Podcasts about GitLab

DOGE staff face scrutiny over possible Hatch Act violations. GitLab fixes a serious 2FA bypass. North Korean hackers target macOS developers through Visual Studio Code. Researchers say the VoidLink malware may be largely AI-built. MITRE rolls out a new embedded systems threat matrix. Oracle drops a massive patch update. Minnesota DHS reports a breach affecting 300,000 people. Germany looks to Israel for cyber defense lessons. A major illicit marketplace goes dark. Our guest is Ashley Jess, Senior Intelligence Analyst from Intel 471, with a “crash course” on underground cyber markets. And auditors emerge as an unlikely line of cyber defense. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Ashley Jess, Senior Intelligence Analyst from Intel 471, sharing a “crash course” on how underground cyber markets and emerging trends. Selected Reading Trump administration concedes DOGE team may have misused Social Security data (POLITICO) GitLab warns of high-severity 2FA bypass, denial-of-service flaws (Bleeping Computer) North Korean Hackers Target macOS Developers via Malicious VS Code Projects (SecurityWeek) Voidlink Linux Malware Was Built Using an AI Agent, Researchers Reveal (Infosecurity Magazine) MITRE Launches New Security Framework for Embedded Systems (SecurityWeek) Oracle's First 2026 CPU Delivers 337 New Security Patches (SecurityWeek) Minnesota Agency Notifies 304,000 of Vendor Breach (GovInfo Security) Germany and Israel Pledge Cybersecurity Alliance (BankInfo Security) $12B Scam Market Tudou Guarantee Shuts Down (GovInfo Security) Research reveals a surprising line of defence against cyber attacks: accountants (The Conversation) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Today, we have an experienced tech veteran, Bob Stevens from GitLab, offering insights on how he sees the federal government overcoming three main technology challenges in 2026. Challenge ONE:   Software improvement on scale. Stevens observed that everyone has seen AI's ability to review code. It has passed the basic phase, and now, in 2026, it cannot only review code but also identify security vulnerabilities, ensure compliance, and even generate documentation. This means that older, expensive-to-maintain systems can be transitioned to more flexible, economical cloud models. Challenge TWO:   Going away from reacting. The word "continuous" has been the goal for cyber defenders for the past several years. Fortunately, AI is allowing that noble goal to be put into practice. When applied appropriately, newer technology can achieve lower breach rates and faster threat response times. Challenge THREE:   emergence of a "universal" developer. Traditionally, requirements would be gathered by an intermediary and then translated into instructions for software developers. Stevens shows how newer AI-based approaches can eliminate that intermediary step. In other words, a pilot can precisely describe what they want in an avionics system, and the developers can work from that description. That means solving domain-specific problems with traditional development skills. Ideally, subject matter experts directly translate their knowledge into functional software systems. Some call this the "universal" developer approach. Stevens emphasized the importance of AI, security, and flexibility for future developers. GitLab's DevSecOps platform integrates AI across the entire software development process.

We're joined by Sid Sijbrandij, founder of GitLab who led the all-in-one coding platform all the way to IPO. In late 2022, Sid discovered that he had bone cancer. That started a journey he's been on ever since... a journey that he shares with us in great detail. Along the way, Sid continued founding companies including Kilo Code, an all-in-one agentic engineering platform, which he also tells us all about.

Hoe werd een Nederlands familiebedrijf een internationaal designmerk? Brabantia bewijst dat zelfs vuilnisbakken onderdeel kunnen zijn van een sterk, toekomstbestendig businessmodel.Deze aflevering in het kort:☑️ Hoe Brabantia design inzet als kern van het businessmodel☑️ Waarom het merk bewust niet meedoet aan de prijzenslag☑️ Hoe een familiebedrijf wereldwijd schaalbaar blijft met premium productenBrabantia bestaat al sinds 1919, maar het businessmodel is allesbehalve blijven hangen in het verleden. Onder leiding van CEO Tijn van Elderen transformeerde het merk de afgelopen tien jaar van puur functionele huishoudproducten naar een designgedreven propositie. Niet de laagste prijs, maar waarde staat centraal: kwaliteit, duurzaamheid, esthetiek en gebruiksgemak. Brabantia verdient aan producten die langer meegaan, beter ontworpen zijn en passen in het interieur van de consument. Design is volgens Van Elderen geen sausje, maar een kernonderdeel van de strategie geworden.

Hoe werd een Nederlands familiebedrijf een internationaal designmerk? Brabantia bewijst dat zelfs vuilnisbakken onderdeel kunnen zijn van een sterk, toekomstbestendig businessmodel. Deze aflevering in het kort: ☑️ Hoe Brabantia design inzet als kern van het businessmodel ☑️ Waarom het merk bewust niet meedoet aan de prijzenslag ☑️ Hoe een familiebedrijf wereldwijd schaalbaar blijft met premium producten Brabantia bestaat al sinds 1919, maar het businessmodel is allesbehalve blijven hangen in het verleden. Onder leiding van CEO Tijn van Elderen transformeerde het merk de afgelopen tien jaar van puur functionele huishoudproducten naar een designgedreven propositie. Niet de laagste prijs, maar waarde staat centraal: kwaliteit, duurzaamheid, esthetiek en gebruiksgemak. Brabantia verdient aan producten die langer meegaan, beter ontworpen zijn en passen in het interieur van de consument. Design is volgens Van Elderen geen sausje, maar een kernonderdeel van de strategie geworden. Luister ook | De opkomst en ondergang van Better Place Dat model vraagt om scherpe keuzes. Brabantia wil bijvoorbeeld niet concurreren met ultragoedkope webshops, maar bouwt aan een premiummerk dat wereldwijd herkenbaar is. De schaal zit in internationale distributie - inmiddels in zo'n 90 landen - en in consistente merkbeleving. Van product tot verpakking. Door te investeren in designpartners, duurzaamheid en merkverhaal beschermt Brabantia zijn positie in een markt waar prijsdruk steeds groter wordt. Luister ook | Hoe organiseer je groei in je bedrijf? Remy Gieling van AI.nl vertelt over het businessmodel van Kilocode, opgericht door de Nederlander Sid Sijbrandij (bekend van GitLab). Het is een open-source AI-tool die programmeurs helpt sneller en beter code te schrijven. De basis van de software is gratis en voor iedereen toegankelijk. Ontwikkelaars mogen zelf kiezen welk AI-model ze gebruiken, zonder vast te zitten aan één leverancier. Bedrijven betalen pas als ze extra functies willen, zoals samenwerken in teams, beveiliging en overzicht voor managers. Zo combineert Kilocode openheid met een schaalbaar verdienmodel.

Topics covered in this episode: Has the cost of building software just dropped 90%? More on Deprecation Warnings How FOSS Won and Why It Matters Should I be looking for a GitHub alternative? Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. HEADS UP: We are taking next week off, happy holiday everyone. Michael #1: Has the cost of building software just dropped 90%? by Martin Alderson Agentic coding tools are collapsing “implementation time,” so the cost curve of shipping software may be shifting sharply Recent programming advancements haven't been that great of a true benefit: Cloud, TDD, microservices, complex frontends, Kubernetes, etc. Agentic AI's big savings are not just code generation, but coordination overhead reduction (fewer handoffs, fewer meetings, fewer blocks). Thinking, product clarity, and domain decisions stay hard, while typing and scaffolding get cheap. Is it the end of software dev? Not really, see Jevons paradox: when production gets cheaper, total demand can rise rather than spending simply falling. (Historically: the efficiency of coal use led to the increased consumption of coal) Pushes back on “only good for greenfield” by arguing agents also help with legacy code comprehension and bug-fixing. I 100% agree. #Legacy code for the win. Brian #2: More on Deprecation Warnings How are people ignoring them? yep, it's right in the Python docs: -W ignore::DeprecationWarning Don't do that! Perhaps the docs should give the example of emitting them only once -W once::::DeprecationWarning See also -X dev mode , which sets -W default and some other runtime checks Don't use warn, use the @warnings.deprecated decorator instead Thanks John Hagen for pointing this out Emits a warning It's understood by type checkers, so editors visually warn you You can pass in your own custom UserWarning with category mypy also has a command line option and setting for this --enable-error-code deprecated or in [tool.mypy] enable_error_code = ["deprecated"] My recommendation Use @deprecated with your own custom warning and test with pytest -W error Michael #3: How FOSS Won and Why It Matters by Thomas Depierre Companies are not cheap, companies optimize cost control. They do this by making purchasing slow and painful. FOSS is/was a major unlock hack to skip procurement, legal, etc. Example is months to start using a paid “Add to calendar” widget! It “works both ways”: the same bypass lowers the barrier for maintainers too, no need for a legal entity, lawyers, liability insurance, or sales motion. Proposals that “fix FOSS” by reintroducing supply-chain style controls (he name-checks SBOMs and mandated processes) risk being rejected or gamed, because they restore the very friction FOSS sidesteps. Brian #4: Should I be looking for a GitHub alternative? Pricing changes for GitHub Actions The self-hosted runner pricing change caused a kerfuffle. It's has been postponed But… if you were to look around, maybe pay attention to These 4 GitHub alternatives are just as good—or better Codeburg, BitBucket, GitLab, Gitea And a new-ish entry, Tangled Extras Brian: End of year sale for The Complete pytest Course Use code XMAS2025 for 50% off before Dec 31 Writing work on Lean TDD book on hold for holidays Will pick up again in January Michael: PyCharm has better Ruff support now out of the box, via Daniel Molnar This is from the release notes of 2025.3: "PyCharm 2025.3 expands its LSP integration with support for Ruff, ty, Pyright, and Pyrefly.” If you check out the LSP section it will land you on this page and you can go to Ruff. The Ruff doc site was also updated. Previously it was only available external tools and a third party plugin, this feels like a big step. Fun quote I saw on ExTwitter: May your bug tracker be forever empty. Joke: Try/Catch/Stack Overflow Create a super annoying linkedin profile - From Tim Kellogg, submitted by archtoad

At KubeCon North America 2025, GitLab's Emilio Salvador outlined how developers are shifting from individual coders to leaders of hybrid human–AI teams. He envisions developers evolving into “cognitive architects,” responsible for breaking down large, complex problems and distributing work across both AI agents and humans. Complementing this is the emerging role of the “AI guardian,” reflecting growing skepticism around AI-generated code. Even as AI produces more code, humans remain accountable for reviewing quality, security, and compliance.Salvador also described GitLab's “AI paradox”: developers may code faster with AI, but overall productivity stalls because testing, security, and compliance processes haven't kept pace. To fix this, he argues organizations must apply AI across the entire development lifecycle, not just in coding. GitLab's Duo Agent Platform aims to support that end-to-end transformation.Looking ahead, Salvador predicts the rise of a proactive “meta agent” that functions like a full team member. Still, he warns that enterprise adoption remains slow and advises organizations to start small, build skills, and scale gradually.Learn more from The New Stack about the evolving role of "cognitive architects":The Engineer in the AI Age: The Orchestrator and ArchitectThe New Role of Enterprise Architecture in the AI EraThe Architect's Guide to Understanding Agentic AIJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.  Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Salesforce has officially completed its acquisition of Informatica three months ahead of schedule, but the real story on the recent earnings call was the company's aggressive pivot to "Agentforce," which was mentioned (a lot) during the presentation. In this breakdown, we analyze how Informatica serves as the critical software infrastructure layer, providing the clean data integration needed to power Salesforce's agentic AI products and automate customer workflows.We also dive into the financials, looking at how Informatica contributes approximately 5% to revenue and 3% to free cash flow, while Salesforce shares trade at an attractive 18x trailing price-to-free cash flow. Finally, we discuss our broader investment strategy: while semiconductor valuations remain elevated, we are finding significant value in enterprise SaaS, leading to recent additions in our portfolio including Salesforce, Monday.com, and GitLab.Join us on Discord with Semiconductor Insider, sign up on our website: www.chipstockinvestor.com/membershipSupercharge your analysis with AI! Get 15% of your membership with our special link here: https://fiscal.ai/csi/Sign Up For Our Newsletter: https://mailchi.mp/b1228c12f284/sign-up-landing-page-short-formChapters:00:00 - Salesforce 00:08 - Informatica Acquisition Completed Early 00:53 - The Pivot to "Agentforce" (75 Mentions!) 02:40 - Infrastructure Layer: What Informatica Actually Does 04:14 - Financial Impact: Revenue & Free Cash Flow 05:22 - Q4 Guidance & Operating Margins 06:33 - Current Valuation: P/E & Free Cash Flow Multiples 07:18 - Strategy Shift: Rotating from Semis to SaaS 07:44 - Other Holdings: ServiceNow, Monday.com, GitLab 08:14 - Finding Value in Software vs. SemiconductorsIf you found this video useful, please make sure to like and subscribe!*********************************************************Affiliate links that are sprinkled in throughout this video. If something catches your eye and you decide to buy it, we might earn a little coffee money. Thanks for helping us (Kasey) fuel our caffeine addiction!Content in this video is for general information or entertainment only and is not specific or individual investment advice. Forecasts and information presented may not develop as predicted and there is no guarantee any strategies presented will be successful. All investing involves risk, and you could lose some or all of your principal. #Salesforce #CRM #Informatica #AgentForce #SaaS #AI #StockMarket #Investing #EnterpriseSoftware #TechStocks #ValueInvestingNick and Kasey own shares of Salesforce, Monday.com, Gitlab, UiPath, Servicenow

In der heutigen Folge sprechen die Finanzjournalisten Anja Ettel und Holger Zschäpitz über starke Zahlen von Crowdstrike, Kurssprung bei Bayer und eine wilde Wende bei Bitcoin. Außerdem geht es um Ether, Intel, xLight, Meta, Boeing, Airbus, Marvell, Celestial AI, Nvidia, Broadcom, GitLab, Adobe, Workday, DocuSign, Apple, Microsoft, MongoDB, Credo Technology, Wacker Neuson, Doosan Bobcat, Hochtief, Hypoport, Hugo Boss, Rheinmetall, Nvidia, Lockheed Martin, Hensoldt, Renk, TKMS, VW, BMW, Mercedes-Benz, Continental, Porsche, Schaeffler, Daimler Truck, Bank of America, KeyCorp, PNC Financial Services, US-Bancorp, Truist Financial, Aon, Marsh & McLennan, Willis Towers Watson, Accenture, Cognizant, EPAM Systems, IBM, Twilio, DXC Technology, SAIC, Guidewire Software, Manhattan Associates, Pegasystems, Tyler Technologies, Labcorp, IQVIA, Certara und Siemens Energy. Die aktuelle "Alles auf Aktien"-Umfrage findet Ihr unter: https://www.umfrageonline.com/c/mh9uebwm Wir freuen uns an Feedback über aaa@welt.de. Noch mehr "Alles auf Aktien" findet Ihr bei WELTplus und Apple Podcasts – inklusive aller Artikel der Hosts und AAA-Newsletter.[ Hier bei WELT.](https://www.welt.de/podcasts/alles-auf-aktien/plus247399208/Boersen-Podcast-AAA-Bonus-Folgen-Jede-Woche-noch-mehr-Antworten-auf-Eure-Boersen-Fragen.html.) [Hier] (https://open.spotify.com/playlist/6zxjyJpTMunyYCY6F7vHK1?si=8f6cTnkEQnmSrlMU8Vo6uQ) findest Du die Samstagsfolgen Klassiker-Playlist auf Spotify! Disclaimer: Die im Podcast besprochenen Aktien und Fonds stellen keine spezifischen Kauf- oder Anlage-Empfehlungen dar. Die Moderatoren und der Verlag haften nicht für etwaige Verluste, die aufgrund der Umsetzung der Gedanken oder Ideen entstehen. Hörtipps: Für alle, die noch mehr wissen wollen: Holger Zschäpitz können Sie jede Woche im Finanz- und Wirtschaftspodcast "Deffner&Zschäpitz" hören. +++ Werbung +++ Du möchtest mehr über unsere Werbepartner erfahren? [**Hier findest du alle Infos & Rabatte!**](https://linktr.ee/alles_auf_aktien) Impressum: https://www.welt.de/services/article7893735/Impressum.html Datenschutz: https://www.welt.de/services/article157550705/Datenschutzerklaerung-WELT-DIGITAL.html

Während Dietmar Deffner in Dubai die Sonne genießt, hat sich Holger Zschäpitz das „schwäbische Schlitzohr“ der Tech-Szene ins Studio geholt: Thomas Rappold, Silicon-Valley-Investor und Buchautor, redet Tacheles über den aktuellen KI-Hype und überrascht mit einer gewagten These: Für ihn gehört der Börsenliebling Nvidia 2026 nicht mehr zu den Top-Favoriten. Stattdessen erklärt Rappold, warum Alphabet (Google) für ihn das bessere Investment ist und wieso er jetzt massiv auf verprügelte Software-Aktien wie GitLab oder DocuSign setzt. Außerdem: Warum ein US-Steuergesetz („One Beautiful Bill“) den Tech-Boom 2026 neu entfachen könnte und welche Rolle „langweilige“ Aktien wie Visa oder Siemens Healthineers in seinem Depot spielen. Eine Episode voller konkreter Aktien-Ideen – von der „Everything-App“ für die persönlichen Finanzen bis zum Metaverse-Play Roblox. DEFFNER & ZSCHÄPITZ sind wie das wahre Leben. Wie Optimist und Pessimist. Im wöchentlichen WELT-Podcast diskutieren und streiten die Journalisten Dietmar Deffner und Holger Zschäpitz über die wichtigen Wirtschaftsthemen des Alltags. Schreiben Sie uns an: wirtschaftspodcast@welt.de Impressum: https://www.welt.de/services/article7893735/Impressum.html Datenschutzerklärung: https://www.welt.de/services/article157550705/Datenschutzerklaerung-WELT-DIGITAL.html

About This Episode  In this episode of The Future of Work® Podcast, host Frank Cottle is joined by Nadia Vatalidis, Head of People at Doist—the globally recognized company behind Todoist and Twist. With a decade of experience scaling distributed teams at GitLab, Remote.com, and now Doist, Nadia brings deep expertise on what it really takes to build a high-performing, remote-first company. Together, they explore the strategic decisions behind global hiring, equitable compensation frameworks, time zone productivity, employee security, and the cultural strengths of distributed work.  Whether you're a founder, team leader, or HR exec navigating the complexities of remote hiring or distributed team design, this episode is a roadmap to getting it right. Learn exactly why remote-first is a mindset shaping the future of work. 

This show has been flagged as Explicit by the host. New hosts Welcome to our new host: Whiskeyjack. Last Month's Shows Id Day Date Title Host 4501 Mon 2025-11-03 HPR Community News for October 2025 HPR Volunteers 4502 Tue 2025-11-04 Cheap Yellow Display Project Part 3: Reverse beacon network Trey 4503 Wed 2025-11-05 One time passwords using oathtool Whiskeyjack 4504 Thu 2025-11-06 YouTube Subscriptions 2025 #7 Ahuka 4505 Fri 2025-11-07 New site - looks great! Archer72 4506 Mon 2025-11-10 The UCSD P-System Operating System Whiskeyjack 4507 Tue 2025-11-11 What's in the bag ? Ken Fallon 4508 Wed 2025-11-12 YouTube Subscriptions 2025 #8 Ahuka 4509 Thu 2025-11-13 HPR Beer Garden 5 - Heferweisen Kevie 4510 Fri 2025-11-14 Playing Civilization V, Part 5 Ahuka 4511 Mon 2025-11-17 Audio-books Lee 4512 Tue 2025-11-18 HomeAssistant - Nmap ("Network Mapper") Reto 4513 Wed 2025-11-19 Living the Tux Life Episode 2 - Ventoy Al 4514 Thu 2025-11-20 YouTube Subscriptions 2025 #9 Ahuka 4515 Fri 2025-11-21 Privacy? I don't have anything to hide... Archer72 4516 Mon 2025-11-24 Browser User Agent Henrik Hemrin 4517 Tue 2025-11-25 Cheap Yellow Display Project Part 4: The hardware Trey 4518 Wed 2025-11-26 Cosy News Corner for Week 46 - Your source for Open Source news Daniel Persson 4519 Thu 2025-11-27 YouTube Subscriptions 2025 #10 Ahuka 4520 Fri 2025-11-28 Arthur C. Clarke: Rama and Sequels Ahuka Comments this month These are comments which have been made during the past month, either to shows released during the month or to past shows. There are 22 comments in total. Past shows There are 8 comments on 8 previous shows: hpr3753 (2022-12-21) "Some thoughts on "Numeronyms"" by Dave Morriss. Comment 3: Ken Fallon on 2025-11-03: "Just linked to this" Comment 4: Dave Morriss on 2025-11-05: "Thanks Ken" hpr4397 (2025-06-10) "Transfer files from desktop to phone with qrcp" by Klaatu. Comment 2: Ken Fallon on 2025-11-18: "I knew this would come in handy" Comment 3: candycanearter07 on 2025-11-19: "issues with qrcp..." Comment 4: Ken Fallon on 2025-11-20: "qrcp is private 0x0.st is not" hpr4485 (2025-10-10) "Git for Github and Gitlab" by Archer72. Comment 3: Archer72 on 2025-11-01: "candycanearter07 and Sayaci: Thanks!" Comment 4: candycanearter07 on 2025-11-05: "Re: candycanearter07 and Sayaci: Thanks!" hpr4491 (2025-10-20) "Thibaut and Ken Interview David Revoy" by Thibaut. Comment 3: dnt on 2025-11-04: "Great interview" hpr4493 (2025-10-22) "HPR Beer Garden 4 - Weissbier" by Kevie. Comment 5: TA Spinner on 2025-11-10: "Great episode, I look forward to more!" hpr4494 (2025-10-23) "Exploring FUTO Keyboard" by Antoine. Comment 1: Archer72 on 2025-11-01: "Keyboards use" hpr4498 (2025-10-29) "Living the Tux Life Episode 1" by Al. Comment 1: candycanearter07 on 2025-11-10: "cheers for taking the plunge!" hpr4499 (2025-10-30) "Greg Farough and Zoë Kooyman of the FSF interview Librephone lead developer Rob Savoye" by Ken Fallon. Comment 1: Henrik Hemrin on 2025-11-05: "Good interview pod to learn more about the Librephone project" This month's shows There are 14 comments on 8 of this month's shows: hpr4501 (2025-11-03) "HPR Community News for October 2025" by HPR Volunteers. Comment 1: Archer72 on 2025-11-01: "If you do something cool..."Comment 2: candycanearter07 on 2025-11-05: "Re: If you do something cool..."Comment 3: Archer72 on 2025-11-08: "Tip from operat0r" hpr4503 (2025-11-05) "One time passwords using oathtool" by Whiskeyjack. Comment 1: interesting, but... on 2025-11-10: "candycanearter07"Comment 2: Whiskeyjack on 2025-11-12: "One time passwords using oathtool" hpr4505 (2025-11-07) "New site - looks great!" by Archer72. Comment 1: folky on 2025-11-04: "Thank you" hpr4506 (2025-11-10) "The UCSD P-System Operating System" by Whiskeyjack. Comment 1: L'andrew on 2025-11-11: "A blast from the p-code past..."Comment 2: brian-in-ohio on 2025-11-17: "good show"Comment 3: Trixter on 2025-11-21: "This was very well done" hpr4509 (2025-11-13) "HPR Beer Garden 5 - Heferweisen" by Kevie. Comment 1: ClaudioM on 2025-11-19: "Both are Tasty!" hpr4511 (2025-11-17) "Audio-books" by Lee. Comment 1: Lee on 2025-11-05: "Errata" hpr4517 (2025-11-25) "Cheap Yellow Display Project Part 4: The hardware " by Trey. Comment 1: mirwi on 2025-11-25: "Explanation of "silent key"."Comment 2: Trey on 2025-11-26: "Thank you, Mirwi. Silent Key episode link" hpr4518 (2025-11-26) "Cosy News Corner for Week 46 - Your source for Open Source news" by Daniel Persson. Comment 1: Torin Doyle on 2025-11-29: "I like this news feature." Mailing List discussions Policy decisions surrounding HPR are taken by the community as a whole. This discussion takes place on the Mailing List which is open to all HPR listeners and contributors. The discussions are open and available on the HPR server under Mailman. The threaded discussions this month can be found here: https://lists.hackerpublicradio.com/pipermail/hpr/2025-November/thread.html Events Calendar With the kind permission of LWN.net we are linking to The LWN.net Community Calendar. Quoting the site: This is the LWN.net community event calendar, where we track events of interest to people using and developing Linux and free software. Clicking on individual events will take you to the appropriate web page.Provide feedback on this episode.

This video was a quick one, back to my usual mumbling speedy voice.Here's the final annotated calendar:Hopefully it's clear enough to point you in the right direction. Most proper copies of the Little Office will have a section on Rubrics or Instructions which should explain the same information.Here are my source PDFs:* 2025* 2026* 2027I made 2027 so far ahead of time in order to include it in my Planner for next year. You can get a printed copy at Lulu or browse a PDF version on Gitlab. I probably should have spruiked it in the video. Well, if anyone buys a copy I'll know you read through to the end of the article! Or you can leave a cryptic comment somewhere. Get full access to Little Office of the Blessed Virgin Mary at littleoffice.substack.com/subscribe

This show has been flagged as Explicit by the host. New hosts Welcome to our new hosts: Kirbotica, Thibaut, candycanearter. Last Month's Shows Id Day Date Title Host 4478 Wed 2025-10-01 YouTube Subscriptions 2025 #6 Ahuka 4479 Thu 2025-10-02 Who is the Algernon for Whom are the Flowers? Antoine 4480 Fri 2025-10-03 Arthur C. Clarke Becomes Successful Ahuka 4481 Mon 2025-10-06 HPR Community News for September 2025 HPR Volunteers 4482 Tue 2025-10-07 doodoo 4 the double deuce Jezra 4483 Wed 2025-10-08 HPR Beer Garden 3 - Porters Kevie 4484 Thu 2025-10-09 When Your Dentist Uses ChatControl Logic Trollercoaster 4485 Fri 2025-10-10 Git for Github and Gitlab Archer72 4486 Mon 2025-10-13 A code off my mind Lee 4487 Tue 2025-10-14 Is AI autistic? Antoine 4488 Wed 2025-10-15 Cheap Yellow Display Project Part 2: What is the problem? Trey 4489 Thu 2025-10-16 Hacks Poetic - Pilot Episode Kirbotica 4490 Fri 2025-10-17 Playing Civilization V, Part 4 Ahuka 4491 Mon 2025-10-20 Thibaut and Ken Interview David Revoy Thibaut 4492 Tue 2025-10-21 How to do a distribution upgrade of an Ubuntu LTS on a Digital Ocean droplet Rho`n 4493 Wed 2025-10-22 HPR Beer Garden 4 - Weissbier Kevie 4494 Thu 2025-10-23 Exploring FUTO Keyboard Antoine 4495 Fri 2025-10-24 An introduction to Taskwarrior candycanearter 4496 Mon 2025-10-27 Stroopwafel Lee 4497 Tue 2025-10-28 fixing 328eforth Brian-in-Ohio 4498 Wed 2025-10-29 Living the Tux Life Episode 1 Al 4499 Thu 2025-10-30 Greg Farough and Zoë Kooyman of the FSF interview Librephone lead developer Rob Savoye Ken Fallon 4500 Fri 2025-10-31 Arthur C. Clarke: 2001 and Sequels Ahuka Comments this month These are comments which have been made during the past month, either to shows released during the month or to past shows. There are 41 comments in total. Past shows There are 12 comments on 7 previous shows: hpr4238 (2024-10-30) "Snaps are better than flatpaks" by Some Guy On The Internet. Comment 4: BA on 2025-10-05: "Not a fan of any of them." hpr4453 (2025-08-27) "IPv6 for Luddites" by beni. Comment 7: Beni on 2025-10-22: "Link to the mentioned IPv6 talk on EuroBSDcon 2025" hpr4470 (2025-09-19) "HPR is twenty years old today. " by Lee. Comment 3: Steve Barnes on 2025-10-12: "Les petites félicites!" hpr4474 (2025-09-25) "Hacker Poetry - 001" by Major_Ursa. Comment 1: candycanearter07 on 2025-10-01: "love it" hpr4475 (2025-09-26) "The true audio file for walking tune to(wards) a friend" by FredBlack. Comment 1: brian-in-ohio on 2025-10-14: "Why fret about frets?" Comment 2: Folky on 2025-10-15: "Frets?" hpr4476 (2025-09-29) "Does AI cause brain damage?" by Trollercoaster. Comment 3: enistello on 2025-10-01: "Wonderful episode" Comment 4: Trollercoaster on 2025-10-02: "Re: Wondeful episode" hpr4477 (2025-09-30) "doodoo 3 a deuce plus 1" by Jezra. Comment 1: candycanearter07 on 2025-10-02: "cool app but" Comment 2: Archer72 on 2025-10-05: "Re: cool app" Comment 3: candycanearter07 on 2025-10-06: "Re: Re: cool app" Comment 4: أحمد المحمودي on 2025-10-07: "I use todoman" This month's shows There are 29 comments on 12 of this month's shows: hpr4478 (2025-10-01) "YouTube Subscriptions 2025 #6" by Ahuka. Comment 1: Anonymous 27 on 2025-10-02: "Excellent recommendations" hpr4479 (2025-10-02) "Who is the Algernon for Whom are the Flowers?" by Antoine. Comment 1: Trey on 2025-10-02: "Very interesting"Comment 2: Anonymous 27 on 2025-10-06: "Required Futurama reference" hpr4480 (2025-10-03) "Arthur C. Clarke Becomes Successful" by Ahuka. Comment 1: Archer72 on 2025-10-13: "Great show... and may the force be with you"Comment 2: Kevin O'Brien on 2025-10-13: "Thank you" hpr4483 (2025-10-08) "HPR Beer Garden 3 - Porters" by Kevie. Comment 1: Archer72 on 2025-10-16: "History of beer" hpr4484 (2025-10-09) "When Your Dentist Uses ChatControl Logic" by Trollercoaster. Comment 1: Trollercoaster on 2025-10-09: "Voting has been delayed"Comment 2: candycanearter07 on 2025-10-12: "Satire as a tool"Comment 3: Trollercoaster on 2025-10-14: "Re: Satire as a tool"Comment 4: operat0r on 2025-10-16: "Lol"Comment 5: Trollercoaster on 2025-10-20: "Re: Lol" hpr4485 (2025-10-10) "Git for Github and Gitlab" by Archer72. Comment 1: candycanearter07 on 2025-10-21: "useful introduction"Comment 2: Sayaci on 2025-10-21: "The content of the Archer72" hpr4486 (2025-10-13) "A code off my mind" by Lee. Comment 1: Trey on 2025-10-13: "Excellent perspectives " hpr4489 (2025-10-16) "Hacks Poetic - Pilot Episode" by Kirbotica. Comment 1: Ken Fallon on 2025-10-16: "What a waste !"Comment 2: Trey on 2025-10-16: "Thought provoking..."Comment 3: Claudio on 2025-10-16: "A Refreshing HPR Episode!"Comment 4: Alexander on 2025-10-17: "Just threw my iPhone in the ocean..."Comment 5: Kevin O'Brien on 2025-10-17: "I loved the show"Comment 6: Tori on 2025-10-21: "When Nostalgia Meets the Digital Age"Comment 7: brian-in-ohio on 2025-10-22: "Don't burn out" hpr4491 (2025-10-20) "Thibaut and Ken Interview David Revoy" by Thibaut. Comment 1: brian-in-ohio on 2025-10-22: "Great show"Comment 2: Henrik Hemrin on 2025-10-26: "Inspiring" hpr4493 (2025-10-22) "HPR Beer Garden 4 - Weissbier" by Kevie. Comment 1: folky on 2025-10-22: "Hefeweizen is best ;-) "Comment 2: paulj on 2025-10-22: "Great Episode!"Comment 3: Claudio on 2025-10-23: "Great Episode I Can Relate To!"Comment 4: Gan Ainm on 2025-10-26: "Scottish-Bavarian IPW" hpr4495 (2025-10-24) "An introduction to Taskwarrior" by candycanearter. Comment 1: Archer72 on 2025-10-15: "First show: Good explanation" hpr4500 (2025-10-31) "Arthur C. Clarke: 2001 and Sequels" by Ahuka. Comment 1: Archer72 on 2025-10-16: "Deep dive" Mailing List discussions Policy decisions surrounding HPR are taken by the community as a whole. This discussion takes place on the Mailing List which is open to all HPR listeners and contributors. The discussions are open and available on the HPR server under Mailman. The threaded discussions this month can be found here: https://lists.hackerpublicradio.com/pipermail/hpr/2025-October/thread.html Events Calendar With the kind permission of LWN.net we are linking to The LWN.net Community Calendar. Quoting the site: This is the LWN.net community event calendar, where we track events of interest to people using and developing Linux and free software. Clicking on individual events will take you to the appropriate web page.Provide feedback on this episode.

If you're out there being told to slap AI tools onto everything and call it “digital transformation,” this episode is your reality check. I sat down with Darren Murph—yes, the remote‑work oracle behind GitLab's all‑remote strategy—to pull back the curtain on what needs to exist before you ever type “chatbot” or “LLM integration” into your roadmap.We dug into why good documentation isn't optional anymore, why remote‑work lessons are now directly relevant to AI adoption, and how companies who rushed ahead without building infrastructure are setting themselves up for a trust disaster. In short: if your data, your knowledge systems, your culture aren't ready for AI, this technology is not your solution—it's your liability.Related Links:Join the People Managing People community forumSubscribe to the newsletter to get our latest articles and podcastsConnect with Darren on LinkedInCheck out Darren's websiteSupport the show

AI platform selection remains uncertain as frontier models rapidly evolve. Dave Steer, Chief Marketing Officer at Webflow, brings two decades of scaling experience at GitLab, Cloudflare, and other category-defining companies to discuss navigating the current AI landscape. He argues that context-aware platforms built on top of commodity frontier models will determine competitive advantage, with marketing workflow platforms like Webflow positioning to compete against developer-focused tools like GitHub and GitLab.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

AI platform selection remains uncertain as frontier models rapidly evolve. Dave Steer, Chief Marketing Officer at Webflow, brings two decades of scaling experience at GitLab, Cloudflare, and other category-defining companies to discuss navigating the current AI landscape. He argues that context-aware platforms built on top of commodity frontier models will determine competitive advantage, with marketing workflow platforms like Webflow positioning to compete against developer-focused tools like GitHub and GitLab.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Darren Murph, a leading voice on distributed work and former leader at GitLab, Zillow, and Andela returned to the show.We dug into the remote first maturity scale, the four-pillar operating model (knowledge, project, self, performance), and how to build an “org brain.”---- Sponsor Links:

B2B tech marketing requires constant adaptation to survive industry disruption. Dave Steer, Chief Marketing Officer at Webflow, brings two decades of scaling experience from GitLab, Cloudflare, and other category-defining companies. He explains why successful marketers treat their strategies like stock portfolios with both long-term anchors and rapid pivots. Steer outlines how experimentation frameworks help teams adapt quickly when market conditions shift unexpectedly.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

B2B tech marketing requires constant adaptation to survive industry disruption. Dave Steer, Chief Marketing Officer at Webflow, brings two decades of scaling experience from GitLab, Cloudflare, and other category-defining companies. He explains why successful marketers treat their strategies like stock portfolios with both long-term anchors and rapid pivots. Steer outlines how experimentation frameworks help teams adapt quickly when market conditions shift unexpectedly.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: FBI intervenes in Scattered Spider Salesforce leaksite Clop loots Oracle E-Biz deployments Plus so much more data extortion.. At least it's not ransomware … we guess? The US still can't decide who's gonna be in charge of NSA & Cybercom Cambodian scam compounds get sanctioned and $15b in crypto is seized NSO gets sold for pocket-lint-grade money Bugs! Redis CVSS 10, Ivanti, Crowdstrike and… Internet Explorer?! zeroday?! In the wild?!!!? This week's episode is sponsored by Stairwell. Founder Mike Wiacek talks about how Stairwell brings VirusTotal-like visibility to private files, and about integrating the insights that brings into your SOC workflow. This episode is also available on Youtube. Show notes FBI takedown banner appears on BreachForums site as Scattered Spider promotes leak | The Record from Recorded Future News Dozens of Oracle customers impacted by Clop data theft for extortion campaign | CyberScoop Well, Well, Well. It's Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) Clop is a Big Fish, But Not Worth Hunting - Risky Business Media ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security The company Discord blamed for its recent breach says it wasn't hacked Qantas confirms cybercriminals released stolen customer data | The Record from Recorded Future News Red Hat confirms breach of GitLab instance, which stored company's consulting data | CyberScoop Risky Bulletin: Microsoft revamps Edge's "IE Mode" after zero-day attacks - Risky Business Media Teenagers arrested in England over cyberattack on nursery chain Kido | The Record from Recorded Future News Acting US Cyber Command, NSA chief won't be nominated for the job, sources say | The Record from Recorded Future News Layoffs, reassignments further deplete CISA | Cybersecurity Dive Trump's scandalous directive to AG Pam Bondi reached the public by accident Feds sanction Cambodian conglomerate over cyber scams, seize $15 billion from chairman | The Record from Recorded Future News US Congress committee investigating Musk-owned Starlink over Myanmar scam centres | Myanmar | The Guardian Satellites Are Leaking the World's Secrets: Calls, Texts, Military and Corporate Data | WIRED Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia | The Record from Recorded Future News Spyware maker NSO Group confirms acquisition by US investors | TechCrunch Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits | WIRED Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal | CyberScoop SonicWall SSLVPN devices compromised using valid credentials | Cybersecurity Dive Issues Affecting CrowdStrike Falcon Sensor for Windows ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities - SecurityWeek Jaguar Land Rover launches phased restart at factories after cyber-attack | Jaguar Land Rover | The Guardian Windows 10 support ends today — here's who's affected and what you need to do

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The impact of AI in software development in the federal government is so pervasive that, in July of 2025, the President of the United States released a White House AI Action Plan. Today, we sat down with Bob Stevens from GitLab to put this development into perspective, examine some use cases, and suggest methods that federal agencies can use to prepare for this technological shift. What precipitated the initiative is the recognition that change is occurring so rapidly in the world of software development that the federal government must adapt more quickly than in the past, or it will be vulnerable to cyberattacks. Stevens notes that the federal government has been targeting modernization, producing software faster, and being more efficient, for a decade. AI will help them get there, with some possible cost reduction. For example, in the past, a vulnerability may have taken weeks to discover. Utilizing AI allows federal software developers to reduce that discovery to minutes. That ties in with one essential element in the White House initiative: security. In fact, one of the pillars of the Action Plan is titled “Promoting Secure-by-Design AI Technologies and Applications.” Stevens has been involved in federal software development for decades and thinks that a platform approach best serves the essential objectives of this Action Plan. The conversation concludes with the potential for AI to streamline government processes and improve operational efficiency. If you are interested in learning more about the economics of this approach, you can download The Economics of Software Innovations: $750 billion Opportunity at a Crossroads.

This show has been flagged as Clean by the host. Hello, this is your host, Archer72 for Hacker Public Radio In this episode, I get a crash course on git, and thought it would make a good episode. Not actually on git itself, but how to use it on Github and Gitlab. First off, I am looking for a job, so I thought it would be a great time to brush up on my git knowledge and make a show too. Of course, I am no git expert by any means, but as it has been said in comments Hacker Public Radio is my memory. You will want to create and ssh key for each Git instance, in this case I will use both Github and Gitlab. A few other sites to host Git files which are Hacker Public Radio's own Gitea on HPR, Notabug and Codeberg Now lets get started. ssh-keygen will create an ed25519 key pair several years ago this was not yet the default add entry to ~/.ssh/config for each git instance Host github.com User git IdentityFile ~/.ssh/github-ricemark20 Host gitlab.com User git IdentityFile ~/.ssh/gitlab-archer72 SSH Keys ssh-add ~/.ssh/git-key (not .pub) Git • GPG - gpg --full-generate-key - gpg --list-public-keys - 40 character string - git config --global user.signingkey XXXXPublicKey - git config --global commit.gpgsign true - gpg --armor --export XXXXPublicKey - copy output to Github or Gitlab, including Gitlab Avatar > Edit Profile > SSH Keys > Add key (on the right side) Gitlab - SSH keys cat ~/.ssh/gitlab-key.pub Add Key git remote set-url origin git@gitlab.com/user/gitlab-repo.git Edit Profile > GPG Keys > Add key (on the right side) Gitlab - GPG keys copy and add public key from gpg --list-public-keys (40 Characters) Github Avatar > Settings > SSH and GPG Keys > New SSH key Github - keys cat ~/.ssh/github-key.pub Github - New SSH key Title, Key > Add SSH key git remote set-url origin git@github.com:user/github-repo.git Avatar > Settings > SSH and GPG Keys > New GPG key Github - New GPG key Title, Key > Add GPG key copy and add public key from gpg --list-public-keys (40 Characters) Create a new repository named something like resume or my-resume Upload your HTML resume file and name it index.html Go to your repository Settings → Pages Under "Source," select "Deploy from a branch" Choose "main" branch and "/ (root)" folder Your resume will be available at https://yourusername.github.io/resume Github.io - ricemark20 Provide feedback on this episode.

Cybersecurity Today: Red Hat Breach, CLOP Targets Oracle, and CISA Cuts Critical Support In this episode of Cybersecurity Today, host Jim Love covers a recent breach of Red Hat's consulting GitLab server, highlighting concerns over exposed network maps and tokens. The CLOP extortion gang targets Oracle E-Business Suite clients, demanding ransom for sensitive data. Surveys show Canadian businesses are overconfident in their cyber defenses despite frequent attacks. Finally, CISA has ended a crucial cybersecurity support agreement, impacting state and local governments amidst a federal shutdown. Tune in for detailed analysis and urgent action items. 00:00 Red Hat GitLab Server Breach 02:21 CLOP Gang Targets Oracle E-Business Suite 04:29 Canadian Firms' Overconfidence in Cybersecurity 06:31 CISA Ends Critical Support Amid Shutdown 08:38 Conclusion and Upcoming Month in Review

Today we are talking about the New Contribution Records System, how it's changed, and what you may need to do differently with guests Fran Garcia-Linares & Tim Lehnen. We'll also cover Config Notify as our module of the week. This episode is sponsored by Amazee.ai For show notes visit: https://www.talkingDrupal.com/522 Topics Understanding the Contribution Record System Recent Changes and Migration Challenges Assigning and Displaying Contribution Credits Future Enhancements and Broader Contributions Collaborating on Commit Message Format GitLab Migration and Contribution Records Integration Challenges with GitLab Testing and Feedback on New System Future Plans and Community Involvement API Endpoints and Data Querying Gamification and Broader Adoption Resources Millions of data talk Slides (in Spanish) Video not available yet Gitlab issue for feature request for contribution Contribution records module https://www.drupal.org/project/contribution_records New available endpoints: https://new.drupal.org https://git.drupalcode.org/project/contribution_records/-/blob/1.0.x/README.md?ref_type=heads#endpoints-to-query-data Issue to track issue migration https://www.drupal.org/project/drupalorg/issues/3295357 Guests Fran Garcia-Linares - fjgarlin Tim Lehnen - drupal.org/association/staff hestenet Hosts Nic Laflin - nLighteneddevelopment.com nicxvan Martin Anderson-Clutz - mandclu.com mandclu Hayden Baillio - hgbaillio MOTW Correspondent Martin Anderson-Clutz - mandclu.com mandclu Brief description: Have you ever needed to maintain a site where a site owner had access to update site configuration, and wanted to be notified whenever they did so? There's a module for that Module name/project name: Config Notify Brief history How old: created in Feb 2020 by Fran Garcia-Linares (fjgarlin), one of today's guests Versions available: 8.x-1.11, which supports Drupal 8.8 and newer Maintainership Actively maintained Security coverage Number of open issues: 2 open issues, neither of which are bugs Usage stats: 194 sites Module features and usage Just like it sounds, this module lets you trigger notifications when the configuration deviates from the config management code in production. You can choose for the notifications to be sent immediately, or via cron, with an option for a daily digest. The notifications can be sent by email, or via Slack, using the slack module (if enabled). This should be an easy-to-implement solution if you support a site where users may be updating the site configuration in production. A different approach was discussed back in episode #236 Top Down Configuration

Elizabeth Figura is a Wine developer at Code Weavers. We discuss how Wine and Proton make it possible to run Windows applications on other operating systems. Related links WineHQ Proton Crossover Direct3D MoltenVK XAudio2 Mesa 3D Graphics Library Transcript You can help correct transcripts on GitHub. Intro [00:00:00] Jeremy: Today I am talking to Elizabeth Figuera. She's a wine developer at Code Weavers. And today we're gonna talk about what that is and, uh, all the work that goes into it. [00:00:09] Elizabeth: Thank you Jeremy. I'm glad to be here. What's Wine [00:00:13] Jeremy: I think the first thing we should talk about is maybe saying what Wine is because I think a lot of people aren't familiar with the project. [00:00:20] Elizabeth: So wine is a translation layer. in fact, I would say wine is a Windows emulator. That is what the name originally stood for. it re implements the entire windows. Or you say win 32 API. so that programs that make calls into the API, will then transfer that code to wine and and we allow that Windows programs to run on, things that are not windows. So Linux, Mac, os, other operating systems such as Solaris and BSD. it works not by emulating the CPU, but by re-implementing every API, basically from scratch and translating them to their equivalent or writing new code in case there is no, you know, equivalent. System Calls [00:01:06] Jeremy: I believe what you're doing is you're emulating system calls. Could you explain what those are and, and how that relates to the project? [00:01:15] Elizabeth: Yeah. so system call in general can be used, referred to a call into the operating system, to execute some functionality that's built into the operating system. often it's used in the context of talking to the kernel windows applications actually tend to talk at a much higher level, because there's so much, so much high level functionality built into Windows. When you think about, as opposed to other operating systems that we basically, we end up end implementing much higher level behavior than you would on Linux. [00:01:49] Jeremy: And can you give some examples of what some of those system calls would be and, I suppose how they may be higher level than some of the Linux ones. [00:01:57] Elizabeth: Sure. So of course you have like low level calls like interacting with a file system, you know, created file and read and write and such. you also have, uh, high level APIs who interact with a sound driver. [00:02:12] Elizabeth: There's, uh, one I was working on earlier today, called XAudio where you, actually, you know, build this bank of of sounds. It's meant to be, played in a game and then you can position them in various 3D space. And the, and the operating system in a sense will, take care of all of the math that goes into making that work. [00:02:36] Elizabeth: That's all running on your computer and. And then it'll send that audio data to the sound card once it's transformed it. So it sounds like it's coming from a certain space. a lot of other things like, you know, parsing XML is another big one. That there's a lot of things. The, there, the, the, the space is honestly huge [00:02:59] Jeremy: And yeah, I can sort of see how those might be things you might not expect to be done by the operating system. Like you gave the example of 3D audio and XML parsing and I think XML parsing in, in particular, you would've thought that that would be something that would be handled by the, the standard library of whatever language the person was writing their application as. [00:03:22] Jeremy: So that's interesting that it's built into the os. [00:03:25] Elizabeth: Yeah. Well, and languages like, see it's not, it isn't even part of the standard library. It's higher level than that. It's, you have specific libraries that are widespread but not. Codified in a standard, but in Windows you, in Windows, they are part of the operating system. And in fact, there's several different, XML parsers in the operating system. Microsoft likes to deprecate old APIs and make new ones that do the same thing very often. [00:03:53] Jeremy: And something I've heard about Windows is that they're typically very reluctant to break backwards compatibility. So you say they're deprecated, but do they typically keep all of them still in there? [00:04:04] Elizabeth: It all still It all still works. [00:04:07] Jeremy: And that's all things that wine has to implement as well to make sure that the software works as well. [00:04:14] Jeremy: Yeah. [00:04:14] Elizabeth: Yeah. And, and we also, you know, need to make it work. we also need to implement those things to make old, programs work because there is, uh, a lot of demand, at least from, at least from people using wine for making, for getting some really old programs, working from the. Early nineties even. What people run with Wine (Productivity, build systems, servers) [00:04:36] Jeremy: And that's probably a good, thing to talk about in terms of what, what are the types of software that, that people are trying to run with wine, and what operating system are they typically using? [00:04:46] Elizabeth: Oh, in terms of software, literally all kinds, any software you can imagine that runs on Windows, people will try to run it on wine. So we're talking games, office software productivity, software accounting. people will run, build systems on wine, build their, just run, uh, build their programs using, on visual studio, running on wine. people will run wine on servers, for example, like software as a service kind of things where you don't even know that it's running on wine. really super domain specific stuff. Like I've run astronomy, software, and wine. Design, computer assisted design, even hardware drivers can sometimes work unwind. There's a bit of a gray area. How games are different [00:05:29] Jeremy: Yeah, it's um, I think from. Maybe the general public, or at least from what I've seen, I think a lot of people's exposure to it is for playing games. is there something different about games versus all those other types of, productivity software and office software that, that makes supporting those different. [00:05:53] Elizabeth: Um, there's some things about it that are different. Games of course have gotten a lot of publicity lately because there's been a huge push, largely from valve, but also some other companies to get. A lot of huge, wide range of games working well under wine. And that's really panned out in the, in a way, I think, I think we've largely succeeded. [00:06:13] Elizabeth: We've made huge strides in the past several years. 5, 5, 10 years, I think. so when you talk about what makes games different, I think, one thing games tend to do is they have a very limited set of things they're working with and they often want to make things run fast, and so they're working very close to the me They're not, they're not gonna use an XML parser, for example. [00:06:44] Elizabeth: They're just gonna talk directly as, directly to the graphics driver as they can. Right. And, and probably going to do all their own sound design. You know, I did talk about that XAudio library, but a lot of games will just talk directly as, directly to the sound driver as Windows Let some, so this is a often a blessing, honestly, because it means there's less we have to implement to make them work. when you look at a lot of productivity applications, and especially, the other thing that makes some productivity applications harder is, Microsoft makes 'em, and They like to, make a library, for use in this one program like Microsoft Office and then say, well, you know, other programs might use this as well. Let's. Put it in the operating system and expose it and write an API for it and everything. And maybe some other programs use it. mostly it's just office, but it means that office relies on a lot of things from the operating system that we all have to reimplement. [00:07:44] Jeremy: Yeah, that's somewhat counterintuitive because when you think of games, you think of these really high performance things that that seem really complicated. But it sounds like from what you're saying, because they use the lower level primitives, they're actually easier in some ways to support. [00:08:01] Elizabeth: Yeah, certainly in some ways, they, yeah, they'll do things like re-implement the heap allocator because the built-in heap allocator isn't fast enough for them. That's another good example. What makes some applications hard to support (Some are hard, can't debug other people's apps) [00:08:16] Jeremy: You mentioned Microsoft's more modern, uh, office suites. I, I've noticed there's certain applications that, that aren't supported. Like, for example, I think the modern Adobe Creative Suite. What's the difference with software like that and does that also apply to the modern office suite, or is, or is that actually supported? [00:08:39] Elizabeth: Well, in one case you have, things like Microsoft using their own APIs that I mentioned with Adobe. That applies less, I suppose, but I think to some degree, I think to some degree the answer is that some applications are just hard and there's, and, and there's no way around it. And, and we can only spend so much time on a hard application. I. Debugging things. Debugging things can get very hard with wine. Let's, let me like explain that for a minute because, Because normally when you think about debugging an application, you say, oh, I'm gonna open up my debugger, pop it in, uh, break at this point, see what like all the variables are, or they're not what I expect. Or maybe wait for it to crash and then get a back trace and see where it crashed. And why you can't do that with wine, because you don't have the application, you don't have the symbols, you don't have your debugging symbols. You don't know anything about the code you're running unless you take the time to disassemble and decompile and read through it. And that's difficult every time. It's not only difficult, every time I've, I've looked at a program and been like, I really need to just. I'm gonna just try and figure out what the program is doing. [00:10:00] Elizabeth: It takes so much time and it is never worth it. And sometimes you have to, sometimes you have no other choice, but usually you end up, you ask to rely on seeing what calls it makes into the operating system and trying to guess which one of those is going wrong. Now, sometimes you'll get lucky and it'll crash in wine code, or sometimes it'll make a call into, a function that we don't implement yet, and we know, oh, we need to implement that function. But sometimes it does something, more obscure and we have to figure out, well, like all of these millions of calls it made, which one of them is, which one of them are we implementing incorrectly? So it's returning the wrong result or not doing something that it should. And, then you add onto that the. You know, all these sort of harder to debug things like memory errors that we could make. And it's, it can be very difficult and so sometimes some applications just suffer from those hard bugs. and sometimes it's also just a matter of not enough demand for something for us to spend a lot of time on it. [00:11:11] Elizabeth: Right. [00:11:14] Jeremy: Yeah, I can see how that would be really challenging because you're, like you were saying, you don't have the symbols, so you don't have the source code, so you don't know what any of this software you're supporting, how it was actually written. And you were saying that I. A lot of times, you know, there may be some behavior that's wrong or a crash, but it's not because wine crashed or there was an error in wine. [00:11:42] Jeremy: so you just know the system calls it made, but you don't know which of the system calls didn't behave the way that the application expected. [00:11:50] Elizabeth: Exactly. Test suite (Half the code is tests) [00:11:52] Jeremy: I can see how that would be really challenging. and wine runs so many different applications. I'm, I'm kind of curious how do you even track what's working and what's not as you, you change wine because if you support thousands or tens thousands of applications, you know, how do you know when you've got a, a regression or not? [00:12:15] Elizabeth: So, it's a great question. Um, probably over half of wine by like source code volume. I actually actually check what it is, but I think it's, i, I, I think it's probably over half is what we call is tests. And these tests serve two purposes. The one purpose is a regression test. And the other purpose is they're conformance tests that test, that test how, uh, an API behaves on windows and validates that we are behaving the same way. So we write all these tests, we run them on windows and you know, write the tests to check what the windows returns, and then we run 'em on wine and make sure that that matches. and we have just such a huge body of tests to make sure that, you know, we're not breaking anything. And that every, every, all the code that we, that we get into wine that looks like, wow, it's doing that really well. Nope, that's what Windows does. The test says so. So pretty much any code that we, any new code that we get, it has to have tests to validate, to, to demonstrate that it's doing the right thing. [00:13:31] Jeremy: And so rather than testing against a specific application, seeing if it works, you're making a call to a Windows system call, seeing how it responds, and then making the same call within wine and just making sure they match. [00:13:48] Elizabeth: Yes, exactly. And that is obviously, or that is a lot more, automatable, right? Because otherwise you have to manually, you know, there's all, these are all graphical applications. [00:14:02] Elizabeth: You'd have to manually do the things and make sure they work. Um, but if you write automateable tests, you can just run them all and the machine will complain at you if it fails it continuous integration. How compatibility problems appear to users [00:14:13] Jeremy: And because there's all these potential compatibility issues where maybe a certain call doesn't behave the way an application expects. What, what are the types of what that shows when someone's using software? I mean, I, I think you mentioned crashes, but I imagine there could be all sorts of other types of behavior. [00:14:37] Elizabeth: Yes, very much so. basically anything, anything you can imagine again is, is what will happen. You can have, crashes are the easy ones because you know when and where it crashed and you can work backwards from there. but you can also get, it can, it could hang, it could not render, right? Like maybe render a black screen. for, you know, for games you could very frequently have, graphical glitches where maybe some objects won't render right? Or the entire screen will be read. Who knows? in a very bad case, you could even bring down your system and we usually say that's not wine's fault. That's the graphics library's fault. 'cause they're not supposed to do that, uh, no matter what we do. But, you know, sometimes we have to work around that anyway. but yeah, there's, there's been some very strange and idiosyncratic bugs out there too. [00:15:33] Jeremy: Yeah. And like you mentioned that uh, there's so many different things that could have gone wrong that imagine's very difficult to find. Yeah. And when software runs through wine, I think, Performance is comparable to native [00:15:49] Jeremy: A lot of our listeners will probably be familiar with running things in a virtual machine, and they know that there's a big performance impact from doing that. [00:15:57] Jeremy: How does the performance of applications compare to running natively on the original Windows OS versus virtual machines? [00:16:08] Elizabeth: So. In theory. and I, I haven't actually done this recently, so I can't speak too much to that, but in theory, the idea is it's a lot faster. so there, there, is a bit of a joke acronym to wine. wine is not an emulator, even though I started out by saying wine is an emulator, and it was originally called a Windows emulator. but what this basically means is wine is not a CPU emulator. It doesn't, when you think about emulators in a general sense, they're often, they're often emulators for specific CPUs, often older ones like, you know, the Commodore emulator or an Amiga emulator. but in this case, you have software that's written for an x86 CPU. And it's running on an x86 CPU by giving it the same instructions that it's giving on windows. It's just that when it says, now call this Windows function, it calls us instead. So that all should perform exactly the same. The only performance difference at that point is that all should perform exactly the same as opposed to a, virtual machine where you have to interpret the instructions and maybe translate them to a different instruction set. The only performance difference is going to be, in the functions that we are implementing themselves and we try to, we try to implement them to perform. As well, or almost as well as windows. There's always going to be a bit of a theoretical gap because we have to translate from say, one API to another, but we try to make that as little as possible. And in some cases, the operating system we're running on is, is just better than Windows and the libraries we're using are better than Windows. [00:18:01] Elizabeth: And so our games will run faster, for example. sometimes we can, sometimes we can, do a better job than Windows at implementing something that's, that's under our purview. there there are some games that do actually run a little bit faster in wine than they do on Windows. [00:18:22] Jeremy: Yeah, that, that reminds me of how there's these uh, gaming handhelds out now, and some of the same ones, they have a, they either let you install Linux or install windows, or they just come with a pre-installed, and I believe what I've read is that oftentimes running the same game on both operating systems, running the same game on Linux, the battery life is better and sometimes even the performance is better with these handhelds. [00:18:53] Jeremy: So it's, it's really interesting that that can even be the case. [00:18:57] Elizabeth: Yeah, it's really a testament to the huge amount of work that's gone into that, both on the wine side and on the, side of the graphics team and the colonel team. And, and of course, you know, the years of, the years of, work that's gone into Linux, even before these gaming handhelds were, were even under consideration. Proton and Valve Software's role [00:19:21] Jeremy: And something. So for people who are familiar with the handhelds, like the steam deck, they may have heard of proton. Uh, I wonder if you can explain what proton is and how it relates to wine. [00:19:37] Elizabeth: Yeah. So, proton is basically, how do I describe this? So, proton is a sort of a fork, uh, although we try to avoid the term fork. It's a, we say it's a downstream distribution because we contribute back up to wine. so it is a, it is, it is a alternate distribution fork of wine. And it's also some code that basically glues wine into, an embedding application originally intended for steam, and developed for valve. it has also been used in, others, but it has also been used in other software. it, so where proton differs from wine besides the glue part is it has some, it has some extra hacks in it for bugs that are hard to fix and easy to hack around as some quick hacks for, making games work now that are like in the process of going upstream to wine and getting their code quality improved and going through review. [00:20:54] Elizabeth: But we want the game to work now, when we distribute it. So that'll, that'll go into proton immediately. And then once we have, once the patch makes it upstream, we replace it with the version of the patch from upstream. there's other things to make it interact nicely with steam and so on. And yeah, I think, yeah, I think that's, I got it. [00:21:19] Jeremy: Yeah. And I think for people who aren't familiar, steam is like this, um, I, I don't even know what you call it, like a gaming store and a [00:21:29] Elizabeth: store game distribution service. it's got a huge variety of games on it, and you just publish. And, and it's a great way for publishers to interact with their, you know, with a wider gaming community, uh, after it, just after paying a cut to valve of their profits, they can reach a lot of people that way. And because all these games are on team and, valve wants them to work well on, on their handheld, they contracted us to basically take their entire catalog, which is huge, enormous. And trying and just step by step. Fix every game and make them all work. [00:22:10] Jeremy: So, um, and I guess for people who aren't familiar Valve, uh, softwares the company that runs steam, and so it sounds like they've asked, uh, your company to, to help improve the compatibility of their catalog. [00:22:24] Elizabeth: Yes. valve contracted us and, and again, when you're talking about wine using lower level libraries, they've also contracted a lot of other people outside of wine. Basically, the entire stack has had a tremendous, tremendous investment by valve software to make gaming on Linux work. Well. The entire stack receives changes to improve Wine compatibility [00:22:48] Jeremy: And when you refer to the entire stack, like what are some, some of those pieces, at least at a high level. [00:22:54] Elizabeth: I, I would, let's see, let me think. There is the wine project, the. Mesa Graphics Libraries. that's a, that's another, you know, uh, open source, software project that existed, has existed for a long time. But Valve has put a lot of, uh, funding and effort into it, the Linux kernel in various different ways. [00:23:17] Elizabeth: the, the desktop, uh, environment and Window Manager for, um, are also things they've invested in. [00:23:26] Jeremy: yeah. Everything that the game needs, on any level and, and that the, and that the operating system of the handheld device needs. Wine's history [00:23:37] Jeremy: And wine's been going on for quite a while. I think it's over a decade, right? [00:23:44] Elizabeth: I believe. Oh, more than, oh, far more than a decade. I believe it started in 1990, I wanna say about 1995, mid nineties. I'm, I probably have that date wrong. I believe Wine started about the mid nineties. [00:24:00] Jeremy: Mm. [00:24:00] Elizabeth: it's going on for three decades at this rate. [00:24:03] Jeremy: Wow. Okay. [00:24:06] Jeremy: And so all this time, how has the, the project sort of sustained itself? Like who's been involved and how has it been able to keep going this long? [00:24:18] Elizabeth: Uh, I think as is the case with a lot of free software, it just, it just keeps trudging along. There's been. There's been times where there's a lot of interest in wine. There's been times where there's less, and we are fortunate to be in a time where there's a lot of interest in it. we've had the same maintainer for almost this entire, almost this entire existence. Uh, Alexander Julliard, there was one person starting who started, maintained it before him and, uh, left it maintainer ship to him after a year or two. Uh, Bob Amstat. And there has been a few, there's been a few developers who have been around for a very long time. a lot of developers who have been around for a decent amount of time, but not for the entire duration. And then a very, very large number of people who come and submit a one-off fix for their individual application that they want to make work. [00:25:19] Jeremy: How does crossover relate to the wine project? Like, it sounds like you had mentioned Valve software hired you for subcontract work, but crossover itself has been around for quite a while. So how, how has that been connected to the wine project? [00:25:37] Elizabeth: So I work for, so the, so the company I work for is Code Weavers and, crossover is our flagship software. so Code Weavers is a couple different things. We have a sort of a porting service where companies will come to us and say, can we port my application usually to Mac? And then we also have a retail service where Where we basically have our own, similar to Proton, but you know, older, but the same idea where we will add some hacks into it for very difficult to solve bugs and we have a, a nice graphical interface. And then, the other thing that we're selling with crossover is support. So if you, you know, try to run a certain application and you buy crossover, you can submit a ticket saying this doesn't work and we now have a financial incentive to fix it. You know, we'll try to, we'll try to fix your, we'll spend company resources to fix your bug, right? So that's been so, so code we v has been around since 1996 and crossover, I don't know the date, but it's crossover has been around for probably about two decades, if I'm not mistaken. [00:27:01] Jeremy: And when you mention helping companies port their software to, for example, MacOS. [00:27:07] Jeremy: Is the approach that you would port it natively to MacOS APIs or is it that you would help them get it running using wine on MacOS? [00:27:21] Elizabeth: Right. That's, so that's basically what makes us so unique among porting companies is that instead of rewriting their software, we just, we just basically stick it inside of crossover and, uh, and, and make it run. [00:27:36] Elizabeth: And the idea has always been, you know, the more we implement, the more we get correct, the, the more applications will, you know, work. And sometimes it works out that way. Sometimes not really so much. And there's always work we have to do to get any given application to work, but. Yeah, so it's, it's very unusual because we don't ask companies for any of their code. We don't need it. We just fix the windows API [00:28:07] Jeremy: And, and so in that case, the ports would be let's say someone sells a MacOS version of their software. They would bundle crossover, uh, with their software. [00:28:18] Elizabeth: Right? And usually when you do this, it doesn't look like there's crossover there. Like it just looks like this software is native, but there is soft, there is crossover under the hood. Loading executables and linked libraries [00:28:32] Jeremy: And so earlier we were talking about how you're basically intercepting the system calls that these binaries are making, whether that's the executable or the, the DLLs from Windows. Um, but I think probably a lot of our listeners are not really sure how that's done. Like they, they may have built software, but they don't know, how do I basically hijack, the system calls that this application is making. [00:29:01] Jeremy: So maybe you could talk a little bit about how that works. [00:29:04] Elizabeth: So there, so there's a couple steps to go into it. when you think about a program that's say, that's a big, a big file that's got all the machine code in it, and then it's got stuff at the beginning saying, here's how the program works and here's where in the file the processor should start running. that's, that's your EXE file. And then in your DLL files are libraries that contain shared code and you have like a similar sort of file. It says, here's the entry point. That runs this function, this, you know, this pars XML function or whatever have you. [00:29:42] Elizabeth: And here's this entry point that has the generate XML function and so on and so forth. And, and, then the operating system will basically take the EXE file and see all the bits in it. Say I want to call the pars XML function. It'll load that DLL and hook it up. So it, so the processor ends up just seeing jump directly to this pars XML function and then run that and then return and so on. [00:30:14] Elizabeth: And so what wine does, is it part of wine? That's part of wine is a library, is that, you know, the implementing that parse XML and read XML function, but part of it is the loader, which is the part of the operating system that hooks everything together. And when we load, we. Redirect to our libraries. We don't have Windows libraries. [00:30:38] Elizabeth: We like, we redirect to ours and then we run our code. And then when you jump back to the program and yeah. [00:30:48] Jeremy: So it's the, the loader that's a part of wine. That's actually, I'm not sure if running the executable is the right term. [00:30:58] Elizabeth: no, I think that's, I think that's a good term. It's, it's, it's, it starts in a loader and then we say, okay, now run the, run the machine code and it's executable and then it runs and it jumps between our libraries and back and so on. [00:31:14] Jeremy: And like you were saying before, often times when it's trying to make a system call, it ends up being handled by a function that you've written in wine. And then that in turn will call the, the Linux system calls or the MacOS system calls to try and accomplish the, the same result. [00:31:36] Elizabeth: Right, exactly. [00:31:40] Jeremy: And something that I think maybe not everyone is familiar with is there's this concept of user space versus kernel space. you explain what the difference is? [00:31:51] Elizabeth: So the way I would explain, the way I would describe a kernel is it's the part of the operating system that can do anything, right? So any program, any code that runs on your computer is talking to the processor, and the processor has to be able to do anything the computer can do. [00:32:10] Elizabeth: It has to be able to talk to the hardware, it has to set up the memory space. That, so actually a very complicated task has to be able to switch to another task. and, and, and, and basically talk to another program and. You have to have something there that can do everything, but you don't want any program to be able to do everything. Um, not since the, not since the nineties. It's about when we realized that we can't do that. so the kernel is a part that can do everything. And when you need to do something that requires those, those permissions that you can't give everyone, you have to talk to the colonel and ask it, Hey, can you do this for me please? And in a very restricted way where it's only the safe things you can do. And a degree, it's also like a library, right? It's the kernel. The kernels have always existed, and since they've always just been the core standard library of the computer that does the, that does the things like read and write files, which are very, very complicated tasks under the hood, but look very simple because all you say is write this file. And talk to the hardware and abstract away all the difference between different drivers. So the kernel is doing all of these things. So because the kernel is a part that can do everything and because when you think about the kernel, it is basically one program that is always running on your computer, but it's only one program. So when a user calls the kernel, you are switching from one program to another and you're doing a lot of complicated things as part of this. You're switching to the higher privilege level where you can do anything and you're switching the state from one program to another. And so it's a it. So this is what we mean when we talk about user space, where you're running like a normal program and kernel space where you've suddenly switched into the kernel. [00:34:19] Elizabeth: Now you're executing with increased privileges in a different. idea of the process space and increased responsibility and so on. [00:34:30] Jeremy: And, and so do most applications. When you were talking about the system calls for handling 3D audio or parsing XML. Are those considered, are those system calls considered part of user space and then those things call the kernel space on your behalf, or how, how would you describe that? [00:34:50] Elizabeth: So most, so when you look at Windows, most of most of the Windows library, the vast, vast majority of it is all user space. most of these libraries that we implement never leave user space. They never need to call into the kernel. there's the, there only the core low level stuff. Things like, we need to read a file, that's a kernel call. when you need to sleep and wait for some seconds, that's a kernel. Need to talk to a different process. Things that interact with different processes in general. not just allocate memory, but allocate a page of memory, like a, from the memory manager and then that gets sub allocated by the heap allocator. so things like that. [00:35:31] Jeremy: Yeah, so if I was writing an application and I needed to open a file, for example, does, does that mean that I would have to communicate with the kernel to, to read that file? [00:35:43] Elizabeth: Right, exactly. [00:35:46] Jeremy: And so most applications, it sounds like it's gonna be a mixture. You're gonna have a lot of things that call user space calls. And then a few, you mentioned more low level ones that are gonna require you to communicate with the kernel. [00:36:00] Elizabeth: Yeah, basically. And it's worth noting that in, in all operating systems, you're, you're almost always gonna be calling a user space library. That might just be a thin wrapper over the kernel call. It might, it's gonna do like just a little bit of work in end call the kernel. [00:36:19] Jeremy: [00:36:19] Elizabeth: In fact, in Windows, that's the only way to do it. Uh, in many other operating systems, you can actually say, you can actually tell the processor to make the kernel call. There is a special instruction that does this and just, and it'll go directly to the kernel, and there's a defined interface for this. But in Windows, that interface is not defined. It's not stable. Or backwards compatible like the rest of Windows is. So even if you wanted to use it, you couldn't. and you basically have to call into the high level libraries or low level libraries, as it were, that, that tell you that create a file. And those don't do a lot. [00:37:00] Elizabeth: They just kind of tweak their parameters a little and then pass them right down to the kernel. [00:37:07] Jeremy: And so wine, it sounds like it needs to implement both the user space calls of windows, but then also the, the kernel, calls as well. But, but wine itself does that, is that only in Linux user space or MacOS user space? [00:37:27] Elizabeth: Yes. This is a very tricky thing. but all of wine, basically all of what is wine runs in, in user space and we use. Kernel calls that are already there to talk to the colonel, to talk to the host Colonel. You have to, and you, you get, you get, you get the sort of second nature of thinking about the Windows, user space and kernel. [00:37:50] Elizabeth: And then there's a host user space and Kernel and wine is running all in user, in the user, in the host user space, but it's emulating the Windows kernel. In fact, one of the weirdest, trickiest parts is I mentioned that you can run some drivers in wine. And those drivers actually, they actually are, they think they're running in the Windows kernel. which in a sense works the same way. It has libraries that it can load, and those drivers are basically libraries and they're making, kernel calls and they're, they're making calls into the kernel library that does some very, very low level tasks that. You're normally only supposed to be able to do in a kernel. And, you know, because the kernel requires some privileges, we kind of pretend we have them. And in many cases, you're even the drivers are using abstractions. We can just implement those abstractions kind of over the slightly higher level abstractions that exist in user space. [00:39:00] Jeremy: Yeah, I hadn't even considered the being able to use hardware devices, but I, I suppose if in, in the end, if you're reproducing the kernel, then whether you're running software or you're talking to a hardware device, as long as you implement the calls correctly, then I, I suppose it works. [00:39:18] Elizabeth: Cause you're, you're talking about device, like maybe it's some kind of USB device that has drivers for Windows, but it doesn't for, for Linux. [00:39:28] Elizabeth: no, that's exactly, that's a, that's kind of the, the example I've used. Uh, I think there is, I think I. My, one of my best success stories was, uh, drivers for a graphing calculator. [00:39:41] Jeremy: Oh, wow. [00:39:42] Elizabeth: That connected via USB and I basically just plugged the windows drivers into wine and, and ran it. And I had to implement a lot of things, but it worked. But for example, something like a graphics driver is not something you could implement in wine because you need the graphics driver on the host. We can't talk to the graphics driver while the host is already doing so. [00:40:05] Jeremy: I see. Yeah. And in that case it probably doesn't make sense to do so [00:40:11] Elizabeth: Right? [00:40:12] Elizabeth: Right. It doesn't because, the transition from user into kernel is complicated. You need the graphics driver to be in the kernel and the real kernel. Having it in wine would be a bad idea. Yeah. [00:40:25] Jeremy: I, I think there's, there's enough APIs you have to try and reproduce that. I, I think, uh, doing, doing something where, [00:40:32] Elizabeth: very difficult [00:40:33] Jeremy: right. Poor system call documentation and private APIs [00:40:35] Jeremy: There's so many different, calls both in user space and in kernel space. I imagine the, the user space ones Microsoft must document to some extent, but, oh. Is that, is that a [00:40:51] Elizabeth: well, sometimes, [00:40:54] Jeremy: Sometimes. Okay. [00:40:55] Elizabeth: I think it's actually better now than it used to be. But some, here's where things get fun, because sometimes there will be, you know, regular documented calls. Sometimes those calls are documented, but the documentation isn't very good. Sometimes programs will just sort of look inside Microsoft's DLLs and use calls that they aren't supposed to be using. Sometimes they use calls that they are supposed to be using, but the documentation has disappeared. just because it's that old of an API and Microsoft hasn't kept it around. sometimes some, sometimes Microsoft, Microsoft own software uses, APIs that were never documented because they never wanted anyone else using them, but they still ship them with the operating system. there was actually a kind of a lawsuit about this because it is an antitrust lawsuit, because by shipping things that only they could use, they were kind of creating a trust. and that got some things documented. At least in theory, they kind of haven't stopped doing it, though. [00:42:08] Jeremy: Oh, so even today they're, they're, I guess they would call those private, private APIs, I suppose. [00:42:14] Elizabeth: I suppose. Uh, yeah, you could say private APIs. but if we want to get, you know, newer versions of Microsoft Office running, we still have to figure out what they're doing and implement them. [00:42:25] Jeremy: And given that they're either, like you were saying, the documentation is kind of all over the place. If you don't know how it's supposed to behave, how do you even approach implementing them? [00:42:38] Elizabeth: and that's what the conformance tests are for. And I, yeah, I mentioned earlier we have this huge body of conformance tests that double is regression tests. if we see an API, we don't know what to do with or an API, we do know, we, we think we know what to do with because the documentation can just be wrong and often has been. Then we write tests to figure out what it's supposed to behave. We kind of guess until we, and, and we write tests and we pass some things in and see what comes out and see what. The see what the operating system does until we figure out, oh, so this is what it's supposed to do and these are the exact parameters in, and, and then we, and, and then we implement it according to those tests. [00:43:24] Jeremy: Is there any distinction in approach for when you're trying to implement something that's at the user level versus the kernel level? [00:43:33] Elizabeth: No, not really. And like I, and like I mentioned earlier, like, well, I mean, a kernel call is just like a library call. It's just done in a slightly different way, but it's still got, you know, parameters in, it's still got a set of parameters. They're just encoded differently. And, and again, like the, the way kernel calls are done is on a level just above the kernel where you have a library, that just passes things through. Almost verbatim to the kernel and we implement that library instead. [00:44:10] Jeremy: And, and you've been working on i, I think, wine for over, over six years now. [00:44:18] Elizabeth: That sounds about right. Debugging and having broad knowledge of Wine [00:44:20] Jeremy: What does, uh, your, your day to day look like? What parts of the project do you, do you work on? [00:44:27] Elizabeth: It really varies from day to day. and I, I, a lot of people, a lot of, some people will work on the same parts of wine for years. Uh, some people will switch around and work on all sorts of different things. [00:44:42] Elizabeth: And I'm, I definitely belong to that second group. Like if you name an area of wine, I have almost certainly contributed a patch or two to it. there's some areas I work on more than others, like, 3D graphics, multimedia, a, I had, I worked on a compiler that exists, uh, socket. So networking communication is another thing I work a lot on. day to day, I kind of just get, I, I I kind of just get a bug for some program or another. and I take it and I debug it and figure out why the program's broken and then I fix it. And there's so much variety in that. because a bug can take so many different forms like I described, and, and, and the, and then the fix can be simple or complicated or, and it can be in really anywhere to a degree. [00:45:40] Elizabeth: being able to work on any part of wine is sometimes almost a necessity because if a program is just broken, you don't know why. It could be anything. It could be any sort of API. And sometimes you can hand the API to somebody who's got a lot of experience in that, but sometimes you just do whatever. You just fix whatever's broken and you get an experience that way. [00:46:06] Jeremy: Yeah, I mean, I was gonna ask about the specialized skills to, to work on wine, but it sounds like maybe in your case it's all of them. [00:46:15] Elizabeth: It's, there's a bit of that. it's a wine. We, the skills to work on wine are very, it's a very unique set of skills because, and it largely comes down to debugging because you can't use the tools you normally use debug. [00:46:30] Elizabeth: You have to, you have to be creative and think about it different ways. Sometimes you have to be very creative. and programs will try their hardest to avoid being debugged because they don't want anyone breaking their copy protection, for example, or or hacking, or, you know, hacking in sheets. They want to be, they want, they don't want anyone hacking them like that. [00:46:54] Elizabeth: And we have to do it anyway for good and legitimate purposes. We would argue to make them work better on more operating systems. And so we have to fight that every step of the way. [00:47:07] Jeremy: Yeah, it seems like it's a combination of. F being able, like you, you were saying, being able to, to debug. and you're debugging not necessarily your own code, but you're debugging this like behavior of, [00:47:25] Jeremy: And then based on that behavior, you have to figure out, okay, where in all these different systems within wine could this part be not working? [00:47:35] Jeremy: And I, I suppose you probably build up some kind of, mental map in your head of when you get a, a type of bug or a type of crash, you oh, maybe it's this, maybe it's here, or something [00:47:47] Elizabeth: Yeah. That, yeah, there is a lot of that. there's, you notice some patterns, you know, after experience helps, but because any bug could be new, sometimes experience doesn't help and you just, you just kind of have to start from scratch. Finding a bug related to XAudio [00:48:08] Jeremy: At sort of a high level, can you give an example of where you got a specific bug report and then where you had to look to eventually find which parts of the the system were the issue? [00:48:21] Elizabeth: one, one I think good example, that I've done recently. so I mentioned this, this XAudio library that does 3D audio. And if you say you come across a bug, I'm gonna be a little bit generics here and say you come across a bug where some audio isn't playing right, maybe there's, silence where there should be the audio. So you kind of, you look in and see, well, where's that getting lost? So you can basically look in the input calls and say, here's the buffer it's submitting that's got all the audio data in it. And you look at the output, you look at where you think the output should be, like, that library will internally call a different library, which programs can interact with directly. [00:49:03] Elizabeth: And this our high level library interacts with that is the, give this sound to the audio driver, right? So you've got XAudio on top of, um. mdev, API, which is the other library that gives audio to the driver. And you see, well, the ba the buffer is that XAudio is passing into MM Dev, dev API. They're empty, there's nothing in them. So you have to kind of work through the XAudio library to see where is, where's that sound getting lost? Or maybe, or maybe that's not getting lost. Maybe it's coming through all garbled. And I've had to look at the buffer and see why is it garbled. I'll open up it up in Audacity and look at the weight shape of the wave and say, huh, that shape of the wave looks like it's, it looks like we're putting silence every 10 nanoseconds or something, or, or reversing something or interpreting it wrong. things like that. Um, there's a lot of, you'll do a lot of, putting in print fs basically all throughout wine to see where does the state change. Where was, where is it? Where is it? Right? And then where do things start going wrong? [00:50:14] Jeremy: Yeah. And in the audio example, because they're making a call to your XAudio implementation, you can see that Okay, the, the buffer, the audio that's coming in. That part is good. It, it's just that later on when it sends it to what's gonna actually have it be played by the, the hardware, that's when missing. So, [00:50:37] Elizabeth: We did something wrong in a library that destroyed the buffer. And I think on a very, high level a lot of debugging, wine is about finding where things are good and finding where things are bad, and then narrowing that down until we find the one spot where things go wrong. There's a lot of processes that go like that. [00:50:57] Jeremy: like you were saying, the more you see these problems, hopefully the, the easier it gets to, to narrow down where, [00:51:04] Elizabeth: Often. Yeah. Especially if you keep debugging things in the same area. How much code is OS specific?c [00:51:09] Jeremy: And wine supports more than one operating system. I, I saw there was Linux, MacOS I think free BSD. How much of the code is operating system specific versus how much can just be shared across all of them? [00:51:27] Elizabeth: Not that much is operating system specific actually. so when you think about the volume of wine, the, the, the, vast majority of it is the high level code that doesn't need to interact with the operating system on a low level. Right? Because Windows keeps putting, because Microsoft keeps putting lots and lots of different libraries in their operating system. And a lot of these are high level libraries. and even when we do interact with the operating system, we're, we're using cross-platform libraries or we're using, we're using ics. The, uh, so all these operating systems that we are implementing are con, basically conformed to the posix standard. which is basically like Unix, they're all Unix based. Psic is a Unix based standard. Microsoft is, you know, the big exception that never did implement that. And, and so we have to translate its APIs to Unix, APIs. now that said, there is a lot of very operating system, specific code. Apple makes things difficult by try, by diverging almost wherever they can. And so we have a lot of Apple specific code in there. [00:52:46] Jeremy: another example I can think of is, I believe MacOS doesn't support, Vulkan [00:52:53] Elizabeth: yes. Yeah.Yeah, That's a, yeah, that's a great example of Mac not wanting to use, uh, generic libraries that work on every other operating system. and in some cases we, we look at it and are like, alright, we'll implement a wrapper for that too, on top of Yuri, on top of your, uh, operating system. We've done it for Windows, we can do it for Vulkan. and that's, and then you get the Molten VK project. Uh, and to be clear, we didn't invent molten vk. It was around before us. We have contributed a lot to it. Direct3d, Vulkan, and MoltenVK [00:53:28] Jeremy: Yeah, I think maybe just at a high level might be good to explain the relationship between Direct 3D or Direct X and Vulcan and um, yeah. Yeah. Maybe if you could go into that. [00:53:42] Elizabeth: so Direct 3D is Microsoft's 3D API. the 3D APIs, you know, are, are basically a way to, they're way to firstly abstract out the differences between different graphics, graphics cards, which, you know, look very different on a hardware level. [00:54:03] Elizabeth: Especially. They, they used to look very different and they still do look very different. and secondly, a way to deal with them at a high level because actually talking to the graphics card on a low level is very, very complicated. Even talking to it on a high level is complicated, but it gets, it can get a lot worse if you've ever been a, if you've ever done any graphics, driver development. so you have a, a number of different APIs that achieve these two goals of, of, abstraction and, and of, of, of building a common abstraction and of building a, a high level abstraction. so OpenGL is the broadly the free, the free operating system world, the non Microsoft's world's choice, back in the day. [00:54:53] Elizabeth: And then direct 3D was Microsoft's API and they've and Direct 3D. And both of these have evolved over time and come up with new versions and such. And when any, API exists for too long. It gains a lot of croft and needs to be replaced. And eventually, eventually the people who developed OpenGL decided we need to start over, get rid of the Croft to make it cleaner and make it lower level. [00:55:28] Elizabeth: Because to get in a maximum performance games really want low level access. And so they made Vulcan, Microsoft kind of did the same thing, but they still call it Direct 3D. they just, it's, it's their, the newest version of Direct 3D is lower level. It's called Direct 3D 12. and, and, Mac looked at this and they decided we're gonna do the same thing too, but we're not gonna use Vulcan. [00:55:52] Elizabeth: We're gonna define our own. And they call it metal. And so when we want to translate D 3D 12 into something that another operating system understands. That's probably Vulcan. And, and on Mac, we need to translate it to metal somehow. And we decided instead of having a separate layer from D three 12 to metal, we're just gonna translate it to Vulcan and then translate the Vulcan to metal. And it also lets things written for Vulcan on Windows, which is also a thing that exists that lets them work on metal. [00:56:30] Jeremy: And having to do that translation, does that have a performance impact or is that not really felt? [00:56:38] Elizabeth: yes. It's kind of like, it's kind of like anything, when you talk about performance, like I mentioned this earlier, there's always gonna be overhead from translating from one API to another. But we try to, what we, we put in heroic efforts to. And try, try to make sure that doesn't matter, to, to make sure that stuff that needs to be fast is really as fast as it can possibly be. [00:57:06] Elizabeth: And some very clever things have been done along those lines. and, sometimes the, you know, the graphics drivers underneath are so good that it actually does run better, even despite the translation overhead. And then sometimes to make it run fast, we need to say, well, we're gonna implement a new API that behaves more like windows, so we can do less work translating it. And that's, and sometimes that goes into the graphics library and sometimes that goes into other places. Targeting Wine instead of porting applications [00:57:43] Jeremy: Yeah. Something I've found a little bit interesting about the last few years is [00:57:49] Jeremy: Developers in the past, they would generally target Windows and you might be lucky to get a Mac port or a Linux port. And I wonder, like, in your opinion now, now that a lot of developers are just targeting Windows and relying on wine or, or proton to, to run their software, is there any, I suppose, downside to doing that? [00:58:17] Jeremy: Or is it all just upside, like everyone should target Windows as this common platform? [00:58:23] Elizabeth: Yeah. It's an interesting question. I, there's some people who seem to think it's a bad thing that, that we're not getting native ports in the same sense, and then there's some people who. Who See, no, that's a perfectly valid way to do ports just right for this defacto common API it was never intended as a cross platform common API, but we've made it one. [00:58:47] Elizabeth: Right? And so why is that any worse than if it runs on a different API on on Linux or Mac and I? Yeah, I, I, I guess I tend to, I, that that argument tends to make sense to me. I don't, I don't really see, I don't personally see a lot of reason for, to, to, to say that one library is more pure than another. [00:59:12] Elizabeth: Right now, I do think Windows APIs are generally pretty bad. I, I'm, this might be, you know, just some sort of, this might just be an effect of having to work with them for a very long time and see all their flaws and have to deal with the nonsense that they do. But I think that a lot of the. Native Linux APIs are better. But if you like your Windows API better. And if you want to target Windows and that's the only way to do it, then sure why not? What's wrong with that? [00:59:51] Jeremy: Yeah, and I think the, doing it this way, targeting Windows, I mean if you look in the past, even though you had some software that would be ported to other operating systems without this compatibility layer, without people just targeting Windows, all this software that people can now run on these portable gaming handhelds or on Linux, Most of that software was never gonna be ported. So yeah, absolutely. And [01:00:21] Elizabeth: that's [01:00:22] Jeremy: having that as an option. Yeah. [01:00:24] Elizabeth: That's kind of why wine existed, because people wanted to run their software. You know, that was never gonna be ported. They just wanted, and then the community just spent a lot of effort in, you know, making all these individual programs run. Yeah. [01:00:39] Jeremy: I think it's pretty, pretty amazing too that, that now that's become this official way, I suppose, of distributing your software where you say like, Hey, I made a Windows version, but you're on your Linux machine. it's officially supported because, we have this much belief in this compatibility layer. [01:01:02] Elizabeth: it's kind of incredible to see wine having got this far. I mean, I started working on a, you know, six, seven years ago, and even then, I could never have imagined it would be like this. [01:01:16] Elizabeth: So as we, we wrap up, for the developers that are listening or, or people who are just users of wine, um, is there anything you think they should know about the project that we haven't talked about? [01:01:31] Elizabeth: I don't think there's anything I can think of. [01:01:34] Jeremy: And if people wanna learn, uh, more about the wine project or, or see what you're up to, where, where should they, where should they head? Getting support and contributing [01:01:45] Elizabeth: We don't really have any things like news, unfortunately. Um, read the release notes, uh, follow some, there's some, there's some people who, from Code Weavers who do blogs. So if you, so if you go to codeweavers.com/blog, there's some, there's, there's some codeweavers stuff, uh, some marketing stuff. But there's also some developers who will talk about bugs that they are solving and. And how it's easy and, and the experience of working on wine. [01:02:18] Jeremy: And I suppose if, if someone's. Interested in like, like let's say they have a piece of software, it's not working through wine. what's the best place for them to, to either get help or maybe even get involved with, with trying to fix it? [01:02:37] Elizabeth: yeah. Uh, so you can file a bug on, winehq.org,or, or, you know, find, there's a lot of developer resources there and you can get involved with contributing to the software. And, uh, there, there's links to our mailing list and IRC channels and, uh, and, and the GitLab, where all places you can find developers. [01:03:02] Elizabeth: We love to help you. Debug things. We love to help you fix things. We try our very best to be a welcoming community and we have got a long, we've got a lot of experience working with people who want to get their application working. So, we would love to, we'd love to have another. [01:03:24] Jeremy: Very cool. Yeah, I think wine is a really interesting project because I think for, I guess it would've been for decades, it seemed like very niche, like not many people [01:03:37] Jeremy: were aware of it. And now I think maybe in particular because of the, the Linux gaming handhelds, like the steam deck,wine is now something that a bunch of people who would've never heard about it before, and now they're aware of it. [01:03:53] Elizabeth: Absolutely. I've watched that transformation happen in real time and it's been surreal. [01:04:00] Jeremy: Very cool. Well, Elizabeth, thank you so much for, for joining me today. [01:04:05] Elizabeth: Thank you, Jeremy. I've been glad to be here.

El trabajo remoto dejó de ser una tendencia para convertirse en realidad permanente. Pero aquí está el problema: el 73% de líderes admite que gestionar equipos remotos es su mayor desafío profesional actual. ¿Por qué? Porque intentan aplicar técnicas presenciales a distancia, y eso no funciona.Microsoft multiplicó por 2.4 su productividad en equipos remotos. GitLab gestiona 1,300 empleados en 65 países sin una sola oficina. Automattic factura $500 millones anuales con equipos 100% distribuidos. ¿Coincidencia? No. Estas empresas dominan las reglas reales de la gestión remota.En este episodio descubrirás las 4 dimensiones críticas que transforman cualquier líder presencial en un gestor remoto extraordinario: Comunicación Estructurada que elimina el 80% de malentendidos, Confianza Basada en Resultados que libera el potencial individual, Cultura Digital que mantiene equipos unidos a distancia, y Liderazgo Asíncrono que respeta tiempo y productividad personal.Déjanos ⭐️⭐️⭐️⭐️⭐️ para ayudarnos a llegar a más personas con este contenido transformador: re:INVÉNTATE en Spotify y Apple Podcasts.¿Tienes preguntas o quieres compartir tus progresos en el desarrollo de este PowerSkill? Etiquétame en Instagram (@librosparaemprendedores) en una stories o deja tus comentarios y opiniones sobre este episodio.✨ ¡Hoy comienza tu re:Invención!

Pre-seed founders want explosive growth early on, but are you following the wrong playbook too soon? These days strategies, acronyms, and well-intended advice are everywhere, but today's guest argues that the path forward is a simple one: talk to customers, run experiments, and embrace rejection as part of the journey.In this episode, Yaniv Bernstein speaks to guest Ashley Smith (ex-Twilio, Parse, GitLab, GitHub, and now General Partner at Vermilion Cliffs) and unpacks what it really takes for your startup to go from zero to one. Ashley has been at the helm of some of the most successful developer tool companies in the last decade and now invests in the next generation of technical founders. She shares raw insights from the trenches on how to build community, experiment with growth, and keep your startup alive through grit and iteration.In this episode, you will:Learn why investor playbooks can be dangerous for early-stage foundersUnderstand why customer conversations matter more than LinkedIn hot takesDiscover how product and marketing should be treated as one cohesive strategyExplore how companies like Twilio, Parse, and GitLab grew by leaning into community, content, and relentless product shippingSee why hiring generalists and “specialists in experimentation” is the best early-stage moveGain tactical tips on creating authentic founder content in the age of AI slopEmbrace rejection as a natural (and necessary) part of fundraising and early customer acquisitionThe Pact Honor the Startup Podcast Pact! If you have listened to TSP and gotten value from it, please:Follow, rate, and review us in your listening appSubscribe to the TSP Mailing List to gain access to exclusive newsletter-only content and early access to information on upcoming episodes: https://thestartuppodcast.beehiiv.com/subscribe Secure your official TSP merchandise at https://shop.tsp.show/ Follow us on YouTube for full-video episodes: https://www.youtube.com/channel/UCNjm1MTdjysRRV07fSf0yGg Give us a public shout-out on LinkedIn or anywhere you have a social media followingKey linksGet your question in for our next Q&A episode: https://forms.gle/NZzgNWVLiFmwvFA2A The Startup Podcast website: https://www.tsp.show/episodes/Learn more about Chris and YanivWork 1:1 with Chris: http://chrissaad.com/advisory/ Follow Chris on Linkedin: https://www.linkedin.com/in/chrissaad/ Follow Yaniv on Linkedin: https://www.linkedin.com/in/ybernstein/Producer: Justin McArthur https://www.linkedin.com/in/justin-mcarthurIntro Voice: Jeremiah Owyang https://web-strategist.com/

This interview was recorded for GOTO Unscripted.https://gotopia.techRead the full transcription of this interview herePaul Slaughter - Staff Fullstack Engineer at GitLab & Creator of Conventional CommentsAdrienne Braganza Tacke - Senior Developer Advocate at Viam Robotics & Author of "Looks Good To Me: Constructive Code Reviews"RESOURCESPaulhttps://x.com/souldzinhttps://github.com/souldzinhttps://gitlab.com/pslaughterhttps://gitlab.com/souldzinhttps://souldzin.comAdriennehttps://bsky.app/profile/abt.bsky.socialhttps://x.com/AdrienneTackehttps://github.com/AdrienneTackehttps://www.linkedin.com/in/adriennetackehttps://www.instagram.com/adriennetackehttps://www.adrienne.iohttps://blog.adrienne.ioLinkshttps://conventionalcomments.orgDESCRIPTIONCan "Conventional Comments" transform code reviews from frustrating experiences into productive collaborations?Paul Slaughter shares his experience developing and practicing "Conventional Comments", a structured approach to improving code review communications through labeled feedback. The conversation explores clear communication patterns with labels (e.g. 'suggestion:', 'issue:' or 'question:').Paul and Adrienne discuss the importance of empathy in the review process, the balance between politeness and efficiency, and how GitLab's Code Review Weekly Workshops have helped normalize review experiences across their remote teams. The interview highlights that effective code reviews depend not just on technical evaluations but on thoughtful communication that acknowledges developers' emotional investment in their work while fostering a culture of collaborative ownership.RECOMMENDED BOOKSAdrienne Braganza Tacke • "Looks Good to Me": Constructive Code ReviewsAdrienne Braganza Tacke • Coding for KidsGrace Huang • Code Reviews in TechMartin Fowler • RefactoringMatthew Skelton & Manuel Pais • Team TopologiesDave Thomas & Andy Hunt • The Pragmatic ProgrammerBlueskyTwitterInstagramLinkedInFacebookCHANNEL MEMBERSHIP BONUSJoin this channel to get early access to videos & other perks:https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/joinLooking for a unique learning experience?Attend the next GOTO conference near you! Get your ticket: gotopia.techSUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted daily!

AI is rewriting the rules of code review and CodeRabbit is leading the charge. In this featured episode of Screaming in the Cloud, Harjot Gill shares with Corey Quinn how his team built the most-installed AI app on GitHub and GitLab, nailed positive unit economics, and turned code review into a powerful guardrail for the AI era.Show Highlights(0:00) Entrepreneurial Journey and Code Rabbit's Origin (3:06) The Broken Nature of Code Reviews (5:47) Developer Feedback and the Future of Code Review (9:50) AI-Generated Code and the Code Review Burden (11:46) Traditional Tools vs. AI in Code Review (13:41) Keeping Up with State-of-the-Art Models (16:16) Cloud Architecture and Google Cloud Run(18:21) Context Engineering for Large Codebases (20:52) Taming LLMs and Balancing Feedback (22:30) Business Model and Open Source Strategy About Harjot Gill Harjot is the CEO of CodeRabbit, a leading AI-first developer tools company. LinksHarjot on LinkedIn: https://www.linkedin.com/in/harjotsgill/SponsorCodeRabbit: https://coderabbit.link/corey

In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pulls back the curtain on how autonomous AI agents and centralized MCP hubs could supercharge productivity—while also opening the door to unprecedented supply chain vulnerabilities. From “shadow MCP servers” to the concept of an “API fabric,” Michael explains why these threats are evolving faster than traditional security measures can keep up, and why CISOs need to act before it's too late. Viewers will get rare insight into the parallels between MCP exploitation and DNS poisoning, the hidden dangers of API sprawl, and why this new era of AI-driven communication could become a hacker's dream. Blog: https://salt.security/blog/when-ai-agents-go-rogue-what-youre-missing-in-your-mcp-security Survey Report: https://content.salt.security/AI-Agentic-Survey-2025_LP-AI-Agentic-Survey-2025.html This segment is sponsored by Salt Security. Visit https://securityweekly.com/saltbh for a free API Attack Surface Assessment! At Black Hat 2025, live from the Cyber Risk TV studio in Las Vegas, Jackie McGuire sits down with Apiiro Co-Founder & CEO Idan Plotnik to unpack the real-world impact of AI code assistants on application security, developer velocity, and cloud costs. With experience as a former Director of Engineering at Microsoft, Idan dives into what drove him to launch Apiiro — and why 75% of engineers will be using AI assistants by 2028. From 10x more vulnerabilities to skyrocketing API bloat and security blind spots, Idan breaks down research from Fortune 500 companies on how AI is accelerating both innovation and risk. What you'll learn in this interview: - Why AI coding tools are increasing code complexity and risk - The massive cost of unnecessary APIs in cloud environments - How to automate secure code without slowing down delivery - Why most CISOs fail to connect security to revenue (and how to fix it) - How Apiiro's Autofix AI Agent helps organizations auto-fix and auto-govern code risks at scale This isn't just another AI hype talk. It's a deep dive into the future of secure software delivery — with practical steps for CISOs, CTOs, and security leaders to become true business enablers. Watch till the end to hear how Apiiro is helping Fortune 500s bridge the gap between code, risk, and revenue. Apiiro AutoFix Agent. Built for Enterprise Security: https://youtu.be/f-_zrnqzYsc Deep Dive Demo: https://youtu.be/WnFmMiXiUuM This segment is sponsored by Apiiro. Be one of the first to see their new AppSec Agent in action at https://securityweekly.com/apiirobh. Is Your AI Usage a Ticking Time Bomb? In this exclusive Black Hat 2025 interview, Matt Alderman sits down with GitLab CISO Josh Lemos to unpack one of the most pressing questions in tech today: Are executives blindly racing into AI adoption without understanding the risks? Filmed live at the CyberRisk TV Studio in Las Vegas, this eye-opening conversation dives deep into: - How AI is being rapidly adopted across enterprises — with or without security buy-in - Why AI governance is no longer optional — and how to actually implement it - The truth about agentic AI, automation, and building trust in non-human identities - The role of frameworks like ISO 42001 in building AI transparency and assurance - Real-world examples of how teams are using LLMs in development, documentation & compliance Whether you're a CISO, developer, or business exec — this discussion will reshape how you think about AI governance, security, and adoption strategy in your org. Don't wait until it's too late to understand the risks. The Economics of Software Innovation: $750B+ Opportunity at a Crossroads Report: http://about.gitlab.com/software-innovation-report/ For more information about GitLab and their report, please visit: https://securityweekly.com/gitlabbh Live from Black Hat 2025 in Las Vegas, Jackie McGuire sits down with Chris Boehm, Field CTO at Zero Networks, for a high-impact conversation on microsegmentation, shadow IT, and why AI still struggles to stop lateral movement. With 15+ years of cybersecurity experience—from Microsoft to SentinelOne—Chris breaks down complex concepts like you're a precocious 8th grader (his words!) and shares real talk on why AI alone won't save your infrastructure. Learn how Zero Networks is finally making microsegmentation frictionless, how summarization is the current AI win, and what red flags to look for when evaluating AI-infused security tools. If you're a CISO, dev, or just trying to stay ahead of cloud threats—this one's for you. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerobh to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-346

In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pulls back the curtain on how autonomous AI agents and centralized MCP hubs could supercharge productivity—while also opening the door to unprecedented supply chain vulnerabilities. From “shadow MCP servers” to the concept of an “API fabric,” Michael explains why these threats are evolving faster than traditional security measures can keep up, and why CISOs need to act before it's too late. Viewers will get rare insight into the parallels between MCP exploitation and DNS poisoning, the hidden dangers of API sprawl, and why this new era of AI-driven communication could become a hacker's dream. Blog: https://salt.security/blog/when-ai-agents-go-rogue-what-youre-missing-in-your-mcp-security Survey Report: https://content.salt.security/AI-Agentic-Survey-2025_LP-AI-Agentic-Survey-2025.html This segment is sponsored by Salt Security. Visit https://securityweekly.com/saltbh for a free API Attack Surface Assessment! At Black Hat 2025, live from the Cyber Risk TV studio in Las Vegas, Jackie McGuire sits down with Apiiro Co-Founder & CEO Idan Plotnik to unpack the real-world impact of AI code assistants on application security, developer velocity, and cloud costs. With experience as a former Director of Engineering at Microsoft, Idan dives into what drove him to launch Apiiro — and why 75% of engineers will be using AI assistants by 2028. From 10x more vulnerabilities to skyrocketing API bloat and security blind spots, Idan breaks down research from Fortune 500 companies on how AI is accelerating both innovation and risk. What you'll learn in this interview: Why AI coding tools are increasing code complexity and risk The massive cost of unnecessary APIs in cloud environments  How to automate secure code without slowing down delivery Why most CISOs fail to connect security to revenue (and how to fix it) How Apiiro's Autofix AI Agent helps organizations auto-fix and auto-govern code risks at scale This isn't just another AI hype talk. It's a deep dive into the future of secure software delivery — with practical steps for CISOs, CTOs, and security leaders to become true business enablers. Watch till the end to hear how Apiiro is helping Fortune 500s bridge the gap between code, risk, and revenue. Apiiro AutoFix Agent. Built for Enterprise Security: https://youtu.be/f-_zrnqzYsc Deep Dive Demo: https://youtu.be/WnFmMiXiUuM This segment is sponsored by Apiiro. Be one of the first to see their new AppSec Agent in action at https://securityweekly.com/apiirobh. Is Your AI Usage a Ticking Time Bomb? In this exclusive Black Hat 2025 interview, Matt Alderman sits down with GitLab CISO Josh Lemos to unpack one of the most pressing questions in tech today: Are executives blindly racing into AI adoption without understanding the risks? Filmed live at the CyberRisk TV Studio in Las Vegas, this eye-opening conversation dives deep into: How AI is being rapidly adopted across enterprises — with or without security buy-in Why AI governance is no longer optional — and how to actually implement it The truth about agentic AI, automation, and building trust in non-human identities The role of frameworks like ISO 42001 in building AI transparency and assurance Real-world examples of how teams are using LLMs in development, documentation & compliance Whether you're a CISO, developer, or business exec — this discussion will reshape how you think about AI governance, security, and adoption strategy in your org. Don't wait until it's too late to understand the risks. The Economics of Software Innovation: $750B+ Opportunity at a Crossroads Report: http://about.gitlab.com/software-innovation-report/ For more information about GitLab and their report, please visit: https://securityweekly.com/gitlabbh Live from Black Hat 2025 in Las Vegas, Jackie McGuire sits down with Chris Boehm, Field CTO at Zero Networks, for a high-impact conversation on microsegmentation, shadow IT, and why AI still struggles to stop lateral movement. With 15+ years of cybersecurity experience—from Microsoft to SentinelOne—Chris breaks down complex concepts like you're a precocious 8th grader (his words!) and shares real talk on why AI alone won't save your infrastructure. Learn how Zero Networks is finally making microsegmentation frictionless, how summarization is the current AI win, and what red flags to look for when evaluating AI-infused security tools. If you're a CISO, dev, or just trying to stay ahead of cloud threats—this one's for you. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerobh to learn more about them! Show Notes: https://securityweekly.com/asw-346

In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pulls back the curtain on how autonomous AI agents and centralized MCP hubs could supercharge productivity—while also opening the door to unprecedented supply chain vulnerabilities. From “shadow MCP servers” to the concept of an “API fabric,” Michael explains why these threats are evolving faster than traditional security measures can keep up, and why CISOs need to act before it's too late. Viewers will get rare insight into the parallels between MCP exploitation and DNS poisoning, the hidden dangers of API sprawl, and why this new era of AI-driven communication could become a hacker's dream. Blog: https://salt.security/blog/when-ai-agents-go-rogue-what-youre-missing-in-your-mcp-security Survey Report: https://content.salt.security/AI-Agentic-Survey-2025_LP-AI-Agentic-Survey-2025.html This segment is sponsored by Salt Security. Visit https://securityweekly.com/saltbh for a free API Attack Surface Assessment! At Black Hat 2025, live from the Cyber Risk TV studio in Las Vegas, Jackie McGuire sits down with Apiiro Co-Founder & CEO Idan Plotnik to unpack the real-world impact of AI code assistants on application security, developer velocity, and cloud costs. With experience as a former Director of Engineering at Microsoft, Idan dives into what drove him to launch Apiiro — and why 75% of engineers will be using AI assistants by 2028. From 10x more vulnerabilities to skyrocketing API bloat and security blind spots, Idan breaks down research from Fortune 500 companies on how AI is accelerating both innovation and risk. What you'll learn in this interview: - Why AI coding tools are increasing code complexity and risk - The massive cost of unnecessary APIs in cloud environments - How to automate secure code without slowing down delivery - Why most CISOs fail to connect security to revenue (and how to fix it) - How Apiiro's Autofix AI Agent helps organizations auto-fix and auto-govern code risks at scale This isn't just another AI hype talk. It's a deep dive into the future of secure software delivery — with practical steps for CISOs, CTOs, and security leaders to become true business enablers. Watch till the end to hear how Apiiro is helping Fortune 500s bridge the gap between code, risk, and revenue. Apiiro AutoFix Agent. Built for Enterprise Security: https://youtu.be/f-_zrnqzYsc Deep Dive Demo: https://youtu.be/WnFmMiXiUuM This segment is sponsored by Apiiro. Be one of the first to see their new AppSec Agent in action at https://securityweekly.com/apiirobh. Is Your AI Usage a Ticking Time Bomb? In this exclusive Black Hat 2025 interview, Matt Alderman sits down with GitLab CISO Josh Lemos to unpack one of the most pressing questions in tech today: Are executives blindly racing into AI adoption without understanding the risks? Filmed live at the CyberRisk TV Studio in Las Vegas, this eye-opening conversation dives deep into: - How AI is being rapidly adopted across enterprises — with or without security buy-in - Why AI governance is no longer optional — and how to actually implement it - The truth about agentic AI, automation, and building trust in non-human identities - The role of frameworks like ISO 42001 in building AI transparency and assurance - Real-world examples of how teams are using LLMs in development, documentation & compliance Whether you're a CISO, developer, or business exec — this discussion will reshape how you think about AI governance, security, and adoption strategy in your org. Don't wait until it's too late to understand the risks. The Economics of Software Innovation: $750B+ Opportunity at a Crossroads Report: http://about.gitlab.com/software-innovation-report/ For more information about GitLab and their report, please visit: https://securityweekly.com/gitlabbh Live from Black Hat 2025 in Las Vegas, Jackie McGuire sits down with Chris Boehm, Field CTO at Zero Networks, for a high-impact conversation on microsegmentation, shadow IT, and why AI still struggles to stop lateral movement. With 15+ years of cybersecurity experience—from Microsoft to SentinelOne—Chris breaks down complex concepts like you're a precocious 8th grader (his words!) and shares real talk on why AI alone won't save your infrastructure. Learn how Zero Networks is finally making microsegmentation frictionless, how summarization is the current AI win, and what red flags to look for when evaluating AI-infused security tools. If you're a CISO, dev, or just trying to stay ahead of cloud threats—this one's for you. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerobh to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-346

In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pulls back the curtain on how autonomous AI agents and centralized MCP hubs could supercharge productivity—while also opening the door to unprecedented supply chain vulnerabilities. From “shadow MCP servers” to the concept of an “API fabric,” Michael explains why these threats are evolving faster than traditional security measures can keep up, and why CISOs need to act before it's too late. Viewers will get rare insight into the parallels between MCP exploitation and DNS poisoning, the hidden dangers of API sprawl, and why this new era of AI-driven communication could become a hacker's dream. Blog: https://salt.security/blog/when-ai-agents-go-rogue-what-youre-missing-in-your-mcp-security Survey Report: https://content.salt.security/AI-Agentic-Survey-2025_LP-AI-Agentic-Survey-2025.html This segment is sponsored by Salt Security. Visit https://securityweekly.com/saltbh for a free API Attack Surface Assessment! At Black Hat 2025, live from the Cyber Risk TV studio in Las Vegas, Jackie McGuire sits down with Apiiro Co-Founder & CEO Idan Plotnik to unpack the real-world impact of AI code assistants on application security, developer velocity, and cloud costs. With experience as a former Director of Engineering at Microsoft, Idan dives into what drove him to launch Apiiro — and why 75% of engineers will be using AI assistants by 2028. From 10x more vulnerabilities to skyrocketing API bloat and security blind spots, Idan breaks down research from Fortune 500 companies on how AI is accelerating both innovation and risk. What you'll learn in this interview: - Why AI coding tools are increasing code complexity and risk - The massive cost of unnecessary APIs in cloud environments - How to automate secure code without slowing down delivery - Why most CISOs fail to connect security to revenue (and how to fix it) - How Apiiro's Autofix AI Agent helps organizations auto-fix and auto-govern code risks at scale This isn't just another AI hype talk. It's a deep dive into the future of secure software delivery — with practical steps for CISOs, CTOs, and security leaders to become true business enablers. Watch till the end to hear how Apiiro is helping Fortune 500s bridge the gap between code, risk, and revenue. Apiiro AutoFix Agent. Built for Enterprise Security: https://youtu.be/f-_zrnqzYsc Deep Dive Demo: https://youtu.be/WnFmMiXiUuM This segment is sponsored by Apiiro. Be one of the first to see their new AppSec Agent in action at https://securityweekly.com/apiirobh. Is Your AI Usage a Ticking Time Bomb? In this exclusive Black Hat 2025 interview, Matt Alderman sits down with GitLab CISO Josh Lemos to unpack one of the most pressing questions in tech today: Are executives blindly racing into AI adoption without understanding the risks? Filmed live at the CyberRisk TV Studio in Las Vegas, this eye-opening conversation dives deep into: - How AI is being rapidly adopted across enterprises — with or without security buy-in - Why AI governance is no longer optional — and how to actually implement it - The truth about agentic AI, automation, and building trust in non-human identities - The role of frameworks like ISO 42001 in building AI transparency and assurance - Real-world examples of how teams are using LLMs in development, documentation & compliance Whether you're a CISO, developer, or business exec — this discussion will reshape how you think about AI governance, security, and adoption strategy in your org. Don't wait until it's too late to understand the risks. The Economics of Software Innovation: $750B+ Opportunity at a Crossroads Report: http://about.gitlab.com/software-innovation-report/ For more information about GitLab and their report, please visit: https://securityweekly.com/gitlabbh Live from Black Hat 2025 in Las Vegas, Jackie McGuire sits down with Chris Boehm, Field CTO at Zero Networks, for a high-impact conversation on microsegmentation, shadow IT, and why AI still struggles to stop lateral movement. With 15+ years of cybersecurity experience—from Microsoft to SentinelOne—Chris breaks down complex concepts like you're a precocious 8th grader (his words!) and shares real talk on why AI alone won't save your infrastructure. Learn how Zero Networks is finally making microsegmentation frictionless, how summarization is the current AI win, and what red flags to look for when evaluating AI-infused security tools. If you're a CISO, dev, or just trying to stay ahead of cloud threats—this one's for you. This segment is sponsored by Zero Networks. Visit https://securityweekly.com/zerobh to learn more about them! Show Notes: https://securityweekly.com/asw-346

GitLab integrates artificial intelligence with human expertise to secure software development for organizations across industries. Julie Davila, Vice President of Product Security, leads efforts to protect the platform and software supply chains by automating security tasks and maintaining human oversight. GitLab advises organizations to inventory AI touchpoints, document model usage, and conduct AI-specific incident exercises to meet regulatory requirements. The company encourages upskilling security teams in prompt engineering and hands-on defense against AI-driven threats. GitLab implements secure integration patterns and treats AI agents as privileged identities to ensure accountability and prevent security risks, enabling organizations to adopt AI safely while maintaining compliance.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.

In this episode of Building Better Developers with AI, Rob Broadhead and Michael Meloche revisit an earlier conversation: “Building a Strong Developer Toolkit – Enhancing Skills and Productivity.” This time, they explore how AI and modern practices shape the discussion. The takeaway: enhancing developer productivity isn't just about tools—it's about habits, problem-solving, and continuous growth.

What 25 years in venture capital teaches you about building billion-dollar startups that founders wish they knew earlier...David Hornik, founding partner at Lobby Capital and former August Capital partner, breaks down the real dynamics between VCs and founders that most entrepreneurs completely misunderstand. From his $50M+ exits including Splunk, GitLab, and Bill.com, David shares why venture capital success isn't about the money - it's about finding the right partnership.In this conversation, you'll discover why the best investors act as collaborators, not gatekeepers, and how startup culture matters as much as your product-market fit. David reveals the misconceptions founders have about what VCs actually look for, the importance of long-term vision alignment, and why building supportive communities around entrepreneurs drives real innovation.Key takeaways for founders:Trust and alignment matter more than just growth metrics Your company culture determines long-term success The best VCs become mentors, not just money providers Staying true to your mission while adapting is crucial for survivalDavid's unique background spans Stanford Computer Music to Harvard Law, plus he created the first VC blog and podcast. He's been honored on Forbes' Midas List and teaches at both Stanford Business School and Harvard Law School.Subscribe for more founder insights and hit the bell for notifications! What's the biggest misconception you had about VCs? Drop it in the comments below.Follow us on our channels for exclusive startup content and behind-the-scenes insights from interviews like this one.SpotifyApple PodcastsYoutubeNewman Media Studios LinkedIn

In der heutigen Folge sprechen die Finanzjournalisten Daniel Eckert und Holger Zschäpitz über neue Rekorde an der Wall Street, Trumps Goldman-Bashing, und Circle's freche Aktienverkäufe. Darüber hinaus geht es um 180 Life Sciences Corp, Alphabet, Coreweave, Rigetti Computing, Springer Nature, Patrizia, SAP, Hannover Rück, Confluent, Asana, Atlassian, Hubspot, Samsara, Gitlab, Mongo DB, Fastly, Adobe, Elastic, Twilio und Xtrackers FTSE Vietnam Swap ETF (WKN: DBX1AG), Xtrackers S&P Select Frontier Swap ETF (WKN: DBX1A9), MSCI EFM Africa Top 50 Capped Swap ETF (WKN: DBX0HX). Wir freuen uns an Feedback über aaa@welt.de. Noch mehr "Alles auf Aktien" findet Ihr bei WELTplus und Apple Podcasts – inklusive aller Artikel der Hosts und AAA-Newsletter. Hier bei WELT: https://www.welt.de/podcasts/alles-auf-aktien/plus247399208/Boersen-Podcast-AAA-Bonus-Folgen-Jede-Woche-noch-mehr-Antworten-auf-Eure-Boersen-Fragen.html. Der Börsen-Podcast Disclaimer: Die im Podcast besprochenen Aktien und Fonds stellen keine spezifischen Kauf- oder Anlage-Empfehlungen dar. Die Moderatoren und der Verlag haften nicht für etwaige Verluste, die aufgrund der Umsetzung der Gedanken oder Ideen entstehen. Hörtipps: Für alle, die noch mehr wissen wollen: Holger Zschäpitz können Sie jede Woche im Finanz- und Wirtschaftspodcast "Deffner&Zschäpitz" hören. +++ Werbung +++ Du möchtest mehr über unsere Werbepartner erfahren? Hier findest du alle Infos & Rabatte! https://linktr.ee/alles_auf_aktien Impressum: https://www.welt.de/services/article7893735/Impressum.html Datenschutz: https://www.welt.de/services/article157550705/Datenschutzerklaerung-WELT-DIGITAL.html

ZITADEL is pioneering the next generation of identity infrastructure, providing a developer-first platform that handles everything from basic authentication to complex multi-tenant B2B scenarios. With $11.5 million in funding and a unique open-source approach, ZITADEL has positioned itself as the "GitLab for identity" - offering both self-hosted and SaaS deployment options while maintaining flexibility through comprehensive APIs. In a recent episode of Category Visionaries, I sat down with Florian Forster, CEO and Co-Founder of ZITADEL, who recently relocated from Switzerland to the Bay Area to accelerate the company's go-to-market efforts and tap into the massive US opportunity. Topics Discussed: ZITADEL's comprehensive identity platform covering authentication, authorization, and multi-tenant scenarios The company's innovative dual-licensing approach combining AGPL open source with commercial offerings Florian's strategic decision to relocate his entire family from Switzerland to the Bay Area The evolution from per-user pricing to capability-based pricing models Building a global team across three regions: Europe for engineering, US for go-to-market, and Argentina for customer success Marketing strategy focused 80/20 on developers versus buyers Cultural differences between European and American go-to-market approaches Future vision for AI risk mitigation and behavioral analytics in identity management GTM Lessons For B2B Founders: Embrace "cash or code" open source strategy: Florian introduced the concept of "cash or code" - users either pay for commercial features or contribute meaningfully to the open source project. ZITADEL's shift from Apache to AGPL licensing ensures that free users contribute back to the community while commercial customers get enterprise features and SLAs. This dual-licensing approach creates sustainable economics while building a strong community foundation. Rethink pricing to align with customer value creation: ZITADEL is moving away from per-user pricing because, as Florian explains, "we are the system that makes users useful. So if we hinder our customers on creating users in the first place, it kind of defeats the whole idea." Instead, they're shifting to capability-based pricing where customers pay for specific features like compliance notifications rather than user seats. This removes friction from customer growth and better aligns pricing with actual value delivered. Focus marketing efforts on developers, not just buyers: ZITADEL discovered that an 80/20 split between developer-focused and buyer-focused marketing works best. Florian notes that "targeting the developer ultimately leads to us being in the debate when somebody procures a system like ours." Developers do the initial evaluation and recommendation, so winning them over is crucial for getting into procurement discussions with buyers. Leverage geographic arbitrage strategically: ZITADEL operates across three regions - Europe for core engineering (quality engineers at $100-250K vs $250-500K in Bay Area), US for go-to-market, and Argentina for customer success and sales engineering. This approach optimizes for both cost efficiency and timezone coverage while maintaining quality across all functions. Adapt messaging for cultural differences: Moving from Switzerland to the US taught Florian that "in US marketing, things get overinflated quite severely, but the buyer knows that and automatically deducts some of it." Europeans tend to under-market solid products, while US buyers expect and discount for marketing inflation. B2B founders must calibrate their messaging appropriately for different markets and buyer expectations.   //   Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe.  www.GlobalTalent.co   //   Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role. Subscribe here: https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM   

If you like what you hear, please subscribe, leave us a review and tell a friend!

In this episode of The Eric Ries Show, I'm joined by Sid Sijbrandij, co-founder and Executive Chair of GitLab—one of the world's most radically transparent and values-driven software companies.Sid shares how GitLab evolved from an open-source side project into a publicly traded DevOps platform, all while remaining deeply aligned with its values. From turning down a $10 million offer to maintaining control through dual-class shares, Sid walks us through the principles and systems that have shaped GitLab from the start.We also delve into GitLab's renowned, live, and public 2,000-page handbook—how it functions not only as documentation but also as a recruiting tool, cultural backbone, and governance mechanism.In our conversation today, we talk about the following topics:• Why Sid once cold-pitched a submarine inventor—and got hired• What led GitLab to turn down a $10M buyout and pursue an IPO• Why GitLab favors “boring solutions” by default—and avoids reinventing the wheel• The role of GitLab's live, public handbook in building transparency and trust• Why every change at GitLab must be made in the handbook first• How the handbook supports hiring, alignment, and radical transparency• GitLab's approach to decentralized decision-making• Why “customer results” sits at the top of GitLab's values hierarchy• Sid's case for open core as the future of software•How GitLab encourages informal connection in a remote-first culture—and the role of in-person meetups• And much more—Brought to you by:• Ahrefs – Get instant website traffic insights, without the noise. ⁠⁠Learn more⁠⁠. —Where to find Sid Sijbrandij:• LinkedIn: https://www.linkedin.com/in/sijbrandij/• X: https://x.com/sytses—Where to find Eric:• Newsletter:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://ericries.carrd.co/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ • Podcast:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://ericriesshow.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ • YouTube:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/@theericriesshow⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ —In This Episode We Cover:(00:00) Intro(02:52) The origins of GitLab(04:15) The MVP of GitLab and how it has evolved to a DevOps platform (05:09) Sid's internships and why he chose to work with submarines after(08:57) How Sid became a submarine engineer (11:10) How Ruby sparked Sid's interest in programming (12:28) Why GitLab said no to $10M and chose YC and decided to go IPO(17:45) How GitLab kept control including granting 10x voting shares before going public(22:25) GitLab's extreme commitment to their values (28:29) GitLab's Handbook and how changes are made (33:11) How GitLab handles pushback and how the handbook builds trust (37:38) An explanation of buyer-based open core at GitLab (38:35) The challenges implementing a lean startup approach (45:26) Keeping the organization aligned: How GitLab reinforces their values (53:51) Why GitLab updates values (55:57) Why senior engineers have an easier time securing budget(57:21) Putting customers first: GitLab's value hierarchy explained(59:08) The case for decentralized decision-making—and how GitLab makes it work(1:03:24) The handbook's role in recruiting and building alignment(1:06:25) Maintaining transparency after IPO(1:10:55) The three phases of GitLab's all-remote operating policy (1:17:04) How GitLab developed its open core business model (1:20:19) The trust-building power of open source and Sid's case for open core(1:25:20) Protective governance measures GitLab helps companies take (1:29:28) How Sid has been doing on his cancer journey, and his work to help others —You can find episode references at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.ericriesshow.com/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠—Production and marketing by ⁠⁠Pen Name⁠⁠.Eric may be an investor in the companies discussed.

Brian Robbins is the CFO of GitLab, a DevSecOps platform that supports software innovation. He joins Motley Fool CEO, Tom Gardner, plus Chief Investment Officer Andy Cross and AI Engineer Karl Juhl for a conversation about: - How GitLab scaled for remote culture - How technology and AI have shifted over the years - GitLab's plan to handle the evolving cloud and DevOps landscape. Companies mentioned: GTLB Hosts: Tom Gardner, Andy Cross, Karl Juhl Guest: Brian Robbins Engineer: Bart Shannon Advertisements are sponsored content and provided for informational purposes only. The Motley Fool and its affiliates (collectively, "TMF") do not endorse, recommend, or verify the accuracy or completeness of the statements made within advertisements. TMF is not involved in the offer, sale, or solicitation of any securities advertised herein and makes no representations regarding the suitability, or risks associated with any investment opportunity presented. Investors should conduct their own due diligence and consult with legal, tax, and financial advisors before making any investment decisions. TMF assumes no responsibility for any losses or damages arising from this advertisement. Learn more about your ad choices. Visit megaphone.fm/adchoices

Bill Staples has spent 30 years redefining how the world writes, ships, and secures code.On this week's Grit, the GitLab CEO shares what it takes to lead a public, all-remote DevSecOps company trusted by more than half of the Fortune 100. He breaks down the discipline of managing energy instead of hours, why weekly operating cadences beat quarterly plans, and how AI will 10× software engineers by auto-debugging code and closing security gaps.Guest: Bill Staples, CEO of GitLabChapters:00:00 Trailer00:42 Introduction02:34 True joy in life08:16 Winning teams13:53 When the energy isn't there18:00 Super ambitious21:01 It's not just technology29:27 Elevating quality and standard41:36 Lifelong collaborator51:22 Competent intelligence54:22 Structuring goals and time1:03:59 Who GitLab is hiring1:04:17 What “grit” means to Bill1:04:54 OutroLinks:Connect with BillLinkedInConnect with JoubinXLinkedInEmail: grit@kleinerperkins.comLearn more about Kleiner Perkins

Most AI in healthcare promises superintelligence—but what if that's the wrong goal entirely?In this episode, Michael and Halle speak with Othman Laraki, co-founder and CEO of Color Health, to talk about why real-world care doesn't need a perfect model—it needs a better system. Othman breaks down how Color evolved from a consumer genetics startup into a nationwide virtual cancer clinic, why most diagnostics businesses fail, and how AI can actually support clinicians without trying to replace them.We cover:

Interpol's Operation Secure dismantles a major cybercrime network, and Singapore takes down scam centers. GitLab patches multiple vulnerabilities in its DevSecOps platform. Researchers unveil a covert method for exfiltrating data using smartwatches. EchoLeak allows for data exfiltration from Microsoft Copilot. Journalists are confirmed targets of Paragon's Graphite spyware. France calls for comments on tracking pixels. Fog ransomware operators deploy an unusual mix of tools. Skeleton Spider targets recruiters by posing as job seekers on LinkedIn and Indeed. Erie Insurance suffers ongoing outages following a cyberattack. Our N2K Lead Analyst Ethan Cook shares insights on Trump's antitrust policies. DNS neglect leads to AI subdomain exploits. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we share a selection from today's Caveat podcast where Dave Bittner and Ben Yelin are joined by N2K's Lead Analyst, Ethan Cook, to take a Policy Deep Dive into “The art of the breakup: Trump's antitrust surge.” You can listen to the full episode here and find new episodes of Caveat in your favorite podcast app each Thursday.   Selected Reading Interpol takes down 20,000 malicious IPs and domains (Cybernews) Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts (The Record) GitLab patches high severity account takeover, missing auth issues (Bleeping Computer) SmartAttack uses smartwatches to steal data from air-gapped systems (Bleeping Computer) Critical vulnerability in Microsoft 365 Copilot AI called EchoLeak enabled data exfiltration (Beyond Machines) Researchers confirm two journalists were hacked with Paragon spyware (TechCrunch) Tracking pixels: CNIL launches public consultation on its draft recommendation (CNIL) Fog ransomware attack uses unusual mix of legitimate and open-source tools (Bleeping Computer) FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters (The Record) Erie Insurance confirms cyberattack behind business disruptions (Bleeping Computer) Why Was Nvidia Hosting Blogs About 'Brazilian Facesitting Fart Games'? (404 Media)  Secure your public DNS presence from subdomain takeovers and dangling DNS exploits (Silent Push) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

How can a Head of Remote act as the organizational glue that holds strategy, people, and processes together? Laurel Farrer, former Head of TeamOps at GitLab and internationally renowned thought leader, explains how this pivotal role shapes the future of work.

Follow me @samirkaji for my thoughts on the venture market, with a focus on the continued evolution of the VC landscape.Welcome to another episode of Venture Unlocked. In this episode, I had the pleasure of welcoming Villi Iltchev, founder and managing partner of Category Ventures. Villi has had a long history in tech, both in operating roles at companies like Box and Lifelock, as well as investing roles at August Capital and Two Sigma, where he departed in 2024 to launch Category Ventures.We covered a lot of ground in our conversation, including his inspiration for starting a new firm and the experiences that informed his true north. We also spoke about the fragmentation of the market and what it means to win in early-stage investing in a heavily crowded market of dedicated seed funds & larger funds who are active in see and Series A. I really enjoyed the authenticity of the conversation and hope you do as well.About Villi IltchevVilli Iltchev is the Founder and Managing Partner of Category Ventures, an early-stage venture firm focused on backing category-defining enterprise software companies. With over two decades of experience as both an operator and investor, Villi has held leadership roles at Box, LifeLock, and Salesforce, where he led investments and acquisitions in companies like HubSpot, MuleSoft, Gusto, and Zapier. As a General Partner at August Capital and later at Two Sigma Ventures, he backed standout startups like GitLab—turning a $20M investment into over $900M in returns. Originally from Bulgaria, Villi brings a global perspective and a founder-first mindset to every partnership.Category Ventures is an early-stage venture firm founded in 2024 by veteran investor Villi Iltchev, focused on backing category-defining enterprise software startups. With a $160M debut fund, the firm invests in pre-seed and seed-stage companies across infrastructure, dev tools, AI, and applications. Drawing on Iltchev's track record—including early investments in GitLab, Zapier, and Gusto—Category Ventures brings deep technical and go-to-market expertise to help founders build enduring businesses. Their approach centers on hands-on support and founder-first partnership to shape the future of enterprise software.In this episode, we discuss:* Villi's Background and Journey (1:50)* Lessons from Venture Capital Firms (5:35)* Market Fragmentation in Venture Capital (8:47)* Flexible Investment Strategy (12:24)* Challenges with Traditional VC Models (13:26)* Product Market Fit and Founder Support (17:35)* Counterpoints on Large VC Firms (21:40)* Winning in Venture Capital (24:07)* Kindness and Community (26:24)* Components of Success (30:00)* Decision-Making Process (33:21)* Intellectual Honesty in Investments (36:16)* The Role of Fresh Perspectives (40:08)* Acting on Great Ideas and Final Thoughts (42:27)I'd love to know what you took away from this conversation with Villi. Follow me @SamirKaji and give me your insights and questions with the hashtag #ventureunlocked. If you'd like to be considered as a guest or have someone you'd like to hear from (GP or LP), drop me a direct message on X. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit ventureunlocked.substack.com

The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look at how developers are using LLMs to generate code and continue our search for where LLMs are providing value to appsec. We also consider what indicators we'd look for as signs of success. For example, are LLMs driving useful commits to overburdened open source developers? Are LLMs climbing the ranks of bug bounty platforms? In the news, more examples of prompt injection techniques against LLM features in GitLab and GitHub, the value (and tradeoffs) in rewriting code, secure design lessons from a history of iOS exploitation, checking for all the ways to root, and NIST's approach to (maybe) measuring likely exploited vulns. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-333

SVG Steganography Steganography is not only limited to pixel-based images but can be used to embed messages into vector-based formats like SVG. https://isc.sans.edu/diary/SVG%20Steganography/31978 Fortinet Vulnerability Details CVE-2025-32756 Horizon3.ai shows how it was able to find the vulnerability in Fortinet s products, and how to possibly exploit this issue. The vulnerability is already being exploited in the wild and was patched May 13th https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/ Remote Prompt Injection in GitLab Duo Leads to Source Code Theft An attacker may leave instructions (prompts) for GitLab Duo embedded in the source code. This could be used to exfiltrate source code and secrets or to inject malicious code into an application. https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo