologiaktier. Lyt med for at få vores 3 first-principals og konkrete bud på, hvordan man kan gribe det an at investere i teknologi-aktier.Link: youtube.com/watch?v=fRxwTum8qLwLæs mere om NewDeal Invest på newdealinvest.dk⁠ Denne episode er sponsoreret af Nlogic. Få skræddersyet din cybersecurity. Læs mere på Nlogic.dk. Denne episode er sponsoreret af Finobo. Få et gratis økonomitjek hos specialisterne i låneoptimering ved at bruge linket:finobo.dk/gratis-oekonomitjek-aktieuniverset/Prøv den nye omlægningsberegner på Finobo.dk/beregner-omlaegningsberegner/?utm_source=aktieuniverset Tjek os ud på:FB gruppe: ⁠facebook.com/groups/1023197861808843⁠X: ⁠x.com/aktieuniverset⁠IG: ⁠instagram.com/aktieuniversetpodcast⁠

Interpol's Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon's Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trump's antitrust policies. DNS neglect leads to AI subdomain exploits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we share a selection from today's Caveat podcast where Dave Bittner and Ben Yelin are joined by N2K's Lead Analyst, Ethan Cook, to take a Policy Deep Dive into “The art of the breakup: Trump's antitrust surge.” You can listen to the full episode here and find new episodes of Caveat in your favorite podcast app each Thursday.   Selected Reading Interpol takes down 20,000 malicious IPs and domains (Cybernews) Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts (The Record) GitLab patches high severity account takeover, missing auth issues (Bleeping Computer) SmartAttack uses smartwatches to steal data from air-gapped systems (Bleeping Computer) Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration (Beyond Machines) Researchers confirm two journalists were hacked with Paragon spyware (TechCrunch) Tracking pixels: CNIL launches public consultation on its draft recommendation (CNIL) Fog ransomware attack uses unusual mix of legitimate and open-source tools (Bleeping Computer) FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters (The Record) Erie Insurance confirms cyberattack behind business disruptions (Bleeping Computer) Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'? (404 Media)  Secure your public DNS presence from subdomain takeovers and dangling DNS exploits (Silent Push) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Donald Trump postet auf Truth Social, dass man eine Einigung mit China erreicht habe. China werde die Lieferung von Seltenen Erden wieder aufnehmen. Die US-Zölle liegen laut Trump bei nun 50%, während China im Gegenzug 10% Zölle erhebe. Die Aussage ist verwirrend, zumal die US-Zölle bei aktuell eigentlich in einer Spanne von 30% bis 40% liegen. Ferner bleibt unklar, ob und welche Tech-Exportverbote die USA aufheben werden. Was Inflation betrifft, haben wir im Mai eine überraschende Entspannung der Lage gesehen. Die FED hat im Grunde nun Raum eine vorbeugende Zinssenkung umzusetzen, zumal die meisten Mai-Wirtschaftsdaten auf weniger Wachstum deuten. Die Aktien von Tesla ziehen im Vorfeld des Launches der Robotaxis an. Außerdem zieht Elon Musk einen Teil seiner gegen Trump gerichteten Aussagen zurück. GitLab steht wegen der Aussichten unter Druck, mit den Blicken der Wall Street nun auf Oracle. Abonniere den Podcast, um keine Folge zu verpassen! ____ Folge uns, um auf dem Laufenden zu bleiben: • X: http://fal.cn/SQtwitter • LinkedIn: http://fal.cn/SQlinkedin • Instagram: http://fal.cn/SQInstagram

Donald Trump postet auf Truth Social, dass man eine Einigung mit China erreicht habe. China werde die Lieferung von Seltenen Erden wieder aufnehmen. Die US-Zölle liegen laut Trump bei nun 50%, während China im Gegenzug 10% Zölle erhebe. Die Aussage ist verwirrend, zumal die US-Zölle bei aktuell eigentlich in einer Spanne von 30% bis 40% liegen. Ferner bleibt unklar, ob und welche Tech-Exportverbote die USA aufheben werden. Was Inflation betrifft, haben wir im Mai eine überraschende Entspannung der Lage gesehen. Die FED hat im Grunde nun Raum eine vorbeugende Zinssenkung umzusetzen, zumal die meisten Mai-Wirtschaftsdaten auf weniger Wachstum deuten. Die Aktien von Tesla ziehen im Vorfeld des Launches der Robotaxis an. Außerdem zieht Elon Musk einen Teil seiner gegen Trump gerichteten Aussagen zurück. GitLab steht wegen der Aussichten unter Druck, mit den Blicken der Wall Street nun auf Oracle. Ein Podcast - featured by Handelsblatt. +++Erhalte einen exklusiven 15% Rabatt auf Saily eSIM Datentarife! Lade die Saily-App herunter und benutze den Code wallstreet beim Bezahlen: https://saily.com/wallstreet +++ +++EXKLUSIVER NordVPN Deal ➼ https://nordvpn.com/Wallstreet Jetzt risikofrei testen mit einer 30-Tage-Geld-zurück-Garantie!+++ +++ Alle Rabattcodes und Infos zu unseren Werbepartnern findet ihr hier: https://linktr.ee/wallstreet_podcast +++ Der Podcast wird vermarktet durch die Ad Alliance. Die allgemeinen Datenschutzrichtlinien der Ad Alliance finden Sie unter https://datenschutz.ad-alliance.de/podcast.html Die Ad Alliance verarbeitet im Zusammenhang mit dem Angebot die Podcasts-Daten. Wenn Sie der automatischen Übermittlung der Daten widersprechen wollen, klicken Sie hier: https://datenschutz.ad-alliance.de/podcast.html

How can a Head of Remote act as the organizational glue that holds strategy, people, and processes together? Laurel Farrer, former Head of TeamOps at GitLab and internationally renowned thought leader, explains how this pivotal role shapes the future of work.

“JJ” Jessica Reeder, a workplace innovation and culture transformation leader, shares insights from her deep experience designing communications systems, scaling multicultural teams and aligning culture with strategy. Bringing pivotal learnings from early fully-remote companies such as Toptal and GitLab, JJ explains how self-management, thorough documentation, and systematized collaboration underpin successful remote work. She describes the cultural shifts required for hybrid and distributed workforces and advocates for systems thinking and clear communication to empower modern work managers.     TAKEAWAYS   [01:24] JJ didn't know what studying linguistics would entail when she chose it but she loved it.   [02:47] Linguistics gives JJ a framework to understand the history of humanity and migration. [03:10] Living in another culture opens up her global perspective and gives her a different lens. [04:24] JJ's appreciation for engineers stems from their clarity and direct information transfer style. [05:49] JJ transitions early to working remotely focused on content and communication projects. [06:35] Noticing the growth of formal distributed work, JJ joins one of the first all remote companies.   [07:14] JJ starts building a distributed community across cultures for a global virtual developer network. [08:15] Nurturing connections among talented remote professionals requires deliberate strategies. [08:56] Remote talent feels more connected when engaged with a peer community. [09:54] JJ moves to GitLab to explore systematized connectivity and is launched into remote work consulting by the pandemic. [13:01] GitLab was designed for remote work with full documentation, tools, and systems. [14:11] Realizations they need to understand other companies' different perspectives. [16:44] Conviction in remote work but recognition that unprepared managers are challenged. [18:30] JJ highlights self-management as a cornerstone of GitLab's decentralized operating model. [19:07] Clear documentation and SOPs reduce managerial load while teaching remote processes. [20:35] Others' embrace of remote work affirms JJ's long-held belief in the global distributed workforce. [22:34] JJ studies industrial organizational psychology and joins Upwork for an applied learning experience.   [23:24] JJ helps Upwork transition from an office-based to remote-first workforce. [24:12] Engagement is often relationship based, differing between employee and freelance contributors. [25:00] Emotional connection isn't always needed; the mission can generate engagement. [26:43] JJ finds that many workers thrive as project contributors without deep social integration. [28:08] More varied distributed operational models are needed, especially for larger companies. [30:36] Distributed work effectiveness requires more than dedicated time for human connection.   [31:25] Clearly documenting and consistently applying standard operating procedures and behaviors is crucial. [32:05] Standardizing—behaviors, tools, expectations—was a major Upwork project JJ worked on. [32:47] Accessible knowledge and intentional transparency are essential and must be intentional. [34:58] The Forest Ranger book gives JJ great insights about distributed operations.   [36:19] The ‘manual' shows how philosophy, behavioral standards, transparency and documentation empower independent workers.   [37:24] To train distributed workers, companies must clarify expectations—behaviors, work, standards. [39:15] Hybrid work requires embracing a digital-first mindset even when working partially in-office. [40:54] IMMEDIATE ACTION TIP: To become digital first, one, understand time—such as core hours, two, communicate digitally—with documented processes, and three, systematize collaboration—designating how and where work is done. [41:57] Communication processes must be modeled by leadership and enforced by managers. [42:26] Systematized collaboration tools create visibility, drive cohesion, and replace physical context.     RESOURCES   “JJ” Jessica Reeder on Linkedin JJ's website The Forest Ranger book       QUOTES   “This decentralization of management. Instead of someone managing your work, there's somebody who is directing your output or directing your outcome. So understanding how to empower people to self-manage their work.”   “Collaboration is really just about trading work back and forth and doing it in a very effective way.”   “To be effective at our work, we need to have a source of motivation. We need to have proof that our work is doing something that we believe in. We do need to have some sort of a mission that we're contributing to, but we don't need to necessarily be deeply emotionally engaged.”    “Having standard operating procedures and behavioral standards is clearly documented and consistently applied throughout the organization is crucial in remote work. It is absolutely a deal breaker if you don't have people understanding how they are supposed to work.”   “One of those things where you have to decide - how transparent of an organization do we want to be. If we don't buy in on transparency, then we're going to have challenges with distributed work.”   “Becoming a digital first organization doesn't block your ability to have a functioning hybrid organization. In fact, it enhances it. It really will make your hybrid organization more powerful. It will help people to get the most out of work, whether they're in the office or not.”   “All of the things that you need to have a highly functioning team can be empowered by really embracing the digital first mentality.”   “Collaboration needs to be systematized. It needs to happen on as few disparate tools as possible.”

Follow me @samirkaji for my thoughts on the venture market, with a focus on the continued evolution of the VC landscape.Welcome to another episode of Venture Unlocked. In this episode, I had the pleasure of welcoming Villi Iltchev, founder and managing partner of Category Ventures. Villi has had a long history in tech, both in operating roles at companies like Box and Lifelock, as well as investing roles at August Capital and Two Sigma, where he departed in 2024 to launch Category Ventures.We covered a lot of ground in our conversation, including his inspiration for starting a new firm and the experiences that informed his true north. We also spoke about the fragmentation of the market and what it means to win in early-stage investing in a heavily crowded market of dedicated seed funds & larger funds who are active in see and Series A. I really enjoyed the authenticity of the conversation and hope you do as well.About Villi IltchevVilli Iltchev is the Founder and Managing Partner of Category Ventures, an early-stage venture firm focused on backing category-defining enterprise software companies. With over two decades of experience as both an operator and investor, Villi has held leadership roles at Box, LifeLock, and Salesforce, where he led investments and acquisitions in companies like HubSpot, MuleSoft, Gusto, and Zapier. As a General Partner at August Capital and later at Two Sigma Ventures, he backed standout startups like GitLab—turning a $20M investment into over $900M in returns. Originally from Bulgaria, Villi brings a global perspective and a founder-first mindset to every partnership.Category Ventures is an early-stage venture firm founded in 2024 by veteran investor Villi Iltchev, focused on backing category-defining enterprise software startups. With a $160M debut fund, the firm invests in pre-seed and seed-stage companies across infrastructure, dev tools, AI, and applications. Drawing on Iltchev's track record—including early investments in GitLab, Zapier, and Gusto—Category Ventures brings deep technical and go-to-market expertise to help founders build enduring businesses. Their approach centers on hands-on support and founder-first partnership to shape the future of enterprise software.In this episode, we discuss:* Villi's Background and Journey (1:50)* Lessons from Venture Capital Firms (5:35)* Market Fragmentation in Venture Capital (8:47)* Flexible Investment Strategy (12:24)* Challenges with Traditional VC Models (13:26)* Product Market Fit and Founder Support (17:35)* Counterpoints on Large VC Firms (21:40)* Winning in Venture Capital (24:07)* Kindness and Community (26:24)* Components of Success (30:00)* Decision-Making Process (33:21)* Intellectual Honesty in Investments (36:16)* The Role of Fresh Perspectives (40:08)* Acting on Great Ideas and Final Thoughts (42:27)I'd love to know what you took away from this conversation with Villi. Follow me @SamirKaji and give me your insights and questions with the hashtag #ventureunlocked. If you'd like to be considered as a guest or have someone you'd like to hear from (GP or LP), drop me a direct message on X. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit ventureunlocked.substack.com

The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we'd look for as signs of success. For example, are LLMs driving useful commits to overburdened open source developers? Are LLMs climbing the ranks of bug bounty platforms? In the news, more examples of prompt injection techniques against LLM features in GitLab and GitHub, the value (and tradeoffs) in rewriting code, secure design lessons from a history of iOS exploitation, checking for all the ways to root, and NIST's approach to (maybe) measuring likely exploited vulns. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-333

The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we'd look for as signs of success. For example, are LLMs driving useful commits to overburdened open source developers? Are LLMs climbing the ranks of bug bounty platforms? In the news, more examples of prompt injection techniques against LLM features in GitLab and GitHub, the value (and tradeoffs) in rewriting code, secure design lessons from a history of iOS exploitation, checking for all the ways to root, and NIST's approach to (maybe) measuring likely exploited vulns. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-333

The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we'd look for as signs of success. For example, are LLMs driving useful commits to overburdened open source developers? Are LLMs climbing the ranks of bug bounty platforms? In the news, more examples of prompt injection techniques against LLM features in GitLab and GitHub, the value (and tradeoffs) in rewriting code, secure design lessons from a history of iOS exploitation, checking for all the ways to root, and NIST's approach to (maybe) measuring likely exploited vulns. Show Notes: https://securityweekly.com/asw-333

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com GitLab has been around for ten years and has garnered a reputation for helping federal agencies ensure compliance with stringent government standards. Today, we sat down with Joel Krooswick from GitLab to discuss some top-of-mind topics for the software development community: Agentic AI and the implications of applying AI to software development. Joel Krooswick explains that Agentic AI acts as unit taskers, managing specific tasks exceptionally well, such as code creation and refactoring. He emphasizes the importance of contextual awareness and security protocols to prevent malicious attacks. In a play of words, it was suggested that "artificial" Intelligence may be replaced by "augmented" Intelligence—GitLab's role in augmenting, not replacing, developers, and the need for real-time compliance checks. They also touch on the cultural shift required to adapt to AI's advancements, ensuring human value remains central in the workforce. Joel will speak at the Gartner Security & Risk Management and AWS Public Sector Summit in the Washington, DC, area on June 10-11.

In this conversation, Dr. Chase Cunningham and Omer from Legit Security discuss a significant vulnerability discovered in GitLab Duo, an AI assistant integrated into GitLab. They explore how prompt injection techniques can be exploited to manipulate the AI into leaking sensitive source code and other confidential information. The discussion highlights the implications of AI context in security, the responsibility of companies to manage these risks, and the evolving landscape of AI-related attacks. Omer emphasizes the need for vigilance as new attack vectors emerge, making it clear that while GitLab has patched the vulnerability, the potential for future exploits remains.TakeawaysGitLab Duo is an AI assistant that helps manage code and projects.A vulnerability was found that allows for prompt injection attacks.Prompt injections can manipulate AI to leak sensitive information.The context used by AI can be exploited against it.Companies must take responsibility for AI outputs.GitLab has patched the vulnerability but risks remain.New prompt injection techniques are constantly emerging.AI systems are not truly intelligent; they follow programmed responses.The relationship between AI and security is evolving rapidly.Future attacks will likely focus on contextual vulnerabilities.

SVG Steganography Steganography is not only limited to pixel-based images but can be used to embed messages into vector-based formats like SVG. https://isc.sans.edu/diary/SVG%20Steganography/31978 Fortinet Vulnerability Details CVE-2025-32756 Horizon3.ai shows how it was able to find the vulnerability in Fortinet s products, and how to possibly exploit this issue. The vulnerability is already being exploited in the wild and was patched May 13th https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/ Remote Prompt Injection in GitLab Duo Leads to Source Code Theft An attacker may leave instructions (prompts) for GitLab Duo embedded in the source code. This could be used to exfiltrate source code and secrets or to inject malicious code into an application. https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo

In Hongkong gibt es mit Batteriehersteller CATL den bisher größten Börsegang des Jahres. Robert und Rüdiger analysieren den IPO.Erwähnte Titel: CATL, Pierer Mobility, Walmart, Ryanair, Coupang, GitLab, Meta, TeslaAlle Folgen finden Sie auch auf KURIER.at und kronehit.at.Weitere Podcasts finden Sie unter KURIER.at/podcasts Hosted on Acast. See acast.com/privacy for more information.

Welchen Wert haben GitHub-Stars?GitHub selbst ist ein Social Network für Entwickler*innen. Ob du es wahrhaben willst oder nicht. Man interagiert miteinander, kann sich gegenseitig folgen und Likes werden in Form von Stars ausgedrückt. Das bringt mich zu der Frage: Welchen Wert haben eigentlich GitHub Stars? Denn Fraud in Social Networks, wie das Kaufen von Followern, ist so alt wie die Existenz solcher Plattformen.Wie sieht es also auf GitHub damit aus? In dieser Episode schauen wir uns eine wissenschaftliche Untersuchung zum Thema Fake Stars auf GitHub an. Was sind GitHub-Stars wert? Aus welcher Motivation heraus kaufen sich Leute eigentlich GitHub Stars? Welche Herausforderungen gibt es, Fake Stars zu erkennen? Wie werden GitHub Stars eigentlich genutzt?Aber bei der wissenschaftlichen Untersuchung bleibt es nicht. Wir haben die Community gefragt, welche Bedeutung GitHub Stars für sie haben, ob Stars ein guter Indikator für die Qualität eines Projekts sind, wie diese Entscheidungen beeinflussen und nach welchen Kriterien die Community Stars vergibt.Zwei kleine Sneak-Peaks:Einen GitHub Star kannst du auf dem Schwarzmarkt bereits für $0.10 kaufenDas Kaufen von GitHub Stars beeinflusst das organische Stars-Wachstum von Repositories innerhalb der ersten zwei Monate. Danach flacht es ab.Du willst mehr davon? Dann schalte jetzt ein.Bonus: GitHub als Social Network für Entwickler.Ein Dank an unsere Community-Mitglieder:Dario TignerSchepp Christian Schäfer Philipp WolframMoritz KaiserStefan BrandtSimon BrüggenMelanie PatrickMaxi KurzawskiStefan BetheTim GlabischHolger Große-PlankermannMirjam ZiselsbergerSimon LegnerUnsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:

Description: Learn how you can use the all new Amazon Q Developer integration with GitLab Duo to automate code generation and review, plus even more updates from AWS. 00:00:00 - Intro, 00:00:28 - SWE Holly Bench, 00:04:31 - Analytics, 00:06:49 - Application Integration, 00:07:14 - Artificial Intelligence, 00:08:53 - Amazon Bedrock Data Automation, 00:14:11 - AWS Health Omex, 00:14:21 - Compute, 00:16:37 - Contact Centers, 00:17:25 - Containers, 00:17:46 - Databases, 00:18:18 - Front end Web and Mobile, 00:18:59 - Management and Governance, 00:20:07 - Migration and Transfer, 00:20:17 - Networking and Content Delivery, 00:20:44 - Security Identity End Compliance, 00:23:24 - Serverless, 00:24:01 - Storage, 00:24:41 - Wrap up Shownotes: https://d29iemol7wxagg.cloudfront.net/719ExtendedShownotes.html

(04:07) Brought to you by Swimm.io.⁠⁠⁠⁠⁠⁠Start modernizing your mainframe faster with ⁠Swimm⁠.Understand the what, why, and how of your mainframe code.Use AI to uncover critical code insights for seamless migration, refactoring, or system replacement.Are too many meetings killing your productivity and making your team less effective?Discover a new approach to work where meetings are no longer the default and deep work takes the center stage.In this episode, Sumeet Moghe, the author of the “Async-First Playbook”, shares actionable insights on building high-performing teams through async-first approach.Key topics discussed:The real reasons behind the return-to-office trend, and why remote and async work are far from deadHow async-first companies like GitLab, Shopify, and Automattic operate, and why it's not an all-or-nothing approachSurprising survey findings: Why most people want to work remotely, and how meetings and interruptions are damaging productivityThe async-first mindset: Making meetings the last resort, prioritizing written communication, and defining reasonable response lagsThe ConveRel Quadrants: A framework for deciding when to meet based on relationship strength and meeting purposeInclusion as a first-class responsibility: How async work empowers introverts, non-native speakers, parents, and diverse team membersThe “default to action” principle: How teams can move faster by embracing reversible decisions and reducing bottlenecksAsync-first leadership: Building trust, modeling the right behaviors, and creating systems that replace performative busynessPractical tips for better business writing and reading, plus how AI tools can supercharge your communicationThe future of work: Why top talent will continue to demand autonomy, and how AI and fractional work are shaping new collaboration modelsTune in to discover how to build high-performing, effective and inclusive teams with fewer meetings by adopting async-first.  Timestamps:(02:19) Career Turning Points(06:21) The Return to Office Trend(11:36) Companies Embracing Async-First(13:20) People's Working Style Preference(17:37) What is Async-First?(21:39) Team Handbook and Ways of Working(23:24) The ConveRel Quadrants(27:41) Inclusion as a First-Class Responsibility(32:14) Defaulting to Action(35:50) Async-First Leadership(40:38) Being Good in Written Communication(44:35) AI Usage in Written Communication(46:17) Time to Read and Reading Comprehension(51:14) The Future of Work(58:33) 3 Tech Lead Wisdom_____Sumeet Moghe's BioSumeet Gayathri Moghe is an Agile enthusiast, product manager, and design nerd at Thoughtworks. Sumeet has recently authored The Async-First Playbook. His practical recommendations for effective collaboration within remote and distributed teams stand for what he's learned from his colleagues, their successes, and their occasional misadventures.Sumeet kicked off “The async-first manifesto” , a set of principles he is co-creating with volunteer enthusiasts from around the world. He is also bringing async-work to life with stories of “Humans of remote work” .Follow Sumeet:LinkedIn – linkedin.com/in/sumeetmogheWebsite – asyncagile.org

In this week's episode of The Future of Security Operations podcast, Thomas is joined by Josh Lemos, CISO at GitLab. Throughout his 15-year career in security, Josh has led teams at ServiceNow, Cylance, and Square. Known for his expertise in AI-driven security strategies, Josh is also a board member with HiddenLayer. He drives innovation at GitLab with a relentless focus on offensive security, identity management, and automation. In this episode: [02:05] His early career path from mechanic to electrical engineer to security leader [03:35] Josh's philosophy on hiring and mentoring, plus his tips for creating networking opportunities [05:30] How he applies technical foundations from his practitioner days to his work as CISO [07:40] Building product security at ServiceNow from the ground up [10:40] “Down and in” versus “up and out” - adopting a new leadership style as CISO at Square [12:17] Josh's experience as an early AI and security researcher at Cylance [16:15] What's surprised Josh most about the evolution of AI [18:50] Why Josh calls today's models “AI version 1.0” - and what he thinks it will take to upgrade to version 2.0 [22:45] The LLM security threats Josh is most worried about, as a board member with Hidden Layer [26:30] “Expressing exponential value” - what excited Josh most about becoming CISO at GitLab [27:45] Why GitLab prioritizes “intentional transparency” [32:45] How GitLab automates and orchestrates its Tier 1 and Tier 2 security processes [34:10] How GitLab's security team uses GitLab internally [37:35] The secret to recruiting, hiring, and managing a remote, global team [39:45] The importance of in-person collaboration for building trust and connection [41:45] Downsizing, bootstrapping, and problem-solving: Josh's predictions for the future of SecOps [46:10] Connect with Josh Where to find Josh: LinkedIn GitLab Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: GitLab's Security Handbook GitLab's GUARD Framework Netskope's security blog Jobs at GitLab Haroon Meer

In this episode, we sit down with Victor Nagy of GitLab to discuss his role and GitLab's initiatives. Victor details the transition from using a custom solution to integrating Flux for smoother application deployment. Victor also talks about GitLab's commitment to the open source community, contributions to Flux, and becoming a potential maintainer. We also touch on what makes developer tools great, developer experience, and developments in AI and security, highlighting the rapid pace of innovation in these fields. 00:00 Introduction and Guest Introduction 00:36 Key Open Source Projects: Flux and GitLab 01:17 Choosing Flux 03:42 Community Contributions and Future Plans 05:35 Deployment and Product Management 12:31 GitLab's Comprehensive Platform and Differentiators 18:38 Security and AI 19:43 Conclusion and Final Thoughts

Hoy, las oficinas físicas ya no definen dónde ni cómo generamos impacto. La nueva normalidad laboral está marcada por la autonomía, la confianza y la capacidad de tomar decisiones desde cualquier lugar del mundo. Pero este cambio también implica nuevos retos: desde cómo liderar equipos descentralizados hasta cómo protegernos en un entorno cada vez más digital y vulnerable.En este episodio, conversamos con dos líderes que están impulsando esta transformación desde diferentes perspectivas como Vincent Huguet, fundador y CEO de Malt, una de las plataformas más relevantes del trabajo freelance en Europa, con más de 500,000 freelancers registrados y 40,000 empresas clientes. Su visión: devolverle al talento la libertad de construir su carrera bajo sus propios términos. Y también Julián Garrido, CEO de MNEMO (hoy parte de Accenture) y referente en ciberseguridad, con una carrera que abarca firmas globales como McAfee y Cisco LATAM. Su experiencia ofrece una mirada estratégica sobre cómo proteger a las personas y organizaciones en esta nueva era del trabajo.Juntos, exploramos temas clave como: La evolución del trabajo independiente y las plataformas que están impulsando este modelo. Desde plataformas que impulsan la libertad profesional, hasta los desafíos invisibles de un entorno cada vez más digital e hiperconectado… Este episodio es una mirada honesta al presente y futuro del trabajo.. Conecta con nuestros invitados: : -Conecta con Roger Alarcón en: https://www.linkedin.com/in/roger-alarcon/ -Conecta con Vincent Huguet en: https://www.linkedin.com/in/vincenthuguet/ -Conecta con Julian Garrido en: https://www.linkedin.com/in/julian-garridomexico/ Escucha las entrevistas completas en: -Roger Alarcón : Short 2: GitLab y el trabajo remoto. https://open.spotify.com/episode/2qPLiCUcJpzn8SMM4IlOj4?si=_9iJ6aeMTpeqzHY56rf2cw  -Vincent Huguet : Backside 3: Del futuro del trabajo y contracultura. https://open.spotify.com/episode/4aGa0Gr2SGOZCGBPP4dLGx?si=AGSJpZXlQuWh1KH2RXSghQ -Julian Garrido: Backside 27: Ciberseguridad ¿Cuáles son las cosas que no puedes perder? https://open.spotify.com/episode/06eTHCRXLcA0RtbUrMLURv?si=89PvuWSSQSm2hNSTylSugQ ¡No te pierdas nuestras miniseries semanales  para conocer más acerca de todo eso que acerca a generar riqueza y abundancia en todos los ámbitos de tu vida! Suscríbete a nuestro canal en SpotifyVe la entrevista completa en YouTubeSigue negocioscool en todas nuestras redes Conecta con nosotros a través de LinkedIn

In this episode, Jenna Barron speaks with Emilio Salvador, vice president of strategy and developer relations at GitLab, about AI agents in software development. Key talking points include: How AI agents compare to traditional forms of automation in the software development processChallenges teams may face when implementing agentsThe impact AI agents will have on the role of software developers

Topics covered in this episode: Git Town solves the problem that using the Git CLI correctly PEP 751 – A file format to record Python dependencies for installation reproducibility git-who and watchgha Share Python Scripts Like a Pro: uv and PEP 723 for Easy Deployment Extras Joke Watch on YouTube About the show Sponsored by Posit Package Manager: pythonbytes.fm/ppm Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Git Town solves the problem that using the Git CLI correctly Git Town is a reusable implementation of Git workflows for common usage scenarios like contributing to a centralized code repository on platforms like GitHub, GitLab, or Gitea. Think of Git Town as your Bash scripts for Git, but fully engineered with rock-solid support for many use cases, edge cases, and error conditions. Keep using Git the way you do now, but with extra commands to create various branch types, keep them in sync, compress, review, and ship them efficiently. Basic workflow Commands to create, work on, and ship features. git town hack - create a new feature branch git town sync - update the current branch with all ongoing changes git town switch - switch between branches visually git town propose - propose to ship a branch git town ship - deliver a completed feature branch Additional workflow commands Commands to deal with edge cases. git town delete - delete a feature branch git town rename - rename a branch git town repo - view the Git repository in the browser Brian #2: PEP 751 – A file format to record Python dependencies for installation reproducibility Accepted From Brett Cannon “PEP 751 has been accepted! This means Python now has a lock file standard that can act as an export target for tools that can create some sort of lock file. And for some tools the format can act as their primary lock file format as well instead of some proprietary format.” File name: pylock.toml or at least something that starts with pylock and ends with .toml It's exciting to see the start of a standardized lock file Michael #3: git-who and watchgha git-who is a command-line tool for answering that eternal question: Who wrote this code?! Unlike git blame, which can tell you who wrote a line of code, git-who tells you the people responsible for entire components or subsystems in a codebase. You can think of git-who sort of like git blame but for file trees rather than individual files. And watchgha - Live display of current GitHub action runs by Ned Batchelder Brian #4: Share Python Scripts Like a Pro: uv and PEP 723 for Easy Deployment Dave Johnson Nice full tutorial discussing single file Python scripts using uv with external dependencies Starting with a script with dependencies. Using uv add --script [HTML_REMOVED] [HTML_REMOVED] to add a /// script block to the top Using uv run Adding #!/usr/bin/env -S uv run --script shebang Even some Windows advice Extras Brian: April 1 pranks done well BREAKING: Guido van Rossum Returns as Python's BDFL including Brett Cannon noted as “Famous Python Quotationist” Guido taking credit for “I came for the language but I stayed for the community” which was from Brett then Brett's title of “Famous Python Quotationist” is crossed out. Barry Warsaw asking Guido about releasing Python 2.8 Barry is the FLUFL, “Friendly Language Uncle For Life “ Mariatta can't get Guido to respond in chat until she addresses him as “my lord”. “… becoming one with whitespace.” “Indentation is Enlightenment” Upcoming new keyword: maybe Like “if” but more Pythonic as in Maybe: print("Python The Documentary - Coming This Summer!") I'm really hoping there is a documentary April 1 pranks done poorly Note: pytest-repeat works fine with Python 3.14, and never had any problems If you have to explain the joke, maybe it's not funny. The explanation pi, an irrational number, as in it cannot be expressed by a ratio of two integers, starts with 3.14159 and then keeps going, and never repeats. Python 3.14 is in alpha and people could be testing with it for packages Test & Code is doing a series on pytest plugins pytest-repeat is a pytest plugin, and it happened to not have any tests for 3.14 yet. Now the “joke”. I pretended that I had tried pytest-repeat with Python 3.14 and it didn't work. Test & Code: Python 3.14 won't repeat with pytest-repeat Thus, Python 3.14 won't repeat. Also I mentioned that there was no “rational” explanation. And pi is an irrational number. Michael: pysqlscribe v0.5.0 has the “parse create scripts” feature I suggested! Markdown follow up Prettier to format Markdown via Hugo Been using mdformat on some upcoming projects including the almost done Talk Python in Production book. Command I like is mdformat --number --wrap no ./ uv tool install --with is indeed the pipx inject equivalent, but requires multiple --with's: pipx inject mdformat mdformat-gfm mdformat-frontmatter mdformat-footnote mdformat-gfm-alerts uv tool install mdformat --with mdformat-gfm --with mdformat-frontmatter --with mdformat-footnote --with mdformat-gfm-alerts uv follow up From James Falcon As a fellow uv enthusiast, I was still holding out for a use case that uv hasn't solved. However, after last week's episode, you guys finally convinced me to switch over fully, so I figured I'd explain the use case and how I'm working around uv's limitations. I maintain a python library supported across multiple python versions and occasionally need to deal with bugs specific to a python version. Because of that, I have multiple virtualenvs for one project. E.g., mylib38 (for python 3.8), mylib313 (for python 3.13), etc. I don't want a bunch of .venv directories littering my project dir. For this, pyenv was fantastic. You could create the venv with pyenv virtualenv 3.13.2 mylib313, then either activate the venv with pyenv activate mylib313 and create a .python-version file containing mylib313 so I never had to manually activate the env I want to use by default on that project. uv doesn't have a great solution for this use case, but I switched to a workflow that works well enough for me: Define my own central location for venvs. For me that's ~/v Create venvs with something like uv venv --python 3.13 ~/v/mylib313 Add a simple function to my bashrc: `workon() { source ~/v/$1/bin/activate } so now I can run workon mylib313orworkon mylib38when I need to work in a specific environment. uv's.python-version` support works much differently than pyenv's, and that lack of support is my biggest frustration with this approach, but I am willing to live without it. Do you Firefox but not Zen? You can now make pure Firefox more like Zen's / Arc's layout. Joke: So here it will stay See the follow up thread too! Also: Guido as Lord Python via Nick Muoh

In this episode, Sujit D'Mello and Cynthia Kreng are joined by special guest Mike Becker, an Azure Architect at Microsoft, to discuss how various Azure services can be combined to create a complex solution. Sujit covers the latest enhancements in AKS, including Azure CNI, load balancer support, network isolated clusters, cost recommendations, and GPU driver options. Mike shares insights into a comprehensive Azure cloud solution for collecting and analyzing economic data and media feedback about companies, highlighting the use of Azure Data Factory, Databricks, Power BI, and OpenAI for sentiment analysis. The discussion delves into the architectural decisions, technical challenges, and practical applications of these technologies in delivering robust and secure solutions.   Media file: https://azpodcast.blob.core.windows.net/episodes/Episode516.mp3 YouTube: https://youtu.be/wG12eJymh54 Resources: ADF how it workshttps://learn.microsoft.com/en-us/azure/data-factory/introduction#how-does-it-work Azure Data Factory- Best Practiceshttps://learn.microsoft.com/en-us/answers/questions/1283307/azure-data-factory-best-practices Azure Data Bricks Medallion architecturehttps://learn.microsoft.com/en-us/azure/databricks/lakehouse/medallion Azure Data Bricks Best Practiceshttps://dzone.com/articles/azure-databricks-best-practices-for-a-developer Sentiment Analysis with Azure AI serviceshttps://learn.microsoft.com/en-us/azure/synapse-analytics/machine-learning/tutorial-cognitive-services-sentiment Power BI recommendationshttps://community.fabric.microsoft.com/t5/Desktop/Power-BI-Development-and-Best-Practices/m-p/4632985/highlight/true#M1386307 Improve Power BI model's performancehttps://powerbi.microsoft.com/en-us/blog/best-practice-rules-to-improve-your-models-performance/ GitLab best practices - if you cannot use Azure DevOpshttps://about.gitlab.com/topics/version-control/what-are-gitlab-flow-best-practices/

What if your mobile app could detect bugs, fix UI inconsistencies, and spot user frustration before a user ever reports it? In today's episode, recorded live at IGEL Now & Next, I sit down with Kenny Johnston, Chief Product Officer at Instabug, to explore how AI is reshaping the way developers build, test, and maintain mobile apps. Instabug is taking mobile observability to an entirely new level by developing what Kenny describes as “zero maintenance apps.” Powered by on-device AI models, their platform can now detect subtle UX breakdowns, visual design flaws, and even frustration signals that wouldn't normally trigger crash reports. Whether it's an unresponsive button, a layout shift, or a broken navigation path, Instabug flags the issue, often before a user ever notices. Kenny shares how Instabug's approach to AI is helping development teams move faster and smarter, particularly in high-stakes environments like retail and e-commerce where performance peaks during events like Black Friday or Valentine's Day. Through real-time crash reporting, automated UI analysis, and deep session insights, developers can spot and solve problems that would otherwise get lost in a backlog or surface in app store reviews. We also explore the unique pressures of mobile development. With no quick rollbacks and high user expectations, developers need tools tailored to the realities of app store approvals, device fragmentation, and version-specific bugs. Instabug's platform brings together observability, feedback, and issue reproduction in a way that simplifies the mobile stack and accelerates release cycles. Kenny draws on his experience at GitLab to reflect on the need to consolidate tools and workflows in mobile development. He offers valuable insights for product leaders and mobile engineers on how to navigate change, evolve their approach, and stay curious in the face of constant technical demands. So how can your team shift from reactive debugging to proactive experience design? And are you really seeing all the issues your users encounter or just the ones they report? It's time to find out.

Join host Richard Hon on this episode of Hot Topics on the Edge of Show as we dive into the latest advancements in AI. Richard welcomes Addy Crezee, Founder & CEO /function1, FORKED, CREZEE and Victoria Neiman, Co-founder & COO, /function1 | FORKED | CREZEE to discuss Google's bold claims about Gemini 2.5, GitLab's latest insights on developers embracing AI, Amazon's Alexa Fund fueling AI startups, and a sneak peek at the upcoming Function One AI Conference in Dubai. Don't miss their take on the future of AI and its impact on industries across the board. Support us through our Sponsors! ☕

On this episode of Tank Talks, we welcome back Villi Iltchev, founder and managing partner of Category Ventures, for an unfiltered deep dive into the evolving venture capital landscape. From his early days at Salesforce Ventures to launching his solo $160M fund, Villi unpacks the seismic shifts happening in enterprise software, how AI is reshaping startup economics, and what today's founders need most from their investors.We get tactical about startup pricing models, founder-investor trust, and what it takes to build truly category-defining companies. Villi also shares what he learned from backing GitLab, why transparency builds long-term trust, and how he thinks about firm design as a solo GP.Whether you're an aspiring founder, current operator, or an emerging VC, this episode is a masterclass in strategic thinking and building with purpose.Inside the Mind of a Modern VC (00:01:00)* Villi's journey from tech banking to Salesforce Ventures* Why Salesforce's transformation into a platform company changed everything* The parallels between Salesforce and NVIDIA's ecosystem dominance* How being early at Salesforce shaped Villi's thesis around go-to-market and platform strategyScaling GitLab: Lessons from the Frontlines (00:15:00)* The inside story of GitLab's infamous database failure—and why live-streaming the crisis built trust* Why Villi pushed GitLab to sunset unscalable SKUs and simplify pricing* The power of bundling and setting an “aspirational” price point from day oneGoing Solo: Building Category Ventures (00:25:00)* Why Villi finally felt ready to start his own fund—and what changed* The biggest surprises (and reliefs) in raising as a solo GP* How LPs are getting more sophisticated and what they want from fund managers* Why venture needs a reset and what legacy firms are getting wrongThe New Rules of Early-Stage Investing (00:32:00)* Why founder/firm misalignment leads to orphaned startups* The real impact of mega-funds dabbling at seed and pre-seed* Why Category Ventures is built to be flexible—and fiercely focused on enterprise softwareAI, Startups & the Future of Enterprise (00:38:00)* Villi's hot take on AI-powered lean startups: “It's not the norm—and won't be.”* Why AI is a second-order unlock for vertical SaaS and back-office automation* The coming wave of software replacing the BPO industryLife, Adrenaline, and VC Energy (00:45:00)* What gets Villi's adrenaline pumping as a VC* Why endless internal meetings kill his vibe—and founder calls fuel him* How skiing and extreme adventure balance the chaos of ventureAs the venture landscape shifts under our feet, Villi Iltchev is proving that thoughtful investing, deep expertise, and founder-first empathy are more vital than ever. From GitLab board rooms to building Category VC, his journey is a blueprint for those looking to lead with clarity—and conviction.About Villi Iltchev:Villi Iltchev is the founder and managing partner of Category Ventures, a $160M early-stage venture firm focused exclusively on enterprise software. With a career spanning both operating and investing, Villi brings a rare blend of empathy and edge to the startups he backs—having sat on both sides of the table.He began his career in tech investment banking before transitioning into operating roles at companies like Hewlett-Packard, LifeLock, and Box. He later joined Salesforce Ventures at its inception, helping to build one of the most influential corporate venture arms in the world. During his time there, he led investments in category-defining companies like GitLab and HubSpot.Prior to launching Category Ventures, Villi was a partner at August Capital and Two Sigma Ventures, where he built a strong track record backing developer tools, infrastructure, and vertical SaaS startups. His investments are grounded in deep enterprise domain expertise, a keen sense for go-to-market strategy, and a relentless focus on founder empathy.A lifelong learner and backcountry skiing enthusiast, Villi draws creative energy from the outdoors and adrenaline-fueled adventures. He holds degrees in finance and philosophy and is driven by a singular belief: the best founders don't just build products—they redefine categories.Follow Villi Iltchev on LinkedIn: https://www.linkedin.com/in/villi04Visit the Category Ventures website: https://www.categoryvc.com/Follow Matt Cohen on LinkedIn: https://ca.linkedin.com/in/matt-cohen1Visit the Ripple Ventures website: https://www.rippleventures.com/ This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit tanktalks.substack.com

It was a pivotal moment Brian Robbins tells us he'll never forget: stepping onto a makeshift stage to address some 400 employees just minutes before a key 8-K filing would publicly announce the potential sale of a major business unit. The room bristled with anxiety—people worried about their jobs and the future of the company. Robbins recalls that, instead of relying on scripted talking points, he spoke from the heart and vowed to keep everyone informed as events unfolded. By offering that openness, he reinforced his belief that finance isn't just about numbers, but about building trust and forging a clear path forward.Today, that spirit of transparent communication fuels Robbins's approach as CFO. Above all, he prioritizes strong relationships across every organizational function, from sales and marketing to product and engineering. This is why go-to-market execution, he explains, has become the centerpiece of his strategic leadership. Robbins embeds dedicated finance professionals alongside revenue-focused teams, helping to fine-tune territory splits, refine pricing, and calibrate product positioning based on real-time data. Now Listen

Python Bot Delivered Through DLL Side-Loading A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778 Tomcat RCE Correction To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options must be selected by the victim. https://x.com/dkx02668274/status/1901893656316969308 SAML Roulette: The Hacker Always Wins This Portswigger blog explains in detail how to exploit the ruby-saml vulnerablity against GitLab. https://portswigger.net/research/saml-roulette-the-hacker-always-wins Windows Shortcut Zero Day Exploit Attackers are currently taking advantage of an unpatched vulnerability in how Windows displays Shortcut (.lnk file) details. Trendmicro explains how the attack works and provides PoC code. Microsoft is not planning to fix this issue https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html

In this episode, we dive into Brittany Rohde's unconventional journey into the HR and people space. With a background in mathematics and a love for admin, Brittany has successfully navigated the world of people operations, compensation, and leadership. We explore how she transitioned from a math degree into HR, her philosophy on taking opportunities, and why she believes every people team should have an engineering component. Key Takeaways

Roy Derks, Developer Experience at IBM, talks about the integration of Large Language Models (LLMs) in web development. We explore practical applications such as building agents, automating QA testing, and the evolving role of AI frameworks in software development. Links https://www.linkedin.com/in/gethackteam https://www.youtube.com/@gethackteam https://x.com/gethackteam https://hackteam.io We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Roy Derks.

In this episode: Jason sits down with Harrison Chase, CEO of LangChain, to explore how AI-powered agents are transforming the way startups operate. They discuss the shift from traditional entry-level roles to AI-driven automation, the importance of human-in-the-loop systems, and the future of AI-powered assistants in business. Harrison shares insights on how companies like Replit, Klarna, and GitLab are leveraging AI agents to streamline operations, plus a look ahead at what's next for AI-driven workflows. Brought to you in partnership with Google Cloud.*Timestamps:(0:00) Introduction to Startup Basics series & Importance of AI in startups(2:04) Partnership with Google Cloud & Introducing Harrison Chase from Langchain(4:38) Evolution of entry-level jobs & Examples of AI agents in startups(8:00) Challenges & Future of AI agents in startups(14:24) AI agents in collaborative spaces & Non-developers creating AI agents(18:40) Closing remarks and where to learn more*Uncover more valuable insights from AI leaders in Google Cloud's 'Future of AI: Perspectives for Startups' report. Discover what 23 AI industry leaders think about the future of AI—and how it impacts your business. Read their perspectives here: https://goo.gle/futureofai*Check out all of the Startup Basics episodes here: https://thisweekinstartups.com/basicsCheck out Google Cloud: https://cloud.google.com/Check out LangChain: https://www.langchain.com/*Follow Harrison:LinkedIn: https://www.linkedin.com/in/harrison-chase-961287118/X: https://x.com/hwchase17*Follow Jason:X: https://twitter.com/JasonLinkedIn: https://www.linkedin.com/in/jasoncalacanis*Follow TWiST:Twitter: https://twitter.com/TWiStartupsYouTube: https://www.youtube.com/thisweekinInstagram: https://www.instagram.com/thisweekinstartupsTikTok: https://www.tiktok.com/@thisweekinstartupsSubstack: https://twistartups.substack.com

English Edition: How can repository services like GitHub or GitLab help you manage your project. Listen to my conversation with three guests, Gemma Turon (Ersilia), Ben Clifford (Parsl) and Mike Simpson (Uni Newcastle) how they use GitHub PM tools effectively in their work.Links:https://ersilia.io Ersilia project - Gemma Turonhttps://github.com/ersilia-os GitHub pages for Ersiliahttps://parsl-project.org - Parsl project - Ben Cliffordhttps://github.com/Parsl/parsl - Parsl on GitHubhttps://www.youtube.com/watch?v=uQYQ_F8auEQ - Mike Simpson's talk at RSE Con 2023 'Colouring Cities: from prototype to Platform'https://www.youtube.com/watch?v=vP9k8mAXod4 - a session on Project Management and people at RSE Con 2024 - also with Mikehttps://docs.github.com/en/issues/planning-and-tracking-with-projects/learning-about-projects/best-practices-for-projects GitHub guidelines for using Projects (GitHub tool)https://www.software.ac.uk/blog/task-management-humans-self-care blog post from MikeByteSized RSE is supported by the Universe-HPC project. Get in touchThank you for listening! Merci de votre écoute! Vielen Dank für´s Zuhören! Contact Details/ Coordonnées / Kontakt: Email mailto:peter@code4thought.org UK RSE Slack (ukrse.slack.com): @code4thought or @piddie US RSE Slack (usrse.slack.com): @Peter Schmidt Mastodon: https://fosstodon.org/@code4thought or @code4thought@fosstodon.org Bluesky: https://bsky.app/profile/code4thought.bsky.social LinkedIn: https://www.linkedin.com/in/pweschmidt/ (personal Profile)LinkedIn: https://www.linkedin.com/company/codeforthought/ (Code for Thought Profile) This podcast is licensed under the Creative Commons Licence: https://creativecommons.org/licenses/by-sa/4.0/

We're pre-gaming two of the biggest Linux events of the year. Engineers, organizers, and surprise guests are dropping by to give us the scoop before it all begins.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. River: River is the most trusted place in the U.S. for individuals and businesses to buy, sell, send, and receive Bitcoin. Support LINUX UnpluggedLinks:

Coming up in this episode * We load up your tech toolbox * We settle the Kernel debate * and Thou shall not package OBS... that way. 0:00 Cold Open 1:39 We load up your tech toolbox 21:48 We settle the kernel debate 49:43 Thou shall not package OBS... that way. 1:03:32 Next Time 1:07:26 Stinger The Video Version (https://youtu.be/15zr84iGDHo) https://youtu.be/15zr84iGDHo IT-Tools (https://it-tools.tech/) Can be self hosted (https://github.com/CorentinTh/it-tools) Do you use IT-Tools? If so, which ones? If you don't, would you?

In this episode of Create Like The Greats, we break down how Anthropic, a leading AI company behind Claude, is revolutionizing the use of customer success stories to drive measurable business results. Despite fierce competition from OpenAI and Google, Anthropic differentiates itself through clarity, simplicity, and strategic storytelling. Learn how they use short yet impactful case studies to elevate their brand, enhance credibility, and attract the right audience. Inspired by research from Ethan Crump at Foundation Labs, we take a deep dive into how Anthropic structures its case studies, why they work, and how you can apply these principles to your own business. Key Takeaways & Insights 1. The Power of Customer Success Stories Anthropic has ramped up investment in customer case studies, adding 67 new pages to their website. These stories increase trust and credibility, addressing the fragmented B2B buyer's journey. Featuring well-known clients, such as DuckDuckGo, GitLab, Brave, BCG, and Assembly AI, boosts authority in their industry. 2. The Business Impact of Case Studies The dedicated case studies subfolder attracts over 60,000 organic monthly visitors, generating what would cost $25,000 in paid traffic. SEO performance: 1,600 ranking keywords 4,600 backlinks from 231 domains 3. Anthropic's Winning Formula for Case Studies Short and Direct: Each case study stays under 1,000 words, challenging traditional long-form SEO norms. Clear Structure: Follows a problem → solution → outcome format. Intent Matching for SEO: Content is designed to match search intent, ensuring customers find relevant solutions quickly. Focus on Business Value: Emphasizes results (e.g., 30% improvement in user satisfaction, 80% cost reduction). Uses client and company expert quotes to strengthen credibility. Avoids overly technical details, making it accessible to decision-makers at all levels, including CEOs and finance executives. 4. Applying These Lessons to Your Business Prioritize clarity and simplicity when crafting customer success stories. Optimize stories for search intent so they're discoverable and relevant. Showcase tangible metrics and real results in your case studies. Structure content for easy readability while keeping it strategic and insightful.  Resources How Anthropic Drives 60K+ in Organic Traffic — With One Simple Strategy —

Substack Week: The Shared Ownership Challenge, Understanding Clear Accountability in Engineering Teams With Rafa Páez Welcome to our Substack Week, where we interview thought leaders who publish newsletters on Substack to help you find inspiring voices that drive our community forward. In this episode, we explore the concept of shared ownership and its pitfalls with Rafa Páez, an experienced engineering leader with insights on creating clear accountability in teams. The Pitfalls of Shared Ownership In engineering teams, shared ownership often manifests as ambiguity in responsibility and accountability. Rafa shares a personal experience where assigning two engineers to lead an initiative resulted in nothing getting done, as each assumed the other would take action. This phenomenon highlights how shared ownership without clear accountability can lead to missed deadlines, poor quality deliverables, and team conflicts. "It might not be my fault because I thought the other person was available, I thought the other person had more time to actually work on that initiative." Understanding the Bystander Effect The bystander effect, a psychological phenomenon first identified by social psychologists, explains why people are less likely to take action when others are present. In a team setting, this manifests as members assuming someone else will take responsibility, leading to collective inaction. This effect can significantly impact team productivity and project outcomes. "Because there are more people there, someone thinks that someone else will take care of that thing, whether it's a project, initiative, or any other action." The DRI Framework: Creating Clear Ownership The Directly Responsible Individual (DRI) concept, popularized by Gitlab and Apple, addresses the accountability gap by ensuring one person is clearly responsible for each significant initiative. This framework emerged after a failed project launch where no clear ownership led to quality issues. The DRI approach creates clear lines of responsibility while maintaining collaborative team dynamics. "You can have multiple DRIs for different aspects, but at the end, it needs to be one responsible for the overall project." Implementing DRI Successfully For leaders implementing the DRI framework, several key considerations are crucial for success. DRIs should be assigned thoughtfully based on skills and experience, with senior team members often better suited for these roles. The framework must be supported by a culture that empowers DRIs to make decisions while maintaining team collaboration. "DRIs need to be empowered to make decisions. If they are not empowered to make decisions, this role is not going to work because they're going to feel frustrated." Avoiding Common Anti-patterns When implementing the DRI framework, leaders should be aware of potential anti-patterns that can emerge. These include DRIs becoming bottlenecks, erosion of team collaboration, and overuse of the framework for minor tasks. Success requires finding the right balance and ensuring the framework enhances rather than hinders team dynamics. "Another issue or anti-pattern is the erosion of collaboration - some people might get the wrong concept about DRIs and say 'I don't need to collaborate anymore.'" Building a Culture of Accountability Creating a successful culture of accountability requires clear communication about the DRI role and its implications. Leaders must ensure DRIs are supported while maintaining team collaboration and avoiding the framework becoming overly bureaucratic. The focus should be on enabling effective decision-making and clear ownership while preserving team dynamics. "Consider the skills when assigning DRIs, support people in this role, and remember that DRI is an organizational agnostic framework that adapts to the organizations we are within." Resources For Further Study The Gitlab handbook article about the DRI concept The book: Extreme Ownership by Jocko Willink The Engineering Leader newsletter by Rafa Páez   [The Scrum Master Toolbox Podcast Recommends]

Alissa Coram and Ed Carson analyze Monday's market action and discuss key stocks to watch on Stock Market Today.

Villi Iltchev is the founder of Category Ventures, where he invests early in enterprise software startups. And he's done it longer than almost anyone, building Salesforce's corporate venture arm and investing early in companies like Airtable, Zapier, GitLab, Remote, Hubspot, Gusto, and Box. Fresh off raising his $160m Fund 1, we get into the opportunity he saw to start Category, and how San Francisco and Silicon Valley have changed over the past 30 years. He also shares his story growing up as an illegal immigrant in Greece, moving to the US by himself in high school, the biggest mistake of his career, advice for founders selling their company, why unit economics and profitability always matters, how developer tools went from terrible to amazing businesses, the mistake that almost killed GitLab after he invested, and why you should raise your seed round from a seed fund. Timestamps: (00:00) Intro (03:22) Illegally immigrating from Bulgaria to Greece (05:14) Moving to the US by himself in high school (13:15) Moving to SF in the Dot Com Bubble (15:49) How SF changed over the last 25 years (22:27) Why HP fell from the top of Silicon Valley (25:36) Building Salesforce's corporate VC arm (30:29) Why SaaS was so transformative (34:35) Angel investing in Airtable (39:52) The biggest mistake of his career (42:13) Why unit economics always matter (47:20) Biggest mistake when selling a tech company (49:00) Almost starting a software PE firm and landing in VC (55:45) Lessons from August Capital + Evolution of venture (59:22) Early days of dev tools + Investing in GitLab (1:09:50) Why being contrarian is dumb (1:11:45) How GitLab almost died and emerged stronger (1:16:48) Villi's journey to starting Category (1:25:22) Category's thesis (1:30:48) Why startups always come in batches (1:31:57) The importance of track record in venture (1:35:32) Deciding a $160m fund size (1:39:26) Why you should raise seed rounds from seed firms (1:43:40) What Villi looks for in a startup Referenced Category VC: https://www.categoryvc.com/ Category's $160m Fund 1: https://www.forbes.com/sites/alexkonrad/2024/12/17/villi-iltchev-raises-160-million-debut-fund-category/ Aaron Levie (Box) on The Peel: https://youtu.be/cLn_tqPvNf4 GitLab's Recovery Stream: https://www.youtube.com/watch?v=v0TRHLvYGE0 Guy Podjarny (Snyk) on The Peel: https://youtu.be/BzKlZ_v4uCw Why SaaS won't consolidate: https://medium.com/@villispeaks/why-saas-consolidation-is-not-happening-2b9b722e0250 Follow Villi Twitter: https://x.com/villi LinkedIn: https://www.linkedin.com/in/villi04/ Follow Turner Twitter: https://twitter.com/TurnerNovak LinkedIn: https://www.linkedin.com/in/turnernovak Subscribe to my newsletter to get every episode + the transcript in your inbox every week: https://www.thespl.it/

This week's guest is ZJ van de Weg (https://www.linkedin.com/in/zegerjan/), CEO of FlowFuse. ZJ shares his journey from an intern at GitLab to now leading FlowFuse, how open-source technology is transforming industrial operations, and why Node-RED has become the go-to platform for low-code manufacturing connectivity. He also takes a deep dive into the challenges of scaling open source solutions in enterprise environments, the value of an ‘open-core' business model, and the future of IT/OT collaboration. Augmented Ops is a podcast for industrial leaders, citizen developers, shop floor operators, and anyone else that cares about what the future of frontline operations will look like across industries. This show is presented by Tulip (https://tulip.co/), the Frontline Operations Platform. You can find more from us at Tulip.co/podcast (https://tulip.co/podcast) or by following the show on LinkedIn (https://www.linkedin.com/company/augmentedpod/). Special Guest: ZJ van de Weg.

Florian Forster is Co-Founder & CEO of Zitadel, the cloud security platform aiming to build the future of identity and access management. Their open source project, also called zitadel, provides identity infrastructure and has 10K stars on GitHub. In this episode, we dig into: The benefits of having an open source auth vendor Authentication vs. authorization Building the "GitLab for identity" Why customization matters for an auth product Demand for self-hosting options for auth Appealing to developers and security teams

Tenable acquiring Israel's Vulcan Cyber in $150 million deal Tenable, a Nasdaq-listed cybersecurity company valued at $5.3 billion, is acquiring Israeli cybersecurity firm Vulcan Cyber for approximately $150 million, with the deal expected to close in Q1 of this year. The acquisition aims to enhance Tenable's security exposure management platform by integrating Vulcan Cyber's capabilities, unifying security visibility and risk mitigation. Vulcan Cyber was founded in 2018 and has raised $55 million and employs 100 people, though it is unclear how many will remain post-acquisition. (CalCalistech) Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster Cyberattacks Hackers linked to China, Iran, Russia, and North Korea are using AI, including Google's Gemini chatbot, to enhance cyberattacks, according to U.S. officials and Google security research. These groups utilize AI for tasks like writing malicious code, identifying vulnerabilities, and researching targets rather than developing advanced hacking techniques. Meanwhile, China's DeepSeek AI has raised global concerns about Beijing's progress in the AI arms race, adding uncertainty to the technology's impact on security and warfare. (Wall Street Journal)   U.S. Navy bans use of DeepSeek due to ‘security and ethical concerns' The U.S. Navy has warned its members to avoid using China's DeepSeek AI due to security and ethical concerns, instructing them not to use it for work or personal tasks. DeepSeek's newly released AI model, R1, has drawn global attention for its capabilities, sparking concerns over China's AI advancements and impacting tech markets, with AI chipmakers like Nvidia and Broadcom losing $800 billion in market value. The warning comes amid growing U.S.-China AI competition, with figures like Trump and industry leaders emphasizing the urgency of maintaining American leadership in AI. (CNBC) South Africa's government-run weather service knocked offline by cyberattack A cyberattack has taken the South African Weather Service (SAWS) offline, disrupting critical services for aviation, marine, and agriculture, while forcing SAWS to share weather updates via social media. The breach, the second attempted attack in two days, has also impacted regional allies like Mozambique and Zambia, with efforts underway to restore systems. While no ransomware group has claimed responsibility, South Africa has faced a wave of cyberattacks in recent years, targeting public institutions, including its defense department, pension organization, and national lab service. (The Record) FBI seizes major cybercrime forums in coordinated domain takedown The FBI and international law enforcement have seized multiple cybercrime-linked platforms, including Cracked[.]io, Nulled[.]to, SellIX, and StarkRDP, in a major crackdown on digital marketplaces for stolen credentials and hacking tools. These sites have been criticized for enabling password theft, software piracy, and credential-stuffing attacks, but now redirect to FBI-controlled servers, effectively shutting them down. The operation, involving agencies from Australia, France, Germany, and others, marks another step in global efforts to dismantle cybercriminal networks.   (CyberScoop) North Koreans clone open source projects to plant backdoors, steal credentials North Korea's Lazarus Group carried out a large-scale supply chain attack, dubbed Phantom Circuit, compromising hundreds of victims by embedding backdoors in cloned open-source software, according to SecurityScorecard's latest report. The campaign began in late 2024 and targeted cryptocurrency developers and tech professionals by distributing malware-laced repositories on platforms like GitLab. Stolen data included credentials, authentication tokens, and system information, with the attackers using obfuscation techniques and VPNs.  (The Register)   Oasis Security Research Team Discovers Microsoft Azure MFA Bypass Oasis Security discovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA), allowing attackers to bypass it and gain unauthorized access to Office 365 accounts, including Outlook, OneDrive, and Azure. The flaw exploited session creation and TOTP code tolerance, enabling attackers to brute-force MFA codes undetected within 70 minutes. Oasis reported the issue to Microsoft, which implemented a stricter rate limit, permanently fixing the vulnerability by October 2024. The research highlights the importance of strong MFA implementations and improved alerting mechanisms for failed second-factor attempts. (Cloud Security Alliance) SLAP and FLOP security flaws affect all current Apple devices, and many older ones Security researchers from The Georgia Institute of Technology have discovered two vulnerabilities, SLAP and FLOP, affecting all iPhones, iPads, and Macs with A15 and M2 chips or later. These flaws exploit speculative execution to access data from open web tabs, with SLAP affecting Safari and FLOP impacting both Safari and Chrome. While there's no evidence of exploitation in the wild, Apple has been working on fixes since mid-2024, stating there is no immediate risk to users. Until a patch is released, the best precaution is to be cautious of the websites you visit. (9to5Mac)   Security faces many problems. Asset inventory, patching automation, config management, and device administration are all perennial challenges. But how many of them are related to security specifically? That what we dig into on our latest episode of Defense in Depth. Look for “The Hardest Problems in Security Aren't “Security Problems”” wherever you get your podcasts. Huge thanks to our sponsor, Conveyor Ever wish you had a teammate that could handle the most annoying parts of customer security reviews? You know, chasing down SMEs for answers, updating systems, coordinating across teams—all the grunt work nobody wants to do. Plus, having to finish the dang questionnaire itself. Well. That teammate exists—Conveyor just launched Sue, the first AI Agent for Customer Trust. Sue really is the dream teammate. She never misses a deadline, answers every customer request from sales, completes every questionnaire and knocks out all the coordination in-between.  Sue handles it all so you don't have to. Learn more at www.conveyor.com.

Think marketing to developers is all about hoodies and hackathons? Think again. As the developer-led economy is poised to grow to a TRILLION dollars, companies that offer products for developers must refocus to a business-to-developer (B2D) model as developers become not only users of products, but key purchase influencers. In this episode, Nnamdi Iregbulem, Partner at Lightspeed Venture Partners, Joyce Lin, Head of Developer Relations at Viam, and Caroline Lewko, CEO of Revere Communications, reveal actionable insights for building and scaling developer relations programs that drive adoption, loyalty, and growth in a developer-led economy. Specifically, you'll learn:How to get developers to adopt and build on your platform – from APIs and SDKs to advanced ML and DevOps tools.What it takes to deliver an exceptional Developer Experience (DX) – aligning marketing and product teams to meet the unique needs of developers.Key ingredients of a winning Developer Relations program – from onboarding to advocacy and retention.How to stand out through community engagement – turning developers into loyal evangelists for your platform.Resources Mentioned:Nnamdi Iregbulem -https://www.linkedin.com/in/nnamdiiregbulem/Joyce Lin -https://www.linkedin.com/in/joyce-lin/Caroline Lewko -https://www.linkedin.com/in/carolinelewko/Lightspeed Venture Partners | LinkedIn -https://www.linkedin.com/company/lightspeed-venture-partners/Lightspeed Venture Partners | Website -https://lsvp.com/Viam | LinkedIn -https://www.linkedin.com/company/viaminc/Viam | Website -https://www.viam.com/Revere Communications - https://www.reverecommunications.com/Tyler Jewell's research on developer-led markets -https://tylerjewell.substack.com/p/the-developer-led-landscape-20-08-28Stack Overflow Developer Survey -https://survey.stackoverflow.com/2024/GitLab's “Everyone Can Contribute” philosophy -https://gitlab.com/“Developer Relations: How to Build and Grow a Successful DevRel Program” by Caroline Lewko and James Parton - https://www.devrel.agency/bookThis episode is brought to you by:Leverage community-led growth to skyrocket your business. “From Grassroots to Greatness” by author Lloyed Lobo will help you master 13 game-changing rules from some of the most iconic brands in the world — like Apple, Atlassian, CrossFit, Harley-Davidson, HubSpot, Red Bull and many more — to attract superfans of your own that will propel you to new heights. Grab your copy today at FromGrassrootsToGreatness.com.Each year the US and Canadian governments provide more than $20 billion in R&D tax credits and innovation incentives to fund businesses. But the application process is cumbersome, prone to costly audits, and receiving the money can take as long as 16 months. Boast automates this process, enabling companies to get more money faster without the paperwork and audit risk. We don't get paid until you do! Find out if you qualify today at https://Boast.AI.Launch Academy is one of the top global tech hubs for international entrepreneurs and a designated organization for Canada's Startup Visa. Since 2012, Launch has worked with more than 6,000 entrepreneurs from over 100 countries, of which 300 have grown their startups to seed and Series A stage and raised over $2 billion in funding. To learn more about Launch's programs or the Canadian Startup Visa, visit https://LaunchAcademy.ca.Content Allies helps B2B companies build revenue-generating podcasts. We recommend them to any B2B company that is looking to launch or streamline its podcast production. Learn more at https://contentallies.com.#DeveloperRelations #BusinessToDeveloper #B2D #Product #Marketing #Innovation #Startup #GenerativeAI #AI

Hila Qu is the director of growth at GitLab, a developer platform. GitLab offers a powerful platform that enables developers, engineers, and teams to build, release, and deploy very efficiently. The company started as an open-source product, but it became a PLG business as it has the criteria to be one. Due to its large free user base, GitLab was able to launch a PLG motion. Data on how users utilize the platform also allowed them to understand which features they use and what behaviors indicate that they are likely to convert to potential PQ. Hila provides details on how she created all these from scratch to grow GitLab and gives the six steps to launch a PLG motion. Show Notes [00:47] What GitLab is and how they started the PLG motion [08:44] How existing sales motion works before getting into the PLG side of things [17:18] Aligning on the customer journey and funnel design [31:00] Organize the right teams the right way [36:07] Recommendations for infrastructure and tool stack dependent on company size [40:45] How to identify the highest ROI focus area for PLG efforts [46:28] Anticipating common challenges and building the PLG culture [49:56] Hila's advice for starting a PLG motion  About Hila Qu Hila is a uniquely talented growth leader. Prior to her current role at GitLab, Hila worked at Acorns, a financial technology, and services company that specializes in micro-investing and robo-investing. At Acorns, she founded and developed the growth team into a 20+ member team, drove the customer base from 1M to over 4M, and launched two new product lines. Now at GitLab, she leads their growth product team that has since generated over $1.5M incremental ARR from growth product initiatives & experiments in just the first six months. Needless to say, Hila lives every day in the world of growth, retention, analytics, and products (some nights too). Link GitLab Profile Hila's Linkedin

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com A recent study showed that the federal government has identified 1700 use cases for Artificial Intelligence. Today, we examine some challenges and solutions for unlocking the power of AI represented in these examples.  Our guest, Joel Krooswyk from GitLab, examines Software Bills of Material, repatriation, and what efficiency might look like in the future. SBOM. For years, software developers have recommended using a Software Bill of Material. Today, its value has become so apparent that it is becoming mandatory. During the interview, Joel Krooswyk discusses the security benefits of mandating an SBOM policy for all federal software development. Fifteen years ago, Vivek Kundra coined the phrase “Cloud First.”  It took a while, but cloud adoption is pervasive by the federal government.  However, with this adoption, we have seen examples where cloud service providers may over-promise and under delivery. The interview provides guidelines for transitioning from the cloud back to the premises, which is increasingly called “repatriation.” Software development in the future will make compliance partner with DevSecOps in an automated process. This will reduce maintenance costs and provide real-time reporting.  Intelligent automation will be able to validate each step of the process.

Live from the SaaStock USA 2024 Scale Stage, Ashley Kramer, GitLab's Chief Strategy and Marketing Officer, sits down with AJ Eckstein, Founder & Creator at Creator Match and Fast Company. Together, they explore the imminent shift in how companies measure AI's impact on efficiency, questioning whether the productivity gains truly justify the risks and costs associated with AI adoption. Ashley argues that forward-thinking companies must move beyond traditional output metrics and focus on those that reflect real business value—such as enhanced software quality, faster time-to-market, consistent delivery, and, most importantly, improved customer satisfaction.Check out the other ways SaaStock is serving SaaS founders

Brian Sierakowski (@bsierakowski) has been busy over the last year: he started working on ChangeBot and TRMNL, and both projects are taking off.If you ever wondered what a good changelog looks like or why you might need one, this episode is for you. This episode is sponsored by Paddle.com — if you're looking for a payment platform that works for you so you can focus on what matters, check them out.The blog post: https://thebootstrappedfounder.com/brian-sierakowski-mastering-product-communication/The podcast episode: https://tbf.fm/episodes/317-brian-sierakowski-mastering-product-communicationCheck out Podscan to get alerts when you're mentioned on podcasts: https://podscan.fmSend me a voicemail on Podline: https://podline.fm/arvidYou'll find my weekly article on my blog: https://thebootstrappedfounder.comPodcast: https://thebootstrappedfounder.com/podcastNewsletter: https://thebootstrappedfounder.com/newsletterMy book Zero to Sold: https://zerotosold.com/My book The Embedded Entrepreneur: https://embeddedentrepreneur.com/My course Find Your Following: https://findyourfollowing.comHere are a few tools I use. Using my affiliate links will support my work at no additional cost to you.- Notion (which I use to organize, write, coordinate, and archive my podcast + newsletter): https://affiliate.notion.so/465mv1536drx- Riverside.fm (that's what I recorded this episode with): https://riverside.fm/?via=arvid- TweetHunter (for speedy scheduling and writing Tweets): http://tweethunter.io/?via=arvid- HypeFury (for massive Twitter analytics and scheduling): https://hypefury.com/?via=arvid60- AudioPen (for taking voice notes and getting amazing summaries): https://audiopen.ai/?aff=PXErZ- Descript (for word-based video editing, subtitles, and clips): https://www.descript.com/?lmref=3cf39Q- ConvertKit (for email lists, newsletters, even finding sponsors): https://convertkit.com?lmref=bN9CZw

Drew Houston is the co-founder and CEO of Dropbox. Under his leadership, Dropbox has grown from a simple idea to a service used by over 700 million registered users globally, with a valuation exceeding $9 billion. Drew has led Dropbox through multiple phases, from explosive viral growth, to battling all the tech giants at once, to reinventing the company for the future of work. In our conversation, he opens up about:• The three eras of Dropbox's growth and evolution• The challenges he's faced over the past 18 years• What he learned about himself• How he's been able to manage his psychology as a founder• The importance of maintaining your learning curve• Finding purpose beyond metrics and growth• The micro, macro, and meta aspects of building companies• Much more—Brought to you by:• Paragon—Ship every SaaS integration your customers want• Explo—Embed customer-facing analytics in your product• Vanta—Automate compliance. Simplify security—Find the transcript at: https://www.lennysnewsletter.com/p/behind-the-founder-drew-houston-dropbox—Where to find Drew Houston:• X: https://x.com/drewhouston• LinkedIn: https://www.linkedin.com/in/drewhouston/—Where to find Lenny:• Newsletter: https://www.lennysnewsletter.com• X: https://twitter.com/lennysan• LinkedIn: https://www.linkedin.com/in/lennyrachitsky/—In this episode, we cover:(00:00) Introduction to Drew and Dropbox(04:44) The three eras of Dropbox(07:53) The first era: Viral growth and early success(14:19) The second era: Challenges and competition(20:49) Strategic shifts and refocusing(29:36) Personal reflections and leadership lessons(40:19) Unlocking mindfulness and building support systems(43:14) The Enneagram test(50:35) The challenges of being a founder CEO(58:11) The third era: Rebooting the team and core business(01:22:41) Lessons and advice for aspiring founders(01:27:46) Balancing personal and professional growth(01:42:38) Final reflections and future outlook—Referenced:• Dropbox: https://www.dropbox.com/• Y Combinator: https://www.ycombinator.com/• Paul Graham's website: https://www.paulgraham.com/• Hacker News: https://news.ycombinator.com/• Arash Ferdowsi on LinkedIn: https://www.linkedin.com/in/arashferdowsi/• Sequoia Capital: https://www.sequoiacap.com/• Pejman Nozad on LinkedIn: https://www.linkedin.com/in/pejman/• Mike Moritz on LinkedIn: https://www.linkedin.com/in/michaelmoritz/• TechCrunch Disrupt: https://techcrunch.com/events/tc-disrupt-2024/• Dropbox viral demo: https://youtu.be/7QmCUDHpNzE• Digg: https://digg.com/• Reddit: https://www.reddit.com/• Hadi and Ali Partovi: https://www.partovi.org/• Zynga: https://www.zynga.com/• Steve Jobs announces Apple's iCloud: https://www.youtube.com/watch?v=ilnfUa_-Rbc• Dropbox Carousel: https://en.wikipedia.org/wiki/Dropbox_Carousel• Dropbox Is Buying Mega-Hyped Email Startup Mailbox: https://www.businessinsider.com/dropbox-is-buying-mega-hyped-email-startup-mailbox-2013-3• 5 essential questions to craft a winning strategy | Roger Martin (author, advisor, speaker): https://www.lennysnewsletter.com/p/the-ultimate-guide-to-strategy-roger-martin• Intel: https://www.intel.com/• Gordon Moore: https://en.wikipedia.org/wiki/Gordon_Moore• Netscape: https://en.wikipedia.org/wiki/Netscape• Myspace: https://en.wikipedia.org/wiki/Myspace• Bill Campbell: https://en.wikipedia.org/wiki/Bill_Campbell_(business_executive)• Enneagram type descriptions: https://www.enneagraminstitute.com/type-descriptions/• The Myers-Briggs Type Indicator: https://www.themyersbriggs.com/en-US/Products-and-Services/Myers-Briggs• Brian Chesky's new playbook: https://www.lennysnewsletter.com/p/brian-cheskys-contrarian-approach• Ben Horowitz on X: https://x.com/bhorowitz• Why Read Peter Drucker?: https://hbr.org/2009/11/why-read-peter-drucker• GitLab: https://about.gitlab.com/• Automattic: https://automattic.com/• Dropbox Dash: https://www.dash.dropbox.com/• Welcome Command E to Dropbox: https://blog.dropbox.com/topics/company/welcome-command-e-to-dropbox-• StarCraft: https://en.wikipedia.org/wiki/StarCraft_(video_game)• Procter & Gamble and the Beauty of Small Wins: https://hbr.org/2009/10/the-beauty-of-small-wins• Teaching Smart People How to Learn: https://hbr.org/1991/05/teaching-smart-people-how-to-learn—Recommended books:• Guerrilla Marketing: Easy and Inexpensive Strategies for Making Big Profits from Your Small Business: https://www.amazon.com/Guerilla-Marketing-Inexpensive-Strategies-Business/dp/0618785914• Playing to Win: How Strategy Really Works: https://www.amazon.com/Playing-Win-Strategy-Really-Works/dp/142218739X• High Output Management: https://www.amazon.com/High-Output-Management-Andrew-Grove/dp/0679762884/• Only the Paranoid Survive: How to Exploit the Crisis Points That Challenge Every Company: https://www.amazon.com/Only-Paranoid-Survive-Exploit-Challenge/dp/0385483821• Zone to Win: Organizing to Compete in an Age of Disruption: https://www.amazon.com/Zone-Win-Organizing-Compete-Disruption/dp/1682302113• Warren Buffett's books: https://www.amazon.com/warren-buffett-Books/s?k=warren+buffett&rh=n%3A283155• Poor Charlie's Almanack: The Essential Wit and Wisdom of Charles T. Munger: https://www.amazon.com/Poor-Charlies-Almanack-Essential-Charles/dp/1953953239• Invent and Wander: The Collected Writings of Jeff Bezos: https://www.amazon.com/Invent-Wander-Collected-Writings-Introduction/dp/1647820715/• The 15 Commitments of Conscious Leadership: A New Paradigm for Sustainable: https://www.amazon.com/15-Commitments-Conscious-Leadership-Sustainable-ebook/dp/B00R3MHWUE—Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com.—Lenny may be an investor in the companies discussed. Get full access to Lenny's Newsletter at www.lennysnewsletter.com/subscribe