Podcasts about JavaScript

Primeiro episódio do mês é dia de falar sobre carreira! Hoje, conversamos sobre a carreira da pessoa desenvolvedora Full Stack: escolha de carreira ou adaptação às demandas do mercado? Da importância das soft skills ao aprendizado contínuo, descubra as diferentes perspectivas e os "dependes" que cercam essa carreira. Vem ver quem participou desse papo: André David, o host que quer entender o cinza Vinny Neves, Líder de Front-End na Alura Patrícia Silva, Senior Fullstack Engineer Guilherme Lima, Tech Educator e Professor na Alura e na USP

Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

Document editors take center stage as Mikah and Rosemary show viewers the best apps for editing PDFs and plain text files on iOS devices. The hosts emphasize practical solutions for common document editing needs while showcasing both free built-in tools and premium third-party options for power users. Built-in PDF tool in Notes - Demonstrates how to attach PDFs to Notes documents, use Quick Look for basic annotation, highlighting, and form filling, plus collaborative editing features PDF Expert - Rosemary showcases advanced PDF editing capabilities including text editing, image replacement, adding clickable links to table of contents, redaction tools, and custom stamps Documents - Mikah highlights the comprehensive file management app with PDF tools, conversion options, page management, form filling, and multi-cloud storage integration Textastic - Rosemary gets technical with this specialized plain text editor supporting syntax highlighting for HTML, CSS, JavaScript, Python, and other programming languages, plus SSH terminal access and live preview features News WWDC 2025 announcement - Apple's Worldwide Developers Conference runs June 9-13, with keynote streaming available and exclusive Club TWiT live coverage planned for members Shortcuts Corner Follow-up from episode 751 - Dave from Ohio shares success creating an Apple TV remote shortcut button for his iPhone home screen using Rosemary's previous tutorial App Caps Wipr 2 - Simple, effective Safari content blocker that blocks ads and trackers without overwhelming features, created by solo developer Kaylee Calderolla Tatami - Addictive number puzzle game where players connect numbered blocks in lines and rectangles, free to play with $4.99 unlock option, also by developer Kaylee Calderolla Hosts: Mikah Sargent and Rosemary Orchard Contact iOS Today at iOSToday@twit.tv. Download or subscribe to iOS Today at https://twit.tv/shows/ios-today Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

Perche' Navigare senza Javascript - La versione di StallmanStallman ha una crociata personale contro Javascript.Non l'ho seguita da tempo, ma le soluzioni che ho adottato al problema che conosco e condivido perfettamente (ne ho parlato in passato piu' volte) tendono a risolvere la questione.Ma non sempre e' possibile.Vediamo come funziona e perche' non js non rispetta le nostre libertà.

Le novità dal Google I/O. Jony Ive si unisce a OpenAI. I modelli LLM che ricattano gli sviluppatori di Anthropic. Magnotta Redux. Darth Vader impreca su Fortnite. Queste e molte altre le notizie tech commentate nella puntata di questa settimana.Dallo studio distribuito di digitalia:Franco Solerio, Michele Di Maio, Francesco FacconiProduttori esecutivi:@Akagrinta, Antonio Manna, Davide Tinti, Arzigogolo, Giuseppe Marino, Mauro Boffa, Luca Di Stefano, Alberto Cuffaro, Alessandro Blasi, @Jh4Ckal, Andrea Bottaro, Andrea Delise, Roberto Basile, Paola Bellini, @Stefano, Idle Fellow, Valerio Bendotti, Douglas Whiting, Massimo Pollastri, Fiorenzo Pilla, Marco Chizzini, Giulio Magnifico, Manuel Zavatta, @Geckonode, Fabio Zappa, Pierpaolo Taffarello, Enrico De Anna, Mattia Lanzoni, Antonio Gargiulo, Davide Bellia, Alessandro Lago, Michele Bordoni, Fabio Filisetti, Cristian De Solda, Filippo Brancaleoni, Marcello Marigliano, Ligea Technology Di D'esposito Antonio, Paola Danieli, Christian Schwarz, Paolo Bernardini, Nicola Gabriele Del Popolo, Giuliano Arcinotti, Fabrizio Mele, Simone MagnaschiSponsor:Links:The 15 biggest announcements at Google I/O 2025At Google I/O, everything is changing and normal and scary and chillGoogle wants $250 (!) per month for its new AI Ultra planKering Eyewear e Google progettano gli smart glasses AIWe tried on Googles prototype AI smart glassesGoogle is baking Gemini AI into ChromeOpenAI Acquires Jony Ive's ioOpenAI's next big bet won't be a wearable: reportOpenAIs Ambitions Just Became Crystal ClearDetails leak about Jony Ives new screen-free OpenAI deviceWhat Sam Altman Told About the Secret Device He's Making With Jony IveAnnouncing Gemma 3n preview: powerful efficient mobile-first AIWhat to expect at WWDC 2025Techs Trump Whisperer Tim Cook Goes Quiet as His Influence FadesMobile (Alabama) - WikipediaAnthropics new AI model turns to blackmailIl modello Anthropic Claude Opus 4 ha ricattato gli sviluppatoriThe empire strikes back with F-bombs: AI Darth Vader goes roguePersonal context is Googles big advantage in AITech CEOs are using AI to replace themselvesDuolingo CEO says AI is a better teacher than humansI trapped an AI model inside an art installationAmazon's AI-generated ‘shopping experts' summarize product detailsAI-Generated Summer Reading List With Books That Don't ExistSlop the PressesWant to Buy Her House in Ireland? You'll Need $7 and Some Luck.I helped a lost dogs AirTag ping its owner13.000 euro per il display di una Kia SportageGingilli del giorno:textfiles.com - file di testo scambiati su internet tra il 1980 e il 1995La costruzione del flipper di DuneA Brief History of JavaScript - This year, JavaScript turns 30.Supporta Digitalia, diventa produttore esecutivo.

Resilient Secure Backup Connectivity for SMB/Home Users Establishing resilient access to a home network via a second ISP may lead to unintended backdoors. Secure the access and make sure you have the visibility needed to detect abuse. https://isc.sans.edu/diary/Resilient%20Secure%20Backup%20Connectivity%20for%20SMB%20Home%20Users/31972 BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory An attacker with the ability to create service accounts may be able to manipulate these accounts to mark them as migrated accounts, inheriting all privileges the original account had access to. https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory Flaw in samlify That Opens Door to SAML Single Sign-On Bypass CVE-2025-47949 The samlify Node.js library does not verify SAML assertions correctly. It will consider the entire assertion valid, not just the original one. An attacker may use this to obtain additional privileges or authenticate as a different user https://www.endorlabs.com/learn/cve-2025-47949-reveals-flaw-in-samlify-that-opens-door-to-saml-single-sign-on-bypass

Cedric van Putten from Expo joins Jamon, Robin, and Mazen to talk about Expo Atlas—a tool for visualizing Metro bundles, spotting bloat, and understanding what your app is really shipping. Plus, the story behind how Atlas was built and where it's headed next.Show NotesIntroducing Expo AtlasConnect With Us!Guest: @cedric_devJamon Holmgren: @jamonholmgrenRobin Heinze: @robinheinzeMazen Chami: @mazenchamiReact Native Radio: @ReactNativeRdioThis episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.

Researchers Scanning the Internet A newish RFC, RFC 9511, suggests researchers identify themselves by adding strings to the traffic they send, or by operating web servers on machines from which the scan originates. We do offer lists of researchers and just added three new groups today https://isc.sans.edu/diary/Researchers%20Scanning%20the%20Internet/31964 Cloudy with a change of Hijacking: Forgotten DNS Records Organizations do not always remove unused CNAME records. An attacker may take advantage of this if an attacker is able to take possession of the now unused public cloud resource the name pointed to. https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/ Message signature verification can be spoofed CVE-2025-47934 A vulnerability in openpgp.js may be used to spoof message signatures. openpgp.js is a popular library in systems implementing end-to-end encrypted browser applications. https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8

Large language models are helping developers move faster than ever. But behind the convenience of AI-generated code lies a security vulnerability: package hallucinations. In this episode, Ashok sits down with U.S. Army cybersecurity officer and PhD researcher Joe Spracklen to unpack new research on how hallucinated package names—fake libraries that don't yet exist—can be weaponized by attackers and quietly introduced into your software supply chain. Joe's recent academic study reveals how large language models like ChatGPT and Code Llama are frequently recommending software packages that don't actually exist—yet. These fake suggestions create the perfect opportunity for attackers to register malicious packages with those names, compromising developer machines and potentially entire corporate networks. Whether your team is deep into AI pair programming or just starting to experiment, this conversation surfaces key questions every tech leader should be asking before pushing AI-generated code to production. Unlock the full potential of your product team with Integral's player coaches, experts in lean, human-centered design. Visit integral.io/convergence for a free Product Success Lab workshop to gain clarity and confidence in tackling any product design or engineering challenge. Inside the episode... What "package hallucinations" are and why they matter How AI code assistants can introduce real vulnerabilities into your network Which models were most likely to hallucinate packages Why hallucinated package names are often persistent—not random How attackers could weaponize hallucinated names to spread malware What mitigation strategies were tested—and which ones failed Why simple retrieval-based techniques (like RAG) don't solve the problem Steps security-conscious teams can take today to protect their environments The importance of developer awareness as more non-traditional engineers enter the field Mentioned in this episode Python Package Index (PyPI) npm JavaScript package registry Snyk, Socket.dev, Phylum (dependency monitoring tools) Artifactory, Nexus, Verdaccio (private package registries) ChatGPT, Code Llama, DeepSeek (AI models tested) Subscribe to the Convergence podcast wherever you get podcasts including video episodes on YouTube at youtube.com/@convergencefmpodcast Learn something? Give us a 5 star review and like the podcast on YouTube. It's how we grow. Unlock the full potential of your product team with Integral's player coaches, experts in lean, human-centered design. Visit integral.io/convergence for a free Product Success Lab workshop to gain clarity and confidence in tackling any product design or engineering challenge. Subscribe to the Convergence podcast wherever you get podcasts including video episodes to get updated on the other crucial conversations that we'll post on YouTube at youtube.com/@convergencefmpodcast Learn something? Give us a 5 star review and like the podcast on YouTube. It's how we grow.   Follow the Pod Linkedin: https://www.linkedin.com/company/convergence-podcast/ X: https://twitter.com/podconvergence Instagram: @podconvergence

In this episode of Maintainable, Robby speaks with Joe Masilotti, an independent consultant who helps Rails teams ship mobile apps using Hotwire Native.Joe shares his perspective on what makes software maintainable—especially for consultants who need to onboard quickly. He explains why setup scripts often add unnecessary complexity, and how he evaluates a project's maintainability by how quickly he can go from clone to coding.Robby and Joe also discuss how hybrid mobile development can offer faster delivery, fewer bugs, and better long-term flexibility—especially when teams reuse their existing Rails web views. Joe explains how Hotwire Native allows teams to incrementally introduce native features without rewriting their entire app.Whether you're maintaining a mobile shell built two years ago or just starting to explore native development, Joe offers actionable advice on setting expectations, scoping client work, and navigating modern mobile tech stacks.⏱️ Episode Highlights[00:01:17] Onboarding as a Measure of MaintainabilityJoe shares how quickly he can spin up a Rails app often reflects how maintainable it is.[00:05:12] Being a Good Guest in Someone Else's CodebaseJoe outlines his ideal onboarding checklist and how he adapts to unfamiliar environments.[00:08:00] Setting Communication and Collaboration ExpectationsThe three questions Joe asks every client to understand how their team works.[00:13:02] Offering Opinions—Only Where InvitedWhy Joe stays scoped to the work he's hired for, even when tempted to fix more.[00:14:15] When Technical Debt Enters the ConversationJoe explains how debt discussions usually emerge after version one is shipped.[00:15:33] Who Should Read Hotwire Native for Rails DevelopersJoe describes the type of developer his book is written for and what it covers.[00:18:01] Choosing Native vs. Hybrid for Your Rails AppA framework comparison based on your current frontend architecture.[00:20:00] Introducing the Hotwire Native MindsetWhy logic belongs on the server and the client should stay thin.[00:21:00] Bridge Components: How Rails, iOS, and Android ConnectJoe walks through how native and web technologies pass data between layers.[00:24:00] Why Even a Web View-Based App is Worth ShippingThe practical benefits of discoverability, push notifications, and native APIs.[00:28:01] Replacing Unmaintainable Apps with Hotwire NativeJoe describes how hybrid rewrites often reduce mobile code by 90%.[00:31:33] Letting Go of Feature ParityWhy most clients end up cutting features they originally wanted to preserve.[00:32:18] Scoping and Estimating Project-Based WorkHow Joe uses repeatable patterns to price fixed-fee consulting engagements.[00:35:15] Using AI to Translate Between Tech StacksJoe shares how he leverages LLMs to explore unfamiliar languages like Kotlin.[00:42:26] Long-Term Maintainability and When to Touch the CodeWhy some apps don't need changes for years—and that's okay.[00:43:43] Why Hybrid Apps Are Easier to ReplaceJoe explains why hybrid apps are often more disposable and less risky than monolithic web apps.

Swimming against the current sometimes leads to unexpected treasures. In this fascinating conversation, Adam Fortuna reveals how migrating Hardcover—a social network for readers with 30,000 users—from Next.js back to Ruby on Rails delivered surprising performance improvements and development simplicity.The journey begins with Adam explaining how Hardcover originated as a response to Goodreads shutting down their API. As a longtime Rails developer who initially chose Next.js for its server-side rendering capabilities, Adam found himself drawn back to Rails once modern tools made it viable to combine Rails' backend strengths with React's frontend interactivity. The migration wasn't a complete rewrite—they preserved their React components while replacing GraphQL with ActiveRecord—and unexpectedly saw significant improvements in page load speeds and SEO rankings.At the heart of this technical evolution is Inertia.js, which Adam describes as "the missing piece for Rails for a long time." This elegant solution allows direct connections between Rails controllers and React components without duplicating routes, creating a seamless developer experience. We dive into the challenges they faced, particularly with generating Open Graph images and handling API abuse, and how they solved these problems with pragmatic hybrid approaches.The conversation takes an exciting turn as Adam discusses their work on book recommendation engines, combining collaborative filtering with content analysis to help readers discover their next favorite book. As someone currently enjoying the Dungeon Crawler Carl series (described as "RPG mixed with Hitchhiker's Guide"), Adam's passion for both books and elegant technical solutions shines throughout.Listen in as we explore how going against conventional wisdom sometimes leads to better outcomes, and discover why Hardcover is now being open-sourced to invite community collaboration. Whether you're interested in Rails, JavaScript frameworks, or book recommendations, this episode offers valuable insights into making technical decisions based on real-world results rather than following trends.Linkshttps://hardcover.app/blog/part-1-how-we-fell-out-of-love-with-next-js-and-back-in-love-with-ruby-on-rails-inertia-jshttps://adamfortuna.com/https://bsky.app/profile/adamfortuna.comSend us some love.HoneybadgerHoneybadger is an application health monitoring tool built by developers for developers.JudoscaleAutoscaling that actually works. Take control of your cloud hosting.Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Support the show

The UK's Ministry of Justice suffers a major breach. Mozilla patches two critical JavaScript engine flaws in Firefox. Over 200,000 patients of a Georgia-based health clinic see their sensitive data exposed. Researchers track increased malicious targeting of iOS devices. A popular printer brand serves up malware. PupkinStealer targets Windows systems. An Alabama man gets 14 months in prison for a sim-swap attack on the SEC. Our guest is Ian Tien, CEO at Mattermost, sharing insights on enhancing cybersecurity through effective collaboration. Ethical Hackers win the day at Pwn2Own Berlin.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Ian Tien, CEO at Mattermost at RSAC 2025, who is sharing insights on enhancing cybersecurity through effective collaboration. Check out Ian's blog on “What's Next for Cybersecurity Teams? AI, Automation & Real-Time Workflows.” Listen to Ian's interview here. Selected Reading Hackers steal 'significant amount of personal data' from Ministry of Justice in brazen cyber-attack (Daily Mail Online) M&S and Co-Op: BBC reporter on talking to the hackers (BBC) 210K American clinics‘ patients had their financial data leaked (Cybernews) 480,000 Catholic Health Patients Impacted by Serviceaide Data Leak (SecurityWeek) Over 40,000 iOS Apps Found Exploiting Private Entitlements, Zimperium (Hackread) This printer company served you malware for months and dismissed it as false positives (Neowin) Hack of SEC social media account earns 14-month prison sentence for Alabama man (The Record) Hackers Earn Over $1 Million at Pwn2Own Berlin 2025 (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Show DescriptionFresh off his Megaman Streamathon, Mat Marquis joins us to talk about becoming a professional Twitch streamer, creating a JavaScript course, his thoughts on the design and content of said course, a brief moment on Linux in 2025, and attempts to make the web weird and fun again. Listen on Website →GuestsMat MarquisGuest's Main URL • Guest's SocialMy goal is to ensure that your content can reach any user, in any browsing context—regardless of the size of their screen, the speed of their internet connection, the age of their device, or the combination of browsers and assistive technologies they use to experience the web. Links I'm Mat. I make websites. Wilto (Mat Marquis) · GitHub Mat “Wilto” Marquis (@Wilto@front-end.social) - Front-End Social Mat “Wilto” Marquis (@wil.to) — Bluesky WiltoStreams - Live Streaming JavaScript for Web Designers Learn JavaScript CodeMirror Text Editor JavaScript Playground JavaScript for Everyone Premium Courses Paul Irish Profile Robin Sloan Framework Laptop 16 DIY Johnny Mnemonic Johnny Mnemonic Trailer #1 Sponsors

This week at the Desk of Ladyada, we're getting back into the swing of releasing one or two new products a week after dealing with some tariff-related chaos. Last week we launched the Sparkle Motion Stick and the SEN6x Adapter. Next week, look out for the OPT4048. For the OPT4048, we wanted to easily plot the CIE x & y to a color graph—which used to mean writing a lot of JavaScript (something I haven't done in 15 years). Thankfully, Claude helped generate code, and now it's up and running! Check it out. This week, we also designed breakouts for: ACS37800 30A Monitor, VEML6046, and a Stemma QT adapter for Raspberry Pi bq25798 Solar MPPT Charger. And for this week's The Great Search – 30 Amp Barrier Terminal Blocks

Codemagic CEO Martin Remmelgas joins Robin and Mazen to talk mobile CI/CD in 2025: Why build tooling still has rough edges, how Codemagic handles versioning and code signing, and where the developer experience still needs work.Show NotesReact Native CI/CD with CodemagicCodemagicConnect With Us!Martin Remmelgas: @martinjeretRobin Heinze: @robinheinzeMazen Chami: @mazenchamiReact Native Radio: @ReactNativeRdioThis episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.

Andrew and Chris dive into issues with SMTP configuration on new Digital Ocean droplets, their experiences with various email delivery gems like Postmark and Mailtrap and go over some best practices for handling account creation and user associations in Rails applications. The conversation also touches on deployment automation, developing new features like the inbox on Podia, and the importance of having visual tools and browser extensions for effective debugging. They share some lighter moments discussing fun side projects, including Andrew's insult generator app and their humorous take on turning everyday developer annoyances into creative gem ideas. The episode wraps up with some Stripe announcements and TV show recommendations.LinksJudoscale- Remote Ruby listener giftMailtrapHotwire Dev ToolsActualDbSchemaRailsCasts- Episode 288: Billing with StripeActiveSupport: Allow quick cast Boolean to integer #18552Our top product updates from Sessions 2025 (Stripe Blog)Developer Insult Generator by AndrewShoresyStar Wars: AndorStar Wars: Skeleton Crew Chris Oliver X/Twitter Andrew Mason X/Twitter Jason Charnes X/Twitter

In this week's episode, it's just me — Charles Max Wood — and I'm joined by the incredibly sharp and open-source-loving Aral Roca, direct from Barcelona! Aral's the creator of Brisa, a new full-stack web framework that flips the script on how we build modern web apps. If you thought the "another day, another framework" meme was played out... well, Brisa might just change your mind.Key Takeaways:-Brisa's Big Idea: It's designed to let you build web apps with minimal or zero JavaScript on the client side. Think HTML streaming, server actions, and components that render server-side first, but can gradually hydrate on the client.-Server-first FTW: Aral walks us through how Brisa handles server actions — even capturing click and scroll events on the server — using ideas inspired by HTMX, LiveView, and server components from frameworks like Next.js.-Tiny and Mighty: The whole framework is incredibly lightweight. Web components come in at just ~3 KB, and the built-in i18n system is under 1 KB!-From Idea to Reality: Aral started Brisa to scratch his own itch — building side projects and blogs without bloated front-end code. But now, others are using it too (yes, even in production!), including one travel agency that's gone all-in.-Multi-platform Future: Brisa has adapters in the works for Vercel, Node, and Deno — plus integration with Tauri for building native Android, iOS, and desktop apps from the same codebase.-What's Coming: Roadmap goals include improved hot reloads, more adapters, transitions, lazy-loaded components, and a better playground for developers to tinker with.Oh, and yes — Aral does parkour. For real.This episode is packed with deep technical insight and exciting potential for a new way to build web apps — especially for devs who love fast performance, server-rendering, and clean architecture.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

How does one manage to simplify the complexities of the NAT Gateway? In this episode of "Screaming in the Cloud," Corey Quinn interviews Malith Rajapakse, a DevOps engineer who has recently received acclaim for his blog post discussing the Managed NAT Gateway. Where AWS lacks in its documentation, Malith is a NATural at breaking things down. He's so great at it that Corey had to invite him on the show! Malith shares the story behind his popular post, his creative process, and his use of interactive diagrams and engaging content. He and Corey also discuss the challenges of documentation and making technical subjects more appealing. Thankfully, Malith has already done that in written form, so enjoy this episode as he speaks it into the world!Show Highlights(0:00) Intro(1:24) The Duckbill Group sponsor read(1:58) Malith's background before his blog post (4:21) Why Malith wrote about the Managed NAT Gateway(5:38) Corey's problems with Managed NAT Gateway and why Malith's blog post impressed him(10:05) The interactive elements of Malith's blog post and how they were made(12:21) Maltih's front-end experience(14:47) Transitioning from front-end to DevOps through JavaScript(16:20) The juxtaposition of Malith's blog post vs. AWS's official documentation(18:05) How AWS's documentation of the managed NAT gateway isn't user-friendly(22:27) Why Malith went all out for his first blog post(23:17) Corey's constructive feedback for Malith(26:05) Where you can find more from MalithAbout Malith RajapakseMalith is a Devops engineer creating visualisations at https://malithr.com/.LinksMalith's blog: https://malithr.com/Interactive AWS NAT Gateway: https://malithr.com/aws/natgateway/LinkedIn: https://www.linkedin.com/in/malith-rajapakse/Bluesky: https://bsky.app/profile/malithr.comTwitter: https://x.com/malithrajReddit: https://www.reddit.com/user/mdilraj/Sam Rose's blog: https://samwho.dev/Benjamin Dicken's blog post on IO devices and latency: https://planetscale.com/blog/io-devices-and-latencyJosh W Comeau's blog: https://www.joshwcomeau.com/Killed By Google: https://killedbygoogle.com/SponsorThe Duckbill Group: duckbillgroup.com 

Wes talks with Peter Pistorius about RedwoodSDK, a new React framework built natively for Cloudflare. They dive into real-time React, server components, zero-cost infrastructure, and why RedwoodSDK empowers developers to ship faster with fewer tradeoffs and more control. Show Notes 00:00 Welcome to Syntax! 00:52 What is RedwoodSDK? 04:49 Choosing openness over abstraction 08:46 More setup, more control 12:20 Why RedwoodSDK only runs on Cloudflare 14:25 What the database setup looks like 16:15 Durable Objects explained – Ep 879: Fullstack Cloudflare 18:14 Middleware and request flow 23:14 No built-in client-side router? 24:07 Integrating routers with defineApp 26:04 React Server Components and real-time updates 29:53 What happened to RedwoodJS? 31:14 Why do opinionated frameworks struggle to catch on? 34:35 The problem with Lambdas 36:16 Cloudflare's JavaScript runtime compatibility 40:04 Brought to you by Sentry.io 41:44 The vision behind RedwoodSDK Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

We're wrapping up the design for the OPT4048 breakout: mostly putting the finishing touches on the Arduino library (https://github.com/adafruit/Adafruit_OPT4048). Since the whole point of this sensor is that it gives you CIE X & Y coordinates, we thought it would be cool to plot that onto a CIE diagram (https://en.wikipedia.org/wiki/CIE_1931_color_space). Historically, we'd have to use Processing (https://processing.org/), but now you can use WebSerial to get data directly from a microcontroller! Only catch — it's been like 15 years since I wrote JavaScript, so we asked Claude Code (https://docs.anthropic.com/en/docs/claude-code/overview) to help out. With a little direction, it delivered a perfect demo (https://github.com/adafruit/Adafruit_OPT4048/commits/gh-pages) in about 30 minutes. It was so fun, we're thinking of doing WebSerial demos for more products! You can try it out by uploading the code here (https://github.com/adafruit/Adafruit_OPT4048/blob/main/examples/opt4048_webserial/opt4048_webserial.ino) and then visiting this page: https://adafruit.github.io/Adafruit_OPT4048/webserial/ #Arduino #WebSerial #ColorSensor Visit the Adafruit shop online - http://www.adafruit.com ----------------------------------------- LIVE CHAT IS HERE! http://adafru.it/discord Subscribe to Adafruit on YouTube: http://adafru.it/subscribe New tutorials on the Adafruit Learning System: http://learn.adafruit.com/ -----------------------------------------

In this hosts-only episode, Amy and Brad get real about the developer experience - from the stress of job interviews to the complexities of choosing the right framework. They discuss why companies are comparing candidates more than ever, share strategies for answering behavioral interview questions, and debate the merits of Remix versus Next.js (spoiler: Brad's all-in on Remix). The conversation shifts to feature flags and progressive rollouts, with insights from Brad's work at Stripe. SponsorWorkOS helps you launch enterprise features like SSO and user management with ease. Thanks to the AuthKit SDK for JavaScript, your team can integrate in minutes and focus on what truly matters—building your app. Chapter Marks00:00 - Intro00:41 - Sponsor: WorkOS01:47 - Brad's Keyboard and Mouse Shopping Spree04:30 - Keyboard Layout Discussion07:23 - Apple Ecosystem: Reminders and Notes09:23 - Family Sharing and Raycast Integration09:43 - Notion vs Apple Notes for Project Management11:31 - File Storage and Backup Strategies14:00 - Machine Backup Philosophy16:46 - Job Interview Preparation Tips19:40 - Answering the "Weakness" Question21:53 - Addressing Weaknesses: Delegation Examples24:29 - Conflict Resolution Interview Questions25:46 - Company Research Before Interviews27:00 - Tech Stack Considerations: Remix vs Next.js28:30 - Framework Migration Decisions29:30 - Astro for Content Sites31:02 - Backend Languages: Go vs TypeScript32:30 - React Server Components Future34:23 - Feature Flags and Boolean as a Service35:30 - Feature Flag Segmentation and A/B Testing36:54 - PostHog and Analytics Tools38:30 - Progressive Rollouts and Error Monitoring40:20 - Amy's Picks and Plugs43:35 - Brad's Picks and Plugs  

#ubuntu de la mano de #gnome está consolidando un entorno de escritorio minimalista a la vez que potente y completamente personalizable con extensionesLlevo unas semanas tan metido en la terminal que ni me había dado cuenta de la llegada de la nueva versión de Ubuntu. Una nueva versión que realmente me ha sorprendido básicamente por todas las novedades que nos ha regalado GNOME, y realmente, me hacen pensar que el camino emprendido por este escritorio es el mas adecuado, sobre todo con la transición a JavaScript, TypeScript y recientemente a Rust. Pero no es de esto de lo que te quería hablar si no de las novedades que incorpora y que realmente me han llamado la atención, sobre todo por notar que me encuentro ante un escritorio solido y funcional. Simple pero potente. Así que vamos a por esas novedades.Más información y enlaces en las notas del episodio

SelfHTML gehört zu den ganz Großen der deutschsprachigen Weblandschaft – und das seit 1995. Wer sich in den Nullerjahren HTML, CSS oder JavaScript beigebracht hat, ist an dieser Seite kaum vorbeigekom…

Scott and Wes break down the latest in JavaScript news, including new async patterns in Svelte, React Server Component tooling with Parcel, and Redwood's push into Cloudflare with its new SDK. They also cover what's new in Storybook 9 Beta, from visual testing to a sleeker, lighter build. Show Notes 00:00 Welcome to Syntax! 02:50 Brought to you by Sentry.io. 03:37 Syntax Meetup! 04:09 React View Transitions. 08:58 addTransitionType. 11:18 Activity API. Offscreen Renamed to Activity. 14:22 Maintaining state in search queries. 16:29 Asynchronous Svelte. Playground. 19:04 Svelte Boundary. 25:13 Parcel RSC. 27:15 Redwood SDK. 30:55 Storybook 9 Beta. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

According to The Hacker News, an ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. In this episode, host Amanda Glassner is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss. To learn more about today's stories, visit https://cybercrimewire.com • For more on cybersecurity, visit us at https://cybersecurityventures.com.

In this episode, we talk with James Garbutt about e18e, a community-driven initiative focused on improving the performance of JavaScript packages across the ecosystem.We discuss: • The goals and vision behind e18e • What's slowing down the JS ecosystem • Why performance work is often invisible—and how to fix that • The importance of community coordination in open source • How developers can get involved in improving the packages they rely onIf you care about build times, bundle sizes, and the health of the JavaScript ecosystem, this episode is for you.This episode is sponsored by WorkOS (https://workos.com) and Mailtrap (https://l.rw.rw/devtools_4)

Aprende Grafana y domina el monitoreo de datos en tiempo real

This week, we are joined by Lucija Valentić, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly patches locally installed wallet software to redirect crypto transfers to attacker-controlled addresses. ReversingLabs researchers discovered that this package used obfuscated JavaScript to trojanize specific files in targeted wallet versions, enabling persistence even after the malicious package was removed. This incident highlights the growing threat of software supply chain attacks in the cryptocurrency space and underscores the need for vigilant monitoring of both open-source repositories and local applications. The research can be found here: ⁠⁠Atomic and Exodus crypto wallets targeted in malicious npm campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Lucija Valentić, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly patches locally installed wallet software to redirect crypto transfers to attacker-controlled addresses. ReversingLabs researchers discovered that this package used obfuscated JavaScript to trojanize specific files in targeted wallet versions, enabling persistence even after the malicious package was removed. This incident highlights the growing threat of software supply chain attacks in the cryptocurrency space and underscores the need for vigilant monitoring of both open-source repositories and local applications. The research can be found here: ⁠⁠Atomic and Exodus crypto wallets targeted in malicious npm campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

New Architecture. New Era. Riccardo Cipolleschi from Meta joins Jamon, Robin, and Mazen to break down what's changed in React Native—from Fabric to TurboModules—and why this shift matters for developers, libraries, and the future of the framework. Show NotesReact Native DirectoryConnect With Us!Riccardo Cipolleschi: @CipolleschiRJamon Holmgren: @jamonholmgrenRobin Heinze: @robinheinzeMazen Chami: @mazenchamiReact Native Radio: @ReactNativeRdioThis episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.

Gros épisode qui couvre un large spectre de sujets : Java, Scala, Micronaut, NodeJS, l'IA et la compétence des développeurs, le sampling dans les LLMs, les DTO, le vibe coding, les changements chez Broadcom et Red Hat ainsi que plusieurs nouvelles sur les licences open source. Enregistré le 7 mai 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-325.mp3 ou en vidéo sur YouTube. News Langages A l'occasion de JavaOne et du lancement de Java 24, Oracle lance un nouveau site avec des ressources vidéo pour apprendre le langage https://learn.java/ site plutôt à destination des débutants et des enseignants couvre la syntaxe aussi, y compris les ajouts plus récents comme les records ou le pattern matching c'est pas le site le plus trendy du monde. Martin Odersky partage un long article sur l'état de l'écosystème Scala et les évolutions du language https://www.scala-lang.org/blog/2025/03/24/evolving-scala.html Stabilité et besoin d'évolution : Scala maintient sa position (~14ème mondial) avec des bases techniques solides, mais doit évoluer face à la concurrence pour rester pertinent. Axes prioritaires : L'évolution se concentre sur l'amélioration du duo sécurité/convivialité, le polissage du langage (suppression des “rugosités”) et la simplification pour les débutants. Innovation continue : Geler les fonctionnalités est exclu ; l'innovation est clé pour la valeur de Scala. Le langage doit rester généraliste et ne pas se lier à un framework spécifique. Défis et progrès : L'outillage (IDE, outils de build comme sbt, scala-cli, Mill) et la facilité d'apprentissage de l'écosystème sont des points d'attention, avec des améliorations en cours (partenariat pédagogique, plateformes simples). Des strings encore plus rapides ! https://inside.java/2025/05/01/strings-just-got-faster/ Dans JDK 25, la performance de la fonction String::hashCode a été améliorée pour être principalement constant foldable. Cela signifie que si les chaînes de caractères sont utilisées comme clés dans une Map statique et immuable, des gains de performance significatifs sont probables. L'amélioration repose sur l'annotation interne @Stable appliquée au champ privé String.hash. Cette annotation permet à la machine virtuelle de lire la valeur du hash une seule fois et de la considérer comme constante si elle n'est pas la valeur par défaut (zéro). Par conséquent, l'opération String::hashCode peut être remplacée par la valeur de hash connue, optimisant ainsi les lookups dans les Map immuables. Un cas limite est celui où le code de hachage de la chaîne est zéro, auquel cas l'optimisation ne fonctionne pas (par exemple, pour la chaîne vide “”). Bien que l'annotation @Stable soit interne au JDK, un nouveau JEP (JEP 502: Stable Values (Preview)) est en cours de développement pour permettre aux utilisateurs de bénéficier indirectement de fonctionnalités similaires. AtomicHash, une implémentation Java d'une HashMap qui est thread-safe, atomique et non-bloquante https://github.com/arxila/atomichash implémenté sous forme de version immutable de Concurrent Hash Trie Librairies Sortie de Micronaut 4.8.0 https://micronaut.io/2025/04/01/micronaut-framework-4-8-0-released/ Mise à jour de la BOM (Bill of Materials) : La version 4.8.0 met à jour la BOM de la plateforme Micronaut. Améliorations de Micronaut Core : Intégration de Micronaut SourceGen pour la génération interne de métadonnées et d'expressions bytecode. Nombreuses améliorations dans Micronaut SourceGen. Ajout du traçage de l'injection de dépendances pour faciliter le débogage au démarrage et à la création des beans. Nouveau membre definitionType dans l'annotation @Client pour faciliter le partage d'interfaces entre client et serveur. Support de la fusion dans les Bean Mappers via l'annotation @Mapping. Nouvelle liveness probe détectant les threads bloqués (deadlocked) via ThreadMXBean. Intégration Kubernetes améliorée : Mise à jour du client Java Kubernetes vers la version 22.0.1. Ajout du module Micronaut Kubernetes Client OpenAPI, offrant une alternative au client officiel avec moins de dépendances, une configuration unifiée, le support des filtres et la compatibilité Native Image. Introduction d'un nouveau runtime serveur basé sur le serveur HTTP intégré de Java, permettant de créer des applications sans dépendances serveur externes. Ajout dans Micronaut Micrometer d'un module pour instrumenter les sources de données (traces et métriques). Ajout de la condition condition dans l'annotation @MetricOptions pour contrôler l'activation des métriques via une expression. Support des Consul watches dans Micronaut Discovery Client pour détecter les changements de configuration distribuée. Possibilité de générer du code source à partir d'un schéma JSON via les plugins de build (Gradle et Maven). Web Node v24.0.0 passe en version Current: https://nodejs.org/en/blog/release/v24.0.0 Mise à jour du moteur V8 vers la version 13.6 : intégration de nouvelles fonctionnalités JavaScript telles que Float16Array, la gestion explicite des ressources (using), RegExp.escape, WebAssembly Memory64 et Error.isError. npm 11 inclus : améliorations en termes de performance, de sécurité et de compatibilité avec les packages JavaScript modernes. Changement de compilateur pour Windows : abandon de MSVC au profit de ClangCL pour la compilation de Node.js sur Windows. AsyncLocalStorage utilise désormais AsyncContextFrame par défaut : offrant une gestion plus efficace du contexte asynchrone. URLPattern disponible globalement : plus besoin d'importer explicitement cette API pour effectuer des correspondances d'URL. Améliorations du modèle de permissions : le flag expérimental --experimental-permission devient --permission, signalant une stabilité accrue de cette fonctionnalité. Améliorations du test runner : les sous-tests sont désormais attendus automatiquement, simplifiant l'écriture des tests et réduisant les erreurs liées aux promesses non gérées. Intégration d'Undici 7 : amélioration des capacités du client HTTP avec de meilleures performances et un support étendu des fonctionnalités HTTP modernes. Dépréciations et suppressions : Dépréciation de url.parse() au profit de l'API WHATWG URL. Suppression de tls.createSecurePair. Dépréciation de SlowBuffer. Dépréciation de l'instanciation de REPL sans new. Dépréciation de l'utilisation des classes Zlib sans new. Dépréciation du passage de args à spawn et execFile dans child_process. Node.js 24 est actuellement la version “Current” et deviendra une version LTS en octobre 2025. Il est recommandé de tester cette version pour évaluer son impact sur vos applications. Data et Intelligence Artificielle Apprendre à coder reste crucial et l'IA est là pour venir en aide : https://kyrylo.org/software/2025/03/27/learn-to-code-ignore-ai-then-use-ai-to-code-even-better.html Apprendre à coder reste essentiel malgré l'IA. L'IA peut assister la programmation. Une solide base est cruciale pour comprendre et contrôler le code. Cela permet d'éviter la dépendance à l'IA. Cela réduit le risque de remplacement par des outils d'IA accessibles à tous. L'IA est un outil, pas un substitut à la maîtrise des fondamentaux. Super article de Anthropic qui essaie de comprendre comment fonctionne la “pensée” des LLMs https://www.anthropic.com/research/tracing-thoughts-language-model Effet boîte noire : Stratégies internes des IA (Claude) opaques aux développeurs et utilisateurs. Objectif : Comprendre le “raisonnement” interne pour vérifier capacités et intentions. Méthode : Inspiration neurosciences, développement d'un “microscope IA” (regarder quels circuits neuronaux s'activent). Technique : Identification de concepts (“features”) et de “circuits” internes. Multilinguisme : Indice d'un “langage de pensée” conceptuel commun à toutes les langues avant de traduire dans une langue particulière. Planification : Capacité à anticiper (ex: rimes en poésie), pas seulement de la génération mot par mot (token par token). Raisonnement non fidèle : Peut fabriquer des arguments plausibles (“bullshitting”) pour une conclusion donnée. Logique multi-étapes : Combine des faits distincts, ne se contente pas de mémoriser. Hallucinations : Refus par défaut ; réponse si “connaissance” active, sinon risque d'hallucination si erreur. “Jailbreaks” : Tension entre cohérence grammaticale (pousse à continuer) et sécurité (devrait refuser). Bilan : Méthodes limitées mais prometteuses pour la transparence et la fiabilité de l'IA. Le “S” dans MCP veut dire Securité (ou pas !) https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b La spécification MCP pour permettre aux LLMs d'avoir accès à divers outils et fonctions a peut-être été adoptée un peu rapidement, alors qu'elle n'était pas encore prête niveau sécurité L'article liste 4 types d'attaques possibles : vulnérabilité d'injection de commandes attaque d'empoisonnement d'outils redéfinition silencieuse de l'outil le shadowing d'outils inter-serveurs Pour l'instant, MCP n'est pas sécurisé : Pas de standard d'authentification Pas de chiffrement de contexte Pas de vérification d'intégrité des outils Basé sur l'article de InvariantLabs https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks Sortie Infinispan 15.2 - pre rolling upgrades 16.0 https://infinispan.org/blog/2025/03/27/infinispan-15-2 Support de Redis JSON + scripts Lua Métriques JVM désactivables Nouvelle console (PatternFly 6) Docs améliorées (métriques + logs) JDK 17 min, support JDK 24 Fin du serveur natif (performances) Guillaume montre comment développer un serveur MCP HTTP Server Sent Events avec l'implémentation de référence Java et LangChain4j https://glaforge.dev/posts/2025/04/04/mcp-client-and-server-with-java-mcp-sdk-and-langchain4j/ Développé en Java, avec l'implémentation de référence qui est aussi à la base de l'implémentation dans Spring Boot (mais indépendant de Spring) Le serveur MCP est exposé sous forme de servlet dans Jetty Le client MCP lui, est développé avec le module MCP de LangChain4j c'est semi independant de Spring dans le sens où c'est dépendant de Reactor et de ses interface. il y a une conversation sur le github d'anthropic pour trouver une solution, mais cela ne parait pas simple. Les fallacies derrière la citation “AI won't replace you, but humans using AI will” https://platforms.substack.com/cp/161356485 La fallacie de l'automatisation vs. l'augmentation : Elle se concentre sur l'amélioration des tâches existantes avec l'IA au lieu de considérer le changement de la valeur de ces tâches dans un nouveau système. La fallacie des gains de productivité : L'augmentation de la productivité ne se traduit pas toujours par plus de valeur pour les travailleurs, car la valeur créée peut être capturée ailleurs dans le système. La fallacie des emplois statiques : Les emplois sont des constructions organisationnelles qui peuvent être redéfinies par l'IA, rendant les rôles traditionnels obsolètes. La fallacie de la compétition “moi vs. quelqu'un utilisant l'IA” : La concurrence évolue lorsque l'IA modifie les contraintes fondamentales d'un secteur, rendant les compétences existantes moins pertinentes. La fallacie de la continuité du flux de travail : L'IA peut entraîner une réimagination complète des flux de travail, éliminant le besoin de certaines compétences. La fallacie des outils neutres : Les outils d'IA ne sont pas neutres et peuvent redistribuer le pouvoir organisationnel en changeant la façon dont les décisions sont prises et exécutées. La fallacie du salaire stable : Le maintien d'un emploi ne garantit pas un salaire stable, car la valeur du travail peut diminuer avec l'augmentation des capacités de l'IA. La fallacie de l'entreprise stable : L'intégration de l'IA nécessite une restructuration de l'entreprise et ne se fait pas dans un vide organisationnel. Comprendre le “sampling” dans les LLMs https://rentry.co/samplers Explique pourquoi les LLMs utilisent des tokens Les différentes méthodes de “sampling” : càd de choix de tokens Les hyperparamètres comme la température, top-p, et leur influence réciproque Les algorithmes de tokenisation comme Byte Pair Encoding et SentencePiece. Un de moins … OpenAI va racheter Windsurf pour 3 milliards de dollars. https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion l'accord n'est pas encore finalisé Windsurf était valorisé à 1,25 milliards l'an dernier et OpenAI a levé 40 milliards dernièrement portant sa valeur à 300 milliards Le but pour OpenAI est de rentrer dans le monde des assistants de code pour lesquels ils sont aujourd'hui absent Docker desktop se met à l'IA… ? Une nouvelle fonctionnalité dans docker desktop 4.4 sur macos: Docker Model Runner https://dev.to/docker/run-genai-models-locally-with-docker-model-runner-5elb Permet de faire tourner des modèles nativement en local ( https://docs.docker.com/model-runner/ ) mais aussi des serveurs MCP ( https://docs.docker.com/ai/mcp-catalog-and-toolkit/ ) Outillage Jetbrains défend la suppression des commentaires négatifs sur son assistant IA https://devclass.com/2025/04/30/jetbrains-defends-removal-of-negative-reviews-for-unpopular-ai-assistant/?td=rt-3a L'IA Assistant de JetBrains, lancée en juillet 2023, a été téléchargée plus de 22 millions de fois mais n'est notée que 2,3 sur 5. Des utilisateurs ont remarqué que certaines critiques négatives étaient supprimées, ce qui a provoqué une réaction négative sur les réseaux sociaux. Un employé de JetBrains a expliqué que les critiques ont été supprimées soit parce qu'elles mentionnaient des problèmes déjà résolus, soit parce qu'elles violaient leur politique concernant les “grossièretés, etc.” L'entreprise a reconnu qu'elle aurait pu mieux gérer la situation, un représentant déclarant : “Supprimer plusieurs critiques d'un coup sans préavis semblait suspect. Nous aurions dû au moins publier un avis et fournir plus de détails aux auteurs.” Parmi les problèmes de l'IA Assistant signalés par les utilisateurs figurent : un support limité pour les fournisseurs de modèles tiers, une latence notable, des ralentissements fréquents, des fonctionnalités principales verrouillées aux services cloud de JetBrains, une expérience utilisateur incohérente et une documentation insuffisante. Une plainte courante est que l'IA Assistant s'installe sans permission. Un utilisateur sur Reddit l'a qualifié de “plugin agaçant qui s'auto-répare/se réinstalle comme un phénix”. JetBrains a récemment introduit un niveau gratuit et un nouvel agent IA appelé Junie, destiné à fonctionner parallèlement à l'IA Assistant, probablement en réponse à la concurrence entre fournisseurs. Mais il est plus char a faire tourner. La société s'est engagée à explorer de nouvelles approches pour traiter les mises à jour majeures différemment et envisage d'implémenter des critiques par version ou de marquer les critiques comme “Résolues” avec des liens vers les problèmes correspondants au lieu de les supprimer. Contrairement à des concurrents comme Microsoft, AWS ou Google, JetBrains commercialise uniquement des outils et services de développement et ne dispose pas d'une activité cloud distincte sur laquelle s'appuyer. Vos images de README et fichiers Markdown compatibles pour le dark mode de GitHub: https://github.blog/developer-skills/github/how-to-make-your-images-in-markdown-on-github-adjust-for-dark-mode-and-light-mode/ Seulement quelques lignes de pure HTML pour le faire Architecture Alors, les DTOs, c'est bien ou c'est pas bien ? https://codeopinion.com/dtos-mapping-the-good-the-bad-and-the-excessive/ Utilité des DTOs : Les DTOs servent à transférer des données entre les différentes couches d'une application, en mappant souvent les données entre différentes représentations (par exemple, entre la base de données et l'interface utilisateur). Surutilisation fréquente : L'article souligne que les DTOs sont souvent utilisés de manière excessive, notamment pour créer des API HTTP qui ne font que refléter les entités de la base de données, manquant ainsi l'opportunité de composer des données plus riches. Vraie valeur : La valeur réelle des DTOs réside dans la gestion du couplage entre les couches et la composition de données provenant de sources multiples en formes optimisées pour des cas d'utilisation spécifiques. Découplage : Il est suggéré d'utiliser les DTOs pour découpler les modèles de données internes des contrats externes (comme les API), ce qui permet une évolution et une gestion des versions indépendantes. Exemple avec CQRS : Dans le cadre de CQRS (Command Query Responsibility Segregation), les réponses aux requêtes (queries) agissent comme des DTOs spécifiquement adaptés aux besoins de l'interface utilisateur, pouvant inclure des données de diverses sources. Protection des données internes : Les DTOs aident à distinguer et protéger les modèles de données internes (privés) des changements externes (publics). Éviter l'excès : L'auteur met en garde contre les couches de mapping excessives (mapper un DTO vers un autre DTO) qui n'apportent pas de valeur ajoutée. Création ciblée : Il est conseillé de ne créer des DTOs que lorsqu'ils résolvent des problèmes concrets, tels que la gestion du couplage ou la facilitation de la composition de données. Méthodologies Même Guillaume se met au “vibe coding” https://glaforge.dev/posts/2025/05/02/vibe-coding-an-mcp-server-with-micronaut-and-gemini/ Selon Andrey Karpathy, c'est le fait de POC-er un proto, une appli jetable du weekend https://x.com/karpathy/status/1886192184808149383 Mais Simon Willison s'insurge que certains confondent coder avec l'assistance de l'IA avec le vibe coding https://simonwillison.net/2025/May/1/not-vibe-coding/ Guillaume c'est ici amusé à développer un serveur MCP avec Micronaut, en utilisant Gemini, l'IA de Google. Contrairement à Quarkus ou Spring Boot, Micronaut n'a pas encore de module ou de support spécifique pour faciliter la création de serveur MCP Sécurité Une faille de sécurité 10/10 sur Tomcat https://www.it-connect.fr/apache-tomcat-cette-faille-activement-exploitee-seulement-30-heures-apres-sa-divulgation-patchez/ Une faille de sécurité critique (CVE-2025-24813) affecte Apache Tomcat, permettant l'exécution de code à distance Cette vulnérabilité est activement exploitée seulement 30 heures après sa divulgation du 10 mars 2025 L'attaque ne nécessite aucune authentification et est particulièrement simple à exécuter Elle utilise une requête PUT avec une charge utile Java sérialisée encodée en base64, suivie d'une requête GET L'encodage en base64 permet de contourner la plupart des filtres de sécurité Les serveurs vulnérables utilisent un stockage de session basé sur des fichiers (configuration répandue) Les versions affectées sont : 11.0.0-M1 à 11.0.2, 10.1.0-M1 à 10.1.34, et 9.0.0.M1 à 9.0.98 Les mises à jour recommandées sont : 11.0.3+, 10.1.35+ et 9.0.99+ Les experts prévoient des attaques plus sophistiquées dans les prochaines phases d'exploitation (upload de config ou jsp) Sécurisation d'un serveur ssh https://ittavern.com/ssh-server-hardening/ un article qui liste les configurations clés pour sécuriser un serveur SSH par exemple, enlever password authentigfication, changer de port, desactiver le login root, forcer le protocol ssh 2, certains que je ne connaissais pas comme MaxStartups qui limite le nombre de connections non authentifiées concurrentes Port knocking est une technique utile mais demande une approche cliente consciente du protocol Oracle admet que les identités IAM de ses clients ont leaké https://www.theregister.com/2025/04/08/oracle_cloud_compromised/ Oracle a confirmé à certains clients que son cloud public a été compromis, alors que l'entreprise avait précédemment nié toute intrusion. Un pirate informatique a revendiqué avoir piraté deux serveurs d'authentification d'Oracle et volé environ six millions d'enregistrements, incluant des clés de sécurité privées, des identifiants chiffrés et des entrées LDAP. La faille exploitée serait la vulnérabilité CVE-2021-35587 dans Oracle Access Manager, qu'Oracle n'avait pas corrigée sur ses propres systèmes. Le pirate a créé un fichier texte début mars sur login.us2.oraclecloud.com contenant son adresse email pour prouver son accès. Selon Oracle, un ancien serveur contenant des données vieilles de huit ans aurait été compromis, mais un client affirme que des données de connexion aussi récentes que 2024 ont été dérobées. Oracle fait face à un procès au Texas concernant cette violation de données. Cette intrusion est distincte d'une autre attaque contre Oracle Health, sur laquelle l'entreprise refuse de commenter. Oracle pourrait faire face à des sanctions sous le RGPD européen qui exige la notification des parties affectées dans les 72 heures suivant la découverte d'une fuite de données. Le comportement d'Oracle consistant à nier puis à admettre discrètement l'intrusion est inhabituel en 2025 et pourrait mener à d'autres actions en justice collectives. Une GitHub action très populaire compromise https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised Compromission de l'action tj-actions/changed-files : En mars 2025, une action GitHub très utilisée (tj-actions/changed-files) a été compromise. Des versions modifiées de l'action ont exposé des secrets CI/CD dans les logs de build. Méthode d'attaque : Un PAT compromis a permis de rediriger plusieurs tags de version vers un commit contenant du code malveillant. Détails du code malveillant : Le code injecté exécutait une fonction Node.js encodée en base64, qui téléchargeait un script Python. Ce script parcourait la mémoire du runner GitHub à la recherche de secrets (tokens, clés…) et les exposait dans les logs. Dans certains cas, les données étaient aussi envoyées via une requête réseau. Période d'exposition : Les versions compromises étaient actives entre le 12 et le 15 mars 2025. Tout dépôt, particulièrement ceux publiques, ayant utilisé l'action pendant cette période doit être considéré comme potentiellement exposé. Détection : L'activité malveillante a été repérée par l'analyse des comportements inhabituels pendant l'exécution des workflows, comme des connexions réseau inattendues. Réaction : GitHub a supprimé l'action compromise, qui a ensuite été nettoyée. Impact potentiel : Tous les secrets apparaissant dans les logs doivent être considérés comme compromis, même dans les dépôts privés, et régénérés sans délai. Loi, société et organisation Les startup the YCombinateur ont les plus fortes croissances de leur histoire https://www.cnbc.com/2025/03/15/y-combinator-startups-are-fastest-growing-in-fund-history-because-of-ai.html Les entreprises en phase de démarrage à Silicon Valley connaissent une croissance significative grâce à l'intelligence artificielle. Le PDG de Y Combinator, Garry Tan, affirme que l'ensemble des startups de la dernière cohorte a connu une croissance hebdomadaire de 10% pendant neuf mois. L'IA permet aux développeurs d'automatiser des tâches répétitives et de générer du code grâce aux grands modèles de langage. Pour environ 25% des startups actuelles de YC, 95% de leur code a été écrit par l'IA. Cette révolution permet aux entreprises de se développer avec moins de personnel - certaines atteignant 10 millions de dollars de revenus avec moins de 10 employés. La mentalité de “croissance à tout prix” a été remplacée par un renouveau d'intérêt pour la rentabilité. Environ 80% des entreprises présentées lors du “demo day” étaient centrées sur l'IA, avec quelques startups en robotique et semi-conducteurs. Y Combinator investit 500 000 dollars dans les startups en échange d'une participation au capital, suivi d'un programme de trois mois. Red Hat middleware (ex-jboss) rejoint IBM https://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html Les activités Middleware de Red Hat (incluant JBoss, Quarkus, etc.) vont être transférées vers IBM, dans l'unité dédiée à la sécurité des données, à l'IAM et aux runtimes. Ce changement découle d'une décision stratégique de Red Hat de se concentrer davantage sur le cloud hybride et l'intelligence artificielle. Mark Little explique que ce transfert était devenu inévitable, Red Hat ayant réduit ses investissements dans le Middleware ces dernières années. L'intégration vise à renforcer l'innovation autour de Java en réunissant les efforts de Red Hat et IBM sur ce sujet. Les produits Middleware resteront open source et les clients continueront à bénéficier du support habituel sans changement. Mark Little affirme que des projets comme Quarkus continueront à être soutenus et que cette évolution est bénéfique pour la communauté Java. Un an de commonhaus https://www.commonhaus.org/activity/253.html un an, démarré sur les communautés qu'ils connaissaient bien maintenant 14 projets et put en accepter plus confiance, gouvernance legère et proteger le futur des projets automatisation de l'administratif, stabiilité sans complexité, les developpeurs au centre du processus de décision ils ont besoins de members et supporters (financiers) ils veulent accueillir des projets au delà de ceux du cercles des Java Champions Spring Cloud Data Flow devient un produit commercial et ne sera plus maintenu en open source https://spring.io/blog/2025/04/21/spring-cloud-data-flow-commercial Peut-être sous l'influence de Broadcom, Spring se met à mettre en mode propriétaire des composants du portefeuille Spring ils disent que peu de gens l'utilisaent en mode OSS et la majorité venait d'un usage dans la plateforme Tanzu Maintenir en open source le coutent du temps qu'ils son't pas sur ces projets. La CNCF protège le projet NATS, dans la fondation depuis 2018, vu que la société Synadia qui y contribue souhaitait reprendre le contrôle du projet https://www.cncf.io/blog/2025/04/24/protecting-nats-and-the-integrity-of-open-source-cncfs-commitment-to-the-community/ CNCF : Protège projets OS, gouvernance neutre. Synadia vs CNCF : Veut retirer NATS, licence non-OS (BUSL). CNCF : Accuse Synadia de “claw back” (reprise illégitime). Revendications Synadia : Domaine nats.io, orga GitHub. Marque NATS : Synadia n'a pas transféré (promesse rompue malgré aide CNCF). Contestation Synadia : Juge règles CNCF “trop vagues”. Vote interne : Mainteneurs Synadia votent sortie CNCF (sans communauté). Support CNCF : Investissement majeur ($ audits, légal), succès communautaire (>700 orgs). Avenir NATS (CNCF) : Maintien sous Apache 2.0, gouvernance ouverte. Actions CNCF : Health check, appel mainteneurs, annulation marque Synadia, rejet demandes. Mais finalement il semble y avoir un bon dénouement : https://www.cncf.io/announcements/2025/05/01/cncf-and-synadia-align-on-securing-the-future-of-the-nats-io-project/ Accord pour l'avenir de NATS.io : La Cloud Native Computing Foundation (CNCF) et Synadia ont conclu un accord pour sécuriser le futur du projet NATS.io. Transfert des marques NATS : Synadia va céder ses deux enregistrements de marque NATS à la Linux Foundation afin de renforcer la gouvernance ouverte du projet. Maintien au sein de la CNCF : L'infrastructure et les actifs du projet NATS resteront sous l'égide de la CNCF, garantissant ainsi sa stabilité à long terme et son développement en open source sous licence Apache-2.0. Reconnaissance et engagement : La Linux Foundation, par la voix de Todd Moore, reconnaît les contributions de Synadia et son soutien continu. Derek Collison, PDG de Synadia, réaffirme l'engagement de son entreprise envers NATS et la collaboration avec la Linux Foundation et la CNCF. Adoption et soutien communautaire : NATS est largement adopté et considéré comme une infrastructure critique. Il bénéficie d'un fort soutien de la communauté pour sa nature open source et l'implication continue de Synadia. Finalement, Redis revient vers une licence open source OSI, avec la AGPL https://foojay.io/today/redis-is-now-available-under-the-agplv3-open-source-license/ Redis passe à la licence open source AGPLv3 pour contrer l'exploitation par les fournisseurs cloud sans contribution. Le passage précédent à la licence SSPL avait nui à la relation avec la communauté open source. Salvatore Sanfilippo (antirez) est revenu chez Redis. Redis 8 adopte la licence AGPL, intègre les fonctionnalités de Redis Stack (JSON, Time Series, etc.) et introduit les “vector sets” (le support de calcul vectoriel développé par Salvatore). Ces changements visent à renforcer Redis en tant que plateforme appréciée des développeurs, conformément à la vision initiale de Salvatore. Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 mai 2025 : GOSIM AI Paris - Paris (France) 7-9 mai 2025 : Devoxx UK - London (UK) 15 mai 2025 : Cloud Toulouse - Toulouse (France) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 22-23 mai 2025 : Flupa UX Days 2025 - Paris (France) 24 mai 2025 : Polycloud - Montpellier (France) 24 mai 2025 : NG Baguette Conf 2025 - Nantes (France) 3 juin 2025 : TechReady - Nantes (France) 5-6 juin 2025 : AlpesCraft - Grenoble (France) 5-6 juin 2025 : Devquest 2025 - Niort (France) 10-11 juin 2025 : Modern Workplace Conference Paris 2025 - Paris (France) 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12 juin 2025 : Positive Design Days - Strasbourg (France) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 19-21 juin 2025 : Drupal Barcamp Perpignan 2025 - Perpignan (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : Devfest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

React Core team member Dan Abramov joins us to explore "JSX over the wire" and the evolving architecture of React Server Components. We dive into the shift from traditional REST APIs to screen-specific data shaping, the concept of Backend for Frontend (BFF), and why centering UI around the user experience—not server/client boundaries—matters more than ever. Links https://danabra.mov https://github.com/gaearon https://bsky.app/profile/danabra.mov https://overreacted.io https://www.youtube.com/@danabramov Resources JSX Over The Wire: https://overreacted.io/jsx-over-the-wire/ Impossible Components: https://overreacted.io/impossible-components/ What Does "use client" Do?: https://overreacted.io/what-does-use-client-do/ Our Journey With Caching: https://nextjs.org/blog/our-journey-with-caching https://parceljs.org https://nextjs.org/docs/app We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Dan Abramov.

Scott and Wes sit down with Cassie Evans of GSAP to talk all things animation—from SVGs and scroll timelines to GSAP's new rebrand and exciting features. They also dig into performance, plugins, and what makes GSAP such a powerful tool for web developers. Show Notes 00:00 Welcome to Syntax! 00:59 What is GSAP? Cassie Codes. 01:53 GSAP Rebranding. 04:44 GSAP under the hood. 05:29 The big announcement! 07:19 GSAP Showcase. 11:01 Brought to you by Sentry.io. 11:26 Why is GSAP easier for animations? GSAP Docs. 12:38 Animating with SVGs. 13:33 The love of SVG. 14:55 GSAP is performant. 16:06 Gotchas to watch out for. 18:12 Does GSAP work with canvas? 19:02 What GSAP projects are you most proud of? 20:30 Does it play nice with web frameworks? GSAP with React. 22:32 What are you excited about in CSS right now? Scroll Timeline. 24:27 Will any of these make their way into GSAP? 26:31 Timelines. 29:24 Building animations with timelines. 34:55 What are the best GSAP plugins? Split Text spanran-wrap. Physics 2D Plugin. 38:44 GSAP docs and philosophy. 39:50 Scrubbing animations by frame. 41:09 GSAP Video Exporter. 41:45 Animating with JavaScript. 45:19 JavaScript in unconventional applications. 47:56 Is there anything missing in web tech? 50:53 What about AI in GSAP? 52:40 Sick Picks + Shameless Plugs. Sick Picks Cassie: Eyesy Video Synthesis. Shameless Plugs Cassie: Smashing Conf. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

北韓駭客拉薩路盜走 15 億美元的加密貨幣後，怎麼在鏈上神不知鬼不覺地消失？這集我們不只講 Bybit 被駭，而是要一步步拆解駭客的洗錢路線圖：ETH 怎麼跨鏈變 BTC，怎麼進混幣池、怎麼進入隱形錢包，最後怎麼透過 OTC 變成現金，逃出鏈上世界。這不是電影，這是真實發生的事。這集我們聊聊：

Helen ist Programmiererin und hat schon vor bzw. während ihrem Game Design Studium bei Goodgame und Fizbin gearbeitet. Dank einem Schlenker in die "seriöse" Softwareentwicklungsbranche hat sie erkannt, was ihre eigentliche Traumberufung ist: Games zu nutzen, um reale Sachverhalte auf spielerische Art und Weise greifbar zu machen. Im Interview sprechen wir auch über NeoPets, Scientology, Barcode-Scanner, Komponistinnen und vieles mehr!

Karly Lamm joins Robin Heinze and Mazen Chami to explore accessibility in React Native. From common pitfalls and screen reader challenges to the value of inclusive design, they share how small changes can make apps work better for everyone. Show NotesKarly's Blog postJen Loker's 2018 Chain React TalkReact Native Accessibility DocsiOS VoiceOver cheatsheetAndroid TalkBack cheatsheetConnect With Us!Guest: Karly LammRobin Heinze: @robinheinzeMazen Chami: @mazenchamiReact Native Radio: @ReactNativeRdioThis episode is brought to you by Infinite Red!Infinite Red is an expert React Native consultancy located in the USA. With nearly a decade of React Native experience and deep roots in the React Native community (hosts of Chain React and the React Native Newsletter, core React Native contributors, creators of Ignite and Reactotron, and much, much more), Infinite Red is the best choice for helping you build and deploy your next React Native app.

Carson Gross, creator of HTMX, talks about its evolution from intercooler.js, its viral rise on social media, and its philosophy of simplicity and stability. They dive into how HTMX fits into the modern web dev ecosystem, the idea of building 100-year web services, and why older technologies like jQuery and server-side rendering still have staying power. Carson also shares insights on open-source marketing, progressive enhancement, and the future of web development. Links https://bigsky.software https://www.linkedin.com/in/1cg https://github.com/bigskysoftware https://x.com/htmx_org https://htmx.org https://htmx.org/discord https://hypermedia.systems https://github.com/surrealdb/surrealdb.js https://unpoly.com https://ui.shadcn.com We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Carson Gross.

Jemima Abu, Senior Product Engineer at CAIS, joins the podcast to unpack her no-fluff approach to functional programming in JavaScript. From why predictable code matters to how higher-order functions like map and reduce can save your sanity, Jemima breaks down real-world lessons on purity, immutability, and when it's okay to not be a functional purist. Links https://v3.jemimaabu.com https://www.jemimaabu.com https://www.linkedin.com/in/jemimaabu https://x.com/jemimaabu https://github.com/jemimaabu We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Jemima Abu.

Show DescriptionWhat are the non-US cloud services options, falling off the blogging train and trying to get back on, working on vacation, Chris recaps the Alaskan Folk Festival experience, how often do you go back and clean out JavaScript, and the idea of gilding just one lily on a new project. Listen on Website →Links European Alternatives A lack of frequency increases the pressure to deliver quality Trap (2024) Reviews Polyfilling Concepts ex-Googler · April 10, 2025 Gild Just One Lily Blog Questions Challenge CodePen Development CSS clip-path maker Sponsors

Guillermo Rauch is the founder and CEO of Vercel, creators of v0 (one of the most popular AI app building tools), and the mind behind foundational JavaScript frameworks like Next.js and Socket.io. An open source pioneer and legendary engineer, Guillermo has built tools that power some of the internet's most innovative products, including Midjourney, Grok, and Notion. His mission is to democratize product creation, expanding the pool of potential builders from 5 million developers to over 100 million people worldwide. In this episode, you'll learn:1. How AI will radically speed up product development—and the three critical skills PMs and engineers should master now to stay ahead2. Why the future of building apps is shifting toward prompts instead of code, and how that affects traditional product teams3. Specific ways to improve your design “taste,” plus practical tips to consistently create beautiful, user-loved products4. How Guillermo built a powerful app in under two hours for $20 (while flying and using plane Wi-Fi) that would normally take weeks and thousands of dollars in engineering time5. The exact strategies Vercel uses internally to leverage AI tools like v0 and Cursor, enabling their team of 600 to ship faster and better than ever before6. Guillermo's actionable advice on increasing your product quality through rapid iteration, real-world user feedback, and creating intentional “exposure hours” for your team—Brought to you by:• WorkOS—Modern identity platform for B2B SaaS, free up to 1 million MAUs• Vanta — Automate compliance. Simplify security• LinkedIn Ads—Reach professionals and drive results for your business—Where to find Guillermo Rauch:• X: https://x.com/rauchg• LinkedIn: https://www.linkedin.com/in/rauchg/• Website: https://rauchg.com/—Where to find Lenny:• Newsletter: https://www.lennysnewsletter.com• X: https://twitter.com/lennysan• LinkedIn: https://www.linkedin.com/in/lennyrachitsky/—In this episode, we cover:(00:00) Introduction to Guillermo Rauch(04:43) v0's mission(07:03) The impact and growth of v0(15:54) The future of product development with AI(19:05) Empowering engineers and product builders(24:01) Skills for the future: coding, math, and eloquence(35:05) v0 in action: real-world applications(36:40) Tips for using v0 effectively(45:46) Core skills for building AI apps(49:44) Live demo(59:45) Understanding how AI thinks(01:04:35) AI integration and future prospects(01:07:22) Building taste(01:13:43) Limitations of v0(01:16:54) Improving the design of your product(01:20:09) The secret to product quality(01:22:35) Vercel's AI-driven development(01:25:43) Guillermo's vision for the future—Referenced:• v0: https://v0.dev/• Vercel: https://vercel.com/• GitHub: https://github.com/• Cursor: https://www.cursor.com/• Next.js Framework: https://nextjs.org/• Claude: https://claude.ai/new• Grok: https://x.ai/• Midjourney: https://www.midjourney.com• SocketIO: https://socket.io/• Notion's lost years, its near collapse during Covid, staying small to move fast, the joy and suffering of building horizontal, more | Ivan Zhao (CEO and co-founder): https://www.lennysnewsletter.com/p/inside-notion-ivan-zhao• Notion: https://www.notion.com/• Automattic: https://automattic.com/• Inside Bolt: From near-death to ~$40m ARR in 5 months—one of the fastest-growing products in history | Eric Simons (founder & CEO of StackBlitz): https://www.lennysnewsletter.com/p/inside-bolt-eric-simons• v0 Community: https://v0.dev/chat/community• Figma: https://www.figma.com/• Git Commit: https://www.atlassian.com/git/tutorials/saving-changes/git-commit• What are Artifacts and how do I use them?: https://support.anthropic.com/en/articles/9487310-what-are-artifacts-and-how-do-i-use-them• Design Engineering at Vercel: https://vercel.com/blog/design-engineering-at-vercel• CSS: https://en.wikipedia.org/wiki/CSS• Tailwind: https://tailwindcss.com/• Wordcel / Shape Rotator / Mathcel: https://knowyourmeme.com/memes/wordcel-shape-rotator-mathcel• Steve Jobs's Ultimate Lesson for Companies: https://hbr.org/2011/08/steve-jobss-ultimate-lesson-fo• Bloom Hackathon: https://bloom.build/• Expenses Should Do Themselves | Saquon Barkley x Ramp (Super Bowl Ad): https://www.youtube.com/watch?v=p1Tgsy7D0Jg• Velocity over everything: How Ramp became the fastest-growing SaaS startup of all time | Geoff Charles (VP of Product): https://www.lennysnewsletter.com/p/velocity-over-everything-how-ramp• JavaScript: https://www.javascript.com/• React: https://react.dev/• Mapbox: https://www.mapbox.com/• Leaflet: https://leafletjs.com/• Escape hatches: https://react.dev/learn/escape-hatches• Supreme: https://supreme.com/• Shadcn: https://ui.shadcn.com/• Charles Schwab: https://www.schwab.com/• Fortune: https://fortune.com/• Semafor: https://www.semafor.com/• AI SDK: https://sdk.vercel.ai/• DeepSeek: https://www.deepseek.com/• Stripe: https://stripe.com/• Vercel templates: https://vercel.com/templates• GC AI: https://getgc.ai/• OpenEvidence: https://www.openevidence.com/• Paris Fashion Week: https://www.fhcm.paris/en/paris-fashion-week• Guillermo's post on X about making great products: https://x.com/rauchg/status/1887314115066274254• Everybody Can Cook billboard: https://www.linkedin.com/posts/evilrabbit_activity-7242975574242037760-uRW9/• Ratatouille: https://www.imdb.com/title/tt0382932/—Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com.—Lenny may be an investor in the companies discussed. Get full access to Lenny's Newsletter at www.lennysnewsletter.com/subscribe