Podcasts about Linux Foundation

Dans cet épisode, Emmanuel et Antonio discutent de divers sujets liés au développement: Applets (et oui), app iOS développées sous Linux, le protocole A2A, l'accessibilité, les assistants de code AI en ligne de commande (vous n'y échapperez pas)… Mais aussi des approches méthodologiques et architecturales comme l'architecture hexagonale, les tech radars, l'expert généraliste et bien d'autres choses encore. Enregistré le 11 juillet 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-328.mp3 ou en vidéo sur YouTube. News Langages Les Applets Java c'est terminé pour de bon… enfin, bientot: https://openjdk.org/jeps/504 Les navigateurs web ne supportent plus les applets. L'API Applet et l'outil appletviewer ont été dépréciés dans JDK 9 (2017). L'outil appletviewer a été supprimé dans JDK 11 (2018). Depuis, impossible d'exécuter des applets avec le JDK. L'API Applet a été marquée pour suppression dans JDK 17 (2021). Le Security Manager, essentiel pour exécuter des applets de façon sécurisée, a été désactivé définitivement dans JDK 24 (2025). Librairies Quarkus 3.24 avec la notion d'extensions qui peuvent fournir des capacités à des assistants https://quarkus.io/blog/quarkus-3-24-released/ les assistants typiquement IA, ont accès a des capacités des extensions Par exemple générer un client à partir d'openAPI Offrir un accès à la,base de données en dev via le schéma. L'intégration d'Hibernate 7 dans Quarkus https://quarkus.io/blog/hibernate7-on-quarkus/ Jakarta data api restriction nouvelle Injection du SchemaManager Sortie de Micronaut 4.9 https://micronaut.io/2025/06/30/micronaut-framework-4-9-0-released/ Core : Mise à jour vers Netty 4.2.2 (attention, peut affecter les perfs). Nouveau mode expérimental “Event loop Carrier” pour exécuter des virtual threads sur l'event loop Netty. Nouvelle annotation @ClassImport pour traiter des classes déjà compilées. Arrivée des @Mixin (Java uniquement) pour modifier les métadonnées d'annotations Micronaut sans altérer les classes originales. HTTP/3 : Changement de dépendance pour le support expérimental. Graceful Shutdown : Nouvelle API pour un arrêt en douceur des applications. Cache Control : API fluente pour construire facilement l'en-tête HTTP Cache-Control. KSP 2 : Support de KSP 2 (à partir de 2.0.2) et testé avec Kotlin 2. Jakarta Data : Implémentation de la spécification Jakarta Data 1.0. gRPC : Support du JSON pour envoyer des messages sérialisés via un POST HTTP. ProjectGen : Nouveau module expérimental pour générer des projets JVM (Gradle ou Maven) via une API. Un super article sur experimenter avec les event loops reactives dans les virtualthreads https://micronaut.io/2025/06/30/transitioning-to-virtual-threads-using-the-micronaut-loom-carrier/ Malheureusement cela demander le hacker le JDK C'est un article de micronaut mais le travail a ete collaboratif avec les equipes de Red Hat OpenJDK, Red Hat perf et de Quarkus et Vert.x Pour les curieux c'est un bon article Ubuntu offre un outil de creation de container pour Spring notamment https://canonical.com/blog/spring-boot-containers-made-easy creer des images OCI pour les applications Spring Boot basées sur Ubuntu base images bien sur utilise jlink pour reduire la taille pas sur de voir le gros avantage vs d'autres solutions plus portables d'ailleurs Canonical entre dans la danse des builds d'openjdk Le SDK Java de A2A contribué par Red Hat est sorti https://quarkus.io/blog/a2a-project-launches-java-sdk/ A2A est un protocole initié par Google et donne à la fondation Linux Il permet à des agents de se décrire et d'interagir entre eux Agent cards, skills, tâche, contexte A2A complémente MCP Red hat a implémenté le SDK Java avec le conseil des équipes Google En quelques annotations et classes on a un agent card, un client A2A et un serveur avec l'échange de messages via le protocole A2A Comment configurer mockito sans warning après java 21 https://rieckpil.de/how-to-configure-mockito-agent-for-java-21-without-warning/ les agents chargés dynamiquement sont déconseillés et seront interdis bientôt Un des usages est mockito via bytebuddy L'avantage est que la,configuration était transparente Mais bon sécurité oblige c'est fini. Donc l'article décrit comment configurer maven gradle pour mettre l'agent au démarrage des tests Et aussi comment configurer cela dans IntelliJ idea. Moins simple malheureusement Web Des raisons “égoïstes” de rendre les UIs plus accessibles https://nolanlawson.com/2025/06/16/selfish-reasons-for-building-accessible-uis/ Raisons égoïstes : Des avantages personnels pour les développeurs de créer des interfaces utilisateurs (UI) accessibles, au-delà des arguments moraux. Débogage facilité : Une interface accessible, avec une structure sémantique claire, est plus facile à déboguer qu'un code désordonné (la « soupe de div »). Noms standardisés : L'accessibilité fournit un vocabulaire standard (par exemple, les directives WAI-ARIA) pour nommer les composants d'interface, ce qui aide à la clarté et à la structuration du code. Tests simplifiés : Il est plus simple d'écrire des tests automatisés pour des éléments d'interface accessibles, car ils peuvent être ciblés de manière plus fiable et sémantique. Après 20 ans de stagnation, la spécification du format d'image PNG évolue enfin ! https://www.programmax.net/articles/png-is-back/ Objectif : Maintenir la pertinence et la compétitivité du format. Recommandation : Soutenu par des institutions comme la Bibliothèque du Congrès américain. Nouveautés Clés :Prise en charge du HDR (High Dynamic Range) pour une plus grande gamme de couleurs. Reconnaissance officielle des PNG animés (APNG). Support des métadonnées Exif (copyright, géolocalisation, etc.). Support Actuel : Déjà intégré dans Chrome, Safari, Firefox, iOS, macOS et Photoshop. Futur :Prochaine édition : focus sur l'interopérabilité entre HDR et SDR. Édition suivante : améliorations de la compression. Avec le projet open source Xtool, on peut maintenant construire des applications iOS sur Linux ou Windows, sans avoir besoin d'avoir obligatoirement un Mac https://xtool.sh/tutorials/xtool/ Un tutoriel très bien fait explique comment faire : Création d'un nouveau projet via la commande xtool new. Génération d'un package Swift avec des fichiers clés comme Package.swift et xtool.yml. Build et exécution de l'app sur un appareil iOS avec xtool dev. Connexion de l'appareil en USB, gestion du jumelage et du Mode Développeur. xtool gère automatiquement les certificats, profils de provisionnement et la signature de l'app. Modification du code de l'interface utilisateur (ex: ContentView.swift). Reconstruction et réinstallation rapide de l'app mise à jour avec xtool dev. xtool est basé sur VSCode sur la partie IDE Data et Intelligence Artificielle Nouvelle edition du best seller mondial “Understanding LangChain4j” : https://www.linkedin.com/posts/agoncal_langchain4j-java-ai-activity-7342825482830200833-rtw8/ Mise a jour des APIs (de LC4j 0.35 a 1.1.0) Nouveaux Chapitres sur MCP / Easy RAG / JSon Response Nouveaux modeles (GitHub Model, DeepSeek, Foundry Local) Mise a jour des modeles existants (GPT-4.1, Claude 3.7…) Google donne A2A a la Foundation Linux https://developers.googleblog.com/en/google-cloud-donates-a2a-to-linux-foundation/ Annonce du projet Agent2Agent (A2A) : Lors du sommet Open Source Summit North America, la Linux Foundation a annoncé la création du projet Agent2Agent, en partenariat avec Google, AWS, Microsoft, Cisco, Salesforce, SAP et ServiceNow. Objectif du protocole A2A : Ce protocole vise à établir une norme ouverte pour permettre aux agents d'intelligence artificielle (IA) de communiquer, collaborer et coordonner des tâches complexes entre eux, indépendamment de leur fournisseur. Transfert de Google à la communauté open source : Google a transféré la spécification du protocole A2A, les SDK associés et les outils de développement à la Linux Foundation pour garantir une gouvernance neutre et communautaire. Soutien de l'industrie : Plus de 100 entreprises soutiennent déjà le protocole. AWS et Cisco sont les derniers à l'avoir validé. Chaque entreprise partenaire a souligné l'importance de l'interopérabilité et de la collaboration ouverte pour l'avenir de l'IA. Objectifs de la fondation A2A : Établir une norme universelle pour l'interopérabilité des agents IA. Favoriser un écosystème mondial de développeurs et d'innovateurs. Garantir une gouvernance neutre et ouverte. Accélérer l'innovation sécurisée et collaborative. parler de la spec et surement dire qu'on aura l'occasion d'y revenir Gemini CLI :https://blog.google/technology/developers/introducing-gemini-cli-open-source-ai-agent/ Agent IA dans le terminal : Gemini CLI permet d'utiliser l'IA Gemini directement depuis le terminal. Gratuit avec compte Google : Accès à Gemini 2.5 Pro avec des limites généreuses. Fonctionnalités puissantes : Génère du code, exécute des commandes, automatise des tâches. Open source : Personnalisable et extensible par la communauté. Complément de Code Assist : Fonctionne aussi avec les IDE comme VS Code. Au lieu de blocker les IAs sur vos sites vous pouvez peut-être les guider avec les fichiers LLMs.txt https://llmstxt.org/ Exemples du projet angular: llms.txt un simple index avec des liens : https://angular.dev/llms.txt lllms-full.txt une version bien plus détaillée : https://angular.dev/llms-full.txt Outillage Les commits dans Git sont immuables, mais saviez vous que vous pouviez rajouter / mettre à jour des “notes” sur les commits ? https://tylercipriani.com/blog/2022/11/19/git-notes-gits-coolest-most-unloved-feature/ Fonctionnalité méconnue : git notes est une fonctionnalité puissante mais peu utilisée de Git. Ajout de métadonnées : Permet d'attacher des informations à des commits existants sans en modifier le hash. Cas d'usage : Idéal pour ajouter des données issues de systèmes automatisés (builds, tickets, etc.). Revue de code distribuée : Des outils comme git-appraise ont été construits sur git notes pour permettre une revue de code entièrement distribuée, indépendante des forges (GitHub, GitLab). Peu populaire : Son interface complexe et le manque de support des plateformes de forge ont limité son adoption (GitHub n'affiche même pas/plus les notes). Indépendance des forges : git notes offre une voie vers une plus grande indépendance vis-à-vis des plateformes centralisées, en distribuant l'historique du projet avec le code lui-même. Un aperçu dur Spring Boot debugger dans IntelliJ idea ultimate https://blog.jetbrains.com/idea/2025/06/demystifying-spring-boot-with-spring-debugger/ montre cet outil qui donne du contexte spécifique à Spring comme les beans non activés, ceux mockés, la valeur des configs, l'état des transactions Il permet de visualiser tous les beans Spring directement dans la vue projet, avec les beans non instanciés grisés et les beans mockés marqués en orange pour les tests Il résout le problème de résolution des propriétés en affichant la valeur effective en temps réel dans les fichiers properties et yaml, avec la source exacte des valeurs surchargées Il affiche des indicateurs visuels pour les méthodes exécutées dans des transactions actives, avec les détails complets de la transaction et une hiérarchie visuelle pour les transactions imbriquées Il détecte automatiquement toutes les connexions DataSource actives et les intègre avec la fenêtre d'outils Database d'IntelliJ IDEA pour l'inspection Il permet l'auto-complétion et l'invocation de tous les beans chargés dans l'évaluateur d'expression, fonctionnant comme un REPL pour le contexte Spring Il fonctionne sans agent runtime supplémentaire en utilisant des breakpoints non-suspendus dans les bibliothèques Spring Boot pour analyser les données localement Une liste communautaire sur les assistants IA pour le code, lancée par Lize Raes https://aitoolcomparator.com/ tableau comparatif qui permet de voir les différentes fonctionnalités supportées par ces outils Architecture Un article sur l'architecture hexagonale en Java https://foojay.io/today/clean-and-modular-java-a-hexagonal-architecture-approach/ article introductif mais avec exemple sur l'architecture hexagonale entre le domaine, l'application et l‘infrastructure Le domain est sans dépendance L‘appli spécifique à l'application mais sans dépendance technique explique le flow L'infrastructure aura les dépendances à vos frameworks spring, Quarkus Micronaut, Kafka etc Je suis naturellement pas fan de l'architecture hexagonale en terme de volume de code vs le gain surtout en microservices mais c'est toujours intéressant de se challenger et de regarder le bénéfice coût. Gardez un œil sur les technologies avec les tech radar https://www.sfeir.dev/cloud/tech-radar-gardez-un-oeil-sur-le-paysage-technologique/ Le Tech Radar est crucial pour la veille technologique continue et la prise de décision éclairée. Il catégorise les technologies en Adopt, Trial, Assess, Hold, selon leur maturité et pertinence. Il est recommandé de créer son propre Tech Radar pour l'adapter aux besoins spécifiques, en s'inspirant des Radars publics. Utilisez des outils de découverte (Alternativeto), de tendance (Google Trends), de gestion d'obsolescence (End-of-life.date) et d'apprentissage (roadmap.sh). Restez informé via les blogs, podcasts, newsletters (TLDR), et les réseaux sociaux/communautés (X, Slack). L'objectif est de rester compétitif et de faire des choix technologiques stratégiques. Attention à ne pas sous-estimer son coût de maintenance Méthodologies Le concept d'expert generaliste https://martinfowler.com/articles/expert-generalist.html L'industrie pousse vers une spécialisation étroite, mais les collègues les plus efficaces excellent dans plusieurs domaines à la fois Un développeur Python expérimenté peut rapidement devenir productif dans une équipe Java grâce aux concepts fondamentaux partagés L'expertise réelle comporte deux aspects : la profondeur dans un domaine et la capacité d'apprendre rapidement Les Expert Generalists développent une maîtrise durable au niveau des principes fondamentaux plutôt que des outils spécifiques La curiosité est essentielle : ils explorent les nouvelles technologies et s'assurent de comprendre les réponses au lieu de copier-coller du code La collaboration est vitale car ils savent qu'ils ne peuvent pas tout maîtriser et travaillent efficacement avec des spécialistes L'humilité les pousse à d'abord comprendre pourquoi les choses fonctionnent d'une certaine manière avant de les remettre en question Le focus client canalise leur curiosité vers ce qui aide réellement les utilisateurs à exceller dans leur travail L'industrie doit traiter “Expert Generalist” comme une compétence de première classe à nommer, évaluer et former ca me rappelle le technical staff Un article sur les métriques métier et leurs valeurs https://blog.ippon.fr/2025/07/02/monitoring-metier-comment-va-vraiment-ton-service-2/ un article de rappel sur la valeur du monitoring métier et ses valeurs Le monitoring technique traditionnel (CPU, serveurs, API) ne garantit pas que le service fonctionne correctement pour l'utilisateur final. Le monitoring métier complète le monitoring technique en se concentrant sur l'expérience réelle des utilisateurs plutôt que sur les composants isolés. Il surveille des parcours critiques concrets comme “un client peut-il finaliser sa commande ?” au lieu d'indicateurs abstraits. Les métriques métier sont directement actionnables : taux de succès, délais moyens et volumes d'erreurs permettent de prioriser les actions. C'est un outil de pilotage stratégique qui améliore la réactivité, la priorisation et le dialogue entre équipes techniques et métier. La mise en place suit 5 étapes : dashboard technique fiable, identification des parcours critiques, traduction en indicateurs, centralisation et suivi dans la durée. Une Definition of Done doit formaliser des critères objectifs avant d'instrumenter tout parcours métier. Les indicateurs mesurables incluent les points de passage réussis/échoués, les temps entre actions et le respect des règles métier. Les dashboards doivent être intégrés dans les rituels quotidiens avec un système d'alertes temps réel compréhensibles. Le dispositif doit évoluer continuellement avec les transformations produit en questionnant chaque incident pour améliorer la détection. La difficulté c'est effectivement l'évolution métier par exemple peu de commandes la nuit etc ça fait partie de la boîte à outils SRE Sécurité Toujours à la recherche du S de Sécurité dans les MCP https://www.darkreading.com/cloud-security/hundreds-mcp-servers-ai-models-abuse-rce analyse des serveurs mcp ouverts et accessibles beaucoup ne font pas de sanity check des parametres si vous les utilisez dans votre appel genAI vous vous exposer ils ne sont pas mauvais fondamentalement mais n'ont pas encore de standardisation de securite si usage local prefferer stdio ou restreindre SSE à 127.0.0.1 Loi, société et organisation Nicolas Martignole, le même qui a créé le logo des Cast Codeurs, s'interroge sur les voies possibles des développeurs face à l'impact de l'IA sur notre métier https://touilleur-express.fr/2025/06/23/ni-manager-ni-contributeur-individuel/ Évolution des carrières de développeur : L'IA transforme les parcours traditionnels (manager ou expert technique). Chef d'Orchestre d'IA : Ancien manager qui pilote des IA, définit les architectures et valide le code généré. Artisan Augmenté : Développeur utilisant l'IA comme un outil pour coder plus vite et résoudre des problèmes complexes. Philosophe du Code : Un nouveau rôle centré sur le “pourquoi” du code, la conceptualisation de systèmes et l'éthique de l'IA. Charge cognitive de validation : Nouvelle charge mentale créée par la nécessité de vérifier le travail des IA. Réflexion sur l'impact : L'article invite à choisir son impact : orchestrer, créer ou guider. Entraîner les IAs sur des livres protégés (copyright) est acceptable (fair use) mais les stocker ne l'est pas https://www.reuters.com/legal/litigation/anthropic-wins-key-ruling-ai-authors-copyright-lawsuit-2025-06-24/ Victoire pour Anthropic (jusqu'au prochain procès): L'entreprise a obtenu gain de cause dans un procès très suivi concernant l'entraînement de son IA, Claude, avec des œuvres protégées par le droit d'auteur. “Fair Use” en force : Le juge a estimé que l'utilisation des livres pour entraîner l'IA relevait du “fair use” (usage équitable) car il s'agit d'une transformation du contenu, pas d'une simple reproduction. Nuance importante : Cependant, le stockage de ces œuvres dans une “bibliothèque centrale” sans autorisation a été jugé illégal, ce qui souligne la complexité de la gestion des données pour les modèles d'IA. Luc Julia, son audition au sénat https://videos.senat.fr/video.5486945_685259f55eac4.ia–audition-de-luc-julia-concepteur-de-siri On aime ou pas on aide pas Luc Julia et sa vision de l'IA . C'est un eversion encore plus longue mais dans le même thème que sa keynote à Devoxx France 2025 ( https://www.youtube.com/watch?v=JdxjGZBtp_k ) Nature et limites de l'IA : Luc Julia a insisté sur le fait que l'intelligence artificielle est une “évolution” plutôt qu'une “révolution”. Il a rappelé qu'elle repose sur des mathématiques et n'est pas “magique”. Il a également alerté sur le manque de fiabilité des informations fournies par les IA génératives comme ChatGPT, soulignant qu'« on ne peut pas leur faire confiance » car elles peuvent se tromper et que leur pertinence diminue avec le temps. Régulation de l'IA : Il a plaidé pour une régulation “intelligente et éclairée”, qui devrait se faire a posteriori afin de ne pas freiner l'innovation. Selon lui, cette régulation doit être basée sur les faits et non sur une analyse des risques a priori. Place de la France : Luc Julia a affirmé que la France possédait des chercheurs de très haut niveau et faisait partie des meilleurs mondiaux dans le domaine de l'IA. Il a cependant soulevé le problème du financement de la recherche et de l'innovation en France. IA et Société : L'audition a traité des impacts de l'IA sur la vie privée, le monde du travail et l'éducation. Luc Julia a souligné l'importance de développer l'esprit critique, notamment chez les jeunes, pour apprendre à vérifier les informations générées par les IA. Applications concrètes et futures : Le cas de la voiture autonome a été discuté, Luc Julia expliquant les différents niveaux d'autonomie et les défis restants. Il a également affirmé que l'intelligence artificielle générale (AGI), une IA qui dépasserait l'homme dans tous les domaines, est “impossible” avec les technologies actuelles. Rubrique débutant Les weakreferences et le finalize https://dzone.com/articles/advanced-java-garbage-collection-concepts un petit rappel utile sur les pièges de la méthode finalize qui peut ne jamais être invoquée Les risques de bug si finalize ne fini jamais Finalize rend le travail du garbage collector beaucoup plus complexe et inefficace Weak references sont utiles mais leur libération n'est pas contrôlable. Donc à ne pas abuser. Il y a aussi les soft et phantom references mais les usages ne sont assez subtils et complexe en fonction du GC. Le sériel va traiter les weak avant les soft, parallel non Le g1 ça dépend de la région Z1 ça dépend car le traitement est asynchrone Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 14-19 juillet 2025 : DebConf25 - Brest (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 22-24 septembre 2025 : Kernel Recipes - Paris (France) 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2 octobre 2025 : Nantes Craft - Nantes (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-7 octobre 2025 : Swift Connection 2025 - Paris (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9 octobre 2025 : DevCon #25 : informatique quantique - Paris (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16 octobre 2025 : Power 365 - 2025 - Lille (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 17 octobre 2025 : Sylius Con 2025 - Lyon (France) 17 octobre 2025 : ScalaIO 2025 - Paris (France) 20 octobre 2025 : Codeurs en Seine - Rouen (France) 23 octobre 2025 : Cloud Nord - Lille (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 5-6 novembre 2025 : Tech Show Paris - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 6 novembre 2025 : Agile Tour Aix-Marseille 2025 - Gardanne (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 19 novembre 2025 : SREday Paris 2025 Q4 - Paris (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : DevFest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 1-2 décembre 2025 : Tech Rocks Summit 2025 - Paris (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 9-11 décembre 2025 : APIdays Paris - Paris (France) 9-11 décembre 2025 : Green IO Paris - Paris (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 12-13 février 2026 : Touraine Tech #26 - Tours (France) 22-24 avril 2026 : Devoxx France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. The better question is, "What do you want to secure?" We discuss the Cybersecurity Skills Framework put together by the OpenSSF and the Linux Foundation and how you might prepare for one of its job families. The important basics aren't about memorizing lists or technical details, but demonstrating experience in working with technologies, understanding how they can fail, and being able to express concerns, recommendations, and curiosity about their security properties. Resources: https://cybersecurityframework.io https://owasp.org/www-project-cheat-sheets/ https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/ https://aflplus.plus/ https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-339

What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. The better question is, "What do you want to secure?" We discuss the Cybersecurity Skills Framework put together by the OpenSSF and the Linux Foundation and how you might prepare for one of its job families. The important basics aren't about memorizing lists or technical details, but demonstrating experience in working with technologies, understanding how they can fail, and being able to express concerns, recommendations, and curiosity about their security properties. Resources: https://cybersecurityframework.io https://owasp.org/www-project-cheat-sheets/ https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/ https://aflplus.plus/ https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-339

What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. The better question is, "What do you want to secure?" We discuss the Cybersecurity Skills Framework put together by the OpenSSF and the Linux Foundation and how you might prepare for one of its job families. The important basics aren't about memorizing lists or technical details, but demonstrating experience in working with technologies, understanding how they can fail, and being able to express concerns, recommendations, and curiosity about their security properties. Resources: https://cybersecurityframework.io https://owasp.org/www-project-cheat-sheets/ https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/ https://aflplus.plus/ https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/ Show Notes: https://securityweekly.com/asw-339

Thank you to the folks at Sustain (https://sustainoss.org/) for providing the hosting account for CHAOSSCast! CHAOSScast – Episode 114 In this episode of CHAOSScast, hosts Georg Link and Nicole Huesman engage in a deep discussion with Christian Taylor, Terence (Tex) McCutcheon, and Johnny Kelly about measuring and enhancing open source community health through innovative methods. Christian and his team share their experiences in implementing the 'paid open source model' within the Cardano blockchain community, designed to retain and motivate contributors. The panel discusses a variety of topics, including governance models, the integration of AI for report generation, and the challenges of balancing open source principles with corporate interests. They also explore specific tools and metrics used to evaluate project health and community engagement, providing an illuminating look into the future of open source development. Hit the download button now! [00:01:40] Our guests give a brief introduction. [00:04:37] Christian provides a non-technical intro to Cardano, a top blockchain focused on peer reviewed, academic rigor. [00:06:07] Johnny explains Cardano's high decentralization via SPOs, DReps, and community tools like GovTool, and Christian outlines how open source ties in. [00:09:39] Christian talks about open source governance and Intersect and explains Intersect serves like the Linux Foundation for Cardano, holding code, facilitating contribution ladders, and launching an incubation program. [00:13:06] Georg gives a summary for those who are new: Cardano's treasury is funded via blockchain transaction fees. This funding supports open source development, tools, documentation, and maintainers, and Christian elaborates more about this. [00:15:39] Johnny details governance and funding decisions and Christian emphasizes the transparency and checks and balance system. [00:17:08] Nicole raises concerns about aligning paid models with open source ethos and Christian discusses Intersect's neutral, community-owned governance structure and internal checks and Johnny shares a link about the current members and the elective process within Intersect. [00:20:37] Christian shares using Bitergia and CHAOSS metrics to build out Cardano's open source health dashboard. Focus areas were response times, geographic contributions, contribution ladders, and project maturity. [00:26:03] Tex shares their dashboard is public and useful for spotting high-impact projects. He aims to improve documentation standards and repo governance practices. [00:31:05] Georg gives a brief description of the “jellyfish diagrams” that show how developers connect across projects. [00:33:26] Christian shares their approach to using AI in metrics reporting and Tex emphasizes AI assists analysis but doesn't replace human validation. [00:37:10] Nicole asks if the paid open source model is being shared externally. Christian confirms they presented the model at open source summits, validated it with leading experts, stress-tested with community input, and outlines a six month pilot of the model. Value Adds (Picks) of the week: [00:44:06] Georg's pick is going on his first cruise. [00:45:07] Christian's pick is family. [00:45:54] Tex's pick is simplicity. [00:46:38] Johnny's pick is the Calidus Pool-Key. [00:47:54] Nicole's pick is meeting and interviewing Dr. Laura Kelly. *Panelists: * Georg Link Nicole Huesman Guests: Christian Taylor Terence (Tex) McCutcheon Johnny Kelly Links: CHAOSS (https://chaoss.community/) CHAOSS Project X (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) CHAOSS YouTube (https://www.youtube.com/@CHAOSStube/videos) podcast@chaoss.community (mailto:podcast@chaoss.community) Georg Link Website (https://georg.link/) Nicole Huesman X (https://twitter.com/uoduckswtd) Christian Taylor X (https://x.com/DeOpenSourceGuy) Christian Taylor LinkedIn (https://www.linkedin.com/in/christian-taylor-766b01b1/) Terence McCutcheon X (https://x.com/Tmacqt87) Terence McCutcheon LinkedIn (https://www.linkedin.com/in/tex-oso/) Johnny Kelly X (https://x.com/intertreeJK) Johnny Kelly LinkedIn (https://www.linkedin.com/in/intertreejk/) Open Source Office at Intersect MBO (YouTube) (https://www.youtube.com/@osointersectmbo) Cardano (https://cardano.org/) Cardano GovTool (https://gov.tools/) Intersect (https://www.intersectmbo.org/) Intersect Committees (https://committees.docs.intersectmbo.org/intersect-open-source-committee/about/readme/committee-members) Open Source Office (OSO) (https://committees.docs.intersectmbo.org/intersect-open-source-committee/about/open-source-office-oso) Bitergia Repo Maturity Reports (https://committees.docs.intersectmbo.org/intersect-open-source-committee/all-monthly-reports/bitergia-repo-maturity-reports) Edinburgh Decentralization Index Dashboard (https://informatics.ed.ac.uk/blockchain/edi/dashboard) Contribution Ladder Framework (https://committees.docs.intersectmbo.org/intersect-open-source-committee/policies/contribution-ladder-framework) Current Open Source Committee Members list and Term Rotation Schedules (https://committees.docs.intersectmbo.org/intersect-open-source-committee/about/readme/committee-members) Bitergia Monthly Maturity Reports for 2025 (https://committees.docs.intersectmbo.org/intersect-open-source-committee/all-monthly-reports/bitergia-repo-maturity-reports/monthly-maturity-reports-2025) Introductory Article on POSM (Intersect) (https://www.intersectmbo.org/news/the-paid-open-source-model) Intersecting Open Source and Sustainability: A Paid Open Source Model for Ecosystems Full PDF (https://493748844-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLBdnzp0eZpGri9sVpseI%2Fuploads%2FvuisqFT8uCyKSDgpNmyW%2FPaid%20Open%20Source%20Model-%20LIVE.pdf?alt=media&token=577c8bd1-c9df-43a0-8b57-e883ddb1254a) Bitergia Dashboard (https://intersectmbo.biterg.io/app/dashboards#/view/Overview) The Paid Open Source Model Concept (YouTube) (https://www.youtube.com/watch?v=j4PgqaPWNT4) New Calidus Pool-Key for SPOs and Services Interacting with Pools (https://forum.cardano.org/t/new-calidus-pool-key-for-spos-and-services-interacting-with-pools/143812) She Lights the Way (https://shelightstheway.com/) Dr. Laura Kelly (https://drlaurakelly.com/) Special Guests: Johnny Kelly, Christian Taylor, and Terence (Tex) McCutheon.

In dieser Episode nehmen wir dich mit auf eine Reise hinter die Kulissen von Home Assistant – dem Open-Source-Giganten für Home Automation, der den Smart-Home-Markt im Sturm erobert hat. Es geht um eine Frage, die (fast) jede Tech-Community irgendwann beschäftigt: Ab welchem Punkt reicht Ehrenamt nicht mehr aus, und wie schafft man Strukturen, die weltweit Wirkung entfalten?Zusammen mit Pascal Vizeli – Co-Founder und CFO von Nabu Casa und Gründungsvorstand der Open Home Foundation – tauchen wir tief ein: Wie wächst ein Open-Source-Projekt von einer Freizeitidee zum internationalen Backbone für Smart Homes? Warum braucht es eine Schweizer Stiftung, um Kommerzialisierung zu verhindern? Und was hat es mit Works With Home Assistant, lizenzierten Produkten, Hardware-Innovationen und politischen Ambitionen auf sich?Spannend wird's, wenn Pascal erzählt, wie es gelingt, aus Community-Engagement professionelle Jobs zu machen, warum Datenschutz und Nachhaltigkeit zentrale Werte sind und wie Open Source endlich auch die großen Hersteller in die Pflicht nimmt. Dazu gibt's jede Menge Insights aus der Welt des Home Assistant, von Cloud-Diensten und Lizenzmodellen bis hin zum Kampf für offene Standards, Transparenz und das Recht an den eigenen Daten.Eine Folge, die nicht nur Smart-Home-Fans elektrisiert, sondern zeigt, wie Open Source zu echtem gesellschaftlichen Impact wird. Jetzt reinhören und Open Source mit ganz neuen Augen sehen!Bonus: Wer immer schon wissen wollte, warum Vereinsbuchhaltung manchmal wichtiger ist als Programmieren und wie man mit einer Non-Profit-Stiftung weltweit Standards definiert – hier kommt die Antwort.Unsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:

Send us a textLinking the Travel Industry is a business travel podcast where we review the top travel industry stories that are posted on LinkedIn by LinkedIn members.  We curate the top posts and discuss with them with travel industry veterans in a live session with audience members.  You can join the live recording session by visiting BusinessTravel360.comYour Hosts are Riaan van Schoor, Ann Cederhall and Aash ShravahStories covered on this session include -As part of a restructure, JetBlue stops serving Miami.Qatar Airways receives plenty of praise for the way in which it handled the airspace closure incident, with thousands of passengers affected. Their CEO posted an open letter about the event.Barcelona's airport receives a $3.7b fund to expand, despite a local community heavily opposed to "overtourism".The yearly business and TravelTech Show in London concludes, with no major announcements.At the North American Open Source Summit held this week, Google announced they will be donating their Agent2Agent protocol to The Linux Foundation. This has huge implications for travel according to the OpenTravel Alliance.UK hotel chain Travelodge Hotels Limited partners with Katanox to improve their bookability amongst TMCs.SAS - Scandinavian Airlines returns to India after 17 years, with a Copenhagen - Mumbai flight planned from June.....next year.Extra Stories & Space News! You can subscribe to this podcast by searching 'BusinessTravel360' on your favorite podcast player or visiting BusinessTravel360.comThis podcast was created, edited and distributed by BusinessTravel360.  Be sure to sign up for regular updates at BusinessTravel360.com - Enjoy!Support the show

In this episode of Reality 2.0, Doc and Katherine return after a long hiatus to discuss a range of topics including AI and security concerns, the evolution of cloud-native technologies, and the growing complexity of AI-related projects within various Linux Foundation groups. The conversation also touches on approaches to AI and privacy, the potential for AI to assist in personal and professional tasks, and the importance of standardizing and simplifying best practices for AI deployment. The episode wraps up with insights on the innovative 'My Terms' project aimed at flipping the cookie consent model to better respect user privacy. The hosts also emphasize the importance of constructive conversations and maintaining optimism about the future of technology. 00:00 Welcome Back to Reality 2.0 00:36 Upcoming Open Source Summit 01:03 Linux Foundation and AI Initiatives 04:20 Apple's Approach to Personal AI 05:11 Challenges of AI and Data Privacy 07:16 Potential of Personal AI Models 11:10 Human Interaction with AI 26:50 Innovations in Cookie Consent 31:08 Commitment to More Frequent Episodes 33:16 Closing Remarks and Future Plans Site/Blog/Newsletter (https://www.reality2cast.com) FaceBook (https://www.facebook.com/reality2cast) Twitter (https://twitter.com/reality2cast) Mastodon (https://linuxrocks.online/@reality2cast)

Send us a textThe Cloud Gambit is joining the Packet Pushers Network! Launched in 2023 as an independent podcast, The Cloud Gambit was created for engineers who lead, leaders who build, and founders who need both perspectives. We are thrilled at the opportunity to continue our podcasting journey on the Packet Pushers Network. To keep following the show, you will need to resubscribe on your favorite pod catcher. You can find updated links below!New Podcast Links!The Cloud Gambit: https://packetpushers.net/podcast/the-cloud-gambit/Apple Podcasts: https://podcasts.apple.com/us/podcast/the-cloud-gambit/id1823741017Spotify: https://open.spotify.com/show/23UdyZ3ZwCKB7clwULXyeSPocketcasts: https://pocketcasts.com/podcasts/43146260-380d-013e-acd1-0e87279210d5RSS Feed: https://feeds.packetpushers.net/thecloudgambit/Other Links from the ShowA2A to Linux Foundation: https://developers.googleblog.com/en/google-cloud-donates-a2a-to-linux-foundation/OpenAI Google Deal?: https://www.reuters.com/business/retail-consumer/openai-taps-google-unprecedented-cloud-deal-despite-ai-rivalry-sources-say-2025-06-10/Tech Giants Emission Surge: https://www.reuters.com/sustainability/climate-energy/tech-giants-indirect-emissions-rose-150-three-years-ai-expands-un-agency-says-2025-06-05/

In this episode of Campus Technology Insider Podcast Shorts, Rhea Kelly discusses a Microsoft report showing increased student AI usage, with 93% of American students using AI for school tasks. Cisco introduces AgenticOps, an AI-first approach to IT operations, featuring the Cisco AI Assistant, AI Canvas, and Deep Network Model. The Linux Foundation will host the Agent2Agent protocol project to promote secure AI agent communication. Stay tuned for more updates in higher education technology. 00:00 Introduction to Campus Technology Insider Podcast 00:15 Microsoft Report: Surge in Student AI Usage 00:50 Cisco's AgenticOps: Revolutionizing IT Operations 01:28 Linux Foundation Hosts Agent2Agent Protocol 02:02 Conclusion and Upcoming Break Announcement Source links: Survey: Student AI Use on the Rise Cisco Introduces AI-First Approach to IT Operations Linux Foundation to Host Protocol for AI Agent Interoperability Campus Technology Insider Podcast Shorts are curated by humans and narrated by AI.

If you like what you hear, please subscribe, leave us a review and tell a friend!

OpenSearch has become a cornerstone of open source search and observability, empowering developers and organizations to derive meaningful insights from unstructured data at scale. The past year marks a significant milestone in its journey, with OpenSearch officially joining The Linux Foundation, further cementing its position in the open source ecosystem.Now, after two years of 2.x, the next major release is here, and it brings significant advancements in performance, data management, vector database functionality, and much more. In this episode we dive into the 3.0 release, across lexical, semantic, and hybrid search, vector database improvements, observability capabilities, performance boosts, and much more. We also look at the community and ecosystem, the recent move of the project under The Linux Foundation, and some of the interesting use cases out there.  Our guests for this episode are Carl Meadows, Chair of the Governing Board of the OpenSearch Software Foundation, and Pallavi Priyadarshini, member of the Technical Steering Committee and the OpenSearch 3.0 release manager.The episode was live-streamed on 9 June 2025 and the video is available at https://www.youtube.com/watch?v=u4T-ksTAmxgYou can read the recap post: https://medium.com/p/fb526e0d44e5/Show Notes:00:00 - intro03:30 - OpenSearch joins the Linux Foundation06:05 - the community and Technical Steering Committee11:39 - why now 3.0?13:53 - performance improvements17:55 - vector database and MCP for agentic AI support23:20 - what's new with observability30:14 - Discover UI view and anomaly detection33:55 - the vision for OpenSearch and differentiation37:33 - Data Prepper ingestion component44:28 - gRPC and Protobuf support49:47 - 3.1 release and the 3.x line55:25 - where to follow and join the community1:03:12 - outro Resources:OpenSearch 3.0 announcement blog: https://opensearch.org/blog/unveiling-opensearch-3-0/OpenSearch public roadmap: https://github.com/orgs/opensearch-project/projects/220 OpenSearchCon and other events: https://opensearch.org/events/New Observability Special Interest Group: https://www.linkedin.com/feed/update/urn:li:share:7336739972877537281/Socials:BlueSky: https://bsky.app/profile/openobservability.bsky.socialLinkedIn: https://www.linkedin.com/company/openobservability/Twitter:⁠ https://twitter.com/OpenObserv⁠YouTube: ⁠https://www.youtube.com/@openobservabilitytalks⁠Dotan Horovits============Twitter: @horovitsLinkedIn: www.linkedin.com/in/horovitsMastodon: @horovits@fosstodonBlueSky: @horovits.bsky.socialCarl Meadows============Twitter: https://x.com/Carl_F_MeadowsLinkedIn: https://www.linkedin.com/in/carlfmeadows/Pallavi Priyadarshini=================LinkedIn: https://www.linkedin.com/in/pallavipr/OpenObservability Talks episodes are released monthly, on the last Thursday of each month and are available for listening on your favorite podcast app and on YouTube.We live-stream the episodes on Twitch and YouTube Live - tune in to see us live, and chime in with your comments and questions on the live chat.⁠⁠⁠⁠⁠https://www.youtube.com/@openobservabilitytalks⁠⁠  ⁠https://www.twitch.tv/openobservability⁠⁠

In this episode of The WP Minute+, I sit down with Carrie Dils and Karim Marucchi to talk through FAIR—short for Federated and Independent Repositories—a new package management project launched under the Linux Foundation. If you're in the WordPress space and wondering what FAIR is, why it matters, and how it might change the plugin and theme ecosystem, this is the episode for you.Carrie, one of FAIR's elected co-chairs, walks us through the technical architecture and vision for FAIR, including how it aims to bring more resilience and transparency to how plugins and themes are distributed. Karim adds broader context from his enterprise experience, making the case for why redundancy and federation are vital for WordPress's future. We touch on the practical details of how FAIR works today—including Fastly nodes, AspirePress, and the .3 plugin release—while looking ahead at governance, funding, and how the Linux Foundation structures this initiative.Of course, I have some tough questions: How will FAIR balance governance with innovation? Will it become “just another bureaucracy”? How do we avoid turning this into a divisive issue—FAIR vs. .org? We talk about those tensions and the team's intention for FAIR to extend WordPress, not split it. There's also a good reality check on how plugin moderation, security scanning, and transparency are being improved through this effort.Whether you're running an agency, building WordPress products, or just care about where the ecosystem is heading, this episode gives you a grounded view of what FAIR is—and what it isn't.Great Takeaways & Quotes:"This isn't a fork. This is a failover." — Karim Marucchi"FAIR isn't just about today's plugin distribution problems—it's about creating a foundation for the next 20 years of WordPress.""We're building a system where plugin trust, provenance, and availability don't rely on a single choke point.""Yes, FAIR is about stability, but it's also about discoverability—for both users and developers." — Carrie Dils"We're not trying to replace .org—we've invited .org to join the federation.""Even though you don't see a difference when you update a plugin, that's the point. FAIR is meant to be invisible until you need it."Important URLs Mentioned:FAIR Project GitHub (via fair.pm)Linux Foundation announcement on FAIRAspirePress ★ Support this podcast ★

This week, we cover Apple's WWDC updates—from containerization to Foundation Models—and the Linux Foundation's new FAIR Package Manager. Plus, we crown the best SDT Uber rider Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/fNPlQJf7BSw?si=a7decAcUn1Hy-um6) 524 (https://www.youtube.com/live/fNPlQJf7BSw?si=a7decAcUn1Hy-um6) Runner-up Titles Infinite Workday. No more Eudora Revealed productivity. I threw up a tarp over my desk. We agreed to not talk about it It's a box in a box alias docker=containerization When does systemd get an MCP server? All the AIs are above-average We're not going to do anything and Apple's going to make our podcast better I should go read it again, but I won't Don't make the Linux Foundation clean up your mess The Internet Foundation Option (Alt) + Shift + 2 == € Rundown Breaking down the infinite workday (https://www.microsoft.com/en-us/worklab/work-trend-index/breaking-down-infinite-workday) WWDC Enterprise Recap Containerization (https://github.com/apple/containerization) Mac containers (https://github.com/apple/container?tab=readme-ov-file#container) Meet Containerization - WWDC25 - Videos - Apple Developer (https://developer.apple.com/videos/play/wwdc2025/346/) Apple updates Spotlight to take actions on your Mac (https://techcrunch.com/2025/06/09/apple-updates-spotlight-to-take-actions-on-your-mac/) Apple Supercharges Spotlight in macOS Tahoe With Quick Keys and More (https://www.macrumors.com/2025/06/09/apple-supercharges-spotlight-in-macos-tahoe-with-quick-keys-and-more/) Foundation Models (https://developer.apple.com/documentation/foundationmodels) Foundation Models adapter training (https://developer.apple.com/apple-intelligence/foundation-models-adapter/) Apple brings ChatGPT and other AI models to Xcode (https://techcrunch.com/2025/06/09/apple-brings-chatgpt-and-other-ai-models-to-xcode/) Apple services deliver powerful features and intelligent updates to users this fall (https://www.apple.com/newsroom/2025/06/apple-services-deliver-powerful-features-and-intelligent-updates-to-users-this-fall/) tvOS 26 Introduces Automatic Sign-In Feature for Apple TV Apps (https://www.macrumors.com/2025/06/13/tvos-26-automatic-sign-in/) Welcome to WWDC25 (https://www.youtube.com/watch?v=NdgNud1gWzg) One Year Left: Apple's Long Goodbye For Intel Macs (https://tedium.co/2025/06/09/apple-wwdc-intel-mac-support-ending/) Apple is shipping through it (https://www.platformer.news/apple-wwdc-2025-ai/?ref=platformer-newsletter) WordPress must play FAIR Linux Foundation Announces the FAIR Package Manager Project for Open Source Content Management System Stability (https://www.linuxfoundation.org/press/linux-foundation-announces-the-fair-package-manager-project-for-open-source-content-management-system-stability?utm_content=334921785&utm_medium=social&utm_source=twitter&hss_channel=tw-14706299) WordPress veterans launch FAIR project to tackle security and control concerns (https://www.fastcompany.com/91347003/wordpress-veterans-launch-fair-project-to-tackle-security-and-control-concerns) FAIR Package Manager project (https://github.com/fairpm) Relevant to your Interests Door Dash delivery at O'Hare exposes hole in airport security (https://wgntv.com/news/wgn-investigates/ohare-food-delivery-driver-tarmac-airport-security/) Cursor's Anysphere nabs $9.9B valuation, soars past $500M ARR (https://techcrunch.com/2025/06/05/cursors-anysphere-nabs-9-9b-valuation-soars-past-500m-arr/) Ensh*ttification, Live! Micah and Cory Doctorow in Conversation (https://www.wnycstudios.org/podcasts/otm/articles/enshttification-live-micah-and-cory-doctorow-in-conversation) Quant Firm's $1 Billion Code Is Focus of Rare Criminal Case (https://www.bloomberg.com/news/features/2025-06-08/wall-street-trade-secrets-1-billion-code-star-in-theft-case) BYD Unleashes an EV Industry Reckoning That Alarms Beijing (https://finance.yahoo.com/news/byd-unleashes-ev-industry-reckoning-210000104.html?guccounter=1&guce_referrer=aHR0cHM6Ly9tYXN0b2Rvbi5zb2NpYWwv&guce_referrer_sig=AQAAACdyrkbzRsvm2yrjUpnk-ZoEChm2HKfqsRvQ3-5qL5l5DslEVyEIAHBZHJfsWobisLNGXtuXSw6g5UMvSDXinhxt6KQKXRrtrai50TlXVsKzr-9Ch9bk3B3wrqb8MVPHDhM3mnu8sue0e7y6MT2AWzXTlr-9q-9OJuox5ehaI6XS) No Yapping (https://bsky.app/profile/simonwillison.net/post/3lqegqt3gns2v?ck_subscriber_id=512840665&utm_source=convertkit&utm_medium=email&utm_campaign=%5BLast+Week+in+AWS%5D+Issue+#426:%20AWS's%20Snaky%20Region%20-%2017901826) Apple supercharges its tools and technologies for developers (https://www.apple.com/newsroom/2025/06/apple-supercharges-its-tools-and-technologies-for-developers/) Starbucks to roll out Microsoft Azure OpenAI assistant for baristas (https://www.cnbc.com/2025/06/10/starbucks-to-roll-out-microsoft-azure-openai-assistant-for-baristas.html) The Modern Observability Roundtable: AI, Rising Costs and OpenTelemetry (https://thenewstack.io/the-modern-observability-roundtable-ai-rising-costs-and-opentelemetry/?link_source=ta_bluesky_link&taid=6850e84a64f5a20001b6b561&utm_campaign=trueanthem&utm_medium=social&utm_source=bluesky) Python's Security Savior: Chainguard Battles Supply Chain Risk (https://thenewstack.io/pythons-security-savior-chainguard-battles-supply-chain-risk/?link_source=ta_bluesky_link&taid=685158d164f5a20001b6b899&utm_campaign=trueanthem&utm_medium=social&utm_source=bluesky) A Look Back at Q1 '25 Public Cloud Software Earnings (https://cloudedjudgement.substack.com/p/a-look-back-at-q1-25-public-cloud?utm_source=post-email-title&publication_id=56878&post_id=166107679&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Amazon's Jassy Says AI Will Reduce Company's Corporate Workforce (https://www.bloomberg.com/news/articles/2025-06-17/amazon-s-jassy-says-ai-will-reduce-company-s-corporate-workforce?embedded-checkout=true) Message from CEO Andy Jassy: Some thoughts on Generative AI (https://www.aboutamazon.com/news/company-news/amazon-ceo-andy-jassy-on-generative-ai) The changing landscape for news podcasts across countries (https://reutersinstitute.politics.ox.ac.uk/digital-news-report/2025/changing-landscape-news-podcasts-across-countries) FAA to eliminate floppy disks used in air traffic control systems - Windows 95 also being phased out (https://www.tomshardware.com/pc-components/storage/the-faa-seeks-to-eliminate-floppy-disk-usage-in-air-traffic-control-systems) Incremental AI is better than civilization changing AI (https://newsletter.cote.io/p/incremental-ai-is-better-than-civilization?utm_source=post-email-title&publication_id=50&post_id=166221577&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Message from CEO Andy Jassy: Some thoughts on Generative AI (https://www.aboutamazon.com/news/company-news/amazon-ceo-andy-jassy-on-generative-ai) Meta in Talks for Scale AI Investment That Could Top $10 Billion (https://www.bloomberg.com/news/articles/2025-06-08/meta-in-talks-for-scale-ai-investment-that-could-top-10-billion?srnd=phx-deals) Remote MCP support in Claude Code (https://www.anthropic.com/news/claude-code-remote-mcp) Sam Altman says Meta tried and failed to poach OpenAI's talent with $100M offers (https://techcrunch.com/2025/06/17/sam-altman-says-meta-tried-and-failed-to-poach-openais-talent-with-100m-offers/) Nonsense TSA urges people to stop trying to use a Costco card as a sufficient REAL ID (https://www.wsfa.com/2025/06/06/tsa-urges-people-stop-trying-use-costco-card-sufficient-real-id/#jws1au56yepvkb57za6d23t2eoolh67) Buc-ee's, a Pit Stop to Refuel Cars, Stomachs and Souls, Spreads Beyond Texas (https://www.nytimes.com/2025/06/14/us/bucees-mississippi.html?smid=nytcore-ios-share&referringSource=articleShare) 201 ways to say ‘fuck': what 1.7 billion words of online text shows about how the world swears (https://theconversation.com/201-ways-to-say-fuck-what-1-7-billion-words-of-online-text-shows-about-how-the-world-swears-257815) Are you a loudcaster? (https://elizabethtai.com/2025/06/07/are-you-a-loudcaster/) Listener Feedback Wes recommends iSH (https://ish.app/) — Linux shell of the iPhone Conferences CF Day EU (https://events.linuxfoundation.org/cloud-foundry-day-europe/), Frankfurt, October 7th, 2025. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Watch Dept. Q (https://www.netflix.com/title/81487660) Matt: Call of Duty: Modern Warfare Remastered (https://store.steampowered.com/app/393080/Call_of_Duty_Modern_Warfare_Remastered_2017/) Coté: INFILTRATE. SURVEY. PERCEIVE by Reyes Makes Games (https://reyesraine.itch.io/infiltrate-survey-perceive). Photo Credits Header (https://unsplash.com/s/photos/keyboards?license=free&orientation=landscape)

The Evolving Role of Open Source in Financial Services with GitLab's George KichukovIn this episode of the FINOS podcast, Grizz Griswold interviews George Kichukov from GitLab to discuss the transformative effect of open-source technology in financial services. The conversation covers the adoption of secure open-source practices, the importance of a strong engineering culture, and the benefits of contributing back to the open-source community. George shares insights from his 20-year career, including his extensive experience at Citibank, and elaborates on his current role in improving software delivery at GitLab. The episode also highlights upcoming events like the Open Source and Finance Forum (OSFF) and the vital role of sponsors in fostering industry collaboration.00:00 The Evolution of Open Source in Financial Services01:32 Upcoming OSFF Events and Sponsors01:33 Upcoming OSFF Events and Sponsors03:31 Introduction to George Kichukov from GitLab03:52 George's Role and Experience at GitLab06:36 George's Career Journey Before GitLab12:15 The Importance of Developer Experience15:56 The Role of Open Source in Developer Experience20:57 The Shift in Financial Services Towards Open Source26:58 Conclusion and Final ThoughtsGeorge Kichukov: https://www.linkedin.com/in/kichukov/GitLab: https://about.gitlab.com/ Grizz Griswold: https://www.linkedin.com/in/aarongriswold Find more info about FINOS: On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletterLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

X11 is basically dead (again) and we are quite pleased, the Linux Foundation sets out to fix the WordPress mess and some of us are cynical, custom ROMs for Pixel phones are going to be much more difficult to make, Apple is adding proper OCI containers to macOS, and more.   News Ubuntu 25.10 drops... Read More

X11 is basically dead (again) and we are quite pleased, the Linux Foundation sets out to fix the WordPress mess and some of us are cynical, custom ROMs for Pixel phones are going to be much more difficult to make, Apple is adding proper OCI containers to macOS, and more.   News Ubuntu 25.10 drops... Read More

Exploring Data Mesh and Open Source Governance with Daniel PaesIn this episode of the FINOS podcast, Grizz Griswold interviews Daniel Paes, a FINOS Ambassador. They discuss concepts like data mesh, data contracts, and the use of open source tools like Legend and CDM in data governance. Daniel shares his journey from a business intelligence analyst in Brazil to a principal director at a CloudOps and DataOps company in Canada. They also talk about the Open Source and Finance Forum (OSFF), upcoming events, and Daniel's innovative projects like Runink. This episode offers insights into the adoption of open source tools in financial services and practical applications of data governance models.00:00 Introduction to CDM and Legend01:07 Upcoming OSFF Events and Sponsors03:06 Meet Daniel Paes: Background and Career04:08 Daniel's Journey with Open Source06:20 Open Source in Brazil and Canada11:31 Daniel's Career Path15:32 Current Projects and API Days Insights15:42 Exploring FINOS Legend and CDM22:07 Runink: A New Open Source Project29:12 Becoming a FINOS Ambassador30:10 Conclusion and Future PlansDaniel Paes: https://www.linkedin.com/in/danspaes/Runink: https://www.runink.org/Grizz Griswold: https://www.linkedin.com/in/aarongriswold Find more info about FINOS: On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletterLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

In this podcast episode, host Michelle Frechette welcomes Carrie Dils, Mika Epstein, and Ryan McCue to discuss their roles in the WordPress community and the new FAIR project. The group explores FAIR's mission to create a federated independent repository system for WordPress plugins and themes, focusing on decentralization, community-driven moderation, inclusive governance, and privacy. They address challenges like supporting premium plugins, reducing environmental impact, and fostering global participation. The episode highlights FAIR's collaborative, open-source approach and invites listeners to get involved through GitHub and community meetings, aiming to shape a more innovative and inclusive WordPress ecosystem.Top Takeaways:FAIR Is Reimagining Plugin Discovery and Trust for WordPress: FAIR is building a more open, decentralized ecosystem for WordPress plugin discovery—empowering both end users and developers. By enabling verified directories and authenticated plugin listings (via methods like DNS verification), FAIR provides an alternative to the limitations of the WordPress.org repo, while increasing transparency, user safety, and trust.Community Participation Is Central to FAIR's Success: The FAIR initiative is deeply community-driven. Contributors are encouraged to get involved through GitHub Discussions, introduce themselves, offer help, or join working groups. The leadership team is intentionally building these groups based on people's skills and availability, rather than predefined roles—making FAIR flexible, inclusive, and open to evolving needs.FAIR Encourages Innovation Outside Traditional WordPress Constraints: The project provides an alternative path for plugin creators who may not want to follow the traditional WordPress.org model (e.g., having to release a free version first). With FAIR, creators can request to be listed in aggregator directories that are more flexible, values-aligned, or niche-focused—fostering innovation and lowering barriers to entry.FAIR Is Still in Early Development—and Actively Growing: While the FAIR plugin and protocol are live (accessible via fair.pm), the ecosystem is in its formative stages. The team is prioritizing essential needs (the “MVP”) and building infrastructure to support future growth in documentation, marketing, design, development, and user testing. They welcome feedback on plugin issues, conflicts, and ideas, encouraging broad experimentation and iteration.Mentioned in the Show:FAIRLinkedIn LearningAwesome MotiveLez Watch TVHuman MadeAspire PressGravatarLinux Foundation ProjectBlueskyWPCCBlack PressMastodon DrupalCourtney RobertsonAutomatticMediaWikiMonster InsightsGravity FormsFastly

  In this episode of hashtag Trending, host Jim Love covers several significant tech developments. A new Linux Foundation study has found that 89% of companies using AI are adopting open-source models, with smaller businesses leading the trend due to cost benefits. Google's recent major outage, caused by an invalid automated quota update, highlights vulnerabilities in cloud concentration risk. SpaceX's Starlink-to-phone service is set to launch, offering text capabilities in remote areas, though it comes at a premium cost. Lastly, the transition to renewable energy faces a bottleneck due to a shortage of high-voltage cables required to connect renewable sources to the power grid. These cables are crucial but complex to manufacture, posing a significant challenge to global clean energy goals. 00:00 Introduction and Host Welcome 00:19 Open Source AI Adoption 03:32 Google's Major Outage Explained 07:02 Starlink Satellite to Phone Service 09:14 Challenges in Renewable Energy Transition 12:54 Conclusion and Call for Support

Exploring Common Controls and Governance in Financial Services with Kosli's CEO, Mike LongIn this episode of the FINOS podcast, Grizz Griswold interviews Mike Long, CEO and founder of Kosli. They discuss the challenges of AI readiness and managing risk in financial services, focusing on the importance of common control definitions in SDLC processes. Mike shares his journey from studying AI and computer science to founding Kosli, emphasizing the role of automation in governance and compliance. The conversation highlights the significance of community and collaboration within FINOS to solve industry-level problems, touching on AI, regulatory compliance, and the future of governance automation. Mike also reflects on the evolution of agent-based solutions and their applications in current tech environments. Tune in for insights on making engineering processes more efficient and the importance of shared understanding in tech and compliance.00:00 Introduction to Control Definitions01:14 Upcoming OSFF Events and Sponsors03:13 Meet Mike Long, CEO of Kosli03:47 Mike Long's Background and Career Journey07:01 Challenges in Financial Services and Kosli's Solutions09:54 Joining FINOS and Goals for Collaboration16:22 The Importance of Community in FINOS20:37 Future of AI and Autonomous Agents24:11 Closing Remarks and OSFF LondonKosli: https://www.kosli.com/Mike Long: https://www.linkedin.com/in/mikelongkosliGrizz Griswold: https://www.linkedin.com/in/aarongriswold Find more info about FINOS: On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletterLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

OctoSQL & Vulnerability Data OctoSQL is a neat tool to query files in different formats using SQL. This can, for example, be used to query the JSON vulnerability files from CISA or NVD and create interesting joins between different files. https://isc.sans.edu/diary/OctoSQL+Vulnerability+Data/32026 Mirai vs. Wazuh The Mirai botnet has now been observed exploiting a vulnerability in the open-source EDR tool Wazuh. https://www.akamai.com/blog/security-research/botnets-flaw-mirai-spreads-through-wazuh-vulnerability DNS4EU The European Union created its own public recursive resolver to offer a public resolver compliant with European privacy laws. This resolver is currently operated by ENISA, but the intent is to have a commercial entity operate and support it by a commercial entity. https://www.joindns4.eu/ WordPress FAIR Package Manager Recent legal issues around different WordPress-related entities have made it more difficult to maintain diverse sources of WordPress plugins. With WordPress plugins usually being responsible for many of the security issues, the Linux Foundation has come forward to support the FAIR Package Manager, a tool intended to simplify the management of WordPress packages. https://github.com/fairpm

In this episode, I unpack the big announcement behind FAIR — the Federated and Independent Repository — a new package manager initiative under the Linux Foundation. Scooped by The Repository and launched during WordCamp Europe week, FAIR promises decentralized plugin and theme distribution for WordPress, reducing reliance on wordpress.org and introducing a new governance model for the ecosystem. On paper, that's a huge shift.But I've got more questions than answers. Why the Linux Foundation? Is this really just for WordPress? And what does “a replacement for the ecosystem” even mean? For freelancers, agency owners, and power users like you and me, the pitch feels abstract. FAIR might offer technical insurance, but what does it actually do to help us build faster, better, more sustainable sites today?This episode is less about hot takes and more about critical thinking — exploring FAIR from the lens of a working professional in WordPress, not someone living in contributor Slack channels. I want to know how this changes our day-to-day, and whether FAIR will drive real innovation… or just become another layer of complexity.Key Takeaways:“This isn't a fork of WordPress — it's a backend distribution layer, a replacement for the plugin update plumbing we all rely on.”“I have more questions than clarity: is this really just about stability, or is it something much bigger?”“Adoption is everything. Without host and agency support, FAIR is just another plugin.”“WordPress has a packaging problem. FAIR needs to solve that — not just technically, but with messaging that speaks to the average power user.”“We want open source to thrive. But we also want clarity, transparency, and solutions that actually make WordPress better for our clients.”URLs Mentioned:FAIR press release from the Linux FoundationThe Repository's FAIR coverageAspirePressWPCCAlt Ctrl Org livestream ★ Support this podcast ★

The ClickHouse® project is a rising star in observability and analytics, challenging performance conventions with its breakneck speed. This open source OLAP column store, originally developed at Yandex to power their web analytics platform at massive scale, has quickly evolved into one of the hottest open source observability data stores around. Its published performance benchmarks have been the topic of conversation, outperforming many legacy databases and setting a new bar for fast queries over large volumes of data.Our guest for this episode is Robert Hodges, CEO of Altinity — the second largest contributor to the ClickHouse project. With over 30 years of experience in databases, Robert brings deep insights into how ClickHouse is challenging legacy databases at scale. We'll also explore Altinity's just-launched groundbreaking open source project—Project Antalya—which extends ClickHouse with Apache Iceberg shared storage, unlocking dramatic improvements in both performance and cost efficiency. Think 90% reductions in storage costs and 10 to 100x faster queries, all without requiring any changes to your existing applications.The episode was live-streamed on 20 May 2025 and the video is available at https://www.youtube.com/watch?v=VeyTL2JlWp0You can read the recap post: https://medium.com/p/2004160b2f5e/ OpenObservability Talks episodes are released monthly, on the last Thursday of each month and are available for listening on your favorite podcast app and on YouTube.We live-stream the episodes on Twitch and YouTube Live - tune in to see us live, and chime in with your comments and questions on the live chat.⁠⁠https://www.youtube.com/@openobservabilitytalks⁠  https://www.twitch.tv/openobservability⁠Show Notes:00:00 - Intro01:38 - ClickHouse elevator pitch02:46 - guest intro04:48 - ClickHouse under the hood08:15 - SQL and the database evolution path 11:20 - the return of SQL16:13 - design for speed 17:14 - use cases for ClickHouse19:18 - ClickHouse ecosystem22:22 - ClickHouse on Kubernetes 31:45 - know how ClickHouse works inside to get the most out of it 38:59 - ClickHouse for Observability46:58 - Project Antalya55:03 - Kubernetes 1.33 release55:32 - OpenSearch 3.0 release56:01 - New Permissive License for ML Models Announced by the Linux Foundation57:08 - OutroResources:ClickHouse on GitHub: https://github.com/ClickHouse/ClickHouse Shopify's Journey to Planet-Scale Observability: https://medium.com/p/9c0b299a04ddProject Antalya: https://altinity.com/blog/getting-started-with-altinitys-project-antalya https://cmtops.dev/posts/building-observability-with-clickhouse/ Kubernetes 1.33 release highlights: https://www.linkedin.com/feed/update/urn:li:activity:7321054742174924800/ New Permissive License for Machine Learning Models Announced by the Linux Foundation: https://www.linkedin.com/feed/update/urn:li:share:7331046183244611584  Opensearch 3.0 major release: https://www.linkedin.com/posts/horovits_opensearch-activity-7325834736008880128-kCqrSocials:Twitter:⁠ https://twitter.com/OpenObserv⁠YouTube: ⁠https://www.youtube.com/@openobservabilitytalks⁠Dotan Horovits============X (Twitter): @horovitsLinkedIn: www.linkedin.com/in/horovitsMastodon: @horovits@fosstodonBlueSky: @horovits.bsky.socialRobert Hodges=============LinkedIn: https://www.linkedin.com/in/berkeleybob2105/ 

Network APIs are heralded as a game changer in the ongoing struggle of 5G operators to make a good return on their enormous investments in building these highly capable networks. Unlike previous attempts, stars might be aligning this time to make APIs successful. Aduna was formed by a collaborative effort between Infra major Ericsson and scores of handpicked large global 5G operators. In this episode, I speak to Anthony Bartolo, CEO of Aduna. We discuss the reasons for Aduna's existence, how it collaborates with the GSMA's Open Gateway initiative and the Linux Foundation's CAMARA project, typical use cases, target verticals, traction so far, the role of hyperscalers, who have their own large app ecosystems, which is crucial for API proliferation, and more. We also delve into Aduna's business and revenue model, how other players can join, what the future holds, and how the company defines the success of this effort.

In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for secure design, and discuss the new Cybersecurity Skills Framework from the OpenSSF and Linux Foundation. Then we share two more sponsored interviews from this year's RSAC Conference. With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io's solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization's entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control. This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-331

In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for secure design, and discuss the new Cybersecurity Skills Framework from the OpenSSF and Linux Foundation. Then we share two more sponsored interviews from this year's RSAC Conference. With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io's solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization's entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control. This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-331

In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for secure design, and discuss the new Cybersecurity Skills Framework from the OpenSSF and Linux Foundation. Then we share two more sponsored interviews from this year's RSAC Conference. With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io's solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization's entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control. This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo! Show Notes: https://securityweekly.com/asw-331

Dr. Weijia Zhang is a renowned expert on interoperability, bridges, and is the Regional Head of China for the Enterprise Ethereum Alliance. So he knows a thing or two about what it takes to bring Web3 into production.Interoperability was supposed to be the great accelerator (ahead of privacy tech) for Web3 to really scale and connect apps and ecosystems for the greater good. But have we achieved this yet? Are bridges the answer, or can we do better?In this show, we discuss:- The ideal conditions for use of Blockchain technology- The current technologies and maturity of 'interoperability'- Enterprise use cases Dr. Zhang is most excited about- The role and importance of organisations like EEA and Linux Foundation in driving adoption- What more is needed to see widespread usage of Blockchain technology

In this episode of the FINOS Open Source in Finance webinar series, Karl Moll hosts an engaging panel discussion with Tyler Warden from Sonatype and Aaron Erickson from Nvidia. The topic is 'The Unexpected Risks of AI in Finance,' covering hidden and novel security risks in AI-driven financial systems, the importance of hardware in AI security, and regulatory approaches to AI compliance. The panelists delve into common misconceptions, real-world examples of AI risks, software supply chain issues, and actionable advice for securing AI pipelines. They also discuss the fundamental role of human accountability and the importance of collaboration between security and engineering teams.00:00 Welcome and Introduction03:40 Panelist Introductions05:43 Common Misconceptions in AI Security08:37 Hidden Risks of AI in Finance16:52 Regulatory Approaches to AI Risks23:54 Advice for Compliance Teams30:56 The Importance of Fundamentals in AI31:37 AI's Role in Speeding Up Reaction Times32:56 Building Security into AI Pipelines36:02 Operational Collaboration for AI Security43:07 Designing User-Centric AI Systems48:40 Rapid Fire Q&A on AI Security55:23 Final Thoughts and RecommendationsFind more info about FINOS:On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletterLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

Gros épisode qui couvre un large spectre de sujets : Java, Scala, Micronaut, NodeJS, l'IA et la compétence des développeurs, le sampling dans les LLMs, les DTO, le vibe coding, les changements chez Broadcom et Red Hat ainsi que plusieurs nouvelles sur les licences open source. Enregistré le 7 mai 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-325.mp3 ou en vidéo sur YouTube. News Langages A l'occasion de JavaOne et du lancement de Java 24, Oracle lance un nouveau site avec des ressources vidéo pour apprendre le langage https://learn.java/ site plutôt à destination des débutants et des enseignants couvre la syntaxe aussi, y compris les ajouts plus récents comme les records ou le pattern matching c'est pas le site le plus trendy du monde. Martin Odersky partage un long article sur l'état de l'écosystème Scala et les évolutions du language https://www.scala-lang.org/blog/2025/03/24/evolving-scala.html Stabilité et besoin d'évolution : Scala maintient sa position (~14ème mondial) avec des bases techniques solides, mais doit évoluer face à la concurrence pour rester pertinent. Axes prioritaires : L'évolution se concentre sur l'amélioration du duo sécurité/convivialité, le polissage du langage (suppression des “rugosités”) et la simplification pour les débutants. Innovation continue : Geler les fonctionnalités est exclu ; l'innovation est clé pour la valeur de Scala. Le langage doit rester généraliste et ne pas se lier à un framework spécifique. Défis et progrès : L'outillage (IDE, outils de build comme sbt, scala-cli, Mill) et la facilité d'apprentissage de l'écosystème sont des points d'attention, avec des améliorations en cours (partenariat pédagogique, plateformes simples). Des strings encore plus rapides ! https://inside.java/2025/05/01/strings-just-got-faster/ Dans JDK 25, la performance de la fonction String::hashCode a été améliorée pour être principalement constant foldable. Cela signifie que si les chaînes de caractères sont utilisées comme clés dans une Map statique et immuable, des gains de performance significatifs sont probables. L'amélioration repose sur l'annotation interne @Stable appliquée au champ privé String.hash. Cette annotation permet à la machine virtuelle de lire la valeur du hash une seule fois et de la considérer comme constante si elle n'est pas la valeur par défaut (zéro). Par conséquent, l'opération String::hashCode peut être remplacée par la valeur de hash connue, optimisant ainsi les lookups dans les Map immuables. Un cas limite est celui où le code de hachage de la chaîne est zéro, auquel cas l'optimisation ne fonctionne pas (par exemple, pour la chaîne vide “”). Bien que l'annotation @Stable soit interne au JDK, un nouveau JEP (JEP 502: Stable Values (Preview)) est en cours de développement pour permettre aux utilisateurs de bénéficier indirectement de fonctionnalités similaires. AtomicHash, une implémentation Java d'une HashMap qui est thread-safe, atomique et non-bloquante https://github.com/arxila/atomichash implémenté sous forme de version immutable de Concurrent Hash Trie Librairies Sortie de Micronaut 4.8.0 https://micronaut.io/2025/04/01/micronaut-framework-4-8-0-released/ Mise à jour de la BOM (Bill of Materials) : La version 4.8.0 met à jour la BOM de la plateforme Micronaut. Améliorations de Micronaut Core : Intégration de Micronaut SourceGen pour la génération interne de métadonnées et d'expressions bytecode. Nombreuses améliorations dans Micronaut SourceGen. Ajout du traçage de l'injection de dépendances pour faciliter le débogage au démarrage et à la création des beans. Nouveau membre definitionType dans l'annotation @Client pour faciliter le partage d'interfaces entre client et serveur. Support de la fusion dans les Bean Mappers via l'annotation @Mapping. Nouvelle liveness probe détectant les threads bloqués (deadlocked) via ThreadMXBean. Intégration Kubernetes améliorée : Mise à jour du client Java Kubernetes vers la version 22.0.1. Ajout du module Micronaut Kubernetes Client OpenAPI, offrant une alternative au client officiel avec moins de dépendances, une configuration unifiée, le support des filtres et la compatibilité Native Image. Introduction d'un nouveau runtime serveur basé sur le serveur HTTP intégré de Java, permettant de créer des applications sans dépendances serveur externes. Ajout dans Micronaut Micrometer d'un module pour instrumenter les sources de données (traces et métriques). Ajout de la condition condition dans l'annotation @MetricOptions pour contrôler l'activation des métriques via une expression. Support des Consul watches dans Micronaut Discovery Client pour détecter les changements de configuration distribuée. Possibilité de générer du code source à partir d'un schéma JSON via les plugins de build (Gradle et Maven). Web Node v24.0.0 passe en version Current: https://nodejs.org/en/blog/release/v24.0.0 Mise à jour du moteur V8 vers la version 13.6 : intégration de nouvelles fonctionnalités JavaScript telles que Float16Array, la gestion explicite des ressources (using), RegExp.escape, WebAssembly Memory64 et Error.isError. npm 11 inclus : améliorations en termes de performance, de sécurité et de compatibilité avec les packages JavaScript modernes. Changement de compilateur pour Windows : abandon de MSVC au profit de ClangCL pour la compilation de Node.js sur Windows. AsyncLocalStorage utilise désormais AsyncContextFrame par défaut : offrant une gestion plus efficace du contexte asynchrone. URLPattern disponible globalement : plus besoin d'importer explicitement cette API pour effectuer des correspondances d'URL. Améliorations du modèle de permissions : le flag expérimental --experimental-permission devient --permission, signalant une stabilité accrue de cette fonctionnalité. Améliorations du test runner : les sous-tests sont désormais attendus automatiquement, simplifiant l'écriture des tests et réduisant les erreurs liées aux promesses non gérées. Intégration d'Undici 7 : amélioration des capacités du client HTTP avec de meilleures performances et un support étendu des fonctionnalités HTTP modernes. Dépréciations et suppressions : Dépréciation de url.parse() au profit de l'API WHATWG URL. Suppression de tls.createSecurePair. Dépréciation de SlowBuffer. Dépréciation de l'instanciation de REPL sans new. Dépréciation de l'utilisation des classes Zlib sans new. Dépréciation du passage de args à spawn et execFile dans child_process. Node.js 24 est actuellement la version “Current” et deviendra une version LTS en octobre 2025. Il est recommandé de tester cette version pour évaluer son impact sur vos applications. Data et Intelligence Artificielle Apprendre à coder reste crucial et l'IA est là pour venir en aide : https://kyrylo.org/software/2025/03/27/learn-to-code-ignore-ai-then-use-ai-to-code-even-better.html Apprendre à coder reste essentiel malgré l'IA. L'IA peut assister la programmation. Une solide base est cruciale pour comprendre et contrôler le code. Cela permet d'éviter la dépendance à l'IA. Cela réduit le risque de remplacement par des outils d'IA accessibles à tous. L'IA est un outil, pas un substitut à la maîtrise des fondamentaux. Super article de Anthropic qui essaie de comprendre comment fonctionne la “pensée” des LLMs https://www.anthropic.com/research/tracing-thoughts-language-model Effet boîte noire : Stratégies internes des IA (Claude) opaques aux développeurs et utilisateurs. Objectif : Comprendre le “raisonnement” interne pour vérifier capacités et intentions. Méthode : Inspiration neurosciences, développement d'un “microscope IA” (regarder quels circuits neuronaux s'activent). Technique : Identification de concepts (“features”) et de “circuits” internes. Multilinguisme : Indice d'un “langage de pensée” conceptuel commun à toutes les langues avant de traduire dans une langue particulière. Planification : Capacité à anticiper (ex: rimes en poésie), pas seulement de la génération mot par mot (token par token). Raisonnement non fidèle : Peut fabriquer des arguments plausibles (“bullshitting”) pour une conclusion donnée. Logique multi-étapes : Combine des faits distincts, ne se contente pas de mémoriser. Hallucinations : Refus par défaut ; réponse si “connaissance” active, sinon risque d'hallucination si erreur. “Jailbreaks” : Tension entre cohérence grammaticale (pousse à continuer) et sécurité (devrait refuser). Bilan : Méthodes limitées mais prometteuses pour la transparence et la fiabilité de l'IA. Le “S” dans MCP veut dire Securité (ou pas !) https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b La spécification MCP pour permettre aux LLMs d'avoir accès à divers outils et fonctions a peut-être été adoptée un peu rapidement, alors qu'elle n'était pas encore prête niveau sécurité L'article liste 4 types d'attaques possibles : vulnérabilité d'injection de commandes attaque d'empoisonnement d'outils redéfinition silencieuse de l'outil le shadowing d'outils inter-serveurs Pour l'instant, MCP n'est pas sécurisé : Pas de standard d'authentification Pas de chiffrement de contexte Pas de vérification d'intégrité des outils Basé sur l'article de InvariantLabs https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks Sortie Infinispan 15.2 - pre rolling upgrades 16.0 https://infinispan.org/blog/2025/03/27/infinispan-15-2 Support de Redis JSON + scripts Lua Métriques JVM désactivables Nouvelle console (PatternFly 6) Docs améliorées (métriques + logs) JDK 17 min, support JDK 24 Fin du serveur natif (performances) Guillaume montre comment développer un serveur MCP HTTP Server Sent Events avec l'implémentation de référence Java et LangChain4j https://glaforge.dev/posts/2025/04/04/mcp-client-and-server-with-java-mcp-sdk-and-langchain4j/ Développé en Java, avec l'implémentation de référence qui est aussi à la base de l'implémentation dans Spring Boot (mais indépendant de Spring) Le serveur MCP est exposé sous forme de servlet dans Jetty Le client MCP lui, est développé avec le module MCP de LangChain4j c'est semi independant de Spring dans le sens où c'est dépendant de Reactor et de ses interface. il y a une conversation sur le github d'anthropic pour trouver une solution, mais cela ne parait pas simple. Les fallacies derrière la citation “AI won't replace you, but humans using AI will” https://platforms.substack.com/cp/161356485 La fallacie de l'automatisation vs. l'augmentation : Elle se concentre sur l'amélioration des tâches existantes avec l'IA au lieu de considérer le changement de la valeur de ces tâches dans un nouveau système. La fallacie des gains de productivité : L'augmentation de la productivité ne se traduit pas toujours par plus de valeur pour les travailleurs, car la valeur créée peut être capturée ailleurs dans le système. La fallacie des emplois statiques : Les emplois sont des constructions organisationnelles qui peuvent être redéfinies par l'IA, rendant les rôles traditionnels obsolètes. La fallacie de la compétition “moi vs. quelqu'un utilisant l'IA” : La concurrence évolue lorsque l'IA modifie les contraintes fondamentales d'un secteur, rendant les compétences existantes moins pertinentes. La fallacie de la continuité du flux de travail : L'IA peut entraîner une réimagination complète des flux de travail, éliminant le besoin de certaines compétences. La fallacie des outils neutres : Les outils d'IA ne sont pas neutres et peuvent redistribuer le pouvoir organisationnel en changeant la façon dont les décisions sont prises et exécutées. La fallacie du salaire stable : Le maintien d'un emploi ne garantit pas un salaire stable, car la valeur du travail peut diminuer avec l'augmentation des capacités de l'IA. La fallacie de l'entreprise stable : L'intégration de l'IA nécessite une restructuration de l'entreprise et ne se fait pas dans un vide organisationnel. Comprendre le “sampling” dans les LLMs https://rentry.co/samplers Explique pourquoi les LLMs utilisent des tokens Les différentes méthodes de “sampling” : càd de choix de tokens Les hyperparamètres comme la température, top-p, et leur influence réciproque Les algorithmes de tokenisation comme Byte Pair Encoding et SentencePiece. Un de moins … OpenAI va racheter Windsurf pour 3 milliards de dollars. https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion l'accord n'est pas encore finalisé Windsurf était valorisé à 1,25 milliards l'an dernier et OpenAI a levé 40 milliards dernièrement portant sa valeur à 300 milliards Le but pour OpenAI est de rentrer dans le monde des assistants de code pour lesquels ils sont aujourd'hui absent Docker desktop se met à l'IA… ? Une nouvelle fonctionnalité dans docker desktop 4.4 sur macos: Docker Model Runner https://dev.to/docker/run-genai-models-locally-with-docker-model-runner-5elb Permet de faire tourner des modèles nativement en local ( https://docs.docker.com/model-runner/ ) mais aussi des serveurs MCP ( https://docs.docker.com/ai/mcp-catalog-and-toolkit/ ) Outillage Jetbrains défend la suppression des commentaires négatifs sur son assistant IA https://devclass.com/2025/04/30/jetbrains-defends-removal-of-negative-reviews-for-unpopular-ai-assistant/?td=rt-3a L'IA Assistant de JetBrains, lancée en juillet 2023, a été téléchargée plus de 22 millions de fois mais n'est notée que 2,3 sur 5. Des utilisateurs ont remarqué que certaines critiques négatives étaient supprimées, ce qui a provoqué une réaction négative sur les réseaux sociaux. Un employé de JetBrains a expliqué que les critiques ont été supprimées soit parce qu'elles mentionnaient des problèmes déjà résolus, soit parce qu'elles violaient leur politique concernant les “grossièretés, etc.” L'entreprise a reconnu qu'elle aurait pu mieux gérer la situation, un représentant déclarant : “Supprimer plusieurs critiques d'un coup sans préavis semblait suspect. Nous aurions dû au moins publier un avis et fournir plus de détails aux auteurs.” Parmi les problèmes de l'IA Assistant signalés par les utilisateurs figurent : un support limité pour les fournisseurs de modèles tiers, une latence notable, des ralentissements fréquents, des fonctionnalités principales verrouillées aux services cloud de JetBrains, une expérience utilisateur incohérente et une documentation insuffisante. Une plainte courante est que l'IA Assistant s'installe sans permission. Un utilisateur sur Reddit l'a qualifié de “plugin agaçant qui s'auto-répare/se réinstalle comme un phénix”. JetBrains a récemment introduit un niveau gratuit et un nouvel agent IA appelé Junie, destiné à fonctionner parallèlement à l'IA Assistant, probablement en réponse à la concurrence entre fournisseurs. Mais il est plus char a faire tourner. La société s'est engagée à explorer de nouvelles approches pour traiter les mises à jour majeures différemment et envisage d'implémenter des critiques par version ou de marquer les critiques comme “Résolues” avec des liens vers les problèmes correspondants au lieu de les supprimer. Contrairement à des concurrents comme Microsoft, AWS ou Google, JetBrains commercialise uniquement des outils et services de développement et ne dispose pas d'une activité cloud distincte sur laquelle s'appuyer. Vos images de README et fichiers Markdown compatibles pour le dark mode de GitHub: https://github.blog/developer-skills/github/how-to-make-your-images-in-markdown-on-github-adjust-for-dark-mode-and-light-mode/ Seulement quelques lignes de pure HTML pour le faire Architecture Alors, les DTOs, c'est bien ou c'est pas bien ? https://codeopinion.com/dtos-mapping-the-good-the-bad-and-the-excessive/ Utilité des DTOs : Les DTOs servent à transférer des données entre les différentes couches d'une application, en mappant souvent les données entre différentes représentations (par exemple, entre la base de données et l'interface utilisateur). Surutilisation fréquente : L'article souligne que les DTOs sont souvent utilisés de manière excessive, notamment pour créer des API HTTP qui ne font que refléter les entités de la base de données, manquant ainsi l'opportunité de composer des données plus riches. Vraie valeur : La valeur réelle des DTOs réside dans la gestion du couplage entre les couches et la composition de données provenant de sources multiples en formes optimisées pour des cas d'utilisation spécifiques. Découplage : Il est suggéré d'utiliser les DTOs pour découpler les modèles de données internes des contrats externes (comme les API), ce qui permet une évolution et une gestion des versions indépendantes. Exemple avec CQRS : Dans le cadre de CQRS (Command Query Responsibility Segregation), les réponses aux requêtes (queries) agissent comme des DTOs spécifiquement adaptés aux besoins de l'interface utilisateur, pouvant inclure des données de diverses sources. Protection des données internes : Les DTOs aident à distinguer et protéger les modèles de données internes (privés) des changements externes (publics). Éviter l'excès : L'auteur met en garde contre les couches de mapping excessives (mapper un DTO vers un autre DTO) qui n'apportent pas de valeur ajoutée. Création ciblée : Il est conseillé de ne créer des DTOs que lorsqu'ils résolvent des problèmes concrets, tels que la gestion du couplage ou la facilitation de la composition de données. Méthodologies Même Guillaume se met au “vibe coding” https://glaforge.dev/posts/2025/05/02/vibe-coding-an-mcp-server-with-micronaut-and-gemini/ Selon Andrey Karpathy, c'est le fait de POC-er un proto, une appli jetable du weekend https://x.com/karpathy/status/1886192184808149383 Mais Simon Willison s'insurge que certains confondent coder avec l'assistance de l'IA avec le vibe coding https://simonwillison.net/2025/May/1/not-vibe-coding/ Guillaume c'est ici amusé à développer un serveur MCP avec Micronaut, en utilisant Gemini, l'IA de Google. Contrairement à Quarkus ou Spring Boot, Micronaut n'a pas encore de module ou de support spécifique pour faciliter la création de serveur MCP Sécurité Une faille de sécurité 10/10 sur Tomcat https://www.it-connect.fr/apache-tomcat-cette-faille-activement-exploitee-seulement-30-heures-apres-sa-divulgation-patchez/ Une faille de sécurité critique (CVE-2025-24813) affecte Apache Tomcat, permettant l'exécution de code à distance Cette vulnérabilité est activement exploitée seulement 30 heures après sa divulgation du 10 mars 2025 L'attaque ne nécessite aucune authentification et est particulièrement simple à exécuter Elle utilise une requête PUT avec une charge utile Java sérialisée encodée en base64, suivie d'une requête GET L'encodage en base64 permet de contourner la plupart des filtres de sécurité Les serveurs vulnérables utilisent un stockage de session basé sur des fichiers (configuration répandue) Les versions affectées sont : 11.0.0-M1 à 11.0.2, 10.1.0-M1 à 10.1.34, et 9.0.0.M1 à 9.0.98 Les mises à jour recommandées sont : 11.0.3+, 10.1.35+ et 9.0.99+ Les experts prévoient des attaques plus sophistiquées dans les prochaines phases d'exploitation (upload de config ou jsp) Sécurisation d'un serveur ssh https://ittavern.com/ssh-server-hardening/ un article qui liste les configurations clés pour sécuriser un serveur SSH par exemple, enlever password authentigfication, changer de port, desactiver le login root, forcer le protocol ssh 2, certains que je ne connaissais pas comme MaxStartups qui limite le nombre de connections non authentifiées concurrentes Port knocking est une technique utile mais demande une approche cliente consciente du protocol Oracle admet que les identités IAM de ses clients ont leaké https://www.theregister.com/2025/04/08/oracle_cloud_compromised/ Oracle a confirmé à certains clients que son cloud public a été compromis, alors que l'entreprise avait précédemment nié toute intrusion. Un pirate informatique a revendiqué avoir piraté deux serveurs d'authentification d'Oracle et volé environ six millions d'enregistrements, incluant des clés de sécurité privées, des identifiants chiffrés et des entrées LDAP. La faille exploitée serait la vulnérabilité CVE-2021-35587 dans Oracle Access Manager, qu'Oracle n'avait pas corrigée sur ses propres systèmes. Le pirate a créé un fichier texte début mars sur login.us2.oraclecloud.com contenant son adresse email pour prouver son accès. Selon Oracle, un ancien serveur contenant des données vieilles de huit ans aurait été compromis, mais un client affirme que des données de connexion aussi récentes que 2024 ont été dérobées. Oracle fait face à un procès au Texas concernant cette violation de données. Cette intrusion est distincte d'une autre attaque contre Oracle Health, sur laquelle l'entreprise refuse de commenter. Oracle pourrait faire face à des sanctions sous le RGPD européen qui exige la notification des parties affectées dans les 72 heures suivant la découverte d'une fuite de données. Le comportement d'Oracle consistant à nier puis à admettre discrètement l'intrusion est inhabituel en 2025 et pourrait mener à d'autres actions en justice collectives. Une GitHub action très populaire compromise https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised Compromission de l'action tj-actions/changed-files : En mars 2025, une action GitHub très utilisée (tj-actions/changed-files) a été compromise. Des versions modifiées de l'action ont exposé des secrets CI/CD dans les logs de build. Méthode d'attaque : Un PAT compromis a permis de rediriger plusieurs tags de version vers un commit contenant du code malveillant. Détails du code malveillant : Le code injecté exécutait une fonction Node.js encodée en base64, qui téléchargeait un script Python. Ce script parcourait la mémoire du runner GitHub à la recherche de secrets (tokens, clés…) et les exposait dans les logs. Dans certains cas, les données étaient aussi envoyées via une requête réseau. Période d'exposition : Les versions compromises étaient actives entre le 12 et le 15 mars 2025. Tout dépôt, particulièrement ceux publiques, ayant utilisé l'action pendant cette période doit être considéré comme potentiellement exposé. Détection : L'activité malveillante a été repérée par l'analyse des comportements inhabituels pendant l'exécution des workflows, comme des connexions réseau inattendues. Réaction : GitHub a supprimé l'action compromise, qui a ensuite été nettoyée. Impact potentiel : Tous les secrets apparaissant dans les logs doivent être considérés comme compromis, même dans les dépôts privés, et régénérés sans délai. Loi, société et organisation Les startup the YCombinateur ont les plus fortes croissances de leur histoire https://www.cnbc.com/2025/03/15/y-combinator-startups-are-fastest-growing-in-fund-history-because-of-ai.html Les entreprises en phase de démarrage à Silicon Valley connaissent une croissance significative grâce à l'intelligence artificielle. Le PDG de Y Combinator, Garry Tan, affirme que l'ensemble des startups de la dernière cohorte a connu une croissance hebdomadaire de 10% pendant neuf mois. L'IA permet aux développeurs d'automatiser des tâches répétitives et de générer du code grâce aux grands modèles de langage. Pour environ 25% des startups actuelles de YC, 95% de leur code a été écrit par l'IA. Cette révolution permet aux entreprises de se développer avec moins de personnel - certaines atteignant 10 millions de dollars de revenus avec moins de 10 employés. La mentalité de “croissance à tout prix” a été remplacée par un renouveau d'intérêt pour la rentabilité. Environ 80% des entreprises présentées lors du “demo day” étaient centrées sur l'IA, avec quelques startups en robotique et semi-conducteurs. Y Combinator investit 500 000 dollars dans les startups en échange d'une participation au capital, suivi d'un programme de trois mois. Red Hat middleware (ex-jboss) rejoint IBM https://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html Les activités Middleware de Red Hat (incluant JBoss, Quarkus, etc.) vont être transférées vers IBM, dans l'unité dédiée à la sécurité des données, à l'IAM et aux runtimes. Ce changement découle d'une décision stratégique de Red Hat de se concentrer davantage sur le cloud hybride et l'intelligence artificielle. Mark Little explique que ce transfert était devenu inévitable, Red Hat ayant réduit ses investissements dans le Middleware ces dernières années. L'intégration vise à renforcer l'innovation autour de Java en réunissant les efforts de Red Hat et IBM sur ce sujet. Les produits Middleware resteront open source et les clients continueront à bénéficier du support habituel sans changement. Mark Little affirme que des projets comme Quarkus continueront à être soutenus et que cette évolution est bénéfique pour la communauté Java. Un an de commonhaus https://www.commonhaus.org/activity/253.html un an, démarré sur les communautés qu'ils connaissaient bien maintenant 14 projets et put en accepter plus confiance, gouvernance legère et proteger le futur des projets automatisation de l'administratif, stabiilité sans complexité, les developpeurs au centre du processus de décision ils ont besoins de members et supporters (financiers) ils veulent accueillir des projets au delà de ceux du cercles des Java Champions Spring Cloud Data Flow devient un produit commercial et ne sera plus maintenu en open source https://spring.io/blog/2025/04/21/spring-cloud-data-flow-commercial Peut-être sous l'influence de Broadcom, Spring se met à mettre en mode propriétaire des composants du portefeuille Spring ils disent que peu de gens l'utilisaent en mode OSS et la majorité venait d'un usage dans la plateforme Tanzu Maintenir en open source le coutent du temps qu'ils son't pas sur ces projets. La CNCF protège le projet NATS, dans la fondation depuis 2018, vu que la société Synadia qui y contribue souhaitait reprendre le contrôle du projet https://www.cncf.io/blog/2025/04/24/protecting-nats-and-the-integrity-of-open-source-cncfs-commitment-to-the-community/ CNCF : Protège projets OS, gouvernance neutre. Synadia vs CNCF : Veut retirer NATS, licence non-OS (BUSL). CNCF : Accuse Synadia de “claw back” (reprise illégitime). Revendications Synadia : Domaine nats.io, orga GitHub. Marque NATS : Synadia n'a pas transféré (promesse rompue malgré aide CNCF). Contestation Synadia : Juge règles CNCF “trop vagues”. Vote interne : Mainteneurs Synadia votent sortie CNCF (sans communauté). Support CNCF : Investissement majeur ($ audits, légal), succès communautaire (>700 orgs). Avenir NATS (CNCF) : Maintien sous Apache 2.0, gouvernance ouverte. Actions CNCF : Health check, appel mainteneurs, annulation marque Synadia, rejet demandes. Mais finalement il semble y avoir un bon dénouement : https://www.cncf.io/announcements/2025/05/01/cncf-and-synadia-align-on-securing-the-future-of-the-nats-io-project/ Accord pour l'avenir de NATS.io : La Cloud Native Computing Foundation (CNCF) et Synadia ont conclu un accord pour sécuriser le futur du projet NATS.io. Transfert des marques NATS : Synadia va céder ses deux enregistrements de marque NATS à la Linux Foundation afin de renforcer la gouvernance ouverte du projet. Maintien au sein de la CNCF : L'infrastructure et les actifs du projet NATS resteront sous l'égide de la CNCF, garantissant ainsi sa stabilité à long terme et son développement en open source sous licence Apache-2.0. Reconnaissance et engagement : La Linux Foundation, par la voix de Todd Moore, reconnaît les contributions de Synadia et son soutien continu. Derek Collison, PDG de Synadia, réaffirme l'engagement de son entreprise envers NATS et la collaboration avec la Linux Foundation et la CNCF. Adoption et soutien communautaire : NATS est largement adopté et considéré comme une infrastructure critique. Il bénéficie d'un fort soutien de la communauté pour sa nature open source et l'implication continue de Synadia. Finalement, Redis revient vers une licence open source OSI, avec la AGPL https://foojay.io/today/redis-is-now-available-under-the-agplv3-open-source-license/ Redis passe à la licence open source AGPLv3 pour contrer l'exploitation par les fournisseurs cloud sans contribution. Le passage précédent à la licence SSPL avait nui à la relation avec la communauté open source. Salvatore Sanfilippo (antirez) est revenu chez Redis. Redis 8 adopte la licence AGPL, intègre les fonctionnalités de Redis Stack (JSON, Time Series, etc.) et introduit les “vector sets” (le support de calcul vectoriel développé par Salvatore). Ces changements visent à renforcer Redis en tant que plateforme appréciée des développeurs, conformément à la vision initiale de Salvatore. Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 mai 2025 : GOSIM AI Paris - Paris (France) 7-9 mai 2025 : Devoxx UK - London (UK) 15 mai 2025 : Cloud Toulouse - Toulouse (France) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 22-23 mai 2025 : Flupa UX Days 2025 - Paris (France) 24 mai 2025 : Polycloud - Montpellier (France) 24 mai 2025 : NG Baguette Conf 2025 - Nantes (France) 3 juin 2025 : TechReady - Nantes (France) 5-6 juin 2025 : AlpesCraft - Grenoble (France) 5-6 juin 2025 : Devquest 2025 - Niort (France) 10-11 juin 2025 : Modern Workplace Conference Paris 2025 - Paris (France) 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12 juin 2025 : Positive Design Days - Strasbourg (France) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 19-21 juin 2025 : Drupal Barcamp Perpignan 2025 - Perpignan (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : Devfest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

This podcast interview focuses on the entrepreneurial journey of turning transparency into business advantage. My guest is Zach Wasserman, Cofounder and Tech Evangelist of Fleet.  With over a decade of experience in open source software development, Zach helped create the widely-adopted OSquery project at Facebook in 2014, which has since become an industry standard for device visibility and is now governed by the Linux Foundation. After transitioning through a role at Kolide (later acquired by 1Password), Zach became the maintainer of a project that would eventually evolve into Fleet. Throughout his entrepreneurial journey, Zach discovered that what truly energizes him is "building software that's making someone's life better" - specifically IT administrators and security professionals who manage company devices. This human-centered approach led him to transform a personal passion project into a rapidly growing company that's challenging traditional business models in enterprise software This inspired me to invite Zach to my podcast. We explore how being open source gives Fleet a strategic edge. His approach rejects the common belief that enterprise sales requires complexity and secrecy. We discuss how community building leads to faster adoption and better results than traditional sales tactics. The formula is simple: be transparent, earn trust, and close deals faster. Here's one of his quotes: "The best way to lose a deal is to our own open source product, because those people remain prime prospective customers that we really need to continue to understand and figure out how we are going to build enough new value in that premium product for them to want to pay for it." By listening to this podcast, you will learn: How building on existing open source foundations can give startups immediate credibility with enterprise customers Why passionate early adopters can close deals remarkably easily compared to traditional prospects The entrepreneurial wisdom of identifying and connecting with actual budget holders while still maintaining engineer enthusiasm How customer-driven unexpected use cases can dramatically expand your market vision and product roadmap For more information about the guest from this week:  Guest: Zach Wasserman  Website: fleet.com Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special episode of Mainframe Voices, we explore the excitement surrounding IBM's April 8th announcement of the z17 mainframe through the perspectives of those newer to the mainframe ecosystem. For many of these professionals, this was their first-ever IBM mainframe launch experience.Our guests share what excited them most about the new IBM Telum II processor's AI capabilities, the full-stack approach to innovation, and how these advancements might shape their future careers in the mainframe space. Gain insights into how the next generation of mainframers views these technological developments and the potential impact on their professional journeys.We are delighted to have our guests:Meena Chand - Computer Science Graduate @University of WolverhamptonAleksandr Charcikov - Senior Solutions Advisor @Rocket SoftwareLuisa Barril - Software Engineer @Swedbank Kyle Pressley - Computer Science Student @Bedford CollegeSoner Coşkun - Mainframe Storage Associate System Engineer @Garanti BBVA TechnologyThe Mainframe Connect podcast includes the I am a Mainframer series, Riveting Mainframe Voices series, and other content exploring relevant topics with mainframe professionals, sponsored by the Open Mainframe Project, a Linux Foundation initiative.#IBMz17 #Mainframe #OpenMainframeProject #LinuxFoundation #MainframeConnect #MainframeVoices #IBMzDay #NewMainframers #AIonZ #TelumII

Tim Irnich from SUSE shares his work with Edge computing, focusing on the telecommunications industry. He highlights the importance of standardization and interoperability across the industry, specifically focusing on the widespread adoption of Linux and Kubernetes. Tim also elaborates on Project Sylva, an initiative under the Linux Foundation, aimed at creating a standardized stack for the European telco operators. We also discuss challenges and opportunities presented by the vast array of open source projects within the CNCF landscape and the potential for AI to enhance network efficiency and reliability. The episode provides a comprehensive look into the collaborative efforts and technological advancements shaping the telecom sector. 00:00 Welcome 01:14 Open Source Adoption in the Telco Industry 02:14 Challenges and Standardization in Telco Networks 04:35 Curating Reliable Stacks for Telco 06:11 Project Silva: An Open Source Initiative 18:55 AI in the Telecom Industry 22:11 Conclusion and Final Thoughts   Tim Irnich is the product manager for SUSE Edge for Telco, an open source based horizontal telco cloud solution. He is also a member of the Board of Directors at the LF Europe Sylva Project. Tim has been active in telco related open source communities such as LF Networking, OPNFV, OpenDaylight, OpenStack/OpenInfra for over a decade and held positions on several committees including the LFN TAC, TSC and Board of Directors in OPNFV and OpenDaylight. Before joining SUSE in 2018, Tim worked at Ericsson, where he ran the open source and ecosystem program for Ericsson's cloud business unit and helped found Ericsson's open source development arm that is today known as Ericsson Software Technologies. 

In this special backstage episode of Environment Variables, producer Chris Skipper spotlights the Green AI Committee, an initiative of the Green Software Foundation launched in 2024. Guests Thomas Lewis and Sanjay Podder share the committee's mission to reduce AI's environmental impact through strategic focus on measurement, policy influence, and lifecycle optimization. The episode explores the committee's approach to defining and implementing “green AI,” its contributions to public policy and ISO standards, and collaborative efforts to build tools, best practices, and educational resources that promote sustainable AI development.

KubeCon Europe 2025 in London has wrapped up, and we're bringing you all the highlights, trends, and behind-the-scenes insights straight from the show floor!In this special recap episode, I'm joined by two CNCF Ambassadors and community powerhouses: Kasper Borg Nissen, the Co-Chair of this KubeCon as well as of the KubeCon 2024 editions, and a Developer Relations Engineer at Dash0; and William Rizzo, Consulting Architect at Mirantis and Linkerd Ambassador.Together, we unpack the major themes from the event—from platform engineering and internal developer platforms, to open source observability, and where Kubernetes is headed next. We also chat about the vibe of the community, emerging projects to watch, and important trends in European tech sphere.Whether you missed the conference or want to catch up on important updates you might have missed, this episode gives you a curated take straight from the experts who know the cloud-native space inside out.The episode was live-streamed on 22 April 2025 and the video is available at https://www.youtube.com/watch?v=JyxJOmOEBvQYou can read the recap post: https://medium.com/p/740258a5fa46OpenObservability Talks episodes are released monthly, on the last Thursday of each month and are available for listening on your favorite podcast app and on YouTube.We live-stream the episodes on Twitch and YouTube Live - tune in to see us live, and chime in with your comments and questions on the live chat.⁠⁠https://www.youtube.com/@openobservabilitytalks⁠  https://www.twitch.tv/openobservability⁠Show Notes:00:00 - intro03:28 - KubeCon impressions09:59 - Backstage turns 518:56 - CNCF turns 10 and CNCF annual survey27:22 - Sovereign cloud in Europe and the NeoNephos initiative33:55 - CI/CD use in production increases36:52 - OpenInfra joins the Linux Foundation40:16 - Cloud native local communities, DEI and the BIPOC initiative 51:11 - Observability query standardization SIG updates59:36 - outroResources:CNCF 2024 Annual Survey https://www.cncf.io/reports/cncf-annual-survey-2024/NeoNephos initiative for sovereign EU cloud: https://www.linkedin.com/feed/update/urn:li:share:7313115943075766273/ OpenInfra Foundation and OpenStack join The Linux Foundation: https://www.linkedin.com/feed/update/urn:li:share:7307839934072066048/ Backstage turns 5: https://www.linkedin.com/feed/update/urn:li:activity:7318163557206966272/ Kubernetes 1.33 release: https://www.linkedin.com/feed/update/urn:li:activity:7321054742174924800/Socials:Twitter:⁠ https://twitter.com/OpenObserv⁠YouTube: ⁠https://www.youtube.com/@openobservabilitytalks⁠Dotan Horovits============Twitter: @horovitsLinkedIn: www.linkedin.com/in/horovitsMastodon: @horovits@fosstodonBlueSky: @horovits.bsky.socialKasper Borg Nissen===============Twitter: https://www.twitter.com/phennexLinkedIn: https://www.linkedin.com/in/kaspernissen/BlueSky: https://bsky.app/profile/kaspernissen.xyz⁠William Rizzo===========Twitter: https://twitter.com/WilliamRizzo19LinkedIn: https://www.linkedin.com/in/william-rizzo/BlueSky: https://bsky.app/profile/williamrizzo.bsky.social

Join Grizz Griswold and Rob Moffat from FINOS as they discuss the latest updates in FDC3, a versatile interoperability standard originally designed for financial services but applicable universally. Learn about the evolution of FDC3 version 2.2, the newly released SAIL 2.0 tool, and the upcoming Open Source in Finance Forum in London. Discover the significance of open standards, vendor collaboration, and identity security in the realm of financial technology. Whether you are a developer or a finance professional, this episode offers valuable insights into the ever-evolving landscape of open source in finance.FDC3: https://fdc3.finos.org/00:00 Rob Moffat - Exploring FDC3: Enhancing Interoperability in Finance03:43 Introduction and Greetings03:54 Kubecon and Catching Up04:14 FDC3 Updates Overview05:39 What is FDC3?07:21 FDC3 2.2 and Web Integration10:27 Vendor Conformance and Open Standards13:37 Expanding FDC3 Beyond Finance17:36 Introducing Sail 2.020:09 Upcoming Demos and Events22:29 FDC3 Security and Future Plans28:35 Hackathons and Community Growth33:40 FDC3 Conformance Program37:19 Final Thoughts and ReflectionsFDC3: https://fdc3.finos.org FDC3 Repo: https://github.com/finos/FDC3 FDC3 Sail Sandbox: https://www.finos.org/en/project-sandbox FDC3 Training: https://fdc3.finos.org/trainingFDC3 App Directory: https://directory.fdc3.finos.org/FDC3 Conformance: https://fdc3.finos.org/docs/api/conformance/Conformance-Overview Rob Moffat: https://www.linkedin.com/in/robmoffat Grizz Griswold: https://www.linkedin.com/in/aarongriswold Find more info about FINOS:On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newslette rLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

Cloud native patterns and open source developments were on display at the KubeCon + CloudNativeCon Europe conference. The biannual gathering was showing how the container ecosystem continues to mature and analysts Jean Atelsek and William Fellows join host Eric Hanselman to explore their insights. The Cloud Native Computing Foundation (CNCF), part of the Linux Foundation, continues to expand the event and advance the maturity of the open source projects that are part of its purview. Day 2 operations have been gaining focus and the pre-conference FinOps X event was an indication of the emphasis on operational controls as it digs into infrastructure cost management. The opening “Day 0” events at KubeCon, which have been the forum for specialized project meetings, have become a key part of the conference, with over 6,000 attendees, almost half of the reported 13,000 total.  The Kubernetes container management project is now over ten years old and one of the other signs of technology evolution was the integration of the OpenInfra Foundation, which managed the OpenStack project and other infrastructure elements, into the Linux Foundation. Open source projects are gaining wider adoption and one of the messages from projects and vendors at KubeCon, was the hope that it could offer alternatives to enterprise infrastructure stalwart, VMware. The CNCF is expanding its investments in improving security across the projects under its umbrella. There was also continued development of platform engineering initiatives. Bounding the expanding world of open source projects to create consistent development and operational tool chains for enterprise is one more sign of maturity in the container world. More S&P Global Content: AWS, Microsoft Azure and Google Cloud enter the FinOps vortex For S&P Global subscribers: Kubernetes meets the AI moment in Europe with technology, security, investment Data management, GenAI, hybrid cloud are top Kubernetes workloads – Highlights from VotE: DevOps Kubernetes ecosystem tackles new technical and market challenges Kubernetes, serverless adoption evolve with cloud-native maturity – Highlights from VotE: DevOps Credits: Host/Author: Eric Hanselman Guests: Jean Atelsek, William Fellows Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

In this episode of Alexa's Input (AI), I'm joined by Max Körbächer, Managing Director & Founder of Liquid Reply and author of Platform Engineering for Architects. We cover the real-world challenges of platform engineering, from treating platforms as products to cloud migrations and AI integration. Max also shares insights on the Linux Foundation's open source efforts, the push for environmental sustainability in tech, how workplace dynamics are evolving with the next generation of engineers, and much more!You can now watch on YouTube! Find more from this podcast at https://creators.spotify.com/pod/profile/alexagriffith/Links: LinkedIn: https://www.linkedin.com/in/maxkoerbaecher/Company: https://liquidreply.net/en/Book: https://www.amazon.de/dp/1836203594/ref=cm_sw_r_cp_ud_dp_8ZJWYNK7C2CW0KHX8C5M?skipTwisterOG=1You can support this podcast on the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠creators page⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Make sure to subscribe and follow ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Alexa's Input Twitter account⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ to get notified when a new podcast episode comes out.

An airhacks.fm conversation with Richard Bair (@RichardBair) about: discussion about Hedera public ledger and its underlying technology, explanation of Hashgraph algorithm for consensus and transaction ordering, comparison to other blockchain technologies like Bitcoin and ethereum, Hedera's democratic approach to block production versus leader-based systems, the Linux Foundation project called Hiero where Hedera's code is being moved, explanation of how nodes gossip transactions and come to consensus, the role of the Hedera Governing Council including companies like Dell and IBM, discussion of HBAR as the native token and fee system, comparison of Hedera's fixed dollar-denominated fees versus fluctuating fees in other blockchains, explanation of staking mechanism and how it creates a representative democracy for node selection, technical details about Hedera's Java implementation using Java 21 and modern language features, use of ZGC garbage collector with 200GB heap on consensus nodes, deployment on Linux using docker, discussion of Java modules and challenges with libraries like Netty, custom Protobuf to Java compiler called PBJ for performance optimization, consideration of replacing Netty with Helidon for better virtual thread support, discussion of supply chain security concerns and minimizing dependencies, custom logging implementation to avoid bloated frameworks like Log4j, importance of deterministic code execution across all nodes, challenges of distributed systems where iteration order must be consistent, explanation of node synchronization mechanisms when nodes fall behind, comparison to serverless cloud pricing models, discussion of vertical versus horizontal scaling in blockchain systems Richard Bair on twitter: @RichardBair

Thank you to the folks at Sustain (https://sustainoss.org/) for providing the hosting account for CHAOSSCast! CHAOSScast- Episode 107 In this episode of CHAOSScast, we have a special crossover episode with Sustain, hosted Richard Littauer. Richard chats with CHAOSS contributor Sean Goggins, a tenured full Professor of Computer Science at the University of Missouri. Sean discusses his extensive involvement in the open source community, particularly through his work with the CHAOSS Project, a Linux Foundation initiative focused on understanding and improving open-source project sustainability. Their conversation covers Sean's academic background, his role in CHAOSS, the importance of distributed leadership, and how metrics can impact the sustainability of open source projects. Sean also shares insights into his teaching methods, the challenges of maintaining open source software, and the future direction of his work on CHAOSS and Augur. Hit the download button now! [00:02:32] Sean shares that he's a professor specializing in software engineering, algorithms, data science, and visualization, and he discusses his tenure status and passion for research and open source work. [00:03:48] Sean explains how open source leadership is distributed rather than centralized. [00:05:52] We hear how the CHAOSS Project emerged from studying open source governance and leadership. Sean and Matt Germonprez started working on open source collaboration data and a metrics-focused discussion at a Linux Foundation Summit that led to the founding of the CHAOSS Project in 2017. [00:09:30] Richard asks Sean how he balances research, teaching, and open source. Sean discusses how he splits time between research (40%), teaching (40%), and service (20%), with CHAOSS being a major part of his research efforts. [00:14:34] Sean explains that the Augur Project was born out of a need for structured open source data tracking. [00:16:25] Richard asks Sean if he teaches his students about open source, and he explains that he uses CHAOSS and Auger to teach students about GitHub collaboration, pull requests, and open source workflows. [00:20:32] Sean shares his insights on research and open source. He emphasizes his involvement in maintaining software and aiding organizations in making sense of CHAOSS metrics through Augur, which has given him a deep understanding of open source development. [00:21:51] Sean explains why he thinks metrics help make projects more sustainable and how the CHAOSS community has benefitted from fostering a welcoming environment for both technical and non-technical contributors. [00:26:30] We hear some challenges within CHAOSS where it's been difficult to build a strong developer community around CHAOSS software tools and maintaining open source software requires significant effort. [00:29:18] He goes further to explain how to be a better project and that there's potential for improving project sustainability through structured mentoring and governance. [00:36:14] Sean shares CHAOSS Project's future and research goals. Panelist: Richard Littauer of Sustain Guest: Sean Goggins of CHAOSS Value Adds (Picks)/Spotlight: [00:38:32] Richard's spotlight is BibtexParser. [00:39:28] Sean's spotlight is Stuart Geiger. Links: SustainOSS (https://sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) richard@sustainoss.org (mailto:richard@sustainoss.org) SustainOSS Discourse (https://discourse.sustainoss.org/) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) Open Collective-SustainOSS (Contribute) (https://opencollective.com/sustainoss) Richard Littauer Socials (https://www.burntfen.com/2023-05-30/socials) Sean Goggins Website (https://www.seangoggins.net/) Sean Goggins X (https://x.com/sociallycompute) Nora McDonald Website (https://www.noramcdonald.net/) Nora McDonald-Commonwealth Cyber Initiative (https://cyberinitiative.org/research/researcher-directory/mcdonald-nora.html) Sustain Podcast- 3 episodes featuring guest Georg Link (https://podcast.sustainoss.org/guests/georg-link) Sustain Podcast- 2 episodes featuring guest Dawn Foster (https://podcast.sustainoss.org/guests/foster) Matt Germonprez-Univ. of Nebraska Omaha (https://www.unomaha.edu/college-of-information-science-and-technology/about/faculty-staff/matt-germonprez.php) The Linux Kernel Maintainer Summit-Tokyo, Japan 2025 (https://events.linuxfoundation.org/linux-kernel-maintainer-summit/) Alfred P. Sloan Foundation (https://sloan.org/) CHAOSS (https://chaoss.community/) CHAOSS-GrimoireLab (https://chaoss.github.io/grimoirelab/) CHAOSS-Augur (https://github.com/chaoss/augur) Kelly Blincoe-University of Auckland (https://profiles.auckland.ac.nz/k-blincoe) James Howison (https://james.howison.name/) Sustain Podcast- episode 218 featuring guest James Howison (https://podcast.sustainoss.org/guests/james-howison) Sustain Podcast-episode 243 featuring guest Elizabeth Barron (https://podcast.sustainoss.org/guests/elizabeth-barron) Sustain Podcast-episode 65 featuring guest Brian Proffitt (https://podcast.sustainoss.org/guests/briant-proffitt) Sustain Podcast-2 episodes featuring guest Duane O'Brien (https://podcast.sustainoss.org/guests/duane-obrien) Sustain Podcast-episode 200 featuring guest Stuart Geiger (https://podcast.sustainoss.org/guests/geiger) Digital Infrastructure Podcast- 2 episodes featuring guest Rayya El Zein (https://dif.fireside.fm/guests/rayya-el-zein) BibtexParser (https://bibtexparser.readthedocs.io/en/main/) Stuart Geiger (https://css.ucsd.edu/people/profiles/sgeiger.html) Special Guest: Richard Littauer.

This week Steve and Noah give you tips on hosting your first home server. -- During The Show -- 00:58 Intro Minimum Viable Battle Station Pelican 1620 Cases XREAL Air 2 (https://us.shop.xreal.com/products/xreal-air-2) Ergonomics 09:52 Home Server Questions - Dan Noah's first homelab Pick an OS with low churn, long term OS Generational upgrades Experiment in VMs Starting with a VM host Starting with a file server Don't put 30 drives in one box Noah's vs Steve's approach Do it, Document it, Blow it away, Do it again Know the thing before you automate Low level tech roles being handed to other business people Playbooks Ansible Steve's OpenAudible-TO-AudioBookShelf (https://github.com/stratus-ss/OpenAudible-To-AudioBookShelf) 48:06 Kubernetes - Jeremy Kube Dev Lab (https://www.kubedevlab.com/docs/tutorials/kubernetes-cluster/) Steve's K8s Labs (https://github.com/stratus-ss/k8s-labs) 50:32 News Wire Calibre 8.0 - calibre-ebook.com (https://calibre-ebook.com/new-in/seventeen) Linux 6.14 - lkml.org (https://lkml.org/lkml/2025/3/24/797) Gnome 48 - gnome.org (https://release.gnome.org/48/) Blender 4.4 - blender.org (https://www.blender.org/download/releases/4-4/) Zulip 10 - zulip.com (https://blog.zulip.com/2025/03/20/zulip-10-0-released/) EndeavorOS Mercury Neo - endeavouros.com (https://endeavouros.com/news/mercury-neo-with-linux-6-13-7-and-arch-mirror-ranking-bug-fix/) Finnis 125 - finnix.org (https://blog.finnix.org/2023/03/28/finnix-125-released/) Serpent OS Rebranded to AerynOS - fossforce.com (https://fossforce.com/2025/02/before-it-even-gets-a-stable-release-serpent-os-changes-its-name-to-aerynos/) Rocky Linux Security - fossforce.com (https://fossforce.com/2025/03/rocky-linux-from-ciq-hardened-takes-enterprise-linux-security-to-the-next-level/) Chimera Linux Drops RISC-V - theregister.com (https://www.theregister.com/2025/03/19/chimera_linux_riscv/) Albabat Ransomware - infosecurity-magazine.com (https://www.infosecurity-magazine.com/news/albabat-ransomware-linux-macos/) Hornet Security Module - phoronix.com (https://www.phoronix.com/news/Microsoft-Hornet-Linux-LSM) 3 AI Projects Donated to Linux Foundation - thenewstack.io (https://thenewstack.io/ibm-to-donate-three-ai-related-projects-to-the-cncf/) Trend Micro Open Source - prnewswire.com (https://www.prnewswire.com/news-releases/trend-micro-to-open-source-ai-model-and-agent-to-drive-the-future-of-agentic-cybersecurity-302405393.html) Hugging Face Blueprint - venturebeat.com (https://venturebeat.com/ai/hugging-face-submits-open-source-blueprint-challenging-big-tech-in-white-house-ai-policy-fight/) AlexNet Open Source - spectrum.ieee.org (https://spectrum.ieee.org/alexnet-source-code) Open Source Worth 8.8 Trillion - heise.de (https://www.heise.de/en/news/Harvard-study-Open-source-has-an-economic-value-of-8-8-trillion-dollars-10322643.html) hbs.edu (https://www.hbs.edu/ris/Publication%20Files/24-038_51f8444f-502c-4139-8bf2-56eb4b65c58a.pdf#page=31.22) 52:15 Private Search Engine? - Atypical Kernel SearXNG (https://docs.searxng.org/) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/434) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)