Podcasts about JetBrains

This interview was recorded for the GOTO Book Club.http://gotopia.tech/bookclubRead the full transcription of the interview hereMarcin Moskala - Fullstack Kotlin Developer, Founder of Kt. Academy & Author of "Effective Kotlin", et al.Nicola Corti - Staff Android Engineer at Meta, React Native Core Team Member & Open Source LoverRESOURCESMarcinhttps://x.com/marcinmoskalahttps://kt.academyhttps://github.com//marcinmoskalahttps://www.instagram.com/cortinicoNicolahttps://x.com/cortinicohttps://ncorti.comhttps://github.com/cortinicohttps://www.linkedin.com/in/cortinicoLinkshttps://developer.android.com/develop/ui/compose/kotlinhttps://detekt.devhttps://www.abreslav.comhttps://kt.academy/article/ek-compositionhttps://kt.academy/article/books-kotlin-for-developers-readyDESCRIPTIONIn this episode of the "GOTO Book Club", Nicola Corti talks to Marcin Moskala, author of "Effective Kotlin", to unravel the inspiration, evolution, and community impact of his work.Moskala reflects on his decade-long journey with Kotlin, revealing how his book bridges the gap between Java-centric practices and Kotlin's idiomatic potential. The discussion spans essential topics like factory functions, composition over inheritance, and the iterative process behind curating best practices tailored to Kotlin's strengths.Marcin also highlights the "Kotlin for Developers" series and his Give IT Forward initiative, showcasing his commitment to empowering developers and fostering accessible programming education worldwide.RECOMMENDED BOOKSMarcin Moskala • Effective KotlinMarcin Moskala • Kotlin EssentialsMarcin Moskala • Functional KotlinMarcin Moskala • Kotlin CoroutinesMarcin Moskala • Advanced KotlinMarcin Moskala & Igor Wojda • Android Development with KotlinVenkat Subramaniam • Programming KotlinBlueskyTwitterInstagramLinkedInFacebookCHANNEL MEMBERSHIP BONUSJoin this channel to get early access to videos & other perks:https://www.youtube.com/channel/UCs_tLP3AiwYKwdUHpltJPuA/joinLooking for a unique learning experience?Attend the next GOTO conference near you! Get your ticket: gotopia.techSUBSCRIBE TO OUR YOUTUBE CHANNEL - new videos posted daily!

Today Michelle Frost from JetBrains joins Jan and Q to explore the challenges and opportunities of integrating AI tools directly into your IDE, discuss real-world scenarios around trust, transparency, and skill-building, and unpack what “responsible AI use” looks like.More about Michelle Bluesky: @aiwithmichelle.com‬ LinkedIn:  https://www.linkedin.com/in/michelle-frost-dev/Follow us onX: The Angular Plus ShowBluesky: @theangularplusshow.bsky.social  The Angular Plus Show is a part of ng-conf. ng-conf is a multi-day Angular conference focused on delivering the highest quality training in the Angular JavaScript framework. Developers from across the globe converge  every year to attend talks and workshops by the Angular team and community experts.Join: http://www.ng-conf.org/Attend: https://ti.to/ng-conf/2025Follow: https://twitter.com/ngconf             https://www.linkedin.com/company/ng-conf             https://bsky.app/profile/ng-conf.bsky.social             https://www.facebook.com/ngconfofficialRead: https://medium.com/ngconfWatch: https://www.youtube.com/@ngconfonline  Edited by Patrick Hayes https://www.spoonfulofmedia.com/ Stock media provided by JUQBOXMUSIC/ Pond5

Anthropic bringt mit Claude 4 die nächste Modellreihe heraus und setzt damit neue Maßstäbe in den Benchmarks.DeepSeek-R1 hat ein Update vom 28. Mai erhalten und ist nun wieder auf Augenhöhe mit den anderen großen Modellen.Chatterbox TTS ist ein neues Open-Source-Modell, das Stimmen mit nur fünf Sekunden Vorlage klonen kann.Mem0 ist ein Konzept, das langfristiges Gedächtnis (Long Term Memory) für Agenten verbessern soll.Trea nutzt ein Multi-Stage-Agentensystem, um aus LLMs bessere Coding-Ergebnisse herauszuholen.OpenAI eröffnet ein Vertriebsbüro in München. Duolingo wird „AI-first“.JetBrains veröffentlicht mit Koog eine Infrastruktur, um KI-Agenten im Kotlin-Umfeld zu bauen.Apples Kurzbefehle-App („Shortcuts“) soll künftig KI-Unterstützung erhalten.Steve Jobs wusste schon vor 40 Jahren, was er von Technologie will – mit historicmentor.com wird das bald erlebbar.Link zum Stargate-Video.Fabis erwähnte Prompt-Analyse von Cursor.Schreibt uns! Schickt uns eure Themenwünsche und euer Feedback: podcast@programmier.barFolgt uns! Bleibt auf dem Laufenden über zukünftige Folgen und virtuelle Meetups und beteiligt euch an Community-Diskussionen. BlueskyInstagramLinkedInMeetupYouTube

Heute dominieren die News der beiden großen Tech-Konferenzen der Woche: Google I/O 2025 und Microsoft Build!MicrosoftNLWeb soll als Open-Source Projekt AI-Interaktion mit Webseiten vereinfachenGitHub Copilot nun auch als eigenständiger Agent in der CloudGitHub Agent Mode kommt zu JetBrains und XcodeWindows AI Foundry vereinfacht das Ausführen und Trainieren von Modellen auf dem Gerät und in der CloudAzure AI Foundry: xAI-Modelle stehen nun auch zur Verfügung und können gehostet werden. Ein Model-Router sucht selbst das beste ModellMicrosoft 365 Copilot Tuning: Low-Code-Lösung zum Tunen eigener Modelle mit UnternehmensdatenBreite Unterstützung des MCP in GitHub, Copilot Studio, Windows 11 und weiteren ToolsEdge Browser AI APIs: Neue APIs, um auf lokale Modelle im Browser zuzugreifenGoogleGemini 2.5 Pro „Deep Think“ bietet eine neue ArchitekturGemini 2.5 Flash als Vorschau verfügbar mit starker Leistung bei reduzierten RessourcenGemma 3n als kleine Version des offenen Modells von Google, das die Nano-Reihe ablösen sollJede Menge Neuerungen für kreative AI: Mit Veo 3 kommt ein neues Videomodell, das nicht nur den Film, sondern auch gleich das Audio mitgeneriert.Imagen 4 ist ein besseres Bildmodell, inklusive Text-Rendering.Lyria 2 ist die Suno-Alternative zum Generieren von Musik. Den ganzen Flow fasst Google im neuen Tool Flow zusammen.Jules ist der GitHub Copilot Agent oder das OpenAI Codex von GoogleGoogle Meet kann jetzt Echtzeit-Übersetzungen – zunächst nur auf Englisch und SpanischGemini-App mit vielen Funktionen geflutet und Gemini erhält mehr Einzug in die Google SucheZwei neue Abo-Modelle für AI bei Google: Für $20 gibt es Google AI Pro und schlappe $250 werden für Google AI Ultra fälligAbseits davon: AlphaEvolve v

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 03/05 a 09/05.

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 03/05 a 09/05.

Gros épisode qui couvre un large spectre de sujets : Java, Scala, Micronaut, NodeJS, l'IA et la compétence des développeurs, le sampling dans les LLMs, les DTO, le vibe coding, les changements chez Broadcom et Red Hat ainsi que plusieurs nouvelles sur les licences open source. Enregistré le 7 mai 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-325.mp3 ou en vidéo sur YouTube. News Langages A l'occasion de JavaOne et du lancement de Java 24, Oracle lance un nouveau site avec des ressources vidéo pour apprendre le langage https://learn.java/ site plutôt à destination des débutants et des enseignants couvre la syntaxe aussi, y compris les ajouts plus récents comme les records ou le pattern matching c'est pas le site le plus trendy du monde. Martin Odersky partage un long article sur l'état de l'écosystème Scala et les évolutions du language https://www.scala-lang.org/blog/2025/03/24/evolving-scala.html Stabilité et besoin d'évolution : Scala maintient sa position (~14ème mondial) avec des bases techniques solides, mais doit évoluer face à la concurrence pour rester pertinent. Axes prioritaires : L'évolution se concentre sur l'amélioration du duo sécurité/convivialité, le polissage du langage (suppression des “rugosités”) et la simplification pour les débutants. Innovation continue : Geler les fonctionnalités est exclu ; l'innovation est clé pour la valeur de Scala. Le langage doit rester généraliste et ne pas se lier à un framework spécifique. Défis et progrès : L'outillage (IDE, outils de build comme sbt, scala-cli, Mill) et la facilité d'apprentissage de l'écosystème sont des points d'attention, avec des améliorations en cours (partenariat pédagogique, plateformes simples). Des strings encore plus rapides ! https://inside.java/2025/05/01/strings-just-got-faster/ Dans JDK 25, la performance de la fonction String::hashCode a été améliorée pour être principalement constant foldable. Cela signifie que si les chaînes de caractères sont utilisées comme clés dans une Map statique et immuable, des gains de performance significatifs sont probables. L'amélioration repose sur l'annotation interne @Stable appliquée au champ privé String.hash. Cette annotation permet à la machine virtuelle de lire la valeur du hash une seule fois et de la considérer comme constante si elle n'est pas la valeur par défaut (zéro). Par conséquent, l'opération String::hashCode peut être remplacée par la valeur de hash connue, optimisant ainsi les lookups dans les Map immuables. Un cas limite est celui où le code de hachage de la chaîne est zéro, auquel cas l'optimisation ne fonctionne pas (par exemple, pour la chaîne vide “”). Bien que l'annotation @Stable soit interne au JDK, un nouveau JEP (JEP 502: Stable Values (Preview)) est en cours de développement pour permettre aux utilisateurs de bénéficier indirectement de fonctionnalités similaires. AtomicHash, une implémentation Java d'une HashMap qui est thread-safe, atomique et non-bloquante https://github.com/arxila/atomichash implémenté sous forme de version immutable de Concurrent Hash Trie Librairies Sortie de Micronaut 4.8.0 https://micronaut.io/2025/04/01/micronaut-framework-4-8-0-released/ Mise à jour de la BOM (Bill of Materials) : La version 4.8.0 met à jour la BOM de la plateforme Micronaut. Améliorations de Micronaut Core : Intégration de Micronaut SourceGen pour la génération interne de métadonnées et d'expressions bytecode. Nombreuses améliorations dans Micronaut SourceGen. Ajout du traçage de l'injection de dépendances pour faciliter le débogage au démarrage et à la création des beans. Nouveau membre definitionType dans l'annotation @Client pour faciliter le partage d'interfaces entre client et serveur. Support de la fusion dans les Bean Mappers via l'annotation @Mapping. Nouvelle liveness probe détectant les threads bloqués (deadlocked) via ThreadMXBean. Intégration Kubernetes améliorée : Mise à jour du client Java Kubernetes vers la version 22.0.1. Ajout du module Micronaut Kubernetes Client OpenAPI, offrant une alternative au client officiel avec moins de dépendances, une configuration unifiée, le support des filtres et la compatibilité Native Image. Introduction d'un nouveau runtime serveur basé sur le serveur HTTP intégré de Java, permettant de créer des applications sans dépendances serveur externes. Ajout dans Micronaut Micrometer d'un module pour instrumenter les sources de données (traces et métriques). Ajout de la condition condition dans l'annotation @MetricOptions pour contrôler l'activation des métriques via une expression. Support des Consul watches dans Micronaut Discovery Client pour détecter les changements de configuration distribuée. Possibilité de générer du code source à partir d'un schéma JSON via les plugins de build (Gradle et Maven). Web Node v24.0.0 passe en version Current: https://nodejs.org/en/blog/release/v24.0.0 Mise à jour du moteur V8 vers la version 13.6 : intégration de nouvelles fonctionnalités JavaScript telles que Float16Array, la gestion explicite des ressources (using), RegExp.escape, WebAssembly Memory64 et Error.isError. npm 11 inclus : améliorations en termes de performance, de sécurité et de compatibilité avec les packages JavaScript modernes. Changement de compilateur pour Windows : abandon de MSVC au profit de ClangCL pour la compilation de Node.js sur Windows. AsyncLocalStorage utilise désormais AsyncContextFrame par défaut : offrant une gestion plus efficace du contexte asynchrone. URLPattern disponible globalement : plus besoin d'importer explicitement cette API pour effectuer des correspondances d'URL. Améliorations du modèle de permissions : le flag expérimental --experimental-permission devient --permission, signalant une stabilité accrue de cette fonctionnalité. Améliorations du test runner : les sous-tests sont désormais attendus automatiquement, simplifiant l'écriture des tests et réduisant les erreurs liées aux promesses non gérées. Intégration d'Undici 7 : amélioration des capacités du client HTTP avec de meilleures performances et un support étendu des fonctionnalités HTTP modernes. Dépréciations et suppressions : Dépréciation de url.parse() au profit de l'API WHATWG URL. Suppression de tls.createSecurePair. Dépréciation de SlowBuffer. Dépréciation de l'instanciation de REPL sans new. Dépréciation de l'utilisation des classes Zlib sans new. Dépréciation du passage de args à spawn et execFile dans child_process. Node.js 24 est actuellement la version “Current” et deviendra une version LTS en octobre 2025. Il est recommandé de tester cette version pour évaluer son impact sur vos applications. Data et Intelligence Artificielle Apprendre à coder reste crucial et l'IA est là pour venir en aide : https://kyrylo.org/software/2025/03/27/learn-to-code-ignore-ai-then-use-ai-to-code-even-better.html Apprendre à coder reste essentiel malgré l'IA. L'IA peut assister la programmation. Une solide base est cruciale pour comprendre et contrôler le code. Cela permet d'éviter la dépendance à l'IA. Cela réduit le risque de remplacement par des outils d'IA accessibles à tous. L'IA est un outil, pas un substitut à la maîtrise des fondamentaux. Super article de Anthropic qui essaie de comprendre comment fonctionne la “pensée” des LLMs https://www.anthropic.com/research/tracing-thoughts-language-model Effet boîte noire : Stratégies internes des IA (Claude) opaques aux développeurs et utilisateurs. Objectif : Comprendre le “raisonnement” interne pour vérifier capacités et intentions. Méthode : Inspiration neurosciences, développement d'un “microscope IA” (regarder quels circuits neuronaux s'activent). Technique : Identification de concepts (“features”) et de “circuits” internes. Multilinguisme : Indice d'un “langage de pensée” conceptuel commun à toutes les langues avant de traduire dans une langue particulière. Planification : Capacité à anticiper (ex: rimes en poésie), pas seulement de la génération mot par mot (token par token). Raisonnement non fidèle : Peut fabriquer des arguments plausibles (“bullshitting”) pour une conclusion donnée. Logique multi-étapes : Combine des faits distincts, ne se contente pas de mémoriser. Hallucinations : Refus par défaut ; réponse si “connaissance” active, sinon risque d'hallucination si erreur. “Jailbreaks” : Tension entre cohérence grammaticale (pousse à continuer) et sécurité (devrait refuser). Bilan : Méthodes limitées mais prometteuses pour la transparence et la fiabilité de l'IA. Le “S” dans MCP veut dire Securité (ou pas !) https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b La spécification MCP pour permettre aux LLMs d'avoir accès à divers outils et fonctions a peut-être été adoptée un peu rapidement, alors qu'elle n'était pas encore prête niveau sécurité L'article liste 4 types d'attaques possibles : vulnérabilité d'injection de commandes attaque d'empoisonnement d'outils redéfinition silencieuse de l'outil le shadowing d'outils inter-serveurs Pour l'instant, MCP n'est pas sécurisé : Pas de standard d'authentification Pas de chiffrement de contexte Pas de vérification d'intégrité des outils Basé sur l'article de InvariantLabs https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks Sortie Infinispan 15.2 - pre rolling upgrades 16.0 https://infinispan.org/blog/2025/03/27/infinispan-15-2 Support de Redis JSON + scripts Lua Métriques JVM désactivables Nouvelle console (PatternFly 6) Docs améliorées (métriques + logs) JDK 17 min, support JDK 24 Fin du serveur natif (performances) Guillaume montre comment développer un serveur MCP HTTP Server Sent Events avec l'implémentation de référence Java et LangChain4j https://glaforge.dev/posts/2025/04/04/mcp-client-and-server-with-java-mcp-sdk-and-langchain4j/ Développé en Java, avec l'implémentation de référence qui est aussi à la base de l'implémentation dans Spring Boot (mais indépendant de Spring) Le serveur MCP est exposé sous forme de servlet dans Jetty Le client MCP lui, est développé avec le module MCP de LangChain4j c'est semi independant de Spring dans le sens où c'est dépendant de Reactor et de ses interface. il y a une conversation sur le github d'anthropic pour trouver une solution, mais cela ne parait pas simple. Les fallacies derrière la citation “AI won't replace you, but humans using AI will” https://platforms.substack.com/cp/161356485 La fallacie de l'automatisation vs. l'augmentation : Elle se concentre sur l'amélioration des tâches existantes avec l'IA au lieu de considérer le changement de la valeur de ces tâches dans un nouveau système. La fallacie des gains de productivité : L'augmentation de la productivité ne se traduit pas toujours par plus de valeur pour les travailleurs, car la valeur créée peut être capturée ailleurs dans le système. La fallacie des emplois statiques : Les emplois sont des constructions organisationnelles qui peuvent être redéfinies par l'IA, rendant les rôles traditionnels obsolètes. La fallacie de la compétition “moi vs. quelqu'un utilisant l'IA” : La concurrence évolue lorsque l'IA modifie les contraintes fondamentales d'un secteur, rendant les compétences existantes moins pertinentes. La fallacie de la continuité du flux de travail : L'IA peut entraîner une réimagination complète des flux de travail, éliminant le besoin de certaines compétences. La fallacie des outils neutres : Les outils d'IA ne sont pas neutres et peuvent redistribuer le pouvoir organisationnel en changeant la façon dont les décisions sont prises et exécutées. La fallacie du salaire stable : Le maintien d'un emploi ne garantit pas un salaire stable, car la valeur du travail peut diminuer avec l'augmentation des capacités de l'IA. La fallacie de l'entreprise stable : L'intégration de l'IA nécessite une restructuration de l'entreprise et ne se fait pas dans un vide organisationnel. Comprendre le “sampling” dans les LLMs https://rentry.co/samplers Explique pourquoi les LLMs utilisent des tokens Les différentes méthodes de “sampling” : càd de choix de tokens Les hyperparamètres comme la température, top-p, et leur influence réciproque Les algorithmes de tokenisation comme Byte Pair Encoding et SentencePiece. Un de moins … OpenAI va racheter Windsurf pour 3 milliards de dollars. https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion l'accord n'est pas encore finalisé Windsurf était valorisé à 1,25 milliards l'an dernier et OpenAI a levé 40 milliards dernièrement portant sa valeur à 300 milliards Le but pour OpenAI est de rentrer dans le monde des assistants de code pour lesquels ils sont aujourd'hui absent Docker desktop se met à l'IA… ? Une nouvelle fonctionnalité dans docker desktop 4.4 sur macos: Docker Model Runner https://dev.to/docker/run-genai-models-locally-with-docker-model-runner-5elb Permet de faire tourner des modèles nativement en local ( https://docs.docker.com/model-runner/ ) mais aussi des serveurs MCP ( https://docs.docker.com/ai/mcp-catalog-and-toolkit/ ) Outillage Jetbrains défend la suppression des commentaires négatifs sur son assistant IA https://devclass.com/2025/04/30/jetbrains-defends-removal-of-negative-reviews-for-unpopular-ai-assistant/?td=rt-3a L'IA Assistant de JetBrains, lancée en juillet 2023, a été téléchargée plus de 22 millions de fois mais n'est notée que 2,3 sur 5. Des utilisateurs ont remarqué que certaines critiques négatives étaient supprimées, ce qui a provoqué une réaction négative sur les réseaux sociaux. Un employé de JetBrains a expliqué que les critiques ont été supprimées soit parce qu'elles mentionnaient des problèmes déjà résolus, soit parce qu'elles violaient leur politique concernant les “grossièretés, etc.” L'entreprise a reconnu qu'elle aurait pu mieux gérer la situation, un représentant déclarant : “Supprimer plusieurs critiques d'un coup sans préavis semblait suspect. Nous aurions dû au moins publier un avis et fournir plus de détails aux auteurs.” Parmi les problèmes de l'IA Assistant signalés par les utilisateurs figurent : un support limité pour les fournisseurs de modèles tiers, une latence notable, des ralentissements fréquents, des fonctionnalités principales verrouillées aux services cloud de JetBrains, une expérience utilisateur incohérente et une documentation insuffisante. Une plainte courante est que l'IA Assistant s'installe sans permission. Un utilisateur sur Reddit l'a qualifié de “plugin agaçant qui s'auto-répare/se réinstalle comme un phénix”. JetBrains a récemment introduit un niveau gratuit et un nouvel agent IA appelé Junie, destiné à fonctionner parallèlement à l'IA Assistant, probablement en réponse à la concurrence entre fournisseurs. Mais il est plus char a faire tourner. La société s'est engagée à explorer de nouvelles approches pour traiter les mises à jour majeures différemment et envisage d'implémenter des critiques par version ou de marquer les critiques comme “Résolues” avec des liens vers les problèmes correspondants au lieu de les supprimer. Contrairement à des concurrents comme Microsoft, AWS ou Google, JetBrains commercialise uniquement des outils et services de développement et ne dispose pas d'une activité cloud distincte sur laquelle s'appuyer. Vos images de README et fichiers Markdown compatibles pour le dark mode de GitHub: https://github.blog/developer-skills/github/how-to-make-your-images-in-markdown-on-github-adjust-for-dark-mode-and-light-mode/ Seulement quelques lignes de pure HTML pour le faire Architecture Alors, les DTOs, c'est bien ou c'est pas bien ? https://codeopinion.com/dtos-mapping-the-good-the-bad-and-the-excessive/ Utilité des DTOs : Les DTOs servent à transférer des données entre les différentes couches d'une application, en mappant souvent les données entre différentes représentations (par exemple, entre la base de données et l'interface utilisateur). Surutilisation fréquente : L'article souligne que les DTOs sont souvent utilisés de manière excessive, notamment pour créer des API HTTP qui ne font que refléter les entités de la base de données, manquant ainsi l'opportunité de composer des données plus riches. Vraie valeur : La valeur réelle des DTOs réside dans la gestion du couplage entre les couches et la composition de données provenant de sources multiples en formes optimisées pour des cas d'utilisation spécifiques. Découplage : Il est suggéré d'utiliser les DTOs pour découpler les modèles de données internes des contrats externes (comme les API), ce qui permet une évolution et une gestion des versions indépendantes. Exemple avec CQRS : Dans le cadre de CQRS (Command Query Responsibility Segregation), les réponses aux requêtes (queries) agissent comme des DTOs spécifiquement adaptés aux besoins de l'interface utilisateur, pouvant inclure des données de diverses sources. Protection des données internes : Les DTOs aident à distinguer et protéger les modèles de données internes (privés) des changements externes (publics). Éviter l'excès : L'auteur met en garde contre les couches de mapping excessives (mapper un DTO vers un autre DTO) qui n'apportent pas de valeur ajoutée. Création ciblée : Il est conseillé de ne créer des DTOs que lorsqu'ils résolvent des problèmes concrets, tels que la gestion du couplage ou la facilitation de la composition de données. Méthodologies Même Guillaume se met au “vibe coding” https://glaforge.dev/posts/2025/05/02/vibe-coding-an-mcp-server-with-micronaut-and-gemini/ Selon Andrey Karpathy, c'est le fait de POC-er un proto, une appli jetable du weekend https://x.com/karpathy/status/1886192184808149383 Mais Simon Willison s'insurge que certains confondent coder avec l'assistance de l'IA avec le vibe coding https://simonwillison.net/2025/May/1/not-vibe-coding/ Guillaume c'est ici amusé à développer un serveur MCP avec Micronaut, en utilisant Gemini, l'IA de Google. Contrairement à Quarkus ou Spring Boot, Micronaut n'a pas encore de module ou de support spécifique pour faciliter la création de serveur MCP Sécurité Une faille de sécurité 10/10 sur Tomcat https://www.it-connect.fr/apache-tomcat-cette-faille-activement-exploitee-seulement-30-heures-apres-sa-divulgation-patchez/ Une faille de sécurité critique (CVE-2025-24813) affecte Apache Tomcat, permettant l'exécution de code à distance Cette vulnérabilité est activement exploitée seulement 30 heures après sa divulgation du 10 mars 2025 L'attaque ne nécessite aucune authentification et est particulièrement simple à exécuter Elle utilise une requête PUT avec une charge utile Java sérialisée encodée en base64, suivie d'une requête GET L'encodage en base64 permet de contourner la plupart des filtres de sécurité Les serveurs vulnérables utilisent un stockage de session basé sur des fichiers (configuration répandue) Les versions affectées sont : 11.0.0-M1 à 11.0.2, 10.1.0-M1 à 10.1.34, et 9.0.0.M1 à 9.0.98 Les mises à jour recommandées sont : 11.0.3+, 10.1.35+ et 9.0.99+ Les experts prévoient des attaques plus sophistiquées dans les prochaines phases d'exploitation (upload de config ou jsp) Sécurisation d'un serveur ssh https://ittavern.com/ssh-server-hardening/ un article qui liste les configurations clés pour sécuriser un serveur SSH par exemple, enlever password authentigfication, changer de port, desactiver le login root, forcer le protocol ssh 2, certains que je ne connaissais pas comme MaxStartups qui limite le nombre de connections non authentifiées concurrentes Port knocking est une technique utile mais demande une approche cliente consciente du protocol Oracle admet que les identités IAM de ses clients ont leaké https://www.theregister.com/2025/04/08/oracle_cloud_compromised/ Oracle a confirmé à certains clients que son cloud public a été compromis, alors que l'entreprise avait précédemment nié toute intrusion. Un pirate informatique a revendiqué avoir piraté deux serveurs d'authentification d'Oracle et volé environ six millions d'enregistrements, incluant des clés de sécurité privées, des identifiants chiffrés et des entrées LDAP. La faille exploitée serait la vulnérabilité CVE-2021-35587 dans Oracle Access Manager, qu'Oracle n'avait pas corrigée sur ses propres systèmes. Le pirate a créé un fichier texte début mars sur login.us2.oraclecloud.com contenant son adresse email pour prouver son accès. Selon Oracle, un ancien serveur contenant des données vieilles de huit ans aurait été compromis, mais un client affirme que des données de connexion aussi récentes que 2024 ont été dérobées. Oracle fait face à un procès au Texas concernant cette violation de données. Cette intrusion est distincte d'une autre attaque contre Oracle Health, sur laquelle l'entreprise refuse de commenter. Oracle pourrait faire face à des sanctions sous le RGPD européen qui exige la notification des parties affectées dans les 72 heures suivant la découverte d'une fuite de données. Le comportement d'Oracle consistant à nier puis à admettre discrètement l'intrusion est inhabituel en 2025 et pourrait mener à d'autres actions en justice collectives. Une GitHub action très populaire compromise https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised Compromission de l'action tj-actions/changed-files : En mars 2025, une action GitHub très utilisée (tj-actions/changed-files) a été compromise. Des versions modifiées de l'action ont exposé des secrets CI/CD dans les logs de build. Méthode d'attaque : Un PAT compromis a permis de rediriger plusieurs tags de version vers un commit contenant du code malveillant. Détails du code malveillant : Le code injecté exécutait une fonction Node.js encodée en base64, qui téléchargeait un script Python. Ce script parcourait la mémoire du runner GitHub à la recherche de secrets (tokens, clés…) et les exposait dans les logs. Dans certains cas, les données étaient aussi envoyées via une requête réseau. Période d'exposition : Les versions compromises étaient actives entre le 12 et le 15 mars 2025. Tout dépôt, particulièrement ceux publiques, ayant utilisé l'action pendant cette période doit être considéré comme potentiellement exposé. Détection : L'activité malveillante a été repérée par l'analyse des comportements inhabituels pendant l'exécution des workflows, comme des connexions réseau inattendues. Réaction : GitHub a supprimé l'action compromise, qui a ensuite été nettoyée. Impact potentiel : Tous les secrets apparaissant dans les logs doivent être considérés comme compromis, même dans les dépôts privés, et régénérés sans délai. Loi, société et organisation Les startup the YCombinateur ont les plus fortes croissances de leur histoire https://www.cnbc.com/2025/03/15/y-combinator-startups-are-fastest-growing-in-fund-history-because-of-ai.html Les entreprises en phase de démarrage à Silicon Valley connaissent une croissance significative grâce à l'intelligence artificielle. Le PDG de Y Combinator, Garry Tan, affirme que l'ensemble des startups de la dernière cohorte a connu une croissance hebdomadaire de 10% pendant neuf mois. L'IA permet aux développeurs d'automatiser des tâches répétitives et de générer du code grâce aux grands modèles de langage. Pour environ 25% des startups actuelles de YC, 95% de leur code a été écrit par l'IA. Cette révolution permet aux entreprises de se développer avec moins de personnel - certaines atteignant 10 millions de dollars de revenus avec moins de 10 employés. La mentalité de “croissance à tout prix” a été remplacée par un renouveau d'intérêt pour la rentabilité. Environ 80% des entreprises présentées lors du “demo day” étaient centrées sur l'IA, avec quelques startups en robotique et semi-conducteurs. Y Combinator investit 500 000 dollars dans les startups en échange d'une participation au capital, suivi d'un programme de trois mois. Red Hat middleware (ex-jboss) rejoint IBM https://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html Les activités Middleware de Red Hat (incluant JBoss, Quarkus, etc.) vont être transférées vers IBM, dans l'unité dédiée à la sécurité des données, à l'IAM et aux runtimes. Ce changement découle d'une décision stratégique de Red Hat de se concentrer davantage sur le cloud hybride et l'intelligence artificielle. Mark Little explique que ce transfert était devenu inévitable, Red Hat ayant réduit ses investissements dans le Middleware ces dernières années. L'intégration vise à renforcer l'innovation autour de Java en réunissant les efforts de Red Hat et IBM sur ce sujet. Les produits Middleware resteront open source et les clients continueront à bénéficier du support habituel sans changement. Mark Little affirme que des projets comme Quarkus continueront à être soutenus et que cette évolution est bénéfique pour la communauté Java. Un an de commonhaus https://www.commonhaus.org/activity/253.html un an, démarré sur les communautés qu'ils connaissaient bien maintenant 14 projets et put en accepter plus confiance, gouvernance legère et proteger le futur des projets automatisation de l'administratif, stabiilité sans complexité, les developpeurs au centre du processus de décision ils ont besoins de members et supporters (financiers) ils veulent accueillir des projets au delà de ceux du cercles des Java Champions Spring Cloud Data Flow devient un produit commercial et ne sera plus maintenu en open source https://spring.io/blog/2025/04/21/spring-cloud-data-flow-commercial Peut-être sous l'influence de Broadcom, Spring se met à mettre en mode propriétaire des composants du portefeuille Spring ils disent que peu de gens l'utilisaent en mode OSS et la majorité venait d'un usage dans la plateforme Tanzu Maintenir en open source le coutent du temps qu'ils son't pas sur ces projets. La CNCF protège le projet NATS, dans la fondation depuis 2018, vu que la société Synadia qui y contribue souhaitait reprendre le contrôle du projet https://www.cncf.io/blog/2025/04/24/protecting-nats-and-the-integrity-of-open-source-cncfs-commitment-to-the-community/ CNCF : Protège projets OS, gouvernance neutre. Synadia vs CNCF : Veut retirer NATS, licence non-OS (BUSL). CNCF : Accuse Synadia de “claw back” (reprise illégitime). Revendications Synadia : Domaine nats.io, orga GitHub. Marque NATS : Synadia n'a pas transféré (promesse rompue malgré aide CNCF). Contestation Synadia : Juge règles CNCF “trop vagues”. Vote interne : Mainteneurs Synadia votent sortie CNCF (sans communauté). Support CNCF : Investissement majeur ($ audits, légal), succès communautaire (>700 orgs). Avenir NATS (CNCF) : Maintien sous Apache 2.0, gouvernance ouverte. Actions CNCF : Health check, appel mainteneurs, annulation marque Synadia, rejet demandes. Mais finalement il semble y avoir un bon dénouement : https://www.cncf.io/announcements/2025/05/01/cncf-and-synadia-align-on-securing-the-future-of-the-nats-io-project/ Accord pour l'avenir de NATS.io : La Cloud Native Computing Foundation (CNCF) et Synadia ont conclu un accord pour sécuriser le futur du projet NATS.io. Transfert des marques NATS : Synadia va céder ses deux enregistrements de marque NATS à la Linux Foundation afin de renforcer la gouvernance ouverte du projet. Maintien au sein de la CNCF : L'infrastructure et les actifs du projet NATS resteront sous l'égide de la CNCF, garantissant ainsi sa stabilité à long terme et son développement en open source sous licence Apache-2.0. Reconnaissance et engagement : La Linux Foundation, par la voix de Todd Moore, reconnaît les contributions de Synadia et son soutien continu. Derek Collison, PDG de Synadia, réaffirme l'engagement de son entreprise envers NATS et la collaboration avec la Linux Foundation et la CNCF. Adoption et soutien communautaire : NATS est largement adopté et considéré comme une infrastructure critique. Il bénéficie d'un fort soutien de la communauté pour sa nature open source et l'implication continue de Synadia. Finalement, Redis revient vers une licence open source OSI, avec la AGPL https://foojay.io/today/redis-is-now-available-under-the-agplv3-open-source-license/ Redis passe à la licence open source AGPLv3 pour contrer l'exploitation par les fournisseurs cloud sans contribution. Le passage précédent à la licence SSPL avait nui à la relation avec la communauté open source. Salvatore Sanfilippo (antirez) est revenu chez Redis. Redis 8 adopte la licence AGPL, intègre les fonctionnalités de Redis Stack (JSON, Time Series, etc.) et introduit les “vector sets” (le support de calcul vectoriel développé par Salvatore). Ces changements visent à renforcer Redis en tant que plateforme appréciée des développeurs, conformément à la vision initiale de Salvatore. Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 mai 2025 : GOSIM AI Paris - Paris (France) 7-9 mai 2025 : Devoxx UK - London (UK) 15 mai 2025 : Cloud Toulouse - Toulouse (France) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 22-23 mai 2025 : Flupa UX Days 2025 - Paris (France) 24 mai 2025 : Polycloud - Montpellier (France) 24 mai 2025 : NG Baguette Conf 2025 - Nantes (France) 3 juin 2025 : TechReady - Nantes (France) 5-6 juin 2025 : AlpesCraft - Grenoble (France) 5-6 juin 2025 : Devquest 2025 - Niort (France) 10-11 juin 2025 : Modern Workplace Conference Paris 2025 - Paris (France) 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12 juin 2025 : Positive Design Days - Strasbourg (France) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 19-21 juin 2025 : Drupal Barcamp Perpignan 2025 - Perpignan (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : Devfest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

Jak powszechnie wiadomo, "42" jest odpowiedzią na wielkie pytanie o życie, wszechświat i całą resztę.A w 42. odcinku Brew poruszamy między innymi:

JetBrains, the company behind a range of popular app development tools, has released its first “open” AI model for coding. On Wednesday, JetBrains made Mellum, a code-generating model the company released for its various software development suites last year, openly available on the AI dev platform Hugging Face. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Varun Mohan is the co-founder and CEO of Windsurf (formerly Codeium), an AI-powered development environment (IDE) that has been used by over 1 million developers in just four months and has quickly emerged as a leader in transforming how developers build software. Prior to finding success with Windsurf, the company pivoted twice—first from GPU virtualization infrastructure to an IDE plugin, and then to their own standalone IDE.In this conversation, you'll learn:1. Why Windsurf walked away from a profitable GPU infrastructure business and bet the company on helping engineers code2. The surprising UI discovery that tripled adoption rates overnight.3. The secret behind Windsurf's B2B enterprise plan, and why they invested early in an 80-person sales team despite conventional startup wisdom.4. How non-technical staff at Windsurf built their own custom tools instead of purchasing SaaS products, saving them over $500k in software costs5. Why Varun believes 90% of code will be AI-generated, but engineering jobs will actually increase6. How training on millions of incomplete code samples gives Windsurf an edge, and creates a moat long-term7. Why agency is the most undervalued and important skill in the AI era—Brought to you by:• Brex—The banking solution for startups• Productboard—Make products that matter• Coda—The all-in-one collaborative workspace—Where to find Varun Mohan:• X: https://x.com/_mohansolo• LinkedIn: https://www.linkedin.com/in/varunkmohan/—Where to find Lenny:• Newsletter: https://www.lennysnewsletter.com• X: https://twitter.com/lennysan• LinkedIn: https://www.linkedin.com/in/lennyrachitsky/—In this episode, we cover:(00:00) Varun's background(03:57) Building and scaling Windsurf(12:58) Windsurf: The new purpose-built IDE to harness magic(17:11) The future of engineering and AI(21:30) Skills worth investing in(23:07) Hiring philosophy and company culture(35:22) Sales strategy and market position(39:37) JetBrains vs. VS Code: extensibility and enterprise adoption(41:20) Live demo: building an Airbnb for dogs with Windsurf(42:46) Tips for using Windsurf effectively(46:38) AI's role in code modification and review(48:56) Empowering non-developers to build custom software(54:03) Training Windsurf(01:00:43) Windsurf's unique team structure and product strategy(01:06:40) The importance of continuous innovation(01:08:57) Final thoughts and advice for aspiring developers—Referenced:• Windsurf: https://windsurf.com/• VS Code: https://code.visualstudio.com/• JetBrains: https://www.jetbrains.com/• Eclipse: https://eclipseide.org/• Visual Studio: https://visualstudio.microsoft.com/• Vim: https://www.vim.org/• Emacs: https://www.gnu.org/software/emacs/• Lessons from a two-time unicorn builder, 50-time startup advisor, and 20-time company board member | Uri Levine (co-founder of Waze): https://www.lennysnewsletter.com/p/lessons-from-uri-levine• IntelliJ: https://www.jetbrains.com/idea/• Julia: https://julialang.org/• Parallel computing: https://en.wikipedia.org/wiki/Parallel_computing• Douglas Chen on LinkedIn: https://www.linkedin.com/in/douglaspchen/• Carlos Delatorre on LinkedIn: https://www.linkedin.com/in/cadelatorre/• MongoDB: https://www.mongodb.com/• Cursor: https://www.cursor.com/• GitHub Copilot: https://github.com/features/copilot• Llama: https://www.llama.com/• Mistral: https://mistral.ai/• Building Lovable: $10M ARR in 60 days with 15 people | Anton Osika (CEO and co-founder): https://www.lennysnewsletter.com/p/building-lovable-anton-osika• Inside Bolt: From near-death to ~$40m ARR in 5 months—one of the fastest-growing products in history | Eric Simons (founder & CEO of StackBlitz): https://www.lennysnewsletter.com/p/inside-bolt-eric-simons• Behind the product: Replit | Amjad Masad (co-founder and CEO): https://www.lennysnewsletter.com/p/behind-the-product-replit-amjad-masad• React: https://react.dev/• Sonnet: https://www.anthropic.com/claude/sonnet• OpenAI: https://openai.com/• FedRamp: https://www.fedramp.gov/• Dario Amodei on LinkedIn: https://www.linkedin.com/in/dario-amodei-3934934/• Amdahl's law: https://en.wikipedia.org/wiki/Amdahl%27s_law• How to win in the AI era: Ship a feature every week, embrace technical debt, ruthlessly cut scope, and create magic your competitors can't copy | Gaurav Misra (CEO and co-founder of Captions): https://www.lennysnewsletter.com/p/how-to-win-in-the-ai-era-gaurav-misra—Recommended book:• Fall in Love with the Problem, Not the Solution: A Handbook for Entrepreneurs: https://www.amazon.com/Fall-Love-Problem-Solution-Entrepreneurs/dp/1637741987—Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com.—Lenny may be an investor in the companies discussed. Get full access to Lenny's Newsletter at www.lennysnewsletter.com/subscribe

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 12/04 a 18/04.

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 12/04 a 18/04.

(05:29) Brought to you by Swimm.io⁠⁠⁠⁠Start modernizing your mainframe faster with Swimm.Understand the what, why, and how of your mainframe code.Use AI to uncover critical code insights for seamless migration, refactoring, or system replacement.Tired of API dependencies slowing down your development and testing?Dive into my conversation with Tom Akehurst, creator of WireMock, and discover the art of using API mocking to build successful software in complex distributed environments.Key topics discussed:The origin story of WireMock, born from integration challenges at DisneyHow WireMock became a leading API mocking tool with millions of monthly downloadsInsights on building and maintaining successful open-source projectsThe key benefits of API mocking for developer productivity and experienceThe shift from the traditional testing pyramid to a “testing trophy” approachLeveraging API mocking for API-first design and rapid prototypingThe distinction between API mocking and contract testingThe future of API testing and development in the age of microservices and AIWhether you're a seasoned developer or just starting out your journey in API development, this episode provides valuable insights into the power of API mocking and the journey of building a successful open-source project.  Timestamps:(02:11) Career Turning Points(08:08) WireMock OSS Success Story(15:15) Welcoming & Aligning with Contributors(18:05) Benefits of WireMock & API Mocking Tools(19:59) API Mocking & Testing Pyramid(22:05) API Mocking vs Contract Testing(25:25) The Economics of API Mocking(27:27) API First Design(32:32) Impact to the Developer Experience & Productivity(35:32) Working More Effectively with Distributed Systems(38:15) API Virtualization/Simulation(41:13) AI Advancement in API Development(44:25) Building API for AI Agents(47:25) 3 Tech Lead Wisdom_____Tom Akehurst's BioTom Akehurst is the creator of WireMock, the open source API mocking tool, which he's now been working on for well over a decade. Lately he's also the CTO and co-founder of WireMock, Inc., where he's helping complex engineering organisations effectively adopt API simulation techniques in order to build better software faster.Tom has been developing software for over 20 years. He's built large-scale web systems for media, travel, hospitality, retail and government, applying lean, eXtreme Programming, Continuous Delivery and DevOps principles along the way.Follow Tom:LinkedIn – linkedin.com/in/tomakehurstEmail – tom@wiremock.orgWireMock – wiremock.org_____Our SponsorsEnjoy an exceptional developer experience with JetBrains. Whatever programming language and technology you use, JetBrains IDEs provide the tools you need to go beyond simple code editing and excel as a developer.Check out FREE coding software options and special offers on jetbrains.com/store/#discounts.Make it happen. With code.Manning Publications is a premier publisher of technical books on computer and software development topics for both experienced developers and new learners alike. Manning prides itself on being independently owned and operated, and for paving the way for innovative initiatives, such as early access book content and protection-free PDF formats that are now industry standard.Get a 40% discount for Tech Lead Journal listeners by using the code techlead24 for all products in all formats.Like this episode?Show notes & transcript:techleadjournal.dev/episodes/210.Follow @techleadjournal onLinkedIn,Twitter, andInstagram.Buy me acoffee or become apatron.

Discover the secrets to early retirement and financial independence from a tech industry veteran!In this episode, we dive deep into the inspiring journey of Kristine Howard, who transitioned from a dynamic career in tech to a life of early retirement, reaching financial independence and personal fulfillment along the way.Key topics discussed:Learn why tracking your expenses is the key to financial freedomMaster the balanced money formula for budgeting successUncover smart investing strategies, including the power of index funds and diversificationUnderstand how aligning your career with personal values can lead to greater satisfactionLearn the “4% rule” and how it can help determine your retirement readinessGain insights into the emotional journey of transitioning to early retirementHear the unexpected benefits of early retirement, including more time for personal growthDiscover the three keys to staying healthy in retirement: staying active, engaged, and contributingWhether you're just starting your career or dreaming of early retirement, don't miss out on these valuable lessons for achieving financial independence and living life on your own terms!  Timestamps:(02:07) Career Turning Points(07:01) Getting into Early Retirement(09:16) Financial Independence vs Early Retirement(10:13) Can We Reach Financial Independence?(11:56) The Shares/Equity Lever(15:43) Working in Startups vs Corporates vs Big Tech(18:34) The Importance of Financial Tracking(23:36) Building Automation & Doing Periodic Reviews(29:17) Focus on the Spending Rather than Income(30:43) Budgeting(33:12) Trade CapEx for OpEx(35:36) Saving & Investing(38:53) On Diversification(41:17) The Importance of Emergency Fund(43:12) How Did it Feel Getting Closer to Retirement?(48:19) The Feeling of Significant Income Drop(51:01) Things Anyone Can Do Even Before Retirement(56:00) 3 Tech Lead Wisdom_____Kristine Howard's BioKristine Howard is an American-Australian residing in Sydney, Australia. Her extensive career features significant roles within technical teams at prominent companies such as Channel 9, Canva, and AWS. She is married to the Snook, and together they share a passion for global travel and culinary exploration. Kristine also expresses her creativity through knitting and sewing, finding joy in crafting handmade items. Notably, she has shared her expertise and insights at over 100 tech meetups, conferences, and events worldwide.Follow Kristine:LinkedIn – linkedin.com/in/kristinehowardBlog – web-goddess.org_____Our SponsorsEnjoy an exceptional developer experience with JetBrains. Whatever programming language and technology you use, JetBrains IDEs provide the tools you need to go beyond simple code editing and excel as a developer.Check out FREE coding software options and special offers on jetbrains.com/store/#discounts.Make it happen. With code.Manning Publications is a premier publisher of technical books on computer and software development topics for both experienced developers and new learners alike. Manning prides itself on being independently owned and operated, and for paving the way for innovative initiatives, such as early access book content and protection-free PDF formats that are now industry standard.Get a 40% discount for Tech Lead Journal listeners by using the code techlead24 for all products in all formats.Like this episode?Show notes & transcript:techleadjournal.dev/episodes/209.Follow @techleadjournal onLinkedIn,Twitter, andInstagram.Buy me acoffee or become apatron.

(07:37) Brought to you by Lemon.io⁠⁠⁠Lemon.io⁠⁠⁠ is your go-to platform for hiring top-tier, pre-vetted software engineers from Europe and Latin America. You'll get matched with your developer in just 48 hours.Tech Lead Journal listeners get 15% off your first 4 weeks of work at ⁠⁠⁠lemon.io⁠⁠⁠.Ever wondered what it takes to climb the tech leadership ladder from engineer to executive?In this episode, we follow the journey of Norman Noble, CTO of Mindvalley, as he shares his insights and experiences navigating these challenging transitions.Here's what you'll discover:How to successfully transition from an individual contributor to a manager, and ultimately to an executiveEffective hiring strategies to attract and retain top talentStrategies for building high-performing teams, including creating the right team architectureInsights into Mindvalley's unique culture and diversity that foster personal growth and transformationThe importance of mindfulness and well-being for effective leadershipTimestamps:(02:06) Career Turning Points(09:59) Transitioning From an IC to a Manager(12:10) Learning From Psychology & Management Books(15:36) Becoming a Better Manager(17:32) Building High-Performing Teams(20:23) Hiring Strategy & Philosophy(24:06) Engineering Interview Strategy(28:19) Transitioning From a Manager to an Executive(32:09) Upskilling Across Domains(36:03) Mindvalley Culture(38:41) The Power of Diversity(40:46) Practising Mindfulness(43:48) Making Space for Thinking(45:50) 3 Tech Lead Wisdom_____Norman Noble's BioNorman Noble is the CTO of Mindvalley. He is a people-focused technology leader, lean/agile practitioner and systems thinker. He focuses on strategic outcomes that deliver real value to organisations and their customers, whilst building high-performing technology teams that move quickly and get things done.Follow Norman:LinkedIn – linkedin.com/in/normannoble_____Our SponsorsEnjoy an exceptional developer experience with JetBrains. Whatever programming language and technology you use, JetBrains IDEs provide the tools you need to go beyond simple code editing and excel as a developer.Check out FREE coding software options and special offers on jetbrains.com/store/#discounts.Make it happen. With code.Manning Publications is a premier publisher of technical books on computer and software development topics for both experienced developers and new learners alike. Manning prides itself on being independently owned and operated, and for paving the way for innovative initiatives, such as early access book content and protection-free PDF formats that are now industry standard.Get a 40% discount for Tech Lead Journal listeners by using the code techlead24 for all products in all formats.Like this episode?Show notes & transcript:techleadjournal.dev/episodes/208.Follow @techleadjournal onLinkedIn,Twitter, andInstagram.Buy me acoffee or become apatron.

En Empresas con Identidad conocemos conocemos a Iván Lorca, CoFundador de Kanguro. En Digital Business ponemos el foco en el Mobile World Congress. ¿Qué esperar de esta edición?. Lo analizamos con César Córcoles, Profesor de los Estudios de Informática, Multimedia y Telecomunicación de la UOC. Universitat Oberta de Catalunya. Además también entrevistamos a Antonio Leiva, Experto en desarrollo de Google y socio de formación de JetBrains. Por último Joel Duquenne, Responsable de Cyber Services en España nos da las claves de los desafíos para 2025 en Ciberseguridad.

The Silent Open Source Crisis: When Maintainers Walk Away, by Bekah Hawrot Weigel (https://youtu.be/eYkj5_79ixA) Everything You Need to Know About React 19, by Shruti Kapoor (https://youtu.be/UwtAmLLRLs0) Evolving Angular for the Long Run, by Jeremy Elbourn (https://youtu.be/DPlaYCEmzDA) Vite and the Future of JavaScript Tooling, by Evan You (https://youtu.be/u_6PMBDshS8) TypeScript and Your Codebase: They Deserve Each Other!, by Danny Thompson (https://youtu.be/ZxlzNTzIoqQ) TypeScript Generics: Practical Fun!, by Josh Goldberg (https://youtu.be/WfK4yVccoMk) You Don't Need JavaScript for That, by Kevin Powell (https://youtu.be/0rZywO6jdU4) Нас можно найти: 1. Telegram: https://t.me/proConf 2. Youtube: https://www.youtube.com/c/proconf 3. SoundCloud: https://soundcloud.com/proconf 4. Itunes: https://podcasts.apple.com/by/podcast/podcast-proconf/id1455023466 5. Spotify: https://open.spotify.com/show/77BSWwGavfnMKGIg5TDnLz

KMP (Kotlin Multiplatform IDE) kukázás a JetBrains-nél https://news.ycombinator.com/item?id=43015387 https://prog.hu/hirek/6831/jetbrains-kotlin-multiplatform-ide-helyett-intellij-tamogatas ChatGPT kukázás a FigureAI-nál https://techcrunch.com/2025/02/04/figure-drops-openai-in-favor-of-in-house-models/ AI csúcs kukázás az USA által https://qubit.hu/2025/02/12/nem-irta-ala-az-usa-es-az-egyesult-kiralysag-a-parizsi-ai-csucsot-zaro-deklaraciot // Résztvevők: Gyuri róka Kövess minket máshol is!: Medium.com - https://medium.com/shiwaforce Facebook csoportunk- https://www.facebook.com/groups/devtales X - https://twitter.com/_devtales YouTube: https://www.youtube.com/@devtalespodcast7365 Slack - https://devtalespodcast.slack.com/join/shared_invite/zt-dcvcwmfr-D2rDNGgNR5FdKiPA5VR7Wg Email - devtales@shiwaforce.com

Plus 1000 Musicians Release AI Protest AlbumLike this? Get AIDAILY, delivered to your inbox, every weekday. Subscribe to our newsletter athttps://aidaily.usWhy AI Chatbots Are So Unbearably ChattyAI chatbots often produce verbose responses due to their design to predict the most probable next word in a sequence, leading to excessive and sometimes redundant information. This verbosity can stem from attempts to cover all possible interpretations of a query, resulting in lengthy and less concise answers. Additionally, chatbots may over-explain to compensate for their lack of true understanding, aiming to appear more helpful to users.Musicians Release Silent Album to Protest UK's AI Copyright ChangesOver 1,000 musicians, including Kate Bush and Cat Stevens, have released a silent album titled "Is This What We Want?" to protest proposed UK copyright law changes. The legislation would allow AI developers to train models on artists' works without compensation, requiring creators to opt out to prevent usage. Artists argue this undermines copyright principles and threatens their livelihoods.Alibaba Unveils QwQ-Max-Preview AI Model to Challenge DeepSeek R1 and OpenAI o1Alibaba has introduced QwQ-Max-Preview, its latest AI reasoning model designed to compete with DeepSeek's R1 and OpenAI's o1. This release aligns with Alibaba's commitment to invest $53 billion in cloud and AI infrastructure over the next three years, aiming to enhance its position in the AI sector. citeturn0search0Google Launches Free AI Coding Assistant with Generous Usage LimitsGoogle has introduced a free version of Gemini Code Assist, its AI-powered coding tool, now available globally for individual developers. This release offers up to 180,000 code completions per month, significantly surpassing the 2,000 completions provided by competitors like GitHub Copilot. Gemini Code Assist supports 38 programming languages and integrates seamlessly with development environments such as Visual Studio Code, GitHub, and JetBrains. While the free tier is comprehensive, advanced features like productivity metrics and integration with Google Cloud services require a subscription to paid plans.AI Chatbots in Therapy: Balancing Innovation and Ethical ConcernsAI chatbots can improve mental health care access, but raise ethical concerns. California proposes a ban on AI posing as human therapists due to misrepresentation and potential harm. User safety and trust are crucial, and AI should complement, not replace, human therapy.Seeking Late-Night Comfort from AI: A Personal ReflectionIn a moment of late-night anxiety about impending life changes, the author turned to ChatGPT for reassurance, asking, "Am I real?" While the AI provided summaries of philosophical perspectives on identity, the interaction offered only temporary relief. This experience highlights the limitations of seeking quick fixes from technology for deep-seated human concerns and underscores the importance of engaging with genuine self-reflection and human connection.

(04:44) Brought to you by Lemon.io⁠⁠Lemon.io⁠⁠ is your go-to platform for hiring top-tier, pre-vetted software engineers from Europe and Latin America. You'll get matched with your developer in just 48 hours.Tech Lead Journal listeners get 15% off your first 4 weeks of work at ⁠⁠lemon.io⁠⁠.Want to communicate more effectively and get your work the attention it deserves? Learn how to harness the power of storytelling in a business setting with Cole Nussbaumer Knaflic, the bestselling author of "Storytelling with Data" and "Storytelling with You"!In this episode, Cole joins me to dive into the art of storytelling and explore how we can use it to communicate data, insights, and our work more effectively.You'll learn:- Storytelling in business: Why it's crucial for making your work stand out.- The "Plan-Create-Deliver" framework: The 3 steps to creating compelling stories.- Low-tech planning: Why pen and paper beats jumping straight to slides.- The power of the "Big Idea": Craft one impactful sentence that captures your message.- Storytelling with data: Present data that is both informative and engaging.- Crafting a powerful intro: Grab your audience's attention from the start.- AI for storytelling: How AI can enhance your data analysis and communication.- Teaching kids about data: Empower the next generation to be critical thinkers and storytellers.Timestamps:(00:02:17) Career Turning Points(00:06:22) What is Storytelling?(00:09:55) Why Become Better Storytellers(00:12:25) Storytelling in Business Settings(00:15:51) Plan-Create-Deliver Framework(00:24:01) Low Tech Planning(00:28:57) The 3-Minute Story and The Big Idea(00:33:06) TLDR and BLUF(00:37:09) Creating Slides(00:41:43) Storytelling with Data(00:44:39) Pie Charts(00:46:42) Data Visualization Tools(00:49:00) Teaching Kids about Data(00:55:04) Giving a Powerful Intro(00:59:13) How AI Can Help in Data & Storytelling(01:02:02) 3 Tech Lead Wisdom_____Cole Nussbaumer Knaflic's BioCole Nussbaumer Knaflic tells stories with data. She is founder and CEO of storytelling with data (SWD) and author of Storytelling With Data: A Data Visualization Guide for Business Professionals and Storytelling with Data: Let's Practice! SWD's well-regarded workshops and presentations are highly sought after by data-minded individuals, companies, and philanthropic organizations all over the world. Learn more at storytellingwithdata.com.Follow Cole:LinkedIn – linkedin.com/in/colenussbaumerWebsite – storytellingwithdata.com

Allen Wyma talks with [Vitaly Bragilevsky](https://bravit.pro/), developer advocatge at [JetBrains](https://www.jetbrains.com/). [RustRover](https://www.jetbrains.com/rust/) is an IDE for Rust that is created by JetBrains that is free for non-commercial use. ## Contributing to Rustacean Station Rustacean Station is a community project; get in touch with us if you'd like to suggest an idea for an episode or offer your services as a host or audio editor! - Twitter: [@rustaceanfm](https://twitter.com/rustaceanfm) - Discord: [Rustacean Station](https://discord.gg/cHc3Gyc) - Github: [@rustacean-station](https://github.com/rustacean-station/) - Email: [hello@rustacean-station.org](mailto:hello@rustacean-station.org) ## Timestamps - [@00:00] - Meet Vitaly Bragilevsky, Developer Advocate at JetBrains - [@12:42] - What JetBrains does in Rust and their IDE products - [@18:05] - Which IDE to use for Rust developers - [@24:25] - Open source vs. commercial products at JetBrains - [@37:45] - Any upcoming features for RustRover - [@43:36] - Pricing and free use cases - [@49:17] - Other programs at JetBrains ## Other links - [RUSTAsia Conf 2025](https://www.rustasiaconf.com/?utm_source=podcast&utm_medium=rustacean-station&utm_campaign=2025-02-17-vitaly-bragilevsky) ## Credits Intro Theme: [Aerocity](https://twitter.com/AerocityMusic) Audio Editing: [Plangora](https://twitter.com/plangora) Hosting Infrastructure: [Jon Gjengset](https://twitter.com/jonhoo/) Show Notes: [Plangora](https://twitter.com/plangora) Hosts: [Allen Wyma](https://twitter.com/allenwyma)

Allen Wyma talks with Vitaly Bragilevsky, developer advocatge at JetBrains. RustRover is an IDE for Rust that is created by JetBrains that is free for non-commercial use. Contributing to Rustacean Station Rustacean Station is a community project; get in touch with us if you'd like to suggest an idea for an episode or offer your services as a host or audio editor! Twitter: @rustaceanfm Discord: Rustacean Station Github: @rustacean-station Email: hello@rustacean-station.org Timestamps [@00:00] - Meet Vitaly Bragilevsky, Developer Advocate at JetBrains [@12:42] - What JetBrains does in Rust and their IDE products [@18:05] - Which IDE to use for Rust developers [@24:25] - Open source vs. commercial products at JetBrains [@37:45] - Any upcoming features for RustRover [@43:36] - Pricing and free use cases [@49:17] - Other programs at JetBrains Other links RUSTAsia Conf 2025 Credits Intro Theme: Aerocity Audio Editing: Plangora Hosting Infrastructure: Jon Gjengset Show Notes: Plangora Hosts: Allen Wyma

Jim Grisanzio from Java Developer Relations talks with Marit van Dijk, a Java Champion and also a Java Developer Advocate at JetBrains. Marit will present on developer productivity with IntelliJ IDEA at JavaOne March 18-20 in California.   Go to javaone.com and register and we'll see you there!  Marit van Dijk https://x.com/MaritvanDijk77 JavaOne 2025 https://javaone.com Duke's Corner https://dukescorner.libsyn.com Jim Grisanzio https://x.com/jimgris

(06:49) Brought to you by Lemon.io⁠Lemon.io⁠ is your go-to platform for hiring top-tier, pre-vetted software engineers from Europe and Latin America. You'll get matched with your developer in just 48 hours.Tech Lead Journal listeners get 15% off your first 4 weeks of work at ⁠lemon.io⁠.Want to learn the key principles and future of DevOps that can help you ship code faster and more reliably?In this episode, I sit down with Yevgeniy Brikman, co-founder of Gruntwork and author of “Terraform: Up & Running,” to discuss his upcoming book, “The Fundamentals of DevOps and Software Delivery.”We explore:- Common pitfalls and anti-patterns in DevOps implementations- The concept of “minimum effective dose” and "incrementalism" in adopting technologies- Why application developers should understand infrastructure and software delivery- The future of DevOps, including “infrastructureless” and the impact of GenAI- The importance of “secure-by-default” practices in modern software development- Recent changes in open source licensing and their impact on the tech industry- The power of continuous learning and sharing knowledge in tech careersListen out for:(00:02:15) Career Turning Points(00:08:32) Deliberate Time for Learning(00:16:27) Transitioning from App Dev to Infra (00:24:19) Understanding How to Deliver Software(00:32:05) Minimum Effective Dose(00:40:34) DevOps Antipatterns(00:44:02) Incrementalism(00:49:37) The Future of DevOps and Software Delivery(01:10:39) Recent Trend in Open Source License Changes(01:20:32) 3 Tech Lead Wisdom_____Yevgeniy Brikman's BioYevgeniy (Jim) Brikman loves programming, writing, speaking, traveling, and lifting heavy things. He does not love talking about himself in the 3rd person. He is the co-founder of Gruntwork, a company that offers products & services for setting up world-class DevOps Foundations. He's also the author of three books published by O'Reilly Media: Fundamentals of DevOps and Software Delivery, Terraform: Up & Running, and Hello, Startup. Previously, he spent more than a decade building infrastructure and products that served hundreds of millions of users while working as a software engineer at LinkedIn, TripAdvisor, Cisco Systems, and Thomson Financial.Follow Yevgeniy: LinkedIn – linkedin.com/in/jbrikman X / Twitter – @brikis98 Website – ybrikman.com

(03:55) Brought to you by Lemon.ioLemon.io is your go-to platform for hiring top-tier, pre-vetted software engineers from Europe and Latin America. You'll get matched with your developer in just 48 hours.Tech Lead Journal listeners get 15% off your first 4 weeks of work at lemon.io.Ever wonder what a credit score for your codebase would look like?In this episode, Matt Van Itallie, founder of Sema, discusses how his company is revolutionizing the way we assess and understand code quality, including the portion of GenAI usage. Learn about Sema's innovative approach to technical due diligence and their comprehensive credit score system.Key topics discussed:- The concept of “code as data” and how it's changing codebase evaluation- Measuring and improving developer productivity in the age of GenAI- The importance of the Generative AI Bill of Materials (GBOM) in technical due diligence- Why having 15-30% of your code originating from GenAI could be optimal- The seven modules Sema uses to evaluate codebases, including GenAI usage, security, and team retention- The CTO dashboard concept and its potential to transform software engineering metrics- Why treating code as a craft is crucial for effective communication with non-technical stakeholdersWhether you're a developer, engineering leader, or investor, this episode offers invaluable insights into the evolving landscape of software evaluation and the growing importance of quantitative metrics in technical due diligence.Listen out for:(02:05) Career Turning Points(05:15) Treating Code as Data and a Craft(11:09) Comprehensive Codebase Scans(14:31) How to Explain Codebase Health(20:31) Measuring & Improving Developer Productivity(23:33) GenAI for Increasing Developer Effectiveness(25:59) CTO Dashboard & The 7 Metrics(29:55) Measuring GenAI Usage(31:51) Healthy Dose of GenAI Usage(36:50) Generative AI Bill of Materials (GBOM)™(39:24) Technical Due Diligence(45:18) Sema Adoption(49:48) Integrating with Sema(52:17) 3 Tech Lead WisdomMatt Van Itallie's BioMatt Van Itallie is the Founder and CEO of Sema.Formerly, Matt was an Operating Executive at Vista Equity Partners portfolio companies, Chief Analytics Officer for a $1BN operating organization, and a McKinsey consultant. Matt has a JD from Harvard Law School.Sema is the leading provider of comprehensive codebase scans that assess the risks of software and tech-enabled businesses. They have analyzed over $1.6T of software enterprise value.Sema is a leading expert on managing GenAI risks, with presentations to leading investors and operators across sectors. They are the inventors of the Generative AI Bill of Materials (GBOM).Follow Matt:* LinkedIn – linkedin.com/in/mvi* Sema – semasoftware.com* Comprehensive Codebase Scans – semasoftware.com/comprehensive-codebase-scans_____Our SponsorsEnjoy an exceptional developer experience with JetBrains. Whatever programming language and technology you use, JetBrains IDEs provide the tools you need to go beyond simple code editing and excel as a developer.Check out FREE coding software options and special offers on jetbrains.com/store/#discounts.Make it happen. With code.Manning Publications is a premier publisher of technical books on computer and software development topics for both experienced developers and new learners alike. Manning prides itself on being independently owned and operated, and for paving the way for innovative initiatives, such as early access book content and protection-free PDF formats that are now industry standard.Get a 40% discount for Tech Lead Journal listeners by using the code techlead24 for all products in all formats.Like this episode?Show notes & transcript:techleadjournal.dev/episodes/205.Follow @techleadjournal onLinkedIn,Twitter, andInstagram.Buy me acoffee or become apatron.

Are you tired of cargo cult engineering leadership? In this episode, David Guttman, author of “The Superstruct Manifesto”, shares his intriguing manifesto on building and leading high-performing engineering teams. We explore: - Why daily standups are overrated and what to do instead- How to avoid the trap of the "10x engineer" myth- Why computer science riddles don't belong in your interviews- The importance of estimates (hint: it's not about the accuracy!) - How to treat your developers like adults If you are an engineering leader or founder looking to build a high-performing engineering team, this episode is for you! Listen out for:(03:06) Career Turning Points(07:10) The Meaning Behind Superstruct(07:44) The Superstruct Manifesto(09:30) "We Will Not Inflict Daily Standups on Our Devs"(16:05) Alternatives to Daily Standups(18:26) Status Report & Accountability(25:48) "We Will Not Recruit 10x Developers"(33:19) "We Will Not Test Devs with Computer Science Riddles"(38:04) Interview Best Practices(43:12) "We Will Not Let Devs Start without an Estimate"(51:11) Improving Our Estimates(53:55) Estimate vs Fixed Deadline(56:21) 3 Tech Lead Wisdom David Guttman's BioDavid Guttman is a developer and consultant obsessed with building repeatable systems for recruiting, onboarding, and managing remote software engineers. Over the course of his 20+ years in software development, David has led engineering teams to ship massive and innovative projects, including the content platform that powers Disney.com and StarWars.com (along with over 170 other sites, across dozens of languages and regions); video ad servers that handle over 10 billion requests per day; and an LMS that TIME magazine listed as one of the Best Inventions of the Year 2020. David is also a leader in the tech community. As the organizer of the monthly event series js.la, the host of the Junior to Senior podcast, and a champion in the Node.js mentorship initiative, he has helped thousands of developers level up. David is the author of two popular JavaScript books, has over 90 open-source packages on npm, and has given talks at tech events and conferences like JSConf and JSFest. Follow David:- LinkedIn – linkedin.com/in/david-guttman - Website – david.app - Superstruct – https://superstruct.tech/ -

In this podcast episode, we talked with Andrey Cheptsov about ​The future of AI infrastructure. About the Speaker: Andrey Cheptsov is the founder and CEO of dstack, an open-source alternative to Kubernetes and Slurm, built to simplify the orchestration of AI infrastructure. Before dstack, Andrey worked at JetBrains for over a decade helping different teams make the best developer tools. During the event, the guest, Andrey Cheptsov, founder and CEO of dstack, discussed the complexities of AI infrastructure. We explore topics like the challenges of using Kubernetes for AI workloads, the need to rethink container orchestration, and the future of hybrid and cloud-only infrastructures. Andrey also shares insights into the role of on-premise and bare-metal solutions, edge computing, and federated learning. 0:00 Andrey's Career Journey: From JetBrains to DStack 5:00 The Motivation Behind DStack 7:00 Challenges in Machine Learning Infrastructure 10:00 Transitioning from Cloud to On-Prem Solutions 14:30 Reflections on OpenAI's Evolution 17:30 Open Source vs Proprietary Models: A Balanced Perspective 21:01 Monolithic vs. Decentralized AI businesses 22:05 The role of privacy and control in AI for industries like banking and healthcare 30:00 Challenges in training large AI models: GPUs and distributed systems 37:03 DeepSpeed's efficient training approach vs. brute force methods 39:00 Challenges for small and medium businesses: hosting and fine-tuning models 47:01 Managing Kubernetes challenges for AI teams 52:00 Hybrid vs. cloud-only infrastructure 56:03 On-premise vs. bare-metal solutions 58:05 Exploring edge computing and its challenges

Is your ML project stuck in POC hell and failing to deliver real value? In this episode, I sit down with David Tan and Dave Colls, co-authors of the book “Effective Machine Learning Teams” to discuss the complexities of building and deploying ML models, building and managing effective ML teams, and ensuring successful ML projects. Key topics discussed:- Learn the key differences between ML engineering and traditional software engineering.- Why so many ML projects fail to reach production or deliver real business value and how to overcome common challenges.- Discover the ideal ML team composition and how to apply concepts like team topologies for effective collaboration.- The importance of product thinking in ML projects and best practices for designing robust, valuable ML products.- Essential engineering best practices for successful ML projects, including automated testing, continuous delivery, and MLOps practices. Listen out for:(02:35) Career Turning Points(04:54) Writing "Effective Machine Learning Teams"(08:29) ML Engineering vs Other Types of Engineering(12:24) ML and LLM(14:59) Why Many ML Projects Fail(19:53) ML Success Modes(23:32) Ideal ML Engineering Team Composition(31:39) Building the Right ML Product(39:23) ML Engineering Best Practices(49:14) MLOps(52:44) Make Good Easy(53:56) 3 Tech Lead Wisdom Tune in to learn how to build and deploy ML products that truly make a difference! David Tan's Bio David Tan is a lead ML engineer with more than six years of experience in practicing Lean engineering in the field of data and AI across various sectors such as real estate, government services and retail. David is passionate about engineering effectiveness and knowledge sharing, and has also spoken at several conferences on how teams can adopt Lean and continuous delivery practices to effectively and responsibly deliver AI-powered products across diverse industries. Follow David Tan: - LinkedIn – linkedin.com/in/davified - X – @davified - GitHub – https://github.com/davified Dave Colls' Bio Dave loves building new things and helping others build too – products and services, people and teams – using technology, Data & AI. His work building the Thoughtworks Data & AI practice shows how these elements combine: creating a new business, consulting to leaders and making a home for data people to grow. Currently, Dave is working at Nextdata, pushing the frontiers of how organisations work with data. David thrives on navigating complex challenges and evolving environments. His extensive experience in large-scale digital transformations and deep tech R&D has honed his ability to align efforts and drive impactful results. A dedicated mentor, David is passionate about guiding data professionals in their career growth. He actively shares his expertise as a speaker, blogger, and author of the book “Effective Machine Learning Teams.” Follow Dave Colls:- LinkedIn – linkedin.com/in/davidcolls Links: -

“Looking at the development pace of this area, it's just a question of when generative AI will take over larger parts of software engineering. It's a leadership responsibility to ensure your organization is ready for AI and you are taking the right path.” AI is changing EVERYTHING – including the way we build software. Are you READY for it? In this episode, we dive deep into the impact of AI on the future of work, particularly in the software development space. Join me and André Neubauer as we explore: * The evolution of AI: From early code generation to today's advanced Generative AI and Large Language Models (LLMs). * The rise of Agentic AI: How AI agents are collaborating to automate complex tasks and reshape software development workflows. * The impact on organizations: How companies can leverage AI to boost productivity, foster innovation, and navigate the challenges of this new era. * The future of software teams: Will AI replace developers or empower them? Discover why smaller, leaner, high-performing teams might be the way forward. * Leadership in the age of AI: Essential strategies for leaders to successfully integrate AI into their organizations and address the concerns of their teams. Listen out for: (00:02:11) Career Turning Points (00:07:56) Giving a Talk on “The Role of AI in Future Workplaces” (00:10:30) What Drives the AI Advancements (00:18:54) The Levels of AI Advancement (00:25:01) AI in Software Engineering (00:26:53) Concerns on Tech Debt and Issues (00:31:11) Impact of AI to Organizations (00:34:34) Smaller and Leaner Teams (00:37:15) The Rise of Solopreneurship (00:41:32) Getting People Onboard to AI (00:44:40) Leadership Measures for Adopting AI (00:49:34) 3 Tech Lead Wisdom _____ André Neubauer's Bio For nearly two decades, André Neubauer has shaped Tech & Product and its interface with the business in varied settings, from startups to major corporations. His journey began in software engineering and evolved into technical leadership, a role he's passionately undertaken for the past 15 years. As CTO, he's spearheaded transformative projects and strategies, backed by an academic foundation in informatics and business economics. Always at the forefront of modern leadership practices, he's transformed companies into tech powerhouses. Beyond his role as CTO, he actively mentors tech leaders and consults businesses, guiding them through their tech challenges. Follow Andre: * LinkedIn – linkedin.com/in/andreneubauer * Newsletter – devpg.substack.com _____ Our Sponsors Enjoy an exceptional developer experience with JetBrains. Whatever programming language and technology you use, JetBrains IDEs provide the tools you need to go beyond simple code editing and excel as a developer.Check out FREE coding software options and special offers on jetbrains.com/store/#discounts.Make it happen. With code. Manning Publications is a premier publisher of technical books on computer and software development topics for both experienced developers and new learners alike. Manning prides itself on being independently owned and operated, and for paving the way for innovative initiatives, such as early access book content and protection-free PDF formats that are now industry standard.Get a 40% discount for Tech Lead Journal listeners by using the code techlead24 for all products in all formats. Like this episode?Show notes & transcript: techleadjournal.dev/episodes/202.Follow @techleadjournal on LinkedIn, Twitter, and Instagram.Buy me a coffee or become a patron.

“Evolutionary architecture became a necessity, not because anybody wanted it to be, but because you didn't have a choice. You have to be able to change your systems to keep up with changing business and consumer expectations, let alone regulatory frameworks.” In this episode, I have an insightful conversation with Rebecca Parsons, coauthor of Building Evolutionary Architectures and ex-CTO of ThoughtWorks, on the topic of evolutionary architecture. Rebecca shares the definition and principles of evolutionary architecture, as well as some important practices that software engineering teams can adopt to support it. Rebecca also offers her perspective on the impact of AI in software development and evolutionary architecture. Key takeaways: - Evolutionary architecture supports guided, incremental change across multiple dimensions. - Fitness functions are a key tool for implementing evolutionary architecture. - Some of the important engineering practices for evolutionary architecture include continuous delivery, evolutionary database, contract testing, and choreography over orchestration. - AI coding assistants can help analyze and understand complex legacy systems, aiding in refactoring and modernization efforts. - Over-reliance on AI coding assistants may hinder the development of proper abstraction and critical thinking skills, especially in junior developers. Listen out for: (00:02:35) Career Turning Points (00:08:38) Why Adopt Evolutionary Architecture (00:11:06) Evolutionary vs Rewrite (00:13:41) Architecture Definition (00:16:45) Evolutionary Architecture Adoption (00:20:56) Evolutionary Architecture Definition (00:22:32) Fitness Function (00:26:07) Commonly Adopted Fitness Functions (00:29:33) Principles of Evolutionary Architecture (00:35:24) Conway's Law & Postel's Law (00:39:40) Practices of Evolutionary Architecture (00:45:41) The Impact of AI to Evolutionary Architecture (00:48:44) The AI Worries (00:52:32) 3 Tech Lead Wisdom _____ Rebecca Parsons' BioDr. Rebecca Parsons is currently independent, having been Thoughtworks CTO and CTO Emerita for over 15 years. She has more years of experience than she'd like to admit in technology and large-scale software development. She recently co-authored the book Building Evolutionary Architectures with Neal Ford and Pat Kua. Before ThoughtWorks she worked as an assistant professor of computer science at the University of Central Florida, after completing a Director's Post Doctoral Fellowship at the Los Alamos National Laboratory. Her interests include parallel and distributed computation, programming languages, domain specific languages, evolutionary architecture, genetic algorithms, and computational science. Rebecca received a BS in Computer Science and Economics from Bradley University, and both an MS and Ph.D. in Computer Science from Rice University. Follow Rebecca: LinkedIn – linkedin.com/in/dr-rebecca-parsons X – x.com/rebeccaparsons

 Plus Can You Get Cloned In A Single Conversation? Like this? Get AIDAILY, delivered to your inbox, every weekday. Subscribe to our newsletter at https://aidaily.us AI Companions: Asian Tech Tackles Loneliness with AI Robots at CES 2025 At CES 2025, Asian tech firms like Samsung and TCL are betting on AI companion robots to tackle loneliness. These robots combine cute designs with emotional intelligence to offer companionship, aiming to provide comfort in an increasingly isolated society. However, the true impact on human loneliness remains to be seen. One Conversation is All it Takes for This AI to Deepfake Your Entire Personality A new AI model can replicate a person's personality after just one conversation, creating digital clones with 85% accuracy. This technology, based on a study by Stanford and Google DeepMind, raises concerns about privacy, identity theft, and the potential for scamming using deepfake personalities. Discover Alibaba's AI Coder: Build Apps in Minutes with Tongyi Lingma Alibaba Cloud has introduced Tongyi Lingma, an AI-powered coding tool that can construct applications within minutes. This system, enhancing productivity by over 10 times, supports both Microsoft's Visual Studio Code and JetBrains' IDEs, potentially outmatching competitors like ChatGPT in creative coding tasks. AI and Meaningful Work: Enhancing Human Roles in the Workplace AI is transforming the workplace by not just automating tasks but elevating the quality of work, enabling employees to engage in more meaningful activities. This shift suggests that AI leads to job enhancement rather than mere displacement, offering a glimpse into the future of work.  Is Personal Training Making a Comeback? 2025 Trends Suggest So Despite the rise of AI fitness apps, personal training is seeing a resurgence in 2025, thanks to the enduring appeal of Zoom-based remote sessions. This trend reflects a preference for personalized guidance over automated coaching, highlighting the human touch's value in fitness routines. AI Job Market Insights: WEF Predicts Growth in Hands-On Roles The World Economic Forum's 2025 report highlights a surge in demand for manual and technical skills, with AI automation expected to reduce clerical jobs. Conversely, there's a growing need for AI, big data, and cybersecurity expertise, suggesting a complex job market transformation.

פרק מספר 487 של רברס עם פלטפורמה - באמפרס מספר 85: רן, דותן ואלון באולפן הוירטואלי עם סדרה של קצרצרים שתפסו את תשומת הלב בתקופה האחרונה - בלוגים מעניינים, דברים מ- GitHub, וכל מיני פרויקטים מעניינים או דברים יפים שראינו באינטרנט וחשבנו לאסוף ולהביא אליכם.וכמיטב המסורת לאחרונה - גם לא מעט AI, כי על זה הצעירים מדברים בזמן האחרון.

What are the current approaches for analyzing emotions within a piece of text? Which tools and Python packages should you use for sentiment analysis? This week, Jodie Burchell, developer advocate for data science at JetBrains, returns to the show to discuss modern sentiment analysis in Python.

In the latest Building Better Developers podcast season, Rob Broadhead and Michael Meloche dive deep into the fascinating world of Artificial Intelligence (AI) and its impact on developers' habits. In this episode, the focus isn't just on using AI but on leveraging it to enhance productivity, creativity, and problem-solving capabilities. The AI Revolution: Why Developers Should Care AI is no longer a futuristic concept—it's an integral part of the developer's toolbox. Tools like ChatGPT, Microsoft Copilot, and IntelliJ IDEA's AI-powered suggestions transform workflows from generating boilerplate code to aiding testing and planning. As Rob Broadhead pointed out, AI's potential extends far beyond novelty. It's about using AI to “do better what you are already doing” rather than treating it as a crutch. AI-driven tools simplify repetitive tasks, allowing developers to focus on higher-value activities. Whether generating test cases, summarizing meetings, or suggesting optimal solutions for coding challenges, AI helps reduce cognitive load and time spent on mundane tasks. Practical Uses of AI in Development Code Generation and Optimization: AI tools like ChatGPT, OpenAI Whisper, Amazon's AI can generate code snippets based on developer input, saving developers significant time writing boilerplate code. These tools excel at providing a starting point, especially when developers are working on stubs or need inspiration for how to approach a particular problem. Testing Automation: Quality assurance is a critical area where AI shines. AI tools can auto-generate test cases for software, even for teams that might not have robust testing processes. AI can fill gaps in testing coverage for beginners or teams under pressure, providing a baseline of quality assurance. Documentation and Summaries: Tools like Descript and Zoom's AI features allow for the transcription and summarization of meetings, making it easier to keep track of key points and actions. These capabilities free up developers from manual note-taking and help them focus on implementing actionable insights. Planning and Scheduling: AI aids in project management by helping developers optimize their schedules, plan tasks, and streamline workflows. Michael highlighted the importance of AI for meeting prep and planning ceremonies in Agile environments. The Challenges of AI Adoption While the benefits are clear, the podcast also stresses caution. Beginners, in particular, need to verify AI-generated outputs to ensure they align with best practices and project requirements. Rob and Michael recommend cross-checking AI responses with trusted sources like Stack Overflow or GitHub discussions to avoid going down unproductive rabbit holes. Michael compared the process to early voice recognition tools like Dragon NaturallySpeaking, where the user had to train the software to achieve better results. Similarly, AI today requires user input and feedback to improve accuracy and utility. Building Habits with AI: A Developer's Challenge This episode's challenge encourages developers to explore AI daily: Identify a problem or task—whether coding, debugging, or planning. Use an AI tool to suggest solutions or assist with the task. Evaluate and refine the AI's suggestions to learn how to maximize its effectiveness. The goal isn't to rely entirely on AI but to build a habit of thoughtfully integrating AI into workflows. Over time, this practice will help developers identify areas where AI can save time and effort without compromising quality. The Future of AI in Development The podcast explores how AI is evolving, with companies like OpenAI, Google, and JetBrains pushing the boundaries. AI tools are now capable of understanding context, improving accessibility, and automating complex processes. As Rob noted, “Automation intelligence” is the real power of AI, allowing developers to focus on innovation while repetitive tasks are handled seamlessly. Key Takeaways for Developers Embrace AI as a tool, not a replacement: Use AI to augment your skills, not substitute for them. Experiment and refine: Explore different AI tools and provide feedback to improve their outputs. Stay informed: AI is rapidly evolving, and staying updated ensures you remain competitive. Conclusion As AI matures, its role in development will only grow more significant. By integrating AI into their workflows, developers can enhance efficiency and focus on building innovative solutions. The Building Better Developers podcast offers a timely reminder that the key to success lies in building habits that leverage AI effectively. Whether you're a seasoned developer or just starting out, now is the time to explore AI's transformative potential. Start this journey by experimenting with tools like ChatGPT, Copilot, or Whisper, and discover how AI can revolutionize your work. After all, building better habits starts with taking the first step—and in today's world, that step includes embracing AI. Stay Connected: Join the Develpreneur Community We invite you to join our community and share your coding journey with us. Whether you're a seasoned developer or just starting, there's always room to learn and grow together. Contact us at info@develpreneur.com with your questions, feedback, or suggestions for future episodes. Together, let's continue exploring the exciting world of software development. Additional Resources ChatGPT Microsoft Copilot Leverage AI To Solve Problems In New Ways Use Cases For AI – Interview With Chris Barkhurst Building Better Habits Videos – With Bonus Content

Breaking Tech Updates: OpenAI Search Expansion, Broadcom and VMware Split, and More! In this episode, Jim announces his new fiction novel 'Elisa: A Tale of Quantum Kisses' and requests support through purchases and reviews. He covers significant updates: OpenAI's global search and voice integration rollout, Ingram Micro's cessation of VMware distribution, surprising trends from JetBrains' Developer Ecosystem report, and Michael Jarman's win as the Microsoft Excel World Champion. The episode concludes with Marcel Gagné critiquing OpenAI's new video generator Sora, pointing out its current strengths and weaknesses. 00:00 Introduction and Personal Request 01:35 OpenAI's New Search Capabilities 05:16 Ingram Micro and Broadcom's Split 07:44 JetBrains Developer Ecosystem Report 09:33 Microsoft Excel World Championship 11:01 Conclusion and Afterword 11:27 Marcel Gagné Reviews OpenAI's Sora

Dans cet épisde en audio et en vidéo (youtube.com/lescastcodeurs), Guillaume et Emmanuel discutent des 15 ans de Go, d'une nouvelle approche de garbage collecting, de LLMs dans les applications Java, dobservabilité, d'une attaque de chaine d'approvisionnement via javac et d'autres choses. Enregistré le 13 décembre 2024 Téléchargement de l'épisode LesCastCodeurs-Episode-319.mp3 News Langages Go fête son 15ème anniversaire ! https://go.dev/blog/15years discute les 15 ans la corrections de gotchas dans les for loops (notamment les variables étaient loop scoped) le fait que la compile echoue si on attend une version de go superieure seulement depuis go 1.21 en parallele de la gestion de la chaine d'outil (c'est en 2023 seulement!) opt-in telemetrie aussi recent Construire OpenJDK à partir des sources sur macOS https://www.morling.dev/blog/building-openjdk-from-source-on-macos/ de maniere surprenante ce n'est pas tres compliqué Papier sur l'aproche Mark-scavenge pour un ramasse miette https://inside.java/2024/11/22/mark-scavenge-gc/ papier de recherche utiliser l'accessibilité pour preuve de vie n'est pas idéal: un objet peut etre atteignable mais ne sera jamais accedé par le programme les regions les plus pauvres en objets vivant voient leurs objets bouger dans uen autre region et la regio libéré, c'est le comportement classique des GC deux methodes: mark evaguate qui le fait en deux temps et la liveness peut evoluer ; et scavenge qui bouge l'objet vivant des sa decouverte ont fait tourner via ZGC des experience pour voir les objects consideres vivants et bougés inutilement. resultats montrent un gros taux d'objets bougés de maniere inutile proposent un algo different ils marquent les objets vivants mais ne les bougent pas avant le prochain GC pour leur donner une change de devenir unreachable elimine beaucoup de deplacement inutiles vu que les objets deviennent non accessible en un cycle de GC jusquà 91% de reduction ! Particulierement notable dans les machines chargées en CPU. Les tokens d'accès court ou longs https://grayduck.mn/2023/04/17/refresh-vs-long-lived-access-tokens/ pourquoi des long access tokens (gnre refresh token) sont utilises pour des short lived dans oauth 2.0 refresh token simplifient la revocation: vu que seul le auth serveur a a verifier la révocation et les clients vérifient l'expiration et la validité de la signature refresh token ne sont envoyés que entre endpoints alors que les access tokens se baladent pas mal: les frontières de confiance ne sont pas traversées refresh token comme utilise infréquement, et donc peut etre protegee dans une enclave les changements de grants sont plus simple tout en restant distribuable histoire des access refresh token et access token permet de mieux tracer les abus / attaques les inconvenients: c'est plus compliqué en flow, the auth serveur est un SPOF amis mitigeable Java Advent est de retour https://www.javaadvent.com/calendar backstage Java integrite par defaut (et ses consequences sur l'ecosysteme) timefold (sovler) Les extensions JUNit 5 OpenTelemetry via Java Agent vs Micrometer analyse statique de code CQRS et les fonctionalités modernes de Java java simple (sans compilatrion, sans objet fullstack dev with quarkus as backend José Paumard introduit et explique les Gatherers dans Java 24 dans cette vidéo https://inside.java/2024/11/26/jepcafe23/ Librairies Micronaut 4.7, avec l'intégration de LangChain4j https://micronaut.io/2024/11/14/micronaut-framework-4-7-0-released/ Combiner le framework de test Spock et Cucumber https://www.sfeir.dev/back/spock-framework-revolutionnez-vos-tests-unitaires-avec-la-puissance-du-bdd-et-de-cucumber/ les experts peuvent écrire leurs tests au format Gherkin (de Cucumber) et les développeurs peuvent implémenter les assertions correspondantes avec l'intégration dans Spock, pour des tests très lisibles Spring 6.2 https://spring.io/blog/2024/11/14/spring-framework-6-2-0-available-now beans @Fallback améliorations sur SpELet sur le support de tests support de l'echape des property placeholders une initioalisation des beans en tache de fond nouvelle et pleins d'autres choses encore Comment créer une application Java LLM tournant 100% en Java avec Jlama https://quarkus.io/blog/quarkus-jlama/ blog de Mario Fusco, Mr API et Java et Drools utilise jlama + quarkus + langchain Explique les avantage de l'approche pure Java comme le cycle de vie unique, tester les modeles rapidement, securite (tout est in process), monolithe ahahah, observabilité simplifiée, distribution simplifiée (genre appli embarquée) etc Vert.x 5 en seconde incubation https://vertx.io/blog/eclipse-vert-x-5-candidate-2-released/ Support des Java modules (mais beacoup des modules vert.x eux-même ne le supportent pas support io_uring dans vert.x core le load balancing côté client le modele des callbacks n'est plus supporté, vive les Futur beaucoup d'améliorations autour de gRPC et d'autres choses Un article sur Spring AI et la multi modalite audio https://spring.io/blog/2024/12/05/spring-ai-audio-modality permet de voir les evolutions des APIs de Spring AI s'appluie sur les derniers modeles d'open ai des examples comme par exemple un chatbot voix et donc comment enregistrer la voix et la passer a OpenAI Comment activer le support experimental HTTP/3 dans Spring Boot https://spring.io/blog/2024/11/26/http3-in-reactor-2024 c'ets Netty qui fait le boulot puis Spring Netty l'article décrit les etapes pour l'utiliser dans vos applis Spring Boot ou Spring Cloud Gateway l'article explique aussi le cote client (app cliente) ce qui est sympa Infrastructure Un survol des offres d'observabilité http://blog.ippon.fr/2024/11/18/observabilite-informatique-comprendre-les-bases-2eme-partie/ un survol des principales offres d'observabilité Open source ou SaaS et certains outsiders Pas mal pour commencer à défricher ce qui vous conviendrait blog de ippon Web Sortie de Angular 19 https://blog.ninja-squad.com/2024/11/19/what-is-new-angular-19.0/ stabilité des APIs Signal APIs migration automatique vers signals composants standalone par défaut nouvelles APIs linkedSignal et resource de grosses améliorations de SSR et HMR un article également de Sfeir sur Angular 19 https://www.sfeir.dev/front/angular-19-tout-ce-quil-faut-savoir-sur-les-innovations-majeures-du-framework/ Angluar 19 https://www.sfeir.dev/front/angular-19-tout-ce-quil-faut-savoir-sur-les-innovations-majeures-du-framework/ composant standalone par default (limiter les problemes de dependances), peut le mettre en strict pour le l'imposer (ou planter) signalement des imports inutilisés @let pour les variables locales dans les templates linkedSignal (experimental) pour lier des signaux entre eux (cascade de changement suite a un evenement hydratation incrementale (contenu progressivement interactif avec le chargement - sur les parties de la page visible ou necessaires et event replay, routing et modes de rendu en rendy hybride, Hot module replacement etc The State of Frontend — dernière compilation des préférences des développeurs en terme de front https://tsh.io/state-of-frontend/ React en tête, suivi de Vue et Svelte. Angular seulement 4ème Côté rendering framework, Next.js a la majorité absolue, ensuite viennent Nuxt et Astro Zod est la solution de validation préférée Pour la gestion de date, date-fns est en tête, suivi par moment.js Côté state management, React Context API en première place, mais les suivants sont tous aussi pour React ! Grosse utilisation de lodash pour plein d'utilités Pour fetcher des resources distantes, l'API native Fetch et Axios sont les 2 vaincoeurs Pour le déploiement, Vercel est premier Côté CI/CD, beaucoup de Github Actions, suivi par Gitlab CI Package management, malgré de bonnes alternatives, NPM se taille toujours la part du lion Ecrasante utilisation de Node.js comme runtime JavaScript pour faire du développement front Pour ce qui est du typing, beaucoup utilisent TypeScript, et un peu de JSdoc, et la majorité des répondants pensent que TypeScript a dépassé JavaScript en usage Dans les API natives du navigateur, Fetch, Storage et WebSockets sont les APIs les plus utilisées La popularité des PWA devrait suivre son petit bonhomme de chemin En terme de design system, shadcn.ui en tête, suivi par Material, puis Bootstram Pour la gestion des styles, un bon mix de plain old CSS, de Tailwind, et de Sass/CSS Jest est premier comme framework de tests Les 3/4 des développeurs front utilisent Visual Studio Code, quant au quart suivant, c'est JetBrains qui raffle les miettes Pour le build, Vite récolte les 4/5 des voix ESLint et Prettier sont les 2 favoris pour vérifier le code   Parfois, on aimerait pouvoir tester une librairie ou un framework JavaScript, sans pour autant devoir mettre en place tout un projet, avec outil de build et autre. Julia Evans explore les différents cas de figure, suivant la façon dont ces librairies sont bundlées https://jvns.ca/blog/2024/11/18/how-to-import-a-javascript-library/ Certaines librairies permette de ne faire qu'un simple import dans une balise script Certaines frameworks sont distribués sous forme d'Universal Module Definition, sous CommonJS, d'ESmodule franchemet en tant que noob c'est compliqué quand même Data et Intelligence Artificielle L'impact de l'IA en entreprise et des accès aux documents un peu laxistes https://archive.ph/uPyhX l'indexing choppe tout ce qu'il peut et l'IA est tres puissante pour diriger des requetes et extraires les données qui auraient du etre plus restreintes Différentes manières de faire de l'extraction de données et de forcer la main à un LLM pour qu'il génère du JSON https://glaforge.dev/posts/2024/11/18/data-extraction-the-many-ways-to-get-llms-to-spit-json-content/ l'approche “je demande gentiment” au LLM, en faisant du prompt engineering en utilisant du function calling pour les modèles supportant la fonctionnalité, en particulier avant les approches de type “JSON mode” ou “JSON schema” ou effectivement si le modèle le supporte aussi, toujours avec un peu de prompting, mais en utilisant le “JSON mode” qui force le LLM a générer du JSON valide encore mieux avec la possibilité de spécifier un schema JSON (type OpenAPI) pour que le JSON en sortie soit “compliant” avec le schéma proposé Comment masquer les données confidentielles avec ses échanges avec les LLMs https://glaforge.dev/posts/2024/11/25/redacting-sensitive-information-when-using-generative-ai-models/ utilisation de l'API Data Loss Prevention de Google Cloud qui permet d'identifier puis de censurer / masquer (“redacted” en anglais) des informations personnelles identifiables (“PII”, comme un nom, un compte bancaire, un numéro de passeport, etc) pour des raison de sécurité, de privacy, pour éviter les brèche de données comme on en entend trop souvent parler dans les nouvelles On peut utiliser certains modèles d'embedding pour faire de la recherche de code https://glaforge.dev/posts/2024/12/02/semantic-code-search-for-programming-idioms-with-langchain4j-and-vertex-ai-embedding-models/ Guillaume recherche des bouts de code, en entrant une requête en langue naturel Certains embedding models supportent différents types de tâches, comme question/réponse, question en langue naturelle / retour sous forme de code, ou d'autres tâches comme le fact checking, etc Dans cet article, utilisation du modèle de Google Cloud Vertex AI, en Java, avec LangChain4j Google sort la version 2 de Gemini Flash https://blog.google/technology/google-deepmind/google-gemini-ai-update-december-2024/ La nouvelle version Gemini 2.0 Flash dépasse même Gemini 1.5 Pro dans les benchmarks Tout en étant 2 fois plus rapide que Gemini 1.5 Pro, et bien que le prix ne soit pas encore annoncé, on imagine également plus abordable Google présente Gemini 2 comme le LLM idéal pour les “agents” Gemini propose une vraie multimodalité en sortie (premier LLM sur le marché à le proposer) : Gemini 2 peut entrelacer du texte, des images, de l'audio Gemini 2 supporte plus de 100 langues 8 voix de haute qualité, assez naturelles, pour la partie audio Un nouveau mode speech-to-speech en live, où on peut même interrompre le LLM, c'est d'ailleurs ce qui est utilisé dans Project Astra, l'application mobile montrée à Google I/O qui devient un vrai assistant vocale en live sur votre téléphone Google annonce aussi une nouvelle expérimentation autour des assistants de programmation, avec Project Jules, avec lequel on peut discuter en live aussi, partager son code, comme un vrai pair programmeur Google a présenté Project Mariner qui est un agent qui est sous forme d'extension Chrome, qui va permettre de commander votre navigateur comme votre assistant de recherche personnel, qui va être capable de faire des recherches sur le web, de naviguer dans les sites web, pour trouver les infos que vous recherchez Cet autre article montre différentes vidéos de démos de ces fonctionnalités https://developers.googleblog.com/en/the-next-chapter-of-the-gemini-era-for-developers/ Un nouveau projet appelé Deep Research, qui permet de faire des rapports dans Gemini Advanced : on donne un sujet et l'agent va proposer un plan pour un rapport sur ce sujet (qu'on peut valider, retoucher) et ensuite, Deep Research va effectuer des recherches sur le web pour vous, et faire la synthèse de ses recherches dans un rapport final https://blog.google/products/gemini/google-gemini-deep-research/ Enfin, Google AI Studio, en plus de vous permettre d'expérimenter avec Gemini 2, vous pourrez aussi utiliser des “starter apps” qui montrent comment faire de la reconnaissance d'objet dans des images, comment faire des recherches avec un agent connecté à Google Maps, etc. Google AI Studio permet également de partager votre écran avec lui, en mobile ou en desktop, de façon à l'utiliser comme un assistant qui peut voir ce que vous faites, ce que vous coder et peut répondre à vos questions Méthodologies Un article de GitHub sur l'impact de la surutilisation des CPU sur la perf de l'appli https://github.blog/engineering/architecture-optimization/breaking-down-cpu-speed-how-utilization-impacts-performance/ c'est surprenant qu'ils ont des effets des 30% de perf c'est du a la non limit thermique, au boost de frequece qui en suit ils ont donc cherché le golden ratio pour eux autour de 60% ils prennent des morceaux de cluster kube poru faire tourner les workloads et ajoutent des wqorkload CPU artificiels (genre math) Sécurité Attaque de la chaîne d'approvisionnement via javac https://xdev.software/en/news/detail/discovering-the-perfect-java-supply-chain-attack-vector-and-how-it-got-fixed s'appuie sur l'annotation processeur l'annotation processors des dependances est chargé et executé au moment du build du projet et cherche les annotations processor dans le user classpath (via le pattern serviceloader) et donc si la dependance est attaquée et un annotation processor est ajouté ou modifié on a un vecteur d'attaque au moment de la compilation du projet ciblé des qu'on deparre l'IDE en gros workaround, activer -proc:none et activer les annotation processors explicitly dans votre outil de build certaines améliorations dans le JDK: le compilateur note qu'il execute un annotation processor dans java 23+ les annotation processors sont deactivés par defaut Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 19 décembre 2024 : Normandie.ai 2024 - Rouen (France) 20 janvier 2025 : Elastic{ON} - Paris (France) 22-25 janvier 2025 : SnowCamp 2025 - Grenoble (France) 24-25 janvier 2025 : Agile Games Île-de-France 2025 - Paris (France) 30 janvier 2025 : DevOps D-Day #9 - Marseille (France) 6-7 février 2025 : Touraine Tech - Tours (France) 21 février 2025 : LyonJS 100 - Lyon (France) 28 février 2025 : Paris TS La Conf - Paris (France) 20 mars 2025 : PGDay Paris - Paris (France) 20-21 mars 2025 : Agile Niort - Niort (France) 25 mars 2025 : ParisTestConf - Paris (France) 26-29 mars 2025 : JChateau Unconference 2025 - Cour-Cheverny (France) 28 mars 2025 : DataDays - Lille (France) 28-29 mars 2025 : Agile Games France 2025 - Lille (France) 3 avril 2025 : DotJS - Paris (France) 10-11 avril 2025 : Android Makers - Montrouge (France) 10-12 avril 2025 : Devoxx Greece - Athens (Greece) 16-18 avril 2025 : Devoxx France - Paris (France) 29-30 avril 2025 : MixIT - Lyon (France) 7-9 mai 2025 : Devoxx UK - London (UK) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 24 mai 2025 : Polycloud - Montpellier (France) 5-6 juin 2025 : AlpesCraft - Grenoble (France) 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via twitter https://twitter.com/lescastcodeurs Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

Join Dan Vega and DaShaun Carter as they welcome Siva Prasad Reddy K, Developer Advocate at JetBrains. Join us for the latest updates from the Spring ecosystem. In this episode, Siva will be sharing tips and tricks for IntelliJ to help you get the most out of your development experience. You can participate in our live stream to ask questions or catch the replay on your preferred podcast platform.Show Notes: JetBrains BlogSivaLabs

Этот выпуск должен быть самым полезным ... ведь в нем мы расскажем, что нужно сказать тому, кто привнесет реактивщину в Ваш кодСпасибо всем, кто нас слушает. Ждем Ваши комментарии.Бесплатный открытый курс "Rust для DotNet разработчиков": https://www.youtube.com/playlist?list=PLbxr_aGL4q3S2iE00WFPNTzKAARURZW1ZShownotes: 00:00:00 Вступление00:03:20 Что такое реактивщина00:08:00 event vs reactive00:14:40 RX провоцирует говнокод00:29:50 RX и многопоточность00:36:35 RX и дебаг00:43:00 Как НЕ говнокодить на RXСсылки:- https://github.com/dotnet/reactive : RX for .net - https://github.com/JetBrains/rd : Reactive Distributed communication framework- https://learn.microsoft.com/en-us/dotnet/standard/events/observer-design-pattern : Observer design patternВидео: https://youtube.com/live/82UTeLzCduQ Слушайте все выпуски: https://dotnetmore.mave.digitalYouTube: https://www.youtube.com/playlist?list=PLbxr_aGL4q3R6kfpa7Q8biS11T56cNMf5Twitch: https://www.twitch.tv/dotnetmoreОбсуждайте:- Telegram: https://t.me/dotnetmore_chatСледите за новостями:– Twitter: https://twitter.com/dotnetmore– Telegram channel: https://t.me/dotnetmoreCopyright: https://creativecommons.org/licenses/by-sa/4.0/

The full schedule for Latent Space LIVE! at NeurIPS has been announced, featuring Best of 2024 overview talks for the AI Startup Landscape, Computer Vision, Open Models, Transformers Killers, Synthetic Data, Agents, and Scaling, and speakers from Sarah Guo of Conviction, Roboflow, AI2/Meta, Recursal/Together, HuggingFace, OpenHands and SemiAnalysis. Join us for the IRL event/Livestream! Alessio will also be holding a meetup at AWS Re:Invent in Las Vegas this Wednesday. See our new Events page for dates of AI Engineer Summit, Singapore, and World's Fair in 2025. LAST CALL for questions for our big 2024 recap episode! Submit questions and messages on Speakpipe here for a chance to appear on the show!When we first observed that GPT Wrappers are Good, Actually, we did not even have Bolt on our radar. Since we recorded our Anthropic episode discussing building Agents with the new Claude 3.5 Sonnet, Bolt.new (by Stackblitz) has easily cleared the $8m ARR bar, repeating and accelerating its initial $4m feat.There are very many AI code generators and VS Code forks out there, but Bolt probably broke through initially because of its incredible zero shot low effort app generation:But as we explain in the pod, Bolt also emphasized deploy (Netlify)/ backend (Supabase)/ fullstack capabilities on top of Stackblitz's existing WebContainer full-WASM-powered-developer-environment-in-the-browser tech. Since then, the team has been shipping like mad (with weekly office hours), with bugfixing, full screen, multi-device, long context, diff based edits (using speculative decoding like we covered in Inference, Fast and Slow).All of this has captured the imagination of low/no code builders like Greg Isenberg and many others on YouTube/TikTok/Reddit/X/Linkedin etc:Just as with Fireworks, our relationship with Bolt/Stackblitz goes a bit deeper than normal - swyx advised the launch and got a front row seat to this epic journey, as well as demoed it with Realtime Voice at the recent OpenAI Dev Day. So we are very proud to be the first/closest to tell the full open story of Bolt/Stackblitz!Flow Engineering + Qodo/AlphaCodium UpdateIn year 2 of the pod we have been on a roll getting former guests to return as guest cohosts (Harrison Chase, Aman Sanger, Jon Frankle), and it was a pleasure to catch Itamar Friedman back on the pod, giving us an update on all things Qodo and Testing Agents from our last catchup a year and a half ago:Qodo (they renamed in September) went viral in early January this year with AlphaCodium (paper here, code here) beating DeepMind's AlphaCode with high efficiency:With a simple problem solving code agent:* The first step is to have the model reason about the problem. They describe it using bullet points and focus on the goal, inputs, outputs, rules, constraints, and any other relevant details.* Then, they make the model reason about the public tests and come up with an explanation of why the input leads to that particular output. * The model generates two to three potential solutions in text and ranks them in terms of correctness, simplicity, and robustness. * Then, it generates more diverse tests for the problem, covering cases not part of the original public tests. * Iteratively, pick a solution, generate the code, and run it on a few test cases. * If the tests fail, improve the code and repeat the process until the code passes every test.swyx has previously written similar thoughts on types vs tests for putting bounds on program behavior, but AlphaCodium extends this to AI generated tests and code.More recently, Itamar has also shown that AlphaCodium's techniques also extend well to the o1 models:Making Flow Engineering a useful technique to improve code model performance on every model. This is something we see AI Engineers uniquely well positioned to do compared to ML Engineers/Researchers.Full Video PodcastLike and subscribe!Show Notes* Itamar* Qodo* First episode* Eric* Bolt* StackBlitz* Thinkster* AlphaCodium* WebContainersChapters* 00:00:00 Introductions & Updates* 00:06:01 Generic vs. Specific AI Agents* 00:07:40 Maintaining vs Creating with AI* 00:17:46 Human vs Agent Computer Interfaces* 00:20:15 Why Docker doesn't work for Bolt* 00:24:23 Creating Testing and Code Review Loops* 00:28:07 Bolt's Task Breakdown Flow* 00:31:04 AI in Complex Enterprise Environments* 00:41:43 AlphaCodium* 00:44:39 Strategies for Breaking Down Complex Tasks* 00:45:22 Building in Open Source* 00:50:35 Choosing a product as a founder* 00:59:03 Reflections on Bolt Success* 01:06:07 Building a B2C GTM* 01:18:11 AI Capabilities and Pricing Tiers* 01:20:28 What makes Bolt unique* 01:23:07 Future Growth and Product Development* 01:29:06 Competitive Landscape in AI Engineering* 01:30:01 Advice to Founders and Embracing AI* 01:32:20 Having a baby and completing an Iron ManTranscriptAlessio [00:00:00]: Hey everyone, welcome to the Latent Space Podcast. This is Alessio, partner and CTO at Decibel Partners, and I'm joined by my co-host Swyx, founder of Smol.ai.Swyx [00:00:12]: Hey, and today we're still in our sort of makeshift in-between studio, but we're very delighted to have a former returning guest host, Itamar. Welcome back.Itamar [00:00:21]: Great to be here after a year or more. Yeah, a year and a half.Swyx [00:00:24]: You're one of our earliest guests on Agents. Now you're CEO co-founder of Kodo. Right. Which has just been renamed. You also raised a $40 million Series A, and we can get caught up on everything, but we're also delighted to have our new guest, Eric. Welcome.Eric [00:00:42]: Thank you. Excited to be here. Should I say Bolt or StackBlitz?Swyx [00:00:45]: Like, is it like its own company now or?Eric [00:00:47]: Yeah. Bolt's definitely bolt.new. That's the thing that we're probably the most known for, I imagine, at this point.Swyx [00:00:54]: Which is ridiculous to say because you were working at StackBlitz for so long.Eric [00:00:57]: Yeah. I mean, within a week, we were doing like double the amount of traffic. And StackBlitz had been online for seven years, and we were like, what? But anyways, yeah. So we're StackBlitz, the company behind bolt.new. If you've heard of bolt.new, that's our stuff. Yeah.Swyx [00:01:12]: Yeah.Itamar [00:01:13]: Excellent. I see, by the way, that the founder mode, you need to know to capture opportunities. So kudos on doing that, right? You're working on some technology, and then suddenly you can exploit that to a new world. Yeah.Eric [00:01:24]: Totally. And I think, well, not to jump, but 100%, I mean, a couple of months ago, we had the idea for Bolt earlier this year, but we haven't really shared this too much publicly. But we actually had tried to build it with some of those state-of-the-art models back in January, February, you can kind of imagine which, and they just weren't good enough to actually do the code generation where the code was accurate and it was fast and whatever have you without a ton of like rag, but then there was like issues with that. So we put it on the shelf and then we got kind of a sneak peek of some of the new models that have come out in the past couple of months now. And so once we saw that, once we actually saw the code gen from it, we were like, oh my God, like, okay, we can build a product around this. And so that was really the impetus of us building the thing. But with that, it was StackBlitz, the core StackBlitz product the past seven years has been an IDE for developers. So the entire user experience flow we've built up just didn't make sense. And so when we kind of went out to build Bolt, we just thought, you know, if we were inventing our product today, what would the interface look like given what is now possible with the AI code gen? And so there's definitely a lot of conversations we had internally, but you know, just kind of when we logically laid it out, we were like, yeah, I think it makes sense to just greenfield a new thing and let's see what happens. If it works great, then we'll figure it out. If it doesn't work great, then it'll get deleted at some point. So that's kind of how it actually came to be.Swyx [00:02:49]: I'll mention your background a little bit. You were also founder of Thinkster before you started StackBlitz. So both of you are second time founders. Both of you have sort of re-founded your company recently. Yours was more of a rename. I think a slightly different direction as well. And then we can talk about both. Maybe just chronologically, should we get caught up on where Kodo is first and then you know, just like what people should know since the last pod? Sure.Itamar [00:03:12]: The last pod was two months after we launched and we basically had the vision that we talked about. The idea that software development is about specification, test and code, etc. We are more on the testing part as in essence, we think that if you solve testing, you solve software development. The beautiful chart that we'll put up on screen. And testing is a really big field, like there are many dimensions, unit testing, the level of the component, how big it is, how large it is. And then there is like different type of testing, is it regression or smoke or whatever. So back then we only had like one ID extension with unit tests as in focus. One and a half year later, first ID extension supports more type of testing as context aware. We index local, local repos, but also 10,000s of repos for Fortune 500 companies. We have another agent, another tool that is called, the pure agent is the open source and the commercial one is CodoMerge. And then we have another open source called CoverAgent, which is not yet a commercial product coming very soon. It's very impressive. It could be that already people are approving automated pull requests that they don't even aware in really big open sources. So once we have enough of these, we will also launch another agent. So for the first one and a half year, what we did is grew in our offering and mostly on the side of, does this code actually works, testing, code review, et cetera. And we believe that's the critical milestone that needs to be achieved to actually have the AI engineer for enterprise software. And then like for the first year was everything bottom up, getting to 1 million installation. 2024, that was 2023, 2024 was starting to monetize, to feel like how it is to make the first buck. So we did the teams offering, it went well with a thousand of teams, et cetera. And then we started like just a few months ago to do enterprise with everything you need, which is a lot of things that discussed in the last post that was just released by Codelm. So that's how we call it at Codelm. Just opening the brackets, our company name was Codelm AI, and we renamed to Codo and we call our models Codelm. So back to my point, so we started Enterprise Motion and already have multiple Fortune 100 companies. And then with that, we raised a series of $40 million. And what's exciting about it is that enables us to develop more agents. That's our focus. I think it's very different. We're not coming very soon with an ID or something like that.Swyx [00:06:01]: You don't want to fork this code?Itamar [00:06:03]: Maybe we'll fork JetBrains or something just to be different.Swyx [00:06:08]: I noticed that, you know, I think the promise of general purpose agents has kind of died. Like everyone is doing kind of what you're doing. There's Codogen, Codomerge, and then there's a third one. What's the name of it?Itamar [00:06:17]: Yeah. Codocover. Cover. Which is like a commercial version of a cover agent. It's coming soon.Swyx [00:06:23]: Yeah. It's very similar with factory AI, also doing like droids. They all have special purpose doing things, but people don't really want general purpose agents. Right. The last time you were here, we talked about AutoGBT, the biggest thing of 2023. This year, not really relevant anymore. And I think it's mostly just because when you give me a general purpose agent, I don't know what to do with it.Eric [00:06:42]: Yeah.Itamar [00:06:43]: I totally agree with that. We're seeing it for a while and I think it will stay like that despite the computer use, et cetera, that supposedly can just replace us. You can just like prompt it to be, hey, now be a QA or be a QA person or a developer. I still think that there's a few reasons why you see like a dedicated agent. Again, I'm a bit more focused, like my head is more on complex software for big teams and enterprise, et cetera. And even think about permissions and what are the data sources and just the same way you manage permissions for users. Developers, you probably want to have dedicated guardrails and dedicated approvals for agents. I intentionally like touched a point on not many people think about. And of course, then what you can think of, like maybe there's different tools, tool use, et cetera. But just the first point by itself is a good reason why you want to have different agents.Alessio [00:07:40]: Just to compare that with Bot.new, you're almost focused on like the application is very complex and now you need better tools to kind of manage it and build on top of it. On Bot.new, it's almost like I was using it the other day. There's basically like, hey, look, I'm just trying to get started. You know, I'm not very opinionated on like how you're going to implement this. Like this is what I want to do. And you build a beautiful app with it. What people ask as the next step, you know, going back to like the general versus like specific, have you had people say, hey, you know, this is great to start, but then I want a specific Bot.new dot whatever else to do a more vertical integration and kind of like development or what's the, what do people say?Eric [00:08:18]: Yeah. I think, I think you kind of hit the, hit it head on, which is, you know, kind of the way that we've, we've kind of talked about internally is it's like people are using Bolt to go from like 0.0 to 1.0, like that's like kind of the biggest unlock that Bolt has versus most other things out there. I mean, I think that's kind of what's, what's very unique about Bolt. I think the, you know, the working on like existing enterprise applications is, I mean, it's crazy important because, you know, there's a, you look, when you look at the fortune 500, I mean, these code bases, some of these have been around for 20, 30 plus years. And so it's important to be going from, you know, 101.3 to 101.4, et cetera. I think for us, so what's been actually pretty interesting is we see there's kind of two different users for us that are coming in and it's very distinct. It's like people that are developers already. And then there's people that have never really written software and more if they have, it's been very, very minimal. And so in the first camp, what these developers are doing, like to go from zero to one, they're coming to Bolt and then they're ejecting the thing to get up or just downloading it and, you know, opening cursor, like whatever to, to, you know, keep iterating on the thing. And sometimes they'll bring it back to Bolt to like add in a huge piece of functionality or something. Right. But for the people that don't know how to code, they're actually just, they, they live in this thing. And that was one of the weird things when we launched is, you know, within a day of us being online, one of the most popular YouTube videos, and there's been a ton since, which was, you know, there's like, oh, Bolt is the cursor killer. And I originally saw the headlines and I was like, thanks for the views. I mean, I don't know. This doesn't make sense to me. That's not, that's not what we kind of thought.Swyx [00:09:44]: It's how YouTubers talk to each other. Well, everything kills everything else.Eric [00:09:47]: Totally. But what blew my mind was that there was any comparison because it's like cursor is a, is a local IDE product. But when, when we actually kind of dug into it and we, and we have people that are using our product saying this, I'm not using cursor. And I was like, what? And it turns out there are hundreds of thousands of people that we have seen that we're using cursor and we're trying to build apps with that where they're not traditional software does, but we're heavily leaning on the AI. And as you can imagine, it is very complicated, right? To do that with cursor. So when Bolt came out, they're like, wow, this thing's amazing because it kind of inverts the complexity where it's like, you know, it's not an IDE, it's, it's a, it's a chat-based sort of interface that we have. So that's kind of the split, which is rather interesting. We've had like the first startups now launch off of Bolt entirely where this, you know, tomorrow I'm doing a live stream with this guy named Paul, who he's built an entire CRM using this thing and you know, with backend, et cetera. And people have made their first money on the internet period, you know, launching this with Stripe or whatever have you. So that's, that's kind of the two main, the two main categories of folks that we see using Bolt though.Itamar [00:10:51]: I agree that I don't understand the comparison. It doesn't make sense to me. I think like we have like two type of families of tools. One is like we re-imagine the software development. I think Bolt is there and I think like a cursor is more like a evolution of what we already have. It's like taking the IDE and it's, it's amazing and it's okay, let's, let's adapt the IDE to an era where LLMs can do a lot for us. And Bolt is more like, okay, let's rethink everything totally. And I think we see a few tools there, like maybe Vercel, Veo and maybe Repl.it in that area. And then in the area of let's expedite, let's change, let's, let's progress with what we already have. You can see Cursor and Kodo, but we're different between ourselves, Cursor and Kodo, but definitely I think that comparison doesn't make sense.Alessio [00:11:42]: And just to set the context, this is not a Twitter demo. You've made 4 million of revenue in four weeks. So this is, this is actually working, you know, it's not a, what, what do you think that is? Like, there's been so many people demoing coding agents on Twitter and then it doesn't really work. And then you guys were just like, here you go, it's live, go use it, pay us for it. You know, is there anything in the development that was like interesting and maybe how that compares to building your own agents?Eric [00:12:08]: We had no idea, honestly, like we, we, we've been pretty blown away and, and things have just kind of continued to grow faster since then. We're like, oh, today is week six. So I, I kind of came back to the point you just made, right, where it's, you, you kind of outlined, it's like, there's kind of this new market of like kind of rethinking the software development and then there's heavily augmenting existing developers. I think that, you know, both of which are, you know, AI code gen being extremely good, it's allowed existing developers, it's allowing existing developers to camera out software far faster than they could have ever before, right? It's like the ultimate power tool for an existing developer. But this code gen stuff is now so good. And then, and we saw this over the past, you know, from the beginning of the year when we tried to first build, it's actually lowered the barrier to people that, that aren't traditionally software engineers. But the kind of the key thing is if you kind of think about it from, imagine you've never written software before, right? My co-founder and I, he and I grew up down the street from each other in Chicago. We learned how to code when we were 13 together and we've been building stuff ever since. And this is back in like the mid 2000s or whatever, you know, there was nothing for free to learn from online on the internet and how to code. For our 13th birthdays, we asked our parents for, you know, O'Reilly books cause you couldn't get this at the library, right? And so instead of like an Xbox, we got, you know, programming books. But the hardest part for everyone learning to code is getting an environment set up locally, you know? And so when we built StackBlitz, like kind of the key thesis, like seven years ago, the insight we had was that, Hey, it seems like the browser has a lot of new APIs like WebAssembly and service workers, et cetera, where you could actually write an operating system that ran inside the browser that could boot in milliseconds. And you, you know, basically there's this missing capability of the web. Like the web should be able to build apps for the web, right? You should be able to build the web on the web. Every other platform has that, Visual Studio for Windows, Xcode for Mac. The web has no built in primitive for this. And so just like our built in kind of like nerd instinct on this was like, that seems like a huge hole and it's, you know, it will be very valuable or like, you know, very valuable problem to solve. So if you want to set up that environments, you know, this is what we spent the past seven years doing. And the reality is existing developers have running locally. They already know how to set up that environment. So the problem isn't as acute for them. When we put Bolt online, we took that technology called WebContainer and married it with these, you know, state of the art frontier models. And the people that have the most pain with getting stuff set up locally is people that don't code. I think that's been, you know, really the big explosive reason is no one else has been trying to make dev environments work inside of a browser tab, you know, for the past if since ever, other than basically our company, largely because there wasn't an immediate demand or need. So I think we kind of find ourselves at the right place at the right time. And again, for this market of people that don't know how to write software, you would kind of expect that you should be able to do this without downloading something to your computer in the same way that, hey, I don't have to download Photoshop now to make designs because there's Figma. I don't have to download Word because there's, you know, Google Docs. They're kind of looking at this as that sort of thing, right? Which was kind of the, you know, our impetus and kind of vision from the get-go. But you know, the code gen, the AI code gen stuff that's come out has just been, you know, an order of magnitude multiplier on how magic that is, right? So that's kind of my best distillation of like, what is going on here, you know?Alessio [00:15:21]: And you can deploy too, right?Eric [00:15:22]: Yeah.Alessio [00:15:23]: Yeah.Eric [00:15:24]: And so that's, what's really cool is it's, you know, we have deployment built in with Netlify and this is actually, I think, Sean, you actually built this at Netlify when you were there. Yeah. It's one of the most brilliant integrations actually, because, you know, effectively the API that Sean built, maybe you can speak to it, but like as a provider, we can just effectively give files to Netlify without the user even logging in and they have a live website. And if they want to keep, hold onto it, they can click a link and claim it to their Netlify account. But it basically is just this really magic experience because when you come to Bolt, you say, I want a website. Like my mom, 70, 71 years old, made her first website, you know, on the internet two weeks ago, right? It was about her nursing days.Swyx [00:16:03]: Oh, that's fantastic though. It wouldn't have been made.Eric [00:16:06]: A hundred percent. Cause even in, you know, when we've had a lot of people building personal, like deeply personal stuff, like in the first week we launched this, the sales guy from the East Coast, you know, replied to a tweet of mine and he said, thank you so much for building this to your team. His daughter has a medical condition and so for her to travel, she has to like line up donors or something, you know, so ahead of time. And so he actually used Bolt to make a website to do that, to actually go and send it to folks in the region she was going to travel to ahead of time. I was really touched by it, but I also thought like, why, you know, why didn't he use like Wix or Squarespace? Right? I mean, this is, this is a solved problem, quote unquote, right? And then when I thought, I actually use Squarespace for my, for my, uh, the wedding website for my wife and I, like back in 2021, so I'm familiar, you know, it was, it was faster. I know how to code. I was like, this is faster. Right. And I thought back and I was like, there's a whole interface you have to learn how to use. And it's actually not that simple. There's like a million things you can configure in that thing. When you come to Bolt, there's a, there's a text box. You just say, I need a, I need a wedding website. Here's the date. Here's where it is. And here's a photo of me and my wife, put it somewhere relevant. It's actually the simplest way. And that's what my, when my mom came, she said, uh, I'm Pat Simons. I was a nurse in the seventies, you know, and like, here's the things I did and a website came out. So coming back to why is this such a, I think, why are we seeing this sort of growth? It's, this is the simplest interface I think maybe ever created to actually build it, a deploy a website. And then that website, my mom made, she's like, okay, this looks great. And there's, there's one button, you just click it, deploy, and it's live and you can buy a domain name, attach it to it. And you know, it's as simple as it gets, it's getting even simpler with some of the stuff we're working on. But anyways, so that's, it's, it's, uh, it's been really interesting to see some of the usage like that.Swyx [00:17:46]: I can offer my perspective. So I, you know, I probably should have disclosed a little bit that, uh, I'm a, uh, stack list investor.Alessio [00:17:53]: Canceled the episode. I know, I know. Don't play it now. Pause.Eric actually reached out to ShowMeBolt before the launch. And we, you know, we talked a lot about, like, the framing of, of what we're going to talk about how we marketed the thing, but also, like, what we're So that's what Bolt was going to need, like a whole sort of infrastructure.swyx: Netlify, I was a maintainer but I won't take claim for the anonymous upload. That's actually the origin story of Netlify. We can have Matt Billman talk about it, but that was [00:18:00] how Netlify started. You could drag and drop your zip file or folder from your desktop onto a website, it would have a live URL with no sign in.swyx: And so that was the origin story of Netlify. And it just persists to today. And it's just like it's really nice, interesting that both Bolt and CognitionDevIn and a bunch of other sort of agent type startups, they all use Netlify to deploy because of this one feature. They don't really care about the other features.swyx: But, but just because it's easy for computers to use and talk to it, like if you build an interface for computers specifically, that it's easy for them to Navigate, then they will be used in agents. And I think that's a learning that a lot of developer tools companies are having. That's my bolt launch story and now if I say all that stuff.swyx: And I just wanted to come back to, like, the Webcontainers things, right? Like, I think you put a lot of weight on the technical modes. I think you also are just like, very good at product. So you've, you've like, built a better agent than a lot of people, the rest of us, including myself, who have tried to build these things, and we didn't get as far as you did.swyx: Don't shortchange yourself on products. But I think specifically [00:19:00] on, on infra, on like the sandboxing, like this is a thing that people really want. Alessio has Bax E2B, which we'll have on at some point, talking about like the sort of the server full side. But yours is, you know, inside of the browser, serverless.swyx: It doesn't cost you anything to serve one person versus a million people. It doesn't, doesn't cost you anything. I think that's interesting. I think in theory, we should be able to like run tests because you can run the full backend. Like, you can run Git, you can run Node, you can run maybe Python someday.swyx: We talked about this. But ideally, you should be able to have a fully gentic loop, running code, seeing the errors, correcting code, and just kind of self healing, right? Like, I mean, isn't that the dream?Eric: Totally.swyx: Yeah,Eric: totally. At least in bold, we've got, we've got a good amount of that today. I mean, there's a lot more for us to do, but one of the nice things, because like in web container, you know, there's a lot of kind of stuff you go Google like, you know, turn docker container into wasm.Eric: You'll find a lot of stuff out there that will do that. The problem is it's very big, it's slow, and that ruins the experience. And so what we ended up doing is just writing an operating system from [00:20:00] scratch that was just purpose built to, you know, run in a browser tab. And the reason being is, you know, Docker 2 awesome things will give you an image that's like out 60 to 100 megabits, you know, maybe more, you know, and our, our OS, you know, kind of clocks in, I think, I think we're in like a, maybe, maybe a megabyte or less or something like that.Eric: I mean, it's, it's, you know, really, really, you know, stripped down.swyx: This is basically the task involved is I understand that it's. Mapping every single, single Linux call to some kind of web, web assembly implementation,Eric: but more or less, and, and then there's a lot of things actually, like when you're looking at a dev environment, there's a lot of things that you don't need that a traditional OS is gonna have, right?Eric: Like, you know audio drivers or you like, there's just like, there's just tons of things. Oh, yeah. Right. Yeah. That goes . Yeah. You can just kind, you can, you can kind of tos them. Or alternatively, what you can do is you can actually be the nice thing. And this is, this kind of comes back to the origins of browsers, which is, you know, they're, they're at the beginning of the web and, you know, the late nineties, there was two very different kind of visions for the web where Alan Kay vehemently [00:21:00] disagree with the idea that should be document based, which is, you know, Tim Berners Lee, you know, that, and that's kind of what ended up winning, winning was this document based kind of browsing documents on the web thing.Eric: Alan Kay, he's got this like very famous quote where he said, you know, you want web browsers to be mini operating systems. They should download little mini binaries and execute with like a little mini virtualized operating system in there. And what's kind of interesting about the history, not to geek out on this aspect, what's kind of interesting about the history is both of those folks ended up being right.Eric: Documents were actually the pragmatic way that the web worked. Was, you know, became the most ubiquitous platform in the world to the degree now that this is why WebAssembly has been invented is that we're doing, we need to do more low level things in a browser, same thing with WebGPU, et cetera. And so all these APIs, you know, to build an operating system came to the browser.Eric: And that was actually the realization we had in 2017 was, holy heck, like you can actually, you know, service workers, which were designed for allowing your app to work offline. That was the kind of the key one where it was like, wait a second, you can actually now run. Web servers within a [00:22:00] browser, like you can run a server that you open up.Eric: That's wild. Like full Node. js. Full Node. js. Like that capability. Like, I can have a URL that's programmatically controlled. By a web application itself, boom. Like the web can build the web. The primitive is there. Everyone at the time, like we talked to people that like worked on, you know Chrome and V8 and they were like, uhhhh.Eric: You know, like I don't know. But it's one of those things you just kind of have to go do it to find out. So we spent a couple of years, you know, working on it and yeah. And, and, and got to work in back in 2021 is when we kind of put the first like data of web container online. Butswyx: in partnership with Google, right?swyx: Like Google actually had to help you get over the finish line with stuff.Eric: A hundred percent, because well, you know, over the years of when we were doing the R and D on the thing. Kind of the biggest challenge, the two ways that you can kind of test how powerful and capable a platform are, the two types of applications are one, video games, right, because they're just very compute intensive, a lot of calculations that have to happen, right?Eric: The second one are IDEs, because you're talking about actually virtualizing the actual [00:23:00] runtime environment you are in to actually build apps on top of it, which requires sophisticated capabilities, a lot of access to data. You know, a good amount of compute power, right, to effectively, you know, building app in app sort of thing.Eric: So those, those are the stress tests. So if your platform is missing stuff, those are the things where you find out. Those are, those are the people building games and IDEs. They're the ones filing bugs on operating system level stuff. And for us, browser level stuff.Eric [00:23:47]: yeah, what ended up happening is we were just hammering, you know, the Chromium bug tracker, and they're like, who are these guys? Yeah. And, and they were amazing because I mean, just making Chrome DevTools be able to debug, I mean, it's, it's not, it wasn't originally built right for debugging an operating system, right? They've been phenomenal working with us and just kind of really pushing the limits, but that it's a rising tide that's kind of lifted all boats because now there's a lot of different types of applications that you can debug with Chrome Dev Tools that are running a browser that runs more reliably because just the stress testing that, that we and, you know, games that are coming to the web are kind of pushing as well, but.Itamar [00:24:23]: That's awesome. About the testing, I think like most, let's say coding assistant from different kinds will need this loop of testing. And even I would add code review to some, to some extent that you mentioned. How is testing different from code review? Code review could be, for example, PR review, like a code review that is done at the point of when you want to merge branches. But I would say that code review, for example, checks best practices, maintainability, and so on. It's not just like CI, but more than CI. And testing is like a more like checking functionality, et cetera. So it's different. We call, by the way, all of these together code integrity, but that's a different story. Just to go back to the, to the testing and specifically. Yeah. It's, it's, it's since the first slide. Yeah. We're consistent. So if we go back to the testing, I think like, it's not surprising that for us testing is important and for Bolt it's testing important, but I want to shed some light on a different perspective of it. Like let's think about autonomous driving. Those startups that are doing autonomous driving for highway and autonomous driving for the city. And I think like we saw the autonomous of the highway much faster and reaching to a level, I don't know, four or so much faster than those in the city. Now, in both cases, you need testing and quote unquote testing, you know, verifying validation that you're doing the right thing on the road and you're reading and et cetera. But it's probably like so different in the city that it could be like actually different technology. And I claim that we're seeing something similar here. So when you're building the next Wix, and if I was them, I was like looking at you and being a bit scared. That's what you're disrupting, what you just said. Then basically, I would say that, for example, the UX UI is freaking important. And because you're you're more aiming for the end user. In this case, maybe it's an end user that doesn't know how to develop for developers. It's also important. But let alone those that do not know to develop, they need a slick UI UX. And I think like that's one reason, for example, I think Cursor have like really good technology. I don't know the underlying what's under the hood, but at least what they're saying. But I think also their UX UI is great. It's a lot because they did their own ID. While if you're aiming for the city AI, suddenly like there's a lot of testing and code review technology that it's not necessarily like that important. For example, let's talk about integration tests. Probably like a lot of what you're building involved at the moment is isolated applications. Maybe the vision or the end game is maybe like having one solution for everything. It could be that eventually the highway companies will go into the city and the other way around. But at the beginning, there is a difference. And integration tests are a good example. I guess they're a bit less important. And when you think about enterprise software, they're really important. So to recap, like I think like the idea of looping and verifying your test and verifying your code in different ways, testing or code review, et cetera, seems to be important in the highway AI and the city AI, but in different ways and different like critical for the city, even more and more variety. Actually, I was looking to ask you like what kind of loops you guys are doing. For example, when I'm using Bolt and I'm enjoying it a lot, then I do see like sometimes you're trying to catch the errors and fix them. And also, I noticed that you're breaking down tasks into smaller ones and then et cetera, which is already a common notion for a year ago. But it seems like you're doing it really well. So if you're willing to share anything about it.Eric [00:28:07]: Yeah, yeah. I realized I never actually hit the punchline of what I was saying before. I mentioned the point about us kind of writing an operating system from scratch because what ended up being important about that is that to your point, it's actually a very, like compared to like a, you know, if you're like running cursor on anyone's machine, you kind of don't know what you're dealing with, with the OS you're running on. There could be an error happens. It could be like a million different things, right? There could be some config. There could be, it could be God knows what, right? The thing with WebConnect is because we wrote the entire thing from scratch. It's actually a unified image basically. And we can instrument it at any level that we think is going to be useful, which is exactly what we did when we started building Bolt is we instrumented stuff at like the process level, at the runtime level, you know, et cetera, et cetera, et cetera. Stuff that would just be not impossible to do on local, but to do that in a way that works across any operating system, whatever is, I mean, would just be insanely, you know, insanely difficult to do right and reliably. And that's what you saw when you've used Bolt is that when an error actually will occur, whether it's in the build process or the actual web application itself is failing or anything kind of in between, you can actually capture those errors. And today it's a very primitive way of how we've implemented it largely because the product just didn't exist 90 days ago. So we're like, we got some work ahead of us and we got to hire some more a little bit, but basically we present and we say, Hey, this is, here's kind of the things that went wrong. There's a fix it button and then a ignore button, and then you can just hit fix it. And then we take all that telemetry through our agent, you run it through our agent and say, kind of, here's the state of the application. Here's kind of the errors that we got from Node.js or the browser or whatever, and like dah, dah, dah, dah. And it can take a crack at actually solving it. And it's actually pretty darn good at being able to do that. That's kind of been a, you know, closing the loop and having it be a reliable kind of base has seemed to be a pretty big upgrade over doing stuff locally, just because I think that's a pretty key ingredient of it. And yeah, I think breaking things down into smaller tasks, like that's, that's kind of a key part of our agent. I think like Claude did a really good job with artifacts. I think, you know, us and kind of everyone else has, has kind of taken their approach of like actually breaking out certain tasks in a certain order into, you know, kind of a concrete way. And, and so actually the core of Bolt, I know we actually made open source. So you can actually go and check out like the system prompts and et cetera, and you can run it locally and whatever have you. So anyone that's interested in this stuff, I'd highly recommend taking a look at. There's not a lot of like stuff that's like open source in this realm. It's, that was one of the fun things that we've we thought would be cool to do. And people, people seem to like it. I mean, there's a lot of forks and people adding different models and stuff. So it's been cool to see.Swyx [00:30:41]: Yeah. I'm happy to add, I added real-time voice for my opening day demo and it was really fun to hack with. So thank you for doing that. Yeah. Thank you. I'm going to steal your code.Eric [00:30:52]: Because I want that.Swyx [00:30:52]: It's funny because I built on top of the fork of Bolt.new that already has the multi LLM thing. And so you just told me you're going to merge that in. So then you're going to merge two layers of forks down into this thing. So it'll be fun.Eric [00:31:03]: Heck yeah.Alessio [00:31:04]: Just to touch on like the environment, Itamar, you maybe go into the most complicated environments that even the people that work there don't know how to run. How much of an impact does that have on your performance? Like, you know, it's most of the work you're doing actually figuring out environment and like the libraries, because I'm sure they're using outdated version of languages, they're using outdated libraries, they're using forks that have not been on the public internet before. How much of the work that you're doing is like there versus like at the LLM level?Itamar [00:31:32]: One of the reasons I was asking about, you know, what are the steps to break things down, because it really matters. Like, what's the tech stack? How complicated the software is? It's hard to figure it out when you're dealing with the real world, any environment of enterprise as a city, when I'm like, while maybe sometimes like, I think you do enable like in Bolt, like to install stuff, but it's quite a like controlled environment. And that's a good thing to do, because then you narrow down and it's easier to make things work. So definitely, there are two dimensions, I think, actually spaces. One is the fact just like installing our software without yet like doing anything, making it work, just installing it because we work with enterprise and Fortune 500, etc. Many of them want on prem solution.Swyx [00:32:22]: So you have how many deployment options?Itamar [00:32:24]: Basically, we had, we did a metric metrics, say 96 options, because, you know, they're different dimensions. Like, for example, one dimension, we connect to your code management system to your Git. So are you having like GitHub, GitLab? Subversion? Is it like on cloud or deployed on prem? Just an example. Which model agree to use its APIs or ours? Like we have our Is it TestGPT? Yeah, when we started with TestGPT, it was a huge mistake name. It was cool back then, but I don't think it's a good idea to name a model after someone else's model. Anyway, that's my opinion. So we gotSwyx [00:33:02]: I'm interested in these learnings, like things that you change your mind on.Itamar [00:33:06]: Eventually, when you're building a company, you're building a brand and you want to create your own brand. By the way, when I thought about Bolt.new, I also thought about if it's not a problem, because when I think about Bolt, I do think about like a couple of companies that are already called this way.Swyx [00:33:19]: Curse companies. You could call it Codium just to...Itamar [00:33:24]: Okay, thank you. Touche. Touche.Eric [00:33:27]: Yeah, you got to imagine the board meeting before we launched Bolt, one of our investors, you can imagine they're like, are you sure? Because from the investment side, it's kind of a famous, very notorious Bolt. And they're like, are you sure you want to go with that name? Oh, yeah. Yeah, absolutely.Itamar [00:33:43]: At this point, we have actually four models. There is a model for autocomplete. There's a model for the chat. There is a model dedicated for more for code review. And there is a model that is for code embedding. Actually, you might notice that there isn't a good code embedding model out there. Can you name one? Like dedicated for code?Swyx [00:34:04]: There's code indexing, and then you can do sort of like the hide for code. And then you can embed the descriptions of the code.Itamar [00:34:12]: Yeah, but you do see a lot of type of models that are dedicated for embedding and for different spaces, different fields, etc. And I'm not aware. And I know that if you go to the bedrock, try to find like there's a few code embedding models, but none of them are specialized for code.Swyx [00:34:31]: Is there a benchmark that you would tell us to pay attention to?Itamar [00:34:34]: Yeah, so it's coming. Wait for that. Anyway, we have our models. And just to go back to the 96 option of deployment. So I'm closing the brackets for us. So one is like dimensional, like what Git deployment you have, like what models do you agree to use? Dotter could be like if it's air-gapped completely, or you want VPC, and then you have Azure, GCP, and AWS, which is different. Do you use Kubernetes or do not? Because we want to exploit that. There are companies that do not do that, etc. I guess you know what I mean. So that's one thing. And considering that we are dealing with one of all four enterprises, we needed to deal with that. So you asked me about how complicated it is to solve that complex code. I said, it's just a deployment part. And then now to the software, we see a lot of different challenges. For example, some companies, they did actually a good job to build a lot of microservices. Let's not get to if it's good or not, but let's first assume that it is a good thing. A lot of microservices, each one of them has their own repo. And now you have tens of thousands of repos. And you as a developer want to develop something. And I remember me coming to a corporate for the first time. I don't know where to look at, like where to find things. So just doing a good indexing for that is like a challenge. And moreover, the regular indexing, the one that you can find, we wrote a few blogs on that. By the way, we also have some open source, different than yours, but actually three and growing. Then it doesn't work. You need to let the tech leads and the companies influence your indexing. For example, Mark with different repos with different colors. This is a high quality repo. This is a lower quality repo. This is a repo that we want to deprecate. This is a repo we want to grow, etc. And let that be part of your indexing. And only then things actually work for enterprise and they don't get to a fatigue of, oh, this is awesome. Oh, but I'm starting, it's annoying me. I think Copilot is an amazing tool, but I'm quoting others, meaning GitHub Copilot, that they see not so good retention of GitHub Copilot and enterprise. Ooh, spicy. Yeah. I saw snapshots of people and we have customers that are Copilot users as well. And also I saw research, some of them is public by the way, between 38 to 50% retention for users using Copilot and enterprise. So it's not so good. By the way, I don't think it's that bad, but it's not so good. So I think that's a reason because, yeah, it helps you auto-complete, but then, and especially if you're working on your repo alone, but if it's need that context of remote repos that you're code-based, that's hard. So to make things work, there's a lot of work on that, like giving the controllability for the tech leads, for the developer platform or developer experience department in the organization to influence how things are working. A short example, because if you have like really old legacy code, probably some of it is not so good anymore. If you just fine tune on these code base, then there is a bias to repeat those mistakes or old practices, etc. So you need, for example, as I mentioned, to influence that. For example, in Coda, you can have a markdown of best practices by the tech leads and Coda will include that and relate to that and will not offer suggestions that are not according to the best practices, just as an example. So that's just a short list of things that you need to do in order to deal with, like you mentioned, the 100.1 to 100.2 version of software. I just want to say what you're doing is extremelyEric [00:38:32]: impressive because it's very difficult. I mean, the business of Stackplus, kind of before bulk came online, we sold a version of our IDE that went on-prem. So I understand what you're saying about the difficulty of getting stuff just working on-prem. Holy heck. I mean, that is extremely hard. I guess the question I have for you is, I mean, we were just doing that with kind of Kubernetes-based stuff, but the spread of Fortune 500 companies that you're working with, how are they doing the inference for this? Are you kind of plugging into Azure's OpenAI stuff and AWS's Bedrock, you know, Cloud stuff? Or are they just like running stuff on GPUs? Like, what is that? How are these folks approaching that? Because, man, what we saw on the enterprise side, I mean, I got to imagine that that's a huge challenge. Everything you said and more, like,Itamar [00:39:15]: for example, like someone could be, and I don't think any of these is bad. Like, they made their decision. Like, for example, some people, they're, I want only AWS and VPC on AWS, no matter what. And then they, some of them, like there is a subset, I will say, I'm willing to take models only for from Bedrock and not ours. And we have a problem because there is no good code embedding model on Bedrock. And that's part of what we're doing now with AWS to solve that. We solve it in a different way. But if you are willing to run on AWS VPC, but run your run models on GPUs or inferentia, like the new version of the more coming out, then our models can run on that. But everything you said is right. Like, we see like on-prem deployment where they have their own GPUs. We see Azure where you're using OpenAI Azure. We see cases where you're running on GCP and they want OpenAI. Like this cross, like a case, although there is Gemini or even Sonnet, I think is available on GCP, just an example. So all the options, that's part of the challenge. I admit that we thought about it, but it was even more complicated. And it took us a few months to actually, that metrics that I mentioned, to start clicking each one of the blocks there. A few months is impressive. I mean,Eric [00:40:35]: honestly, just that's okay. Every one of these enterprises is, their networking is different. Just everything's different. Every single one is different. I see you understand. Yeah. So that just cannot be understated. That it is, that's extremely impressive. Hats off.Itamar [00:40:50]: It could be, by the way, like, for example, oh, we're only AWS, but our GitHub enterprise is on-prem. Oh, we forgot. So we need like a private link or whatever, like every time like that. It's not, and you do need to think about it if you want to work with an enterprise. And it's important. Like I understand like their, I respect their point of view.Swyx [00:41:10]: And this primarily impacts your architecture, your tech choices. Like you have to, you can't choose some vendors because...Itamar [00:41:15]: Yeah, definitely. To be frank, it makes us hard for a startup because it means that we want, we want everyone to enjoy all the variety of models. By the way, it was hard for us with our technology. I want to open a bracket, like a window. I guess you're familiar with our Alpha Codium, which is an open source.Eric [00:41:33]: We got to go over that. Yeah. So I'll do that quickly.Itamar [00:41:36]: Yeah. A pin in that. Yeah. Actually, we didn't have it in the last episode. So, so, okay.Swyx [00:41:41]: Okay. We'll come back to that later, but let's talk about...Itamar [00:41:43]: Yeah. So, so just like shortly, and then we can double click on Alpha Codium. But Alpha Codium is a open source tool. You can go and try it and lets you compete on CodeForce. This is a website and a competition and actually reach a master level level, like 95% with a click of a button. You don't need to do anything. And part of what we did there is taking a problem and breaking it to different, like smaller blocks. And then the models are doing a much better job. Like we all know it by now that taking small tasks and solving them, by the way, even O1, which is supposed to be able to do system two thinking like Greg from OpenAI like hinted, is doing better on these kinds of problems. But still, it's very useful to break it down for O1, despite O1 being able to think by itself. And that's what we presented like just a month ago, OpenAI released that now they are doing 93 percentile with O1 IOI left and International Olympiad of Formation. Sorry, I forgot. Exactly. I told you I forgot. And we took their O1 preview with Alpha Codium and did better. Like it just shows like, and there is a big difference between the preview and the IOI. It shows like that these models are not still system two thinkers, and there is a big difference. So maybe they're not complete system two. Yeah, they need some guidance. I call them system 1.5. We can, we can have it. I thought about it. Like, you know, I care about this philosophy stuff. And I think like we didn't see it even close to a system two thinking. I can elaborate later. But closing the brackets, like we take Alpha Codium and as our principle of thinking, we take tasks and break them down to smaller tasks. And then we want to exploit the best model to solve them. So I want to enable anyone to enjoy O1 and SONET and Gemini 1.5, etc. But at the same time, I need to develop my own models as well, because some of the Fortune 500 want to have all air gapped or whatever. So that's a challenge. Now you need to support so many models. And to some extent, I would say that the flow engineering, the breaking down to two different blocks is a necessity for us. Why? Because when you take a big block, a big problem, you need a very different prompt for each one of the models to actually work. But when you take a big problem and break it into small tasks, we can talk how we do that, then the prompt matters less. What I want to say, like all this, like as a startup trying to do different deployment, getting all the juice that you can get from models, etc. is a big problem. And one need to think about it. And one of our mitigation is that process of taking tasks and breaking them down. That's why I'm really interested to know how you guys are doing it. And part of what we do is also open source. So you can see.Swyx [00:44:39]: There's a lot in there. But yeah, flow over prompt. I do believe that that does make sense. I feel like there's a lot that both of you can sort of exchange notes on breaking down problems. And I just want you guys to just go for it. This is fun to watch.Eric [00:44:55]: Yeah. I mean, what's super interesting is the context you're working in is, because for us too with Bolt, we've started thinking because our kind of existing business line was going behind the firewall, right? We were like, how do we do this? Adding the inference aspect on, we're like, okay, how does... Because I mean, there's not a lot of prior art, right? I mean, this is all new. This is all new. So I definitely am going to have a lot of questions for you.Itamar [00:45:17]: I'm here. We're very open, by the way. We have a paper on a blog or like whatever.Swyx [00:45:22]: The Alphacodeum, GitHub, and we'll put all this in the show notes.Itamar [00:45:25]: Yeah. And even the new results of O1, we published it.Eric [00:45:29]: I love that. And I also just, I think spiritually, I like your approach of being transparent. Because I think there's a lot of hype-ium around AI stuff. And a lot of it is, it's just like, you have these companies that are just kind of keep their stuff closed source and then just max hype it, but then it's kind of nothing. And I think it kind of gives a bad rep to the incredible stuff that's actually happening here. And so I think it's stuff like what you're doing where, I mean, true merit and you're cracking open actual code for others to learn from and use. That strikes me as the right approach. And it's great to hear that you're making such incredible progress.Itamar [00:46:02]: I have something to share about the open source. Most of our tools are, we have an open source version and then a premium pro version. But it's not an easy decision to do that. I actually wanted to ask you about your strategy, but I think in your case, there is, in my opinion, relatively a good strategy where a lot of parts of open source, but then you have the deployment and the environment, which is not right if I get it correctly. And then there's a clear, almost hugging face model. Yeah, you can do that, but why should you try to deploy it yourself, deploy it with us? But in our case, and I'm not sure you're not going to hit also some competitors, and I guess you are. I wanted to ask you, for example, on some of them. In our case, one day we looked on one of our competitors that is doing code review. We're a platform. We have the code review, the testing, et cetera, spread over the ID to get. And in each agent, we have a few startups or a big incumbents that are doing only that. So we noticed one of our competitors having not only a very similar UI of our open source, but actually even our typo. And you sit there and you're kind of like, yeah, we're not that good. We don't use enough Grammarly or whatever. And we had a couple of these and we saw it there. And then it's a challenge. And I want to ask you, Bald is doing so well, and then you open source it. So I think I know what my answer was. I gave it before, but still interestingEric [00:47:29]: to hear what you think. GeoHot said back, I don't know who he was up to at this exact moment, but I think on comma AI, all that stuff's open source. And someone had asked him, why is this open source? And he's like, if you're not actually confident that you can go and crush it and build the best thing, then yeah, you should probably keep your stuff closed source. He said something akin to that. I'm probably kind of butchering it, but I thought it was kind of a really good point. And that's not to say that you should just open source everything, because for obvious reasons, there's kind of strategic things you have to kind of take in mind. But I actually think a pretty liberal approach, as liberal as you kind of can be, it can really make a lot of sense. Because that is so validating that one of your competitors is taking your stuff and they're like, yeah, let's just kind of tweak the styles. I mean, clearly, right? I think it's kind of healthy because it keeps, I'm sure back at HQ that day when you saw that, you're like, oh, all right, well, we have to grind even harder to make sure we stay ahead. And so I think it's actually a very useful, motivating thing for the teams. Because you might feel this period of comfort. I think a lot of companies will have this period of comfort where they're not feeling the competition and one day they get disrupted. So kind of putting stuff out there and letting people push it forces you to face reality soon, right? And actually feel that incrementally so you can kind of adjust course. And that's for us, the open source version of Bolt has had a lot of features people have been begging us for, like persisting chat messages and checkpoints and stuff. Within the first week, that stuff was landed in the open source versions. And they're like, why can't you ship this? It's in the open, so people have forked it. And we're like, we're trying to keep our servers and GPUs online. But it's been great because the folks in the community did a great job, kept us on our toes. And we've got to know most of these folks too at this point that have been building these things. And so it actually was very instructive. Like, okay, well, if we're going to go kind of land this, there's some UX patterns we can kind of look at and the code is open source to this stuff. What's great about these, what's not. So anyways, NetNet, I think it's awesome. I think from a competitive point of view for us, I think in particular, what's interesting is the core technology of WebContainer going. And I think that right now, there's really nothing that's kind of on par with that. And we also, we have a business of, because WebContainer runs in your browser, but to make it work, you have to install stuff from NPM. You have to make cores bypass requests, like connected databases, which all require server-side proxying or acceleration. And so we actually sell WebContainer as a service. One of the core reasons we open-sourced kind of the core components of Bolt when we launched was that we think that there's going to be a lot more of these AI, in-your-browser AI co-gen experiences, kind of like what Anthropic did with Artifacts and Clod. By the way, Artifacts uses WebContainers. Not yet. No, yeah. Should I strike that? I think that they've got their own thing at the moment, but there's been a lot of interest in WebContainers from folks doing things in that sort of realm and in the AI labs and startups and everything in between. So I think there'll be, I imagine, over the coming months, there'll be lots of things being announced to folks kind of adopting it. But yeah, I think effectively...Swyx [00:50:35]: Okay, I'll say this. If you're a large model lab and you want to build sandbox environments inside of your chat app, you should call Eric.Itamar [00:50:43]: But wait, wait, wait, wait, wait, wait. I have a question about that. I think OpenAI, they felt that people are not using their model as they would want to. So they built ChatGPT. But I would say that ChatGPT now defines OpenAI. I know they're doing a lot of business from their APIs, but still, is this how you think? Isn't Bolt.new your business now? Why don't you focus on that instead of the...Swyx [00:51:16]: What's your advice as a founder?Eric [00:51:18]: You're right. And so going into it, we, candidly, we were like, Bolt.new, this thing is super cool. We think people are stoked. We think people will be stoked. But we were like, maybe that's allowed. Best case scenario, after month one, we'd be mind blown if we added a couple hundred K of error or something. And we were like, but we think there's probably going to be an immediate huge business. Because there was some early poll on folks wanting to put WebContainer into their product offerings, kind of similar to what Bolt is doing or whatever. We were actually prepared for the inverse outcome here. But I mean, well, I guess we've seen poll on both. But I mean, what's happened with Bolt, and you're right, it's actually the same strategy as like OpenAI or Anthropic, where we have our ChatGPT to OpenAI's APIs is Bolt to WebContainer. And so we've kind of taken that same approach. And we're seeing, I guess, some of the similar results, except right now, the revenue side is extremely lopsided to Bolt.Itamar [00:52:16]: I think if you ask me what's my advice, I think you have three options. One is to focus on Bolt. The other is to focus on the WebContainer. The third is to raise one billion dollars and do them both. I'm serious. I think otherwise, you need to choose. And if you raise enough money, and I think it's big bucks, because you're going to be chased by competitors. And I think it will be challenging to do both. And maybe you can. I don't know. We do see these numbers right now, raising above $100 million, even without havingEric [00:52:49]: a product. You can see these. It's excellent advice. And I think what's been amazing, but also kind of challenging is we're trying to forecast, okay, well, where are these things going? I mean, in the initial weeks, I think us and all the investors in the company that we're sharing this with, it was like, this is cool. Okay, we added 500k. Wow, that's crazy. Wow, we're at a million now. Most things, you have this kind of the tech crunch launch of initiation and then the thing of sorrow. And if there's going to be a downtrend, it's just not coming yet. Now that we're kind of looking ahead, we're six weeks in. So now we're getting enough confidence in our convictions to go, okay, this se

“Leadership is where you have, not necessarily a large organization, but increasing scope and increasing impact, while bringing lots of people along with you.” In this milestone episode of the podcast, James Stanier returns for the third time to discuss his latest book, “Become a Great Engineering Leader.” We explore the role of an engineering leader and delve deep into the nuances of engineering leadership. James explains the difference between an engineering leader and an engineering manager through the lens of the three levels of warfare: strategy, operational, and tactical. We then discuss the importance of organizational chart design and some best practices, including Conway's law and how to avoid politics. James also talks about the importance of time management, always having a long-term view of your work (long-termism), and the critical role of writing in leadership. We discuss important approaches such as one-way vs. two-way doors and balancing between writing vs. bias for action. Finally, James explains the importance of strategic thinking, why a strategy is not necessarily a plan, and how an engineering leader can communicate their strategy effectively. He also provides practical tips for upcoming engineering leaders and discusses how we should all navigate a career in technology.   Listen out for: Writing “Become a Great Engineering Leader” - [00:02:19] The Role of Engineering Leader - [00:04:21] Engineering Leader vs Engineering Manager - [00:05:57] Tenure Relevancy - [00:09:36] The Importance of an Org Chart - [00:11:30] Org Chart Best Practices - [00:13:44] Conway's Law - [00:15:55] Avoiding Politics - [00:17:16] Writing Skills & Time Management - [00:21:41] T-Shaped Leadership - [00:26:35] Long-termism - [00:28:39] Leadership is Writing - [00:33:02] Writing vs Bias for Action - [00:36:13] One-Way vs Two-Way Door - [00:38:20] Reading & Seeking Information - [00:41:09] Strategic Thinking - [00:44:46] A Strategy is Not a Plan - [00:48:05] Communicating Your Strategy - [00:52:23] Becoming an Engineering Leader - [00:55:39] 3 Engineering Leader Wisdom - [01:01:56] _____ James Stanier's BioJames Stanier is Director of Engineering at Shopify. James holds a Ph.D. in computer science and runs theengineeringmanager.com. He has over a decade of experience with building people and software. He is also the author of Become an Effective Software Manager and Effective Remote Work. Follow James: LinkedIn – linkedin.com/in/jstanier X – x.com/jstanier The Engineering Manager Blog – theengineeringmanager.com The Engineering Manager Newsletter – theengineeringmanager.substack.com

How do you build a sustainable open-source project and community? What lessons can be learned from Python's history and the current mess that the WordPress community is going through? This week on the show, we speak with Paul Everitt from JetBrains about navigating open-source funding and the start of the Python Software Foundation.

“Now more than ever, engineering leaders are being asked to be more transparent with how their work is getting done. Every single thing that an engineering team works on needs to benefit the business.” Laura Tacho is the CTO of DX and a leading voice in the world of developer experience and productivity. In this episode, we explore the ever important role of aligning developer experience with business goals and discuss the DX Core 4, a new developer productivity framework recently published by DX. Laura shares how engineering leaders can leverage intuition for data-driven decisions and effectively communicate the impact of engineering initiatives in business language. We discuss the importance of balancing business goals with engineering needs and delve into the process of building a strong business case for improving developer experience. Discover the new DX Core 4 framework as Laura breaks down its four dimensions, key metrics, and actionable strategies for measuring and enhancing developer productivity. Learn how DX Core 4 complements existing frameworks, such as DORA, SPACE, and DevEx, and why it suggests “diffs per engineer” as a valuable metric to measure. Understand the Developer Experience Index (DXI) and why internal developer platforms and AI play crucial roles in improving developer experience. Tune in to learn new valuable insights on developer experience and how to measure, communicate, and improve developer productivity effectively.   Listen out for: Career Turning Points - [00:02:13] Following Your Intuition - [00:05:36] Business Oriented Engineering Leaders - [00:08:06] Explaining Tech Debt - [00:12:01] Balancing Between Engineering and Business Focus - [00:16:53] Building a Case for Improving Developer Experience - [00:21:00] DX Core 4 - [00:22:46] DX Core 4 vs Others (DORA, SPACE, DevEx) - [00:25:19] The DX Core 4 Dimensions - [00:26:49] Diffs per Engineer - [00:30:32] Impact Dimension - [00:33:27] Measuring DX Core 4 - [00:34:59] Developer Experience Index (DXI) - [00:38:19] Impact of Implementing DX Core 4 - [00:41:54] Best Strategy to Improve Developer Experience - [00:44:26] Internal Developer Platform & AI - [00:47:52] The Importance of Talking to the Developers - [00:51:40] 3 Tech Lead Wisdom - [00:54:18] _____ Laura Tacho's BioLaura Tacho is CTO at DX, a developer experience company. She's a technology leader with a successful track record leading engineering and product development teams at companies like CloudBees, Aula Education, and Nova Credit. She's been building developer tools and working on improving developer productivity for over 10 years, all the way from the heyday of IaaS and PaaS on cloud, through Docker and containers, CI/CD, and now as part of DX. She's also an executive coach for engineering leaders and an expert in building world-class engineering organisations that consistently deliver outstanding results. Laura has coached CTOs and other engineering leaders from startups to the Fortune 500, and also facilitates a popular course on metrics and engineering team performance. Follow Laura: Website – lauratacho.com LinkedIn – linkedin.com/in/lauratacho DX Core 4 – getdx.com/research/measuring-developer-productivity-with-the-dx-core-4 Developer Productivity Metrics Course - lauratacho.com/developer-productivity-metrics-course _____ Our Sponsors Enjoy an exceptional developer experience with JetBrains. Whatever programming language and technology you use, JetBrains IDEs provide the tools you need to go beyond simple code editing and excel as a developer.Check out FREE coding software options and special offers on jetbrains.com/store/#discounts.Make it happen. With code. Manning Publications is a premier publisher of technical books on computer and software development topics for both experienced developers and new learners alike. Manning prides itself on being independently owned and operated, and for paving the way for innovative initiatives, such as early access book content and protection-free PDF formats that are now industry standard.Get a 40% discount for Tech Lead Journal listeners by using the code techlead24 for all products in all formats. Like this episode?Show notes & transcript: techleadjournal.dev/episodes/198.Follow @techleadjournal on LinkedIn, Twitter, and Instagram.Buy me a coffee or become a patron.

В прошлый раз мы разобрали единую метрику от Microsoft, сегодня же пройдемся по другим популярным способам запихнуть качество кода в одно число.Спасибо всем, кто нас слушает. Ждем Ваши комментарии.Бесплатный открытый курс "Rust для DotNet разработчиков": https://www.youtube.com/playlist?list=PLbxr_aGL4q3S2iE00WFPNTzKAARURZW1ZShownotes: 00:00:00 Вступление00:09:00 Зачем Cyclomatic complexity?00:27:00 Метод, который вызывается один раз, code smell?00:31:55 Code Smells метрика00:43:00 Security метрики00:46:00 Code duplicationСсылки:- https://blog.jetbrains.com/qodana/2023/10/top-6-code-quality-metrics-to-empower-your-team/ : Метрики от JetBrains- https://blog.codacy.com/code-quality-metrics : Метрики от Codacity - https://docs.sonarsource.com/sonarqube/latest/user-guide/code-metrics/metrics-definition/ : Метрики от SonarВидео: https://youtube.com/live/mqFOa9X-rcsСлушайте все выпуски: https://dotnetmore.mave.digitalYouTube: https://www.youtube.com/playlist?list=PLbxr_aGL4q3R6kfpa7Q8biS11T56cNMf5Twitch: https://www.twitch.tv/dotnetmoreОбсуждайте:- Telegram: https://t.me/dotnetmore_chatСледите за новостями:– Twitter: https://twitter.com/dotnetmore– Telegram channel: https://t.me/dotnetmoreCopyright: https://creativecommons.org/licenses/by-sa/4.0/

“Product marketing's purpose is to drive product adoption by shaping market perception through strategic marketing activities that align with business goals.” Are you making the mistake of focusing too much on product and not enough on the market? In this episode, Martina Lauchengo, a partner at Costanoa Ventures and the author of the SVPG book “LOVED: How to Rethink Marketing for Tech Products”, discusses the often-overlooked importance of marketing in the success of tech products. Martina challenges the traditional notion of “product market fit,” suggesting “market product fit” instead, because a product's value is determined by the market's capacity to absorb it. She emphasizes the critical role of go-to-market strategy in informing product development and driving adoption. We explore the four fundamentals of product marketing outlined in Martina's book: ambassador, strategist, storyteller, and evangelist. Martina shares real-world examples of how these principles have been applied successfully, highlighting the importance of understanding customer needs, crafting compelling narratives, and enabling authentic evangelism. Tune in to discover valuable insights into how to rethink marketing for your tech products and achieve greater success.   Listen out for: Career Journey - [00:01:52] Market in the Product Market Fit Dimensions - [00:04:02] Importance of Go-To-Market - [00:07:02] Marketing Tech Product - [00:09:16] Product Marketing vs Marketing Campaign - [00:12:17] Sales-Marketing-Product Roles - [00:15:52] How Product Marketing Collaborate - [00:17:20] Product Marketing Metrics & Attribution - [00:21:16] 4 Fundamentals of Product Marketing - [00:25:33] Ambassadorship - [00:28:40] How to Get Customer Insights - [00:31:25] Human Aspect of Product Marketing - [00:35:47] Directing the Product Go-To-Market - [00:39:03] Storytelling - [00:41:53] Curating Stories - [00:44:50] Evangelism - [00:46:52] Authentic vs Authoritative - [00:49:26] Product Review Channels - [00:52:16] Product Support - [00:54:07] 3 Tech Lead Wisdom - [00:56:01] _____ Martina Lauchengco's BioMartina spent 30 years as a marketing and product leader. She started her career working on market-defining software, Microsoft Office and Netscape Navigator. She teaches what she's learned with SVPG and is a lecturer at UC Berkeley's graduate school of engineering. As a partner at Costanoa Ventures, she sits on multiple boards and coaches startups. She is the author of LOVED: How to Rethink Marketing Tech Products, a #1 Amazon Best Seller. Martina holds a B.A. in Political Science and M.A. in Organizational Behavior from Stanford University. She's a native Californian, mother of two, and proud wife to Chris. Follow Martina: LinkedIn – linkedin.com/in/martinalauchengco Costanoa Ventures – https://costanoa.vc/ Silicon Valley Product Group – svpg.com

“The four common obstacles that are stopping engineers in progressing in their journey are the imposter syndrome, burnout, trouble dealing with other people, and self marketing struggles." Dagna Bieda is an engineer turned coach and the author of “Brain Refactor”. In this episode, Dagna discusses the common obstacles that prevent engineers from progressing in their careers. She also introduces her latest book, “Brain Refactor,” which offers strategies for overcoming these obstacles and achieving success in tech. Dagna emphasizes the importance of understanding our “legacy mental code” and how it can impact our career growth. She outlines an algorithm for reprogramming our legacy mental code, discussing practical steps for identifying the root causes, planning the refactors, scripting new responses, and continuously executing improvements. Towards the end, Dagda dives deeper into handling burnout and dealing with other people and provides practical tips to resolve those common bugs.   Listen out for: Career Journey - [00:02:03] Dagna's Career Transition - [00:04:27] Our Legacy Codebase - [00:10:08] Feedbacks as Debugging Point - [00:13:04] Psychological Safety in Receiving Feedback - [00:17:52] 3 Common Mental Code Refactoring - [00:20:49] The Brain Refactor Algorithm - [00:25:23] Script New Responses - [00:33:45] Merge Conflicts & Cognitive Dissonance - [00:37:33] Common Bug #1: Burnout - [00:42:07] Common Bug #2: Dealing with Other People - [00:51:21] 3 Tech Lead Wisdom - [00:57:02] _____ Dagna Bieda's BioDagna Bieda is an Engineer turned Coach for Engineers and ambitious professionals in tech. With 10+ years of coding experience and coaching since 2019, she's the tough love, “been in your shoes” kinda Coach. Her clients' backgrounds include a spectrum ranging from ICs to CTOs, from small startups to FAANG+ companies, from 2 to 20+ years of experience, and from self-taught devs through career-changing Bootcamp grads to college grads and PhDs. She helps her clients reach their potential and exciting career opportunities by refactoring their brains. Follow Dagna: LinkedIn – https://www.linkedin.com/in/dagnabieda Website – themindfuldev.com

Topics covered in this episode: Why I Still Use Python Virtual Environments in Docker Python Developer Survey Results Anaconda Code add-in for Microsoft Excel Disabling Scheduled Dependency Updates Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through Our courses at Talk Python Training Hello, pytest! Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org Brian: @brianokken@fosstodon.org Show: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: Why I Still Use Python Virtual Environments in Docker by Hynek Schlawack I was going to cover Production-ready Docker Containers with uv but decided to take this diversion instead. Spend a lot of time thinking about the secondary effects of what you do. venvs are well known and well documented. Let's use them. Brian #2: Python Developer Survey Results “… official Python Developers Survey, conducted as a collaborative effort between the Python Software Foundation and JetBrains.” Python w/ Rust rising, but still only 7% ““The drop in HTML/CSS/JS might show that data science is increasing its share of Python.” - Paul Everitt 37% contribute to open source. Awesome. Favorite Resources: Podcasts Lots of familiar faces there. Awesome. Perhaps I shouldn't have decided to move “Python Test” back to Test & Code Usage “Data analysis” down, but I think that's because “data engineering” is added. Data, Web dev, ML, devops, academic, Testing is down 23% Python Versions Still some 2 out there Most folks on 3.10-3.12 Install from: mostly python.org Frameworks web: Flask, Django, Requests, FastAPI … testing: pytest, unittest, mock, doctest, tox, hypothesis, nose (2% might be the Python 2 people) Data science 77% use pandas, 72% NumPy OS: Windows still at 55% Packaging: venv up to 55% I imaging uv will be on the list next year requirements.txt 63%, pyproject.toml 32% virtual env in containers? 47% say no Michael #3: Anaconda Code add-in for Microsoft Excel Run their Python-powered projects in Excel locally with the Anaconda Code add-in Powered by PyScript, an Anaconda supported open source project that runs Python locally without install and setup Features Cells Run Independently Range to Multiple Types init.py file is static and cannot be edited, with Anaconda Code, users have the ability to access and edit imports and definitions, allowing you to write top-level functions and classes and reuse them wherever you need. A Customizable Environment Brian #4: Disabling Scheduled Dependency Updates David Lord Interesting discussion of as they happen or batching of upsates to dependencies dependencies come in requirements files GH Actions in CI workflows pre-commit hooks David was seeing 60 PRs per month when set up on monthly updates (3 ecosystems * 20 projects) new tool for updating GH actions: gha-update, allows for local updating of GH dependencies New process Run pip-compile, gha-update, and pre-commit locally. Update a project's dependencies when actively working on the project, not just whenever a dependency updates. Note that this works fine for dev dependencies, less so for security updates from run time dependencies. But for libraries, runtime dependencies are usually not pinned. Extras Brian: Test & Code coming back this week Michael: Code in a Castle event Python Bytes badge spotting Guido's post removed for moderation Joke: C will watch in silence

Dutch military intelligence warns of the Chinese Coathanger RAT. Pure Storage joins the growing list of Snowflake victims. JetBrains patches a GitHub IDE vulnerability. A data broker hits the brakes on selling driver location data. Flaws in VLC Media player allow remote code execution. Patch Tuesday updates. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, taking on Domain 8, Software Development Security. Farewell, computer engineering legend Lynn Conway.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K's comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe take on Domain 8, Software Development Security, and tackle the following question: At which step of the SDLC should security considerations be first integrated? Functional requirements defining Project initiation and planning Testing and evaluation control System design specification Selected Reading Dutch intelligence says Chinese hacking campaign ‘more extensive' than previously known (The Record) Pure Storage confirms data breach after Snowflake account hack (Bleeping Computer) Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) (Help Net Security) GitHub phishing campaign wipes repos, extorts victims (SC Magazine) Data broker shuts down product related to driver behavior patterns (The Record) VLC Media Player Vulnerabilities Allow Remote Code Execution (Cyber Security News) Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs (Bleeping Computer) ICS Patch Tuesday: Advisories Published by Siemens, Schneider Electric, Aveva, CISA (SecurityWeek) Column: Lynn Conway, leading computer scientist and transgender pioneer, dies at 85 (LA Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices