Creator and lead developer of Linux kernel
POPULARITY
Your favorite open source projects have been busy. We round up the new releases worth knowing about, plus the big kernel changes headed your way soon.Sponsored By:Webroot: Webroot is cloud-based antivirus, engineered to stay out of your way. For a limited time, you can save sixty percent.Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.Support LINUX UnpluggedLinks:AppleTalk 1985-2026 Memorial StickerSorry, I only open regular files StickerWebroot — Save sixty percent when you go to webroot.com/unplugged.
video: https://youtu.be/RCmZKZB-Mf8 The Linux News this week was jam packed. Linus Torvalds announced a new release of the Linux kernel. KDE announced a new release of the Plasma desktop. We've got an update on the AUR Malware from last week, it got better and then worse. Commodore revealed their next product, the Commodore Callback a Smart dumb phone. Yea I know. Plus there's some rumbles going on about the Return of Antergos Linux, we'll talk about that All of this and more on This Week in Linux, the weekly news show that keeps you up to date with what's going on in the Linux and Open Source world. Now let's jump right into Your Source for Linux GNews! Download as MP3 Support the Show Become a Patron = tuxdigital.com/membership Store = tuxdigital.com/store Chapters: 00:00 Intro 00:50 Linux 7.1 Released 03:36 KDE Plasma 6.7 Released 08:40 Antergos Linux Returns?! 16:08 AUR Malware Update for Arch Linux Users 19:39 Commodore Callback, a Smart Dumbphone 25:48 Epic Games Launches Lore Version Control System 28:24 DistroWatch Goes Down, Backups Save the Day 29:59 Outro Links: Linux 7.1 Released https://www.omgubuntu.co.uk/2026/06/linux-7-1-kernel-features https://www.phoronix.com/news/Linux-7.1-Released https://9to5linux.com/linux-kernel-7-1-officially-released-heres-whats-new https://www.gamingonlinux.com/2026/06/linux-kernel-7-1-out-now-with-new-ntfs-driver-lots-of-hardware-improvements/ KDE Plasma 6.7 Released https://kde.org/announcements/plasma/6/6.7.0/ https://quantumproductions.info/articles/2026-05/union-spring-2026-update Antergos Linux Returns?! https://github.com/Antergos-NeXT https://9to5linux.com/first-look-at-antergos-next-a-modern-revival-of-antergos-linux-with-kde-plasma https://distrowatch.com/dwres.php?resource=showheadline&story=20201 AUR Malware Update for Arch Linux Users https://lwn.net/Articles/1077619/ https://www.gamingonlinux.com/2026/06/the-security-situation-with-the-arch-linux-aur-got-a-lot-worse/ https://www.phoronix.com/news/Arch-Linux-AUR-More-Malware https://www.phoronix.com/news/Arch-Linux-AUR-More-Than-1500 https://itsfoss.com/news/yay-v13-release/ https://itsfoss.com/news/arch-linux-aur-malware-flood/ https://fossforce.com/2026/06/arch-says-alls-clear-after-aur-malware-incident-affects-1500-packages/ https://fossforce.com/2026/06/aur-registrations-blocked-amid-ongoing-malware-mess/ https://fossforce.com/2026/06/aur-to-arch-houston-weve-got-a-problem-were-under-attack-again/ https://www.phoronix.com/news/Arch-Linux-AUR-Russian-Spam Commodore Callback, a Smart Dumbphone https://commodore.net/callback/ https://itsfoss.com/news/commodore-callback-8020-launch/ https://arstechnica.com/gadgets/2026/06/commodores-newest-gadget-is-a-flip-phone-that-blocks-social-media-and-browsers/ https://www.tomshardware.com/phones/commodore-announces-linux-based-flip-phone-with-no-social-media-no-browser-the-callback-8020-will-be-available-in-five-retro-colorways-starting-at-usd499-runs-99-percent-of-android-apps https://www.wired.com/story/commodore-callback-8020-is-a-digital-detox-phone-that-isnt-dumb/ Epic Games Launches Lore Version Control System https://lore.org/ https://www.phoronix.com/news/Epic-Games-Lore-VCS https://itsfoss.com/news/lore-launched/ https://www.gamingonlinux.com/2026/06/unreal-engine-6-is-all-about-generative-ai-fortnite-and-the-verse/ https://www.theregister.com/devops/2026/06/17/git-good-with-epic-games-new-open-source-vcs-lore/5257978 DistroWatch Goes Down, Backups Save the Day https://distrowatch.com/ https://www.patreon.com/distrowatch/posts/server-outage-161521259 https://mastodon.social/@distrowatch Support the show https://tuxdigital.com/membership https://store.tuxdigital.com/
A version of this essay has been published by Open Magazine at https://openthemagazine.com/world/india-will-collapse-without-digital-sovereignty-and-pax-indica-lessons-from-hormuzBy now it is clear that the Iran War (or West Asia War) has been a disaster to all concerned, including the principals as well as assorted passersby. The massive amounts spent by the US (at last count $25 billion) are at least articulated; the bill for the enormous infrastructural and human suffering inflicted on Gulf states, in the theater of war, must be greater, by definition.The collateral damages suffered by the rest of the world from the cessation of trade through the Straits of Hormuz will presumably run into the trillions of dollars. As one of the worst affected, India, which imports 90% of its hydrocarbons from the Gulf, not to mention other essential items such as urea (for fertilizer), sulfuric acid, helium, etc., is on track to take a massive hit. As an article in The Economic Times said, “India must brace for broad-based economic shock”.Indian exports of up to $50 billion are also affected, especially agricultural products including perishable foodstuffs, but also gems and jewellery, electronics, textiles and garments. Some of this can be diverted via Oman and the UAE's Fujairah port, but much of it passes through the Straits of Hormuz and is potentially blocked and/or stranded at sea.The Hormuz closure is a body blow to India's economy. What can and will India do about it? The Indian State has a habit of rising to the challenge only when there is a crisis, while vegetating otherwise. The 1991 economic crisis is a case in point; the sanctions following “The Buddha is smiling”, and the denial of cryogenic rocket engines and supercomputers are other examples where the nation rallied. So were covid vaccines. Necessity, they say, is the mother of invention.Turning a threat into an opportunityIf I were to be an optimist, I could say that the current crisis is actually an opportunity. In fact, a major opportunity. My reading of the Iran War is that it is President Trump's strategic tit-for-tat against China for denying him rare earths and cutting off soybean purchases. In return Trump decided to deny China access to oil by closing access to Venezuela and Iran. Whether this will work, or whether the G2 condominium (read ‘surrender') will prevail, is unclear.But that is, in a sense, background noise that needs to be managed. India needs to focus on its own issues, of which I see several as critical, and the solution in general is to become Atmanirbhar, self-reliant, and from that, to create an Anti-Fragile nation:* National security/defense* Food security* Energy security* Digital security/narrative control* Trade securityThe first three do not need an explanation: they are obvious. Internal and external security are pre-requisites for any successful society. If India's hard-won food security can be threatened by external threats, then there needs to be some deep introspection. Energy security means diversification, both of hydrocarbon sources, and of types of energy, including renewables, nuclear, biomass, coal-based, and so on.Malign narratives and digital sovereigntyNarrative control is something that the Indian State has failed at so far; it is laughably easy to create hate speech against Indians and India (as has been demonstrated freely by any number of players, starting from the MAGA crowd, to Audrey Truschke to a”Cockroach Janata Party” and some nitwit Norwegian journalist in just the last fortnight) and there are no consequences to the culprits. It's enough to make me pine for Lee Kuan Yew's aggressive legal battles against the media.It's one thing if it were only a problem with foreigners, but with the massive spread of social media, and in particular generativeAI, it is becoming a serious domestic issue. Since India is an avid consumer of social media, and because generativeAI is trained on things like Wikipedia, X, Whatsapp and Google content, biased and motivated material becomes ensconced as The Truth. I have written about narrative warfare and manufacturing consent.This used to be a one-way tsunami of (mis)-information by legacy media, but now there is also the opposite: the wholesale and free vacuuming-up of Indian data (whatever happened to “data is the new oil”?). The “Great Firewall of China” both kept out foreign BIg Tech applications and prevented their plundering Chinese data: is that the way to go?Manufactured narratives are intended for regime change: all the color revolutions today are hatched with massive bot-farms funded by some combination of Deep State, CCP, ISI, Qatar etc. (for example the alleged Gen-Z uprisings that rocked Nepal, drove Sheikh Hasina out of Bangladesh). Thus muzzling malign narratives, and ensuring data security, are imperative.Even Singapore is not immune: it had to block anti-India narratives that likely originated from Chinese sources.A particularly striking example of narrative warfare is the virtual hate speech inducted into Wikipedia by deeply prejudiced anonymous editors. Ashley Rindsberg, who exposed the mighty New York Times' biases in his book The Gray Lady Winked, provides many examples of this.Of note to Indians and Hindus is his recent substack titled “Wikipedia's India War” where he identifies just four editors as having created most of the content condemning the Hindu American Foundation (HAF) in ‘Wikivoice', i.e. the allegedly neutral perspective of Wikipedia. They are, on the contrary, shown to be highly one-sided.As Rindsberg mentions, Wikipedia being central to generativeAI, the damage is baked into the world-view of all AI applications. Truly Orwellian. Says Rindsberg: “four… anonymous accounts can have an enormous impact on what millions of people believe to be the truth.” “Over four years (2021-2025), editors systematically erased HAF's identity as an American civil rights group, transforming its Wikipedia page into a heavily curated dossier of accusations.”Trade, and how the Spice Route was far superior to the Silk RoadFinally, something that is becoming increasingly important: ensuring freedom of trade. This is more than just freedom of navigation, although I find it instructive that Emperor Rajendra Chola sent a huge fleet 1,001 years ago simply to open up the Straits of Malacca. India can make an active attempt to regain primacy in Indian Ocean trade, the whole Pax indica idea.Here is another example of the power of narrative: we have been led to believe that the Silk Road to China was some major highway of commerce between ancient Rome and ancient China, but it was a term coined only in 1877 by the German Ferdinand von Richthofen. There was no highway. A large caravan might take six months, and with 500 camels traversing treacherous deserts and braving bandits, it might carry a maximum of 100 tons. That is puny.In comparison, on the Spice Route, a single stitched ship from Muziris could carry 400 tons of ivory, pepper, silk, tigers and elephants; and the historian Strabo around 1 CE talks about fleets of 250 ships going from Alexandria to India on a six-week monsoon-powered journey. That is 100,000 tons of merchandise. No wonder Pliny the Elder complained that Rome's treasuries were being emptied of gold by India.Simple question: where are hoards of ancient Roman coins found in Asia? Answer: not along the Silk Road. The hoards are in Kerala, Tamil Nadu and Sri Lanka.Today, it is possible for India to aspire to port-led development of trade, especially with the major ports at Trivandrum (Vizhinjam), Maharashtra (Vadhavan), and Great Nicobar (Galathea Bay). The underlying ‘software' of India's millennia-old trade competency was a ‘multi-protocol switch' as I pointed out, and today's India Stack can replicate that. Then there is the need for a blue-water navy: muscle to provide security on the Hormuz to Malacca sea-lanes.So there is a vision. How can India get there? This is where policy matters, as I discussed with policy expert Anuj Gupta. Policy, especially industrial policy, has had a bad reputation in certain circles because it was deemed to violate the virginal purity of classical capitalism. However, in a recent U-turn, even the World Bank admitted that industrial policy may not be all that bad, after all: the success of Japan, the Asian Tigers, and China can't be ignored.That leads to the question of why policy in India has produced mediocre outcomes, what is different now, and where the best use of policy might be.Industrial Policy: What went wrong in the past?There are many problems here. To begin with, the Soviet model, which Nehruvians swore by, was, in hindsight, a dead end. Second, there is the problem of governance: post-Independence bureaucrats have awkwardly borne the legacy of imperial hauteur and the needs of a developing society. Third, until recently, the bare necessities (food, electricity, road access) were not available to many citizens, and GDP growth was not their priority.There is also the culture of jugaad: of clever ways in which you overcome constraints through frugal improvisation and seat-of-the-pants making-do. This is fine for one-off things (e.g. converting a tractor trailer into a makeshift transport vehicle because your truck broke down), but it does not make for efficient and replicable industrial products. As The Economic Times said recently, it is time to junk jugaad. Quality has to become ingrained in people's minds.The issue of governance is significant: the bureaucracy and the judiciary have both under-performed, politicians, as everywhere, have been venal. It is said that China's growth can be attributed to the fact that its babus are engineers, and therefore with engineering ruthlessness move in straight lines. The US' babus are lawyers, and India's are humanities graduates. Well, engineers are not very good at second-order effects (eg. China's lurch from one-child policy to demographic collapse), but a little bit of ruthlessness is probably good.What is going reasonably well?There are a few modest success stories: for example, in electronics manufacturing or assembly. The PLIs (and DLIs) have produced the desired effort, with clusters of excellence where global suppliers have also set up shop (as they did earlier for the automobile industry in, say, Sriperumpudur). The fact that a lot of iPhones in the US are now imported from India is laudable, even though it may be derided as “screwdriver jobs”. That's where one starts the move up the value chain.The current semiconductor policy is a big hope, especially after the landmark agreement by the Dutch firm ASML with Tata Electronics in Dholera, Gujarat. Given that ASML has a near-monopoly position in Deep Ultraviolet Lithography (DUV) this is a major boost to India's chip ambitions. My recent conversation with AMD CTO Suraj Rengarajan went into India's chances to realize its ambitions.A recent announcement from Trivandrum-based fabless startup NetraSemi (a recipient of DLI) of the commercial availability of its edge AI chips is a landmark.Next is the newly announced plan for energy security revolving around both coal gasification and intensive offshore exploration. These fall squarely into the Atmanirbhar category: India simply cannot afford to have its energy held hostage by distant nations. It also needs distinctly Indian innovation.The Samudra Manthan initiative is also showing some promise. At least one out of three deep-water wells in the Andaman Sea (SriVijaya Puram-3) are reported to be showing the availability of natural gas, although it will take 5-10 years for this to be commercially available.What should the future look like for India's Industrial Policies?This of course is the hard question. Here is my personal perspective, and I accept that reasonable people may disagree. I think three areas need to be focused on, and will pay large dividends.* Drones and swarming software* Social media and AI stack* Maritime Trade and Blue-Water NavyI admit that these are not the only worthwhile industrial policies. Another is for copper, which would reverse the catastrophic effects of the closure of the Sterlite plant in Thoothukkudi, as the metal is an increasingly important component in electronics, data centers, etc., and far from being self-sufficient earlier, India now imports 50% of its needs. Another area of interest in quantum computing.There are also failures from which the right lessons need to be learned. The policy for EV batteries has apparently failed: according to Swarajya magazine, India has not been able to escape from near-total dependence on imported Chinese batteries.Drone swarmsI wrote recently that drones may well herald a step-change in warfare. For the moment, though, they are searching for their niche in offensive/defensive warfare. Drone hardware is already a well-trodden path with Chinese and other nations dominating it, although with IdeaForge, Paras, Garuda, IoTechworld Avigation etc., India is also making progress there. And India is indeed buying the hardware, $2 billion-worth, according to the Economic Times.But I believe the real game is in drone swarms. AI-based control software (similar to HiveMind) that would allow an entire swarm to act autonomously, just like a murmuration of starlings, would be the gold standard to aim for. Such a self-managing swarm would be virtually impossible to defend against, and I think India should put in place a PLI to support it, leveraging software capability in the country.Of course, drones are not just for military purposes, but also for commercial uses including things like logistics and agricultural use, such as precision delivery of fertilizer and pesticide to crops (as Garuda demonstrates). An Indian initiative that supports both drone hardware, and especially drone software, would be a potential winner.Digital Sovereignty: Social media and AI stackThere is a raging battle over which part of the AI stack India needs to invest in. As an old Unix hand, I believe the foundational model is not where the differentiation is. In analogy with Linux (the open-source Unix variant that was popularized by Linus Torvalds and an army of volunteers), there is little value in re-writing the operating system, but one can differentiate by building on top of it, or by judiciously choosing certain modules of it.Besides, the cost of building an entirely new foundational model would be astronomical and would consume the entire budget of IndiaAI Mission.Thus, my personal opinion is that the foundational model (especially when, it is believed, there are more or less open-source models available for free, e.g. Llama, DeepSeek) is not where India should expend its precious R&D resources, but on the layers of the stack above it. It is the data that matters, as Larry Ellison apparently suggests too.But there is the interesting counter-example of Sarvam AI which is producing its own sovereign model: multi-lingual and presumably otherwise tuned to Indian needs. The question is whether this can survive when hundreds of billions worth of capital investment are going to the US Big Tech companies and their Chinese rivals. The sad history of Koo, a Twitter rival, comes to mind. So does Arattai, a Whatsapp rival, whose popularity has waned. .A well-thought-through industrial policy on generativeAI is therefore essential. The status quo ante is unsustainable; given the fact that Sarvam has also found it difficult to raise funds in the US, it is worth pondering whether a China-style massive subsidy is the answer. And where should it go, into foundational models or into the layers of the stack above it? The answer is “both”, but with priority to the latter.Here is where I would prioritize investments, in order:* Vertical applications in specific domains: e.g. defense, healthcare, agriculture, governance (particularly in the judiciary and in ease of doing business in the bureaucracy)* Fine-tuning and customization: for the needs of the Indian context, e.g. multi-linguality under Bhashini* Compute infrastructure: GPUs, sovereign and protected indian datasets* Sovereign Small-Language Models such as Sarvam AIAs mentioned above, at the moment India's data is being sucked up for free by US Big Tech. In addition, there is the real danger that Indic Knowledge Systems will be mined and digested, as has happened to yoga, pranayama, etc., which have been given Western analogs and nomenclature, as in Pilates, ‘coherent breathing' etc.These two problems are connected, and both need to be tackled in parallel. Social media is being weaponized against India, and this is magnified by the legacy media in a positive feedback loop. Three examples: one was the rage against Adani based on the dubious research of Hindenburg, which then went under; the second is Bloomberg's reckless accusation about gold reserves being sold by the RBI, which they were forced to retract, but social media and Wikipedia will remember it; the third is the meteoric (media) rise of the Cockroach Janata Party.Trade using major ports, Digital Public Infrastructure and a blue water navyUsing trade for competitive advantage is an age-old tactic. The trade tiffs between the US and China are examples of this: we are witnessing war by other means. Many nations are getting into this act, and India does have some advantages, partly based on geography. Maritime trade is likely to continue to be the key, which makes naval chokepoints the big story, but not the only story to watch out for.The major aspects of maritime trade include infrastructure, the digital “multi-protocol switch”, and security. On the one hand, India is developing not only major container ports, and the road/rail links to get to them, and the industrial goods to ship out through them, but also a serious shipbuilding industry, which was one of India's historical strengths. Then it used to be stitched wooden ships (teak beams lashed together with coconut rope). Now it's modern steel ships.There are the big, efficient new ports, which can now turn ships around with Singapore-like efficiency; the proposed third aircraft carrier group which will make it possible to patrol the Arabian Sea and the Bay of Bengal at the time; the Air-Independent Propulsion diesel submarines and nuclear submarines that can monitor (and if necessary, deny) narrow straits; the sale of supersonic Brahmos cruise missiles to the Philippines, Vietnam and Indonesia (and Cyprus) that create ship-denial zones: all this is muscle.And the final piece, the ‘software' for trade, the “multi-protocol switch”. This last is complicated. Its value is underestimated by many. But this is what enables friction-less transactions between various unrelated parties. The India Stack and the Digital Public Infrastructure can be utilized to provide such a facility. But it is complex enough to need significant study as to what is possible, and how to roll it out.Second-order effectsIn closing, it is worth considering some of what the (unintended) consequences of these proposals may be. Let us note that the G2 has no interest in allowing India to grow and make it a G3. They will do everything in their power to kneecap India, by all means possible.There is also a certain derision for India in some circles. Here is a generic western opinion on why China got rich, and India didn't. Well, the author doesn't consider the second-order effects of the wholesale destruction of Chinese civilization: that is a tradeoff Indians may not prefer for themselves. We all know how China's well-intentioned One Child Policy turned into demographic collapse within a few years. Besides, as The Economist asks, “China is innovative. Its economy is a mess. Which will win out?”This is why I think planning for these second-order effects is important. We tend to ignore them because they seem counterintuitive or unlikely, but Nassim Taleb has sensitized us to how low-probability Black Swan events can have grave consequences.As an example, attempting digital sovereignty may have unwelcome side-effects: Big Tech have the first-mover advantage and network effects and there are increasing returns to scale. They will surely make it hard for a new player to break in. Besides, the large investments in data centers and GCCs that they are making in India would make it very difficult for them to be ejected with a “Great Indian Firewall”.Even taxing their capture of Indian data will be complicated; not to mention that they have demonstrated that they can happily violate copyright laws with no consequence; therefore they will find ways to chew up and spit out Indian Knowledge Systems, and essentially re-colonize India. Digital colonialism is not a threat, it is a reality today, and it is a consequence of the relatively open Indian system.In addition, there is a malign group, the “barbarians within” as Arnold Toynbee once put it, who are ready to sacrifice Indian sovereignty for a pittance.Given all this, it will be very difficult to put in place serious measures to gain digital independence; and the narrative-peddling is likely to gain further momentum: just consider the caste allegations that have haunted BAPS in the US (despite the cases being dismissed by the US DoJ), the Cisco Systems case where, again, the case was dismissed, but the narrative continues, and the persistent efforts in various US states to turn caste into a weapon to bludgeon Indians.Another sensitive issue is that of the multi-protocol switch for trade. While from an Indian point of view, it eases trade and harks back to a Golden Age of Indic maritime commerce, but that will be viewed elsewhere very differently, for instance by the US as an attempt to de-dollarize. The US has jealousy guarded – with very good reasons that we will not go into here – the dollar's reserve currency status.We have also seen what happened to those who attempt to hurt the dollar's primacy: in 1985, the Plaza Accord devalued the dollar, and that was a body blow to Japan's economy, which has not recovered its mojo to this day. Later, Iraq's Saddam Hussein and Libya's Muammar Gaddafi both had ideas about replacing the petro-dollar with, respectively, the Euro and a new pan-African gold-backed currency. We know what happened to them.If the India Stack multi-protocol switch is perceived as an alternative to the US dollar, there may be grave consequences. Therefore, it should be conceived and deployed only as an adjunct to it and to the almighty SWIFT settlement system.ConclusionIndia is at a crossroads now. Even though the Hormuz closure is a serious problem, if it plays its cards right, adversity can be turned into opportunity across a variety of perspectives. The key is Atmanirbhar, self-reliance. If India can now implement a crash program of industrial policy, and at the same time overcome an ingrained Third-World tendency to cut corners, it can finally break free of the years of underperformance, what I called the Nehruvian Penalty in 2004.It is possible, but there are caveats: unforeseen consequences. Hic sunt dracones. Here be dragons. Be afraid. Be very afraid.3700 words, 7 June 2026This is episode 192 of the Shadow Warrior podcast. Here is a companion AI-generated slideshow. (Note that the borders of India are not necessarily depicted correctly here, because it is generated by an AI, notebookLM.google.com) This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit rajeevsrinivasan.substack.com/subscribe
Linus Torvalds äussert sich zu KI-generierten Bug Reports für den Linux-Kernel.
Parce que… c'est l'épisode 0x2FE! Préambule Moins bonne qualité sonore parce que je n'ai pas mon équipement standard. Shameless plug 3 au 5 juin 2026 - SSTIC 2026 24 et 25 juin 2026 - Troopers 26 et 27 juin 2026 - leHACK 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Notes IA ou Ghost in the shell Tout est dans le code Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable' Bug bounty businesses bombarded with AI slop AI eyes scanning for bugs create a worrisome Linux security trend Linux kernel flaw opens root-only files to unprivileged users BrianKrebs: “If AI is truly making it easie…” - Infosec Exchange score by collisions, patch by panic Boum ou BOM What Will Make AI BOMs Real? Operationalising Artificial Intelligence Bills of Materials (AIBOMs) for Verifiable AI Provenance and Lifecycle Assurance How to Make AI BOMs Usable in a Modern Security Program CtF Autonomous LLM Agents & CTFs: A Second Look Retour sur nsec 2026: le pouls de la communauté sur l'agentic CTF Where OpenClaw Security Is Heading Hidden Signals Can Hijack AI Voice Systems When Skills Don't Help: A Negative Result on Procedural Knowledge for Tool-Grounded Agents in Offensive Cybersecurity Gemini 3.5 deleted 28,745 lines, broke production for 33 minutes, and wrote itself a fake post-mortem claiming credit for the fix : r/Bard Even Claude agrees: hole in its sandbox was real and dangerous Agent Security is a Systems Problem Jailbroken Gemini helped Russian-speaking fraudster target MAGA crypto users Anthropic's Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing Trump abruptly cancels EO signing event after top AI firm CEOs declined to go La guerre, la guerre, c'est pas une raison pour se faire mal! Cable dans l'eau chaude Iran eyes a new source of power deep beneath the Strait of Hormuz Iran Now Threatens Fees for Subsea Internet Cables in the Strait of Hormuz Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive Souveraineté ou vive le numérique libre! Poland builds its own Signal amid security concerns The EU Is Going Through a Trump-Fueled Breakup With Big Tech Sovereign cloud: Thales and Google create a S3NS clone in Germany Privacy ou cachez ces informations que je ne saurais voir BrianKrebs: “The Trump Mobile grift keeps g…” - Infosec Exchange Discord adds end-to-end encryption to voice and video calls by default A Bipartisan Amendment Would End Police License Plate Tracking Nationwide Why the Supreme Court's Chatrie case could change the meaning of privacy in America Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption I am the law Pluralistic: There's no such thing as “age verification” You Can Get Some of Your Nudes Removed From the Internet Under a New Law Red ou tout ce qui est brisé Mother of all leak CISA Admin Leaked AWS GovCloud Keys on Github Senator presses CISA for answers about alleged GitHub repository leak Lawmakers Demand Answers as CISA Tries to Contain Data Leak Bitwhat? Get your passwords out of BitWarden while you still can The Quiet Renovation at Bitwarden Microsoft Releases Mitigation for Windows BitLocker Security Bypass 0-Day Vulnerability GitHub confirms being hacked by TeamPCP, says customer data unaffected Google Publishes Exploit Code Threatening Millions of Chromium User Les clés API Google encore en vie même après leur suppression A hacker group is poisoning open source code at an unprecedented scale Scammers Are Abusing an Internal Microsoft Account to Send Spam Links Blue ou tout ce qui améliore notre posture Microsoft disrupts alleged malware-signing operation used by ransomware gangs Europe dismantles VPN service used by cybercriminals to hide ransomware attacks Divers ou parce que j'ai aucune idée où les placer NTSB Wants PDF Removed After It Exposed Final Cockpit Audio From UPS Crash Collaborateurs Nicolas-Loïc Fortin Crédits Montage par Intrasecure inc Locaux réels par Courtyard by Marriott Montreal Midtown
Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 16/05 a 22/05.☕ Café Código FontePrograme sua xícara para o sabor certo!https://cafe.codigofonte.com.br
Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 16/05 a 22/05.☕ Café Código FontePrograme sua xícara para o sabor certo!https://cafe.codigofonte.com.br
This episode covers Mythos uncovering a vulnerability in cURL, a recent Google Threat Intelligence report on a zero-day exploit, and the growing impact of AI on capture-the-flag competitions and bug bounty programs. The hosts also discuss the economics of AI platforms like OpenAI, security research trends, and broader concerns around software vulnerabilities, automation, and defensive tooling.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
Jason Howell and Jeff Jarvis break down everything from Google I/O 2026, where the company made its strongest case yet for winning the AI race. Gemini 3.5 Flash and Gemini Spark were unveiled, AI agents are now doing the searching instead of returning links, and Google's reach extended into design, science, YouTube, and shopping. Jason also demos Genie World Models live.Also in this episode: Andrej Karpathy joins Anthropic, Anthropic acquires a major dev tools startup, Amazon Alexa+ can now generate podcast episodes, Elon Musk's latest lawsuit drama, and a growing American rebellion against AI. Speed round includes the OpenAI IPO, xAI's coding agent, Meta's AR glasses, and more.New episodes every Wednesday at aiinside.show Note: Time codes subject to change depending on dynamic ad insertion by the distributor. CHAPTERS: 0:04:31 - Everything announced at Google I/O 2026 - Times: How Google Is Starting to Win the A.I. Race 0:22:42 - A new era for AI Search - Gemini 3.5: frontier intelligence with action 0:27:53 - Google Launches Gemini Spark: A 24/7 AI Agent That Wants to Make You Ditch OpenClaw 0:44:35 - OpenAI co-founder Andrej Karpathy joins Anthropic 0:46:32 - Anthropic has acquired the dev tools startup used by OpenAI, Google, and Cloudflare 0:55:20 - Amazon's new Alexa+ powered feature can generate podcast episodes 0:57:27 - The Art of War, Elon Musk Edition: How to Lose a Lawsuit and Still Claim Victory 0:59:30 - The American Rebellion Against AI Is Gaining Steam 1:01:46 - NextEra Energy to buy Dominion in deal that unites two key players in race to power AI data centers 1:04:42 - Pope Leo XIV will publish his first encyclical, Magnifica Humanitas, on May 25, with Anthropic co-founder Christopher Olah joining the launch panel at the Vatican 1:06:25 - Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable' 1:08:57 - Meta brings virtual writing to everyone with Meta Ray-Ban Display glasses 1:10:36 - Musk's xAI Unveils First Coding Agent in Bid to Rival Anthropic 1:10:59 - OpenAI is Preparing to File for an IPO Very Soon Hosts: Jason Howell and Jeff Jarvis Download and subscribe to AI Inside in audio and video: https://aiinside.show/ Support the podcast on Patreon for special perks: https://www.patreon.com/aiinsideshow. You'll get ad-free episodes, members-only Discord, T-shirts and stickers you love, and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Learn more about your ad choices. Visit megaphone.fm/adchoices
On this week's show Patrick Gray, Adam Boileau and James Wilson discuss the week's cybersecurity news. They cover: GitHub announced a possible breach CISA leaks important creds, keys in public repo Awful vulnerability in Bitlocker renders it useless without a PIN So. Many. Patches. Polish Government urges officials to ditch Signal for mSzyfr Much, much more This week's show is brought to you by Thinkst Canary. Thinkst's founder, Haroon Meer, is this week's sponsor guest. He joined James Wilson to talk about how doing “the basics” in security isn't trivially easy. This episode is also available on YouTube. Show notes GitHub on X: "We are investigating unauthorized access to GitHub's internal repositories. While we currently have no evidence of impact to customer information stored outside of GitHub's internal repositories (such as our customers' enterprises, organizations, and repositories), we are closely" / X CISA Admin Leaked AWS GovCloud Keys on Github – Krebs on Security Experts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests, Likely in Iran Iran hackers: Hackers have breached tank readers at gas stations; officials suspect Iran is responsible | CNN Politics War and Data Centers Are Driving Up the Cost of Fiber-Optic Cable Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold | The Record from Recorded Future News NCSC's Ollie Whitehouse on surviving the "bugpocalypse" - Risky Business Media Defense at AI speed: Microsoft's new multi-model agentic security system tops leading industry benchmark | Microsoft Security Blog Project Glasswing: what Mythos showed us Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable' First public macOS kernel memory corruption exploit on Apple M5 OpenAI launches Daybreak to combat cyber threats | Cybersecurity Dive Zero-day exploit completely defeats default Windows 11 BitLocker protections - Ars Technica GitHub - Wack0/bitlocker-attacks: A list of public attacks on BitLocker · GitHub Catalin Cimpanu: "The Polish government has advi…" - Mastodon CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday | The Record from Recorded Future News CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED) Huawei zero-day attack behind last year's crash of Luxembourg's entire telecoms network | The Record from Recorded Future News Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN | Cybersecurity Dive Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs | The Record from Recorded Future News Streamer Realtime Deepfakes Himself into Mr. Beast, Says He Loves 'Touching Little Boys'
The user-agent string in the HTTP header has been there since the 1990s. The web was built with software navigating it on someone's behalf. For thirty years that someone was a human. That changes now. Matt Biilmann, CEO and co-founder of Netlify, was one of the first to take seriously what it means when the "user" navigating the web is an AI agent. He published the foundational essay on Agent Experience in January 2025, pivoted his entire company around it, and recently shipped netlify.ai as a separate entry point built for agents. We cover the four pillars of Agent Experience, why every product already has an agent experience whether you designed one or not, content negotiation as a way to tell agents to go to a different URL than humans, why SaaS is in real trouble (with a story from inside Netlify about ripping out vendor contracts), how the data-structure assumption that has defined software for fifty years is breaking, and the one thing every website owner should start doing this week.About the GuestMatt Biilmann is the CEO and co-founder of Netlify, the platform that started the Jamstack movement and is leading the shift from developer experience to agent experience. His January 2025 essay on Agent Experience is the foundational text for the discipline. Chapters00:00 Every product has an agent experience (cold open)00:35 The architectural question01:46 Welcome Matt to No Hacks02:15 When AX became a design constraint, not a concept06:44 The January 28 2025 essay and who got it first10:22 Why netlify.ai was built as a separate website12:44 Content negotiation: telling agents to go to a different URL13:54 Qualitative data and the Axis eval framework17:12 Does AX apply to e-commerce and content websites?20:59 The cumulative media argument (TV did not kill radio)25:00 User-agent in HTTP and Al Gore-era agent commerce laws26:33 SaaS business model is dead: build-vs-buy is shifting30:44 The end of structured content as a hard constraint40:25 One thing every website owner should do now43:08 Where to find Matt onlineKey TakeawaysEvery website already has an agent experience. Agent Experience is how AI agents currently interact with your product, whether through computer use, fetching, or working around the barriers you put up. It is not a feature you add. The only question is whether the experience is good or bad.The four pillars: Access, Context, Tools, Orchestration. Matt's framework for thinking about AX systematically. Access answers whether agents can reach your product at all. Context is the prompt-engineering equivalent for agents. Tools are the concrete capabilities you expose. Orchestration covers how agents string those tools together inside your product.Build a separate entry point for agents. netlify.ai is purpose-built for agents while netlify.com remains the human entry point. Content negotiation tells agents to go to one URL, humans see the other. The blessed-path approach beats trying to make one URL serve both.SaaS economics are shifting structurally. The build-vs-buy floor is dropping fast as AI lowers the cost of software. Traditional 90%-margin seat-based SaaS is in real trouble. Dev tool companies have upside because companies need more tools. Everyone else is going to be ripping out vendor contracts and building internally.The data-structure paradigm is breaking. Software engineering has operated on the Linus Torvalds principle that data structures matter more than code. LLMs are not built around data structures. Building software around LLMs means rethinking the assumption that drove fifty years of computer science.Notable Quotes"Every product has an agent experience because all of these agents, whether through computer use or through fetching your website or through working around the barriers you put up from them, have some agent experience right now. It is just a question of is it good or bad.""There is a reason it is called a user agent in the header. It was forward-looking.""We have been ripping out SaaS contracts. Sometimes it is heartbreaking. The rep calls to right-size the contract and the customer reacts with 'let me see if I can build it with an agent.' Then they call back and cancel instead.""The context and the flows and your creativity are probably more important than both the data structures and the code."What To Do NextOpen your website in Claude Code or ChatGPT and ask the agent to complete a real task. Watch where it stalls. That is your AX baseline.Check your traffic logs for AI assistant visitors (ChatGPT-User, Claude-Web, PerplexityBot, GPTBot). The number is rising whether you measure it or not. Cloudflare reports AI assistants are now 5.5% of all internet traffic, up from 3.9% six months ago.Read Matt's January 28 2025 essay on Agent Experience at biilmann.blog as the starting point. Then read the one-year retrospective for the four pillars framework.If you operate a developer tool or any product with a clear automation surface, start a simple eval scenario: take a fresh agent, give it a task, score whether it succeeds. Axis from Netlify will give a proper framework when it ships open source.Resources Mentionednetlify.ai (the agent-built entry point Matt and team shipped recently)netlify.com (the human entry point)Matt's original Agent Experience essay, January 28 2025: biilmann.blogMatt's "AI in the CLI: The Humanoid Robot of the Web" (August 2025)Claude Code (the agent that flipped broad accessibility for CLI coding agents)Connect with Matt BiilmannBlog: biilmann.blogLinkedIn: linkedin.com/in/mathias-biilmann-christensen-a5a3805Twitter/X: @biilmann (x.com/biilmann)Bluesky: bsky.app/profile/did:plc:grjr4il5dredrsuj7nosb4pqMastodon: mastodon.social/@biilmannNetlify: netlify.com and netlify.aiConnect with No HacksWebsite: nohacks.coSubscribe to the newsletter: nohacks.co/subscribeMachine-First Architecture: machinefirstarchitecture.comNo Hacks is a podcast about web performance, technical SEO, and the agentic web. Hosted by Slobodan "Sani" Manic.
EP 292. This week we kick off with a flood of updates: The agency trusted to protect America's critical infrastructure couldn't protect its own credentials.Canada is reopening one of tech's most consequential debates and this time, your compliance architecture may be in the crosshairs.A researcher's very public falling-out with Microsoft is quietly becoming everyone's security problem.What once took a seasoned red team weeks now takes a small team and a frontier model less than five days.The race to use AI to find flaws faster than attackers is officially underway and the audit trail question is already lagging behind.AI is flooding the Linux kernel security pipeline with noise, and Linus Torvalds has had enough.Regulators are quietly deploying AI surveillance at a scale that reframes what financial oversight even means.The world's most consequential digital chokepoint just became even more of a geopolitical bargaining chip.Let's go get soaked!Find the full transcript to this podcast here.
Linus Torvalds not into AI bug hunters 7-Eleven hit with ransom demand MENA runs new cybercrime op Get the show notes here: https://cisoseries.com/cybersecurity-news-linus-torvalds-talks-ai-bug-hunters-7-eleven-ransom-demand-menas-new-cybercrime-op/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent release of Zero Trust Network Access and Zero Trust Cloud Access, access isn't based on credentials alone, it requires the right user, the right device, and the right conditions. Because as we've seen in recent large-scale CRM breaches, stolen credentials and misconfigurations can expose massive amounts of data. With ThreatLocker, nothing is exposed, and access is limited to exactly what's needed. Learn more and start your free trial today at ThreatLocker.com/CISO.
AI Unraveled: Latest AI News & Trends, Master GPT, Gemini, Generative AI, LLMs, Prompting, GPT Store
Jean-Baptiste Kempf is lead developer of VLC and president of VideoLAN. Kieran Kunhya is a longtime FFmpeg contributor, codec engineer, and the person behind the now-infamous FFmpeg account on X. Thank you for listening ❤ Check out our sponsors: https://lexfridman.com/sponsors/ep496-sc See below for timestamps, transcript, and to give feedback, submit questions, contact Lex, etc. Transcript: https://lexfridman.com/ffmpeg-transcript CONTACT LEX: Feedback – give feedback to Lex: https://lexfridman.com/survey AMA – submit questions, videos or call-in: https://lexfridman.com/ama Hiring – join our team: https://lexfridman.com/hiring Other – other ways to get in touch: https://lexfridman.com/contact EPISODE LINKS: FFmpeg on X: https://x.com/FFmpeg FFmpeg: https://ffmpeg.org/ VideoLAN (VLC): https://www.videolan.org/ VideoLAN on X: https://x.com/videolan Jean-Baptiste’s Website: https://jbkempf.com/ Jean-Baptiste’s LinkedIn: https://www.linkedin.com/in/jbkempf/ Jean-Baptiste’s GitHub: https://github.com/jbkempf Kieran’s X: https://x.com/kierank_ Kieran’s LinkedIn: https://bit.ly/3OORhmC Kieran’s GitHub: https://github.com/kierank SPONSORS: To support this podcast, check out our sponsors & get discounts: Larridin: Measure AI adoption in your business. Go to https://larridin.com Blitzy: AI agent for large enterprise codebases. Go to https://blitzy.com/lex BetterHelp: Online therapy and counseling. Go to https://betterhelp.com/lex Fin: AI agent for customer service. Go to https://fin.ai/lex LMNT: Zero-sugar electrolyte drink mix. Go to https://drinkLMNT.com/lex Perplexity: AI-powered answer engine. Go to https://perplexity.ai/ OUTLINE: (00:00) – Introduction (03:00) – Sponsors, Comments, and Reflections (10:48) – Weirdest things VLC opens (15:12) – How video playback works (24:33) – Video codecs and containers (35:20) – FFmpeg explained (56:20) – Linus Torvalds (1:00:59) – Turning down millions to keep VLC ad-free (1:15:17) – FFmpeg & Google drama (1:34:31) – FFmpeg developers (1:41:08) – VLC and FFmpeg (1:45:42) – History of FFmpeg (1:48:59) – Reverse engineering codecs (2:02:14) – FFmpeg testing (2:06:21) – Assembly code (handwritten) (2:30:39) – Rust programming language (2:39:55) – FFmpeg and Libav fork (2:48:17) – Open source burnout (2:56:04) – x264 and internet video (3:09:20) – Video compression basics (3:16:17) – CIA and fake VLC (3:26:52) – Ultra low latency streaming (3:44:20) – AV2 codec and video patents (3:54:12) – VLC backdoors (4:04:27) – Video archiving (4:11:04) – Future of FFmpeg and VLC
En este episodio analizo la nueva política del Kernel de Linux sobre el uso de IA en el desarrollo de software y qué significa realmente para los programadores. Hablamos de transparencia, responsabilidad humana, asistentes de código, revisión técnica y del cambio que está viviendo la profesión de desarrollador con la llegada de la IA.
Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 21/02 a 27/02.☕ Café Código FontePrograme sua xícara para o sabor certo!https://cafe.codigofonte.com.br
Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 21/02 a 27/02.☕ Café Código FontePrograme sua xícara para o sabor certo!https://cafe.codigofonte.com.br
Bryan Cantrill is the co-founder and CTO of Oxide Computer Company. We discuss why the biggest cloud providers don't use off the shelf hardware, how scaling data centers at samsung's scale exposed problems with hard drive firmware, how the values of NodeJS are in conflict with robust systems, choosing Rust, and the benefits of Oxide Computer's rack scale approach. This is an extended version of an interview posted on Software Engineering Radio. Related links Oxide Computer Oxide and Friends Illumos Platform as a Reflection of Values RFD 26 bhyve CockroachDB Heterogeneous Computing with Raja Koduri Transcript You can help correct transcripts on GitHub. Intro [00:00:00] Jeremy: Today I am talking to Bryan Cantrill. He's the co-founder and CTO of Oxide computer company, and he was previously the CTO of Joyent and he also co-authored the DTrace Tracing framework while he was at Sun Microsystems. [00:00:14] Jeremy: Bryan, welcome to Software Engineering radio. [00:00:17] Bryan: Uh, awesome. Thanks for having me. It's great to be here. [00:00:20] Jeremy: You're the CTO of a company that makes computers. But I think before we get into that, a lot of people who built software, now that the actual computer is abstracted away, they're using AWS or they're using some kind of cloud service. So I thought we could start by talking about, data centers. [00:00:41] Jeremy: 'cause you were. Previously working at Joyent, and I believe you got bought by Samsung and you've previously talked about how you had to figure out, how do I run things at Samsung's scale. So how, how, how was your experience with that? What, what were the challenges there? Samsung scale and migrating off the cloud [00:01:01] Bryan: Yeah, I mean, so at Joyent, and so Joyent was a cloud computing pioneer. Uh, we competed with the likes of AWS and then later GCP and Azure. Uh, and we, I mean, we were operating at a scale, right? We had a bunch of machines, a bunch of dcs, but ultimately we know we were a VC backed company and, you know, a small company by the standards of, certainly by Samsung standards. [00:01:25] Bryan: And so when, when Samsung bought the company, I mean, the reason by the way that Samsung bought Joyent is Samsung's. Cloud Bill was, uh, let's just say it was extremely large. They were spending an enormous amount of money every year on, on the public cloud. And they realized that in order to secure their fate economically, they had to be running on their own infrastructure. [00:01:51] Bryan: It did not make sense. And there's not, was not really a product that Samsung could go buy that would give them that on-prem cloud. Uh, I mean in that, in that regard, like the state of the market was really no different. And so they went looking for a company, uh, and bought, bought Joyent. And when we were on the inside of Samsung. [00:02:11] Bryan: That we learned about Samsung scale. And Samsung loves to talk about Samsung scale. And I gotta tell you, it is more than just chest thumping. Like Samsung Scale really is, I mean, just the, the sheer, the number of devices, the number of customers, just this absolute size. they really wanted to take us out to, to levels of scale, certainly that we had not seen. [00:02:31] Bryan: The reason for buying Joyent was to be able to stand up on their own infrastructure so that we were gonna go buy, we did go buy a bunch of hardware. Problems with server hardware at scale [00:02:40] Bryan: And I remember just thinking, God, I hope Dell is somehow magically better. I hope the problems that we have seen in the small, we just. You know, I just remember hoping and hope is hope. It was of course, a terrible strategy and it was a terrible strategy here too. Uh, and the we that the problems that we saw at the large were, and when you scale out the problems that you see kind of once or twice, you now see all the time and they become absolutely debilitating. [00:03:12] Bryan: And we saw a whole series of really debilitating problems. I mean, many ways, like comically debilitating, uh, in terms of, of showing just how bad the state-of-the-art. Yes. And we had, I mean, it should be said, we had great software and great software expertise, um, and we were controlling our own system software. [00:03:35] Bryan: But even controlling your own system software, your own host OS, your own control plane, which is what we had at Joyent, ultimately, you're pretty limited. You go, I mean, you got the problems that you can obviously solve, the ones that are in your own software, but the problems that are beneath you, the, the problems that are in the hardware platform, the problems that are in the componentry beneath you become the problems that are in the firmware. IO latency due to hard drive firmware [00:04:00] Bryan: Those problems become unresolvable and they are deeply, deeply frustrating. Um, and we just saw a bunch of 'em again, they were. Comical in retrospect, and I'll give you like a, a couple of concrete examples just to give, give you an idea of what kinda what you're looking at. one of the, our data centers had really pathological IO latency. [00:04:23] Bryan: we had a very, uh, database heavy workload. And this was kind of right at the period where you were still deploying on rotating media on hard drives. So this is like, so. An all flash buy did not make economic sense when we did this in, in 2016. This probably, it'd be interesting to know like when was the, the kind of the last time that that actual hard drives made sense? [00:04:50] Bryan: 'cause I feel this was close to it. So we had a, a bunch of, of a pathological IO problems, but we had one data center in which the outliers were actually quite a bit worse and there was so much going on in that system. It took us a long time to figure out like why. And because when, when you, when you're io when you're seeing worse io I mean you're naturally, you wanna understand like what's the workload doing? [00:05:14] Bryan: You're trying to take a first principles approach. What's the workload doing? So this is a very intensive database workload to support the, the object storage system that we had built called Manta. And that the, the metadata tier was stored and uh, was we were using Postgres for that. And that was just getting absolutely slaughtered. [00:05:34] Bryan: Um, and ultimately very IO bound with these kind of pathological IO latencies. Uh, and as we, you know, trying to like peel away the layers to figure out what was going on. And I finally had this thing. So it's like, okay, we are seeing at the, at the device layer, at the at, at the disc layer, we are seeing pathological outliers in this data center that we're not seeing anywhere else. [00:06:00] Bryan: And that does not make any sense. And the thought occurred to me. I'm like, well, maybe we are. Do we have like different. Different rev of firmware on our HGST drives, HGST. Now part of WD Western Digital were the drives that we had everywhere. And, um, so maybe we had a different, maybe I had a firmware bug. [00:06:20] Bryan: I, this would not be the first time in my life at all that I would have a drive firmware issue. Uh, and I went to go pull the firmware, rev, and I'm like, Toshiba makes hard drives? So we had, I mean. I had no idea that Toshiba even made hard drives, let alone that they were our, they were in our data center. [00:06:38] Bryan: I'm like, what is this? And as it turns out, and this is, you know, part of the, the challenge when you don't have an integrated system, which not to pick on them, but Dell doesn't, and what Dell would routinely put just sub make substitutes, and they make substitutes that they, you know, it's kind of like you're going to like, I don't know, Instacart or whatever, and they're out of the thing that you want. [00:07:03] Bryan: So, you know, you're, someone makes a substitute and like sometimes that's okay, but it's really not okay in a data center. And you really want to develop and validate a, an end-to-end integrated system. And in this case, like Toshiba doesn't, I mean, Toshiba does make hard drives, but they are a, or the data they did, uh, they basically were, uh, not competitive and they were not competitive in part for the reasons that we were discovering. [00:07:29] Bryan: They had really serious firmware issues. So the, these were drives that would just simply stop a, a stop acknowledging any reads from the order of 2,700 milliseconds. Long time, 2.7 seconds. Um. And that was a, it was a drive firmware issue, but it was highlighted like a much deeper issue, which was the simple lack of control that we had over our own destiny. [00:07:53] Bryan: Um, and it's an, it's, it's an example among many where Dell is making a decision. That lowers the cost of what they are providing you marginally, but it is then giving you a system that they shouldn't have any confidence in because it's not one that they've actually designed and they leave it to the customer, the end user, to make these discoveries. [00:08:18] Bryan: And these things happen up and down the stack. And for every, for whether it's, and, and not just to pick on Dell because it's, it's true for HPE, it's true for super micro, uh, it's true for your switch vendors. It's, it's true for storage vendors where the, the, the, the one that is left actually integrating these things and trying to make the the whole thing work is the end user sitting in their data center. AWS / Google are not buying off the shelf hardware but you can't use it [00:08:42] Bryan: There's not a product that they can buy that gives them elastic infrastructure, a cloud in their own DC The, the product that you buy is the public cloud. Like when you go in the public cloud, you don't worry about the stuff because that it's, it's AWS's issue or it's GCP's issue. And they are the ones that get this to ground. [00:09:02] Bryan: And they, and this was kind of, you know, the eye-opening moment. Not a surprise. Uh, they are not Dell customers. They're not HPE customers. They're not super micro customers. They have designed their own machines. And to varying degrees, depending on which one you're looking at. But they've taken the clean sheet of paper and the frustration that we had kind of at Joyent and beginning to wonder and then Samsung and kind of wondering what was next, uh, is that, that what they built was not available for purchase in the data center. [00:09:35] Bryan: You could only rent it in the public cloud. And our big belief is that public cloud computing is a really important revolution in infrastructure. Doesn't feel like a different, a deep thought, but cloud computing is a really important revolution. It shouldn't only be available to rent. You should be able to actually buy it. [00:09:53] Bryan: And there are a bunch of reasons for doing that. Uh, one in the one we we saw at Samsung is economics, which I think is still the dominant reason where it just does not make sense to rent all of your compute in perpetuity. But there are other reasons too. There's security, there's risk management, there's latency. [00:10:07] Bryan: There are a bunch of reasons why one might wanna to own one's own infrastructure. But, uh, that was very much the, the, so the, the genesis for oxide was coming out of this very painful experience and a painful experience that, because, I mean, a long answer to your question about like what was it like to be at Samsung scale? [00:10:27] Bryan: Those are the kinds of things that we, I mean, in our other data centers, we didn't have Toshiba drives. We only had the HDSC drives, but it's only when you get to this larger scale that you begin to see some of these pathologies. But these pathologies then are really debilitating in terms of those who are trying to develop a service on top of them. [00:10:45] Bryan: So it was, it was very educational in, in that regard. And you're very grateful for the experience at Samsung in terms of opening our eyes to the challenge of running at that kind of scale. [00:10:57] Jeremy: Yeah, because I, I think as software engineers, a lot of times we, we treat the hardware as a, as a given where, [00:11:08] Bryan: Yeah. [00:11:08] Bryan: Yeah. There's software in chard drives [00:11:09] Jeremy: It sounds like in, in this case, I mean, maybe the issue is not so much that. Dell or HP as a company doesn't own every single piece that they're providing you, but rather the fact that they're swapping pieces in and out without advertising them, and then when it becomes a problem, they're not necessarily willing to, to deal with the, the consequences of that. [00:11:34] Bryan: They just don't know. I mean, I think they just genuinely don't know. I mean, I think that they, it's not like they're making a deliberate decision to kind of ship garbage. It's just that they are making, I mean, I think it's exactly what you said about like, not thinking about the hardware. It's like, what's a hard drive? [00:11:47] Bryan: Like what's it, I mean, it's a hard drive. It's got the same specs as this other hard drive and Intel. You know, it's a little bit cheaper, so why not? It's like, well, like there's some reasons why not, and one of the reasons why not is like, uh, even a hard drive, whether it's rotating media or, or flash, like that's not just hardware. [00:12:05] Bryan: There's software in there. And that the software's like not the same. I mean, there are components where it's like, there's actually, whether, you know, if, if you're looking at like a resistor or a capacitor or something like this Yeah. If you've got two, two parts that are within the same tolerance. Yeah. [00:12:19] Bryan: Like sure. Maybe, although even the EEs I think would be, would be, uh, objecting that a little bit. But the, the, the more complicated you get, and certainly once you get to the, the, the, the kind of the hardware that we think of like a, a, a microprocessor, a a network interface card, a a, a hard driver, an NVME drive. [00:12:38] Bryan: Those things are super complicated and there's a whole bunch of software inside of those things, the firmware, and that's the stuff that, that you can't, I mean, you say that software engineers don't think about that. It's like you, no one can really think about that because it's proprietary that's kinda welded shut and you've got this abstraction into it. [00:12:55] Bryan: But the, the way that thing operates is very core to how the thing in aggregate will behave. And I think that you, the, the kind of, the, the fundamental difference between Oxide's approach and the approach that you get at a Dell HP Supermicro, wherever, is really thinking holistically in terms of hardware and software together in a system that, that ultimately delivers cloud computing to a user. [00:13:22] Bryan: And there's a lot of software at many, many, many, many different layers. And it's very important to think about, about that software and that hardware holistically as a single system. [00:13:34] Jeremy: And during that time at Joyent, when you experienced some of these issues, was it more of a case of you didn't have enough servers experiencing this? So if it would happen, you might say like, well, this one's not working, so maybe we'll just replace the hardware. What, what was the thought process when you were working at that smaller scale and, and how did these issues affect you? UEFI / Baseboard Management Controller [00:13:58] Bryan: Yeah, at the smaller scale, you, uh, you see fewer of them, right? You just see it's like, okay, we, you know, what you might see is like, that's weird. We kinda saw this in one machine versus seeing it in a hundred or a thousand or 10,000. Um, so you just, you just see them, uh, less frequently as a result, they are less debilitating. [00:14:16] Bryan: Um, I, I think that it's, when you go to that larger scale, those things that become, that were unusual now become routine and they become debilitating. Um, so it, it really is in many regards a function of scale. Uh, and then I think it was also, you know, it was a little bit dispiriting that kind of the substrate we were building on really had not improved. [00:14:39] Bryan: Um, and if you look at, you know, the, if you buy a computer server, buy an x86 server. There is a very low layer of firmware, the BIOS, the basic input output system, the UEFI BIOS, and this is like an abstraction layer that has, has existed since the eighties and hasn't really meaningfully improved. Um, the, the kind of the transition to UEFI happened with, I mean, I, I ironically with Itanium, um, you know, two decades ago. [00:15:08] Bryan: but beyond that, like this low layer, this lowest layer of platform enablement software is really only impeding the operability of the system. Um, you look at the baseboard management controller, which is the kind of the computer within the computer, there is a, uh, there is an element in the machine that needs to handle environmentals, that needs to handle, uh, operate the fans and so on. [00:15:31] Bryan: Uh, and that traditionally has this, the space board management controller, and that architecturally just hasn't improved in the last two decades. And, you know, that's, it's a proprietary piece of silicon. Generally from a company that no one's ever heard of called a Speed, uh, which has to be, is written all on caps, so I guess it needs to be screamed. [00:15:50] Bryan: Um, a speed has a proprietary part that has a, there is a root password infamously there, is there, the root password is encoded effectively in silicon. So, uh, which is just, and for, um, anyone who kind of goes deep into these things, like, oh my God, are you kidding me? Um, when we first started oxide, the wifi password was a fraction of the a speed root password for the bmc. [00:16:16] Bryan: It's kinda like a little, little BMC humor. Um, but those things, it was just dispiriting that, that the, the state-of-the-art was still basically personal computers running in the data center. Um, and that's part of what, what was the motivation for doing something new? [00:16:32] Jeremy: And for the people using these systems, whether it's the baseboard management controller or it's the The BIOS or UF UEFI component, what are the actual problems that people are seeing seen? Security vulnerabilities and poor practices in the BMC [00:16:51] Bryan: Oh man, I, the, you are going to have like some fraction of your listeners, maybe a big fraction where like, yeah, like what are the problems? That's a good question. And then you're gonna have the people that actually deal with these things who are, did like their heads already hit the desk being like, what are the problems? [00:17:06] Bryan: Like what are the non problems? Like what, what works? Actually, that's like a shorter answer. Um, I mean, there are so many problems and a lot of it is just like, I mean, there are problems just architecturally these things are just so, I mean, and you could, they're the problems spread to the horizon, so you can kind of start wherever you want. [00:17:24] Bryan: But I mean, as like, as a really concrete example. Okay, so the, the BMCs that, that the computer within the computer that needs to be on its own network. So you now have like not one network, you got two networks that, and that network, by the way, it, that's the network that you're gonna log into to like reset the machine when it's otherwise unresponsive. [00:17:44] Bryan: So that going into the BMC, you can are, you're able to control the entire machine. Well it's like, alright, so now I've got a second net network that I need to manage. What is running on the BMC? Well, it's running some. Ancient, ancient version of Linux it that you got. It's like, well how do I, how do I patch that? [00:18:02] Bryan: How do I like manage the vulnerabilities with that? Because if someone is able to root your BMC, they control the system. So it's like, this is not you've, and now you've gotta go deal with all of the operational hair around that. How do you upgrade that system updating the BMC? I mean, it's like you've got this like second shadow bad infrastructure that you have to go manage. [00:18:23] Bryan: Generally not open source. There's something called open BMC, um, which, um, you people use to varying degrees, but you're generally stuck with the proprietary BMC, so you're generally stuck with, with iLO from HPE or iDRAC from Dell or, or, uh, the, uh, su super micros, BMC, that H-P-B-M-C, and you are, uh, it is just excruciating pain. [00:18:49] Bryan: Um, and that this is assuming that by the way, that everything is behaving correctly. The, the problem is that these things often don't behave correctly, and then the consequence of them not behaving correctly. It's really dire because it's at that lowest layer of the system. So, I mean, I'll give you a concrete example. [00:19:07] Bryan: a customer of theirs reported to me, so I won't disclose the vendor, but let's just say that a well-known vendor had an issue with their, their temperature sensors were broken. Um, and the thing would always read basically the wrong value. So it was the BMC that had to like, invent its own ki a different kind of thermal control loop. [00:19:28] Bryan: And it would index on the, on the, the, the, the actual inrush current. It would, they would look at that at the current that's going into the CPU to adjust the fan speed. That's a great example of something like that's a, that's an interesting idea. That doesn't work. 'cause that's actually not the temperature. [00:19:45] Bryan: So like that software would crank the fans whenever you had an inrush of current and this customer had a workload that would spike the current and by it, when it would spike the current, the, the, the fans would kick up and then they would slowly degrade over time. Well, this workload was spiking the current faster than the fans would degrade, but not fast enough to actually heat up the part. [00:20:08] Bryan: And ultimately over a very long time, in a very painful investigation, it's customer determined that like my fans are cranked in my data center for no reason. We're blowing cold air. And it's like that, this is on the order of like a hundred watts, a server of, of energy that you shouldn't be spending and like that ultimately what that go comes down to this kind of broken software hardware interface at the lowest layer that has real meaningful consequence, uh, in terms of hundreds of kilowatts, um, across a data center. So this stuff has, has very, very, very real consequence and it's such a shadowy world. Part of the reason that, that your listeners that have dealt with this, that our heads will hit the desk is because it is really aggravating to deal with problems with this layer. [00:21:01] Bryan: You, you feel powerless. You don't control or really see the software that's on them. It's generally proprietary. You are relying on your vendor. Your vendor is telling you that like, boy, I don't know. You're the only customer seeing this. I mean, the number of times I have heard that for, and I, I have pledged that we're, we're not gonna say that at oxide because it's such an unaskable thing to say like, you're the only customer saying this. [00:21:25] Bryan: It's like, it feels like, are you blaming me for my problem? Feels like you're blaming me for my problem? Um, and what you begin to realize is that to a degree, these folks are speaking their own truth because the, the folks that are running at real scale at Hyperscale, those folks aren't Dell, HP super micro customers. [00:21:46] Bryan: They're actually, they've done their own thing. So it's like, yeah, Dell's not seeing that problem, um, because they're not running at the same scale. Um, but when you do run, you only have to run at modest scale before these things just become. Overwhelming in terms of the, the headwind that they present to people that wanna deploy infrastructure. The problem is felt with just a few racks [00:22:05] Jeremy: Yeah, so maybe to help people get some perspective at, at what point do you think that people start noticing or start feeling these problems? Because I imagine that if you're just have a few racks or [00:22:22] Bryan: do you have a couple racks or the, or do you wonder or just wondering because No, no, no. I would think, I think anyone who deploys any number of servers, especially now, especially if your experience is only in the cloud, you're gonna be like, what the hell is this? I mean, just again, just to get this thing working at all. [00:22:39] Bryan: It is so it, it's so hairy and so congealed, right? It's not designed. Um, and it, it, it, it's accreted it and it's so obviously accreted that you are, I mean, nobody who is setting up a rack of servers is gonna think to themselves like, yes, this is the right way to go do it. This all makes sense because it's, it's just not, it, I, it feels like the kit, I mean, kit car's almost too generous because it implies that there's like a set of plans to work to in the end. [00:23:08] Bryan: Uh, I mean, it, it, it's a bag of bolts. It's a bunch of parts that you're putting together. And so even at the smallest scales, that stuff is painful. Just architecturally, it's painful at the small scale then, but at least you can get it working. I think the stuff that then becomes debilitating at larger scale are the things that are, are worse than just like, I can't, like this thing is a mess to get working. [00:23:31] Bryan: It's like the, the, the fan issue that, um, where you are now seeing this over, you know, hundreds of machines or thousands of machines. Um, so I, it is painful at more or less all levels of scale. There's, there is no level at which the, the, the pc, which is really what this is, this is a, the, the personal computer architecture from the 1980s and there is really no level of scale where that's the right unit. Running elastic infrastructure is the hardware but also, hypervisor, distributed database, api, etc [00:23:57] Bryan: I mean, where that's the right thing to go deploy, especially if what you are trying to run. Is elastic infrastructure, a cloud. Because the other thing is like we, we've kinda been talking a lot about that hardware layer. Like hardware is, is just the start. Like you actually gotta go put software on that and actually run that as elastic infrastructure. [00:24:16] Bryan: So you need a hypervisor. Yes. But you need a lot more than that. You, you need to actually, you, you need a distributed database, you need web endpoints. You need, you need a CLI, you need all the stuff that you need to actually go run an actual service of compute or networking or storage. I mean, and for, for compute, even for compute, there's a ton of work to be done. [00:24:39] Bryan: And compute is by far, I would say the simplest of the, of the three. When you look at like networks, network services, storage services, there's a whole bunch of stuff that you need to go build in terms of distributed systems to actually offer that as a cloud. So it, I mean, it is painful at more or less every LE level if you are trying to deploy cloud computing on. What's a control plane? [00:25:00] Jeremy: And for someone who doesn't have experience building or working with this type of infrastructure, when you talk about a control plane, what, what does that do in the context of this system? [00:25:16] Bryan: So control plane is the thing that is, that is everything between your API request and that infrastructure actually being acted upon. So you go say, Hey, I, I want a provision, a vm. Okay, great. We've got a whole bunch of things we're gonna provision with that. We're gonna provision a vm, we're gonna get some storage that's gonna go along with that, that's got a network storage service that's gonna come out of, uh, we've got a virtual network that we're gonna either create or attach to. [00:25:39] Bryan: We've got a, a whole bunch of things we need to go do for that. For all of these things, there are metadata components that need, we need to keep track of this thing that, beyond the actual infrastructure that we create. And then we need to go actually, like act on the actual compute elements, the hostos, what have you, the switches, what have you, and actually go. [00:25:56] Bryan: Create these underlying things and then connect them. And there's of course, the challenge of just getting that working is a big challenge. Um, but getting that working robustly, getting that working is, you know, when you go to provision of vm, um, the, all the, the, the steps that need to happen and what happens if one of those steps fails along the way? [00:26:17] Bryan: What happens if, you know, one thing we're very mindful of is these kind of, you get these long tails of like, why, you know, generally our VM provisioning happened within this time, but we get these long tails where it takes much longer. What's going on? What, where in this process are we, are we actually spending time? [00:26:33] Bryan: Uh, and there's a whole lot of complexity that you need to go deal with that. There's a lot of complexity that you need to go deal with this effectively, this workflow that's gonna go create these things and manage them. Um, we use a, a pattern that we call, that are called sagas, actually is a, is a database pattern from the eighties. [00:26:51] Bryan: Uh, Katie McCaffrey is a, is a database reCrcher who, who, uh, I, I think, uh, reintroduce the idea of, of sagas, um, in the last kind of decade. Um, and this is something that we picked up, um, and I've done a lot of really interesting things with, um, to allow for, to this kind of, these workflows to be, to be managed and done so robustly in a way that you can restart them and so on. [00:27:16] Bryan: Uh, and then you guys, you get this whole distributed system that can do all this. That whole distributed system, that itself needs to be reliable and available. So if you, you know, you need to be able to, what happens if you, if you pull a sled or if a sled fails, how does the system deal with that? [00:27:33] Bryan: How does the system deal with getting an another sled added to the system? Like how do you actually grow this distributed system? And then how do you update it? How do you actually go from one version to the next? And all of that has to happen across an air gap where this is gonna run as part of the computer. [00:27:49] Bryan: So there are, it, it is fractally complicated. There, there is a lot of complexity here in, in software, in the software system and all of that. We kind of, we call the control plane. Um, and it, this is the what exists at AWS at GCP, at Azure. When you are hitting an endpoint that's provisioning an EC2 instance for you. [00:28:10] Bryan: There is an AWS control plane that is, is doing all of this and has, uh, some of these similar aspects and certainly some of these similar challenges. Are vSphere / Proxmox / Hyper-V in the same category? [00:28:20] Jeremy: And for people who have run their own servers with something like say VMware or Hyper V or Proxmox, are those in the same category? [00:28:32] Bryan: Yeah, I mean a little bit. I mean, it kind of like vSphere Yes. Via VMware. No. So it's like you, uh, VMware ESX is, is kind of a key building block upon which you can build something that is a more meaningful distributed system. When it's just like a machine that you're provisioning VMs on, it's like, okay, well that's actually, you as the human might be the control plane. [00:28:52] Bryan: Like, that's, that, that's, that's a much easier problem. Um, but when you've got, you know, tens, hundreds, thousands of machines, you need to do it robustly. You need something to coordinate that activity and you know, you need to pick which sled you land on. You need to be able to move these things. You need to be able to update that whole system. [00:29:06] Bryan: That's when you're getting into a control plane. So, you know, some of these things have kind of edged into a control plane, certainly VMware. Um, now Broadcom, um, has delivered something that's kind of cloudish. Um, I think that for folks that are truly born on the cloud, it, it still feels somewhat, uh, like you're going backwards in time when you, when you look at these kind of on-prem offerings. [00:29:29] Bryan: Um, but, but it, it, it's got these aspects to it for sure. Um, and I think that we're, um, some of these other things when you're just looking at KVM or just looks looking at Proxmox you kind of need to, to connect it to other broader things to turn it into something that really looks like manageable infrastructure. [00:29:47] Bryan: And then many of those projects are really, they're either proprietary projects, uh, proprietary products like vSphere, um, or you are really dealing with open source projects that are. Not necessarily aimed at the same level of scale. Um, you know, you look at a, again, Proxmox or, uh, um, you'll get an OpenStack. [00:30:05] Bryan: Um, and you know, OpenStack is just a lot of things, right? I mean, OpenStack has got so many, the OpenStack was kind of a, a free for all, for every infrastructure vendor. Um, and I, you know, there was a time people were like, don't you, aren't you worried about all these companies together that, you know, are coming together for OpenStack? [00:30:24] Bryan: I'm like, haven't you ever worked for like a company? Like, companies don't get along. By the way, it's like having multiple companies work together on a thing that's bad news, not good news. And I think, you know, one of the things that OpenStack has definitely struggled with, kind of with what, actually the, the, there's so many different kind of vendor elements in there that it's, it's very much not a product, it's a project that you're trying to run. [00:30:47] Bryan: But that's, but that very much is in, I mean, that's, that's similar certainly in spirit. [00:30:53] Jeremy: And so I think this is kind of like you're alluding to earlier, the piece that allows you to allocate, compute, storage, manage networking, gives you that experience of I can go to a web console or I can use an API and I can spin up machines, get them all connected. At the end of the day, the control plane. Is allowing you to do that in hopefully a user-friendly way. [00:31:21] Bryan: That's right. Yep. And in the, I mean, in order to do that in a modern way, it's not just like a user-friendly way. You really need to have a CLI and a web UI and an API. Those all need to be drawn from the same kind of single ground truth. Like you don't wanna have any of those be an afterthought for the other. [00:31:39] Bryan: You wanna have the same way of generating all of those different endpoints and, and entries into the system. Building a control plane now has better tools (Rust, CockroachDB) [00:31:46] Jeremy: And if you take your time at Joyent as an example. What kind of tools existed for that versus how much did you have to build in-house for as far as the hypervisor and managing the compute and all that? [00:32:02] Bryan: Yeah, so we built more or less everything in house. I mean, what you have is, um, and I think, you know, over time we've gotten slightly better tools. Um, I think, and, and maybe it's a little bit easier to talk about the, kind of the tools we started at Oxide because we kind of started with a, with a clean sheet of paper at oxide. [00:32:16] Bryan: We wanted to, knew we wanted to go build a control plane, but we were able to kind of go revisit some of the components. So actually, and maybe I'll, I'll talk about some of those changes. So when we, at, For example, at Joyent, when we were building a cloud at Joyent, there wasn't really a good distributed database. [00:32:34] Bryan: Um, so we were using Postgres as our database for metadata and there were a lot of challenges. And Postgres is not a distributed database. It's running. With a primary secondary architecture, and there's a bunch of issues there, many of which we discovered the hard way. Um, when we were coming to oxide, you have much better options to pick from in terms of distributed databases. [00:32:57] Bryan: You know, we, there was a period that now seems maybe potentially brief in hindsight, but of a really high quality open source distributed databases. So there were really some good ones to, to pick from. Um, we, we built on CockroachDB on CRDB. Um, so that was a really important component. That we had at oxide that we didn't have at Joyent. [00:33:19] Bryan: Um, so we were, I wouldn't say we were rolling our own distributed database, we were just using Postgres and uh, and, and dealing with an enormous amount of pain there in terms of the surround. Um, on top of that, and, and, you know, a, a control plane is much more than a database, obviously. Uh, and you've gotta deal with, uh, there's a whole bunch of software that you need to go, right. [00:33:40] Bryan: Um, to be able to, to transform these kind of API requests into something that is reliable infrastructure, right? And there, there's a lot to that. Uh, especially when networking gets in the mix, when storage gets in the mix, uh, there are a whole bunch of like complicated steps that need to be done, um, at Joyent. [00:33:59] Bryan: Um, we, in part because of the history of the company and like, look. This, this just is not gonna sound good, but it just is what it is and I'm just gonna own it. We did it all in Node, um, at Joyent, which I, I, I know it sounds really right now, just sounds like, well, you, you built it with Tinker Toys. You Okay. [00:34:18] Bryan: Uh, did, did you think it was, you built the skyscraper with Tinker Toys? Uh, it's like, well, okay. We actually, we had greater aspirations for the Tinker Toys once upon a time, and it was better than, you know, than Twisted Python and Event Machine from Ruby, and we weren't gonna do it in Java. All right. [00:34:32] Bryan: So, but let's just say that that experiment, uh, that experiment did ultimately end in a predictable fashion. Um, and, uh, we, we decided that maybe Node was not gonna be the best decision long term. Um, Joyent was the company behind node js. Uh, back in the day, Ryan Dahl worked for Joyent. Uh, and then, uh, then we, we, we. [00:34:53] Bryan: Uh, landed that in a foundation in about, uh, what, 2015, something like that. Um, and began to consider our world beyond, uh, beyond Node. Rust at Oxide [00:35:04] Bryan: A big tool that we had in the arsenal when we started Oxide is Rust. Um, and so indeed the name of the company is, is a tip of the hat to the language that we were pretty sure we were gonna be building a lot of stuff in. [00:35:16] Bryan: Namely Rust. And, uh, rust is, uh, has been huge for us, a very important revolution in programming languages. you know, there, there, there have been different people kind of coming in at different times and I kinda came to Rust in what I, I think is like this big kind of second expansion of rust in 2018 when a lot of technologists were think, uh, sick of Node and also sick of Go. [00:35:43] Bryan: And, uh, also sick of C++. And wondering is there gonna be something that gives me the, the, the performance, of that I get outta C. The, the robustness that I can get out of a C program but is is often difficult to achieve. but can I get that with kind of some, some of the velocity of development, although I hate that term, some of the speed of development that you get out of a more interpreted language. [00:36:08] Bryan: Um, and then by the way, can I actually have types, I think types would be a good idea? Uh, and rust obviously hits the sweet spot of all of that. Um, it has been absolutely huge for us. I mean, we knew when we started the company again, oxide, uh, we were gonna be using rust in, in quite a, quite a. Few places, but we weren't doing it by fiat. [00:36:27] Bryan: Um, we wanted to actually make sure we're making the right decision, um, at, at every different, at every layer. Uh, I think what has been surprising is the sheer number of layers at which we use rust in terms of, we've done our own embedded firmware in rust. We've done, um, in, in the host operating system, which is still largely in C, but very big components are in rust. [00:36:47] Bryan: The hypervisor Propolis is all in rust. Uh, and then of course the control plane, that distributed system on that is all in rust. So that was a very important thing that we very much did not need to build ourselves. We were able to really leverage, uh, a terrific community. Um. We were able to use, uh, and we've done this at Joyent as well, but at Oxide, we've used Illumos as a hostos component, which, uh, our variant is called Helios. [00:37:11] Bryan: Um, we've used, uh, bhyve um, as a, as as that kind of internal hypervisor component. we've made use of a bunch of different open source components to build this thing, um, which has been really, really important for us. Uh, and open source components that didn't exist even like five years prior. [00:37:28] Bryan: That's part of why we felt that 2019 was the right time to start the company. And so we started Oxide. The problems building a control plane in Node [00:37:34] Jeremy: You had mentioned that at Joyent, you had tried to build this in, in Node. What were the, what were the, the issues or the, the challenges that you had doing that? [00:37:46] Bryan: Oh boy. Yeah. again, we, I kind of had higher hopes in 2010, I would say. When we, we set on this, um, the, the, the problem that we had just writ large, um. JavaScript is really designed to allow as many people on earth to write a program as possible, which is good. I mean, I, I, that's a, that's a laudable goal. [00:38:09] Bryan: That is the goal ultimately of such as it is of JavaScript. It's actually hard to know what the goal of JavaScript is, unfortunately, because Brendan Ike never actually wrote a book. so that there is not a canonical, you've got kind of Doug Crockford and other people who've written things on JavaScript, but it's hard to know kind of what the original intent of JavaScript is. [00:38:27] Bryan: The name doesn't even express original intent, right? It was called Live Script, and it was kind of renamed to JavaScript during the Java Frenzy of the late nineties. A name that makes no sense. There is no Java in JavaScript. that is kind of, I think, revealing to kind of the, uh, the unprincipled mess that is JavaScript. [00:38:47] Bryan: It, it, it's very pragmatic at some level, um, and allows anyone to, it makes it very easy to write software. The problem is it's much more difficult to write really rigorous software. So, uh, and this is what I should differentiate JavaScript from TypeScript. This is really what TypeScript is trying to solve. [00:39:07] Bryan: TypeScript is like. How can, I think TypeScript is a, is a great step forward because TypeScript is like, how can we bring some rigor to this? Like, yes, it's great that it's easy to write JavaScript, but that's not, we, we don't wanna do that for Absolutely. I mean that, that's not the only problem we solve. [00:39:23] Bryan: We actually wanna be able to write rigorous software and it's actually okay if it's a little harder to write rigorous software that's actually okay if it gets leads to, to more rigorous artifacts. Um, but in JavaScript, I mean, just a concrete example. You know, there's nothing to prevent you from referencing a property that doesn't actually exist in JavaScript. [00:39:43] Bryan: So if you fat finger a property name, you are relying on something to tell you. By the way, I think you've misspelled this because there is no type definition for this thing. And I don't know that you've got one that's spelled correctly, one that's spelled incorrectly, that's often undefined. And then the, when you actually go, you say you've got this typo that is lurking in your what you want to be rigorous software. [00:40:07] Bryan: And if you don't execute that code, like you won't know that's there. And then you do execute that code. And now you've got a, you've got an undefined object. And now that's either gonna be an exception or it can, again, depends on how that's handled. It can be really difficult to determine the origin of that, of, of that error, of that programming. [00:40:26] Bryan: And that is a programmer error. And one of the big challenges that we had with Node is that programmer errors and operational errors, like, you know, I'm out of disk space as an operational error. Those get conflated and it becomes really hard. And in fact, I think the, the language wanted to make it easier to just kind of, uh, drive on in the event of all errors. [00:40:53] Bryan: And it's like, actually not what you wanna do if you're trying to build a reliable, robust system. So we had. No end of issues. [00:41:01] Bryan: We've got a lot of experience developing rigorous systems, um, again coming out of operating systems development and so on. And we want, we brought some of that rigor, if strangely, to JavaScript. So one of the things that we did is we brought a lot of postmortem, diagnos ability and observability to node. [00:41:18] Bryan: And so if, if one of our node processes. Died in production, we would actually get a core dump from that process, a core dump that we could actually meaningfully process. So we did a bunch of kind of wild stuff. I mean, actually wild stuff where we could actually make sense of the JavaScript objects in a binary core dump. JavaScript values ease of getting started over robustness [00:41:41] Bryan: Um, and things that we thought were really important, and this is the, the rest of the world just looks at this being like, what the hell is this? I mean, it's so out of step with it. The problem is that we were trying to bridge two disconnected cultures of one developing really. Rigorous software and really designing it for production, diagnosability and the other, really designing it to software to run in the browser and for anyone to be able to like, you know, kind of liven up a webpage, right? [00:42:10] Bryan: Is kinda the origin of, of live script and then JavaScript. And we were kind of the only ones sitting at the intersection of that. And you begin when you are the only ones sitting at that kind of intersection. You just are, you're, you're kind of fighting a community all the time. And we just realized that we are, there were so many things that the community wanted to do that we felt are like, no, no, this is gonna make software less diagnosable. It's gonna make it less robust. The NodeJS split and why people left [00:42:36] Bryan: And then you realize like, I'm, we're the only voice in the room because we have got, we have got desires for this language that it doesn't have for itself. And this is when you realize you're in a bad relationship with software. It's time to actually move on. And in fact, actually several years after, we'd already kind of broken up with node. [00:42:55] Bryan: Um, and it was like, it was a bit of an acrimonious breakup. there was a, uh, famous slash infamous fork of node called IoJS Um, and this was viewed because people, the community, thought that Joyent was being what was not being an appropriate steward of node js and was, uh, not allowing more things to come into to, to node. [00:43:19] Bryan: And of course, the reason that we of course, felt that we were being a careful steward and we were actively resisting those things that would cut against its fitness for a production system. But it's some way the community saw it and they, and forked, um, and, and I think the, we knew before the fork that's like, this is not working and we need to get this thing out of our hands. Platform is a reflection of values node summit talk [00:43:43] Bryan: And we're are the wrong hands for this? This needs to be in a foundation. Uh, and so we kind of gone through that breakup, uh, and maybe it was two years after that. That, uh, friend of mine who was um, was running the, uh, the node summit was actually, it's unfortunately now passed away. Charles er, um, but Charles' venture capitalist great guy, and Charles was running Node Summit and came to me in 2017. [00:44:07] Bryan: He is like, I really want you to keynote Node Summit. And I'm like, Charles, I'm not gonna do that. I've got nothing nice to say. Like, this is the, the, you don't want, I'm the last person you wanna keynote. He's like, oh, if you have nothing nice to say, you should definitely keynote. You're like, oh God, okay, here we go. [00:44:22] Bryan: He's like, no, I really want you to talk about, like, you should talk about the Joyent breakup with NodeJS. I'm like, oh man. [00:44:29] Bryan: And that led to a talk that I'm really happy that I gave, 'cause it was a very important talk for me personally. Uh, called Platform is a reflection of values and really looking at the values that we had for Node and the values that Node had for itself. And they didn't line up. [00:44:49] Bryan: And the problem is that the values that Node had for itself and the values that we had for Node are all kind of positives, right? Like there's nobody in the node community who's like, I don't want rigor, I hate rigor. It's just that if they had the choose between rigor and making the language approachable. [00:45:09] Bryan: They would choose approachability every single time. They would never choose rigor. And, you know, that was a, that was a big eye-opener. I do, I would say, if you watch this talk. [00:45:20] Bryan: because I knew that there's, like, the audience was gonna be filled with, with people who, had been a part of the fork in 2014, I think was the, the, the, the fork, the IOJS fork. And I knew that there, there were, there were some, you know, some people that were, um, had been there for the fork and. [00:45:41] Bryan: I said a little bit of a trap for the audience. But the, and the trap, I said, you know what, I, I kind of talked about the values that we had and the aspirations we had for Node, the aspirations that Node had for itself and how they were different. [00:45:53] Bryan: And, you know, and I'm like, look in, in, in hindsight, like a fracture was inevitable. And in 2014 there was finally a fracture. And do people know what happened in 2014? And if you, if you, you could listen to that talk, everyone almost says in unison, like IOJS. I'm like, oh right. IOJS. Right. That's actually not what I was thinking of. [00:46:19] Bryan: And I go to the next slide and is a tweet from a guy named TJ Holloway, Chuck, who was the most prolific contributor to Node. And it was his tweet also in 2014 before the fork, before the IOJS fork explaining that he was leaving Node and that he was going to go. And you, if you turn the volume all the way up, you can hear the audience gasp. [00:46:41] Bryan: And it's just delicious because the community had never really come, had never really confronted why TJ left. Um, there. And I went through a couple folks, Felix, bunch of other folks, early Node folks. That were there in 2010, were leaving in 2014, and they were going to go primarily, and they were going to go because they were sick of the same things that we were sick of. [00:47:09] Bryan: They, they, they had hit the same things that we had hit and they were frustrated. I I really do believe this, that platforms do reflect their own values. And when you are making a software decision, you are selecting value. [00:47:26] Bryan: You should select values that align with the values that you have for that software. That is, those are, that's way more important than other things that people look at. I think people look at, for example, quote unquote community size way too frequently, community size is like. Eh, maybe it can be fine. [00:47:44] Bryan: I've been in very large communities, node. I've been in super small open source communities like AUMs and RAs, a bunch of others. there are strengths and weaknesses to both approaches just as like there's a strength to being in a big city versus a small town. Me personally, I'll take the small community more or less every time because the small community is almost always self-selecting based on values and just for the same reason that I like working at small companies or small teams. [00:48:11] Bryan: There's a lot of value to be had in a small community. It's not to say that large communities are valueless, but again, long answer to your question of kind of where did things go south with Joyent and node. They went south because the, the values that we had and the values the community had didn't line up and that was a very educational experience, as you might imagine. [00:48:33] Jeremy: Yeah. And, and given that you mentioned how, because of those values, some people moved from Node to go, and in the end for much of what oxide is building. You ended up using rust. What, what would you say are the, the values of go and and rust, and how did you end up choosing Rust given that. Go's decisions regarding generics, versioning, compilation speed priority [00:48:56] Bryan: Yeah, I mean, well, so the value for, yeah. And so go, I mean, I understand why people move from Node to Go, go to me was kind of a lateral move. Um, there were a bunch of things that I, uh, go was still garbage collected, um, which I didn't like. Um, go also is very strange in terms of there are these kind of like. [00:49:17] Bryan: These autocratic kind of decisions that are very bizarre. Um, there, I mean, generics is kind of a famous one, right? Where go kind of as a point of principle didn't have generics, even though go itself actually the innards of go did have generics. It's just that you a go user weren't allowed to have them. [00:49:35] Bryan: And you know, it's kind of, there was, there was an old cartoon years and years ago about like when a, when a technologist is telling you that something is technically impossible, that actually means I don't feel like it. Uh, and there was a certain degree of like, generics are technically impossible and go, it's like, Hey, actually there are. [00:49:51] Bryan: And so there was, and I just think that the arguments against generics were kind of disingenuous. Um, and indeed, like they ended up adopting generics and then there's like some super weird stuff around like, they're very anti-assertion, which is like, what, how are you? Why are you, how is someone against assertions, it doesn't even make any sense, but it's like, oh, nope. [00:50:10] Bryan: Okay. There's a whole scree on it. Nope, we're against assertions and the, you know, against versioning. There was another thing like, you know, the Rob Pike has kind of famously been like, you should always just run on the way to commit. And you're like, does that, is that, does that make sense? I mean this, we actually built it. [00:50:26] Bryan: And so there are a bunch of things like that. You're just like, okay, this is just exhausting and. I mean, there's some things about Go that are great and, uh, plenty of other things that I just, I'm not a fan of. Um, I think that the, in the end, like Go cares a lot about like compile time. It's super important for Go Right? [00:50:44] Bryan: Is very quick, compile time. I'm like, okay. But that's like compile time is not like, it's not unimportant, it's doesn't have zero importance. But I've got other things that are like lots more important than that. Um, what I really care about is I want a high performing artifact. I wanted garbage collection outta my life. Don't think garbage collection has good trade offs [00:51:00] Bryan: I, I gotta tell you, I, I like garbage collection to me is an embodiment of this like, larger problem of where do you put cognitive load in the software development process. And what garbage collection is saying to me it is right for plenty of other people and the software that they wanna develop. [00:51:21] Bryan: But for me and the software that I wanna develop, infrastructure software, I don't want garbage collection because I can solve the memory allocation problem. I know when I'm like, done with something or not. I mean, it's like I, whether that's in, in C with, I mean it's actually like, it's really not that hard to not leak memory in, in a C base system. [00:51:44] Bryan: And you can. give yourself a lot of tooling that allows you to diagnose where memory leaks are coming from. So it's like that is a solvable problem. There are other challenges with that, but like, when you are developing a really sophisticated system that has garbage collection is using garbage collection. [00:51:59] Bryan: You spend as much time trying to dork with the garbage collector to convince it to collect the thing that you know is garbage. You are like, I've got this thing. I know it's garbage. Now I need to use these like tips and tricks to get the garbage collector. I mean, it's like, it feels like every Java performance issue goes to like minus xx call and use the other garbage collector, whatever one you're using, use a different one and using a different, a different approach. [00:52:23] Bryan: It's like, so you're, you're in this, to me, it's like you're in the worst of all worlds where. the reason that garbage collection is helpful is because the programmer doesn't have to think at all about this problem. But now you're actually dealing with these long pauses in production. [00:52:38] Bryan: You're dealing with all these other issues where actually you need to think a lot about it. And it's kind of, it, it it's witchcraft. It, it, it's this black box that you can't see into. So it's like, what problem have we solved exactly? And I mean, so the fact that go had garbage collection, it's like, eh, no, I, I do not want, like, and then you get all the other like weird fatwahs and you know, everything else. [00:52:57] Bryan: I'm like, no, thank you. Go is a no thank you for me, I, I get it why people like it or use it, but it's, it's just, that was not gonna be it. Choosing Rust [00:53:04] Bryan: I'm like, I want C. but I, there are things I didn't like about C too. I was looking for something that was gonna give me the deterministic kind of artifact that I got outta C. But I wanted library support and C is tough because there's, it's all convention. you know, there's just a bunch of other things that are just thorny. And I remember thinking vividly in 2018, I'm like, well, it's rust or bust. Ownership model, algebraic types, error handling [00:53:28] Bryan: I'm gonna go into rust. And, uh, I hope I like it because if it's not this, it's gonna like, I'm gonna go back to C I'm like literally trying to figure out what the language is for the back half of my career. Um, and when I, you know, did what a lot of people were doing at that time and people have been doing since of, you know, really getting into rust and really learning it, appreciating the difference in the, the model for sure, the ownership model people talk about. [00:53:54] Bryan: That's also obviously very important. It was the error handling that blew me away. And the idea of like algebraic types, I never really had algebraic types. Um, and the ability to, to have. And for error handling is one of these really, uh, you, you really appreciate these things where it's like, how do you deal with a, with a function that can either succeed and return something or it can fail, and the way c deals with that is bad with these kind of sentinels for errors. [00:54:27] Bryan: And, you know, does negative one mean success? Does negative one mean failure? Does zero mean failure? Some C functions, zero means failure. Traditionally in Unix, zero means success. And like, what if you wanna return a file descriptor, you know, it's like, oh. And then it's like, okay, then it'll be like zero through positive N will be a valid result. [00:54:44] Bryan: Negative numbers will be, and like, was it negative one and I said airo, or is it a negative number that did not, I mean, it's like, and that's all convention, right? People do all, all those different things and it's all convention and it's easy to get wrong, easy to have bugs, can't be statically checked and so on. Um, and then what Go says is like, well, you're gonna have like two return values and then you're gonna have to like, just like constantly check all of these all the time. Um, which is also kind of gross. Um, JavaScript is like, Hey, let's toss an exception. If, if we don't like something, if we see an error, we'll, we'll throw an exception. [00:55:15] Bryan: There are a bunch of reasons I don't like that. Um, and you look, you'll get what Rust does, where it's like, no, no, no. We're gonna have these algebra types, which is to say this thing can be a this thing or that thing, but it, but it has to be one of these. And by the way, you don't get to process this thing until you conditionally match on one of these things. [00:55:35] Bryan: You're gonna have to have a, a pattern match on this thing to determine if it's a this or a that, and if it in, in the result type that you, the result is a generic where it's like, it's gonna be either the thing that you wanna return. It's gonna be an okay that contains the thing you wanna return, or it's gonna be an error that contains your error and it forces your code to deal with that. [00:55:57] Bryan: And what that does is it shifts the cognitive load from the person that is operating this thing in production to the, the actual developer that is in development. And I think that that, that to me is like, I, I love that shift. Um, and that shift to me is really important. Um, and that's what I was missing, that that's what Rust gives you. [00:56:23] Bryan: Rust forces you to think about your code as you write it, but as a result, you have an artifact that is much more supportable, much more sustainable, and much faster. Prefer to frontload cognitive load during development instead of at runtime [00:56:34] Jeremy: Yeah, it sounds like you would rather take the time during the development to think about these issues because whether it's garbage collection or it's error handling at runtime when you're trying to solve a problem, then it's much more difficult than having dealt with it to start with. [00:56:57] Bryan: Yeah, absolutely. I, and I just think that like, why also, like if it's software, if it's, again, if it's infrastructure software, I mean the kinda the question that you, you should have when you're writing software is how long is this software gonna live? How many people are gonna use this software? Uh, and if you are writing an operating system, the answer for this thing that you're gonna write, it's gonna live for a long time. [00:57:18] Bryan: Like, if we just look at plenty of aspects of the system that have been around for a, for decades, it's gonna live for a long time and many, many, many people are gonna use it. Why would we not expect people writing that software to have more cognitive load when they're writing it to give us something that's gonna be a better artifact? [00:57:38] Bryan: Now conversely, you're like, Hey, I kind of don't care about this. And like, I don't know, I'm just like, I wanna see if this whole thing works. I've got, I like, I'm just stringing this together. I don't like, no, the software like will be lucky if it survives until tonight, but then like, who cares? Yeah. Yeah. [00:57:52] Bryan: Gar garbage clock. You know, if you're prototyping something, whatever. And this is why you really do get like, you know, different choices, different technology choices, depending on the way that you wanna solve the problem at hand. And for the software that I wanna write, I do like that cognitive load that is upfront. With LLMs maybe you can get the benefit of the robust artifact with less cognitive load [00:58:10] Bryan: Um, and although I think, I think the thing that is really wild that is the twist that I don't think anyone really saw coming is that in a, in an LLM age. That like the cognitive load upfront almost needs an asterisk on it because so much of that can be assisted by an LLM. And now, I mean, I would like to believe, and maybe this is me being optimistic, that the the, in the LLM age, we will see, I mean, rust is a great fit for the LLMH because the LLM itself can get a lot of feedback about whether the software that's written is correct or not. [00:58:44] Bryan: Much more so than you can for other environments. [00:58:48] Jeremy: Yeah, that is a interesting point in that I think when people first started trying out the LLMs to code, it was really good at these maybe looser languages like Python or JavaScript, and initially wasn't so good at something like Rust. But it sounds like as that improves, if. It can write it then because of the rigor or the memory management or the error handling that the language is forcing you to do, it might actually end up being a better choice for people using LLMs. [00:59:27] Bryan: absolutely. I, it, it gives you more certainty in the artifact that you've delivered. I mean, you know a lot about a Rust program that compiles correctly. I mean, th there are certain classes of errors that you don't have, um, that you actually don't know on a C program or a GO program or a, a JavaScript program. [00:59:46] Bryan: I think that's gonna be really important. I think we are on the cusp. Maybe we've already seen it, this kind of great bifurcation in the software that we writ
This week we're talking about Torvalds vibe coding, the newest Pi AI hat, and what's new with PipeWire and OBS Studio. Then there's some great news in Wine 11 and Hangover 11, Fedora's Games Spin is moving to KDE, and we talk about LetsEncrypt and their new IP certificates. For tips we have csvi for editing comma-separated-values files on the command line, espeak-ng for giving your Linux machine a voice, and the hidden support for Screen Savers in KDE. You can find the show notes at https://bit.ly/4jKwHyV and have a great week! Host: Jonathan Bennett Co-Hosts: Ken McDonald and Rob Campbell Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
This week we're talking about Torvalds vibe coding, the newest Pi AI hat, and what's new with PipeWire and OBS Studio. Then there's some great news in Wine 11 and Hangover 11, Fedora's Games Spin is moving to KDE, and we talk about LetsEncrypt and their new IP certificates. For tips we have csvi for editing comma-separated-values files on the command line, espeak-ng for giving your Linux machine a voice, and the hidden support for Screen Savers in KDE. You can find the show notes at https://bit.ly/4jKwHyV and have a great week! Host: Jonathan Bennett Co-Hosts: Ken McDonald and Rob Campbell Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Is your desktop ready for AI agents? In episode 90 of Mixture of Experts, host Tim Hwang is joined by Volkmar Uhlig, Olivia Buzek and Mihai Criveti to break down Anthropic's Claude Cowork launch—bringing the power of Claude Code to everyday job tasks. Would you trust an AI agent to organize your files? Next, Apple announces a partnership with Google to power the next generation of Siri with Gemini models. What does this mean for on-device AI, privacy and the future of edge intelligence? Then, in a surprising turn, Linux creator Linus Torvalds admits to using AI agents for a side project involving vibe coding, despite once mockingly saying that “vibe”stands for “very inefficient but entertaining.” Are coding tools finally good enough for even the old guard? All that and more on today's Mixture of Experts. 00:00 – Introduction 01:17– Claude Cowork 13:25 – Apple-Google AI deal 27:39 – Linus Torvalds on vibe coding The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Subscribe for AI updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 Visit Mixture of Experts podcast page to get more AI content → https://www.ibm.com/think/podcasts/mixture-of-experts #ClaudeCowork #AppleGoogleAI #GeminiSiri #VibeCoding #AIagents
Bose is walking back its SoundTouch shutdown by opening APIs and removing cloud dependencies, keeping the hardware alive for the used market. Kagi's Orion browser is bringing a fast, WebKit-based alternative to Linux, while Linus Torvalds is embracing "vibe coding" by using Gemini to build the visualizer for his new AudioNoise guitar project. Finally, leaked retail listings for the Steam Machine suggest a $1,000 price tag, likely driven by the ongoing flash memory shortage.Get a bonus hour of LWDW plus video by supporting LWDW on a Patreon and come say Hi! In our Discord. LWDW Patreon: https://www.patreon.com/lwdwLWDW Discord: https://discord.gg/uQVckr5gEZTimestamps:00:00 Intro01:23 Orange Pi 6 Plus vs GPUs05:00 BOSE open-sources SoundTouch speakers09:33 Kagi browser looking for Linux testers 14:25 Linus uses AI for Audio Noise 19:16 About those $1000 Steam Machines Links Mentioned:Bose SoundTouch End-of-Life Update https://www.engadget.com/audio/speakers/bose-made-the-consumer-friendly-move-to-open-source-its-soundtouch-speakers-163459024.html https://www.bose.com/soundtouch-end-of-lifeOrion Browser for Linux https://help.kagi.com/orion/misc/linux-status.html https://orionbrowser.com/Linus Torvalds' AudioNoise https://linuxiac.com/linus-torvalds-shares-audionoise-a-personal-experiment-in-audio-dsp/ https://github.com/torvalds/AudioNoiseSteam Machine Pricing Leaks https://www.reddit.com/r/steammachine/comments/1q87sdw/leaked_steam_machine_price/ https://www.techradar.com/gaming/consoles-pc/the-latest-rumored-steam-machine-prices-arent-anywhere-near-as-bad-as-i-thought-but-im-still-fearing-the-worst
Rising workplace use of artificial intelligence is outpacing organizational governance, according to data from Microsoft and Gallup. Microsoft reports global AI adoption reached 16.3% in 2025, while Gallup finds nearly half of U.S. workers use AI tools at work at least annually. Despite that usage, only a minority of employees report clear employer guidance on AI ownership and purpose, creating accountability gaps that frequently surface during incidents or audits.Additional data underscores uneven adoption and oversight. Microsoft's AI Economy Institute notes adoption rates in the Global North are nearly double those in the Global South, correlating with earlier infrastructure and policy investment. Within organizations, most AI usage remains occasional rather than daily and is concentrated in knowledge roles, suggesting informal, user-driven deployment rather than standardized programs—conditions that complicate governance for MSP-supported environments.Microsoft's product moves further elevate the governance issue. The company is testing policies allowing IT administrators to uninstall Copilot on managed devices while simultaneously enforcing Windows and Office end-of-life timelines through 2026 and embedding purchasing directly into Copilot workflows. These changes expand administrative control but also place AI more firmly inside operational and economic decision paths that MSPs help manage.Platform announcements from Acronis, Hexnode, and Google extend automation from assistance to execution, while public comments from Nvidia CEO Jensen Huang and Linux creator Linus Torvalds highlight differing views on AI speed versus discipline. For MSPs and IT service providers, the practical takeaway centers on accountability: as AI systems take actions rather than make suggestions, governance, policy definition, and oversight become explicit services rather than implied responsibilities. Four things to know today 00:00 AI Use Expands at Work, but Employees Say Transparency and Ownership Are Missing04:37 Microsoft Lets IT Uninstall Copilot as Windows and Office End-of-Life Deadlines Near07:38 Acronis Launches Archival Storage as Hexnode and Google Advance Platform-Centric Automation11:07 Jensen Huang Warns Against AI Regulation as Linus Torvalds Limits AI's Role in Critical Code This is the Business of Tech. Supported by: https://scalepad.com/dave/
Linus Torvalds pushes AI generated code, Jordan Fulghum thinks this is the year of self-hosting, FracturedJson formats for compact / human readability, Scott Werner believes a flood of adequate software is coming, and Sean Goedecke explains why generic software design advice is useless.
Linus Torvalds pushes AI generated code, Jordan Fulghum thinks this is the year of self-hosting, FracturedJson formats for compact / human readability, Scott Werner believes a flood of adequate software is coming, and Sean Goedecke explains why generic software design advice is useless.
Linus Torvalds pushes AI generated code, Jordan Fulghum thinks this is the year of self-hosting, FracturedJson formats for compact / human readability, Scott Werner believes a flood of adequate software is coming, and Sean Goedecke explains why generic software design advice is useless.
In this episode of Hands-On IT, Landon Miles explores the history of servers and enterprise IT infrastructure, from early mainframe computers to cloud computing, Linux servers, virtualization, containers, and AI-driven data centers.This episode connects decades of server evolution into a clear, accessible story, focusing on the people, technologies, and ideas that shaped modern computing. From IBM's System/360 and minicomputers, to Unix and Linux, virtualization, cloud platforms like AWS and Azure, and container orchestration with Docker and Kubernetes, this episode explains how servers became the foundation of today's digital world.Topics covered include: • Server history and early computing systems • IBM mainframes and enterprise computing • Minicomputers and distributed computing • Unix, Linux, and open-source software • Virtualization and data center efficiency • Cloud computing and hyperscale infrastructure • Docker, Kubernetes, and cloud-native architecture • AI workloads, GPUs, and modern server hardwareLandon also highlights key figures in computing history, including Grace Hopper, Ken Olsen, Linus Torvalds, Dave Cutler, Diane Greene, and Jeff Bezos, and explains how their work still influences IT operations today.This episode is part of our December Best Of series, featuring some of our favorite moments and episodes from the past year.Originally aired March 20, 2025.
Torvalds is ranting about Rust, Google slightly walks back their developer verification plans, and Alpine Linux is moving to a user-merged filesystem. Bcachefs releases DKMS packages, Red Hat has an NDA with Nvidia, and Curl gets a genuinely awesome AI-powered bug report. For tips we cover the Raspberry Pi imager built right into Pi firmware, Immich for storing and organizing photos, and a WirePlumber logging how-to. You can find the show notes at https://bit.ly/3IuVnNV and enjoy! Host: Jonathan Bennett Co-Hosts: Ken McDonald and Jeff Massie Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Torvalds is ranting about Rust, Google slightly walks back their developer verification plans, and Alpine Linux is moving to a user-merged filesystem. Bcachefs releases DKMS packages, Red Hat has an NDA with Nvidia, and Curl gets a genuinely awesome AI-powered bug report. For tips we cover the Raspberry Pi imager built right into Pi firmware, Immich for storing and organizing photos, and a WirePlumber logging how-to. You can find the show notes at https://bit.ly/3IuVnNV and enjoy! Host: Jonathan Bennett Co-Hosts: Ken McDonald and Jeff Massie Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Ubuntu 25.10 has a release date and Rust Coreutils still looks good. Pop OS 24.04 is finally almost ready, Kazeta brings back the game carts, and Arch Linux is still under attack. Torvalds takes out the Trash, Firefox has announced the end of 32, and KDE is nearing an exciting 6.5. For tips we have wpctl set-default for controlling WirePlumber defaults, Feral's gamemode for optimized game performance, and strings for pulling ASCII strings out of binaries. You can find the show notes at https://bit.ly/4g88VLk and have a great week! Host: Jonathan Bennett Co-Hosts: Jeff Massie and Ken McDonald Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Google's sideloading lockdown has us pushing Wes' Pixel further than Google ever dreamed.Sponsored By:Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love. 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Unraid: A powerful, easy operating system for servers and storage. Maximize your hardware with unmatched flexibility. Support LINUX UnpluggedLinks:
This Week the crew talks about the latest AI in Open Source. Then the new OBS Beta is out, there's a new Init system in town, and Agama 17 is out for SUSE Linux 16. There's kernel drama, with a Btrfs develop stepping back, Bcachefs is maintained outside the kernel, and Rosenzweig is now at Intel. And don't forget the Android bombshell, that sideloading will soon be limited to verified developers. For tips, we have systemctl restart options, wpctl inspect for WirePlumber information, aptitude for more package management, and gdisk for converting an MBR drive to GPT. The show notes are available at https://bit.ly/45T37AJ and enjoy! Host: Jonathan Bennett Co-Hosts: Rob Campbell, Ken McDonald, and Jeff Massie Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Everyone worries about sustainability, we want to sustain our lives, our relationships, our jobs and our communities, personal, professional or open source.In this MOSE Shorts segment Michael Dexter talks about his journey with the Portland Linux/Unix User Group (PLUG), which he's been involved in for decades. PLUG is one of the longest running Linux/Unix user groups, it survived the COVID lockdown and Linus Torvalds spoke at meetups multiple times. Michael talks about his experience throughout the years as a participant, volunteer and then organizer.Learn more about:- The biggest challenges of running user groups- The impact of simplicity- Celebrating small moments- The secrets to sustainability, no matter the circumstances- A community success story Hosted on Acast. See acast.com/privacy for more information.
There's drama about the latest RISC-V patches in the kernel, SparkyLinux and Kaisen Linux have updates, and GCC is looking to drop some architectures. Nvidia ships a driver update, ffmpeg and OnlyOffice adds AI, and distros are shipping the soft reboot. For tips we have SystemD-Manager-TUI for managing Systemd, a step-through of auditing a downloadable install script, the timeout bash command, and an interesting question about how to get colors back in grep output. You can find the show notes at http://bit.ly/4mEkufi and have a great week! Host: Jonathan Bennett Co-Hosts: Rob Campbell, Ken McDonald, and Jeff Massie Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
In this episode of Hashtag Trending, host Jim Love covers a variety of significant tech news stories. China criticizes NVIDIA's H20 chips, urging firms to use domestic AI hardware instead, reflecting geopolitical tensions. GitHub's CEO Thomas Dohmke resigns, leading to the platform's integration into Microsoft's core AI division. Linus Torvalds returns to his blunt critique style, reviewing a RISC-V patch for Linux 6.17. Apple's smarter Siri features are delayed yet again, while Google and Amazon advance their AI technologies. A 60-year-old man was hospitalized after following dangerous health advice from ChatGPT, highlighting the risks of using AI for medical queries. The episode concludes with audience engagement prompts from Jim Love. 00:00 Introduction and Headlines 00:30 China Criticizes NVIDIA's AI Chips 01:59 GitHub's CEO Steps Down 03:04 Linus Torvalds' Blunt Feedback 05:17 Apple's Siri Delays vs. Competitors' Advances 06:57 ChatGPT's Dangerous Health Advice 08:50 Conclusion and Contact Information
In this episode of Book Overflow, Carter and Nathan discuss Just for Fun by Linus Torvalds and David Diamond. Join them as they discuss the origins of Linux, Linus's life philosophy, and Linus's legacy!-- Want to talk with Carter or Nathan? Book a coaching session! ------------------------------------------------------------Carterhttps://www.joinleland.com/coach/carter-m-1/software-engineeringNathanComing soon!-- Books Mentioned in this Episode --Note: As an Amazon Associate, we earn from qualifying purchases.----------------------------------------------------------Just for Funhttps://amzn.to/4mdZaNE (paid link)----------------00:00 Intro02:08 About the Book and Author05:06 Initial Thoughts on Just for Fun10:33 Linus's Theory of Life: Survival, Social Order, Entertainment17:01 Rejecting Money and Power24:53 Humble Beginnings42:29 Linux's Success and Predictions55:33 Mindful vs Mindless Entertainment01:01:54 Final Thoughts-----------------Spotify: https://open.spotify.com/show/5kj6DLCEWR5nHShlSYJI5LApple Podcasts: https://podcasts.apple.com/us/podcast/book-overflow/id1745257325X: https://x.com/bookoverflowpodCarter on X: https://x.com/cartermorganNathan's Functionally Imperative: www.functionallyimperative.com----------------Book Overflow is a podcast for software engineers, by software engineers dedicated to improving our craft by reading the best technical books in the world. Join Carter Morgan and Nathan Toups as they read and discuss a new technical book each week!The full book schedule and links to every major podcast player can be found at https://www.bookoverflow.io
The Kernel drama isn't over, Gaming is just better on Linux, and driver performance is getting better in a FineWine sort of way. KDE is rolling ahead, getting closer to session restore in Wayland, doing accessibility work, and making HDR even better. Speaking of which, Blender has a preview of HDR support on Wayland, with no immediate plans to add support on Windows. Canonical had a great year in 2025, and more! You can find the show notes at https://bit.ly/4kypjFT and Happy Linuxing! Host: Jonathan Bennett Co-Hosts: Rob Campbell and Ken McDonald Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Mardi 24 juin, Frédéric Simottel a reçu Yves Maitre, operating partner chez Jolt capital et ancien président de HTC, Clément David, président de Theodo Cloud, et Lucas Perraudin, fondateur de AI Partners et ancien directeur de Meta Reality Labs. Ils se sont penchés sur le projet d'implantation du premier data center de Google à Châteauroux, et la rencontre entre Bill Gates et Linus Torvalds, dans l'émission Tech & Co, la quotidienne, sur BFM Business. Retrouvez l'émission du lundi au jeudi et réécoutez la en podcast.
Luego ya os explico qué ha pasado. Vamos a ponernos al día con lo que ha ocurrido estos meses.
Cosmic is nearly Beta-worthy, The NVIDIA Beta driver is solid, and we look back on a Code of Conduct legacy at Gnome. Then a shiny new RISC gadget catches our eyes and wallets, there's plenty of controversy in the Kernel, and new things are coming for Linux Graphics. For tips we have mispipe for a slightly different take on piping commands, Bitwarden's Command Line interface, and a quick primer on quotation marks on the command line. The show notes are at https://bit.ly/4d0dxlh and happy 200th! Host: Jonathan Bennett Co-Hosts: Rob Campbell and Jeff Massie Guest: Leo Laporte Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Cosmic is nearly Beta-worthy, The NVIDIA Beta driver is solid, and we look back on a Code of Conduct legacy at Gnome. Then a shiny new RISC gadget catches our eyes and wallets, there's plenty of controversy in the Kernel, and new things are coming for Linux Graphics. For tips we have mispipe for a slightly different take on piping commands, Bitwarden's Command Line interface, and a quick primer on quotation marks on the command line. The show notes are at https://bit.ly/4d0dxlh and happy 200th! Host: Jonathan Bennett Co-Hosts: Rob Campbell and Jeff Massie Guest: Leo Laporte Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Linus Torvalds' other big project is 20 years old, new Ubuntu and Fedora releases, the downsides of permissive licences, a quick KDE Korner, and more. News Git turns 20: A Q&A with Linus Torvalds Fedora 42 Released As A Fantastic Update To This Leading-Edge Linux Distribution – Phoronix The answer is 42! Fedora Linux... Read More
Google announces an open protocol for AI agent collaboration, Datastar is an Alpine.js / htmx love child, Matthias Endler documents things he finds common in the best programmers, turns out Linus Torvalds built Git in 10 days & Zev is a CLI that helps you remember (or discover) terminal commands using natural language.
Apple's software is going rotten, while Linux sneaks up as the better Mac. Linus grumbles through Git's 20th birthday, and we spot a hardware window Linux better not slam shut.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. ConfigCat Feature Flags: Manage features and change your software configuration using ConfigCat feature flags, without the need to re-deploy code. Support LINUX UnpluggedLinks:
In this episode, we dive into a fascinating mix of tech history, personal stories, and entertainment recommendations. We chat with Bob Martin, who shares insights from his new book, offering a look back at the pioneers of computing, including early breakthroughs and the industry's evolution. Bob talks about the challenges of leaving out influential figures like Margaret Hamilton, Donald Knuth, and Linus Torvalds, while also reminiscing about his early career as a self-taught developer during the 70s.The conversation takes a fun turn when we discuss some mind-blowing tech feats, including a wild project where Doom was implemented using TypeScript's type system—a true demonstration of the power of programming languages. For those into entertainment, we share some great picks, like the classic science fiction novels When Worlds Collide and After Worlds Collide, plus a rundown of TV shows like Reacher and the intriguing comparison between the Expanse books and TV show. Packed with history, tech talk, and plenty of geeky fun, this episode is a must-listen for anyone interested in the past, present, and future of computing!Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.
This week we're talking about Ubuntu's 25.04 Beta, SteamOS rumors, and the next big XZ release. Then EU OS has the guys scratching their heads, KDE starts planning the Plasma Login Manager, and Torvalds has another rant over hdrtest in the kernel. For tips we have pw-mididump for dumping Pipewire Midi events, ddgr for command line Duck Duck Go, and cd . for reloading the current directory. You can see the show notes at https://bit.ly/4hX44MD and we'll see you next week! Host: Jonathan Bennett Co-Hosts: Jeff Massie and Ken McDonald Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
There have been major Rust developments in the Linux Kernel; we discuss what's new and how it will impact the future. Plus, we're joined by a special guest.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. River: River is the most trusted place in the U.S. for individuals and businesses to buy, sell, send, and receive Bitcoin. Support LINUX UnpluggedLinks:Get started with River
On this episode, Paul Thurrott, Leo Laporte, and Richard Campbell explore the Windows KB5052086 update, the new Linux kernel drama, quantum computing, and more. Microsoft has announced the very first QPU, powered by topological qubits! Can the hosts possibly comprehend how this works? Later, Paul strongly emphasizes how AI can save users lots of time. Finally, Richard features a whisky that was recently brought to his 30th wedding anniversary! Windows Dev channel: "Important" update because of the coming change to Recall soon, so here's an update that will wipe out all your data. One guess about what that means. Plus, a nice change to the Recall pop-up Release Preview (24H2): A preview of the preview that we'll preview next time Release Preview (23H2): Basically the same features as above, keeping the two aligned Microsoft deprecates location history in Windows 11 - depreciation junction, what's your function? Microsoft Edge gets more WebUI 2-based performance improvements Clipchamp just keeps getting better Microsoft 365 Microsoft: Just kidding about that MSA and Entra ID sign-in experience change Outlook mobile is getting a new font picker, a recall email feature (finally), and a minimize email message feature. ExpressVPN (TWiT sponsor) rewrote its VPN protocol in Rust AI Microsoft announces a Quantum computing breakthrough, first quantum processor Flareup in Linux kernel management maps directly to what we see with AI - Two extremes but a clear middle ground Long story short, AI is all about saving you time - this is the "many small things, not one big thing" argument Copilot gets new voice capabilities In case you were worried, OpenAI formally rejects buyout offer OpenAI will also simplify its model offerings Google Gemini now remembers what you said, unlike your husband xAI launches Grok3 model but only for X Premium subscribers Xbox Avowed launches, with many other Game Pass titles coming through the end of February Microsoft announced a generative AI model for video games Sony just had its best-ever PS5 sales quarter Tips and Picks Tip of the week: Find your AI "ah-ha" moment App pick of the week: Notion. And iA Writer 2 for Windows is here RunAs Radio this week: Managed DevOps Pools with Eliza Tarasila Brown liquor pick of the week: Signal Hill Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to Windows Weekly at https://twit.tv/shows/windows-weekly Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com zscaler.com/security 1password.com/windowsweekly