Podcasts about Java

Share on
Share on Facebook
Share on Twitter
Share on Reddit
Copy link to clipboard

Indonesian island

  • 2,203PODCASTS
  • 6,719EPISODES
  • 43mAVG DURATION
  • 3DAILY NEW EPISODES
  • Jan 21, 2022LATEST
Java

POPULARITY

20122013201420152016201720182019202020212022


Best podcasts about Java

Show all podcasts related to java

Latest podcast episodes about Java

Programming Throwdown
125 - Object Caching Systems

Programming Throwdown

Play Episode Listen Later Jan 21, 2022 74:56


DownloadWe are sponsored by audible! http://www.audibletrial.com/programmingthrowdownWe are on Patreon! https://www.patreon.com/programmingthrowdownT-Shirts! http://www.cafepress.com/programmingthrowdown/13590693Join us on Discord! https://discord.gg/r4V2zpCObject Caching SystemsMany people have heard the names "redis" or "memcached" but fewer people know what these tools are good for or why we need them so badly.  In this show, Patrick and I explain why caching is so important and how these systems work under the hood.Intro topic: Public database & cache services (Planetscale & Upstash)News/Links: Log4J Vulnerability https://jfrog.com/blog/log4shell-0-day-vulnerability-all-you-need-to-know/ https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/ Scan of the Month: Gameboyshttps://scanofthemonth.com/game-boy-original/ Hyrum's Lawhttps://www.hyrumslaw.com/ Make the Internet Yours Again With an Instant Mesh Networkhttps://changelog.complete.org/archives/10319-make-the-internet-yours-again-with-an-instant-mesh-network Book of the Show Jason: AI 2041https://amzn.to/3fOqnWQ Patrick: Dawnshard - Brandon Sandersonhttps://amzn.to/3tFmuMi Audible Plug http://www.audibletrial.com/programmingthrowdownPatreon Plug https://www.patreon.com/programmingthrowdown?ty=hTool of the Show JasonSwagger: https://swagger.io/ Patrickripgrep https://github.com/BurntSushi/ripgrep Topic: Object Caching Systems The need Latency In memory Caching Disadvantages compared to DB Size limits (memory) Limited query support Limited persistence options Stale caches How it works Key-value stores Special operations for multi-get /multi-step Expiry timers on each key Hashing Examples Redis Memcached DynamoDB Google datastore Firebase database 00:00:15 Introduction00:00:54 New Year's Resolutions00:03:59 Saving money on cloud servers00:17:20 Scan of the Month00:20:14 Hyrum's Law00:25:30 Make the Internet Yours Again with an Instant Mesh Network 00:31:45 Book of the Show 00:31:56 AI 2041 00:35:25 Don Shard00:37:35 Tool of the Show00:38:17 Swagger00:59:10 ripgrep0:45:31 Object Caching Systems01:10:22 High Frequency Trading01:14:07 FarewellsIf you've enjoyed this episode, you can listen to more on Programming Throwdown's website: https://www.programmingthrowdown.com/Reach out to us via email: programmingthrowdown@gmail.comYou can also follow Programming Throwdown on Facebook | Apple Podcasts | Spotify | Player.FM Join the discussion on our DiscordYou can also help support Programming Throwdown through our Patreon★ Support this podcast on Patreon ★

Kakadu - Deutschlandfunk Kultur
Naturgewalt - Was passiert in einem Vulkan?

Kakadu - Deutschlandfunk Kultur

Play Episode Listen Later Jan 18, 2022 24:48


Zuletzt hatten Vulkanausbrüche auf den Inseln La Palma und Java für Schlagzeilen gesorgt. Nun versetzt ein Ausbruch im Pazifik-Staat Tonga viele Menschen in Sorge. In dieser Episode erklären wir, was bei einem Ausbruch im Inneren des Bergs passiert.Mit Patricia und MerleDirekter Link zur Audiodatei

Java with Juli
#396: Diverse Gender Identities: How To See the People Behind the Issue

Java with Juli

Play Episode Listen Later Jan 17, 2022 34:42


Why are so many teens suddenly coming out as trans or non binary? Juli welcomes Dr. Mark Yarhouse to help you understand the difference between gender dysphoria and the emerging gender identities that young people are navigating today. You'll hear how to have compassionate, biblical and  productive conversations around this complex issue—and how to listen and love well. Guest: Dr. Mark Yarhouse Show notes: Understanding Gender Dysphoria by Dr. Mark Yarhouse* Emerging Gender Identities by Dr. Mark Yarhouse & Dr. Julia Sadusky* Introduce the podcast! Tell us how & why you listen to Java with Juli.   *This is an affiliate link. AI may earn referral fees from qualifying purchases. Photo by Aedrian on Unsplash

Hanselminutes - Fresh Talk and Tech for Developers
Redefining Imposter Syndrome with Maya Bello

Hanselminutes - Fresh Talk and Tech for Developers

Play Episode Listen Later Jan 13, 2022 31:25


Maya is a software engineer who has worked at companies like Intuit and Slack. She's also taught game design as well as Java and OOP techniques as a Tutor at UCSD. She runs a successful YouTube channel and often mentors newbies. However, she's struggled with Imposter Syndrome. In this chat with Scott, Maya asks "why not me?" and considers how to redefine Imposter Syndrome and make it a superpower rather than a problem.Subscribe to Maya on YouTube!

Sophos Podcasts
S3 Ep65: Supply chain conniption, NetUSB hole, Honda flashback, FTC muscle

Sophos Podcasts

Play Episode Listen Later Jan 13, 2022 33:46


A JavaScript coder sabotages his own projects. Routers with critical holes. Honda cars party like it's 2002. The FTC warns everyone to patch. And a Log4Shell-like bug in another Java library. https://nakedsecurity.sophos.com/javascript-developer-destroys-own-projects https://nakedsecurity.sophos.com/home-routers-with-netusb-support https://nakedsecurity.sophos.com/honda-cars-in-flashback-to-2002 https://nakedsecurity.sophos.com/ftc-threatens-legal-action https://nakedsecurity.sophos.com/log4shell-like-security-hole With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: tips@sophos.com Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)

Screaming in the Cloud
Slinging CDK Knowledge with Matt Coulter

Screaming in the Cloud

Play Episode Listen Later Jan 12, 2022 37:37


About MattMatt is an AWS DevTools Hero, Serverless Architect, Author and conference speaker. He is focused on creating the right environment for empowered teams to rapidly deliver business value in a well-architected, sustainable and serverless-first way.You can usually find him sharing reusable, well architected, serverless patterns over at cdkpatterns.com or behind the scenes bringing CDK Day to life.Links: AWS CDK Patterns: https://cdkpatterns.com The CDK Book: https://thecdkbook.com CDK Day: https://www.cdkday.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: It seems like there is a new security breach every day. Are you confident that an old SSH key, or a shared admin account, isn't going to come back and bite you? If not, check out Teleport. Teleport is the easiest, most secure way to access all of your infrastructure. The open source Teleport Access Plane consolidates everything you need for secure access to your Linux and Windows servers—and I assure you there is no third option there. Kubernetes clusters, databases, and internal applications like AWS Management Console, Yankins, GitLab, Grafana, Jupyter Notebooks, and more. Teleport's unique approach is not only more secure, it also improves developer productivity. To learn more visit: goteleport.com. And not, that is not me telling you to go away, it is: goteleport.com.Corey: This episode is sponsored in part by our friends at Rising Cloud, which I hadn't heard of before, but they're doing something vaguely interesting here. They are using AI, which is usually where my eyes glaze over and I lose attention, but they're using it to help developers be more efficient by reducing repetitive tasks. So, the idea being that you can run stateless things without having to worry about scaling, placement, et cetera, and the rest. They claim significant cost savings, and they're able to wind up taking what you're running as it is in AWS with no changes, and run it inside of their data centers that span multiple regions. I'm somewhat skeptical, but their customers seem to really like them, so that's one of those areas where I really have a hard time being too snarky about it because when you solve a customer's problem and they get out there in public and say, “We're solving a problem,” it's very hard to snark about that. Multus Medical, Construx.ai and Stax have seen significant results by using them. And it's worth exploring. So, if you're looking for a smarter, faster, cheaper alternative to EC2, Lambda, or batch, consider checking them out. Visit risingcloud.com/benefits. That's risingcloud.com/benefits, and be sure to tell them that I said you because watching people wince when you mention my name is one of the guilty pleasures of listening to this podcast.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I'm joined today by Matt Coulter, who is a Technical Architect at Liberty Mutual. You may have had the privilege of seeing him on the keynote stage at re:Invent last year—in Las Vegas or remotely—that last year of course being 2021. But if you make better choices than the two of us did, and found yourself not there, take the chance to go and watch that keynote. It's really worth seeing.Matt, first, thank you for joining me. I'm sorry, I don't have 20,000 people here in the audience to clap this time. They're here, but they're all remote as opposed to sitting in the room behind me because you know, social distancing.Matt: And this left earphone, I just have some applause going, just permanently, just to keep me going. [laugh].Corey: That's sort of my own internal laugh track going on. It's basically whatever I say is hilarious, to that. So yeah, doesn't really matter what I say, how I say it, my jokes are all for me. It's fine. So, what was it like being on stage in front of that many people? It's always been a wild experience to watch and for folks who haven't spent time on the speaking circuit, I don't think that there's any real conception of what that's like. Is this like giving a talk at work, where I just walk on stage randomly, whatever I happened to be wearing? And, oh, here's a microphone, I'm going to say words. What is the process there?Matt: It's completely different. For context for everyone, before the pandemic, I would have pretty regularly talked in front of, I don't know, maybe one, two hundred people in Liberty, in Belfast. So, I used to be able to just, sort of, walk in front of them, and lean against the pillar, and use my clicker, and click through, but the process for actually presenting something as big as a keynote and re:Invent is so different. For starters, you think that when you walk onto the stage, you'll actually be able to see the audience, but the way the lights are set up, you can pretty much see about one row of people, and they're not the front row, so anybody I knew, I couldn't actually see.And yeah, you can only see, sort of like, the from the void, and then you have your screens, so you've six sets of screens that tell you your notes as well as what slides you're on, you know, so you can pivot. But other than that, I mean, it feels like you're just talking to yourself outside of whenever people, thankfully, applause. It's such a long process to get there.Corey: I've always said that there are a few different transition stages as the audience size increases, but for me, the final stage is more or less anything above 750 people. Because as you say, you aren't able to see that many beyond that point, and it doesn't really change anything meaningfully. The most common example that you see in the wild is jokes that work super well with a small group of people fall completely flat to large audiences. It's why so much corporate numerous cheesy because yeah, everyone in the rehearsals is sitting there laughing and the joke kills, but now you've got 5000 people sitting in a room and that joke just sounds strained and forced because there's no longer a conversation, and no one has the shared context that—the humor has to change. So, in some cases when you're telling a story about what you're going to say on stage, during a rehearsal, they're going to say, “Well, that joke sounds really corny and lame.” It's, “Yeah, wait until you see it in front of an audience. It will land very differently.” And I'm usually right on that.I would also advise, you know, doing what you do and having something important and useful to say, as opposed to just going up there to tell jokes the whole time. I wanted to talk about that because you talked about how you're using various CDK and other serverless style patterns in your work at Liberty Mutual.Matt: Yeah. So, we've been using CDK pretty extensively since it was, sort of, Q3 2019. At that point, it was new. Like, it had just gone GA at the time, just came out of dev preview. And we've been using CDK from the perspective of we want to be building serverless-first, well-architected apps, and ideally we want to be building them on AWS.Now, the thing is, we have 5000 people in our IT organization, so there's sort of a couple of ways you can take to try and get those people onto the cloud: You can either go the route of being, like, there is one true path to architecture, this is our architecture and everything you want to build can fit into that square box; or you can go the other approach and try and have the golden path where you say this is the paved road that is really easy to do, but if you want to differentiate from that route, that's okay. But what you need to do is feed back into the golden path if that works. Then everybody can improve. And that's where we've started been using CDK. So, what you heard me talk about was the software accelerator, and it's sort of a different approach.It's where anybody can build a pattern and then share it so that everybody else can rapidly, you know, just reuse it. And what that means is effectively you can, instead of having to have hundreds of people on a central team, you can actually just crowdsource, and sort of decentralize the function. And if things are good, then a small team can actually come in and audit them, so to speak, and check that it's well-architected, and doesn't have flaws, and drive things that way.Corey: I have to confess that I view the CDK as sort of a third stage automation approach, and it's one that I haven't done much work with myself. The first stage is clicking around in the console; the second is using CloudFormation or Terraform; the third stage is what we're talking about here is CDK or Pulumi, or something like that. And then you ascend to the final fourth stage, which is what I use, which is clicking around in the AWS console, but then you lie to people about it. ClickOps is poised to take over the world. But that's okay. You haven't gotten that far yet. Instead, you're on the CDK side. What advantages does CDK offer that effectively CloudFormation or something like it doesn't?Matt: So, first off, for ClickOps in Liberty, we actually have the AWS console as read-only in all of our accounts, except for sandbox. So, you can ClickOps in sandbox to learn, but if you want to do something real, unfortunately, it's going to fail you. So.—Corey: I love that pattern. I think I might steal that.Matt: [laugh]. So, originally, we went heavy on CloudFormation, which is why CDK worked well for us. And because we've actually—it's been a long journey. I mean, we've been deploying—2014, I think it was, we first started deploying to AWS, and we've used everything from Terraform, to you name it. We've built our own tools, believe it or not, that are basically CDK.And the thing about CloudFormation is, it's brilliant, but it's also incredibly verbose and long because you need to specify absolutely everything that you want to deploy, and every piece of configuration. And that's fine if you're just deploying a side project, but if you're in an enterprise that has responsibilities to protect user data, and you can't just deploy anything, they end up thousands and thousands and thousands of lines long. And then we have amazing guardrails, so if you tried to deploy a CloudFormation template with a flaw in it, we can either just fix it, or reject the deploy. But CloudFormation is not known to be the fastest to deploy, so you end up in this developer cycle, where you build this template by hand, and then it goes through that CloudFormation deploy, and then you get the failure message that it didn't deploy because of some compliance thing, and developers just got frustrated, and were like, sod this. [laugh].I'm not deploying to AWS. Back the on-prem. And that's where CDK was a bit different because it allowed us to actually build abstractions with all of our guardrails baked in, so that it just looked like a standard class, for developers, like, developers already know Java, Python, TypeScript, the languages off CDK, and so we were able to just make it easy by saying, “You want API Gateway? There's an API Gateway class. You want, I don't know, an EC2 instance? There you go.” And that way, developers could focus on the thing they wanted, instead of all of the compliance stuff that they needed to care about every time they wanted to deploy.Corey: Personally, I keep lobbying AWS to add my preferred language, which is crappy shell scripting, but for some reason they haven't really been quick to add that one in. The thing that I think surprises me, on some level—though, perhaps it shouldn't—is not just the adoption of serverless that you're driving at Liberty Mutual, but the way that you're interacting with that feels very futuristic, for lack of a better term. And please don't think that I'm in any way describing this in a way that's designed to be insulting, but I do a bunch of serverless nonsense on Twitter for Pets. That's not an exaggeration. twitterforpets.com has a bunch of serverless stuff behind it because you know, I have personality defects.But no one cares about that static site that's been a slide dump a couple of times for me, and a running joke. You're at Liberty Mutual; you're an insurance company. When people wind up talking about big enterprise institutions, you're sort of a shorthand example of exactly what they're talking about. It's easy to contextualize or think of that as being very risk averse—for obvious reasons; you are an insurance company—as well as wanting to move relatively slowly with respect to technological advancement because mistakes are going to have drastic consequences to all of your customers, people's lives, et cetera, as opposed to tweets or—barks—not showing up appropriately at the right time. How did you get to the, I guess, advanced architectural philosophy that you clearly have been embracing as a company, while having to be respectful of the risk inherent that comes with change, especially in large, complex environments?Matt: Yeah, it's funny because so for everyone, we were talking before this recording started about, I've been with Liberty since 2011. So, I've seen a lot of change in the length of time I've been here. And I've built everything from IBM applications right the way through to the modern serverless apps. But the interesting thing is, the journey to where we are today definitely started eight or nine years ago, at a minimum because there was something identified in the leadership that they said, “Listen, we're all about our customers. And that means we don't want to be wasting millions of dollars, and thousands of hours, and big trains of people to build software that does stuff. We want to focus on why are we building a piece of software, and how quickly can we get there? If you focus on those two things you're doing all right.”And that's why starting from the early days, we focused on things like, okay, everything needs to go through CI/CD pipelines. You need to have your infrastructure as code. And even if you're deploying on-prem, you're still going to be using the same standards that we use to deploy to AWS today. So, we had years and years and years of just baking good development practices into the company. And then whenever we started to move to AWS, the question became, do we want to just deploy the same thing or do we want to take full advantage of what the cloud has to offer? And I think because we were primed and because the leadership had the right direction, you know, we were just sitting there ready to say, “Okay, serverless seems like a way we can rapidly help our customers.” And that's what we've done.Corey: A lot of the arguments against serverless—and let's be clear, they rhyme with the previous arguments against cloud that lots of people used to make; including me, let's be clear here. I'm usually wrong when I try to predict the future. “Well, you're putting your availability in someone else's hands,” was the argument about cloud. Yeah, it turns out the clouds are better at keeping things up than we are as individual companies.Then with serverless, it's the, “Well, if they're handling all that stuff for you on their side, when they're down, you're down. That's an unacceptable business risk, so we're going to be cloud-agnostic and multi-cloud, and that means everything we build serverlessly needs to work in multiple environments, including in our on-prem environment.” And from the way that we're talking about servers and things that you're building, I don't believe that is technically possible, unless some of the stuff you're building is ridiculous. How did you come to accept that risk organizationally?Matt: These are the conversations that we're all having. Sort of, I'd say once a week, we all have a multi-cloud discussion—and I really liked the article you wrote, it was maybe last year, maybe the year before—but multi-cloud to me is about taking the best capabilities that are out there and bringing them together. So, you know, like, Azure [ID 00:12:47] or whatever, things from the other clouds that they're good at, and using those rather than thinking, “Can I build a workload that I can simultaneously pay all of the price to run across all of the clouds, all of the time, so that if one's down, theoretically, I might have an outage?” So, the way we've looked at it is we embraced really early the well-architected framework from AWS. And it talks about things like you need to have multi-region availability, you need to have your backups in place, you need to have things like circuit breakers in place for if third-party goes down, and we've just tried to build really resilient architectures as best as we can on AWS. And do you know what I think, if [laugh] it AWS is not—I know at re:Invent, there it went down extraordinarily often compared to normal, but in general—Corey: We were all tired of re:Invent; their us-east-1 was feeling the exact same way.Matt: Yeah, so that's—it deserved a break. But, like, if somebody can't buy insurance for an hour, once a year, [laugh] I think we're okay with it versus spending millions to protect that one hour.Corey: And people make assumptions based on this where, okay, we had this problem with us-east-1 that froze things like the global Route 53 control planes; you couldn't change DNS for seven hours. And I highlighted that as, yeah, this is a problem, and it's something to severely consider, but I will bet you anything you'd care to name that there is an incredibly motivated team at AWS, actively fixing that as we speak. And by—I don't know how long it takes to untangle all of those dependencies, but I promise they're going to be untangled in relatively short order versus running data centers myself, when I discover a key underlying dependency I didn't realize was there, well, we need to break that. That's never going to happen because we're trying to do things as a company, and it's just not the most important thing for us as a going concern. With AWS, their durability and reliability is the most important thing, arguably compared to security.Would you rather be down or insecure? I feel like they pick down—I would hope in most cases they would pick down—but they don't want to do either one. That is something they are drastically incentivized to fix. And I'm never going to be able to fix things like that and I don't imagine that you folks would be able to either.Matt: Yeah, so, two things. The first thing is the important stuff, like, for us, that's claims. We want to make sure at any point in time, if you need to make a claim you can because that is why we're here. And we can do that with people whether or not the machines are up or down. So, that's why, like, you always have a process—a manual process—that the business can operate, irrespective of whether the cloud is still working.And that's why we're able to say if you can't buy insurance in that hour, it's okay. But the other thing is, we did used to have a lot of data centers, and I have to say, the people who ran those were amazing—I think half the staff now work for AWS—but there was this story that I heard where there was an app that used to go down at the same time every day, and nobody could work out why. And it was because someone was coming in to clean the room at that time, and they unplugged the server to plug in a vacuum, and then we're cleaning the room, and then plugging it back in again. And that's the kind of thing that just happens when you manage people, and you manage a building, and manage a premises. Whereas if you've heard that happened that AWS, I mean, that would be front page news.Corey: Oh, it absolutely would. There's also—as you say, if it's the sales function, if people aren't able to buy insurance for an hour, when us-east-1 went down, the headlines were all screaming about AWS taking an outage, and some of the more notable customers were listed as examples of this, but the story was that, “AWS has massive outage,” not, “Your particular company is bad at technology.” There's sort of a reputational risk mitigation by going with one of these centralized things. And again, as you're alluding to, what you're doing is not life-critical as far as the sales process and getting people to sign up. If an outage meant that suddenly a bunch of customers were no longer insured, that's a very different problem. But that's not your failure mode.Matt: Exactly. And that's where, like, you got to look at what your business is, and what you're specifically doing, but for 99.99999% of businesses out there, I'm pretty sure you can be down for the tiny window that AWS is down per year, and it will be okay, as long as you plan for it.Corey: So, one thing that really surprised me about the entirety of what you've done at Liberty Mutual is that you're a big enterprise company, and you can take a look at any enterprise company, and say that they have dueling mottos, which is, “I am not going to comment on that,” or, “That's not funny.” Like, the safe mode for any large concern is to say nothing at all. But a lot of folks—not just you—at Liberty have been extremely vocal about the work that you're doing, how you view these things, and I almost want to call it advocacy or evangelism for the CDK. I'm slightly embarrassed to admit that for a little while there, I thought you were an AWS employee in their DevRel program because you were such an advocate in such strong ways for the CDK itself.And that is not something I expected. Usually you see the most vocal folks working in environments that, let's be honest, tend to play a little bit fast and loose with things like formal corporate communications. Liberty doesn't and yet, there you folks are telling these great stories. Was that hard to win over as a culture, or am I just misunderstanding how corporate life is these days?Matt: No, I mean, so it was different, right? There was a point in time where, I think, we all just sort of decided that—I mean, we're really good at what we do from an engineering perspective, and we wanted to make sure that, given the messaging we were given, those 5000 teck employees in Liberty Mutual, if you consider the difference in broadcasting to 5000 versus going external, it may sound like there's millions, billions of people in the world, but in reality, the difference in messaging is not that much. So, to me what I thought, like, whenever I started anyway—it's not, like, we had a meeting and all decided at the same time—but whenever I started, it was a case of, instead of me just posting on all the internal channels—because I've been doing this for years—it's just at that moment, I thought, I could just start saying these things externally and still bring them internally because all you've done is widened the audience; you haven't actually made it shallower. And that meant that whenever I was having the internal conversations, nothing actually changed except for it meant external people, like all their Heroes—like Jeremy Daly—could comment on these things, and then I could bring that in internally. So, it almost helped the reverse takeover of the enterprise to change the culture because I didn't change that much except for change the audience of who I was talking to.Corey: This episode is sponsored by our friends at Oracle HeatWave is a new high-performance accelerator for the Oracle MySQL Database Service. Although I insist on calling it “my squirrel.” While MySQL has long been the worlds most popular open source database, shifting from transacting to analytics required way too much overhead and, ya know, work. With HeatWave you can run your OLTP and OLAP, don't ask me to ever say those acronyms again, workloads directly from your MySQL database and eliminate the time consuming data movement and integration work, while also performing 1100X faster than Amazon Aurora, and 2.5X faster than Amazon Redshift, at a third of the cost. My thanks again to Oracle Cloud for sponsoring this ridiculous nonsense.Corey: One thing that you've done that I want to say is admirable, and I stumbled across it when I was doing some work myself over the break, and only right before this recording did I discover that it was you is the cdkpatterns.com website. Specifically what I love about it is that it publishes a bunch of different patterns of ways to do things. This deviates from a lot of tutorials on, “Here's how to build this one very specific thing,” and instead talks about, “Here's the architecture design; here's what the baseline pattern for that looks like.” It's more than a template, but less than a, “Oh, this is a messaging app for dogs and I'm trying to build a messaging app for cats.” It's very generalized, but very direct, and I really, really like that model of demo.Matt: Thank you. So, watching some of your Twitter threads where you experiment with new—Corey: Uh oh. People read those. That's a problem.Matt: I know. So, whatever you experiment with a new piece of AWS to you, I've always wondered what it would be like to be your enabling architect. Because technically, my job in Liberty is, I meant to try and stay ahead of everybody and try and ease the on-ramp to these things. So, if I was your enabling architect, I would be looking at it going, “I should really have a pattern for this.” So that whenever you want to pick up that new service the patterns in cdkpatterns.com, there's 24, 25 of them right there, but internally, there's way more than dozens now.The goal is, the pattern is the least amount to code for you to learn a concept. And then that way, you can not only see how something works, but you can maybe pick up one of the pieces of the well-architected framework while you're there: All of it's unit tested, all of it is proper, you know, like, commented code. The idea is to not be crap, but not be gold-plated either. I'm currently in the process of upgrading that all to V2 as well. So, that [unintelligible 00:21:32].Corey: You mentioned a phrase just now: “Enabling architect.” I have to say this one that has not crossed my desk before. Is that an internal term you use? Is that an enterprise concept I've somehow managed to avoid? Is that an AWS job role? What is that?Matt: I've just started saying [laugh] it's my job over the past couple of years. That—I don't know, patent pending? But the idea to me is—Corey: No, it's evocative. I love the term, I'd love to learn more.Matt: Yeah, because you can sort of take two approaches to your architecture: You can take the traditional approach, which is the ‘house of no' almost, where it's like, “This is the architecture. How dare you want to deviate. This is what we have decided. If you want to change it, here's the Architecture Council and go through enterprise architecture as people imagine it.” But as people might work out quite quickly, whenever they meet me, the whole, like, long conversational meetings are not for me. What I want to do is teach engineers how to help themselves, so that's why I see myself as enabling.And what I've been doing is using techniques like Wardley Mapping, which is where you can go out and you can actually take all the components of people's architecture and you can draw them on a map for—it's a map of how close they are to the customer, as well as how cutting edge the tech is, or how aligned to our strategic direction it is. So, you can actually map out all of the teams, and—there's 160, 170 engineers in Belfast and Dublin, and I can actually go in and say, “Oh, that piece of your architecture would be better if it was evolved to this. Well, I have a pattern for that,” or, “I don't have a pattern for that, but you know what? I'll build one and let's talk about it next week.” And that's always trying to be ahead, instead of people coming to me and I have to say no.Corey: AWS Proton was designed to do something vaguely similar, where you could set out architectural patterns of—like, the two examples that they gave—I don't know if it's in general availability yet or still in public preview, but the ones that they gave were to build a REST API with Lambda, and building something-or-other with Fargate. And the idea was that you could basically fork those, or publish them inside of your own environment of, “Oh, you want a REST API; go ahead and do this.” It feels like their vision is a lot more prescriptive than what yours is.Matt: Yeah. I talked to them quite a lot about Proton, actually because, as always, there's different methodologies and different ways of doing things. And as I showed externally, we have our software accelerator, which is kind of our take on Proton, and it's very open. Anybody can contribute; anybody can consume. And then that way, it means that you don't necessarily have one central team, you can have—think of it more like an SRE function for all of the patterns, rather than… the Proton way is you've separate teams that are your DevOps teams that set up your patterns and then separate team that's consumer, and they have different permissions, different rights to do different things. If you use a Proton pattern, anytime an update is made to that pattern, it auto-deploys your infrastructure.Corey: I can see that breaking an awful lot.Matt: [laugh]. Yeah. So, the idea is sort of if you're a consumer, I assume you [unintelligible 00:24:35] be going to change that infrastructure. You can, they've built in an escape hatch, but the whole concept of it is there's a central team that looks to what the best configuration for that is. So, I think Proton has so much potential, I just think they need to loosen some of the boundaries for it to work for us, and that's the feedback I've given them directly as well.Corey: One thing that I want to take a step beyond this is, you care about this? More than most do. I mean, people will work with computers, yes. We get paid for that. Then they'll go and give talks about things. You're doing that as well. They'll launch a website occasionally, like, cdkpatterns.com, which you have. And then you just sort of decide to go for the absolute hardest thing in the world, and you're one of four authors of a book on this. Tell me more.Matt: Yeah. So, this is something that there's a few of us have been talking since one of the first CDK Days, where we're friends, so there's AWS Heroes. There's Thorsten Höger, Matt Bonig, Sathyajith Bhat, and myself, came together—it was sometime in the summer last year—and said, “Okay. We want to write a book, but how do we do this?” Because, you know, we weren't authors before this point; we'd never done it before. We weren't even sure if we should go to a publisher, or if we should self-publish.Corey: I argue that no one wants to write a book. They want to have written a book, and every first-time author I've ever spoken to at the end has said, “Why on earth would anyone want to do this a second time?” But people do it.Matt: Yeah. And that's we talked to Alex DeBrie, actually, about his book, the amazing Dynamodb Book. And it was his advice, told us to self-publish. And he gave us his starter template that he used for his book, which took so much of the pain out because all we had to do was then work out how we were going to work together. And I will say, I write quite a lot of stuff in general for people, but writing a book is completely different because once it's out there, it's out there. And if it's wrong, it's wrong. You got to release a new version and be like, “Listen, I got that wrong.” So, it did take quite a lot of effort from the group to pull it together. But now that we have it, I want to—I don't have a printed copy because it's only PDF at the minute, but I want a copy just put here [laugh] in, like, the frame. Because it's… it's what we all want.Corey: Yeah, I want you to do that through almost a traditional publisher, selfishly, because O'Reilly just released the AWS Cookbook, and I had a great review quote on the back talking about the value added. I would love to argue that they use one of mine for The CDK Book—and then of course they would reject it immediately—of, “I don't know why you do all this. Using the console and lying about it is way easier.” But yeah, obviously not the direction you're trying to take the book in. But again, the industry is not quite ready for the lying version of ClickOps.It's really neat to just see how willing you are to—how to frame this?—to give of yourself and your time and what you've done so freely. I sometimes make a joke—that arguably isn't that funny—that, “Oh, AWS Hero. That means that you basically volunteer for a $1.6 trillion company.”But that's not actually what you're doing. What you're doing is having figured out all the sharp edges and hacked your way through the jungle to get to something that is functional, you're a trailblazer. You're trying to save other people who are working with that same thing from difficult experiences on their own, having to all thrash and find our own way. And not everyone is diligent and as willing to continue to persist on these things. Is that a somewhat fair assessment how you see the Hero role?Matt: Yeah. I mean, no two Heroes are the same, from what I've judged, I haven't met every Hero yet because pandemic, so Vegas was the first time [I met most 00:28:12], but from my perspective, I mean, in the past, whatever number of years I've been coding, I've always been doing the same thing. Somebody always has to go out and be the first person to try the thing and work out what the value is, and where it'll work for us more work for us. The only difference with the external and public piece is that last 5%, which it's a very different thing to do, but I personally, I like even having conversations like this where I get to meet people that I've never met before.Corey: You sort of discovered the entire secret of why I have an interview podcast.Matt: [laugh]. Yeah because this is what I get out of it, just getting to meet other people and have new experiences. But I will say there's Heroes out there doing very different things. You've got, like, Hiro—as in Hiro, H-I-R-O—actually started AWS Newbies and she's taught—ah, it's hundreds of thousands of people how to actually just start with AWS, through a course designed for people who weren't coders before. That kind of thing is next-level compared to anything I've ever done because you know, they have actually built a product and just given it away. I think that's amazing.Corey: At some level, building a product and giving it away sounds like, “You know, I want to never be lonely again.” Well, that'll work because you're always going to get support tickets. There's an interesting narrative around how to wind up effectively managing the community, and users, and demands, based on open-source maintainers, that we're all wrestling with as an industry, particularly in the wake of that whole log4j nonsense that we've been tilting at that windmill, and that's going to be with us for a while. One last thing I want to talk about before we wind up calling this an episode is, you are one of the organizers of CDK Day. What is that?Matt: Yeah, so CDK Day, it's a complete community-organized conference. The past two have been worldwide, fully virtual just because of the situation we're in. And I mean, they've been pretty popular. I think we had about 5000 people attended the last one, and the idea is, it's a full day of the community just telling their stories of how they liked or disliked using the CDK. So, it's not a marketing event; it's not a sales event; we actually run the whole event on a budget of exactly $0. But yeah, it's just a day of fun to bring the community together and learn a few things. And, you know, if you leave it thinking CDK is not for you, I'm okay with that as much as if you just make a few friends while you're there.Corey: This is the first time I'd realized that it wasn't a formal AWS event. I almost feel like that's the tagline that you should have under it. It's—because it sounds like the CDK Day, again, like, it's this evangelism pure, “This is why it's great and why you should use it.” But I love conferences that embrace critical views. I built one of the first talks I ever built out that did anything beyond small user groups was “Heresy in the Church of Docker.”Then they asked me to give that at ContainerCon, which was incredibly flattering. And I don't think they made that mistake a second time, but it was great to just be willing to see some group of folks that are deeply invested in the technology, but also very open to hearing criticism. I think that's the difference between someone who is writing a nuanced critique versus someone who's just [pure-on 00:31:18] zealotry. “But the CDK is the answer to every technical problem you've got.” Well, I start to question the wisdom of how applicable it really is, and how objective you are. I've never gotten that vibe from you.Matt: No, and that's the thing. So, I mean, as we've worked out in this conversation, I don't work for AWS, so it's not my product. I mean, if it succeeds or if it fails, it doesn't impact my livelihood. I mean, there are people on the team who would be sad for, but the point is, my end goal is always the same. I want people to be enabled to rapidly deliver their software to help their customers.If that's CDK, perfect, but CDK is not for everyone. I mean, there are other options available in the market. And if, even, ClickOps is the way to go for you, I am happy for you. But if it's a case of we can have a conversation, and I can help you get closer to where you need to be with some other tool, that's where I want to be. I just want to help people.Corey: And if I can do anything to help along that axis, please don't hesitate to let me know. I really want to thank you for taking the time to speak with me and being so generous, not just with your time for this podcast, but all the time you spend helping the rest of us figure out which end is up, as we continue to find that the way we manage environments evolves.Matt: Yeah. And, listen, just thank you for having me on today because I've been reading your tweets for two years, so I'm just starstruck at this moment to even be talking to you. So, thank you.Corey: No, no. I understand that, but don't worry, I put my pants on two legs at a time, just like everyone else. That's right, the thought leader on Twitter, you have to jump into your pants. That's the rule. Thanks again so much. I look forward to having a further conversation with you about this stuff as I continue to explore, well honestly, what feels like a brand new paradigm for how we manage code.Matt: Yeah. Reach out if you need any help.Corey: I certainly will. You'll regret asking. Matt [Coulter 00:33:06], Technical Architect at Liberty Mutual. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, write an angry comment, then click the submit button, but lie and say you hit the submit button via an API call.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.

Hacking Humans
Log4j vulnerability (noun) [Word Notes]

Hacking Humans

Play Episode Listen Later Jan 11, 2022 8:46


An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. 

Programming Throwdown
124 - Holiday Episode 2021!

Programming Throwdown

Play Episode Listen Later Jan 10, 2022 87:16


In this holiday episode, Jason and Patrick answer questions from listeners. They also look back at the past year's challenges and victories.00:15:35 (Kevin)What's been the biggest thing that pushed you to learn more during your career?Was it taking a new job and moving somewhere, doing stuff in your spare time or something like a new hobby or anything else?00:29:38 (Kevin)Favorite city to live in or visit?00:31:29 First Winner (James B.)00:32:21 (Clever Clover/James)Next biggest tech prediction.00:36:28 (Paul) If we could standardize all the code there is out there to one particular language, which language would it be and why would it be Python?00:40:40 Second Winner (Collin G.)00:41:21 (Necrous)If you could redo your career and education path, what would you change?00:47:12 Third Winner (Matt I.)00:47:48 (MQNC)What is the dirtiest hackiest anti-pattern piece of code you ever wrote in full consciousness and even maybe enjoying the thrill and why was it the way to go?00:54:36 (Leedle)Thoughts on server side rendering React and NextJS?00:57:00 Fourth Winner (Glenn S.)00:57:25 (NC Plattipus)The visual programming language, LabVIEW?01:05:02 Fifth Winner (James F.)01:05:53 (Gethan)Future technology or big technologies, what about AR? 01:10:18 (Gethan)On the topic of getting a master's degree or classes, do you see a benefit of getting certifications? 01:18:16 Sixth Winner (Don R.)01:19:38Predictions we made last 2020 and how they held up.01:26:00FarewellsIf you've enjoyed this episode, you can listen to more on Programming Throwdown's website: https://www.programmingthrowdown.com/Reach out to us via email: programmingthrowdown@gmail.comYou can also follow Programming Throwdown on Facebook | Apple Podcasts | Spotify | Player.FM Join the discussion on our DiscordHelp support Programming Throwdown through our Patreon★ Support this podcast on Patreon ★

Thrive Bites
S 4 Ep 30 - How To Make Your Life Legendary with Mark Bravo

Thrive Bites

Play Episode Listen Later Jan 10, 2022 66:48


How do you conquer various obstacles in your path? And how do you maintain a positive attitude despite all adversities? Discover how as I interview Mark Bravo, a veteran of over 500 races and around 50 marathons with the love of the positivity of those at races! WATCH THE YOUTUBE VERSION HERE: https://youtu.be/nBqkF_c1C9E  Mark Bravo is a 40-year runner and 20-year national running coach. Mark is a longtime Race Announcer, hosting such venues as the Oklahoma City Memorial Marathon and others around the southwest United States. He has a personal best at that distance of 2:44. The vibrant engagements at these events have kept him racing since 1981, though more so Mark now lives vicariously through participants by calling them to "their Finish Lines!" Mark sees everyone as an athlete; his mantra is: "All Abilities, All Athletes", and you quickly find that his definition of the word goes well beyond the physical! Mark lives in Edmond, Oklahoma, and you can find him calling most every local road race (if it doesn't require being in 2 places at once.) He always welcomes a conversation, and his gratitude for what the sport (and people around it) have lent to his life is clear to see. https://www.runbravo.com/ ***This episode was previously LIVE, so giveaways, comments, and questions cannot be entertained at this time. Find the other YouTube episodes here: https://bit.ly/TheChefDocYT Follow us every Wednesday for a new LIVE Q&A Episode at 5 pm PST. --- Listen to other Thrive Bites Episodes here: https://www.thethr5formula.co/podcast Join our NEW THR5 FB Community here: https://www.facebook.com/groups/theth... --- *This episode is sponsored by The THR5 Formula™ Virtual Summit Experience at https://www.thethr5formula.co/ *This episode is sponsored by Betterhelp. Special offer for Thrive Bites listeners, get 10% off your first month at http://betterhelp.com/thechefdoc _________________ *Interview views are opinions of the individual. This podcast is not a source of medical or dental advice* Copyright © 2021 by TheChefDoc, LLC All text, graphics, audio files, Java applets and scripts, downloadable software, and other works on this website are the copyrighted works of TheChefDoc, LLC. All Rights Reserved. Any unauthorized redistribution or reproduction of any copyrighted materials on this website is strictly prohibited.

Thrive Bites
S 4 Ep 29 - How To Be Plant-Based While Pregnant with Dr. Jeffrey Pierce

Thrive Bites

Play Episode Listen Later Jan 6, 2022 58:36


Can you manage a healthy pregnancy with a plant-based diet? How do you get enough nutrition for you and your baby? Join me as I interview Dr. Jeffrey Pierce, a board-certified family medicine physician. WATCH THE YOUTUBE VIDEO HERE: https://youtu.be/NaBP66vJ42Q  Dr. Pierce is passionate about using a whole-food, plant-based diet and other lifestyle medicine modalities to help people get healthier, get off of medications, and live longer & fuller lives. He also has a special interest in using the power of lifestyle to help support a healthy pregnancy. In addition to his work in lifestyle medicine, he continues to practice and teach high-risk and surgical obstetrics, mentor outstanding family residents in global health and teach point-of-care ultrasound through the Global Ultrasound Institute. https://jeffpiercemd.com/ ***This episode was previously LIVE, so giveaways, comments, and questions cannot be entertained at this time. Find the other YouTube episodes here: https://bit.ly/TheChefDocYT Follow us every Wednesday for a new LIVE Q&A Episode at 5 pm PST. --- Listen to other Thrive Bites Episodes here: https://www.thethr5formula.co/podcast Join our NEW THR5 FB Community here: https://www.facebook.com/groups/theth... --- *This episode is sponsored by The THR5 Formula™ Virtual Summit Experience at https://www.thethr5formula.co/ *This episode is sponsored by Listenable.io. Special offer for Thrive Bites listeners, using the coupon code {colinzhu} at listenable.io, and you'll get 30% off a year of Listenable. _________________ *Interview views are opinions of the individual. This podcast is not a source of medical or dental advice* Copyright © 2022 by TheChefDoc, LLC All text, graphics, audio files, Java applets and scripts, downloadable software, and other works on this website are the copyrighted works of TheChefDoc, LLC. All Rights Reserved. Any unauthorized redistribution or reproduction of any copyrighted materials on this website is strictly prohibited.

FUTRtech Podcast
Freak Out, It's Log4J!

FUTRtech Podcast

Play Episode Listen Later Jan 6, 2022 3:00


Give your security guys a hug, a socially distanced one, because we are in the middle of a pandemic and we aren't savages. They had a very bad holiday trying to deal with the Log4J exploit that hit in December.If you are confused as to what this is all about, stay tuned.Hey everybody, this is Chris Brandt, welcome to another FUTRtech video podcast. On December 9th, a remote code execution bug in Apache Log4j 2 was discovered being exploited in the wild. This exploit was alarming for two reasons, it is very widely used and it is a very easy exploit to perform. Minecraft, Apple's iCloud and Amazon Web Services are just some of the major services impacted by this. Additionally, after the exploit came to light, bad actors started actively scanning the Internet for vulnerable systems.So what is Log4J?  Log4J is an open source logging utility used by Java applications. Most systems log an enormous amount of events for analysis and troubleshooting. It is responsible for writing and processing the log files. For example, say you request a page from a webserver that doesn't exist, if the server is running Java it would likely log this failed attempt through Log 4J. The part that was exploited was the Context Lookup feature, which like it says adds additional context to the logs like adding the currently logged in user.By submitting a specially crafted request, the application would execute code to either download additional exploits or to exploit functions on the system directly. The exploit is fairly trivial to perform and because of Log4J's wide use, this became a major problem for businesses over the holidays. With already overstretched security and development resources this became a major undertaking for many people.Fortunately there is a patch available for this. There are still some configuration details that you need to pay attention to, but getting this fixed should be a top priority for your organization.Thanks for watching, if you like what you saw, give us a like and think about subscribing, and I will see you in the next video.FUTRtech focuses on startups, innovation, culture and the business of emerging tech with weekly video podcasts where Chris Brandt and Sandesh Patel talk with Industry leaders and deep thinkers.Occasionally I share links to products I use, as an Amazon Associate I earn from qualifying purchases on Amazon.

Python Bytes
#265 Get asizeof pympler and muppy

Python Bytes

Play Episode Listen Later Jan 5, 2022 47:46


Watch the live stream: Watch on YouTube About the show Sponsored by us: Check out the courses over at Talk Python And Brian's book too! Special guest: Matt Kramer (@__matt_kramer__) Michael #1: Survey results Question 1: Question 2: In terms of too long, the “extras” section has started at these times in the last 4 episodes: 39m, 32m, 35m, and 33m ~= 34m on average Brian #2: Modern attrs API attrs overview now focus on using @define History of attrs article: import attrs, by Hynek predecessor was called characteristic. A discussion between Glyph and Hynek in 2015 about where to take the idea. attrs popularity takes off in 2016 after a post by Glyph: ‌The One Python Library Everyone Needs In 2017 people started wanting something like attrs in std library. Thus PEP 557 and dataclasses. Hynek, Eric Smith, and Guido discuss it at PyCon US 2017. dataclasses, with a subset of attrs functionality, was introduced in Python 3.7. Types take off. attrs starts supporting type hints as well, even before Python 3.7 Post 3.7, some people start wondering if they still need attrs, since they have dataclasses. @define, field() and other API improvements came with attrs 20.1.0 in 2020. attrs 21.3.0 released in December, with what Hynek calls “Modern attrs”. OG attrs: import attr @attr.s class Point: x = attr.ib() y = attr.ib() modern attrs: from attr import define @define class Point: x: int y: int Many reasons to use attrs listed in Why not…, which is an excellent read. why not dataclasses? less powerful than attrs, intentionally attrs has validators, converters, equality customization, … attrs doesn't force type annotation if you don't like them slots on by default, dataclasses only support slots in Python 3.10 and are off by default attrs can and will move faster See also comparisons with pydantic, named tuples, tuples, dicts, hand-written classes Matt #3: Crafting Interpreters Wanting to learn more about how Python works “under the hood”, I first read Anthony Shaw's CPython internals book A fantastic, detailed overview of how CPython is implemented Since I don't have a formal CS background, I found myself wanting to learn a bit more about the fundamentals Parsing, Tokenization, Bytecode, data structures, etc. Crafting Interpreters is an incredible book by Bob Nystrom (on Dart team at Google) Although not Python, you walk through the implementation of a dynamic, interpreted language from scratch Implement same language (called lox) in two interpreters First a direct evaluation of Abstract Syntax Tree, written in Java Second is a bytecode interpreter, written from the ground up in C, including a compiler Every line of code is in the book, it is incredibly well-written and beautifully rendered I highly recommend to anyone wanting to learn more about language design & implementation Michael #4: Yamele - A schema and validator for YAML via Andrew Simon A basic schema: name: str() age: int(max=200) height: num() awesome: bool() And some YAML that validates: name: Bill age: 26 height: 6.2 awesome: True Take a look at the Examples section for more complex schema ideas. ⚠️ Ensure that your schema definitions come from internal or trusted sources. Yamale does not protect against intentionally malicious schemas. Brian #5: pympler Inspired by something Bob Belderbos wrote about sizes of objects, I think. “Pympler is a development tool to measure, monitor and analyze the memory behavior of Python objects in a running Python application. By pympling a Python application, detailed insight in the size and the lifetime of Python objects can be obtained. Undesirable or unexpected runtime behavior like memory bloat and other “pymples” can easily be identified.” 3 separate modules for profiling asizeof module provides basic size information for one or several Python objects muppy is used for on-line monitoring of a Python application Class Tracker provides off-line analysis of the lifetime of selected Python objects. asizeof is what I looked at recently In contrast to sys.getsizeof, asizeof sizes objects recursively. You can use one of the asizeof functions to get the size of these objects and all associated referents: >>> from pympler import asizeof >>> obj = [1, 2, (3, 4), 'text'] >>> asizeof.asizeof(obj) 176 >>> print(asizeof.asized(obj, detail=1).format()) [1, 2, (3, 4), 'text'] size=176 flat=48 (3, 4) size=64 flat=32 'text' size=32 flat=32 1 size=16 flat=16 2 size=16 flat=16 “Function flatsize returns the flat size of a Python object in bytes defined as the basic size plus the item size times the length of the given object.” Matt #6: hvPlot Interactive hvPlot is a high-level plotting API that is part of the PyData ecosystem, built on HoloViews My colleague Phillip Rudiger recently gave a talk at PyData Global on a new .interactive feature Here's an announcement in the HoloViz forum Allows integration of widgets directly into pandas analysis pipeline (method-chain), so you can add interactivity to your notebook for exploratory data analysis, or serve it as a Panel app Gist & video by Marc Skov Madsen Extras Michael: Typora app, recommended! Congrats Will Got a chance to solve a race condition with Tenacity New project management at GitHub Matt: Check out new Anaconda Nucleus Community forums! We're hiring, and remote-first. Check out anaconda.com/careers Pre-compiled packages now available for Pyston We have an upcoming webinar from Martin Durant: When Your Big Problem is I/O Bound Joke:

Marketing Trends
The Challenges of the Modern CMO Addressed with Ingrid Burton, CMO Quantcast

Marketing Trends

Play Episode Listen Later Jan 5, 2022 41:55


Marketing leaders are faced with a litany of challenges, an ocean of tools, and seemingly infinite amounts of data, which can all get a bit overwhelming. Ingrid Burton, CMO of Quantcast, is passionate about the industry and on Marketing Trends she discusses with me some of the obstacles the modern marketer faces. “The challenges of today's CMO are very different than the challenges of even five years ago, 10 years ago. It is such a fast-moving space and CMOs have to be well versed in strategy and data in understanding the market. It's such a big job now. I wonder how my fellow CMOs are doing, because like I said, I started my day at four-thirty this morning because I lay awake at night with all these asks and I [wonder] how am I gonna get it all done? Do I have the right team on the field? Can we really execute this? Can we measure our results and make sure we're getting the attribution that we need. We need to be thinking about how we make sure CMOs don't burn out. How do we make sure CMOs are able to lead through this? And how do we make sure that the expectations are realistic?” There will never be an end to all of the additional things a marketer does, another channel to add to the mix, but be careful not to push yourself or your team beyond your limits. In this episode, Ingrid unpacks what they mean at Quantcast when they talk about providing a free and open internet. She delves into her passion and in-depth knowledge of machine learning, and how marketers can best utilize their endless amount of tools. She also explains why ESG is going to be a main driver for them next year and how they're ensuring true Diversity, Equality, and Inclusion. There's so much to enjoy, up ahead with Ingrid here on Marketing Trends. Main TakeawaysThe Challenges of the Modern CMO: The rapid pace of the software-driven industry is a lot to keep up with. Getting more data and analytics capabilities has driven a lot of growth in the last 5-10 years. The constant rush of information combined with the constant demand to put information out can lead some of even the most passionate marketers to burnout. Guarding against that is going to be what separates the leaders of the future. The expectations of many CMOs and marketing leaders are very high. The Value of a Free and Open Internet: The value of having clear and factual information widely acknowledged and accepted in culture is essential for unity. The internet disrupted the journalism industry, and this change has brought about the conversion to subscription fee-based models over the traditional ad-based mode. This means that some people don't have access to the factual information they could be learning their news from. Machine Learning - The Power of Noticing Patterns: Pattern recognition is one of the most useful tools in leadership and in scaling business. Machines that can be taught to recognize certain patterns can do so and scan the entire database instantaneously. If you can notice patterns in marketing that can help you predict what your customers may be interested in or looking for at certain times of the year, times of day, devices, or locations. The power of machine learning in marketing is just in the early stages.Key Quotes“Hopefully I don't say ‘I' too much. I always want to say ‘we' - We did this. We did that. I'm just the guide; here's the north star we want to take. Or as I put it, here's the mountain we need to take. I put that out there very early on. I think my team here was very surprised. And when I showed them just a few baby steps of how you're gonna climb small hills to get to the top of the peak, they saw that they could do it. They accomplished it. Some of it's confidence-building and having them believe in themselves.”“Who can afford to subscribe to all these news publications. There's gotta be a different way. I'm afraid for a society that if we charge for every piece of content, what's going to happen to people that can't afford it [is that] they're gonna be left behind. They get left behind because they're not getting the right news. The internet is a great equalizer and we need to make sure that it's not a fee-based internet.” “One of the things that's unique about Quantcast is we have this unique, real-time data set and it's one of the largest in the world behind Google and Facebook. Since we started the company, we have established a relationship with all the publishers out there. This is Hurst which is huge, Conde Nast...we have a hundred million websites. Their data is feeding into this anonymized data set. That is one of the largest actually running in the Amazon cloud, one of the largest that they have. We're using machine learning to find patterns and make predictions about the behavior of what's happening in this data set.”“The challenges of today's CMO, are very different than the challenges of even five years ago, 10 years ago. It is such a fast-moving space and CMOs have to be well versed in strategy and data in understanding the market. It's such a big job now. I wonder how my fellow CMOs are doing, because like I said, I started my day at four-thirty this morning because I lay awake at night with all these asks coming at me and I [wonder] how am I gonna get it all done? Do I have the right team on the field? Can we really execute to this? Can we measure our results and um, really make sure we're getting the attribution that we need. We need to really be thinking about how do we make sure CMOs don't burn out? How do we make sure CMOs are able to lead through this? And how do we make sure that the expectations are realistic?”BioIngrid Burton is a unique leader in the world of tech as she bridges the gap between technology and marketing in leading teams to unparalleled successes driving strategies for market trends including AI and machine learning, Java and HANA technologies, SaaS, Cloud Computing, Open Source, Internet of Things (IOT), community engagement and Big Data that have had a positive impact on the evolving technology landscape.Ingrid's career includes her role as a member of the board of directors at Extreme Networks. She also held the role of Chief Marketing Officer at H2O.ai, the open source leader in AI and machine learning, where she led marketing teams while positioning the company through its growth stages. Prior to H2O.ai, Ingrid advised companies including DriveScale, MapR (acquired by HPE) and Paxata (acquired by DataRobot). She was CMO of Hortonworks, a Big Data company, where she drove a brand and marketing transformation, positioning the company for growth and subsequent acquisition.Ms. Burton led the Product and Innovation marketing team at SAP, where she was the marketing leader of SAP HANA, analytics, and mobile offerings, and where she co-created the company Cloud strategy. As CMO of pre-IPO Silver Spring Networks, she positioned the company for their IPO as the leader in energy networks. While CMO at Plantronics she reshaped a 50-year-old brand into a modern and exciting communications model for both consumers and business.Previously at Sun Microsystems, Ingrid held various leadership roles including head of marketing for the company, driving both the company and Java brand, global citizenship, championing open source initiatives, and leading product and strategic marketing teams. Early in her career, Ingrid was a developer.Ms. Burton actively engages with and mentors people in both technology and business functions, and provides guidance for them in their careers. She has received numerous awards including the 2005 Silicon Valley TWIN award.---Marketing Trends podcast is brought to you by Salesforce. Discover marketing built on the world's number one CRM: Salesforce. Put your customer at the center of every interaction. Automate engagement with each customer. And build your marketing strategy around the entire customer journey. Salesforce. We bring marketing and engagement together. Learn more at salesforce.com/marketing.

Risky Business
Risky Business #649 -- Java being a fiddly mess saves the day

Risky Business

Play Episode Listen Later Jan 5, 2022


On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: The log4j bug wrap The ransomware wrap The human rights and surveillance industry wrap Research and carnage wrap This week's show is brought to you by Airlock Digital. They make allowlisting software that has mostly been used in Windows environments, but as you're about to hear they've now got a very, very nice solution for the bigger Linux distros, and their Mac agent is going to be launched in a few weeks. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes FTC warns companies to remediate Log4j security vulnerability | Federal Trade Commission Srsly Risky Biz: Thursday December 16 The internet runs on free open-source software. Who pays to fix it? | MIT Technology Review Propane distributor Superior Plus admits ransomware breach | The Daily Swig Ransomware attack threatens paychecks just before Christmas Cyberattack on one of Norway's largest media companies shuts down presses - The Record by Recorded Future Photography site Shutterfly is dealing with a ransomware attack - CyberScoop Lapsus$ ransomware gang hits SIC, Portugal's largest TV channel - The Record by Recorded Future US food importer Atalanta admits ransomware attack | The Daily Swig The FBI believes the HelloKitty ransomware gang operates out of Ukraine - The Record by Recorded Future Ransomware affiliate arrested in Romania - The Record by Recorded Future Iranian hackers behind Cox Media Group ransomware attack - The Record by Recorded Future Israeli newspaper Jerusalem Post is hacked, website defaced to include threats Iranian Hackers Abuse Slack For Cyber Spying Why Wall Street is worried about state and local government cybersecurity - The Record by Recorded Future North Korean hackers target Russian diplomats using New Year greetings - The Record by Recorded Future Egyptian Politician Hacked by 2 Government Hacking Groups, Researchers Say Saudi women's rights activist says phone hack by U.S. contractors led to arrest -lawsuit | Reuters UAE agency put Pegasus spyware on the phone of Hanan Elatr, Jamal Khashoggi's wife - Washington Post A new spyware-for-hire, Predator, caught hacking phones of politicians and journalists | TechCrunch Facebook says 50,000 users were targeted by cyber mercenary firms in 2021 | MIT Technology Review Encrypted Phone Company Backdoored by FBI Will Lead to 'Years' of Arrests Russian hackers bypass 2FA by annoying victims with repeated push notifications - The Record by Recorded Future More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild - The Record by Recorded Future Facebook expands bug bounty program to cover scraping attacks - The Record by Recorded Future Wireless coexistence – New attack technique exploits Bluetooth, WiFi performance features for ‘inter-chip privilege escalation' | The Daily Swig Microsoft notifies customers of Azure bug that exposed their source code - The Record by Recorded Future US charges former GRU officer with hacking and stock market trading scheme - The Record by Recorded Future Crypto exchanges keep getting hacked, and there's little anyone can do CISA tells agencies to patch recent Windows 10 zero-day abused by Emotet botnet - The Record by Recorded Future Security flaws found in a popular guest Wi-Fi system used in hundreds of hotels | TechCrunch Backdoor gives hackers complete control over federal agency network | Ars Technica Microsoft fixes harebrained Y2K22 Exchange bug that disrupted email worldwide | Ars Technica

That's my JAMstack
S3E2 - Salma Alam-Naylor on shipping, learning, and rendering in the Jamstack

That's my JAMstack

Play Episode Listen Later Jan 4, 2022 27:58


Our Guest: Salma Alam-Naylor What she'd like for you to see: Unbreak.tech Her JAMstack Jams: All the amazing rendering options! Her musical Jam: Move On by Emily Vaughn Grant (pay special attention at 1:47 in the track for the double tracked bass!) Transcript Bryan Robinson 0:14 Hello Hello everyone. Welcome to another JAM PACKED Jamstack episode. This is That's My Jamstack the podcast where we ask the best question since sliced bread. What is your jam in the Jamstack? I'm your host Brian Robinson and this week, we have a very special guest. I'm pleased to introduce the winner of the Jamstack community creator award from Jamstack Conf 2021 Salma Alam-Naylor. Salma helps developers build stuff, learn things and love what they do. She does that via her Twitch streams, YouTube channel and blog. One quick update for the episode, we recorded this prior to Salma joining the Netlify team. So while we mentioned Contentful, in various parts of the episode, Sam is now on the DX team at Netlify. Bryan Robinson 1:04 Alright, Salma, well, thanks for joining us on the show today. Salma Alam-Naylor 1:06 Thank you for having me. It's a pleasure to be here. Bryan Robinson 1:08 Awesome. So tell us a little bit about yourself. What do you do for work? What do you do for fun, Salma Alam-Naylor 1:13 I am currently a developer advocate for Contentful. I've also got like kind of other stuff that you do. So you might know me on the internet as white Panther. And I help developers build stuff, learn things and love what they do. I write educational blog posts about web development. I do a lot of live streaming on Twitch, I make YouTube content. And I'm an all round Jamstack enthusiast To be honest, for fun, I mean, I kind of do that for fun as well. But if you want to know about non web dev stuff, I actually love interior design. And I'm moving in the next like two months. So hopefully, when people hear this, they would have actually finally moved house. So I can't wait to get my hand stuck in to that little project. I also like to play cerebral puzzle games with my husband on on a computer, most recently, a game called Super liminal, which is all about like perspective and maths and stuff. It's very good. Bryan Robinson 2:19 I'm gonna jump in real fast. I have a six year old and we were playing super limited together. Nothing about it. I was like, this is super fun. And like we were having good time. He that was really cool. And then it gets creepy. I didn't expect they get super creepy. And he's like, I don't want to play this game anymore. Daddy. We never have to play it again. You're fine. Salma Alam-Naylor 2:38 Yeah, it was a good game. It's a good game. I remember this one bit that when you get on like a roof, and there's the moon. And we were like on the roof thinking this you have to we have to get above the roof because of the weird glitch thing when you turn the light on and off. But it wasn't it was an Easter egg. It wasn't a thing. It was fun. And I'm also, you know, my background is in music. I did a music degree. I was a music teacher. I was a musician. So I still try to play music for fun with my family. And I do want to get back into making music. Actually, I missed that a lot. But so when I move into my new house, I'll have a proper studio purposely for the music. So I think I'm looking forward to that a lot. Bryan Robinson 3:21 That's amazing. So what's your instrument of choice or musical talent of choice, I suppose. Salma Alam-Naylor 3:27 So when I was growing up, and when I was a teacher, my main instruments were piano and flute, but and singing, but I also taught kids how to play in rock bands for a few years. So I was a bass player. I don't really do much bass now. And I did some guitar and played some drums and stuff. But making music now I really like making electronic music mainly. I was also a musical comedian for a few years. Interesting. touring the UK, singing weirdly satirical British political songs. We'd get cancelled now so you can't hear any of it. Bryan Robinson 4:14 Out of curiosity. Is there any comedy in Britain? That's not satirical political comedy? I feel like everything kind of falls into it. Salma Alam-Naylor 4:23 Yeah, it's pretty much there's a lot to satirize in the British political system. But I guess that's for another podcast. Bryan Robinson 4:31 Yeah, sure. Awesome. Yeah. Let's let's maybe not talk about about the Jamstack. He's, he said that you're a Jamstack enthusiast. So what was your entry point into this ecosystem philosophy, what have Salma Alam-Naylor 4:45 you it was actually with Jekyll, the first static site generator many, many years ago, and that was the only one that existed you know, like around 2015 2016 and I had no idea what it was doing. But I was experimenting, I had really no idea that it was part of the Jamstack. At the time, I was just building a website, I had no idea that it was a static website, and really what that meant, but I was building something with liquid templates that compiled into a website. And I was hosting it on GitLab Pages at the time, not GitHub Pages. I was because I used to get lab for work. And so I kind of naturally gravitated towards GitLab at that time. But I guess the ecosystem sucked me in. I really don't know how I went from building my first Jekyll site to where I am now. I have no idea how, how this has happened, or what made it happen. But clearly, the Jamstack has, has a good thing going right. Like, it's fantastic. Bryan Robinson 5:51 So what are you doing right before you started playing with Jekyll, you were at some sort of company doing tech stuff he's mentioned you are you are using GitLab. So what was that like? Salma Alam-Naylor 5:59 So I did a variety of different things. Before I ended up here. I was working for some startups, I was working for a global e commerce company that was using like Java, whether bespoke kind of E commerce system with JSP front ends. I was also before that I was building a new e commerce platform in a startup that was JavaScript based what we're even using PHP, we're using PHP with JavaScript front end. But it was a it was a plain JavaScript front end, it wasn't statically generated, it wasn't using a framework or anything like that. After the global e commerce company, I was actually working for another startup building a React Native app. So like my career actually had nothing to do with the Jamstack. It was all my side projects. Until my last job, I was working at an agency, product agency. And we built quite a lot of things in the team. And actually we started gravitating towards next J S for these quick. They were initially proofs of concept, because next JS was pretty young at the time. But it ended up that next JS was a really scalable front end with a lot of capabilities. So we normally have like a dotnet back end and an extra as front end kind of thing with the API layer in the middle. And that was really my intro into the enterprise levels, scalable, robust, we can build whatever we want with the Jamstack kind of thing. Bryan Robinson 7:38 Alright, so let's fast forward a little bit. That was your last thing, right? How today, are you using the Jamstack philosophies professionally, I mean, obviously, Contentful is pretty, pretty big in that world. But also personally with both your educational stuff and anything else you're doing on the side. Salma Alam-Naylor 7:52 So one of the biggest philosophies that I like to promote the Jamstack is that just do it, just build something and get it live, just build it learn some stuff while you do it, and have a good time. Like, I can try things out without having to over commit to anything on the Jamstack I if I've got an idea for a website, a lot of the time I will get the idea or buy the domain, I will go on my Twitch stream for three hours. And I will build it and release it in that three hours. And that is the joy of the Jamstack. Salma Alam-Naylor 8:05 And what I love about that as well as it's so accessible to developers, because you don't have to over commit or pay for anything at that stage of IDEA inception. And so it's so accessible, and it's so in reach for so many people, for example, dot take dotnet I don't want to like hate on dotnet. It's great. It's a fantastic enterprise solution for enterprise products. But as a developer, as a front end developer, even though the dotnet comes with front end or back end stuff, what do I do when I've built an app? Like how do I put it online? So like I can just hook up a Jamstack hosting platform to my GIT repository, do a git push and great, there it is. It's online on a on a URL, I don't have to buy a domain even it's just there. And it's it's just so beautiful. And it's it really embodies the actual kind of agile kind of continuous delivery methodology as well. Salma Alam-Naylor 9:26 Every commit is a release, every commit is an immutable release. So you can roll back, you can have a look at the history you can you have, you can just click in a UI in like Vercel or Netlify or GitLab. Just click Oh, look at that. That's what I mean and week ago, I can compare that with what I've got now. And, and it scales. You don't even have to worry about scaling. If you get like a big hit on your proof of concept or whatever. And you know, it just enables developers to move fast to try things out to experiment and test Have fun without all the nonsense that developers have to deal with, day in, day out. And it's just a joy. Salma Alam-Naylor 10:09 And I've learned so much like, I never would have thought like, when I was building my like first websites maybe 10 10-12 years ago, my first proper websites, I never would have thought that I would be utilizing a CDN at the edge. And all of these different rendering methods, depending on the data that I needed to serve, auto scaling, immutable deploys, Git integration, infrastructure, serverless functions, you know, it's like a whole ecosystem that lets you try stuff, to see if it's gonna work. And if it does work, you can go further and make it robust. Like one of one of my biggest slogans is also build first engineer later. And that I think, is a really like, core part of the Jamstack. Just get it live and see what happens. Bryan Robinson 11:00 And you can get it live in any number of ways too, right? You can if you're making a content driven thing to begin with, you don't need a CMS. But yes, it takes like a few lines of code tweaked. And your next js, your 11ty, your whatever static site generator, right, like just ingest from somewhere else. And it's good to go? Unknown Speaker 11:19 Yes. It's very exciting. It's very exciting. Like imagine. So this has happened in the all in the last like six years since like, 2015, when the Jamstack kind of first came about, like what's going to happen in the next six years, and the next six years, and the next six years, I actually did. At the Contentful, fast forward conference at the beginning of November, I actually did the keynote with Stephan Judas, about the last 10 years of web development and how Jamstack came about to solve the problems of old school monolith solutions where back end and front end were divided, where everyone was reinventing the wheel the whole time. And the Jamstack has really come to like, solve these problems, where as a front end developer, you don't need all this back end nonsense anymore. You're and and because of that, it's like enabled developers, it's increased their skills is giving them the power is empowering developers to to build stuff that they couldn't have even dreamed of before. And I think that's really, really, like wonderful for the future. Salma Alam-Naylor 12:24 Like I have a four year old. And I can't wait to show him the stuff like he could put a website live. That's just an HTML page and JavaScript file, potentially, you know, on the Jamstack, when he's like, eight years old, you know. And imagine us being able to do that when we were eight. Bryan Robinson 12:46 At like 14, I think I had my first website. And it was like Microsoft front page built like graphical UI, it was, it was quite choice. Yeah, my six year old, I built him a website in a day, he happened to have a piece of art that he brought home from school, that instead of writing his name on it, he had to write his his first first name, and last initial, because that was yet another, another kid in his class with that name. And then he wrote.com At the end, and I said, I bet that domain is open. And it was and like, I threw it together, uploaded the artwork. And then he told me, he's like, I want to like button. And I was like, I bet I could do that. But you have to do three pieces of art every week to to make it so that I'll build that for you. And then like, I was able to walk him through what I done. And he had no real understanding. But it was like, okay, I can. This is simple enough, I can show you and it's Yeah, super low bar. Salma Alam-Naylor 13:43 Yeah, I can't wait. I can't wait for that. It's so empowering. And it's so exciting to see what our children could make one day with, how it's being innovated, and the improvements and the things that are being done on the Jamstack. And Bryan Robinson 13:57 how it kind of opens up into like the the kind of natural open web platform. Yeah, walled garden is not something that you have to buy into. And it allowed, like, I used to teach a journalism class on HTML and CSS. And I was like, look, you'll you can you can do this. And if you do this, you don't have to depend on these other platforms anymore. And like, I would talk about the history of the web and how in the 90s, it was a creator focus space. And in the current state, in fact, like anything from like, 2010 on, it's very consumer based. And so it's like, there's this dichotomy of the web, and the more people that can be creators, the better. Yes, yeah. So we've talked about next JS some, obviously, you work at Contentful. We talked about the olden days of Jekyll and all that good stuff. What would you say is your current jam in the Jamstack? What's your favorite product? Or maybe it's a philosophy or framework. What makes you love the Jamstack? Salma Alam-Naylor 14:53 It's sounds really nerdy. But what I like about the Jamstack is the different types. Types of rendering that are available. This is like, this is so ridiculous, but it's like. So obviously, I work for Contentful. Right, and I'm dealing with data like data comes from a CMS. But data is not all created equal. And so there are four types of rendering depending on the data your data needs, like, it's not just about like pages and posts and stuff, like there are some bits of data that are very granular, they might need to be more up to date than the others, because obviously, mainly Jamstack is static first, right? And so but not everything can be static. But not everything needs to be client side. And so that what the Jamstack has now is like these four types of rendering. So back in the old, old web days, everything was server side rendered, right, you you your web request, hit a server that went to the backend that generated from all the logic a, an HTML document and gave it back to the client, right. So we still got server side rendering on the Jamstack, which I think right now is really great for personalization for things like E commerce, and other things. Because I especially talk a lot about using query params with get server side props with NextJs. JS, for those kind of personalized experiences, rather than just serving everything statically to the same as same to everyone. But then we've got the static, so there's, the second one is static generation. So you've got a plain site content site, nothing changes, nothing needs to update it, just serve it as quickly as you can statically do your visitors great. But now we've got some fancy stuff, there's incremental static regeneration, which is based on a cache validation strategy called stale while revalidate. And what this does, especially inside next js is you choose when the server re validates your data. And at certain intervals, and if it is out of date, it will rebuild in the background via serverless functions. And then for the next visitor, it will show it up to date. So that's like good for kind of data that it's great if it's up to date doesn't matter if some people see it if it's out of date. And then you've got distributed persistent rendering, which so if you want the Jamstack to scale, you, you might have 1000s, and 1000s, and 1000s of pages, right from your CMS, your E commerce site or wherever. Now we know that with the Jamstack, a site to go live and be deployed, it needs to be pre built and pre rendered, right, but 1000s and 1000s of pages could take hours to build. And if you want to continuously deploy and be agile and move fast and break stuff, you can't have every single bill taking hours and hours and hours. So distributed percentage rendering, what it does, it lets you choose what pages are pre rendered, and then doesn't pre render the other ones, you could pre render like your top 20 pages or wherever at build time. But then when someone goes to visit a page that hasn't been pre rendered, it gets pre rendered at request time, and then cached at the edge for future requests. So we've moved away from like building static pages and static data on the Jamstack blanket to a flexible model where you can choose when your pages rendered, depending on the type of data that you're serving your visitors and how up to date it needs to be. It sounds really weird, but this is my favorite part of the Jamstack. Bryan Robinson 18:19 So it obviously, right? Because like that's a lot. And like when you when you actually said like my favorite parts, the rendering modes like okay, all right, but no, totally. And like, here's my absolute favorite bit of that entire of that entire conversation, right? You don't have to understand any of what Salma just said, if you're listening, right? Because you can start and you can, like we talked about, like the accessibility of the Jamstack earlier, you can start and you can just upload an HTML file and you're Jamstack. But then you can bring on something like a nextjs or an 11ty or a Gatsby or what have you. And then you're doing a different kind of Jamstack. And then you can bring in, like you said, the incremental static regeneration ISR. We love acronyms. And that uses SWR another accurate acronym, and then you've got DPR. But you can learn those things slowly as you go. And like you said before it, you can build stuff and put it live and have no understanding of any of that and then come back and get a little bit of performance boost or a little bit of build boost or these little things. And you can go Salma Alam-Naylor 19:24 When you need it. You know when it's appropriate when your site needs to scale when you've now got a CMS when you've got different types of data when you convert to use this database or something like that. And it's so flexible. It's not just static sites. It's it's a whole ecosystem that is so far removed from the monolithic way. We used to do things with just everything, everything from the server at request time done, or you know, everything from the CDN or request time static done. It's like there's these combinations Have those but then some more clever stuff that makes your workflow more efficient. That means that you don't need to worry about these things. And it's just like whoever thought of these things. I wish I had thought of those things. Oh, yeah. I'd feel pretty accomplished. Bryan Robinson 20:20 Oh, yeah. And I mean, we'd be having a completely different conversation if either of us were there. But But, but in all seriousness, right, like, the fact that I built my son's website, and it has a like button, I have no clue. Like, I've been doing this a long time, I have no clue how 10 years ago, I would have done that, because I would have had to stand up a server, I would have had to learn PHP or Python, or a server side scripting language, I would have had to do all these things, I would have had to do the JavaScript on the fly on the front end, I wouldn't have done it just pure and simple, I would not have done it. And literally, it was two hours of work 2 serverless functions and low clients are JavaScript and I was done. Salma Alam-Naylor 20:56 Do you remember back in the day when front end development involved, like httpd conf files and things like that, and I had no idea what that meant server configuration, get out of my life, I just want to build some front end with JavaScript, I don't care about that stuff is in my way. And the amount of I used to work on the LAMP stack when I was first starting because I was doing PHP at work. And so like to set up a whole PHP server on your on your local machine with PHP, MyAdmin, and blah, blah, blah, like, I'm not hating on PHP is great. But as a front end developer, you don't want to deal with that. Because that's not what you are an expert in, that's not what you want to do. That's not what makes you happy. It's, you know, it doesn't make me happy, like the four different types of rendering on the Jamstack makes me happy. Bryan Robinson 21:51 Well, and I mean, you get further into that. And you have to think about the DevOps. And like I, I pride myself on being able to find all the edge cases and break everyone's DevOps, that's something that I'm incredibly good at. And it comes from, like, I learned about Vagrant, and, you know, virtual machines on my laptop. And I, I haven't installed a vagrant or virtual machine on my laptop in six years now. And it is so refreshing. Salma Alam-Naylor 22:18 Yes, I remember that used to do that was all I did at work on these big monolith systems and deploy systems. I wonder how far those systems are away from that now. But I wonder if that's still the same, but it's just, there's always, there's big pain points between Windows and Mac, as well. And the Jamstack doesn't really have that, because you're just running some Node in a terminal right to develop locally. And then you're just sending it to the CDN. It's just Bryan Robinson 22:46 that like, like between Linux that you might have your server and Mac the Mac flavor versions, then then you got like title case sensitivity. Like no, no, don't make me think about that. Please. Bryan Robinson 22:59 Let's pivot a little bit. You have a music history. And so I'm very excited now that I've learned that for the next question, which is what is your actual musical jam right now? What's your favorite musician or album or what's playing on a day to day basis for you? Salma Alam-Naylor 23:14 So I think whenever you ask a musician this question, they will always say, the classic developer line it depends. Always It depends. I have I like such a varied bag of music because I used to listen to such a varied bag of music when I was learning music and writing music. I like music from progressive metal to EDM to jazz to folk to weird sounds. A solid favorite band that I will always reach for is Architectes, which is a British metal core band. And me and my husband. I actually met my husband when I joined his band. So we've got like a lot of music in common. It was a progressive metal band long story a long time ago. But the song I have on repeat right now is more on the EDM side. It's called probably no one's ever heard of this. It's called move on by Grant and I love it right? Because another weird nerdy thing. This is a music nerdy thing now. You know how often in pop songs your head double tracked guitars like panned left and right. This song for the first time in my life, I have heard double tracked bass guitars, and they're playing slightly different things. One minute 47 into the song is a feast for your ears. It's amazing to listen to, and I can't stop listening to it because of this double bass track thing. Move on by Grant if you want to hear some nerdy stuff, musically. Bryan Robinson 24:42 Now for that you probably need stereo headphones, right? Yeah, exactly. Get the benefit of that. Yes. Wow. Okay, that's I am not disappointed by the answer in any way shape or form. I learned a lot I didn't even know that was the thing double tracked anything so excellent nerding on that Salma Alam-Naylor 25:01 Yeah, great nerding love it. Bryan Robinson 25:04 Alright, so before we go, is there anything that you would like to promote out into the Jamstack ecosystem, anything, you're doing Contentful anything. Salma Alam-Naylor 25:11 So on my Twitch streams, I stream twice a week. Currently, I always build on the Jamstack. And one of the most challenging projects I'm building is something called Unbreak dot tech, where, and sometimes it's weird to bring these stuff. These sometimes it's weird to bring these things up in these kinds of podcasts. But as a woman in tech on the internet, it's very difficult, full stop, to realize. And sometimes it generally falls on the women and the marginalized people to talk about the issues that we face. However, unbraked dot Tech offers a platform for men to talk to other men, about being a better person and treating women and marginalized people better. So I've been working on that on my stream, I am welcoming contributions from men who want to talk on the matter. And we'll see how it goes. It's a complete experiment. I have no idea. You know, again, I'm using the Jamstack to experiment and see how it goes. So it's all good. It's hosted on Netlify using like Netlify forms, it's built with NextJs. JS. And I work on that every now and then and see where it goes, you can now submit videos as well as articles to the site, and they have captioned I've got captions and all sorts of accessibility stuff going on. So that's the thing. Catch me on twitch twitch.tv/white p four, and three are the Bryan Robinson 26:45 one of the hardest screen names in the business. Salma Alam-Naylor 26:48 Yeah, I regret it holy. Bryan Robinson 26:50 Anyway, definitely check out on what was it Unbreak tech it on Unbreak dot tech unbrick break dye Tech because I have heard way too many stories, and everyone should know the stories and again, the women and the marginalized people have had to tell them enough. So men, let's step up and do a little bit more around that. Salma Alam-Naylor 27:09 I appreciate that. Bryan Robinson 27:10 Salma, thanks so much for joining us on the show today. And I hope you keep doing amazing things, especially with Unbreak dot tech, and Contentful and everything in the Jamstack. And we hope to see some really cool stuff in the future. Salma Alam-Naylor 27:21 Thank you, Bryan. Thanks for having me. Bryan Robinson 27:24 Thanks again to our guest, and thanks to everyone out there listening to each new episode. If you enjoyed the podcast, be sure to leave a review, rating, Star heart favorite, whatever it is, and your podcast app of choice. Until next time, keep doing amazing things on the web. And remember, keep things jammy Intro/outtro music by bensound.com Support That's my JAMstack by contributing to their Tip Jar: https://tips.pinecast.com/jar/thats-my-jamstack

Your Brain on Facts
Very New Year

Your Brain on Facts

Play Episode Listen Later Jan 4, 2022 18:58


Happy new year!  Or is it?  It depends on which calendar you're using. Like what you hear?  Become a patron of the arts for as little as $2 a month!   Or buy the book or some merch.  Hang out with your fellow Brainiacs.  Reach out and touch Moxie on Facebook, Twitter,  or Instagram. Music: Kevin MacLeod, David Fesliyan.   Reach out and touch Moxie on Facebook, Twitter, or Instagram. Links to all the research resources are on the website.   On Monday this December 30th past, I clocked in at my retail jobs, put on my headset, and played the morning messages.  There was one from my manager telling us what to expect in terms of sales volume that day and one from corporate welcoming us to the first day of 2020.  The didn't get their dates mixed up.  December 30th 2019 was the first day of 2020 in a way that once crashed Twitter for hours.  My name…   When we think of the calendar, we think of it as singular and exclusive.  “The” calendar.  Sure, there were other calendars, but those were for old-timey people in old-timey times.  If you've ever listened to the show before, you'll know I'm about to disabuse you of that notion; it's kinda my schtick.  The calendar we think of as the end all and be all of organizing time into little squares is the Gregorian calendar, but it's just one of many that have been used and still are used today.   For example, at the time of this recording, it's currently the 27th day of the month of Tevet in the year 5782 for those who follow the Hebrew calendar.  The Hebrew calendar, also known as the Jewish calendar, was originally created before the year 10 CE.  It first used lunar months, which will surprise no one who has had to google when Passover or Easter are each year.  A standard Jewish year has twelve months; six twenty-nine-day months, and six thirty-day months, for a total of 354 days.  This is because the months follow the lunar orbit, which is on average 29.5 days.  Due to variations in the Jewish calendar, the year could also be 353 or 355 days.  It also used standard calendar years, but these two methods don't line up perfectly, and this posed a problem.  As time went on, the shorter lunar calendar would result in holy days shifting forward in time from year to year.  That simply wouldn't do as certain holidays have to be celebrated in a certain season, like Passover in the spring, Tu B'Shevat, the Jewish 'New Year for Trees,' which  needs to fall around the time that trees in the Middle East come out of their winter dormancy, or Sukkot, the festival that calls adherents to build and live in huts in their yard to commemorate Isrealites taking shelter in the wilderness, which is meant to fall in autumn.  So a thirteenth month had to be added every 3 to 4 years in order to make up for the difference.  Such a year is called a shanah meuberet ("pregnant year") in Hebrew; in English we call it a leap year, and it makes up all the lunar calendar's lost days.  The month is added to Adar, the last of the twelve months. On leap years we observe two Adars — Adar I and Adar II.  Today, the Hebrew calendar is used primarily to determine the dates for Jewish religious holidays and to select appropriate religious readings for the day.   Similar in usage is the Hijri calendar, or Islamic calendar.  It's based on lunar phases, using a system of 12 months and either 354 or 355 days every year.  The first Islamic year was 622 CE when the prophet Muhammad emigrated from Mecca to Medina, meaning today is the Jumada I 28, 1443 .  The Hijri calendar is used to identify Islamic holidays and festivals.  The Islamic New Year marks the journey of the prophet Muhammad from Mecca to Medina.  However, the occasion and the sacred month of Muharram are observed differently by the two largest branches of Islam, Shiite and Sunni.  Shiite pilgrims journey to their holiest sites to commemorate a seventh-century battle, while Sunnis fast to celebrate the victory of Moses over an Egyptian pharaoh.  Also known as the Persian calendar, it's the official calendar used in Iran and Afghanistan, and it's the most accurate calendar system going, but more on that later.   Further east you'll encounter the Buddhist calendar, which is used throughout Southeast Asia.  This uses the sidereal year, the time it takes Earth to orbit the sun, as the solar year.  Like other systems, the calendar does not try to stay in sync with this time measurement, but unlike the others, no extra days or months have been added, so the Buddhist calendar is slowly moving out of alignment at a pace of around one day every century.  Today, the traditional Buddhist lunisolar calendar is used mainly for Theravada Buddhist festivals, and no longer has the official calendar status anywhere. The Thai Buddhist Era, a renumbered Gregorian calendar, is the official calendar in Thailand.  The Buddhist calendar is based on an older Hindu calendar, of which there are actually three -- Vikram Samvat, Shaka Samvat, and Kali Yuga.  The Vikram Samvat is used in Nepal and some Indian states, and uses lunar months and the sidereal year to track time.  Sidereal means based on fixed stars and constellations, rather than celestial things on the move, like planets.  The Shaka Samvat, used officially in India and by Hindus in Java and Bali, has months based around the tropical zodiac signs rather than the sidereal year.  The Kali Yuga is a different sort of calendar altogether.  It meters out the last of the four stages (or ages or yugas) the world goes through as part of a 'cycle of yugas' (i.e. mahayuga) described in the Sanskrit scriptures. The Kali Yuga, began at midnight (00:00) on 18 February 3102 BCE,  is the final cycle within the 4-cycle Yuga era. The first cycle is the age of truth and perfection, the second cycle is the age of emperors and war, the third stage is the age of disease and discontent, and the third stage (the Kali Yuga) is the age of ignorance and darkness.  If you're worried because you already missed 5,000 years of the Yuga, don't fret; you have upwards of 467,000 years left.     You've probably heard of Chinese New Year, so you won't be surprised that there is a Chinese calendar.  According to this system, each month begins on the day when the moon is in the "new moon" phase. The beginning of a new year is also marked by the position of the moon and occurs when the moon is midway between the winter solstice and spring equinox.  China uses the Gregorian calendar for official things, but still uses the Chinese calendar is used to celebrate holidays.   You might be surprised to learn about the Ethiopian calendar.  The Ethiopian calendar is quite similar to the Julian calendar, the predecessor to the Gregorian calendar most countries use today.  Like the other calendars we've discussed, it's intertwined with the faith of the people.  The first day of the week for instance, called Ehud, translates as ‘the first day‘ in the ancient Ge'ez language, the liturgical language of the Ethiopian church.  It is meant to show that Ehud is the first day on which God started creating the heavens and the earth.  The calendar system starts with the idea that Adam and Eve lived in the Garden of Eden for seven years before they were banished for 5,500 for their sins.  Both the Gregorian and Ethiopian use the birthdate of Jesus Christ as a starting point, what Eddie Izzard called “the big BC/AD change-over,” though the Ethiopian Orthodox Church believes Jesus was born 7 years earlier than the Gregorian calendar says.  The Ethiopian calendar has 13 months in a year, 12 of which have 30 days. The last month, called Pagume, has five days, and six days in a leap year.   Not only do the months have names, so do the years.  The first year after an Ethiopian leap year is named the John year, and is followed by the Matthew year, then Mark, then Luke.  Sept. 11 marks the day of the new year in Ethiopia.  By this time, the lengthy rainy season has come to a close, leaving behind a countryside flourishing in yellow daisies. That's fitting because Enkutatash in Amharic, the native language of Ethiopia, translates to “gift of jewels.” To celebrate New Year's, Ethiopians sing songs unique to the day and exchange bouquets of flowers. Of course, there is plenty of eating and drinking, too.   So what about this Gregorian calendar I keep mentioning?  The Gregorian calendar was created in 1582 by Pope Gregory XIII, who made some changes to the previously used Julian calendar.  Okay, so what was the Julian calendar?  It should shock no one that the Julian calendar was ordered by and named after Julius Caesar.  By the 40s BCE the Roman civic calendar was three months ahead of the solar calendar.  The Alexandrian astronomer Sosigenes, introduced the Egyptian solar calendar, taking the length of the solar year as 365 1/4 days.  The year was divided into 12 months, all of which had either 30 or 31 days except February, which contained 28 days in common (365 day) years and 29 in every fourth year (a leap year, of 366 days).  That 29th day wasn't February 29th, it was February 23rd a second time.  What a mess that would make, though that conflagration of confusion probably paled in comparison to to what Caesar did to align the civic and solar calendars--he added days to the year 46 BCE, so that it contained 445 days.  Unsurprisingly when you try to make such a large change to the daily lives of so many people in the days before electronic communication, it took over fifty years to get everybody on board.   Sosigenes had overestimated the length of the year by 11 minutes 14 seconds.  11 minutes doesn't mean much in a given year, but after, say, 1500 years, the seasons on your calendar no longer line up with the seasons of reality.  That matters when your most important holy day needs to happen at a certain time of year.  Enter Pope Gregory XIII, who wanted to stop Easter, which had been celebrated on March 21, from drifting any farther away from the spring Equinox.  Aloysus Lilius, the Italian scientist who developed the system Pope Gregory would unveil in 1582, realized that the addition of so many February 23rds made the calendar slightly too long. He devised a variation that adds leap days in years divisible by four, unless the year is also divisible by 100. If the year is also divisible by 400, a leap day is added regardless. [OS crash noise] Sorry about that.  While this formula may sound confusing, it did resolve the lag created by Caesar's earlier scheme—almost; Lilius' system was still off by 26 seconds.  As a result, in the years since Gregory introduced his calendar in 1582, a discrepancy of several hours has arisen.  We have some time before that really becomes an issue for the average person.  It will take until the year 4909 before the Gregorian calendar will be a full day ahead of the solar year.   Maths aside, not everyone was keen on Pope Gregory's plan.  His proclamation was what's known as a papal bull, an order that applies to the church by has no authority over non-Catholics.  That being said, the new calendar was quickly adopted by predominantly Catholic countries like Spain, Portugal and Italy, major world players at the time.  European Protestants, however, feared it was an attempt to silence their movement, a conspiracy to keep them down.  Maybe by making it hard to remember when meetings and protests were supposed to be, I'm not sure.  It wasn't until 1700 that Protestant Germany switched over, and England held out until 1752.  Those transitions didn't go smooth.  English citizens didn't take kindly to the act of Parliament that advanced their calendars from September 2 to September 14, overnight.  There are apocryphal tales of rioters in the streets, demanding that the government “give us our 11 days.” However, most historians now believe that these protests never occurred or were greatly exaggerated.  Some countries took even longer than Britain--the USSR didn't convert to the Gregorian calendar until 1918, even later than countries like Egypt and Japan.  On the other side of the Atlantic from the British non-protests, meanwhile, Benjamin Franklin welcomed the change, writing, “It is pleasant for an old man to be able to go to bed on September 2, and not have to get up until September 14.”   When Julius Caesar's reformed the calendar in 46 B.C., he established January 1 as the first of the year.  During the Middle Ages, however, European countries replaced it with days that carried greater religious significance, such as December 25 and March 25 (the Feast of the Annunciation).  I didn't google that one.  After my mom listens to this episode, she'll send me a gloriously incorrect speech-to-text message explaining it.  Different calendars mean different New Years days even now, and the ways in which people celebrate as as splendidly diverse as the people themselves.   The Coptic Egyptian Church celebrates the Coptic New Year (Anno Martyrus), or year of the martyrs on 11th of September. The Coptic calendar is the ancient Egyptian one of twelve 30-day months plus a "small" five-day month—six-day in a leap year.  The months retain their ancient Egyptian names which denote the gods and godesses of the Egyptians, and the year's three seasons, the inundation, cultivation, and harvest, are related to the Nile and the annual agricultural cycle.  But the Copts chose the year 284AD to mark the beginning of the calendar, since this year saw the seating of Diocletian as Rome's emperor and the consequent martyrdom of thousands upon thousands of Egypt's Christians.  Apart from the Church's celebration, Copts celebrate the New Year by eating red dates, which are in season, believing the red symbolises the martyrs' blood and the white date heart the martyrs' pure hearts.  Also, dates are delicious.    Bonus fact: You know that guy, Pope Francis?  He's not actually the pope.  The pope's proper title, according to the Vatican's website, is Bishop of Rome, Vicar of Jesus Christ, Successor of the Prince of the Apostles, Supreme Pontiff of the Universal Church, Primate of Italy, Archbishop and Metropolitan of the Roman Province, Sovereign of the State of Vatican City, Servant of the Servants of God.  'Pope' comes from the Italian 'papa.'  Francis is the Sancta Papa, the Holy Father.  The title of pope belongs to the head of the Coptic church.  So if anyone uses the rhetorical question “Is the pope Catholic?” to imply a ‘yes' answer, you have my authorization to bring the conversation to a screeching halt by saying “No.  No, he's not.”  Double points if you simply walk away without explaining yourself.

Thrive Bites
S 4 Ep 28 - Cooking WFPB Made Easier with Chef Ramses Bravo

Thrive Bites

Play Episode Listen Later Jan 3, 2022 59:57


Is cooking whole-food plant-based meals difficult? How do I get started on the basic WFPB recipes? WATCH THE YOUTUBE VERSION HERE: https://youtu.be/g9KkDKMbspM  Learn more as I interview Chef Ramses, a plant-based executive Chef for True North Health in Santa Rosa California! Chef Ramses Bravo is the creator of Bravopb.com where you can find his online plant-based cooking courses. He is also the author of Bravo and Bravo Express cookbooks. Although he trained as a regular chef, with a little intervention from the universe, he found himself working as a plant-based chef, and has been doing it for 14+ years now. https://www.bravopb.com/ ***This episode was previously LIVE, so giveaways, comments, and questions cannot be entertained at this time. Find the other YouTube episodes here: https://bit.ly/TheChefDocYT Follow us every Wednesday for a new LIVE Q&A Episode at 5 pm PST. --- Listen to other Thrive Bites Episodes here: https://www.thethr5formula.co/podcast Join our NEW THR5 FB Community here: https://www.facebook.com/groups/theth... --- *This episode is sponsored by The THR5 Formula™ Virtual Summit Experience at https://www.thethr5formula.co/ *This episode is sponsored by Listenable.io. Special offer for Thrive Bites listeners, using the coupon code {colinzhu} at listenable.io, and you'll get 30% off a year of Listenable. _________________ *Interview views are opinions of the individual. This podcast is not a source of medical or dental advice* Copyright © 2022 by TheChefDoc, LLC All text, graphics, audio files, Java applets and scripts, downloadable software, and other works on this website are the copyrighted works of TheChefDoc, LLC. All Rights Reserved. Any unauthorized redistribution or reproduction of any copyrighted materials on this website is strictly prohibited.  

Craig Peterson's Tech Talk
Are You Ready For the Next Hacker Wave? It's Going to Be Brutal!

Craig Peterson's Tech Talk

Play Episode Listen Later Jan 3, 2022 42:26


Are You Ready For the Next Hacker Wave? It's Going to Be Brutal! Right now, we're going to talk about this vulnerability, this huge vulnerability in almost the entire internet that will affect your life over the following number of years. And if you're a business, you better pay close attention. [Following is an automated transcript] [00:00:16] Well, we are looking at what is being called the single most significant, most critical vulnerability ever. [00:00:24] And if you want more information on this, have a look at last week's show, you'll find it up on my website. I talked quite a bit about it. You can email me M e@craigpeterson.com. I've put together a little cheat sheet that you can use to find out. What should I do? If you're an IT professional, this isn't something that you can do if you're a regular home user because you probably don't have any software your maintaining that has this log for J vulnerability. [00:00:59] But I do have to warn you that you probably do have a little bit of hardware that might have it in there. Many of these firewalls used in homes have it, not all of them, uh, I'm, a minority of them, but here's why this is the single most significant and most critical vulnerability ever. There is a programming lab library that is used in the job. [00:01:26] Programming language that logs events, if you're writing software and let's say their software is running a website, it could be almost anything. And do you notice a condition that's not quite right? What should you do while you should log it? And then, hopefully, the people that are running your software are monitoring the logs. [00:01:49] See the logs? No. Oh my gosh. Uh, there is something wrong here. One of the logs that I keep an eye on that just absolutely amazes me, frankly, is the SSH Daemon logs. Now SSH is a protocol. It uses encryption to get onto other machines using the command line. Now I've used a lot of protocols over the years to do this. [00:02:17] Telnet was the first, and SSH is something that I've been using for a very long time. You might remember the Heartbleed bug from a few years back. That nailed a lot of people, but I keep an eye on that SSH log because. If someone's trying to log into my system from the internet, that log will show it. [00:02:39] It's going to say that someone to try to use this username; they were coming from this IP address, and they failed to get in. And I have software that automatically monitors that log and says, well, if someone's coming from the same. Address multiple times. And they are unsuccessful at logging in add their internet address to my firewall blocking rules. [00:03:09] So what ends up happening is. Well, they just can't even get to my machine anymore. They're trying to hack me. same thing's true with the web blogs. If we have people who are trying to, for instance, kind of put us out of business doing what's called a denial of service attack, where they are sending us a lot of data. [00:03:31] Well, we can at our site or upstream from us have that IP address. Block. And that stops the attack, distributed denial of service attacks, or are a little bit more complicated. So all of this gets logged. It all gets written to a file, or it gets pushed off to a server that keeps track of the logs. And, and then there's analysis software, the looks at logs for. [00:03:57] Anomalies, all of that sort of stuff. It makes a lot of sense. Right. But this particular library that's used by Java programmers has a bug in it that allows a remote user to send just a small string, nothing fancy at all that can command. The web server that is using the logging function to go ahead and download malware. [00:04:28] Well, the easiest low-hanging fruit, when it comes to what kind of malware can we put onto a computer is quite simply crypto mining. So the bad guys they'll go ahead and they'll just send a small string, very simple. They don't have to compile a program. They don't have to do much of anything. They just send this little small. [00:04:50] And if that string gets logged, for instance, by my SSH, my remote access demon, or gets logged by the web server or something else, all of a sudden that wonderful little feature that allowed you to easily log things. Is your enemy because that feature is going to interpret that particular string that was sent to the log and try and be helpful. [00:05:18] But in fact, it could be given a command to download this remote file. Ran, then run that remote file. And that remote file initially here has primarily been crypto mining soft. So now your computer's being used by someone else. Your electricity's being used to mine. Things like Bitcoins or some of these other cryptocurrencies that are out. [00:05:45] Now the real reason, this is a huge, huge problem. Again, let me quote here. This is from Ahmad, a mate. I should say you're an over a tenable. It is by far the single biggest, most critical vulnerability ever. Why is that true? There's a couple of reasons. Ease of use is the obvious reason. It is so easy to use, not just for crypto mining, but for hacking any machine you would care to hack. [00:06:19] And then the second reason is it is in bedded everywhere. There are millions of computers that are vulnerable. We're seeing a hundred. Computers per minute, being hacked using this vulnerable. And if you are running, let's say a firewall that has this vulnerability. We have some clients that had this vulnerability and it is obviously a bit of a problem, right? [00:06:51] Well, that vulnerability now allows bad guys to get onto that firewall. And perhaps beyond that firewall, in order to do pretty much whatever they want. To do. This is huge, huge, huge, lots of software has flaws, and you need to be able to recover from the flaws. I've talked many times about how there are only two types of software. [00:07:23] There are software that has been hacked and there are software that will be hacked. So you need to make sure you know, that if someone gets into your network or gets into your computer, that you can restrict the damages, you can keep it under control. But with this log for J vulnerability, B. Everywhere in, not just that one library, but remember that one library is used all over the place. [00:07:52] It's in hundreds of thousands of pieces of software. Now, every one of these vendors has to grab the most recent version, recompile their software and send and re link it in deep pans. Right. I understand this is Java and then send it out to all of their customers to install the software. This is the second reason. [00:08:15] It is such a big. There will be sites. There will be pieces of software that have this vulnerability for years to come. And one of the biggest examples of this vulnerability is almost every Android device out there. Think of all of the phones. People have Androids being used for tablets it's in televisions, it's everywhere. [00:08:40] And with this particular vulnerability. Being everywhere. Every vendor that uses Android is going to have to release patches that you're going to have to install. Now it's one thing to have a brand new TV, and we've got a brand new Samsung TV and it's hooked up to the internet. It streams, Disney and discovery. [00:09:05] And it's just a wonderful thing. I love my TV, right then of course you probably realize I don't use smart TV features because of this particular type of person. What ends up happening? Well, how long is Samsung actually going to support updates for your television or Vizio who, by the way, one of the worst companies, when it comes to your privacy of your information on your television, how long, uh, how about your Android phones? [00:09:39] More than half of all Android smartphones out there, we'll never get another software. If you are still using Android smartphones now is the time to switch to an iPhone. I have been talking about this for years. I am not like the world's biggest apple fan. I'm not trying to make everybody an apple fan. I really don't care. [00:10:06] What I do care about is the ability of the software designers, those software implementers and the hardware manufacturers, the people that are in the supply chain on that Android device. I care that they do. Provide updates when it comes to security problems. And if you're using an iPhone, yeah. Again, two types of software right now, like phones have had vulnerabilities that can be vulnerable, but apple is supporting right now, still the iPhone six S which came out what five or six years. [00:10:46] With full security updates. They've even gone back further. Sometimes the Nat. So make the switch right now. If you are an it professional, I've got this whole list of resources that I vetted, I know are good that you can use to scan for this vulnerability in your network or on your. To where just email me M e@craigpeterson.com. [00:11:12] And if you have any questions about this or cybersecurity in general, just reach out again. me@craigpeterson.com. [00:11:21] Did you know that cyber flashing is a thing. We talked about it a couple of years ago, but it's back in the news this week and also apple air tags. They just released a new feature for our friends with Android. We'll tell you why. [00:11:38] Have you seen these air tags? Have you used them? They came from an idea that was really pioneered by company. Tile. And I guess they, I don't know what happened with the patent. I guess it didn't have one or apple wouldn't have been able to do this, but then again, you know, you've got a really big company you're up against a, it doesn't matter whether you're in the right. [00:12:02] Sometimes I'm not sure what happened there, but they have. These trackers called air tags. And I mentioned before on the show that my daughters have a total of five cats, well, actually six cats. Now I think of it. And what they've done is bought air tags and put them on. All of the cats callers. So they took them, they they've got them fastened on with this little holder. [00:12:31] You can get all kinds of holders. The air tags themselves are just little round buttons, really, and you can stick them into your wallet. For instance, in case you keep forgetting or losing your wallet, you can also put them into a holder. So they go on a key chain. I have a couple of flashlights at the house. [00:12:50] And if you're like me and you have other people around and it's dark and they know where your flashlight is, they'll take and borrow it right now. You don't get your flashlight back. It kind of bothers me. I probably shouldn't bother me as much as it does, but then when I need the flashlight, I just can't find this. [00:13:12] So, what did we put on the flashlight? We put an air tag on there. So the airtight ties into your iPhone. And if you have a newer iPhone, it's just absolutely amazing because the, the airtight will tell you where it is, but the newer iPhone, you can use it and it will walk you through. Up to the air tag, like, okay, it's a foot in front of you on the left-hand side or whatever, it'll take you there. [00:13:42] It's very cool. It's like these futuristic scifi movies. The problem with air tags that we discussed on the air here is that they have been used for evil. And what the bad guys have been doing is they'll take an air tag. They might drop it in your purse in order to follow you. Isn't that scary. They also have been taking the air tags and putting them on expensive cars so that they can follow you home. [00:14:16] Now, obviously nowadays it's extremely hard to steal one of the more expensive cars cause they've got all of this automation in them. The fancy systems do stop you from stealing it. Even my old F150 had a little chip built into the key so that it wouldn't start and less, that key that was starting. It actually had that RFID chip in it so that this technology. [00:14:45] Isn't being used so much to steal the car, but to know where you live and when you are home and when you're not home, you know, I've been warning everybody for many years, not to post on social media about vacation saying, oh, we're leaving. We're going to be gone in the Caribbean for two weeks. We're going for new year's party here, Christmas there, Hanukkah celebration, whatever it is you're doing, because the bad guys use that information to. [00:15:19] I'm break into your home and to steal things from your business. And I'm, I'm going to get into all of the details right now of how they do that. I've talked about it on the show before, and I'm sure I will talk about it again. And you'll even see some of the references on my website@craigpeterson.com. [00:15:36] If you're interested, there's some real interesting stories up there. What's happened to people. That particular problem of having an air tag and then having it put on to you to track you, or do you track your car or other devices is a huge potential problem. Now, apple built into the iPhone, a special little feature some time ago that when they, in fact, when they came out with the air. [00:16:11] So that when an airtight is following you, in other words, someone dropped it into your purse or your pocket or on your car. And that air tag is moving with you. It says, Hey guy, uh, there is an air tag following you. And at that point you can say, wait a minute, uh, what's going on here now? It's not going to warn you about your own air tags. [00:16:35] You know, the ones that you own. It's going to warn you about an, a foreign air tag one. That's not yours. In other words, someone's trying to track you so brilliant. Move on. Apple's part to get that out right away before there were any really scary, bad news stories about the same thing happened. How about Android users? [00:16:57] That's where the problem really is starting to come up. If you're an Android user, you don't have the ability to detect an air tag. Well until now. So if an air tag was following you, it wouldn't. Let you know, it couldn't let you know it didn't know. So apple is now offering what's called tracker detect. [00:17:21] It's an app on the Google play store, a free app that you can download if you using Android. And, you know, there are many, many, many, many reasons not to use Android and there's. Are almost as many to use iPhones. Okay. So if you use an Android switched to an iPhone, but if you're stuck on Android, because that's what your business gave you until you have to use it, have a look for tracker detect to end the apps description on the play store says tracker detect looks for item trackers that are separated from their owner, and that are compatible with Apple's find mine network. [00:18:02] These items, trackers include air tags and compatible devices from other companies. If you think someone is using air tag or another device to track your location, you can scan, scan to try and. So, I'm not sure that it's as good as the apple implementation, where the apple will pop up and say, even though you're not scanning for an air tag, say, Hey, somebody's tracking you. [00:18:31] It sounds like you have to actually use. Just scan for it. But Android users, according to Mac trust can scan the area to find nearby error tag trackers. If they think that there's an air tiger or other device that's being used to track their location, uh, an apple support document that you'll find online on support that apple.com. [00:18:57] Says, if you think someone is using an air tiger, other item tracking to track your location, you can scan to try and find it. If the app detects an air tag near you for at least 10 minutes, you can play a sound to help locate it. So that's the part that makes me think that it's always active. Okay. On your, on your Android device, it's free and you can get it right there in the Google play. [00:19:23] This next item is really, it applies to all of us here in the us, and it applies also to people over in the UK. And the UK is really getting kind of upset about this because apparently there are no laws against. Flashing now there are in the U S and it kind of depends on where you live, but cyber crap flashing is really a crime or should be a crime what's been happening. [00:19:58] Is people again who have iPhones have this ability to share files or websites, et cetera, with another person. It's fantastic. It's called airdrop. I just love this. And I use it all the time even to share files between my own devices. And what happens with air drop is you, you take the file and the use open up airdrop and you see, oh, okay. [00:20:26] There's my wife right there. So I click on the file. I drag it on top of it, a little Karen icon in airdrop, and now she gets a notice. Hey, there's a file from. Coming on in, and it does well, I always in my family and my business people, I always said to them, Error drop, uh, settings to only allow an airdrop from people that are in my contact list. [00:20:57] And that reason for that is this particular problem. People have been cited. Flashing. So what they do is they send obscene pictures to strangers through airdrop. And this term can also of course, apply to Bluetooth devices because you can also send these things via Bluetooth. I don't want to really talk a lot about what's really happening here. [00:21:28] Hopefully, you know what flashing is, or flasher is sending these obscene pictures, but the tone, the term was coined in August 25th. This female commuter was airdropped two pictures, obscene pictures, and they reported it to the British transport police. But we've seen, I have seen, and I've talked about cases where people are driving down the highway and all of a sudden on their phone come these obscene pictures because someone was driving past and they air dropped, or they use Bluetooth to send obscene. [00:22:09] There is an easy way to not allow that to happen. And that is the settings that I use, which is only allow airdrop from people in your contact list. You know, these are absolutely amazing features that they have, but there are some really weird people out there that think that this is the, this is a fun way, uh, to really mess with other people. [00:22:36] It's. It's just crazy. Okay. By the way, you can also turn air drop off. If you never use it, don't worry about it or a turn it on when you need it. And when someone's going to send something to you, Hey, I want you guys to take a couple of minutes here. If you go to Craig peterson.com/subscribe. You're going to find out about the bootcamps we have. [00:23:01] You're going to get my weekly trainings that I have. These are just an email. They just last a few minutes. You are going to love them. I get all kinds of compliments and this is in my free newsletter. Okay. It's not going to cost you anything. I'm not going to be hammering you on buying stuff. I want this information out. [00:23:24] That's why I am here today on. Everybody needs to understand this stuff. Craig peterson.com/subscribe, and I will be seeing you in the email world. [00:23:39] One of the things we wonder the most about is what's the future. What's the future of laptops and future of computers. We talked about some of these new chips that are out there, but this is an interesting story about what Dell is doing. Yeah. Dell. [00:23:55] I want to follow up a little bit about the 3g shutdown. We didn't quite get through the list. [00:24:02] All almost all of the Volvos from 2015 on to 2018, have this problem. There's only two automakers that told the drive.com that U S vehicles are unaffected by the end of 3g. So if you own a Ferrari or a McLaren, You're okay. Okay. Also what's interesting is what the different guys are doing. Subaru has an interesting little plan here going forward. [00:24:35] If you have what they call a connected vehicle plan. And this is according to a service bulletin filed with the national highway traffic safety administration. And then they will do a retrofit at no cost. How's that for nice. A lot of these manufacturers are upgrading to 4g. Yeah, the, uh, you know, LTE, the stuff that was really fast, you remember that I was remembering getting 50 megabits and that it was just incredible. [00:25:05] But at any rate, they're offering that and the option to purchase a subscription. To 4g. So you'll be able to get two gig of data per month at $10 a month. Now that's for some manufacturers, not all of them, have it $30 a month if you want unlimited data. So depending on how much you're driving GM started pushing a free over the air update in October to keep OnStar running. [00:25:32] After the 3g shut down though, some 2015 model year cars will need a ma a hardware worse. Tesla says it plans to charge $200 to upgrade older model S vehicles, but no additional fees are noted for it. Toyota, Toyota and Lexus are not planning to retrofit. Affected vehicles in its public FAQ Toyota sites, a clause and its disclosures that said certain connected services may change at any time without notice. [00:26:08] And when the drive ass Toyota, if it plans to offer an upgrade paid or otherwise for consumers who own effective vehicles, the answer was assumed. No. And Toyota, by the way, is one of the companies that has decided, Hey, um, we're just going to go ahead. And, uh, you, you, you know, that remote start that you got for those cold winters. [00:26:31] Yeah. W we've decided that, uh, even though you paid for, you know, what, three, four years ago, we're going to start charging you monthly to use your remote start. Uh, come on guys. So have a little. Um, try and find out, talk to your, uh, your automotive dealer or go to duck, duck, go and look up your car and type in three G uh, end of life at the same time and see what it comes up with at your model in there. [00:27:05] But I am very disappointed with Toyota. I have some friends that just loved Toyota. I bought a brand new one. Way back when, when would have been like 82, 3, something like that, a great little car Cresseta with a supra engine in it. And I drove that for quite a few years. The good, tough little car I had to keep replacing the water pump, but that was the only problem we ever had with it. [00:27:31] But I haven't owned a Toyota since then, but this is, and I've actually been thinking about it lately, but this is something that really turns me off. I don't know about. Let's get into our next, a little problem area. And that is fleet managers. If you are relying on electronic logging devices and other internet of things, devices to track your trucking fleet. [00:27:57] There's some problems. Uh, let's see here, here's a quote. This is from Czech Republic. Uh, John Nichols, executive vice president of sales for north America and mixed telematics estimated that about 80% of his customers are still using 3g devices. Now this was about a year ago. This is from a November, 2020 article. [00:28:22] So this is going to be a very. Problem for you as well. Uh, for any people who have fleet vehicles that they're trying to maintain, hopefully you know about this. Hopefully your vendors are going to take care of it for you. I'm impressed. The GM set their cars up with the hardware that can handle 3g and 4g. [00:28:44] And all you need is a software upgrade to have it switch. I think that was very smart of them. So. Kudos to GM for that particular thing. Dell led let's get into the future of computers and laptop design. Dell has been doing some interesting things. Now you probably heard me a couple of weeks ago be moan Dell because they have businesses. [00:29:06] Specialists and experts that you can call that really know almost nothing about what you really need. And it just drives me crazy because Dell has been selling my customers, hardware that doesn't meet the customer's needs because frankly, the customers don't really know what their needs are. And so that's something that I've helped them with. [00:29:28] And I, if you email me@craigpeterson.com, I written up. On what the best computers to buy are based on what it is you need, you know, what, what are the tricks that you need to follow? But what Dell is doing right now is something they're calling concept Luna, and I've seen things like this before. There was a, a cell phone that was being manufactured that allowed you to change modules. [00:29:58] They were literally just click and go and kind of like Lego. Almost and the phones weren't that popular. I don't even think they're in business anymore. I can't remember their name, but those particular clicking NGOs were clicked and gone is kind of the bottom line on it because they were kind of big. [00:30:19] They were kind of clumsy. They weren't released something people wanted to use. You know, Android comes from Google. And Google has their basic tests and says, this is what Android should look like, but every manufacturer puts their own look and feel on top of that Android operating system. And what that ends up doing for you is, you know, makes it a little more pleasant and also. [00:30:49] So that you don't really, really want to go and change your phones. Cause you're used to the way this particular phone works, but Dell is looking at doing kind of the same thing. They're looking at this electronic waste problem where you have a laptop, it gets old, you throw it away. And, but now it looks like there's more sustainability. [00:31:14] Built into things like this Luna design, they're trying to make the company's laptops more environmentally friendly and in the process are going to make them more repairable, which is kind of cool. If you look at what Apple's done in their laptops, there's basically nothing inside there. That's user replaced. [00:31:36] Okay, you can probably replace a battery. I use a company I've had their president on my show a few times. Uh, Larry, um, Connor, I think it is his last name, but OWC other world computing and they've got. Little upgrades and replacement parts and videos on how to do it and all the tools you need to, to upgrade your Mac. [00:32:00] But nowadays apple is soldering the memory on the motherboard, or even more recently using the apple chips. And by the way, this is part of the reason they're so fast. They are putting the memory right on the same silicone and. The CPU itself. So they're moving towards a one chip with everything on it. So if you buy an apple computer nowadays, I love them. [00:32:29] They are great. They've got great security built in, et cetera, et cetera, but you better buy a computer that has enough memory and enough storage on it to last you for some years. Because a lot of these computers I'm picking on apple right now, but there's a lot of other vendors the same way. They are not upgradeable, but concept Luna should work pretty well boring. [00:32:56] This idea from that's right. It was framework. That was the name of it. Anyways, stick around and visit me online. Craig peterson.com. [00:33:05] If you own a car and that car has been made, uh, all the way up to 2021 and your car is using. The internet by a 3g, which is most cars. I got a little news for you. [00:33:22] We are looking at a real big problem here that most people haven't heard of. [00:33:29] I was talking in fact, this week on the air with someone who has a car to Volvo and they have a remote little starter, which has been great for. And they were informed that they needed to do an upgrade. And that upgrade turned out to be very costly. I had another listener who has a solar panel on the roof of their house and their solar panel on that roof is designed to. [00:34:03] Be able to get updates, software updates, let you know, what's the charge like how much sun is there today? Maybe you should brush off some of the snow. All of that is communicated by the. But how, how was that working? The problem that most vendors have is, uh, how do they get the data to, and from their devices? [00:34:30] If you think about, for instance, Elon Musk, with the wonderful little Tesla cars, they want to push an update and we're seeing this more and more by. The older cars, most cars, non Tesla, as you take them into the dealer for service. And while it's there they go ahead and plug it in. They download new software firmware from the internet and install it on your car. [00:34:56] And you are often driving. Maybe you're none the wiser. Maybe you got some new features. So it's one thing for them. To have control over a basic network, uh, network that our car dealer might have where they say, okay, here's the specs you need this much. Download speed. You need that. You need the other thing simple enough. [00:35:20] But how about you and your home or you and your business? How does that time system keep track of the employees when they sign in and out? Does it upload it to the internet? Did you have to plug it into your network? Did you have to hook it up to your wifi? I can tell you from personal experience, anytime we touch your network and there is. [00:35:45] Problem later on, we own the problem, even if we had nothing to do with it. It's again, it's another Craig ism, whoever touched the computer last owns the next problem. So these vendors have decided, well, we can solve that problem. All we need to do is use cellular phone data. So they put effectively a little cell phone onto their devices. [00:36:13] Just like that Volvo we were talking about or other high-end luxury cars. So there's solar panel has a 3g modem in it. The cars have 3g modems in them to unlock the doors, to start the. In many cases, right? They also have updates that come down from the cloud, quote, unquote, over three G for your navigation system to let you know, Hey, there's heavy traffic. [00:36:45] I'm going to reroute you. We're rerouting all of that data coming from the 3g network, coming through it, or being pushed up via the 3g network. All of that data is in trouble and it's in trouble because. Every major carrier is eliminating three G next year. Yeah, it is really that bad. A T and T is shutting down 3g services in February. [00:37:16] Sprint's following in March and T-Mobile in July and Verizon. On December 31st, all of them, 2022, that is a very big deal and a very big problem. So what can you do about it? No, it depends. The roof, solar panels, we were just talking about their vendor, told them they could do the upgrade for them, and it would be $800. [00:37:47] Very very big deal. We also had other people who were talking about their cars and what had to happen with them. And the cars are look like they're tending to be more expensive. You can expect to pay between 520 $500 for an upgrade because many of them are saying, Hey, w you know, we're not going to just fix this one problem. [00:38:10] We have to replace the whole module. And that means. To replace your infotainment system in your car. Infotainment of course, being basically everything that has to do with your GPS navigation, your satellite radio, your, uh, your car play from apple or Android car or whatever it is you might be using. [00:38:33] That's why it gets so expensive. So. Keep an eye out. This is going to be a very, very big deal. We're looking at everything from owner applications, like going ahead and starting that engine to warm it up to emergency calls services to in navigation, functionality, reporting telematics, which is the data about your car back to the dealer. [00:39:02] Ultimately, so, you know, your car says, oh, uh, you need to go in and get your oil changed. And it's going to be a, you know, we can set up alarm and you want it. And you know, some of them are very, very fancy and all of that is going to go away and includes a lot of luxury cars all the way through. Some 2021 models, but many, many of them, if not most of them through 2019. [00:39:29] Okay. Is that a very, very big deal or what these 3g towers are going away? The companies, the cell phone companies are planning on reusing that bandwidth and they're going to put it into where yeah. 5g, exactly 5g. So here's a few. The cars that you might want to be concerned about Acura. They have something called link, uh, and they have, let's see the MDX ILX, RDX, uh, RLX TLX NSX, like kind of sounds like almost all of them. [00:40:06] So Acura is going to have a problem with almost all of their cars that were made between 2014 and 2017. Audi. They're going to have problems with, again, all their cars, a three, four or 5, 6, 7, 8, the RS Q3 five and seven. Yeah, pretty much all of their cars from 2012 through 2018. So I already saw this coming and decided to fix it early, so good for them. [00:40:39] So basically if your car is older than 2018 model year, you're going to have some problems, Bentley. A number of models produced prior to 2020. And if you're driving a Bentley and do you want to give it to some guy, you know, really great looking guy, you can just let me know Craig. Yeah. Yeah. [00:40:57] me@craigpeterson.com BMW number models produced before 2019 general motors. Models may between 2015 and 2021 across its fleet will be affected, but it's not breaking down with specific vehicles across it's brands of Buick Cadillac, Chevy, GMC, but they did in this case, it's the drive.com track down a technical service bulletin that indicates almost every post 2015 model is affected. [00:41:32] Okay. Yeah. Bu-bye a Honda again, pretty much everything. From 2018 to 2021 Lexus all models 2010 to 2017 Mazda. Pretty much everything. 2016 to 2019 Mitsubishi, every eclipse cross and Outlander Porsche 9 11, 18, 7 eighteens, et cetera, et cetera. All of them, 20 14, 20 19 Subaru. Pretty much everything. 2016 and on Tesla model as built before 2015 Toyota. [00:42:14] Ooh, they got some interesting problems, 2010 and on Volkswagen, much the same stick around. Visit me online. Craig peterson.com.

Java with Juli
#394: Debt-free in the Bedroom: How To Heal From Sexual Pain

Java with Juli

Play Episode Listen Later Jan 3, 2022 43:42


Have you experienced sexual trauma? Betrayal in marriage? Do you regret your sexual choices from the past? These experiences create a sense of shame that follows you right into the bedroom. Join Dr. Juli Slattery and Dr. Doug Rosenau for a conversation about how to begin to heal. Guest: Dr. Doug Rosenau How do you take your Java? How Do I Get Past My Shame? (video) God's Healing Stinks (Juli's blog) Why Is Healing So Hard? (Juli's blog) How To Choose a Wise Counselor (Juli's blog) Surprised By the Healer by Juli Slattery & Linda Dillow A Celebration of Sex by Dr. Doug Rosenau* Follow Authentic Intimacy on: Instagram: @authenticintimacy Facebook: @authenticintimacy Follow Juli on Twitter @DrJuliSlattery   *This is an affiliate link. AI may earn referral fees from qualifying purchases. Photo by Tai's Captures on Unsplash

Java Off-Heap
OffHeap 69. Ok, so the internet burned down with Log4J.

Java Off-Heap

Play Episode Listen Later Jan 3, 2022 71:21


Hopefully you have had some time to R&R, but if you were in tech around Dec 2020, you heard that there was this massive security incident around Log4j. It affected almost everyone, from large to small companies, and if you work in Java, chances are that you might've to work on it too (and if you haven't, it's a good idea to double-check your code) It has a severity of "10", which is rare, and what makes it hard to ignore. If you want to understand what it was about, and how it got there, then take a listen. Learn how to patch against it, as we travel and dive into the mechanics and the missed opportunities that happened. http://www.javaoffheap.com/datadog We thank DataDogHQ for sponsoring this podcast episode DO follow us on twitter @offheap http://www.twitter.com/offheap *News* MicroProfile 5.0: https://microprofile.io/ Eclipse IDE Release https://www.eclipse.org/downloads/packages/release/2021-12/r NetBeans 12.6 Release https://netbeans.apache.org/download/nb126/index.html Spring Native 0.11 Release https://docs.spring.io/spring-native/docs/current/reference/htmlsingle/ *Discussion* Log4j2 https://www.lunasec.io/docs/blog/log4j-zero-day/ It made CNN: https://www.cnn.com/2021/12/13/politics/us-warning-software-vulnerability/index.html    

Sunday Grind Podcast
Wake My Face Up!!!!

Sunday Grind Podcast

Play Episode Listen Later Jan 2, 2022 48:16


This week, we reflect on the 2021 year and what our hopes and dreams are for 2022....what are *your* goals for 2022?? Coffee of the week: Java's Cafe No 1 - https://www.javascafe.com/shop/p/public-market-mpjw9 Patreon - https://www.patreon.com/sundaygrindpod - we'd love your support! Website - https://www.sundaygrindpod.com Not for much longer! :) Instagram - https://www.instagram.com/sundaygrindpod/ Twitter - https://twitter.com/sundaygrindpod Facebook - https://www.facebook.com/sundaygrindpod TikTok - https://vm.tiktok.com/ZMJHytMqj/ Artwork done by Briana Wardwell - https://www.instagram.com/brianadoesart/ All music Composed By Robert Brown and used with permission ©Crazy Dog Media LLC. All rights reserved

DevTalles
046 - Log4j - Vulnerabilidad

DevTalles

Play Episode Listen Later Jan 2, 2022 26:33


En este episodio hablaremos de lo que pasó y está sucediendo con un logger muy utilizado en la industria de Java. --- Support this podcast: https://anchor.fm/fernando-her85/support

Musiques du monde
Célébration de Tony Allen par Fixi et Nicolas Giraud dans la #Session Live

Musiques du monde

Play Episode Listen Later Dec 31, 2021 48:30


"J'ai ma propre signature personne ne joue comme moi et je ne joue comme personne c'est du travail de la discipline je voulais arriver là, je ne voulais me mesurer à personne je voulais juste être moi et m'assurer que je donne du plaisir aux gens".   C'est avec ces mots de Tony Allen que s'ouvre cette session live avec 2 invités Fixi et Nicolas Giraud, 2 fils, 2 amis, 2 élèves de Tony Allen qui a disparu des radars terrestres le 30 avril 2020. "Tempo Tempo!", intimait le légendaire Tony Allen, véritable chef d'orchestre derrière sa batterie, aux jeunes Fixi et Nicolas Giraud, il y a près de 25 ans, les invitant ainsi à le suivre dans son rythme si singulier… Fixi & Nicolas Giraud ont ainsi commencé avec Tony. Clip Tony Allen 2011 avec Fixi aux claviers et Nicolas Giraud à la trompette. Puis ils ont suivi leur route sans jamais le quitter. Fixi a rencontré le succès national avec Java, la reconnaissance internationale avec Winston McAnuff, tout en s'illustrant auprès de M, Arthur H, Grace Jones, ou encore Keziah Jones. Nicolas Giraud a quant à lui accompagné une autre légende, Claude Nougaro, et une grande diversité d'artistes, d'Angélique Kidjo à Roberto Alagna en passant par Keren Ann ou Manu Dibango. Deux trajectoires parallèles, durant 25 ans, avec Tony Allen comme point de ralliement ou comme port pour s'y attacher entre deux tournées, entre deux aventures musicales. Bien au-delà d'un père spirituel ou d'un mentor, Tony Allen a été pour eux un ami qui leur a transmis des valeurs et montré le chemin : se réaliser soi-même (Just want to be me), aller à l'essentiel (Keep it simple) et Celebrate your life (La vie est belle)… Ils devaient se retrouver tous les trois pour sceller discographiquement leur amitié, mais Tony est prématurément parti rejoindre les étoiles le 30 avril 2020. Durant les mois qui suivent, les deux compagnons entendent chaque jour "Tempo Tempo!" : l'envie de renouer le contact avec Tony est puissante. Ainsi, autour des enregistrements de ses batteries, Fixi et Nicolas se retrouvent, composent, et enregistrent leurs instruments (trompette, accordéon, piano, basse, percussions, voix, guitares). Le dialogue est rétabli. Ils invitent leur famille musicale Maïa Barouh, Djeuhdjoah, les Nigérians Ayo Nefretiti et Fatai Rolling Dollar, mais aussi le petit-fils de Tony Allen, Tunji, à participer et chanter à leur manière le génie du grand Tony Allen, maître du tempo. "Tempo tempo!" est une célébration colorée et joyeuse qui donne vie à l'héritage d'une véritable légende de la musique. Voir le clip La Vie est belle.   Titres interprétés Just Want To Be Me, Live RFI Tempo Tempo (extrait de l'album Tempo Tempo) 79, Live RFI Musiciens Fixi, accordéon Nicolas Giraud Son Benoît Letirant.     Playlist de Fixi et Nicolas Giraud Choix1 Fixi : Gaye Su Akyol Istikrarh Hayal Hakikattir voir le clip  Choix 2 Nicolas : Pat Thomas Gyae Su voir le clip  Choix3 Fixi : Georges Brassens Les 4 Bacheliers Choix4 Nicolas : Tony Allen x Hugh Masekela Obama Shuffle (Rediffusion)

JUG Istanbul
Java Monthly II

JUG Istanbul

Play Episode Listen Later Dec 31, 2021 41:46


Java Monthly serisinin ikincisini yaptık, aylık olarak javada çıkan haberleri, yeni gelişmleri konuştuk. Konuklarımız Hüseyin Akdoğan ve Altuğ Bilgin Altıntaş bizimle birlikte oldu. Bu bölümden alınacak çok şey var! #java17 #java18 #qodana #helidon #jakartaEE #quarkus #log4j JUG İstanbul Web Sitesi: https://jugistanbul.org

Clear Tai Chi
S07E04 - Clear Tai Chi Level 1 - Underwater Method - Internal Weight Shifting - Audio

Clear Tai Chi

Play Episode Listen Later Dec 31, 2021 60:39


The Underwater Method & the skills of Internal Weight Shifting in Clear Tai Chi.   For more on Clear Tai Chi & Internal Power sign up for our Free Practical Guide to Internal Power: https://InternalPowerGuide.com   Copyright © 2021 by Clear Tai Chi All text, graphics, audio files, Java applets and scripts, downloadable software, and other works on this web site are the copyrighted works of Clear Tai Chi. All Rights Reserved. Any unauthorized redistribution or reproduction of any copyrighted materials on this web site is strictly prohibited.

Clear Tai Chi
S07E04 - Clear Tai Chi Level 1 - Underwater Method - Internal Weight Shifting - Video

Clear Tai Chi

Play Episode Listen Later Dec 31, 2021 60:39


The Underwater Method & the skills of Internal Weight Shifting in Clear Tai Chi.   For more on Clear Tai Chi & Internal Power sign up for our Free Practical Guide to Internal Power: https://InternalPowerGuide.com   Copyright © 2021 by Clear Tai Chi All text, graphics, audio files, Java applets and scripts, downloadable software, and other works on this web site are the copyrighted works of Clear Tai Chi. All Rights Reserved. Any unauthorized redistribution or reproduction of any copyrighted materials on this web site is strictly prohibited.

Oracle Groundbreakers
FROM THE ARCHIVES: John Spurling at UnVoxxed Hawaii 2020 on Debugging

Oracle Groundbreakers

Play Episode Listen Later Dec 31, 2021 16:22


Jim Grisanzio talks with John Spurling, a JVM engineer at Twitter, at UnVoxxed Hawaii 2020 about debugging and the mental process of solving difficult technical issues. John Spurling https://twitter.com/synecdotal  Jim Grisanzio https://twitter.com/jimgris  Video on YouTube https://youtu.be/6dwOPQSJwaI  UnVoxxed Hawaii https://flic.kr/s/aHsmLF23KD  https://twitter.com/UnVoxxedHawaii  https://www.youtube.com/playlist?list=PLX8CzqL3ArzU0APb6QgpMMTMPEz1jok5Q  Seymour Cray https://en.wikipedia.org/wiki/Seymour_Cray  Make It Stick: The Science of Successful Learning  https://www.amazon.com/Make-Stick-Science-Successful-Learning/dp/0674729013 

Thrive Bites
S 4 Ep 27 - How To Get The Best Sleep Possible with Dr.Dave Shirazi

Thrive Bites

Play Episode Listen Later Dec 31, 2021 52:53


Want to know how to get the best possible sleep? Join me as I interview Dr. David Shirazi as we dig into the missing pieces of a good quality night's sleep! WATCH THE YOUTUBE VIDEO HERE: https://youtu.be/G-snt_d-sPg  In 2000, Dr. Dave Shirazi rang in the new millennium by graduating from Howard University College of Dentistry, in Washington D.C. He went on to earn a Master's degree in Oriental Medicine from SAMRA University in 2006. In 2007, he received the prestigious Fellowship Award from the American Academy of Craniofacial Pain, an organization dedicated to the diagnosis and treatment of Craniofacial Pain and Sleep Breathing Disorders. Dr. Shirazi has completed over 2000 hours of continuing education in TMD and facial pain, craniomandibular orthopedics, and sleep-disordered breathing. He lectures on those very subjects himself throughout the United States. Additionally, he fulfilled a hospital mini-residency in oriental medicine at the China Beijing International Acupuncture Training Center, the only institution authorized to teach globally on acupuncture and herbology by the World Health Organization. From 2011 through 2016, Dr. Shirazi was a board-licensed RPSGT, the first, and so far only, dual degreed dentist and RPSGT. He is the founder of the Bite, Breathe and Balance Podcast and study group, a platform dedicated to the multidisciplinary approach to treating craniofacial pain and sleep disorders. Dr. Shirazi is the Director of The TMJ and Sleep Therapy Center of Los Angeles, state-of-the-art private practices limited to the treatment of TMD, craniofacial pain, Sleep breathing disorders, and craniomandibular orthopedics. His practice is part of the TMJ and Sleep Therapy Center international family, joining the ranks of over 65 global centers. https://tmjandsleeptherapycentre.com/ ***This episode was previously LIVE, so giveaways, comments, and questions cannot be entertained at this time. Find the other YouTube episodes here: https://bit.ly/TheChefDocYT Follow us every Wednesday for a new LIVE Q&A Episode at 5 pm PST. --- Listen to other Thrive Bites Episodes here: https://www.thethr5formula.co/podcast Join our NEW THR5 FB Community here: https://www.facebook.com/groups/theth... --- *This episode is sponsored by The THR5 Formula™ Virtual Summit Experience at https://www.thethr5formula.co/ *This episode is sponsored by Listenable.io. Special offer for Thrive Bites listeners, using the coupon code {colinzhu} at listenable.io, and you'll get 30% off a year of Listenable. *This episode is sponsored by Betterhelp. Special offer for Thrive Bites listeners, get 10% off your first month at http://betterhelp.com/thechefdoc _________________ *Interview views are opinions of the individual. This podcast is not a source of medical or dental advice* Copyright © 2021 by TheChefDoc, LLC All text, graphics, audio files, Java applets and scripts, downloadable software, and other works on this website are the copyrighted works of TheChefDoc, LLC. All Rights Reserved. Any unauthorized redistribution or reproduction of any copyrighted materials on this website is strictly prohibited.

A Bootiful Podcast
Geertjan Wielenga, senior director of opensource projects at Azul Systems and Foojay.io founder

A Bootiful Podcast

Play Episode Listen Later Dec 31, 2021 49:54


Hi, Spring fans! In this installment, [Josh Long (@starbuxman)](https://twitter.com/starbuxman) talks (again!) to [Java](https://twitter.com/java) ecosystem legend and senior director of opensource projects at [Azul Systems](https://twitter.com/AzulSystems), [Geertjan Wielenga (@GeertjanW)](https://twitter.com/GeertjanW). Happy new year, everyone!

Close Encounters of the Podcast Kind
Kickback Episode: Nick Reviews Matrix Resurrections, Death of Elvis and Post-Christmas Clarity

Close Encounters of the Podcast Kind

Play Episode Listen Later Dec 29, 2021 53:26


It's Winter Break! Nick and Tasker take it easier than usual on their allotted vacation-recording and talk about their disappointments, triumphs, and successes in surviving the holiday season!Support the show (https://ko-fi.com/ceotpk)

KIRO Nights
Hour 2: The legend of the Seattle Sonics

KIRO Nights

Play Episode Listen Later Dec 29, 2021 36:20


How to fix the housing problems of King County (and Washington State) // Sports icon Mike Gastineau ("the Gasman") on the legend of the Seattle Sonics // Board Op Andrew briefly explains the source and danger of the Java "log4j" vulnerability See omnystudio.com/listener for privacy information.

Modernize or Die ® Podcast - CFML News Edition
Modernize or Die® - CFML News for December 28th, 2021 - Episode 129

Modernize or Die ® Podcast - CFML News Edition

Play Episode Listen Later Dec 28, 2021 39:14


2021-12-28 Weekly News - Episode 129Watch the video version on YouTube at https://youtu.be/xQ44rxXK_Z0 Hosts: Gavin Pickin - Senior Software Developer for Ortus SolutionsDaniel Garcia  - Senior Software Developer for Ortus SolutionsThanks to our Sponsor - Ortus SolutionsThe makers of ColdBox, CommandBox, ForgeBox, TestBox and almost every other Box out there. A few ways  to say thanks back to Ortus Solutions: Like and subscribe to our videos on YouTube.  Subscribe to our Podcast on your Podcast Apps and leave us a review Sign up for a free or paid account on CFCasts, which is releasing new content every week Buy Ortus's Book - 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips) Patreon SupportWe have 37 patreons providing 97% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. News and EventsLog4j Vulnerability UpdatesOrtus has updated the Adobe CF engines on ForgeBox for CommandBox users to include the latest security patches released from Adobe the same day Adobe released them.2021.0.3+3297792018.0.13+329786Please update any CommandBox servers immediately to use these new, secure versions of ACF. #CFML #ColdFusionTweet from BradApache announced today that the formatMsgNoLookups JVM arg is no longer considered sufficient to mitigate a vuln ver of Log4j.  https://logging.apache.org/log4j/2.x/security.html Their advice (and Adobe's) is to completely remove the JndiLookup class file from the log4j-core jar or update to 2.16. #CFMLNew Blog PostsAdobe Updates ReleasesWe are pleased to announce that we have released the updates for the following ColdFusion versions: ColdFusion (2021 release) Update 3 ColdFusion (2018 release) Update 13 ColdFusion 2021 Performance Monitoring Toolset Update 3 ColdFusion 2018 Performance Monitoring Toolset Update 4 ColdFusion API Manager updates https://coldfusion.adobe.com/2021/12/update-coldfusion-security-updates-log4j-vulnerability/ If you have applied the #ColdFusion updates from Fri, Dec 17, Adobe now says it's ok to copy in the log4j 2.17 jars, and they even offer just what you need. This is NOT the way to mitigate INSTEAD of doing the updates.https://helpx.adobe.com/coldfusion/kb/log4j-2-16-vulnerability-coldfusion.htmlPrevious Blog PostsAdobe's update on the matter (thanks charlie for pointing this out)Blog - https://coldfusion.adobe.com/2021/12/update-log4j-vulnerability/ Update - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html Lucee is not affected https://dev.lucee.org/t/lucee-is-not-affected-by-the-log4j-jndi-exploit-cve-2021-44228/9331 Charlie's Blog on the matter https://www.carehart.org/blog/2021/12/14/about_the_log4jshell_pandemic https://coldfusion.adobe.com/2021/12/dealing-recent-log4j-vulnerability-adobe-releases-update/ More news links about Log4j https://www.zdnet.com/article/log4j-flaw-attackers-are-making-thousands-of-attempts-to-exploit-this-severe-vulnerability/Adobe WorkshopsMore Adobe #ColdFusion Workshops announced, lead by Damien Bruyndonckx (Brew-en-dohnx)2 dates announced:February 2, 20229.00 AM - 4.30 PM CET1.30 PM - 9.00 PM ISTMarch 09, 20229.00 AM - 4.30 PM CET1.30 PM - 9.00 PM ISThttps://cf-workshop.meetus.adobeevents.com/ ICYMI - CBSecurity V2.15.0 released

Thrive Bites
S 4 Ep 26 - How International Medical Relief Works with Shauna Vollmer King

Thrive Bites

Play Episode Listen Later Dec 28, 2021 59:05


How does International Medical Relief help those people in need? How can others play a role in saving and changing lives? Know more as I interview Shauna King who is the President and Founder of International Medical Relief in this episode! WATCH THE YOUTUBE VIDEO HERE: https://youtu.be/KbJ6FonbNgY  International Medical Relief is a nonprofit organization dedicated to providing medical care to communities around the world with over 60,000 volunteers. IMR is the largest provider of short-term medical care with a focus on primary medical, surgical, dental care, and prevention using a teaching model of community health sustainability. IMR responds to numerous disasters worldwide. Shauna King's international experience expands across 78 countries. She works with governments throughout the world and their respective ministries of health and trade offices. King also created the opportunity for medical professionals traveling abroad to earn exemplary accreditation by the ACCME to provide CME for physicians. International Medical Relief: https://internationalmedicalrelief.org/ Shauna King: https://www.facebook.com/shauna.king.... ***This episode was previously LIVE, so giveaways, comments, and questions cannot be entertained at this time. Find the other YouTube episodes here: https://bit.ly/TheChefDocYT Follow us every Wednesday for a new LIVE Q&A Episode at 5 pm PST. --- Listen to other Thrive Bites Episodes here: https://www.thethr5formula.co/podcast Join our NEW THR5 FB Community here: https://www.facebook.com/groups/theth... --- *This episode is sponsored by The THR5 Formula™ Virtual Summit Experience at https://www.thethr5formula.co/ *This episode is sponsored by Listenable.io. Special offer for Thrive Bites listeners, using the coupon code {colinzhu} at listenable.io, and you'll get 30% off a year of Listenable. *This episode is sponsored by Betterhelp. Special offer for Thrive Bites listeners, get 10% off your first month at http://betterhelp.com/thechefdoc _________________ *Interview views are opinions of the individual. This podcast is not a source of medical or dental advice* Copyright © 2021 by TheChefDoc, LLC All text, graphics, audio files, Java applets and scripts, downloadable software, and other works on this website are the copyrighted works of TheChefDoc, LLC. All Rights Reserved. Any unauthorized redistribution or reproduction of any copyrighted materials on this website is strictly prohibited.

airhacks.fm podcast with adam bien
Java, Jakarta EE and MicroProfile on Azure

airhacks.fm podcast with adam bien

Play Episode Listen Later Dec 28, 2021 51:17


An airhacks.fm conversation with Ed Burns (@edburns) about: expisode with Ed's first computer: "#161 SGI, NCSA Mosaic, Sun, Java, JSF, Java EE, Jakarta EE and Clouds" enabling Jakarta EE servers to run well on Azure, working with IBM and Oracle to support OpenLiberty on Azure and WebLogic on Azure, working with payara cloud, Azure Container Instances the cloud way of "docker run", JBoss EAP on Azure App Service, MicroProfile, Jakarta EE and Java EE application servers on Azure, Lift and Shift with kubernetes and Azure Kubernetes Service, Azure Container Apps - the sweet spot of ACI and ACR, cloud portability with Kubernetes, IaC with ARM Template, WebLogic on Kubernetes was using Bicep, "the complexity tax", Microsoft joins Java Community Process (JCP), Microsoft Build of OpenJDK, Azure Event Bus and Azure Service Bus, "#111 Java / Jakarta Messaging Service (JMS) on ...Microsoft Azure", Payara Cloud on Azure - the serverless server, OpenLiberty on AKS, JBoss EAP on Azure App Service, the Azure Service Connector, Azure Services as a Service -- the anti-corruption layer, Azure ExpressRoute and Azure Virtual Network, Event Driven Architectures and Azure Logic Apps, Ed Burns on twitter: @edburns

The History Listen
Diamond Jack, Smirnov and the Pelikaan

The History Listen

Play Episode Listen Later Dec 28, 2021 28:36


A wild ride involving a Russian flying ace, an escape from Java in World War 2, and a missing package of diamonds.

Java with Juli
#393: Practical Wisdom for Dating & Friendship

Java with Juli

Play Episode Listen Later Dec 27, 2021 41:55


Can we get practical about dating? We're not going to say it's easy, but it's not that complicated either. In this episode, Juli and author Eric Demeter put aside the Christian dating subculture and get super practical about being direct, being honest, and being wise. Grab your Java and join us! Guest: Eric Demeter Show notes: How Should a Christian Date? It's Not as Complicated as You Think by Eric Demeter* Sex & the Single Girl by Juli Slattery Is Masturbation a Sin? You May Be Asking the Wrong Question (Juli's blog) What's the Purpose of Your Sexuality, Really? (Juli's blog) Java Ep #95: The Dating Manifesto Java Ep #144: What Do You REALLY Believe About Being Single? Make a donation to Authentic Intimacy Follow Authentic Intimacy on: Instagram: @authenticintimacy Follow Juli on Twitter @DrJuliSlattery   *This is an affiliate link. AI may earn referral fees from qualifying purchases.  

Brakeing Down Security Podcast
2021-046-Mick Douglas, Log4j vulnerabilities, egress mitigations- part2

Brakeing Down Security Podcast

Play Episode Listen Later Dec 23, 2021 40:47


  Introduction Overview of Log4j vuln (as of 16 December 2021) Why is it a big deal? (impact/criticality/risk) Talk about patching vs. mitigation why wasn't this given the same visibility in 2009? Because it's Oracle or Java? Good callout is building slides to brief org leadership, detections, and other educational tools. Vuln fatigue (Java vulns in 2009 and pretty much forever cause us fatigue) Are there other technologies like log4j that prop up the entire world, and we just don't know? Egress traffic (discussed at length on twitter, what problems it solve?) https://twitter.com/mubix/status/1470430085169745920 Latest: https://www.theregister.com/2021/12/14/apache_log4j_v2_16_jndi_disabled_default/ - apache removed JDNI functionality https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/

Streaming Audio: a Confluent podcast about Apache Kafka
Running Hundreds of Stream Processing Applications with Apache Kafka at Wise

Streaming Audio: a Confluent podcast about Apache Kafka

Play Episode Listen Later Dec 21, 2021 31:08


What's it like building a stream processing platform with around 300 stateful stream processing applications based on Kafka Streams? Levani Kokhreidze (Principal Engineer, Wise) shares his experience building such a platform that the business depends on for multi-currency movements across the globe. He explains how his team uses Kafka Streams for real-time money transfers at Wise, a fintech organization that facilitates international currency transfers for 11 million customers. Getting to this point and expanding the stream processing platform is not, however, without its challenges. One of the major challenges at Wise is to aggregate, join, and process real-time event streams to transfer currency instantly. To accomplish this, the Wise relies on Apache Kafka® as an event broker, as well as Kafka Streams, the accompanying Java stream processing library. Kafka Streams lets you build event-driven microservices for processing streams, which can then be deployed alongside the Kafka cluster of your choice. Wise also uses the Interactive Queries feature in Kafka streams, to query internal application state at runtime. The Wise stream processing platform has gradually moved them away from a monolithic architecture to an event-driven microservices model with around 400 total microservices working together. This has given Wise the ability to independently shape and scale each service to better serve evolving business needs. Their stream processing platform includes a domain-specific language (DSL) that provides libraries and tooling, such as Docker images for building your own stream processing applications with governance. With this approach, Wise is able to store 50 TB of stateful data based on Kafka Streams running in Kubernetes. Levani shares his own experiences in this journey with you and provides you with guidance that may help you follow in Wise's footsteps. He covers how to properly delegate ownership and responsibilities for sourcing events from existing data stores, and outlines some of the pitfalls they encountered along the way. To cap it all off, Levani also shares some important lessons in organization and technology, with some best practices to keep in mind. EPISODE LINKSKafka Streams 101 courseReal-Time Stream Processing with Kafka Streams ft. Bill BejeckWatch the video version of this podcastJoin the Confluent CommunityLearn more with Kafka tutorials, resources, and guides at Confluent DeveloperLive demo: Intro to Event-Driven Microservices with ConfluentUse PODCAST100 to get an additional $100 of free Confluent Cloud usage (details)

The 6 Figure Developer Podcast
Episode 225 – SRE is a Journey with Dave Stanke

The 6 Figure Developer Podcast

Play Episode Listen Later Dec 20, 2021 42:18


  Dave Stanke joins us to talk all about Site Reliability Engineering. Dave is a Developer Relations Engineer with Google Cloud Platform specializing in DevOps, Site Reliability Engineering (SRE), and other flavors of technical relationship therapy. He loves chatting with practitioners: listening to stories, telling stories, sharing a healthy cry. Prior to Google, he was the CTO of OvationTix/TheaterMania, a SaaS startup in the performing arts industry, where he specialized in feeding memory to Java servers. He chose on purpose to live in New Jersey, where he enjoys baking, indie rock, and fatherhood.   Links https://stanke.dev/ https://twitter.com/davidstanke https://cloud.google.com/developers/advocates/dave-stanke   Resources https://sre.google/ https://bit.ly/reliability-discuss https://bit.ly/dora-sodr Thinking, Fast and Slow Site Reliability Engineering The Site Reliability Workbook Want to supercharge your DevOps practice? Research says try SRE Eliminating Toil Identifying and tracking toil using SRE principles How maintenance windows affect your error budget—SRE tips "Tempting Time" by Animals As Leaders used with permissions - All Rights Reserved × Subscribe now! Never miss a post, subscribe to The 6 Figure Developer Podcast! Are you interested in being a guest on The 6 Figure Developer Podcast? Click here to check availability!  

mixxio — podcast diario de tecnología

Detectan radiación nociva en estafas anti-5G / Tercera vulnerabilidad en Log4J / TikTok venderá comida a domicilio / Más detalles sobre Amazon y el tornado / Pixel 5a gana test ciego de fotografía Patrocinador: Descubre los nuevos Xiaomi 11T y Xiaomi 11T Pro https://www.mi.com/es/product/xiaomi-11t/, dos móviles de cine que tienen todo lo que necesitas: una pantalla de 120 Hz para el disfrute permanente de tus ojos, y una carga ultra-rápida de 120W que permite recargar tu móvil por completo en tan solo 17 minutos. https://www.mi.com/es/product/xiaomi-11t-pro Detectan radiación nociva en estafas anti-5G / Tercera vulnerabilidad en Log4J / TikTok venderá comida a domicilio / Más detalles sobre Amazon y el tornado / Pixel 5a gana test ciego de fotografía

The 443 - Security Simplified
Log4Shell Deep Dive

The 443 - Security Simplified

Play Episode Listen Later Dec 20, 2021 37:57


This week we take a deep dive into CVE-2021-44228, better known as Log4Shell, a critical vulnerability in the massively popular log4j2 logging library for Java applications. We discuss how the flaw came about, how it works, and why this specific issue has the potential to cause lasting headaches for the security industry for years to come. We also answer a mailbag full of questions from our listeners and WatchGuard partners about Log4Shell. NCSC log4js Usage Index - https://github.com/NCSC-NL/log4shell/blob/main/software/README.md Log4Shell IOCs - https://github.com/WatchGuard-Threat-Lab/log4shell-iocs Log4Shell Scanning Utility - https://github.com/proferosec/log4jScanner

Linux Action News
Linux Action News 220

Linux Action News

Play Episode Listen Later Dec 20, 2021 19:56


The nasty Log4Shell vulnerability isn't solved yet, this week saw a new round of attacks and patches. Plus how the work to port Linux to the Apple M1 resulted in fixing a bug that impacted all Linux distros.

Linux Action News
Linux Action News 220

Linux Action News

Play Episode Listen Later Dec 20, 2021 19:56


The nasty Log4Shell vulnerability isn't solved yet, this week saw a new round of attacks and patches. Plus how the work to port Linux to the Apple M1 resulted in fixing a bug that impacted all Linux distros.

Strong Women
85. What is the Purpose of Sex? with Dr. Juli Slattery - Part Two

Strong Women

Play Episode Listen Later Dec 17, 2021 31:59


What is God's design for sex? Dr. Juli Slattery is a leading voice on what it means to have a right perspective on sex and she speaks with gentleness, wisdom, and encouragement on this sensitive topic. Juli shares with us how to understand verses in Scripture about intimacy that are often taken out context and the goodness of the gift intimacy that God has given us.   Juli Slattery Show Notes – Part Two:   Java with Juli: javawithjuli.com  Authentic Intimacy: https://www.authenticintimacy.com/  Finding the Hero in Your Husband by Dr. Juli Slattery: https://www.barnesandnoble.com/w/finding-the-hero-in-your-husband-revisited-dr-juli-slattery/1138725480?ean=9780757323928  The Rise and Triumph of the Modern Self by Carl Trueman: https://www.barnesandnoble.com/w/the-rise-and-triumph-of-the-modern-self-carl-r-trueman/1136017129?ean=9781433556333  The Saving Life of Christ by W. Ian Thompson: https://www.barnesandnoble.com/w/saving-life-of-christ-w-ian-thomas/1103788144?ean=9780310332626  Fault Lines by Voddie Baucham: https://www.barnesandnoble.com/w/fault-lines-voddie-t-baucham-jr/1138418916?ean=9781684511808  Books by A.W. Tozer: https://www.barnesandnoble.com/s/aw%20tozer  Join Strong Women on Social Media: https://linktr.ee/strongwomencc  Erin and her husband, Brett, run Maven which “exists to help the next generation know truth, pursue goodness, and create beauty, all for the cause of Christ.” Check out more about Maven here: https://maventruth.com/   The Strong Women Podcast is a product of the Colson Center which equips Christians to live out their faith with clarity, confidence, and courage in this cultural moment. Through commentaries, podcasts, videos, and more, we help Christians better understand what's happening in the world, and champion what is true and good wherever God has called them.  Learn more about the Colson Center here: https://www.colsoncenter.org/   Visit our website and sign up for our email list so that you can stay up to date on what we are doing here and also receive our monthly book list: https://www.colsoncenter.org/strong-women       

2.5 Admins
2.5 Admins 69: Nice

2.5 Admins

Play Episode Listen Later Dec 16, 2021 30:37


A huge vulnerability in a Java logging library, ZFS on AWS disappoints, the fastest web servers for static sites, the importance of certs, and more.   Plugs Using FreeBSD's pkg audit to investigate known security issues Support us on patreon   News/Discussion Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package […]

Programming Throwdown
123 - Project Planning

Programming Throwdown

Play Episode Listen Later Dec 15, 2021 83:02


How do you stay focused when working on large projects that span many months?  In this duo episode, we talk about Project Planning techniques and trends!  We also cover solving personal data storage problems and building CNC machines & printers. 00:00:15 Introduction00:01:33 UML00:05:22 Home NAS and other personal storage solutions00:18:09 Homebrew CNC machine00:29:37 Raft (Consensus Algorithm)00:36:54 The Mathematics of 204800:45:44 Book of the Show 00:45:57 Manager Tools  00:49:10 Make Magazine 00:57:50 Tool of the Show 00:57:51 Workflowy 00:59:10 GitHub Desktop 01:01:00 Project Planning01:22:11 FarewellsResources mentioned in this episode:Tools: Workflowy: https://workflowy.com/b/ Github Desktop: https://desktop.github.com/ Companies: Manager Tools: https://www.manager-tools.com/ Make Magazine: https://makezine.com/ Other references:  QT Designer: https://www.qt.io/ Shapeoko: https://carbide3d.com/shapeoko/ Curves and Surfaces by Bartosz Ciechanowski: https://ciechanow.ski/curves-and-surfaces/ Inkscape: https://inkscape.org/ Raft: https://raft.github.io/ If you've enjoyed this episode, you can listen to more on Programming Throwdown's website: https://www.programmingthrowdown.com/Reach out to us via email: programmingthrowdown@gmail.comYou can also follow Programming Throwdown on Facebook | Apple Podcasts | Spotify | Player.FM Join the discussion on our DiscordHelp support Programming Throwdown through our Patreon★ Support this podcast on Patreon ★

Python Bytes
#263 It's time to stop using Python 3.6

Python Bytes

Play Episode Listen Later Dec 15, 2021 50:07


Watch the live stream: Watch on YouTube About the show Sponsored by us: Check out the courses over at Talk Python And Brian's book too! Special guest: Laís Carvalho Michael #1: Django 4.0 released Django is picking up speed: 4.0 Dec 2021 (+1) 3.0 Dec 2020 (+3) 2.0 Dec 2017 (+7) 1.0.1 May 2010 Feature highlights: The new RedisCache backend provides built-in support for caching with Redis. To ease customization of Forms, Formsets, and ErrorList they are now rendered using the template engine. The Python standard library's zoneinfo is now the default timezone implementation in Django. scrypt password hasher: The new scrypt password hasher is more secure and recommended over PBKDF2. However, it's not the default as it requires OpenSSL 1.1+ and more memory. Django 3.2 has reached the end of mainstream support. The final minor bug fix release, 3.2.10, was issued today. Django 3.2 is an LTS release and will receive security and data loss fixes until April 2024. Some backwards incompatible changes you'll want to be aware of when upgrading from Django 3.2 or earlier. They've begun the deprecation process for some features. Django 4.0 supports Python 3.8, 3.9, and 3.10. Brian #2: python-minifier Suggested by Lance Reinsmith My first thought was “we don't need a minifier for Python” The docs give one reason: “AWS Cloudformation templates may have AWS lambda function source code embedded in them, but only if the function is less than 4KiB. I wrote this package so I could write python normally and still embed the module in a template.” Lance has another reason: “I needed it because the RAM on Adafruit boards using the common M0 chip is around 192KB to 256KB total--not all of which is available to your program. To get around this, you can either 1) compile your code to an .mpy file or 2) minify it. The second worked for me and allowed me to alter it without constantly re-compiling.” Fair enough, what does it do? All of these features are options you can turn off, and are documented well: Combine Import statements Remove Pass statements Remove literal statements (docstrings) Remove Annotations Hoist Literals Rename Locals, with preserved Locals list Rename Globals, with preserved Globals list Convert Positional-Only Arguments to Normal Arguments Also looks like it replaces spaces with tabs Begrudgingly, that makes sense in this context. You can try it at python-minifier.com Laís #3: It's time to stop using Python 3.6 Python 3.6 is reaching the end of it's life in 1 week and 1 day (Dec 23rd), i.e. no more releases after it. You should care because the Python dev team will no longer release security updates for 3.6 ⚠️ if you use Linux, you have a bit more time BUT security updates will be released and bug fixes will not. also, Python 3rd party libraries and frameworks will drop support for 3.6 soon enough. See the log4j issue and Java. Brian might like this one: Grype - a vulnerability scanner for container images and filesystems Michael #4: How to Visualize the Formula 1 Championship in Python Race Highlights | 2021 Abu Dhabi Grand Prix Formula 1: Drive to Survive (Season 3) | Official Trailer Wanting to get into Formula 1 data analysis, the Ergast API is a very good starting point. This tutorial will show you how to use data from the Ergast API to visualize the changes in the 2021 championship standings over the rounds. Introduces fastf1: Wrapper library for F1 data and telemetry API with additional data processing capabilities. Brian #5: nbdime: Jupyter Notebook Diff and Merge tools Suggestion from Henrik Finsberg “you recently covered ‘jut' for viewing Jupyter notebooks from the terminal. Check out ‘mbdime'.” (that was episode 258) So I did. And it looks cool. nbdime provides tools for diffing and merging of Jupyter Notebooks. nbdiff compare notebooks in a terminal-friendly way nbmerge three-way merge of notebooks with automatic conflict resolution nbdiff-web shows you a rich rendered diff of notebooks nbmerge-web gives you a web-based three-way merge tool for notebooks nbshow present a single notebook in a terminal-friendly way Laís #6: Using AI to analyse and recommend software stacks for Python apps thanks Fridolin! Project Thoth: an open source cloud-based Python dependency resolver ML (reinforcement learning) that solves dependency issues taking into consideration runtime envs, hardware and other inputs. Using Markov's decision process. “a smarter pip” that instead of using backtracking, precomputes the dependency information and stores it in a database that can be queried for future resolutions. Using pre-specified criteria by the developer. In summary: Thot's resolver uses automated bots that guarantee dependencies are locked down to specific versions, making builds and deployments reproducible; the aggregated knowledge (reinforcement learning from installed logs) helps the bots to lock the dependencies to the best libraries, instead of the latest. They are in beta phase but welcoming feedback and suggestions from the community. Extras Brian: Pragmatic Bookshelf 12 days of Christmas Today, pytest book is part of the deal, nice timing, right? Michael: My talk at FlaskCon is out Firefox releases RLBox We're all getting identity theft monitoring for 1 year for free :-/ Laís: Python Ireland's speaker's coaching session is on Jan 22nd Learning git the visual way - cool for beginners, thorough explanations Good read for Java devs who want to start with Python (by Real Python) Joke: Janga Python (hellish) virtual envs

This Week in Tech (Video HI)
TWiT 853: Make It Cozy - Worst 0-day in a decade, Amazon outage, Assange extradition, Birds Aren't Real

This Week in Tech (Video HI)

Play Episode Listen Later Dec 13, 2021 158:40


Worst 0-day in a decade, Amazon outage, Assange extradition, Birds Aren't Real Six dead, no hope of more survivors after tornadoes destroy Amazon warehouse. Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package. An Amazon server outage caused problems for Alexa, Ring, Disney Plus, and deliveries. Amazon Outage Disrupts Lives, Surprising People About Their Cloud Dependency. Instagram's CEO faces senators accusing his company of harming some young users. Instagram will bring back a chronological feed in 2022. The US wins appeal over the extradition of WikiLeaks founder Inside Tim Cook's Secret $275 Billion Deal with Chinese Authorities. Apple's Empty Threat? Silence Over iPhone Ad Workarounds Sows Confusion. All Those 23andMe Spit Tests Were Part of a Bigger Plan. Mercedes-Benz gets the world's first approval for an automated driving system. A New Tesla Safety Concern: Drivers Can Play Video Games in Moving Cars. Tesla Cybertruck with updated design spotted on test track. 'No easy solution' for Tesla Cybertruck's comically large windshield wiper, Elon Musk says. Kickstarter Will Move Its Crowdfunding Platform to Blockchain. I want to go back!' Michael Strahan can't get enough of space after Blue Origin launch. TCL stops selling Google TV lineup over software & performance issues, updates coming soon. Amazon is shutting down the web ranking site Alexa.com. Grand Theft Auto video game ban proposed by Illinois State Rep. Marcus Evans. Italy fines Amazon €1.13B for abusing market dominance. Jessica Rosenworcel was confirmed by Senate to lead the FCC. New FDA-approved eye drops could replace reading glasses for millions: "It's definitely a life-changer". Birds Aren't Real, or Are They? Inside a Gen Z Conspiracy Theory. Ex-Apple Engineer Cher Scarlett No Longer Withdrawing U.S. Labor Agency Complaint Against Apple. Host: Leo Laporte Guests: Shira Lazar, Alex Kantrowitz, and Carolina Milanesi Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: podium.com/twit ourcrowd.com/twit udacity.com/TWiT UserWay.org/twit

This Week in Tech (MP3)
TWiT 853: Make It Cozy - Worst 0-day in a decade, Amazon outage, Assange extradition, Birds Aren't Real

This Week in Tech (MP3)

Play Episode Listen Later Dec 13, 2021 157:55


Worst 0-day in a decade, Amazon outage, Assange extradition, Birds Aren't Real Six dead, no hope of more survivors after tornadoes destroy Amazon warehouse. Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package. An Amazon server outage caused problems for Alexa, Ring, Disney Plus, and deliveries. Amazon Outage Disrupts Lives, Surprising People About Their Cloud Dependency. Instagram's CEO faces senators accusing his company of harming some young users. Instagram will bring back a chronological feed in 2022. The US wins appeal over the extradition of WikiLeaks founder Inside Tim Cook's Secret $275 Billion Deal with Chinese Authorities. Apple's Empty Threat? Silence Over iPhone Ad Workarounds Sows Confusion. All Those 23andMe Spit Tests Were Part of a Bigger Plan. Mercedes-Benz gets the world's first approval for an automated driving system. A New Tesla Safety Concern: Drivers Can Play Video Games in Moving Cars. Tesla Cybertruck with updated design spotted on test track. 'No easy solution' for Tesla Cybertruck's comically large windshield wiper, Elon Musk says. Kickstarter Will Move Its Crowdfunding Platform to Blockchain. I want to go back!' Michael Strahan can't get enough of space after Blue Origin launch. TCL stops selling Google TV lineup over software & performance issues, updates coming soon. Amazon is shutting down the web ranking site Alexa.com. Grand Theft Auto video game ban proposed by Illinois State Rep. Marcus Evans. Italy fines Amazon €1.13B for abusing market dominance. Jessica Rosenworcel was confirmed by Senate to lead the FCC. New FDA-approved eye drops could replace reading glasses for millions: "It's definitely a life-changer". Birds Aren't Real, or Are They? Inside a Gen Z Conspiracy Theory. Ex-Apple Engineer Cher Scarlett No Longer Withdrawing U.S. Labor Agency Complaint Against Apple. Host: Leo Laporte Guests: Shira Lazar, Alex Kantrowitz, and Carolina Milanesi Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: podium.com/twit ourcrowd.com/twit udacity.com/TWiT UserWay.org/twit

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Remote Code Execution in log4j2 https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/ Log4j Zero Day https://www.lunasec.io/docs/blog/log4j-zero-day/ Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/ Log4Shell Vendor Bulletins https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592