Podcasts about Linux Foundation

In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for secure design, and discuss the new Cybersecurity Skills Framework from the OpenSSF and Linux Foundation. Then we share two more sponsored interviews from this year's RSAC Conference. With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io's solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization's entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control. This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-331

In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for secure design, and discuss the new Cybersecurity Skills Framework from the OpenSSF and Linux Foundation. Then we share two more sponsored interviews from this year's RSAC Conference. With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io's solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization's entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control. This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-331

Dr. Weijia Zhang is a renowned expert on interoperability, bridges, and is the Regional Head of China for the Enterprise Ethereum Alliance. So he knows a thing or two about what it takes to bring Web3 into production.Interoperability was supposed to be the great accelerator (ahead of privacy tech) for Web3 to really scale and connect apps and ecosystems for the greater good. But have we achieved this yet? Are bridges the answer, or can we do better?In this show, we discuss:- The ideal conditions for use of Blockchain technology- The current technologies and maturity of 'interoperability'- Enterprise use cases Dr. Zhang is most excited about- The role and importance of organisations like EEA and Linux Foundation in driving adoption- What more is needed to see widespread usage of Blockchain technology

In this episode of the FINOS Open Source in Finance webinar series, Karl Moll hosts an engaging panel discussion with Tyler Warden from Sonatype and Aaron Erickson from Nvidia. The topic is 'The Unexpected Risks of AI in Finance,' covering hidden and novel security risks in AI-driven financial systems, the importance of hardware in AI security, and regulatory approaches to AI compliance. The panelists delve into common misconceptions, real-world examples of AI risks, software supply chain issues, and actionable advice for securing AI pipelines. They also discuss the fundamental role of human accountability and the importance of collaboration between security and engineering teams.00:00 Welcome and Introduction03:40 Panelist Introductions05:43 Common Misconceptions in AI Security08:37 Hidden Risks of AI in Finance16:52 Regulatory Approaches to AI Risks23:54 Advice for Compliance Teams30:56 The Importance of Fundamentals in AI31:37 AI's Role in Speeding Up Reaction Times32:56 Building Security into AI Pipelines36:02 Operational Collaboration for AI Security43:07 Designing User-Centric AI Systems48:40 Rapid Fire Q&A on AI Security55:23 Final Thoughts and RecommendationsFind more info about FINOS:On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletterLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

Gros épisode qui couvre un large spectre de sujets : Java, Scala, Micronaut, NodeJS, l'IA et la compétence des développeurs, le sampling dans les LLMs, les DTO, le vibe coding, les changements chez Broadcom et Red Hat ainsi que plusieurs nouvelles sur les licences open source. Enregistré le 7 mai 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-325.mp3 ou en vidéo sur YouTube. News Langages A l'occasion de JavaOne et du lancement de Java 24, Oracle lance un nouveau site avec des ressources vidéo pour apprendre le langage https://learn.java/ site plutôt à destination des débutants et des enseignants couvre la syntaxe aussi, y compris les ajouts plus récents comme les records ou le pattern matching c'est pas le site le plus trendy du monde. Martin Odersky partage un long article sur l'état de l'écosystème Scala et les évolutions du language https://www.scala-lang.org/blog/2025/03/24/evolving-scala.html Stabilité et besoin d'évolution : Scala maintient sa position (~14ème mondial) avec des bases techniques solides, mais doit évoluer face à la concurrence pour rester pertinent. Axes prioritaires : L'évolution se concentre sur l'amélioration du duo sécurité/convivialité, le polissage du langage (suppression des “rugosités”) et la simplification pour les débutants. Innovation continue : Geler les fonctionnalités est exclu ; l'innovation est clé pour la valeur de Scala. Le langage doit rester généraliste et ne pas se lier à un framework spécifique. Défis et progrès : L'outillage (IDE, outils de build comme sbt, scala-cli, Mill) et la facilité d'apprentissage de l'écosystème sont des points d'attention, avec des améliorations en cours (partenariat pédagogique, plateformes simples). Des strings encore plus rapides ! https://inside.java/2025/05/01/strings-just-got-faster/ Dans JDK 25, la performance de la fonction String::hashCode a été améliorée pour être principalement constant foldable. Cela signifie que si les chaînes de caractères sont utilisées comme clés dans une Map statique et immuable, des gains de performance significatifs sont probables. L'amélioration repose sur l'annotation interne @Stable appliquée au champ privé String.hash. Cette annotation permet à la machine virtuelle de lire la valeur du hash une seule fois et de la considérer comme constante si elle n'est pas la valeur par défaut (zéro). Par conséquent, l'opération String::hashCode peut être remplacée par la valeur de hash connue, optimisant ainsi les lookups dans les Map immuables. Un cas limite est celui où le code de hachage de la chaîne est zéro, auquel cas l'optimisation ne fonctionne pas (par exemple, pour la chaîne vide “”). Bien que l'annotation @Stable soit interne au JDK, un nouveau JEP (JEP 502: Stable Values (Preview)) est en cours de développement pour permettre aux utilisateurs de bénéficier indirectement de fonctionnalités similaires. AtomicHash, une implémentation Java d'une HashMap qui est thread-safe, atomique et non-bloquante https://github.com/arxila/atomichash implémenté sous forme de version immutable de Concurrent Hash Trie Librairies Sortie de Micronaut 4.8.0 https://micronaut.io/2025/04/01/micronaut-framework-4-8-0-released/ Mise à jour de la BOM (Bill of Materials) : La version 4.8.0 met à jour la BOM de la plateforme Micronaut. Améliorations de Micronaut Core : Intégration de Micronaut SourceGen pour la génération interne de métadonnées et d'expressions bytecode. Nombreuses améliorations dans Micronaut SourceGen. Ajout du traçage de l'injection de dépendances pour faciliter le débogage au démarrage et à la création des beans. Nouveau membre definitionType dans l'annotation @Client pour faciliter le partage d'interfaces entre client et serveur. Support de la fusion dans les Bean Mappers via l'annotation @Mapping. Nouvelle liveness probe détectant les threads bloqués (deadlocked) via ThreadMXBean. Intégration Kubernetes améliorée : Mise à jour du client Java Kubernetes vers la version 22.0.1. Ajout du module Micronaut Kubernetes Client OpenAPI, offrant une alternative au client officiel avec moins de dépendances, une configuration unifiée, le support des filtres et la compatibilité Native Image. Introduction d'un nouveau runtime serveur basé sur le serveur HTTP intégré de Java, permettant de créer des applications sans dépendances serveur externes. Ajout dans Micronaut Micrometer d'un module pour instrumenter les sources de données (traces et métriques). Ajout de la condition condition dans l'annotation @MetricOptions pour contrôler l'activation des métriques via une expression. Support des Consul watches dans Micronaut Discovery Client pour détecter les changements de configuration distribuée. Possibilité de générer du code source à partir d'un schéma JSON via les plugins de build (Gradle et Maven). Web Node v24.0.0 passe en version Current: https://nodejs.org/en/blog/release/v24.0.0 Mise à jour du moteur V8 vers la version 13.6 : intégration de nouvelles fonctionnalités JavaScript telles que Float16Array, la gestion explicite des ressources (using), RegExp.escape, WebAssembly Memory64 et Error.isError. npm 11 inclus : améliorations en termes de performance, de sécurité et de compatibilité avec les packages JavaScript modernes. Changement de compilateur pour Windows : abandon de MSVC au profit de ClangCL pour la compilation de Node.js sur Windows. AsyncLocalStorage utilise désormais AsyncContextFrame par défaut : offrant une gestion plus efficace du contexte asynchrone. URLPattern disponible globalement : plus besoin d'importer explicitement cette API pour effectuer des correspondances d'URL. Améliorations du modèle de permissions : le flag expérimental --experimental-permission devient --permission, signalant une stabilité accrue de cette fonctionnalité. Améliorations du test runner : les sous-tests sont désormais attendus automatiquement, simplifiant l'écriture des tests et réduisant les erreurs liées aux promesses non gérées. Intégration d'Undici 7 : amélioration des capacités du client HTTP avec de meilleures performances et un support étendu des fonctionnalités HTTP modernes. Dépréciations et suppressions : Dépréciation de url.parse() au profit de l'API WHATWG URL. Suppression de tls.createSecurePair. Dépréciation de SlowBuffer. Dépréciation de l'instanciation de REPL sans new. Dépréciation de l'utilisation des classes Zlib sans new. Dépréciation du passage de args à spawn et execFile dans child_process. Node.js 24 est actuellement la version “Current” et deviendra une version LTS en octobre 2025. Il est recommandé de tester cette version pour évaluer son impact sur vos applications. Data et Intelligence Artificielle Apprendre à coder reste crucial et l'IA est là pour venir en aide : https://kyrylo.org/software/2025/03/27/learn-to-code-ignore-ai-then-use-ai-to-code-even-better.html Apprendre à coder reste essentiel malgré l'IA. L'IA peut assister la programmation. Une solide base est cruciale pour comprendre et contrôler le code. Cela permet d'éviter la dépendance à l'IA. Cela réduit le risque de remplacement par des outils d'IA accessibles à tous. L'IA est un outil, pas un substitut à la maîtrise des fondamentaux. Super article de Anthropic qui essaie de comprendre comment fonctionne la “pensée” des LLMs https://www.anthropic.com/research/tracing-thoughts-language-model Effet boîte noire : Stratégies internes des IA (Claude) opaques aux développeurs et utilisateurs. Objectif : Comprendre le “raisonnement” interne pour vérifier capacités et intentions. Méthode : Inspiration neurosciences, développement d'un “microscope IA” (regarder quels circuits neuronaux s'activent). Technique : Identification de concepts (“features”) et de “circuits” internes. Multilinguisme : Indice d'un “langage de pensée” conceptuel commun à toutes les langues avant de traduire dans une langue particulière. Planification : Capacité à anticiper (ex: rimes en poésie), pas seulement de la génération mot par mot (token par token). Raisonnement non fidèle : Peut fabriquer des arguments plausibles (“bullshitting”) pour une conclusion donnée. Logique multi-étapes : Combine des faits distincts, ne se contente pas de mémoriser. Hallucinations : Refus par défaut ; réponse si “connaissance” active, sinon risque d'hallucination si erreur. “Jailbreaks” : Tension entre cohérence grammaticale (pousse à continuer) et sécurité (devrait refuser). Bilan : Méthodes limitées mais prometteuses pour la transparence et la fiabilité de l'IA. Le “S” dans MCP veut dire Securité (ou pas !) https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b La spécification MCP pour permettre aux LLMs d'avoir accès à divers outils et fonctions a peut-être été adoptée un peu rapidement, alors qu'elle n'était pas encore prête niveau sécurité L'article liste 4 types d'attaques possibles : vulnérabilité d'injection de commandes attaque d'empoisonnement d'outils redéfinition silencieuse de l'outil le shadowing d'outils inter-serveurs Pour l'instant, MCP n'est pas sécurisé : Pas de standard d'authentification Pas de chiffrement de contexte Pas de vérification d'intégrité des outils Basé sur l'article de InvariantLabs https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks Sortie Infinispan 15.2 - pre rolling upgrades 16.0 https://infinispan.org/blog/2025/03/27/infinispan-15-2 Support de Redis JSON + scripts Lua Métriques JVM désactivables Nouvelle console (PatternFly 6) Docs améliorées (métriques + logs) JDK 17 min, support JDK 24 Fin du serveur natif (performances) Guillaume montre comment développer un serveur MCP HTTP Server Sent Events avec l'implémentation de référence Java et LangChain4j https://glaforge.dev/posts/2025/04/04/mcp-client-and-server-with-java-mcp-sdk-and-langchain4j/ Développé en Java, avec l'implémentation de référence qui est aussi à la base de l'implémentation dans Spring Boot (mais indépendant de Spring) Le serveur MCP est exposé sous forme de servlet dans Jetty Le client MCP lui, est développé avec le module MCP de LangChain4j c'est semi independant de Spring dans le sens où c'est dépendant de Reactor et de ses interface. il y a une conversation sur le github d'anthropic pour trouver une solution, mais cela ne parait pas simple. Les fallacies derrière la citation “AI won't replace you, but humans using AI will” https://platforms.substack.com/cp/161356485 La fallacie de l'automatisation vs. l'augmentation : Elle se concentre sur l'amélioration des tâches existantes avec l'IA au lieu de considérer le changement de la valeur de ces tâches dans un nouveau système. La fallacie des gains de productivité : L'augmentation de la productivité ne se traduit pas toujours par plus de valeur pour les travailleurs, car la valeur créée peut être capturée ailleurs dans le système. La fallacie des emplois statiques : Les emplois sont des constructions organisationnelles qui peuvent être redéfinies par l'IA, rendant les rôles traditionnels obsolètes. La fallacie de la compétition “moi vs. quelqu'un utilisant l'IA” : La concurrence évolue lorsque l'IA modifie les contraintes fondamentales d'un secteur, rendant les compétences existantes moins pertinentes. La fallacie de la continuité du flux de travail : L'IA peut entraîner une réimagination complète des flux de travail, éliminant le besoin de certaines compétences. La fallacie des outils neutres : Les outils d'IA ne sont pas neutres et peuvent redistribuer le pouvoir organisationnel en changeant la façon dont les décisions sont prises et exécutées. La fallacie du salaire stable : Le maintien d'un emploi ne garantit pas un salaire stable, car la valeur du travail peut diminuer avec l'augmentation des capacités de l'IA. La fallacie de l'entreprise stable : L'intégration de l'IA nécessite une restructuration de l'entreprise et ne se fait pas dans un vide organisationnel. Comprendre le “sampling” dans les LLMs https://rentry.co/samplers Explique pourquoi les LLMs utilisent des tokens Les différentes méthodes de “sampling” : càd de choix de tokens Les hyperparamètres comme la température, top-p, et leur influence réciproque Les algorithmes de tokenisation comme Byte Pair Encoding et SentencePiece. Un de moins … OpenAI va racheter Windsurf pour 3 milliards de dollars. https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion l'accord n'est pas encore finalisé Windsurf était valorisé à 1,25 milliards l'an dernier et OpenAI a levé 40 milliards dernièrement portant sa valeur à 300 milliards Le but pour OpenAI est de rentrer dans le monde des assistants de code pour lesquels ils sont aujourd'hui absent Docker desktop se met à l'IA… ? Une nouvelle fonctionnalité dans docker desktop 4.4 sur macos: Docker Model Runner https://dev.to/docker/run-genai-models-locally-with-docker-model-runner-5elb Permet de faire tourner des modèles nativement en local ( https://docs.docker.com/model-runner/ ) mais aussi des serveurs MCP ( https://docs.docker.com/ai/mcp-catalog-and-toolkit/ ) Outillage Jetbrains défend la suppression des commentaires négatifs sur son assistant IA https://devclass.com/2025/04/30/jetbrains-defends-removal-of-negative-reviews-for-unpopular-ai-assistant/?td=rt-3a L'IA Assistant de JetBrains, lancée en juillet 2023, a été téléchargée plus de 22 millions de fois mais n'est notée que 2,3 sur 5. Des utilisateurs ont remarqué que certaines critiques négatives étaient supprimées, ce qui a provoqué une réaction négative sur les réseaux sociaux. Un employé de JetBrains a expliqué que les critiques ont été supprimées soit parce qu'elles mentionnaient des problèmes déjà résolus, soit parce qu'elles violaient leur politique concernant les “grossièretés, etc.” L'entreprise a reconnu qu'elle aurait pu mieux gérer la situation, un représentant déclarant : “Supprimer plusieurs critiques d'un coup sans préavis semblait suspect. Nous aurions dû au moins publier un avis et fournir plus de détails aux auteurs.” Parmi les problèmes de l'IA Assistant signalés par les utilisateurs figurent : un support limité pour les fournisseurs de modèles tiers, une latence notable, des ralentissements fréquents, des fonctionnalités principales verrouillées aux services cloud de JetBrains, une expérience utilisateur incohérente et une documentation insuffisante. Une plainte courante est que l'IA Assistant s'installe sans permission. Un utilisateur sur Reddit l'a qualifié de “plugin agaçant qui s'auto-répare/se réinstalle comme un phénix”. JetBrains a récemment introduit un niveau gratuit et un nouvel agent IA appelé Junie, destiné à fonctionner parallèlement à l'IA Assistant, probablement en réponse à la concurrence entre fournisseurs. Mais il est plus char a faire tourner. La société s'est engagée à explorer de nouvelles approches pour traiter les mises à jour majeures différemment et envisage d'implémenter des critiques par version ou de marquer les critiques comme “Résolues” avec des liens vers les problèmes correspondants au lieu de les supprimer. Contrairement à des concurrents comme Microsoft, AWS ou Google, JetBrains commercialise uniquement des outils et services de développement et ne dispose pas d'une activité cloud distincte sur laquelle s'appuyer. Vos images de README et fichiers Markdown compatibles pour le dark mode de GitHub: https://github.blog/developer-skills/github/how-to-make-your-images-in-markdown-on-github-adjust-for-dark-mode-and-light-mode/ Seulement quelques lignes de pure HTML pour le faire Architecture Alors, les DTOs, c'est bien ou c'est pas bien ? https://codeopinion.com/dtos-mapping-the-good-the-bad-and-the-excessive/ Utilité des DTOs : Les DTOs servent à transférer des données entre les différentes couches d'une application, en mappant souvent les données entre différentes représentations (par exemple, entre la base de données et l'interface utilisateur). Surutilisation fréquente : L'article souligne que les DTOs sont souvent utilisés de manière excessive, notamment pour créer des API HTTP qui ne font que refléter les entités de la base de données, manquant ainsi l'opportunité de composer des données plus riches. Vraie valeur : La valeur réelle des DTOs réside dans la gestion du couplage entre les couches et la composition de données provenant de sources multiples en formes optimisées pour des cas d'utilisation spécifiques. Découplage : Il est suggéré d'utiliser les DTOs pour découpler les modèles de données internes des contrats externes (comme les API), ce qui permet une évolution et une gestion des versions indépendantes. Exemple avec CQRS : Dans le cadre de CQRS (Command Query Responsibility Segregation), les réponses aux requêtes (queries) agissent comme des DTOs spécifiquement adaptés aux besoins de l'interface utilisateur, pouvant inclure des données de diverses sources. Protection des données internes : Les DTOs aident à distinguer et protéger les modèles de données internes (privés) des changements externes (publics). Éviter l'excès : L'auteur met en garde contre les couches de mapping excessives (mapper un DTO vers un autre DTO) qui n'apportent pas de valeur ajoutée. Création ciblée : Il est conseillé de ne créer des DTOs que lorsqu'ils résolvent des problèmes concrets, tels que la gestion du couplage ou la facilitation de la composition de données. Méthodologies Même Guillaume se met au “vibe coding” https://glaforge.dev/posts/2025/05/02/vibe-coding-an-mcp-server-with-micronaut-and-gemini/ Selon Andrey Karpathy, c'est le fait de POC-er un proto, une appli jetable du weekend https://x.com/karpathy/status/1886192184808149383 Mais Simon Willison s'insurge que certains confondent coder avec l'assistance de l'IA avec le vibe coding https://simonwillison.net/2025/May/1/not-vibe-coding/ Guillaume c'est ici amusé à développer un serveur MCP avec Micronaut, en utilisant Gemini, l'IA de Google. Contrairement à Quarkus ou Spring Boot, Micronaut n'a pas encore de module ou de support spécifique pour faciliter la création de serveur MCP Sécurité Une faille de sécurité 10/10 sur Tomcat https://www.it-connect.fr/apache-tomcat-cette-faille-activement-exploitee-seulement-30-heures-apres-sa-divulgation-patchez/ Une faille de sécurité critique (CVE-2025-24813) affecte Apache Tomcat, permettant l'exécution de code à distance Cette vulnérabilité est activement exploitée seulement 30 heures après sa divulgation du 10 mars 2025 L'attaque ne nécessite aucune authentification et est particulièrement simple à exécuter Elle utilise une requête PUT avec une charge utile Java sérialisée encodée en base64, suivie d'une requête GET L'encodage en base64 permet de contourner la plupart des filtres de sécurité Les serveurs vulnérables utilisent un stockage de session basé sur des fichiers (configuration répandue) Les versions affectées sont : 11.0.0-M1 à 11.0.2, 10.1.0-M1 à 10.1.34, et 9.0.0.M1 à 9.0.98 Les mises à jour recommandées sont : 11.0.3+, 10.1.35+ et 9.0.99+ Les experts prévoient des attaques plus sophistiquées dans les prochaines phases d'exploitation (upload de config ou jsp) Sécurisation d'un serveur ssh https://ittavern.com/ssh-server-hardening/ un article qui liste les configurations clés pour sécuriser un serveur SSH par exemple, enlever password authentigfication, changer de port, desactiver le login root, forcer le protocol ssh 2, certains que je ne connaissais pas comme MaxStartups qui limite le nombre de connections non authentifiées concurrentes Port knocking est une technique utile mais demande une approche cliente consciente du protocol Oracle admet que les identités IAM de ses clients ont leaké https://www.theregister.com/2025/04/08/oracle_cloud_compromised/ Oracle a confirmé à certains clients que son cloud public a été compromis, alors que l'entreprise avait précédemment nié toute intrusion. Un pirate informatique a revendiqué avoir piraté deux serveurs d'authentification d'Oracle et volé environ six millions d'enregistrements, incluant des clés de sécurité privées, des identifiants chiffrés et des entrées LDAP. La faille exploitée serait la vulnérabilité CVE-2021-35587 dans Oracle Access Manager, qu'Oracle n'avait pas corrigée sur ses propres systèmes. Le pirate a créé un fichier texte début mars sur login.us2.oraclecloud.com contenant son adresse email pour prouver son accès. Selon Oracle, un ancien serveur contenant des données vieilles de huit ans aurait été compromis, mais un client affirme que des données de connexion aussi récentes que 2024 ont été dérobées. Oracle fait face à un procès au Texas concernant cette violation de données. Cette intrusion est distincte d'une autre attaque contre Oracle Health, sur laquelle l'entreprise refuse de commenter. Oracle pourrait faire face à des sanctions sous le RGPD européen qui exige la notification des parties affectées dans les 72 heures suivant la découverte d'une fuite de données. Le comportement d'Oracle consistant à nier puis à admettre discrètement l'intrusion est inhabituel en 2025 et pourrait mener à d'autres actions en justice collectives. Une GitHub action très populaire compromise https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised Compromission de l'action tj-actions/changed-files : En mars 2025, une action GitHub très utilisée (tj-actions/changed-files) a été compromise. Des versions modifiées de l'action ont exposé des secrets CI/CD dans les logs de build. Méthode d'attaque : Un PAT compromis a permis de rediriger plusieurs tags de version vers un commit contenant du code malveillant. Détails du code malveillant : Le code injecté exécutait une fonction Node.js encodée en base64, qui téléchargeait un script Python. Ce script parcourait la mémoire du runner GitHub à la recherche de secrets (tokens, clés…) et les exposait dans les logs. Dans certains cas, les données étaient aussi envoyées via une requête réseau. Période d'exposition : Les versions compromises étaient actives entre le 12 et le 15 mars 2025. Tout dépôt, particulièrement ceux publiques, ayant utilisé l'action pendant cette période doit être considéré comme potentiellement exposé. Détection : L'activité malveillante a été repérée par l'analyse des comportements inhabituels pendant l'exécution des workflows, comme des connexions réseau inattendues. Réaction : GitHub a supprimé l'action compromise, qui a ensuite été nettoyée. Impact potentiel : Tous les secrets apparaissant dans les logs doivent être considérés comme compromis, même dans les dépôts privés, et régénérés sans délai. Loi, société et organisation Les startup the YCombinateur ont les plus fortes croissances de leur histoire https://www.cnbc.com/2025/03/15/y-combinator-startups-are-fastest-growing-in-fund-history-because-of-ai.html Les entreprises en phase de démarrage à Silicon Valley connaissent une croissance significative grâce à l'intelligence artificielle. Le PDG de Y Combinator, Garry Tan, affirme que l'ensemble des startups de la dernière cohorte a connu une croissance hebdomadaire de 10% pendant neuf mois. L'IA permet aux développeurs d'automatiser des tâches répétitives et de générer du code grâce aux grands modèles de langage. Pour environ 25% des startups actuelles de YC, 95% de leur code a été écrit par l'IA. Cette révolution permet aux entreprises de se développer avec moins de personnel - certaines atteignant 10 millions de dollars de revenus avec moins de 10 employés. La mentalité de “croissance à tout prix” a été remplacée par un renouveau d'intérêt pour la rentabilité. Environ 80% des entreprises présentées lors du “demo day” étaient centrées sur l'IA, avec quelques startups en robotique et semi-conducteurs. Y Combinator investit 500 000 dollars dans les startups en échange d'une participation au capital, suivi d'un programme de trois mois. Red Hat middleware (ex-jboss) rejoint IBM https://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html Les activités Middleware de Red Hat (incluant JBoss, Quarkus, etc.) vont être transférées vers IBM, dans l'unité dédiée à la sécurité des données, à l'IAM et aux runtimes. Ce changement découle d'une décision stratégique de Red Hat de se concentrer davantage sur le cloud hybride et l'intelligence artificielle. Mark Little explique que ce transfert était devenu inévitable, Red Hat ayant réduit ses investissements dans le Middleware ces dernières années. L'intégration vise à renforcer l'innovation autour de Java en réunissant les efforts de Red Hat et IBM sur ce sujet. Les produits Middleware resteront open source et les clients continueront à bénéficier du support habituel sans changement. Mark Little affirme que des projets comme Quarkus continueront à être soutenus et que cette évolution est bénéfique pour la communauté Java. Un an de commonhaus https://www.commonhaus.org/activity/253.html un an, démarré sur les communautés qu'ils connaissaient bien maintenant 14 projets et put en accepter plus confiance, gouvernance legère et proteger le futur des projets automatisation de l'administratif, stabiilité sans complexité, les developpeurs au centre du processus de décision ils ont besoins de members et supporters (financiers) ils veulent accueillir des projets au delà de ceux du cercles des Java Champions Spring Cloud Data Flow devient un produit commercial et ne sera plus maintenu en open source https://spring.io/blog/2025/04/21/spring-cloud-data-flow-commercial Peut-être sous l'influence de Broadcom, Spring se met à mettre en mode propriétaire des composants du portefeuille Spring ils disent que peu de gens l'utilisaent en mode OSS et la majorité venait d'un usage dans la plateforme Tanzu Maintenir en open source le coutent du temps qu'ils son't pas sur ces projets. La CNCF protège le projet NATS, dans la fondation depuis 2018, vu que la société Synadia qui y contribue souhaitait reprendre le contrôle du projet https://www.cncf.io/blog/2025/04/24/protecting-nats-and-the-integrity-of-open-source-cncfs-commitment-to-the-community/ CNCF : Protège projets OS, gouvernance neutre. Synadia vs CNCF : Veut retirer NATS, licence non-OS (BUSL). CNCF : Accuse Synadia de “claw back” (reprise illégitime). Revendications Synadia : Domaine nats.io, orga GitHub. Marque NATS : Synadia n'a pas transféré (promesse rompue malgré aide CNCF). Contestation Synadia : Juge règles CNCF “trop vagues”. Vote interne : Mainteneurs Synadia votent sortie CNCF (sans communauté). Support CNCF : Investissement majeur ($ audits, légal), succès communautaire (>700 orgs). Avenir NATS (CNCF) : Maintien sous Apache 2.0, gouvernance ouverte. Actions CNCF : Health check, appel mainteneurs, annulation marque Synadia, rejet demandes. Mais finalement il semble y avoir un bon dénouement : https://www.cncf.io/announcements/2025/05/01/cncf-and-synadia-align-on-securing-the-future-of-the-nats-io-project/ Accord pour l'avenir de NATS.io : La Cloud Native Computing Foundation (CNCF) et Synadia ont conclu un accord pour sécuriser le futur du projet NATS.io. Transfert des marques NATS : Synadia va céder ses deux enregistrements de marque NATS à la Linux Foundation afin de renforcer la gouvernance ouverte du projet. Maintien au sein de la CNCF : L'infrastructure et les actifs du projet NATS resteront sous l'égide de la CNCF, garantissant ainsi sa stabilité à long terme et son développement en open source sous licence Apache-2.0. Reconnaissance et engagement : La Linux Foundation, par la voix de Todd Moore, reconnaît les contributions de Synadia et son soutien continu. Derek Collison, PDG de Synadia, réaffirme l'engagement de son entreprise envers NATS et la collaboration avec la Linux Foundation et la CNCF. Adoption et soutien communautaire : NATS est largement adopté et considéré comme une infrastructure critique. Il bénéficie d'un fort soutien de la communauté pour sa nature open source et l'implication continue de Synadia. Finalement, Redis revient vers une licence open source OSI, avec la AGPL https://foojay.io/today/redis-is-now-available-under-the-agplv3-open-source-license/ Redis passe à la licence open source AGPLv3 pour contrer l'exploitation par les fournisseurs cloud sans contribution. Le passage précédent à la licence SSPL avait nui à la relation avec la communauté open source. Salvatore Sanfilippo (antirez) est revenu chez Redis. Redis 8 adopte la licence AGPL, intègre les fonctionnalités de Redis Stack (JSON, Time Series, etc.) et introduit les “vector sets” (le support de calcul vectoriel développé par Salvatore). Ces changements visent à renforcer Redis en tant que plateforme appréciée des développeurs, conformément à la vision initiale de Salvatore. Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 mai 2025 : GOSIM AI Paris - Paris (France) 7-9 mai 2025 : Devoxx UK - London (UK) 15 mai 2025 : Cloud Toulouse - Toulouse (France) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 22-23 mai 2025 : Flupa UX Days 2025 - Paris (France) 24 mai 2025 : Polycloud - Montpellier (France) 24 mai 2025 : NG Baguette Conf 2025 - Nantes (France) 3 juin 2025 : TechReady - Nantes (France) 5-6 juin 2025 : AlpesCraft - Grenoble (France) 5-6 juin 2025 : Devquest 2025 - Niort (France) 10-11 juin 2025 : Modern Workplace Conference Paris 2025 - Paris (France) 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12 juin 2025 : Positive Design Days - Strasbourg (France) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 19-21 juin 2025 : Drupal Barcamp Perpignan 2025 - Perpignan (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : Devfest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

This podcast interview focuses on the entrepreneurial journey of turning transparency into business advantage. My guest is Zach Wasserman, Cofounder and Tech Evangelist of Fleet.  With over a decade of experience in open source software development, Zach helped create the widely-adopted OSquery project at Facebook in 2014, which has since become an industry standard for device visibility and is now governed by the Linux Foundation. After transitioning through a role at Kolide (later acquired by 1Password), Zach became the maintainer of a project that would eventually evolve into Fleet. Throughout his entrepreneurial journey, Zach discovered that what truly energizes him is "building software that's making someone's life better" - specifically IT administrators and security professionals who manage company devices. This human-centered approach led him to transform a personal passion project into a rapidly growing company that's challenging traditional business models in enterprise software This inspired me to invite Zach to my podcast. We explore how being open source gives Fleet a strategic edge. His approach rejects the common belief that enterprise sales requires complexity and secrecy. We discuss how community building leads to faster adoption and better results than traditional sales tactics. The formula is simple: be transparent, earn trust, and close deals faster. Here's one of his quotes: "The best way to lose a deal is to our own open source product, because those people remain prime prospective customers that we really need to continue to understand and figure out how we are going to build enough new value in that premium product for them to want to pay for it." By listening to this podcast, you will learn: How building on existing open source foundations can give startups immediate credibility with enterprise customers Why passionate early adopters can close deals remarkably easily compared to traditional prospects The entrepreneurial wisdom of identifying and connecting with actual budget holders while still maintaining engineer enthusiasm How customer-driven unexpected use cases can dramatically expand your market vision and product roadmap For more information about the guest from this week:  Guest: Zach Wasserman  Website: fleet.com Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special episode of Mainframe Voices, we explore the excitement surrounding IBM's April 8th announcement of the z17 mainframe through the perspectives of those newer to the mainframe ecosystem. For many of these professionals, this was their first-ever IBM mainframe launch experience.Our guests share what excited them most about the new IBM Telum II processor's AI capabilities, the full-stack approach to innovation, and how these advancements might shape their future careers in the mainframe space. Gain insights into how the next generation of mainframers views these technological developments and the potential impact on their professional journeys.We are delighted to have our guests:Meena Chand - Computer Science Graduate @University of WolverhamptonAleksandr Charcikov - Senior Solutions Advisor @Rocket SoftwareLuisa Barril - Software Engineer @Swedbank Kyle Pressley - Computer Science Student @Bedford CollegeSoner Coşkun - Mainframe Storage Associate System Engineer @Garanti BBVA TechnologyThe Mainframe Connect podcast includes the I am a Mainframer series, Riveting Mainframe Voices series, and other content exploring relevant topics with mainframe professionals, sponsored by the Open Mainframe Project, a Linux Foundation initiative.#IBMz17 #Mainframe #OpenMainframeProject #LinuxFoundation #MainframeConnect #MainframeVoices #IBMzDay #NewMainframers #AIonZ #TelumII

Tim Irnich from SUSE shares his work with Edge computing, focusing on the telecommunications industry. He highlights the importance of standardization and interoperability across the industry, specifically focusing on the widespread adoption of Linux and Kubernetes. Tim also elaborates on Project Sylva, an initiative under the Linux Foundation, aimed at creating a standardized stack for the European telco operators. We also discuss challenges and opportunities presented by the vast array of open source projects within the CNCF landscape and the potential for AI to enhance network efficiency and reliability. The episode provides a comprehensive look into the collaborative efforts and technological advancements shaping the telecom sector. 00:00 Welcome 01:14 Open Source Adoption in the Telco Industry 02:14 Challenges and Standardization in Telco Networks 04:35 Curating Reliable Stacks for Telco 06:11 Project Silva: An Open Source Initiative 18:55 AI in the Telecom Industry 22:11 Conclusion and Final Thoughts   Tim Irnich is the product manager for SUSE Edge for Telco, an open source based horizontal telco cloud solution. He is also a member of the Board of Directors at the LF Europe Sylva Project. Tim has been active in telco related open source communities such as LF Networking, OPNFV, OpenDaylight, OpenStack/OpenInfra for over a decade and held positions on several committees including the LFN TAC, TSC and Board of Directors in OPNFV and OpenDaylight. Before joining SUSE in 2018, Tim worked at Ericsson, where he ran the open source and ecosystem program for Ericsson's cloud business unit and helped found Ericsson's open source development arm that is today known as Ericsson Software Technologies. 

In this special backstage episode of Environment Variables, producer Chris Skipper spotlights the Green AI Committee, an initiative of the Green Software Foundation launched in 2024. Guests Thomas Lewis and Sanjay Podder share the committee's mission to reduce AI's environmental impact through strategic focus on measurement, policy influence, and lifecycle optimization. The episode explores the committee's approach to defining and implementing “green AI,” its contributions to public policy and ISO standards, and collaborative efforts to build tools, best practices, and educational resources that promote sustainable AI development.

KubeCon Europe 2025 in London has wrapped up, and we're bringing you all the highlights, trends, and behind-the-scenes insights straight from the show floor!In this special recap episode, I'm joined by two CNCF Ambassadors and community powerhouses: Kasper Borg Nissen, the Co-Chair of this KubeCon as well as of the KubeCon 2024 editions, and a Developer Relations Engineer at Dash0; and William Rizzo, Consulting Architect at Mirantis and Linkerd Ambassador.Together, we unpack the major themes from the event—from platform engineering and internal developer platforms, to open source observability, and where Kubernetes is headed next. We also chat about the vibe of the community, emerging projects to watch, and important trends in European tech sphere.Whether you missed the conference or want to catch up on important updates you might have missed, this episode gives you a curated take straight from the experts who know the cloud-native space inside out.The episode was live-streamed on 22 April 2025 and the video is available at https://www.youtube.com/watch?v=JyxJOmOEBvQYou can read the recap post: https://medium.com/p/740258a5fa46OpenObservability Talks episodes are released monthly, on the last Thursday of each month and are available for listening on your favorite podcast app and on YouTube.We live-stream the episodes on Twitch and YouTube Live - tune in to see us live, and chime in with your comments and questions on the live chat.⁠⁠https://www.youtube.com/@openobservabilitytalks⁠  https://www.twitch.tv/openobservability⁠Show Notes:00:00 - intro03:28 - KubeCon impressions09:59 - Backstage turns 518:56 - CNCF turns 10 and CNCF annual survey27:22 - Sovereign cloud in Europe and the NeoNephos initiative33:55 - CI/CD use in production increases36:52 - OpenInfra joins the Linux Foundation40:16 - Cloud native local communities, DEI and the BIPOC initiative 51:11 - Observability query standardization SIG updates59:36 - outroResources:CNCF 2024 Annual Survey https://www.cncf.io/reports/cncf-annual-survey-2024/NeoNephos initiative for sovereign EU cloud: https://www.linkedin.com/feed/update/urn:li:share:7313115943075766273/ OpenInfra Foundation and OpenStack join The Linux Foundation: https://www.linkedin.com/feed/update/urn:li:share:7307839934072066048/ Backstage turns 5: https://www.linkedin.com/feed/update/urn:li:activity:7318163557206966272/ Kubernetes 1.33 release: https://www.linkedin.com/feed/update/urn:li:activity:7321054742174924800/Socials:Twitter:⁠ https://twitter.com/OpenObserv⁠YouTube: ⁠https://www.youtube.com/@openobservabilitytalks⁠Dotan Horovits============Twitter: @horovitsLinkedIn: www.linkedin.com/in/horovitsMastodon: @horovits@fosstodonBlueSky: @horovits.bsky.socialKasper Borg Nissen===============Twitter: https://www.twitter.com/phennexLinkedIn: https://www.linkedin.com/in/kaspernissen/BlueSky: https://bsky.app/profile/kaspernissen.xyz⁠William Rizzo===========Twitter: https://twitter.com/WilliamRizzo19LinkedIn: https://www.linkedin.com/in/william-rizzo/BlueSky: https://bsky.app/profile/williamrizzo.bsky.social

Join Grizz Griswold and Rob Moffat from FINOS as they discuss the latest updates in FDC3, a versatile interoperability standard originally designed for financial services but applicable universally. Learn about the evolution of FDC3 version 2.2, the newly released SAIL 2.0 tool, and the upcoming Open Source in Finance Forum in London. Discover the significance of open standards, vendor collaboration, and identity security in the realm of financial technology. Whether you are a developer or a finance professional, this episode offers valuable insights into the ever-evolving landscape of open source in finance.FDC3: https://fdc3.finos.org/00:00 Rob Moffat - Exploring FDC3: Enhancing Interoperability in Finance03:43 Introduction and Greetings03:54 Kubecon and Catching Up04:14 FDC3 Updates Overview05:39 What is FDC3?07:21 FDC3 2.2 and Web Integration10:27 Vendor Conformance and Open Standards13:37 Expanding FDC3 Beyond Finance17:36 Introducing Sail 2.020:09 Upcoming Demos and Events22:29 FDC3 Security and Future Plans28:35 Hackathons and Community Growth33:40 FDC3 Conformance Program37:19 Final Thoughts and ReflectionsFDC3: https://fdc3.finos.org FDC3 Repo: https://github.com/finos/FDC3 FDC3 Sail Sandbox: https://www.finos.org/en/project-sandbox FDC3 Training: https://fdc3.finos.org/trainingFDC3 App Directory: https://directory.fdc3.finos.org/FDC3 Conformance: https://fdc3.finos.org/docs/api/conformance/Conformance-Overview Rob Moffat: https://www.linkedin.com/in/robmoffat Grizz Griswold: https://www.linkedin.com/in/aarongriswold Find more info about FINOS:On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newslette rLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

Cloud native patterns and open source developments were on display at the KubeCon + CloudNativeCon Europe conference. The biannual gathering was showing how the container ecosystem continues to mature and analysts Jean Atelsek and William Fellows join host Eric Hanselman to explore their insights. The Cloud Native Computing Foundation (CNCF), part of the Linux Foundation, continues to expand the event and advance the maturity of the open source projects that are part of its purview. Day 2 operations have been gaining focus and the pre-conference FinOps X event was an indication of the emphasis on operational controls as it digs into infrastructure cost management. The opening “Day 0” events at KubeCon, which have been the forum for specialized project meetings, have become a key part of the conference, with over 6,000 attendees, almost half of the reported 13,000 total.  The Kubernetes container management project is now over ten years old and one of the other signs of technology evolution was the integration of the OpenInfra Foundation, which managed the OpenStack project and other infrastructure elements, into the Linux Foundation. Open source projects are gaining wider adoption and one of the messages from projects and vendors at KubeCon, was the hope that it could offer alternatives to enterprise infrastructure stalwart, VMware. The CNCF is expanding its investments in improving security across the projects under its umbrella. There was also continued development of platform engineering initiatives. Bounding the expanding world of open source projects to create consistent development and operational tool chains for enterprise is one more sign of maturity in the container world. More S&P Global Content: AWS, Microsoft Azure and Google Cloud enter the FinOps vortex For S&P Global subscribers: Kubernetes meets the AI moment in Europe with technology, security, investment Data management, GenAI, hybrid cloud are top Kubernetes workloads – Highlights from VotE: DevOps Kubernetes ecosystem tackles new technical and market challenges Kubernetes, serverless adoption evolve with cloud-native maturity – Highlights from VotE: DevOps Credits: Host/Author: Eric Hanselman Guests: Jean Atelsek, William Fellows Producer/Editor: Adam Kovalsky Published With Assistance From: Sophie Carr, Feranmi Adeoshun, Kyra Smith

In this episode of Alexa's Input (AI), I'm joined by Max Körbächer, Managing Director & Founder of Liquid Reply and author of Platform Engineering for Architects. We cover the real-world challenges of platform engineering, from treating platforms as products to cloud migrations and AI integration. Max also shares insights on the Linux Foundation's open source efforts, the push for environmental sustainability in tech, how workplace dynamics are evolving with the next generation of engineers, and much more!You can now watch on YouTube! Find more from this podcast at https://creators.spotify.com/pod/profile/alexagriffith/Links: LinkedIn: https://www.linkedin.com/in/maxkoerbaecher/Company: https://liquidreply.net/en/Book: https://www.amazon.de/dp/1836203594/ref=cm_sw_r_cp_ud_dp_8ZJWYNK7C2CW0KHX8C5M?skipTwisterOG=1You can support this podcast on the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠creators page⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠. Make sure to subscribe and follow ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Alexa's Input Twitter account⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ to get notified when a new podcast episode comes out.

Hey everyone, Alex here

We want to hear from you! Email us at BCGInHerEllement@bcg.com with a voice memo describing your In Your Ellement moment. We might feature your story in an upcoming episode!***Could open source be the key to building trustworthy AI?Nithya is Director of Amazon's Open Source Program Office and also Chair of the Linux Foundation. With more than 30 years of experience in enterprise software, she's helped shape how businesses approach open source across the tech industry.In this episode, we talk about the growing importance of open source in AI development, what motivates companies like Amazon to open source their tools, and how these decisions impact innovation. Nithya also shares a personal story about the role of CEO of the family—and what that taught her about leadership.[01:26] The Evolution of Open Source[03:52] Amazon's Commitment to Open Source[09:04] Open Source, Trust, and AI[13:05] The Role of Dads[18:49] CEO of the Family[25:13] ReflectionsLinks:Nithya Ruff on LinkedInSuchi Srinivasan on LinkedInKamila Rakhimova on LinkedInAbout In Her Ellement: In Her Ellement highlights the women and allies leading the charge in digital, business, and technology innovation. Through engaging conversations, the podcast explores their journeys—celebrating successes and acknowledging the balance between work and family. Most importantly, it asks: when was the moment you realized you hadn't just arrived—you were truly in your element?About The Hosts:Suchi Srinivasan is an expert in AI and digital transformation. Originally from India, her career includes roles at trailblazing organizations like Bell Labs and Microsoft. In 2011, she co-founded the Cleanweb Hackathon, a global initiative driving IT-powered climate solutions with over 10,000 members across 25+ countries. She also advises Women in Cloud, aiming to create $1B in economic opportunities for women entrepreneurs by 2030.Kamila Rakhimova is a fintech leader whose journey took her from Tajikistan to the U.S., where she built a career on her own terms. Leveraging her English proficiency and international relations expertise, she discovered the power of microfinance and moved to the U.S., eventually leading Amazon's Alexa Fund to support underrepresented founders.Subscribe to In Her Ellement on your podcast app of choice to hear meaningful conversations with women in digital, business, and technology.

An airhacks.fm conversation with Richard Bair (@RichardBair) about: discussion about Hedera public ledger and its underlying technology, explanation of Hashgraph algorithm for consensus and transaction ordering, comparison to other blockchain technologies like Bitcoin and ethereum, Hedera's democratic approach to block production versus leader-based systems, the Linux Foundation project called Hiero where Hedera's code is being moved, explanation of how nodes gossip transactions and come to consensus, the role of the Hedera Governing Council including companies like Dell and IBM, discussion of HBAR as the native token and fee system, comparison of Hedera's fixed dollar-denominated fees versus fluctuating fees in other blockchains, explanation of staking mechanism and how it creates a representative democracy for node selection, technical details about Hedera's Java implementation using Java 21 and modern language features, use of ZGC garbage collector with 200GB heap on consensus nodes, deployment on Linux using docker, discussion of Java modules and challenges with libraries like Netty, custom Protobuf to Java compiler called PBJ for performance optimization, consideration of replacing Netty with Helidon for better virtual thread support, discussion of supply chain security concerns and minimizing dependencies, custom logging implementation to avoid bloated frameworks like Log4j, importance of deterministic code execution across all nodes, challenges of distributed systems where iteration order must be consistent, explanation of node synchronization mechanisms when nodes fall behind, comparison to serverless cloud pricing models, discussion of vertical versus horizontal scaling in blockchain systems Richard Bair on twitter: @RichardBair

OpenSearch has evolved significantly since its 2021 launch, recently reaching a major milestone with its move to the Linux Foundation. This shift from company-led to foundation-based governance has accelerated community contributions and enterprise adoption, as discussed by NetApp's Amanda Katona in a New Stack Makers episode recorded at KubeCon + CloudNativeCon Europe. NetApp, an early adopter of OpenSearch following Elasticsearch's licensing change, now offers managed services on the platform and contributes actively to its development.Katona emphasized how neutral governance under the Linux Foundation has lowered barriers to enterprise contribution, noting a 56% increase in downloads since the transition and growing interest from developers. OpenSearch 3.0, featuring a Lucene 10 upgrade, promises faster search capabilities—especially relevant as data volumes surge. NetApp's ongoing investments include work on machine learning plugins and developer training resources.Katona sees the Linux Foundation's involvement as key to OpenSearch's long-term success, offering vendor-neutral governance and reassuring users seeking openness, performance, and scalability in data search and analytics.Learn more from The New Stack about OpenSearch: Report: OpenSearch Bests ElasticSearch at Vector ModelingAWS Transfers OpenSearch to the Linux Foundation OpenSearch: How the Project Went From Fork to FoundationJoin our community of newsletter subscribers to stay on top of the news and at the top of your game. 

Brandon Liu is an open source developer and creator of the Protomaps basemap project. We talk about how static maps help developers build sites that last, the PMTiles file format, the role of OpenStreetMap, and his experience funding and running an open source project full time. Protomaps Protomaps PMTiles (File format used by Protomaps) Self-hosted slippy maps, for novices (like me) Why Deploy Protomaps on a CDN User examples Flickr Pinball Map Toilet Map Related projects OpenStreetMap (Dataset protomaps is based on) Mapzen (Former company that released details on what to display based on zoom levels) Mapbox GL JS (Mapbox developed source available map rendering library) MapLibre GL JS (Open source fork of Mapbox GL JS) Other links HTTP range requests (MDN) Hilbert curve Transcript You can help correct transcripts on GitHub. Intro [00:00:00] Jeremy: I'm talking to Brandon Liu. He's the creator of Protomaps, which is a way to easily create and host your own maps. Let's get into it. [00:00:09] Brandon: Hey, so thanks for having me on the podcast. So I'm Brandon. I work on an open source project called Protomaps. What it really is, is if you're a front end developer and you ever wanted to put maps on a website or on a mobile app, then Protomaps is sort of an open source solution for doing that that I hope is something that's way easier to use than, um, a lot of other open source projects. Why not just use Google Maps? [00:00:36] Jeremy: A lot of people are gonna be familiar with Google Maps. Why should they worry about whether something's open source? Why shouldn't they just go and use the Google maps API? [00:00:47] Brandon: So Google Maps is like an awesome thing it's an awesome product. Probably one of the best tech products ever right? And just to have a map that tells you what restaurants are open and something that I use like all the time especially like when you're traveling it has all that data. And the most amazing part is that it's free for consumers but it's not necessarily free for developers. Like if you wanted to embed that map onto your website or app, that usually has an API cost which still has a free tier and is affordable. But one motivation, one basic reason to use open source is if you have some project that doesn't really fit into that pricing model. You know like where you have to pay the cost of Google Maps, you have a side project, a nonprofit, that's one reason. But there's lots of other reasons related to flexibility or customization where you might want to use open source instead. Protomaps examples [00:01:49] Jeremy: Can you give some examples where people have used Protomaps and where that made sense for them? [00:01:56] Brandon: I follow a lot of the use cases and I also don't know about a lot of them because I don't have an API where I can track a hundred percent of the users. Some of them use the hosted version, but I would say most of them probably use it on their own infrastructure. One of the cool projects I've been seeing is called Toilet Map. And what toilet map is if you're in the UK and you want find a public restroom then it maps out, sort of crowdsourced all of the public restrooms. And that's important for like a lot of people if they have health issues, they need to find that information. And just a lot of different projects in the same vein. There's another one called Pinball Map which is sort of a hobby project to find all the pinball machines in the world. And they wanted to have a customized map that fit in with their theme of pinball. So these sorts of really cool indie projects are the ones I'm most excited about. Basemaps vs Overlays [00:02:57] Jeremy: And if we talk about, like the pinball map as an example, there's this concept of a basemap and then there's the things that you lay on top of it. What is a basemap and then is the pinball locations is that part of it or is that something separate? [00:03:12] Brandon: It's usually something separate. The example I usually use is if you go to a real estate site, like Zillow, you'll open up the map of Seattle and it has a bunch of pins showing all the houses, and then it has some information beneath it. That information beneath it is like labels telling, this neighborhood is Capitol Hill, or there is a park here. But all that information is common to a lot of use cases and it's not specific to real estate. So I think usually that's the distinction people use in the industry between like a base map versus your overlay. The overlay is like the data for your product or your company while the base map is something you could get from Google or from Protomaps or from Apple or from Mapbox that kind of thing. PMTiles for hosting the basemap and overlays [00:03:58] Jeremy: And so Protomaps in particular is responsible for the base map, and that information includes things like the streets and the locations of landmarks and things like that. Where is all that information coming from? [00:04:12] Brandon: So the base map information comes from a project called OpenStreetMap. And I would also, point out that for Protomaps as sort of an ecosystem. You can also put your overlay data into a format called PMTiles, which is sort of the core of what Protomaps is. So it can really do both. It can transform your data into the PMTiles format which you can host and you can also host the base map. So you kind of have both of those sides of the product in one solution. [00:04:43] Jeremy: And so when you say you have both are you saying that the PMTiles file can have, the base map in one file and then you would have the data you're laying on top in another file? Or what are you describing there? [00:04:57] Brandon: That's usually how I recommend to do it. Oftentimes there'll be sort of like, a really big basemap 'cause it has all of that data about like where the rivers are. Or while, if you want to put your map of toilets or park benches or pickleball courts on top, that's another file. But those are all just like assets you can move around like JSON or CSV files. Statically Hosted [00:05:19] Jeremy: And I think one of the things you mentioned was that your goal was to make Protomaps or the, the use of these PMTiles files easy to use. What does that look like for, for a developer? I wanna host a map. What do I actually need to, to put on my servers? [00:05:38] Brandon: So my usual pitch is that basically if you know how to use S3 or cloud storage, that you know how to deploy a map. And that, I think is the main sort of differentiation from most open source projects. Like a lot of them, they call themselves like, like some sort of self-hosted solution. But I've actually avoided using the term self-hosted because I think in most cases that implies a lot of complexity. Like you have to log into a Linux server or you have to use Kubernetes or some sort of Docker thing. What I really want to emphasize is the idea that, for Protomaps, it's self-hosted in the same way like CSS is self-hosted. So you don't really need a service from Amazon to host the JSON files or CSV files. It's really just a static file. [00:06:32] Jeremy: When you say static file that means you could use any static web host to host your HTML file, your JavaScript that actually renders the map. And then you have your PMTiles files, and you're not running a process or anything, you're just putting your files on a static file host. [00:06:50] Brandon: Right. So I think if you're a developer, you can also argue like a static file server is a server. It's you know, it's the cloud, it's just someone else's computer. It's really just nginx under the hood. But I think static storage is sort of special. If you look at things like static site generators, like Jekyll or Hugo, they're really popular because they're a commodity or like the storage is a commodity. And you can take your blog, make it a Jekyll blog, hosted on S3. One day, Amazon's like, we're charging three times as much so you can move it to a different cloud provider. And that's all vendor neutral. So I think that's really the special thing about static storage as a primitive on the web. Why running servers is a problem for resilience [00:07:36] Jeremy: Was there a prior experience you had? Like you've worked with maps for a very long time. Were there particular difficulties you had where you said I just gotta have something that can be statically hosted? [00:07:50] Brandon: That's sort of exactly why I got into this. I've been working sort of in and around the map space for over a decade, and Protomaps is really like me trying to solve the same problem I've had over and over again in the past, just like once and forever right? Because like once this problem is solved, like I don't need to deal with it again in the future. So I've worked at a couple of different companies before, mostly as a contractor, for like a humanitarian nonprofit for a design company doing things like, web applications to visualize climate change. Or for even like museums, like digital signage for museums. And oftentimes they had some sort of data visualization component, but always sort of the challenge of how to like, store and also distribute like that data was something that there wasn't really great open source solutions. So just for map data, that's really what motivated that design for Protomaps. [00:08:55] Jeremy: And in those, those projects in the past, were those things where you had to run your own server, run your own database, things like that? [00:09:04] Brandon: Yeah. And oftentimes we did, we would spin up an EC2 instance, for maybe one client and then we would have to host this server serving map data forever. Maybe the client goes away, or I guess it's good for business if you can sign some sort of like long-term support for that client saying, Hey, you know, like we're done with a project, but you can pay us to maintain the EC2 server for the next 10 years. And that's attractive. but it's also sort of a pain, because usually what happens is if people are given the choice, like a developer between like either I can manage the server on EC2 or on Rackspace or Hetzner or whatever, or I can go pay a SaaS to do it. In most cases, businesses will choose to pay the SaaS. So that's really like what creates a sort of lock-in is this preference for like, so I have this choice between like running the server or paying the SaaS. Like businesses will almost always go and pay the SaaS. [00:10:05] Jeremy: Yeah. And in this case, you either find some kind of free hosting or low-cost hosting just to host your files and you upload the files and then you're good from there. You don't need to maintain anything. [00:10:18] Brandon: Exactly, and that's really the ideal use case. so I have some users these, climate science consulting agencies, and then they might have like a one-off project where they have to generate the data once, but instead of having to maintain this server for the lifetime of that project, they just have a file on S3 and like, who cares? If that costs a couple dollars a month to run, that's fine, but it's not like S3 is gonna be deprecated, like it's gonna be on an insecure version of Ubuntu or something. So that's really the ideal, set of constraints for using Protomaps. [00:10:58] Jeremy: Yeah. Something this also makes me think about is, is like the resilience of sites like remaining online, because I, interviewed, Kyle Drake, he runs Neocities, which is like a modern version of GeoCities. And if I remember correctly, he was mentioning how a lot of old websites from that time, if they were running a server backend, like they were running PHP or something like that, if you were to try to go to those sites, now they're like pretty much all dead because there needed to be someone dedicated to running a Linux server, making sure things were patched and so on and so forth. But for static sites, like the ones that used to be hosted on GeoCities, you can go to the internet archive or other websites and they were just files, right? You can bring 'em right back up, and if anybody just puts 'em on a web server, then you're good. They're still alive. Case study of news room preferring static hosting [00:11:53] Brandon: Yeah, exactly. One place that's kind of surprising but makes sense where this comes up, is for newspapers actually. Some of the users using Protomaps are the Washington Post. And the reason they use it, is not necessarily because they don't want to pay for a SaaS like Google, but because if they make an interactive story, they have to guarantee that it still works in a couple of years. And that's like a policy decision from like the editorial board, which is like, so you can't write an article if people can't view it in five years. But if your like interactive data story is reliant on a third party, API and that third party API becomes deprecated, or it changes the pricing or it, you know, it gets acquired, then your journalism story is not gonna work anymore. So I have seen really good uptake among local news rooms and even big ones to use things like Protomaps just because it makes sense for the requirements. Working on Protomaps as an open source project for five years [00:12:49] Jeremy: How long have you been working on Protomaps and the parts that it's made up of such as PMTiles? [00:12:58] Brandon: I've been working on it for about five years, maybe a little more than that. It's sort of my pandemic era project. But the PMTiles part, which is really the heart of it only came in about halfway. Why not make a SaaS? [00:13:13] Brandon: So honestly, like when I first started it, I thought it was gonna be another SaaS and then I looked at it and looked at what the environment was around it. And I'm like, uh, so I don't really think I wanna do that. [00:13:24] Jeremy: When, when you say you looked at the environment around it what do you mean? Why did you decide not to make it a SaaS? [00:13:31] Brandon: Because there already is a lot of SaaS out there. And I think the opportunity of making something that is unique in terms of those use cases, like I mentioned like newsrooms, was clear. Like it was clear that there was some other solution, that could be built that would fit these needs better while if it was a SaaS, there are plenty of those out there. And I don't necessarily think that they're well differentiated. A lot of them all use OpenStreetMap data. And it seems like they mainly compete on price. It's like who can build the best three column pricing model. And then once you do that, you need to build like billing and metrics and authentication and like those problems don't really interest me. So I think, although I acknowledge sort of the indie hacker ethos now is to build a SaaS product with a monthly subscription, that's something I very much chose not to do, even though it is for sure like the best way to build a business. [00:14:29] Jeremy: Yeah, I mean, I think a lot of people can appreciate that perspective because it's, it's almost like we have SaaS overload, right? Where you have so many little bills for your project where you're like, another $5 a month, another $10 a month, or if you're a business, right? Those, you add a bunch of zeros and at some point it's just how many of these are we gonna stack on here? [00:14:53] Brandon: Yeah. And honestly. So I really think like as programmers, we're not really like great at choosing how to spend money like a $10 SaaS. That's like nothing. You know? So I can go to Starbucks and I can buy a pumpkin spice latte, and that's like $10 basically now, right? And it's like I'm able to make that consumer choice in like an instant just to spend money on that. But then if you're like, oh, like spend $10 on a SaaS that somebody put a lot of work into, then you're like, oh, that's too expensive. I could just do it myself. So I'm someone that also subscribes to a lot of SaaS products. and I think for a lot of things it's a great fit. Many open source SaaS projects are not easy to self host [00:15:37] Brandon: But there's always this tension between an open source project that you might be able to run yourself and a SaaS. And I think a lot of projects are at different parts of the spectrum. But for Protomaps, it's very much like I'm trying to move maps to being it is something that is so easy to run yourself that anyone can do it. [00:16:00] Jeremy: Yeah, and I think you can really see it with, there's a few SaaS projects that are successful and they're open source, but then you go to look at the self-hosting instructions and it's either really difficult to find and you find it, and then the instructions maybe don't work, or it's really complicated. So I think doing the opposite with Protomaps. As a user, I'm sure we're all appreciative, but I wonder in terms of trying to make money, if that's difficult. [00:16:30] Brandon: No, for sure. It is not like a good way to make money because I think like the ideal situation for an open source project that is open that wants to make money is the product itself is fundamentally complicated to where people are scared to run it themselves. Like a good example I can think of is like Supabase. Supabase is sort of like a platform as a service based on Postgres. And if you wanted to run it yourself, well you need to run Postgres and you need to handle backups and authentication and logging, and that stuff all needs to work and be production ready. So I think a lot of people, like they don't trust themselves to run database backups correctly. 'cause if you get it wrong once, then you're kind of screwed. So I think that fundamental aspect of the product, like a database is something that is very, very ripe for being a SaaS while still being open source because it's fundamentally hard to run. Another one I can think of is like tailscale, which is, like a VPN that works end to end. That's something where, you know, it has this networking complexity where a lot of developers don't wanna deal with that. So they'd happily pay, for tailscale as a service. There is a lot of products or open source projects that eventually end up just changing to becoming like a hosted service. Businesses going from open source to closed or restricted licenses [00:17:58] Brandon: But then in that situation why would they keep it open source, right? Like, if it's easy to run yourself well, doesn't that sort of cannibalize their business model? And I think that's really the tension overall in these open source companies. So you saw it happen to things like Elasticsearch to things like Terraform where they eventually change the license to one that makes it difficult for other companies to compete with them. [00:18:23] Jeremy: Yeah, I mean there's been a number of cases like that. I mean, specifically within the mapping community, one I can think of was Mapbox's. They have Mapbox gl. Which was a JavaScript client to visualize maps and they moved from, I forget which license they picked, but they moved to a much more restrictive license. I wonder what your thoughts are on something that releases as open source, but then becomes something maybe a little more muddy. [00:18:55] Brandon: Yeah, I think it totally makes sense because if you look at their business and their funding, it seems like for Mapbox, I haven't used it in a while, but my understanding is like a lot of their business now is car companies and doing in dash navigation. And that is probably way better of a business than trying to serve like people making maps of toilets. And I think sort of the beauty of it is that, so Mapbox, the story is they had a JavaScript renderer called Mapbox GL JS. And they changed that to a source available license a couple years ago. And there's a fork of it that I'm sort of involved in called MapLibre GL. But I think the cool part is Mapbox paid employees for years, probably millions of dollars in total to work on this thing and just gave it away for free. Right? So everyone can benefit from that work they did. It's not like that code went away, like once they changed the license. Well, the old version has been forked. It's going its own way now. It's quite different than the new version of Mapbox, but I think it's extremely generous that they're able to pay people for years, you know, like a competitive salary and just give that away. [00:20:10] Jeremy: Yeah, so we should maybe look at it as, it was a gift while it was open source, and they've given it to the community and they're on continuing on their own path, but at least the community running Map Libre, they can run with it, right? It's not like it just disappeared. [00:20:29] Brandon: Yeah, exactly. And that is something that I use for Protomaps quite extensively. Like it's the primary way of showing maps on the web and I've been trying to like work on some enhancements to it to have like better internationalization for if you are in like South Asia like not show languages correctly. So I think it is being taken in a new direction. And I think like sort of the combination of Protomaps and MapLibre, it addresses a lot of use cases, like I mentioned earlier with like these like hobby projects, indie projects that are almost certainly not interesting to someone like Mapbox or Google as a business. But I'm happy to support as a small business myself. Financially supporting open source work (GitHub sponsors, closed source, contracts) [00:21:12] Jeremy: In my previous interview with Tom, one of the main things he mentioned was that creating a mapping business is incredibly difficult, and he said he probably wouldn't do it again. So in your case, you're building Protomaps, which you've admitted is easy to self-host. So there's not a whole lot of incentive for people to pay you. How is that working out for you? How are you supporting yourself? [00:21:40] Brandon: There's a couple of strategies that I've tried and oftentimes failed at. Just to go down the list, so I do have GitHub sponsors so I do have a hosted version of Protomaps you can use if you don't want to bother copying a big file around. But the way I do the billing for that is through GitHub sponsors. If you wanted to use this thing I provide, then just be a sponsor. And that definitely pays for itself, like the cost of running it. And that's great. GitHub sponsors is so easy to set up. It just removes you having to deal with Stripe or something. 'cause a lot of people, their credit card information is already in GitHub. GitHub sponsors I think is awesome if you want to like cover costs for a project. But I think very few people are able to make that work. A thing that's like a salary job level. It's sort of like Twitch streaming, you know, there's a handful of people that are full-time streamers and then you look down the list on Twitch and it's like a lot of people that have like 10 viewers. But some of the other things I've tried, I actually started out, publishing the base map as a closed source thing, where I would sell sort of like a data package instead of being a SaaS, I'd be like, here's a one-time download, of the premium data and you can buy it. And quite a few people bought it I just priced it at like $500 for this thing. And I thought that was an interesting experiment. The main reason it's interesting is because the people that it attracts to you in terms of like, they're curious about your products, are all people willing to pay money. While if you start out everything being open source, then the people that are gonna be try to do it are only the people that want to get something for free. So what I discovered is actually like once you transition that thing from closed source to open source, a lot of the people that used to pay you money will still keep paying you money because like, it wasn't necessarily that that closed source thing was why they wanted to pay. They just valued that thought you've put into it your expertise, for example. So I think that is one thing, that I tried at the beginning was just start out, closed source proprietary, then make it open source. That's interesting to people. Like if you release something as open source, if you go the other way, like people are really mad if you start out with something open source and then later on you're like, oh, it's some other license. Then people are like that's so rotten. But I think doing it the other way, I think is quite valuable in terms of being able to find an audience. [00:24:29] Jeremy: And when you said it was closed source and paid to open source, do you still sell those map exports? [00:24:39] Brandon: I don't right now. It's something that I might do in the future, you know, like have small customizations of the data that are available, uh, for a fee. still like the core OpenStreetMap based map that's like a hundred gigs you can just download. And that'll always just be like a free download just because that's already out there. All the source code to build it is open source. So even if I said, oh, you have to pay for it, then someone else can just do it right? So there's no real reason like to make that like some sort of like paywall thing. But I think like overall if the project is gonna survive in the long term it's important that I'd ideally like to be able to like grow like a team like have a small group of people that can dedicate the time to growing the project in the long term. But I'm still like trying to figure that out right now. [00:25:34] Jeremy: And when you mentioned that when you went from closed to open and people were still paying you, you don't sell a product anymore. What were they paying for? [00:25:45] Brandon: So I have some contracts with companies basically, like if they need a feature or they need a customization in this way then I am very open to those. And I sort of set it up to make it clear from the beginning that this is not just a free thing on GitHub, this is something that you could pay for if you need help with it, if you need support, if you wanted it. I'm also a little cagey about the word support because I think like it sounds a little bit too wishy-washy. Pretty much like if you need access to the developers of an open source project, I think that's something that businesses are willing to pay for. And I think like making that clear to potential users is a challenge. But I think that is one way that you might be able to make like a living out of open source. [00:26:35] Jeremy: And I think you said you'd been working on it for about five years. Has that mostly been full time? [00:26:42] Brandon: It's been on and off. it's sort of my pandemic era project. But I've spent a lot of time, most of my time working on the open source project at this point. So I have done some things that were more just like I'm doing a customization or like a private deployment for some client. But that's been a minority of the time. Yeah. [00:27:03] Jeremy: It's still impressive to have an open source project that is easy to self-host and yet is still able to support you working on it full time. I think a lot of people might make the assumption that there's nothing to sell if something is, is easy to use. But this sort of sounds like a counterpoint to that. [00:27:25] Brandon: I think I'd like it to be. So when you come back to the point of like, it being easy to self-host. Well, so again, like I think about it as like a primitive of the web. Like for example, if you wanted to start a business today as like hosted CSS files, you know, like where you upload your CSS and then you get developers to pay you a monthly subscription for how many times they fetched a CSS file. Well, I think most developers would be like, that's stupid because it's just an open specification, you just upload a static file. And really my goal is to make Protomaps the same way where it's obvious that there's not really some sort of lock-in or some sort of secret sauce in the server that does this thing. How PMTiles works and building a primitive of the web [00:28:16] Brandon: If you look at video for example, like a lot of the tech for how Protomaps and PMTiles works is based on parts of the HTTP spec that were made for video. And 20 years ago, if you wanted to host a video on the web, you had to have like a real player license or flash. So you had to go license some server software from real media or from macromedia so you could stream video to a browser plugin. But now in HTML you can just embed a video file. And no one's like, oh well I need to go pay for my video serving license. I mean, there is such a thing, like YouTube doesn't really use that for DRM reasons, but people just have the assumption that video is like a primitive on the web. So if we're able to make maps sort of that same way like a primitive on the web then there isn't really some obvious business or licensing model behind how that works. Just because it's a thing and it helps a lot of people do their jobs and people are happy using it. So why bother? [00:29:26] Jeremy: You mentioned that it a tech that was used for streaming video. What tech specifically is it? [00:29:34] Brandon: So it is byte range serving. So when you open a video file on the web, So let's say it's like a 100 megabyte video. You don't have to download the entire video before it starts playing. It streams parts out of the file based on like what frames... I mean, it's based on the frames in the video. So it can start streaming immediately because it's organized in a way to where the first few frames are at the beginning. And what PMTiles really is, is it's just like a video but in space instead of time. So it's organized in a way where these zoomed out views are at the beginning and the most zoomed in views are at the end. So when you're like panning or zooming in the map all you're really doing is fetching byte ranges out of that file the same way as a video. But it's organized in, this tiled way on a space filling curve. IIt's a little bit complicated how it works internally and I think it's kind of cool but that's sort of an like an implementation detail. [00:30:35] Jeremy: And to the person deploying it, it just looks like a single file. [00:30:40] Brandon: Exactly in the same way like an mp3 audio file is or like a JSON file is. [00:30:47] Jeremy: So with a video, I can sort of see how as someone seeks through the video, they start at the beginning and then they go to the middle if they wanna see the middle. For a map, as somebody scrolls around the map, are you seeking all over the file or is the way it's structured have a little less chaos? [00:31:09] Brandon: It's structured. And that's kind of the main technical challenge behind building PMTiles is you have to be sort of clever so you're not spraying the reads everywhere. So it uses something called a hilbert curve, which is a mathematical concept of a space filling curve. Where it's one continuous curve that essentially lets you break 2D space into 1D space. So if you've seen some maps of IP space, it uses this crazy looking curve that hits all the points in one continuous line. And that's the same concept behind PMTiles is if you're looking at one part of the world, you're sort of guaranteed that all of those parts you're looking at are quite close to each other and the data you have to transfer is quite minimal, compared to if you just had it at random. [00:32:02] Jeremy: How big do the files get? If I have a PMTiles of the entire world, what kind of size am I looking at? [00:32:10] Brandon: Right now, the default one I distribute is 128 gigabytes, so it's quite sizable, although you can slice parts out of it remotely. So if you just wanted. if you just wanted California or just wanted LA or just wanted only a couple of zoom levels, like from zero to 10 instead of zero to 15, there is a command line tool that's also called PMTiles that lets you do that. Issues with CDNs and range queries [00:32:35] Jeremy: And when you're working with files of this size, I mean, let's say I am working with a CDN in front of my application. I'm not typically accustomed to hosting something that's that large and something that's where you're seeking all over the file. is that, ever an issue or is that something that's just taken care of by the browser and, and taken care of by, by the hosts? [00:32:58] Brandon: That is an issue actually, so a lot of CDNs don't deal with it correctly. And my recommendation is there is a kind of proxy server or like a serverless proxy thing that I wrote. That runs on like cloudflare workers or on Docker that lets you proxy those range requests into a normal URL and then that is like a hundred percent CDN compatible. So I would say like a lot of the big commercial installations of this thing, they use that because it makes more practical sense. It's also faster. But the idea is that this solution sort of scales up and scales down. If you wanted to host just your city in like a 10 megabyte file, well you can just put that into GitHub pages and you don't have to worry about it. If you want to have a global map for your website that serves a ton of traffic then you probably want a little bit more sophisticated of a solution. It still does not require you to run a Linux server, but it might require (you) to use like Lambda or Lambda in conjunction with like a CDN. [00:34:09] Jeremy: Yeah. And that sort of ties into what you were saying at the beginning where if you can host on something like CloudFlare Workers or Lambda, there's less time you have to spend keeping these things running. [00:34:26] Brandon: Yeah, exactly. and I think also the Lambda or CloudFlare workers solution is not perfect. It's not as perfect as S3 or as just static files, but in my experience, it still is better at building something that lasts on the time span of years than being like I have a server that is on this Ubuntu version and in four years there's all these like security patches that are not being applied. So it's still sort of serverless, although not totally vendor neutral like S3. Customizing the map [00:35:03] Jeremy: We've mostly been talking about how you host the map itself, but for someone who's not familiar with these kind of tools, how would they be customizing the map? [00:35:15] Brandon: For customizing the map there is front end style customization and there's also data customization. So for the front end if you wanted to change the water from the shade of blue to another shade of blue there is a TypeScript API where you can customize it almost like a text editor color scheme. So if you're able to name a bunch of colors, well you can customize the map in that way you can change the fonts. And that's all done using MapLibre GL using a TypeScript API on top of that for customizing the data. So all the pipeline to generate this data from OpenStreetMap is open source. There is a Java program using a library called PlanetTiler which is awesome, which is this super fast multi-core way of building map tiles. And right now there isn't really great hooks to customize what data goes into that. But that's something that I do wanna work on. And finally, because the data comes from OpenStreetMap if you notice data that's missing or you wanted to correct data in OSM then you can go into osm.org. You can get involved in contributing the data to OSM and the Protomaps build is daily. So if you make a change, then within 24 hours you should see the new base map. Have that change. And of course for OSM your improvements would go into every OSM based project that is ingesting that data. So it's not a protomap specific thing. It's like this big shared data source, almost like Wikipedia. OpenStreetMap is a dataset and not a map [00:37:01] Jeremy: I think you were involved with OpenStreetMap to some extent. Can you speak a little bit to that for people who aren't familiar, what OpenStreetMap is? [00:37:11] Brandon: Right. So I've been using OSM as sort of like a tools developer for over a decade now. And one of the number one questions I get from developers about what is Protomaps is why wouldn't I just use OpenStreetMap? What's the distinction between Protomaps and OpenStreetMap? And it's sort of like this funny thing because even though OSM has map in the name it's not really a map in that you can't... In that it's mostly a data set and not a map. It does have a map that you can see that you can pan around to when you go to the website but the way that thing they show you on the website is built is not really that easily reproducible. It involves a lot of c++ software you have to run. But OpenStreetMap itself, the heart of it is almost like a big XML file that has all the data in the map and global. And it has tagged features for example. So you can go in and edit that. It has a web front end to change the data. It does not directly translate into making a map actually. Protomaps decides what shows at each zoom level [00:38:24] Brandon: So a lot of the pipeline, that Java program I mentioned for building this basemap for protomaps is doing things like you have to choose what data you show when you zoom out. You can't show all the data. For example when you're zoomed out and you're looking at all of a state like Colorado you don't see all the Chipotle when you're zoomed all the way out. That'd be weird, right? So you have to make some sort of decision in logic that says this data only shows up at this zoom level. And that's really what is the challenge in optimizing the size of that for the Protomaps map project. [00:39:03] Jeremy: Oh, so those decisions of what to show at different Zoom levels those are decisions made by you when you're creating the PMTiles file with Protomaps. [00:39:14] Brandon: Exactly. It's part of the base maps build pipeline. and those are honestly very subjective decisions. Who really decides when you're zoomed out should this hospital show up or should this museum show up nowadays in Google, I think it shows you ads. Like if someone pays for their car repair shop to show up when you're zoomed out like that that gets surfaced. But because there is no advertising auction in Protomaps that doesn't happen obviously. So we have to sort of make some reasonable choice. A lot of that right now in Protomaps actually comes from another open source project called Mapzen. So Mapzen was a company that went outta business a couple years ago. They did a lot of this work in designing which data shows up at which Zoom level and open sourced it. And then when they shut down, they transferred that code into the Linux Foundation. So it's this totally open source project, that like, again, sort of like Mapbox gl has this awesome legacy in that this company funded it for years for smart people to work on it and now it's just like a free thing you can use. So the logic in Protomaps is really based on mapzen. [00:40:33] Jeremy: And so the visualization of all this... I think I understand what you mean when people say oh, why not use OpenStreetMaps because it's not really clear it's hard to tell is this the tool that's visualizing the data? Is it the data itself? So in the case of using Protomaps, it sounds like Protomaps itself has all of the data from OpenStreetMap and then it has made all the decisions for you in terms of what to show at different Zoom levels and what things to have on the map at all. And then finally, you have to have a separate, UI layer and in this case, it sounds like the one that you recommend is the Map Libre library. [00:41:18] Brandon: Yeah, that's exactly right. For Protomaps, it has a portion or a subset of OSM data. It doesn't have all of it just because there's too much, like there's data in there. people have mapped out different bushes and I don't include that in Protomaps if you wanted to go in and edit like the Java code to add that you can. But really what Protomaps is positioned at is sort of a solution for developers that want to use OSM data to make a map on their app or their website. because OpenStreetMap itself is mostly a data set, it does not really go all the way to having an end-to-end solution. Financials and the idea of a project being complete [00:41:59] Jeremy: So I think it's great that somebody who wants to make a map, they have these tools available, whether it's from what was originally built by Mapbox, what's built by Open StreetMap now, the work you're doing with Protomaps. But I wonder one of the things that I talked about with Tom was he was saying he was trying to build this mapping business and based on the financials of what was coming in he was stressed, right? He was struggling a bit. And I wonder for you, you've been working on this open source project for five years. Do you have similar stressors or do you feel like I could keep going how things are now and I feel comfortable? [00:42:46] Brandon: So I wouldn't say I'm a hundred percent in one bucket or the other. I'm still seeing it play out. One thing, that I really respect in a lot of open source projects, which I'm not saying I'm gonna do for Protomaps is the idea that a project is like finished. I think that is amazing. If a software project can just be done it's sort of like a painting or a novel once you write, finish the last page, have it seen by the editor. I send it off to the press is you're done with a book. And I think one of the pains of software is so few of us can actually do that. And I don't know obviously people will say oh the map is never finished. That's more true of OSM, but I think like for Protomaps. One thing I'm thinking about is how to limit the scope to something that's quite narrow to where we could be feature complete on the core things in the near term timeframe. That means that it does not address a lot of things that people want. Like search, like if you go to Google Maps and you search for a restaurant, you will get some hits. that's like a geocoding issue. And I've already decided that's totally outta scope for Protomaps. So, in terms of trying to think about the future of this, I'm mostly looking for ways to cut scope if possible. There are some things like better tooling around being able to work with PMTiles that are on the roadmap. but for me, I am still enjoying working on the project. It's definitely growing. So I can see on NPM downloads I can see the growth curve of people using it and that's really cool. So I like hearing about when people are using it for cool projects. So it seems to still be going okay for now. [00:44:44] Jeremy: Yeah, that's an interesting perspective about how you were talking about projects being done. Because I think when people look at GitHub projects and they go like, oh, the last commit was X months ago. They go oh well this is dead right? But maybe that's the wrong framing. Maybe you can get a project to a point where it's like, oh, it's because it doesn't need to be updated. [00:45:07] Brandon: Exactly, yeah. Like I used to do a lot of c++ programming and the best part is when you see some LAPACK matrix math library from like 1995 that still works perfectly in c++ and you're like, this is awesome. This is the one I have to use. But if you're like trying to use some like React component library and it hasn't been updated in like a year, you're like, oh, that's a problem. So again, I think there's some middle ground between those that I'm trying to find. I do like for Protomaps, it's quite dependency light in terms of the number of hard dependencies I have in software. but I do still feel like there is a lot of work to be done in terms of project scope that needs to have stuff added. You mostly only hear about problems instead of people's wins [00:45:54] Jeremy: Having run it for this long. Do you have any thoughts on running an open source project in general? On dealing with issues or managing what to work on things like that? [00:46:07] Brandon: Yeah. So I have a lot. I think one thing people point out a lot is that especially because I don't have a direct relationship with a lot of the people using it a lot of times I don't even know that they're using it. Someone sent me a message saying hey, have you seen flickr.com, like the photo site? And I'm like, no. And I went to flickr.com/map and it has Protomaps for it. And I'm like, I had no idea. But that's cool, if they're able to use Protomaps for this giant photo sharing site that's awesome. But that also means I don't really hear about when people use it successfully because you just don't know, I guess they, NPM installed it and it works perfectly and you never hear about it. You only hear about people's negative experiences. You only hear about people that come and open GitHub issues saying this is totally broken, and why doesn't this thing exist? And I'm like, well, it's because there's an infinite amount of things that I want to do, but I have a finite amount of time and I just haven't gone into that yet. And that's honestly a lot of the things and people are like when is this thing gonna be done? So that's, that's honestly part of why I don't have a public roadmap because I want to avoid that sort of bickering about it. I would say that's one of my biggest frustrations with running an open source project is how it's self-selected to only hear the negative experiences with it. Be careful what PRs you accept [00:47:32] Brandon: 'cause you don't hear about those times where it works. I'd say another thing is it's changed my perspective on contributing to open source because I think when I was younger or before I had become a maintainer I would open a pull request on a project unprompted that has a hundred lines and I'd be like, Hey, just merge this thing. But I didn't realize when I was younger well if I just merge it and I disappear, then the maintainer is stuck with what I did forever. You know if I add some feature then that person that maintains the project has to do that indefinitely. And I think that's very asymmetrical and it's changed my perspective a lot on accepting open source contributions. I wanna have it be open to anyone to contribute. But there is some amount of back and forth where it's almost like the default answer for should I accept a PR is no by default because you're the one maintaining it. And do you understand the shape of that solution completely to where you're going to support it for years because the person that's contributing it is not bound to those same obligations that you are. And I think that's also one of the things where I have a lot of trepidation around open source is I used to think of it as a lot more bazaar-like in terms of anyone can just throw their thing in. But then that creates a lot of problems for the people who are expected out of social obligation to continue this thing indefinitely. [00:49:23] Jeremy: Yeah, I can totally see why that causes burnout with a lot of open source maintainers, because you probably to some extent maybe even feel some guilt right? You're like, well, somebody took the time to make this. But then like you said you have to spend a lot of time trying to figure out is this something I wanna maintain long term? And one wrong move and it's like, well, it's in here now. [00:49:53] Brandon: Exactly. To me, I think that is a very common failure mode for open source projects is they're too liberal in the things they accept. And that's a lot of why I was talking about how that choice of what features show up on the map was inherited from the MapZen projects. If I didn't have that then somebody could come in and say hey, you know, I want to show power lines on the map. And they open a PR for power lines and now everybody who's using Protomaps when they're like zoomed out they see power lines are like I didn't want that. So I think that's part of why a lot of open source projects eventually evolve into a plugin system is because there is this demand as the project grows for more and more features. But there is a limit in the maintainers. It's like the demand for features is exponential while the maintainer amount of time and effort is linear. Plugin systems might reduce need for PRs [00:50:56] Brandon: So maybe the solution to smash that exponential down to quadratic maybe is to add a plugin system. But I think that is one of the biggest tensions that only became obvious to me after working on this for a couple of years. [00:51:14] Jeremy: Is that something you're considering doing now? [00:51:18] Brandon: Is the plugin system? Yeah. I think for the data customization, I eventually wanted to have some sort of programmatic API to where you could declare a config file that says I want ski routes. It totally makes sense. The power lines example is maybe a little bit obscure but for example like a skiing app and you want to be able to show ski slopes when you're zoomed out well you're not gonna be able to get that from Mapbox or from Google because they have a one size fits all map that's not specialized to skiing or to golfing or to outdoors. But if you like, in theory, you could do this with Protomaps if you changed the Java code to show data at different zoom levels. And that is to me what makes the most sense for a plugin system and also makes the most product sense because it enables a lot of things you cannot do with the one size fits all map. [00:52:20] Jeremy: It might also increase the complexity of the implementation though, right? [00:52:25] Brandon: Yeah, exactly. So that's like. That's really where a lot of the terrifying thoughts come in, which is like once you create this like config file surface area, well what does that look like? Is that JSON? Is that TOML, is that some weird like everything eventually evolves into some scripting language right? Where you have logic inside of your templates and I honestly do not really know what that looks like right now. That feels like something in the medium term roadmap. [00:52:58] Jeremy: Yeah and then in terms of bug reports or issues, now it's not just your code it's this exponential combination of whatever people put into these config files. [00:53:09] Brandon: Exactly. Yeah. so again, like I really respect the projects that have done this well or that have done plugins well. I'm trying to think of some, I think obsidian has plugins, for example. And that seems to be one of the few solutions to try and satisfy the infinite desire for features with the limited amount of maintainer time. Time split between code vs triage vs talking to users [00:53:36] Jeremy: How would you say your time is split between working on the code versus issue and PR triage? [00:53:43] Brandon: Oh, it varies really. I think working on the code is like a minority of it. I think something that I actually enjoy is talking to people, talking to users, getting feedback on it. I go to quite a few conferences to talk to developers or people that are interested and figure out how to refine the message, how to make it clearer to people, like what this is for. And I would say maybe a plurality of my time is spent dealing with non-technical things that are neither code or GitHub issues. One thing I've been trying to do recently is talk to people that are not really in the mapping space. For example, people that work for newspapers like a lot of them are front end developers and if you ask them to run a Linux server they're like I have no idea. But that really is like one of the best target audiences for Protomaps. So I'd say a lot of the reality of running an open source project is a lot like a business is it has all the same challenges as a business in terms of you have to figure out what is the thing you're offering. You have to deal with people using it. You have to deal with feedback, you have to deal with managing emails and stuff. I don't think the payoff is anywhere near running a business or a startup that's backed by VC money is but it's definitely not the case that if you just want to code, you should start an open source project because I think a lot of the work for an opensource project has nothing to do with just writing the code. It is in my opinion as someone having done a VC backed business before, it is a lot more similar to running, a tech company than just putting some code on GitHub. Running a startup vs open source project [00:55:43] Jeremy: Well, since you've done both at a high level what did you like about running the company versus maintaining the open source project? [00:55:52] Brandon: So I have done some venture capital accelerator programs before and I think there is an element of hype and energy that you get from that that is self perpetuating. Your co-founder is gungho on like, yeah, we're gonna do this thing. And your investors are like, you guys are geniuses. You guys are gonna make a killing doing this thing. And the way it's framed is sort of obvious to everyone that it's like there's a much more traditional set of motivations behind that, that people understand while it's definitely not the case for running an open source project. Sometimes you just wake up and you're like what the hell is this thing for, it is this thing you spend a lot of time on. You don't even know who's using it. The people that use it and make a bunch of money off of it they know nothing about it. And you know, it's just like cool. And then you only hear from people that are complaining about it. And I think like that's honestly discouraging compared to the more clear energy and clearer motivation and vision behind how most people think about a company. But what I like about the open source project is just the lack of those constraints you know? Where you have a mandate that you need to have this many customers that are paying by this amount of time. There's that sort of pressure on delivering a business result instead of just making something that you're proud of that's simple to use and has like an elegant design. I think that's really a difference in motivation as well. Having control [00:57:50] Jeremy: Do you feel like you have more control? Like you mentioned how you've decided I'm not gonna make a public roadmap. I'm the sole developer. I get to decide what goes in. What doesn't. Do you feel like you have more control in your current position than you did running the startup? [00:58:10] Brandon: Definitely for sure. Like that agency is what I value the most. It is possible to go too far. Like, so I'm very wary of the BDFL title, which I think is how a lot of open source projects succeed. But I think there is some element of for a project to succeed there has to be somebody that makes those decisions. Sometimes those decisions will be wrong and then hopefully they can be rectified. But I think going back to what I was talking about with scope, I think the overall vision and the scope of the project is something that I am very opinionated about in that it should do these things. It shouldn't do these things. It should be easy to use for this audience. Is it gonna be appealing to this other audience? I don't know. And I think that is really one of the most important parts of that leadership role, is having the power to decide we're doing this, we're not doing this. I would hope other developers would be able to get on board if they're able to make good use of the project, if they use it for their company, if they use it for their business, if they just think the project is cool. So there are other contributors at this point and I want to get more involved. But I think being able to make those decisions to what I believe is going to be the best project is something that is very special about open source, that isn't necessarily true about running like a SaaS business. [00:59:50] Jeremy: I think that's a good spot to end it on, so if people want to learn more about Protomaps or they wanna see what you're up to, where should they head? [01:00:00] Brandon: So you can go to Protomaps.com, GitHub, or you can find me or Protomaps on bluesky or Mastodon. [01:00:09] Jeremy: All right, Brandon, thank you so much for chatting today. [01:00:12] Brandon: Great. Thank you very much.

Thank you to the folks at Sustain (https://sustainoss.org/) for providing the hosting account for CHAOSSCast! CHAOSScast- Episode 107 In this episode of CHAOSScast, we have a special crossover episode with Sustain, hosted Richard Littauer. Richard chats with CHAOSS contributor Sean Goggins, a tenured full Professor of Computer Science at the University of Missouri. Sean discusses his extensive involvement in the open source community, particularly through his work with the CHAOSS Project, a Linux Foundation initiative focused on understanding and improving open-source project sustainability. Their conversation covers Sean's academic background, his role in CHAOSS, the importance of distributed leadership, and how metrics can impact the sustainability of open source projects. Sean also shares insights into his teaching methods, the challenges of maintaining open source software, and the future direction of his work on CHAOSS and Augur. Hit the download button now! [00:02:32] Sean shares that he's a professor specializing in software engineering, algorithms, data science, and visualization, and he discusses his tenure status and passion for research and open source work. [00:03:48] Sean explains how open source leadership is distributed rather than centralized. [00:05:52] We hear how the CHAOSS Project emerged from studying open source governance and leadership. Sean and Matt Germonprez started working on open source collaboration data and a metrics-focused discussion at a Linux Foundation Summit that led to the founding of the CHAOSS Project in 2017. [00:09:30] Richard asks Sean how he balances research, teaching, and open source. Sean discusses how he splits time between research (40%), teaching (40%), and service (20%), with CHAOSS being a major part of his research efforts. [00:14:34] Sean explains that the Augur Project was born out of a need for structured open source data tracking. [00:16:25] Richard asks Sean if he teaches his students about open source, and he explains that he uses CHAOSS and Auger to teach students about GitHub collaboration, pull requests, and open source workflows. [00:20:32] Sean shares his insights on research and open source. He emphasizes his involvement in maintaining software and aiding organizations in making sense of CHAOSS metrics through Augur, which has given him a deep understanding of open source development. [00:21:51] Sean explains why he thinks metrics help make projects more sustainable and how the CHAOSS community has benefitted from fostering a welcoming environment for both technical and non-technical contributors. [00:26:30] We hear some challenges within CHAOSS where it's been difficult to build a strong developer community around CHAOSS software tools and maintaining open source software requires significant effort. [00:29:18] He goes further to explain how to be a better project and that there's potential for improving project sustainability through structured mentoring and governance. [00:36:14] Sean shares CHAOSS Project's future and research goals. Panelist: Richard Littauer of Sustain Guest: Sean Goggins of CHAOSS Value Adds (Picks)/Spotlight: [00:38:32] Richard's spotlight is BibtexParser. [00:39:28] Sean's spotlight is Stuart Geiger. Links: SustainOSS (https://sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) richard@sustainoss.org (mailto:richard@sustainoss.org) SustainOSS Discourse (https://discourse.sustainoss.org/) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) Open Collective-SustainOSS (Contribute) (https://opencollective.com/sustainoss) Richard Littauer Socials (https://www.burntfen.com/2023-05-30/socials) Sean Goggins Website (https://www.seangoggins.net/) Sean Goggins X (https://x.com/sociallycompute) Nora McDonald Website (https://www.noramcdonald.net/) Nora McDonald-Commonwealth Cyber Initiative (https://cyberinitiative.org/research/researcher-directory/mcdonald-nora.html) Sustain Podcast- 3 episodes featuring guest Georg Link (https://podcast.sustainoss.org/guests/georg-link) Sustain Podcast- 2 episodes featuring guest Dawn Foster (https://podcast.sustainoss.org/guests/foster) Matt Germonprez-Univ. of Nebraska Omaha (https://www.unomaha.edu/college-of-information-science-and-technology/about/faculty-staff/matt-germonprez.php) The Linux Kernel Maintainer Summit-Tokyo, Japan 2025 (https://events.linuxfoundation.org/linux-kernel-maintainer-summit/) Alfred P. Sloan Foundation (https://sloan.org/) CHAOSS (https://chaoss.community/) CHAOSS-GrimoireLab (https://chaoss.github.io/grimoirelab/) CHAOSS-Augur (https://github.com/chaoss/augur) Kelly Blincoe-University of Auckland (https://profiles.auckland.ac.nz/k-blincoe) James Howison (https://james.howison.name/) Sustain Podcast- episode 218 featuring guest James Howison (https://podcast.sustainoss.org/guests/james-howison) Sustain Podcast-episode 243 featuring guest Elizabeth Barron (https://podcast.sustainoss.org/guests/elizabeth-barron) Sustain Podcast-episode 65 featuring guest Brian Proffitt (https://podcast.sustainoss.org/guests/briant-proffitt) Sustain Podcast-2 episodes featuring guest Duane O'Brien (https://podcast.sustainoss.org/guests/duane-obrien) Sustain Podcast-episode 200 featuring guest Stuart Geiger (https://podcast.sustainoss.org/guests/geiger) Digital Infrastructure Podcast- 2 episodes featuring guest Rayya El Zein (https://dif.fireside.fm/guests/rayya-el-zein) BibtexParser (https://bibtexparser.readthedocs.io/en/main/) Stuart Geiger (https://css.ucsd.edu/people/profiles/sgeiger.html) Special Guest: Richard Littauer.

In this episode, we hear from Megan Knight, Director of Software Communities at Arm. Megan shares her experiences with open source projects, particularly focusing on the Yocto project which helps build custom Linux distributions. She discusses the challenges of community management, maintaining contributor motivation, and the impact of policy changes on open source projects. The discussion also touches on the importance of corporate support in sustaining open source contributions.   00:00 Introduction and Welcome 00:52 The Yocto Project: Building Custom Linux Distributions 01:33 Managing Open Source Communities 04:20 Motivations and Challenges in Open Source Contributions 05:18 Conflict Resolution in Open Source Projects 06:59 Unexpected Use Cases in Open Source 10:03 Sustainability and Training in Open Source 18:07 The Future of Open Source in Automotive 19:18 Conclusion   Guest: Megan Knight is the Director of Software Communities at Arm where she delightfully works with the upstream. She holds various positions on project boards including Yocto Project, UXL Foundation, Zephyr Project, and  OpenSSF. Prior to Arm, she led the IoT and Automotive open source engagement portfolio at Amazon Web Services and served as the Amazon representative on critical dependency open source project boards. She got her start in open source working at The Linux Foundation with the Linux Kernel and Linux Plumbers communities.  

Guest Sean Goggins Panelist Richard Littauer Show Notes In this episode of Sustain, host Richard Littauer chats with guest Sean Goggins, a tenured full Professor of Computer Science at the University of Missouri. Sean discusses his extensive involvement in the open source community, particularly through his work with the CHAOSS Project, a Linux Foundation initiative focused on understanding and improving open-source project sustainability. Their conversation covers Sean's academic background, his role in CHAOSS, the importance of distributed leadership, and how metrics can impact the sustainability of open source projects. Sean also shares insights into his teaching methods, the challenges of maintaining open source software, and the future direction of his work on CHAOSS and Augur. Hit the download button now! [00:01:25] Sean shares that he's a professor specializing in software engineering, algorithms, data science, and visualization, and he discusses his tenure status and passion for research and open source work. [00:02:41] Sean explains how open source leadership is distributed rather than centralized. [00:04:45] We hear how the CHAOSS Project emerged from studying open source governance and leadership. Sean and Matt Germonprez started working on open source collaboration data and a metrics-focused discussion at a Linux Foundation Summit that led to the founding of the CHAOSS Project in 2017. [00:08:23] Richard asks Sean how he balances research, teaching, and open source. Sean discusses how he splits time between research (40%), teaching (40%), and service (20%), with CHAOSS being a major part of his research efforts. [00:13:27] Sean explains that the Augur Project was born out of a need for structured open source data tracking. [00:15:18] Richard asks Sean if he teaches his students about open source, and he explains that he uses CHAOSS and Auger to teach students about GitHub collaboration, pull requests, and open source workflows. [00:19:25] Sean shares his insights on research and open source. He emphasizes his involvement in maintaining software and aiding organizations in making sense of CHAOSS metrics through Augur, which has given him a deep understanding of open source development. [00:20:44] Sean explains why he thinks metrics help make projects more sustainable and how the CHAOSS community has benefitted from fostering a welcoming environment for both technical and non-technical contributors. [00:25:23] We hear some challenges within CHAOSS where it's been difficult to build a strong developer community around CHAOSS software tools and maintaining open source software requires significant effort. [00:28:11] He goes further to explain how to be a better project and that there's potential for improving project sustainability through structured mentoring and governance. [00:35:07] Sean shares CHAOSS Project's future and research goals. Quotes [00:03:46] “Distributed leadership: this exists in most of open source. There's not often a single individual who drives an entire project.” [00:09:18] “You have 40% of your time for teaching, 40% of your time for research, and 20% of your time for service.” [00:12:15] “There's a challenge of being a university professor. The advantage is you can do what you want, the challenge is that you have to set your own boundaries.” [00:23:12] “A leading indicator for community health is how many newcomers you have coming in over time.” [00:28:14] “How can I have a better project? It's the same as going to a family reunion and saying, ‘How can we be a better family'?” Spotlight [00:37:25] Richard's spotlight is BibtexParser. [00:38:21] Sean's spotlight is Stuart Geiger. Links SustainOSS (https://sustainoss.org/) podcast@sustainoss.org (mailto:podcast@sustainoss.org) richard@sustainoss.org (mailto:richard@sustainoss.org) SustainOSS Discourse (https://discourse.sustainoss.org/) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) Open Collective-SustainOSS (Contribute) (https://opencollective.com/sustainoss) Richard Littauer Socials (https://www.burntfen.com/2023-05-30/socials) Sean Goggins Website (https://www.seangoggins.net/) Sean Goggins X (https://x.com/sociallycompute) Nora McDonald Website (https://www.noramcdonald.net/) Nora McDonald-Commonwealth Cyber Initiative (https://cyberinitiative.org/research/researcher-directory/mcdonald-nora.html) Sustain Podcast- 3 episodes featuring guest Georg Link (https://podcast.sustainoss.org/guests/georg-link) Sustain Podcast- 2 episodes featuring guest Dawn Foster (https://podcast.sustainoss.org/guests/foster) Matt Germonprez-Univ. of Nebraska Omaha (https://www.unomaha.edu/college-of-information-science-and-technology/about/faculty-staff/matt-germonprez.php) The Linux Kernel Maintainer Summit-Tokyo, Japan 2025 (https://events.linuxfoundation.org/linux-kernel-maintainer-summit/) Alfred P. Sloan Foundation (https://sloan.org/) CHAOSS (https://chaoss.community/) CHAOSS-GrimoireLab (https://chaoss.github.io/grimoirelab/) CHAOSS-Augur (https://github.com/chaoss/augur) Kelly Blincoe-University of Auckland (https://profiles.auckland.ac.nz/k-blincoe) James Howison (https://james.howison.name/) Sustain Podcast- episode 218 featuring guest James Howison (https://podcast.sustainoss.org/guests/james-howison) Sustain Podcast-episode 243 featuring guest Elizabeth Barron (https://podcast.sustainoss.org/guests/elizabeth-barron) Sustain Podcast-episode 65 featuring guest Brian Proffitt (https://podcast.sustainoss.org/guests/briant-proffitt) Sustain Podcast-2 episodes featuring guest Duane O'Brien (https://podcast.sustainoss.org/guests/duane-obrien) Sustain Podcast-episode 200 featuring guest Stuart Geiger (https://podcast.sustainoss.org/guests/geiger) Digital Infrastructure Podcast- 2 episodes featuring guest Rayya El Zein (https://dif.fireside.fm/guests/rayya-el-zein) BibtexParser (https://bibtexparser.readthedocs.io/en/main/) Stuart Geiger (https://css.ucsd.edu/people/profiles/sgeiger.html) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guest: Sean Goggins.

This week Steve and Noah give you tips on hosting your first home server. -- During The Show -- 00:58 Intro Minimum Viable Battle Station Pelican 1620 Cases XREAL Air 2 (https://us.shop.xreal.com/products/xreal-air-2) Ergonomics 09:52 Home Server Questions - Dan Noah's first homelab Pick an OS with low churn, long term OS Generational upgrades Experiment in VMs Starting with a VM host Starting with a file server Don't put 30 drives in one box Noah's vs Steve's approach Do it, Document it, Blow it away, Do it again Know the thing before you automate Low level tech roles being handed to other business people Playbooks Ansible Steve's OpenAudible-TO-AudioBookShelf (https://github.com/stratus-ss/OpenAudible-To-AudioBookShelf) 48:06 Kubernetes - Jeremy Kube Dev Lab (https://www.kubedevlab.com/docs/tutorials/kubernetes-cluster/) Steve's K8s Labs (https://github.com/stratus-ss/k8s-labs) 50:32 News Wire Calibre 8.0 - calibre-ebook.com (https://calibre-ebook.com/new-in/seventeen) Linux 6.14 - lkml.org (https://lkml.org/lkml/2025/3/24/797) Gnome 48 - gnome.org (https://release.gnome.org/48/) Blender 4.4 - blender.org (https://www.blender.org/download/releases/4-4/) Zulip 10 - zulip.com (https://blog.zulip.com/2025/03/20/zulip-10-0-released/) EndeavorOS Mercury Neo - endeavouros.com (https://endeavouros.com/news/mercury-neo-with-linux-6-13-7-and-arch-mirror-ranking-bug-fix/) Finnis 125 - finnix.org (https://blog.finnix.org/2023/03/28/finnix-125-released/) Serpent OS Rebranded to AerynOS - fossforce.com (https://fossforce.com/2025/02/before-it-even-gets-a-stable-release-serpent-os-changes-its-name-to-aerynos/) Rocky Linux Security - fossforce.com (https://fossforce.com/2025/03/rocky-linux-from-ciq-hardened-takes-enterprise-linux-security-to-the-next-level/) Chimera Linux Drops RISC-V - theregister.com (https://www.theregister.com/2025/03/19/chimera_linux_riscv/) Albabat Ransomware - infosecurity-magazine.com (https://www.infosecurity-magazine.com/news/albabat-ransomware-linux-macos/) Hornet Security Module - phoronix.com (https://www.phoronix.com/news/Microsoft-Hornet-Linux-LSM) 3 AI Projects Donated to Linux Foundation - thenewstack.io (https://thenewstack.io/ibm-to-donate-three-ai-related-projects-to-the-cncf/) Trend Micro Open Source - prnewswire.com (https://www.prnewswire.com/news-releases/trend-micro-to-open-source-ai-model-and-agent-to-drive-the-future-of-agentic-cybersecurity-302405393.html) Hugging Face Blueprint - venturebeat.com (https://venturebeat.com/ai/hugging-face-submits-open-source-blueprint-challenging-big-tech-in-white-house-ai-policy-fight/) AlexNet Open Source - spectrum.ieee.org (https://spectrum.ieee.org/alexnet-source-code) Open Source Worth 8.8 Trillion - heise.de (https://www.heise.de/en/news/Harvard-study-Open-source-has-an-economic-value-of-8-8-trillion-dollars-10322643.html) hbs.edu (https://www.hbs.edu/ris/Publication%20Files/24-038_51f8444f-502c-4139-8bf2-56eb4b65c58a.pdf#page=31.22) 52:15 Private Search Engine? - Atypical Kernel SearXNG (https://docs.searxng.org/) -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/434) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

Mozilla, The Linux Foundation, & other corrupt, Woke "Open Source" organizations have received hundreds of millions in donations. The Lunduke Journal stands alone in truthfully covering them. https://lunduke.substack.com/p/help-the-lunduke-journal-fight-against More from The Lunduke Journal: https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe

he rapid rise of DeepSeek, a Chinese artificial intelligence company, is reshaping the AI industry and prompting market players to explore new possibilities, experts said at the 2025 Global Developer Conference, which concluded Sunday.专家在周日闭幕的 2025 全球开发者大会上表示，中国人工智能公司深度求索（DeepSeek）的迅速崛起正在重塑人工智能产业，并促使市场参与者探索新的可能性。DeepSeek specializes in large language models, particularly in coding - related AI, and aims to provide high - performance models with efficient training. The company, based in Hangzhou, Zhejiang province, gained global attention last month after launching its AI reasoning models. The models are fully open source, cheaper to train and perform on par with leading global counterparts.深度求索专注于大语言模型，尤其是与编码相关的人工智能领域，致力于提供高性能且训练高效的模型。这家位于浙江省杭州市的公司，在上个月推出其人工智能推理模型后获得了全球关注。这些模型完全开源，训练成本更低，性能与全球领先的同类模型相当。"I hope not just Chinese AI companies, but other global AI companies learn from what DeepSeek is doing. Starting by open - sourcing your software …they've made it really financially approachable to build your own language models," said Andrew Aitken, a technical oversight committee member of the Linux Foundation's FINOS Foundation. "They've done that really well, and the rest of the world can learn from that."Linux 基金会旗下金融科技开源基金会（FINOS Foundation）技术监督委员会成员安德鲁・艾特肯（Andrew Aitken）表示：“我希望不仅是中国的人工智能公司，全球其他人工智能公司都能从深度求索的做法中学习。从软件开源做起…… 他们让构建自己的语言模型在经济成本上变得切实可行。他们这一点做得非常好，世界其他地区可以从中学习。”Industry experts at the conference expressed admiration for DeepSeek - R1, one of the company's latest AI developments.参会的行业专家对深度求索的最新人工智能成果之一 —— 深度求索 - R1 表示赞赏。"DeepSeek's open - source adoption has set a role model for how AI can benefit everybody," said Gu Ruiquan, product director at Lanyun Technology. "It helps create an ecosystem to build better AI products because everybody can stand on the shoulders of giants."蓝云科技产品总监顾瑞泉表示：“深度求索对开源的应用，为人工智能如何让每个人受益树立了榜样。它有助于创建一个生态系统，以打造更出色的人工智能产品，因为每个人都能站在巨人的肩膀上。”Gu added that as costs decline, demand for computing power is rising across the industry, creating new opportunities for AI development.顾瑞泉补充说，随着成本下降，整个行业对计算能力的需求不断上升，这为人工智能的发展创造了新机遇。Experts said DeepSeek's open - source approach is driving the growth of similar models, accelerating AI applications across various industries.专家表示，深度求索的开源方式正在推动类似模型的发展，加速人工智能在各个行业的应用。"I am extremely excited about the outlook of large models, which can now be developed in a cheaper, faster, better and more efficient way," said Jia Anya, product director at SenseTime.商汤科技产品总监贾安雅说：“我对大模型的前景感到无比兴奋，现在可以以更便宜、更快速、更优质且更高效的方式开发大模型。”"The recent breakthroughs in AI indicate that integration can happen more quickly, reasoning can be accelerated with large models, AI capabilities can be further optimized and better AI applications will be developed," Jia said.贾安雅说：“人工智能领域近期的突破表明，整合可以更快实现，借助大模型可以加速推理，人工智能能力可以进一步优化，还会开发出更出色的人工智能应用。”Shen Haozhan, an algorithm expert at OM AI Lab, said DeepSeek's success highlights how AI models can be developed at significantly lower costs and provides a roadmap for other companies to train their own models.欧姆人工智能实验室（OM AI Lab）算法专家沈浩展表示，深度求索的成功凸显了人工智能模型可以以显著更低的成本进行开发，并为其他公司训练自己的模型提供了路线图。"I am personally inspired by DeepSeek's open - source strategy. It gives us new research directions beyond conventional methodologies, which is a huge contribution to the open - source community," Shen said.沈浩展说：“我个人深受深度求索开源策略的启发。它为我们提供了传统方法之外的新研究方向，这对开源社区来说是巨大的贡献。”The 2025 Global Developer Conference, held from Friday through Sunday in Shanghai, was themed "AI Shaping the World, Unlocking Infinite Opportunities."2025 全球开发者大会于周五至周日在上海举行，主题为 “人工智能塑造世界，解锁无限机遇”。The event brought together global developers to collaborate, innovate and explore AI applications while promoting commercialization efforts.此次活动汇聚了全球开发者，共同开展合作、创新并探索人工智能应用，同时推动商业化进程。"Artificial intelligence will continue to be one of Shanghai's leading industries," said Chen Jie, vice - mayor of Shanghai, during the conference's opening ceremony on Saturday.上海市副市长陈杰在周六的大会开幕式上表示：“人工智能将继续成为上海的主导产业之一。”Chen noted that under the guidance of the Ministry of Industry and Information Technology, Shanghai has made significant strides in technological innovation, industry - finance cooperation and international partnerships. The city's AI market reached a scale of more than 450 billion yuan ($62 billion) last year, and it has hosted the World Artificial Intelligence Conference for seven consecutive years and filed 60 large models.陈杰指出，在工业和信息化部的指导下，上海在技术创新、产业金融合作以及国际合作方面取得了重大进展。去年，上海人工智能市场规模超过 4500 亿元（620 亿美元），已连续七年举办世界人工智能大会，并提交了 60 个大模型。"I'm really impressed with what Shanghai has done around AI. Large corporations are investing in AI, and the government is providing incentives, support and investment to grow the developer community and focus on open source. Shanghai is really positioning itself as a leader in this space," Aitken said.艾特肯说：“上海在人工智能领域所做的工作给我留下了深刻印象。大型企业在人工智能领域投资，政府为壮大开发者社区并聚焦开源提供激励措施、支持和投资。上海正切实将自己定位为这一领域的领军者。”As open - source AI models continue to evolve, Shanghai will leverage its strengths as a megacity and accelerate efforts to establish itself as an internationally influential AI hub, Chen added.陈杰补充说，随着开源人工智能模型不断发展，上海将发挥其作为特大城市的优势，加快努力将自身打造成具有国际影响力的人工智能中心。重点词汇：reshape [ˌriːˈʃeɪp] 动词，重塑specialize [ˈspeʃəlaɪz] 动词，专门从事；专注于influential [ˌɪnfluˈenʃl] 形容词，有影响力的ecosystem [ˈiːkəʊsɪstəm] 名词，生态系统breakthrough [ˈbreɪkθruː] 名词，突破conventional [kənˈvenʃənl] 形容词，传统的

In this episode, Henrik Blixt, a product manager at Intuit and Argo maintainer, shares his experiences and insights into managing platform engineering teams that handle Kubernetes, service mesh, API gateways, and more. He emphasizes the importance of product management within platform engineering and discusses his involvement with the CNCF's end user technical advisory board. Henrik also highlights the significance of open source in his professional journey and details the ongoing initiatives and advancements within the Argo project.   00:00 Introduction and Guest Welcome 00:53 Discussion on Argo and Developer Tools 01:41 Open Source Community Involvement 02:06 CNCF End User Technical Advisory Board 03:11 Reference Architectures and Initiatives 08:18 Challenges and Solutions for End Users 13:20 Argo Project Insights 16:03 The Importance of Product Management 17:16 Conclusion and Final Thoughts   Guest: Henrik Blixt leads a Product Management team responsible for the Intuit core platform, where he defines the strategy and direction that has shaped Intuit's cloud native platform based on CNCF projects like Kubernetes, Envoy, Istio, Prometheus, Argo (and many more!) that's used by 7000 developers and serving over 100M users. Being a passionate member of the open source community for almost 30 years, from Linux through OpenStack and Kubernetes, Henrik is currently focused on the Argo project as a core maintainer. He also represents Intuit across other committees, like the CNOE project and the broader Linux Foundation, where he shares experiences and best practices from Intuit's use of open source, making sure end users are heard and their pain points understood. He loves engaging with the community and has been a prolific speaker and event program committee member across ArgoCon, GitOpsCon, Kubecon over the years. A native of Sweden, earning his B.Sc in information systems from the University of Gothenburg, he now resides in California with his family.    

Mainframes are not only here to stay—they're leading the way!    This powerful tech is not only alive but thriving, powering 74% of the world's transactional workloads. From banking to shopping, the mainframe is the backbone of our digital world, offering unmatched security, resilience, and performance.

The podcast returns and we're talking automation! ==== Special Thanks to Our Patrons! ==== https://thelinuxcast.org/patrons/ ===== Follow us

First up in the news: Linux Mint 22.1 “Xia” released, Parallels can finally run x86 versions of Linux on Apple Silicon, German router maker is latest company to inadvertently clarify the LGPL license, Google and Linux Foundation form Chromium love club In security and privacy: Microsoft patches Windows to eliminate Secure Boot bypass threat, Then in our Wanderings: Joe enjoys prepares his rack , Dale does routing , and Eric shares 80s kid culture with his kid.

SteamOS is coming to a new Lenovo handheld as well as getting a general beta release, the WordPress drama continues to roll on, the 16GB Raspberry Pi 5 makes no sense to at least one of us (who now owns an N100 mini PC), the Linux Foundation seems to think Chromium-based browsers need a helping... Read More

SteamOS is coming to a new Lenovo handheld as well as getting a general beta release, the WordPress drama continues to roll on, the 16GB Raspberry Pi 5 makes no sense to at least one of us (who now owns an N100 mini PC), the Linux Foundation seems to think Chromium-based browsers need a helping... Read More

This week we talk browsers, with coverage of the Servo updates and the new Supporters of Chromium group in the Linux Foundation. The Raspberry Pi has a 16Gb model of the Pi 5, and not everyone is happy about it. KDE Plasma 6.3 has a public beta, Flatpack has released version 1.16, and Mint is on the cusp of releasing version 22.1. For tips we have kshift for quick or automated KDE re-theming, php -S for local php site testing, a quick tar howto, and pipewire-pulse for more pipewire and oulse audio fun. You can find the show notes at https://bit.ly/3BUzLqV Enjoy! Host: Jonathan Bennett Co-Hosts: Rob Campbell, Ken McDonald, and Jeff Massie Want access to the video version and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

video: https://youtu.be/xtHmj__P-rY Comment on the TWIL Forum (https://thisweekinlinux.com/forum) This week in Linux, we have a lot to talk about. We're gonna talk about some alphas and some betas and also some big news from Valve. So we have KDE Plasma 6.3 beta that is coming out with System76 releasing the Alpha 5 of the COSMIC Desktop Environment and Valve announced that SteamOS is going to expand beyond the Steam Deck. All of this and so much more on this week in Linux, the weekly news show that keeps you up to date with what's going on in the Linux and open source world. Now let's jump right into Your Source for Linux GNews. Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/ad922b8c-d96d-4bf1-b973-31210aa07975.mp3) Support the Show Become a Patron = tuxdigital.com/membership (https://tuxdigital.com/membership) Store = tuxdigital.com/store (https://tuxdigital.com/store) Chapters: 00:00 Intro 00:38 KDE Plasma 6.3 Beta 08:10 Google and The Linux Foundation team up for 'Supporters of Chromium-based Browsers' 13:26 System76 Release COSMIC DE Alpha 5 17:59 Sandfly Security, agentless protection 19:34 GNOME Refine Tool 23:06 Lenovo Legion Go S with SteamOS 25:51 SteamOS expands beyond Steam Deck 29:09 The Mecha Comet 31:23 Support the show Links: KDE Plasma 6.3 Beta https://kde.org/announcements/plasma/6/6.2.90/ (https://kde.org/announcements/plasma/6/6.2.90/) https://kde.org/announcements/changelogs/plasma/6/6.2.5-6.2.90/ (https://kde.org/announcements/changelogs/plasma/6/6.2.5-6.2.90/) https://phabricator.kde.org/T17435 (https://phabricator.kde.org/T17435) http://blog.davidedmundson.co.uk/blog/adding-home-automation-to-kde/ (http://blog.davidedmundson.co.uk/blog/adding-home-automation-to-kde/) 17 KDE Tips = https://www.youtube.com/watch?v=zhPIwFC4qFs (https://www.youtube.com/watch?v=zhPIwFC4qFs) Google and The Linux Foundation team up for 'Supporters of Chromium-based Browsers' https://www.linuxfoundation.org/press/linux-foundation-announces-the-launch-of-supporters-of-chromium-based-browsers (https://www.linuxfoundation.org/press/linux-foundation-announces-the-launch-of-supporters-of-chromium-based-browsers) https://blog.chromium.org/2025/01/announcing-supporters-of-chromium-based.html (https://blog.chromium.org/2025/01/announcing-supporters-of-chromium-based.html) System76 Release COSMIC DE Alpha 5 https://blog.system76.com/post/cosmic-alpha-5-released (https://blog.system76.com/post/cosmic-alpha-5-released) Sandfly Security, agentless protection https://thisweekinlinux.com/sandfly (https://thisweekinlinux.com/sandfly) GNOME Refine Tool https://tesk.page/refine/ (https://tesk.page/refine/) https://www.omgubuntu.co.uk/2025/01/refine-advanced-tweak-tool-for-gnome (https://www.omgubuntu.co.uk/2025/01/refine-advanced-tweak-tool-for-gnome) Lenovo Legion Go S with SteamOS https://www.gamingonlinux.com/2025/01/lenovo-legion-go-s-with-valves-steamos-is-official-expected-to-launch-in-may/ (https://www.gamingonlinux.com/2025/01/lenovo-legion-go-s-with-valves-steamos-is-official-expected-to-launch-in-may/) https://www.theverge.com/2025/1/7/24338028/lenovo-legion-go-s-steam-windows (https://www.theverge.com/2025/1/7/24338028/lenovo-legion-go-s-steam-windows) SteamOS expands beyond Steam Deck https://store.steampowered.com/news/app/593110/view/529834914570306831 https://www.gamingonlinux.com/2025/01/valve-confirms-a-public-beta-of-steamos-is-coming-as-steamos-expands-beyond-steam-deck/ The Mecha Comet https://mecha.so/comet (https://mecha.so/comet) https://destinationlinux.net (https://destinationlinux.net) Support the show https://tuxdigital.com/membership (https://tuxdigital.com/membership) https://store.tuxdigital.com/ (https://store.tuxdigital.com/)

US Supreme Court oral arguments on TikTok ban begin, The Linux Foundation backs Chromium support, Automattic reduces contributions to WordPress core project. MP3 Please SUBSCRIBE HERE for free or get DTNS Live ad-free. A special thanks to all our supporters–without you, none of this would be possible. If you enjoy what you see you canContinue reading "Sports-Focused Streaming Service Venu Is Dead – DTH"

Unlocking Innovation: Kratix and Platform Engineering at NatWest In this episode of the FINOS podcast, Grizz Griswold interviews Chris Plank from NatWest Bank and Derik Evangelisa from Syntasso. They delve into the evolution of platform engineering, open-source technologies, and how NatWest uses cloud-native tools to deliver platforms as a product. Learn about the innovative Kratix framework, its role in enabling developers, and how open-source principles are being adopted in financial services. Whether you're a technical enthusiast or on the business side, this discussion provides valuable insights into modernizing IT practices and fostering innovation. 00:00 The Evolution of Team Collaboration 00:38 Introduction to the Guests 01:08 Overview of the Talk and Key Topics 02:00 Chris Plank's Background and Role 03:14 Defining Platform Engineering 05:52 Derik Evangelista's Background and Role 06:24 Understanding Kratix 10:41 The Journey of Platform Engineering at NatWest 16:54 Building with Kratix: A Technical Insight 19:35 Exploring FINOS Projects and Kratix Integration 20:01 Deep Dive into Kratix and Its Technical Aspects 22:31 The Concept of Golden Paths in Kratix 24:07 Real-World Applications and Industry Impact 29:50 Challenges and Lessons in Change Management 32:51 How to Contribute to Kratix and Future Prospects 37:26 Final Thoughts and Reflections Kratix: https://www.kratix.io/ Chris Plank: https://www.linkedin.com/in/chrisplank/ NatWest: https://www.natwestgroup.com/ Derik Evangelista: https://www.linkedin.com/in/derikevangelista/ Syntasso: https://www.syntasso.io/ Grizz Griswold: https://www.linkedin.com/in/aarongriswold/ Find more info about FINOS: On the web: https://www.finos.org/ Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletter LinkedIn: https://www.linkedin.com/company/finosfoundation/ Twitter: https://twitter.com/FINOSFoundation About FINOS FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

TikTok Ban, Chromium's Future, and Quantum Computing Debate | Hashtag Trending In today's episode of Hashtag Trending, host Jim Love discusses the intense legal battle over TikTok's fate as it heads to the U.S. Supreme Court, with the potential for a landmark free speech case. The episode also covers the Linux Foundation's initiative to make Chromium-based browsers truly open source, backed by tech giants like Google, Microsoft, Meta, and Opera. Lastly, the episode delves into NVIDIA CEO Jensen Huang's controversial prediction on quantum computing's future, which triggered significant market reactions and a counter-argument from D Wave CEO Alan Baratz. Tune in for these stories and more! 00:00 Introduction and Headlines 00:18 TikTok's Legal Battle and Potential Sale 01:53 Linux Foundation's Chromium Initiative 03:37 Quantum Computing Controversy 05:34 Conclusion and Upcoming Shows

Joining this episode is James McLeod, Open Source Program Lead at NatWest Group. He looks back on his career journey, from his role at the Linux Foundation, his efforts in scaling the FINOS project, to the creation of London.js. Reflecting on the many lessons throughout his professional life, James stressed the importance of proper data documentation and education to make open source more accessible to the public. He also explained what it takes for engineers to fully embrace their roles in the wider digital ecosystem, making open source an essential platform for career advancement and development.

In this episode, Wesley, PJ, and Jason take the opportunity to talk about a new phenomenon - The DevRel Foundation from the Linux Foundation. Learn how folks have gotten involved, what the Foundation intends to do, and how you can share your voice. Topics Discussed: Introduction to the DevRel Foundation: The episode explores the new DevRel Foundation, an initiative under the Linux Foundation, created to address challenges in Developer Relations (DevRel). Wesley Faulkner introduces the foundation, noting that its purpose is to be a nonpartisan hub for discussions about DevRel and to provide resources for defining the profession and its practices. Foundational Goals: The DevRel Foundation aims to address key challenges within DevRel, including defining the role, measuring its impact, and rolling out successful DevRel programs. It seeks to aggregate existing knowledge and create a space for new insights. Wesley discusses his role in the steering committee and mentions the ongoing process of recruiting champions for various topics within DevRel to drive these discussions forward. Open Participation and Community Engagement: The foundation is described as a participative effort, where everyone from managers to community members can contribute. This is highlighted as an important distinction from more passive feedback mechanisms (like town halls). Wesley outlines the process, emphasizing that the foundation is open to diverse perspectives, and all contributions will be available for collaboration through platforms like GitHub and Discord. Challenges of Defining DevRel: A major challenge discussed is the diversity of how DevRel is implemented across different organizations (e.g., startups, enterprises, nonprofits). Wesley talks about the need for an inclusive approach that doesn't exclude any perspectives while ensuring practical outcomes. Jason Hand asks about how the foundation plans to handle these varied implementations, suggesting that a “one-size-fits-all” approach may not work. The Role of the Linux Foundation: The Linux Foundation's role is explained as crucial in providing structure, governance, and logistical support for the foundation. The Linux Foundation's history with supporting open-source projects and fostering community-driven initiatives is seen as a key advantage. Real-World Impact and Job Descriptions: Jason Hand discusses the problem of inconsistent DevRel job descriptions in the industry, which often blur the lines between roles like developer advocate, customer success, and sales engineering. The foundation's work could help standardize expectations for DevRel roles across organizations. The episode touches on how a clearer definition of DevRel could assist job seekers and hiring managers in aligning roles more effectively. Future of the DevRel Foundation: The foundation is still in its early stages, and Wesley emphasizes that while there's hope for the project, it will take time to make significant progress. They encourage participation in calls, Discord, and GitHub to stay updated and contribute. Key Takeaways: - The DevRel Foundation seeks to unify and provide structure to the diverse, evolving field of Developer Relations. Inclusive participation is at the core of the foundation's mission, aiming to gather input from all sectors of the community. - The foundation is driven by volunteer work and community passion, with the support of the Linux Foundation's structure and resources. - GitHub and Discord are key platforms for collaboration, ensuring that community voices are heard and that contributions are open for review and iteration. - The foundation's work will eventually help provide clarity in DevRel role definitions, benefiting both organizations and professionals in the field. Action Items: - Join the DevRel Foundation: Individuals can join calls, participate in discussions, or contribute to the work via GitHub and Discord. - Become a Champion: The foundation is actively seeking managers to lead specific topics within DevRel. - Stay Informed: Engage with the monthly updates and open calls to follow the foundation's progress. Key Words and Themes: DevRel Foundation Developer Relations (DevRel) Linux Foundation Open Participation Inclusive Governance Community-Driven Initiatives Job Descriptions in DevRel GitHub and Discord Collaboration Nonprofit Organization Volunteer-Driven Transcript [00:00:00] PJ Haggerty: Hey everybody. And welcome to another episode of Community Pulse. We're super excited to have you. [00:00:04] PJ Haggerty: This week we decided we would take a look at a new phenomenon, the DevRel Foundation, the Developer Relations Foundation from our friends at the Linux Foundation. [00:00:12] PJ Haggerty: Some of you are probably already aware of it. Some of you are probably in the discord chat. Some people might not know about it at all. So we want to take this opportunity to share some information about it and see what we could find out and how we felt about it. So with that, I am joined by, of course, Jason Hand and Wesley Faulkner. Wesley, you've been doing a lot of work with the DevRel foundation as far as like looking at, working models and how people can actually get things done within the foundation. [00:00:37] PJ Haggerty: So do you want to kick us off and give us a description of what's going on? [00:00:41] Wesley Faulkner: Yes. Let me lay a little bit of the groundwork to understand my involvement and how. So I'm part of the steering committee. There's five of us in total. And I am the newest member of that five person steering committee. [00:00:55] Wesley Faulkner: I've been part of the DevRel foundation since June of this year. [00:01:00] And the foundations, the start of it had, I think, started way before that even before the beginning of the year. And the involvement with the Linux foundation happens like I think in around the February timeframe. And so the thought is that there are Certain types of challenges that are unique to people in dev rel defining what we do is one of them that I think is something that people are familiar with, but others that have been lingering around about how do you measure dev rel and like adequately, like, how do you plan for the future and how do you roll out a developer relations program? [00:01:35] Wesley Faulkner: Those are like the broad strokes of it. So the thought of the Dev Rel foundation is to be a nonpartisan home for these types of discussions. And we are currently set up as the steering committee, as people who are trying to facilitate those conversations, give structure and processing of what timeline we should have these conversations and be helped, like [00:02:00] with the being a home to people to find this, Information once we have it all created and to be a repository for a lot of existing knowledge, but also allow the connection tissue to create new knowledge that is not there right now. [00:02:16] Wesley Faulkner: So that's like the whole arc of it. Depending on when you're listening to this podcast, we are currently enrolling people to take on and champion these specific areas of topics. Here are the lists that we've aggregated from the community of the challenges. [00:02:33] Wesley Faulkner: And we're looking for managers to say I want to champion that and run it to ground to make sure that we actually have things defined to help us all as dev or all practitioners. [00:02:43] PJ Haggerty: And I want to zero in because I think that some people I was in the initial meeting kickoff thing that happened back in June and there was a concern and it was oh, this is a town hall, not really a feedback thing, but more of a town hall where we'll come and tell you what we think is [00:03:00] good and you can come and tell us if you don't think it's good. [00:03:03] PJ Haggerty: But what it really is is a participative activity. Not everybody wants to, and that's okay. But the idea is really behind let's put together a compendium of knowledge about what we do and put that so that when people reference it, they can easily say, this is the way it works. [00:03:22] PJ Haggerty: It's a constantly moving organic body. It's similar to software. There is nothing done on this. Would that, do you think that's accurate? Great. [00:03:31] Wesley Faulkner: Yeah, I think that initially I was on that initial feedback preview call as well. And that session, I think, raised a lot of awareness about how developed the thought was of where things were going to go and how open to input. [00:03:47] Wesley Faulkner: The foundation was to the community and letting the community shape the direction and the focus of the foundation. And I think to its credit, the foundation has taken a lot of that into heart. [00:04:00] And I think that's when I joined actually because of that call or after that call. A lot of the work that I've done, at least on the initial side, was finding a way to make sure that the community's voice is heard. [00:04:12] Wesley Faulkner: And then once we get all of this feedback, how do we actually act on it? Because it feels like if you think about the possibilities, the developer relations, there's just so much out there. How do we choose which ones that we're going to help move forward? And I devised or helped with the rest of the people in the steering committee and other feedback. [00:04:31] Wesley Faulkner: From people like you, PJ, about how we address the needs of the community in a way that doesn't feel exclusionary. [00:04:39] PJ Haggerty: Think exclusionary is the word you're looking for. Yeah. [00:04:40] Wesley Faulkner: And also how do we actually be productive to actually move forward instead of having constant discussions all the time and where do we actually make sure that it was the right time to do action? [00:04:52] Jason Hand: Wesley, I got a question. I feel like a lot of our episodes, we generally take a stance on [00:05:00] when it comes to implementing certain things that it just depends on the situation of the organization, the team, the objectives of the org that they're in, there's always just like so many dependencies and variables that go into an implementation of things to take a stance on, how certain aspects or certain elements of developer relations Has found success. [00:05:23] Jason Hand: I'm wondering if there's plans or if there's been any discussion on including lots of different implementation scenarios rather than trying to be one single source of truth, because I feel like that's probably going to be some pushback and going to be some feedback that maybe we hear from this type of organization or foundation, of what goals do we have about putting into concrete terms what. [00:05:48] Jason Hand: developer relations is or isn't when we know that there's just so many ways to do it, Startups are going to do it one way enterprise is going to do it a different One part of the world's going to do it in one way [00:06:00] versus others so Anyway, just curious what your thoughts are on that [00:06:04] Wesley Faulkner: Yeah, there's different verticals, like there's regulated industries like fintech, there are different areas like nonprofit work and open source software as opposed to closed source software. [00:06:14] Wesley Faulkner: Then there is developer first, and then there's developer plus then you mentioned different languages, but there's also different geos and there's also different access to technologies, like parts of the developing world where steady connected electricity and internet is not something that's. [00:06:31] Wesley Faulkner: So there's many different facets. So the answer is, we are trying to be as inclusive as possible by making sure that people have the opportunity to put forth their specific concern. At the same time, we are requiring that as groups are formed around these topics, that there are at least three managers. [00:06:56] Wesley Faulkner: To each of these topics to make sure that there's not [00:07:00] one perspective that's running the show. And then each of these topics, the managers need to recruit at least eight participants. This is to increase the diversity and the different ways that people see things and to make sure that these edge cases or main cases are incorporated into the final result. [00:07:20] Wesley Faulkner: And last, but not least, this is supposed to be an iterative process. So whatever the group Creates, it will be posted to GitHub and you can, and everyone and anyone can put in pull requests so that their voices are heard and their perspectives are also taken into account. [00:07:39] PJ Haggerty: And you're saying all this and for those of you who are listening to the audio and saying, wow, Wesley really has this down. [00:07:44] PJ Haggerty: Wesley has very much structured this and put it into a GitHub document for people to interact with and understand. And I think this that allayed a lot of my concerns when this first came up, because I was like, is this an exercise in student government where the most popular kids [00:08:00] will be voted into their positions of power. [00:08:01] PJ Haggerty: And everyone else will just sit by the wayside with no voice. And Wesley was very careful to design a way in which that wasn't. I think one of the, one of the things that I liked the most about the structure of this, and we'll add the link to the GitHub and the show notes, but one of the things that I really enjoyed about the structure of this was that anyone who is a manager for only a certain period of time. [00:08:24] PJ Haggerty: This isn't a situation where you are, to use the term, they often use an open source project. You're a benevolent dictator for life. Which is that, that's your Linus's and Your David Heinemeyer Handwritten. It's great that you create this thing. [00:08:37] PJ Haggerty: Please let other people as it evolves, take it over. And that's baked into the design. And I feel like we're laying a lot on Wesley here. And I think that there's varying differences between what even the people on this podcast are doing as far as level of participation. [00:08:51] PJ Haggerty: Like I'm a passive participant. I've been watching what's going on, participating in the discord. Talking to some people about some things, but I'm not a manager. [00:09:00] Wesley's a part of the steering committee. Mary had, is that some of those initial meetings are taking a step back due to some busy work related things. [00:09:07] PJ Haggerty: And Jason, are you in the collective? Are you in the discussion or are you just an external passive observer at this point in time?. [00:09:16] Jason Hand: Definitely a passive observer. I think, just through knowing Wesley and the conversations we have here and there I may be a little closer tHand others in terms of just, when I started hearing about it. [00:09:27] Jason Hand: But yeah, at this point I'm not involved. Other than, like I said, just conversations I've had with Wesley. But definitely curious to learn more about what's going on with it. And I quite honestly, I don't have a lot of depth in knowledge around any of the Linux foundations or any just foundations in general. [00:09:45] Jason Hand: And I don't know if Wesley, if that's something you can dig a little deeper into, like what would somebody who has no knowledge of what the Linux Foundation is and any of the offshoots of that, like what are the core benefits? [00:09:57] Wesley Faulkner: I gotta say that there's something that I have to [00:10:00] say about the Linox Foundation in general is that the foundation is an umbrella of other open source projects. So Linux itself is a Linux Foundation project. Git. Is a Linux foundation project. And there's several other Valky is also big and new and it was just launched at the open source summit. [00:10:21] Wesley Faulkner: In September. [00:10:23] PJ Haggerty: Don't forget about that. Dang Kubernetes that people keep talking about. The kids are all under the coop. Yep. CNCF is [00:10:28] Wesley Faulkner: underneath. Yep. The CNCF is under the Linux foundation. Those projects that you know, and love have come under that same umbrella. [00:10:36] Wesley Faulkner: But I have to say the dev rel foundation is different tHand any of those are in all of the other projects because that this feels more of, A governance body or like a list of documents and not necessarily focused on code and making a product from that standpoint, which I think is a little bit different. [00:10:58] Wesley Faulkner: And the question is [00:11:00] why the Linux foundation, and we have a lot of these addressed in our FAQ, if you go to the But for my take that we wanted a place in a home. That was nonpartisan, meaning like it's not owned by a company or someone with specific interests. One that has a history of supporting software and open source processes and making sure it's community like the way that we come to decisions is open to the community and the community can participate [00:11:32] Wesley Faulkner: I can't think of any that checks all of the boxes. So it's part of the Linux Foundation because it is one that does already have a reputation. They are giving us resources and supporting us from a process standpoint. And it allows us to have access to other projects and maintainers and people who've been doing this way longer tHand we have. [00:11:55] Wesley Faulkner: And so being under that umbrella also gives us that connection and [00:12:00] of the siblings who are also in the project. But also just to make sure that it is noted that we are unfunded product projects under the Linux foundation. So we were not trying to make money. No, one's giving us money. [00:12:14] Wesley Faulkner: It's just right now it's all community and volunteer work. That's in the found formation of this foundation. So it's our passions that are driving it. So if there are better suggestions, we are open to hear it. But right now the Linux Foundation sounds like a really good choice and they've been an excellent partner for us. [00:12:36] Wesley Faulkner: Without her support and her guidance and her doing the intros and her doing a lot of the heavy lifting I think we wouldn't have gotten as far as we have right now. [00:12:47] PJ Haggerty: I think it's interesting you mention that because I know that organically around I had been talking for a couple years with people. Wesley, you and I had a conversation that I think is now two and a half years ago about putting together some sort [00:13:00] governance document, some sort of something to say, this is DevRel. [00:13:05] PJ Haggerty: This is the way it worked. This is, giving some sort of guideline to what this all means. I think that some people might be like the Linux foundation eyebrows raised what's going on here at the same time, I think, without having that logistical support, if not the organizational support, this may never have come off because so many people were working in so many small working groups, but not really getting anywhere because they couldn't figure out that logistical component, like how do we do this and not exclude people? [00:13:32] PJ Haggerty: How do we do this and ensure that we have the good mindshare and the diverse mindshare that we need to actually share this information. These are questions that luckily the Linux foundation has answered before, and therefore they can answer it for this. [00:13:49] Wesley Faulkner: Yeah. I got to say that there's been a lot of reaction to the Linux foundation. [00:13:52] Wesley Faulkner: And even just the DevRel foundation. Let's just talk it from there about one saying, why do we need this? That's one of the feedbacks that we've gotten. The [00:14:00] other is, this is amazing. I, this is, I'm so excited. And then I think what Jason also said is that. I'm going to wait and see, so will we, will this have legs? [00:14:11] Wesley Faulkner: Will this keep going? Will this actually produce anything? Will this make a change? And when we were working on our little project back then, Jason PJ it was, some of the conversations were just like, why are we the two people? Or what, why are we the ones to be able to hold this torch and I think the Linux foundation kind of answers some of those questions in terms of it, are we a trusted organization or who legitimizes us for being a person that could have a voice? [00:14:43] Jason Hand: So one more thing I wanted to touch on because I do see a lot of benefits that can come and clearly there's, great examples from the Linux Foundation of success and how this kind of community effort. Can come together and really help in a lot of ways, but a concrete way that I think really [00:15:00] stands out to me that could help for a lot of those folks who are either new to developer relations or in community in general, or maybe they're out on the market looking for new roles because we do hear so much of a variety in terms of what DevRel can look like. [00:15:15] Jason Hand: And you see it like on new job postings where one company is looking for. With a title as a developer relations professional or some variation of that, but then looking through the description, it looks like it's going to include some roles and responsibilities that have traditionally not aligned with developer relations. [00:15:32] Jason Hand: Oftentimes there's just so much variance in terms of what DevRel roles could look like, but this might actually help. Narrow that a little bit and make it easier for both those who are looking to fill roles and those who are looking to find new roles. We're all speaking the same language on what the expectations are here. [00:15:51] PJ Haggerty: Yeah. There's that centralization concept of, maybe if we can define and say, this is what DevRel looks like, then [00:16:00] maybe the hiring managers and the people at LinkedIn and indeed, and what have you, is Monster.com still a thing? I don't think Monster.com is still a thing. [00:16:07] PJ Haggerty: But maybe the people who are in charge of all of this hiring and doing all these things, maybe they can finally have a good definition to understand that maybe you're not looking for a developer advocate or a developer relations specialist, maybe you're actually looking for someone in marketing. [00:16:24] PJ Haggerty: Maybe you're actually looking for a sales engineer. Who's technically minded, but they're to speak to onboard clients. Maybe you're even looking for customer success. Because like you said, Jason, I've looked at a lot of these job descriptions, especially over here that I was unemployed. [00:16:39] PJ Haggerty: And a lot of these people do not understand that their questions that they're asking or that the positions they're describing are not developer relations positions, but. The buzzwords here. So let's go with what we got. [00:16:52] Wesley Faulkner: And also to be frank, these questions have been answered and probably it's been answered multiple [00:17:00] times by different people and everyone who's been in DevRel for a very long time can see and read these and say, that's actually valid. [00:17:09] Wesley Faulkner: Someone who's brand new may not have that ability to distinguish what is. Actually something that makes sense. I think the DevRel foundation will help those new people to be able to do some of that work for them. [00:17:21] Wesley Faulkner: Not necessarily have to create all this new documentation and resources, but aggregating some of the things that are out there that is really good, high quality work that we can help with bringing them into the fold and allowing people to use us as a central point to jump off and find these other resources. [00:17:38] PJ Haggerty: Yeah, that's awesome. And I think that I'm looking forward to seeing what comes out of it. People should not have an expectation. Let's set some boundaries here. People should not have an expectation that like come January one, the dev rel foundation is about to drop the hottest mixtape you've ever heard about dev rel. [00:17:54] PJ Haggerty: These things are going to take time. Yes, we have hope, but hope takes work. [00:17:59] Wesley Faulkner: [00:18:00] And 1 of the things that we're asking or requiring for all these groups that form is that they give at least a monthly update on 1 of our open calls and open meetings that we do every week. [00:18:10] Wesley Faulkner: If you want to stay abreast about the progress take a look in at. Our GitHub and look at what the process we're working and fostering. And also just, if you have input jump into one of these calls and just talk to the people who are championing these directly. [00:18:26] PJ Haggerty: Or at the very least jump in the discord and see what the conversation is. [00:18:29] PJ Haggerty: Yep. I think there's a lot of good conversation going on over there as well. And with that, thank you for giving us space to talk about this. Enjoy the podcast? Please take a few moments to leave us a review on iTunes (https://itunes.apple.com/us/podcast/community-pulse/id1218368182?mt=2) and follow us on Spotify (https://open.spotify.com/show/3I7g5W9fMSgpWu38zZMjet?si=eb528c7de12b4d7a&nd=1&dlsi=b0c85248dabc48ce), or leave a review on one of the other many podcasting sites that we're on! Your support means a lot to us and helps us continue to produce episodes every month. Like all things Community, this too takes a village. Artwork photo by Ramin Khatibi on Unsplash.

Falco, an open-source runtime observability and security tool, was created by Sysdig founder Loris Degioanni to collect real-time system events directly from the kernel. Leveraging eBPF technology for improved safety and performance, Falco gathers data like pod names and namespaces, correlating them with customizable rules. Unlike static analysis tools, it operates in real-time, monitoring events as they occur. In this episode of The New Stack Makers, TNS Editor-in-Chief, Heather Joslyn spoke with Thomas Labarussias, Senior Developer Advocate at Sysdig, Leonardo Grasso, Open Source Tech Lead Manager at Sysdig and Luca Guerra, Sr. Open Source Engineer at Sysdig to get the latest update on Falco. Graduating from the Cloud Native Computing Foundation (CNCF) in February 2023 after entering its sandbox six years prior, Falco's maintainers have focused on technical maturity and broad usability. This includes simplifying installations across diverse environments, thanks in part to advancements from the Linux Foundation.Looking ahead, the team is enhancing core functionalities, including more customizable rules and alert formats. A key innovation is Falco Talon, introduced in September 2023, which provides a no-code response engine to link alerts with real-time remediation actions. Talon addresses a longstanding gap in automating responses within the Falco ecosystem, advancing its capabilities for runtime security.Learn more from The New Stack about Falco:Falco Is a CNCF Graduate. Now What?Falco Plugins Bring New Data Sources to Real-Time SecurityeBPF Tools: An Overview of Falco, Inspektor Gadget, Hubble and CiliumJoin our community of newsletter subscribers to stay on top of the news and at the top of your game.

Brian Douglas is the founder and CEO of Open Sauced where he works on increasing the knowledge and insights of open-source communities. In the past he's lead Developer Advocacy at GitHub by fostering a community of early adopters through content creation showcasing the newest Github features. Open Sauced just joined the Linux Foundation and we learn how and why that move happened on this episode!https://opensauced.pizza/blog/bridging-the-gap-organizational-insights

In this episode, Katherine speaks with Nick Vidal, Community Manager at the Open Source Initiative (OSI), about his role and the organization's work in defining open source AI. Nick shares insights into the challenges and discussions surrounding AI, software licenses, and the necessity for clear definitions and community consensus. He also elaborates on the Clearly Defined project aimed at securing the software supply chain and the importance of community feedback in evolving the OSI's stance on open source AI. 00:00 Introduction and Guest Introduction 00:37 Nick Vidal's Role at OSI 01:04 Community Involvement and Challenges 03:43 Defining Open Source AI 06:21 Handling Feedback and Criticism 13:14 Overview of Open Source AI Definition 16:16 Future Plans and Community Involvement 18:09 Closing Remarks and Invitation to Join   Resources: The Open Source AI Definition   Guest: Nick Vidal is Community Manager at the Open Source Initiative and former Outreach Chair at the Confidential Computing Consortium from the Linux Foundation. Previously, he was the Director of Community and Business Development at the Open Source Initiative and Director of Americas at the Open Invention Network.  

Bret is joined by Mumshad Mannambeth and Vijin Palazhi of KodeKloud for Q&A on what we should be studying and certifying for in 2025. 

Leveraging AI for Software Supply Chain Security with Sudhir Prasad, Director of Product Management, Red Hat | OS in Finance Podcast In this episode of the FINOS podcast, Grizz Griswold interviews Sudhir Prasad, Director of Product Management at Red Hat, about the critical role of AI in enhancing software supply chain security. They delve into important topics such as leveraging AI for supply chain security, the transparency and provenance of AI models, and the challenges of integrating open-source solutions. Sudhir shares his journey from a developer to a product management leader and discusses best practices for ensuring software integrity, unburdening developers, and the importance of regulatory compliance. Tune in to gain valuable perspectives on the evolving landscape of software security and AI. 00:00 Introduction to AI in Software Supply Chain Security 01:01 Meet Sudhir Prasad from Red Hat 01:38 Sudhir's Journey from Developer to Product Manager 05:19 The Importance of Open Source in Software Development 07:32 Challenges and Solutions in Software Supply Chain Security 20:04 Leveraging AI for Software Supply Chain Security 22:49 Daily Work and Future Directions at Red Hat 35:00 Conclusion and Final Thoughts Sudhir Prasad: https://www.linkedin.com/in/sudhirprasad/ Red Hat: https://www.redhat.com/en/solutions/financial-services Grizz Griswold: https://www.linkedin.com/in/aarongriswold/ Find more info about FINOS: On the web: https://www.finos.org/ Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletter LinkedIn: https://www.linkedin.com/company/finosfoundation/ Twitter: https://twitter.com/FINOSFoundation About FINOS FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

Max Fateev, CTO and Co-Founder of Temporal on Durable Execution & Open Source Innovation | Open Source in Finance Podcast In this episode of the FINOS podcast, Grizz Griswold interviews Max, the Co-Founder and CTO of Temporal, which is a new member of FINOS. They delve into the concept of durable execution, a groundbreaking approach that allows processes to persist despite system failures, significantly improving developer productivity and resiliency. Max shares his extensive journey, from his early days at Amazon to co-founding Temporal, and the insights gained along the way. The discussion also explores the open-source model, the importance of security in financial services, and how Temporal's technology is revolutionizing the industry. Tune in to learn about the challenges and triumphs of building and managing a tech company, especially in the open-source ecosystem. 00:00 Introduction to Business Logic Simplification 01:01 Welcome and Guest Introduction 01:46 Max's Career Journey 04:11 Building Temporal and Its Evolution 06:13 Challenges and Successes in Open Source 07:33 Managing People vs. Technology 13:20 Durable Execution Explained 17:55 Temporal's Impact on Financial Services 23:01 Open Source Security and Business Model 27:38 Upcoming Events and Future of Open Source in Finance 32:09 Closing Remarks Max Fateev: https://www.linkedin.com/in/fateev/ Temporal: https://temporal.io/ Find more info about FINOS: On the web: https://www.finos.org/ Twitter: https://twitter.com/FINOSFoundation LinkedIn: https://www.linkedin.com/company/finosfoundation/ 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletter About FINOS FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

Join us when we continue to talk with our guest John Mertic and find out everything that is going on at the Linux Foundation! Find more information about the projects at https://www.openapis.org/, https://www.aswf.io/summer-learning-program/ and https://www.theregister.com/2024/11/01/aswf_foss_oscars/ Please use the Contact Form on this blog or our twitter feed to send us your questions, or to suggest future episode topics you would like us to cover.

At All Things Open in October, Anandhi Bumstead, AWS's director of software engineering, highlighted OpenSearch's journey and the advantages of the Linux Foundation's stewardship. OpenSearch, an open source data ingestion and analytics engine, was transferred by Amazon Web Services (AWS) to the Linux Foundation in September 2024, seeking neutral governance and broader community collaboration. Originally forked from Elasticsearch after a licensing change in 2021, OpenSearch has evolved into a versatile platform likened to a “Swiss Army knife” for its broad use cases, including observability, log and security analytics, alert detection, and semantic and hybrid search, particularly in generative AI applications.Despite criticism over slower indexing speeds compared to Elasticsearch, significant performance improvements have been made. The latest release, OpenSearch 2.17, delivers 6.5x faster query performance and a 25% indexing improvement due to segment replication. Future efforts aim to enhance indexing, search, storage, and vector capabilities while optimizing costs and efficiency. Contributions are welcomed via opensearch.org.Learn more from The New Stack about deploying applications on OpenSearchAWS Transfers OpenSearch to the Linux FoundationFrom Flashpoint to Foundation: OpenSearch's Path ClearsSemantic Search with Amazon OpenSearch Serverless and TitanJoin our community of newsletter subscribers to stay on top of the news and at the top of your game. 

In this episode of the FINOS podcast, Grizz Griswold interviews Cole Kennedy, founder and CEO of TestifySec. Explore the importance of compliance in AI and DevOps, especially within highly regulated industries like financial services and defense. Learn about the challenges of data governance in AI models, the necessity of tracking and verifying compliance processes, and how the In-toto project offers a framework for cryptographic validation. Cole shares insights from his diverse journey, including his military background, engineering pursuits, and the inception of TestifySec. Discover the future of AI compliance and the role of open source in driving innovation. 00:00 Introduction to AI Model Compliance 00:52 Meet Cole Kennedy: Founder and CEO of TestifySec 03:01 Cole's Journey from Military to Tech 06:00 Challenges in High Compliance Environments 10:45 The Birth of TestifySec 14:40 AI and Compliance in Financial Services 22:35 Future of AI in High Compliance Industries 26:35 Conclusion and Final Thoughts Cole Kennedy: https://www.linkedin.com/in/thecolekennedy/ Scott Logic: https://testifysec.com/ in-toto: https://in-toto.io/ Find more info about FINOS: On the web: https://www.finos.org/ Twitter: https://twitter.com/FINOSFoundation LinkedIn: https://www.linkedin.com/company/finosfoundation/ 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletter About FINOS FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

Civil infrastructure you say? With Open Source? Really? Well, yes, really! It's happening and happening right now. Join us when we talk with our guest John Mertic and find out all about this recent project by the Linux Foundation! Find more information about the project at https://www.cip-project.org/ Please use the Contact Form on this blog or our twitter feed to send us your questions, or to suggest future episode topics you would like us to cover.

Exploring AI, Cybersecurity, and Open Source with Chris Lindsey from Mend.io In this episode of the FINOS podcast, Grizz Griswold interviews Chris Lindsey, a Security Evangelist from Mend.io. They discuss the intersection of AI, cybersecurity, and open-source software. Chris shares his extensive experience in software development and application security, providing insights into secure coding practices, the critical role of open source in development, and practical approaches to managing AI technology within highly regulated industries. Tune in to learn about the challenges and strategies in the evolving landscape of AI and cybersecurity. 00:00 Introduction to AI and Security 01:07 Meet Chris Lindsey of Mend.io 02:34 Chris Lindsey's Origin Story 04:39 Challenges in Secure Software Development 07:00 Open Source Security Concerns 15:28 AI in Code Reviews and Security 20:09 The Role of AI in Cybersecurity 29:25 About Mend.io and Its Tools 32:18 Final Thoughts and Future Discussions Chris Lindsey: https://www.linkedin.com/in/chris-lindsey-39b3915/ Mend.io: https://www.mend.io/ Grizz's Info | ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/aarongriswold/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ | ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠grizz@finos.org⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Find more info about FINOS: On the web: https://www.finos.org/ Twitter: https://twitter.com/FINOSFoundation LinkedIn: https://www.linkedin.com/company/finosfoundation/ 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletter About FINOS FINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

This week we muse on upcoming Raspberry Pi products, prompted by confirmation from Ubuntu that the CM5 is imminent. Then Torvalds has thought on Rust in Linux, Wind River has thoughts on Red Hat, and AWS gives OpenSearch away. Don't miss the non-update on Wireguard, the DirectX surprise, and the long-awaited merge of the Real Time Linux patches! For tips we have Mapscii, a Github hack for self-hosted runners, glances, and udisksctl. Catch the show notes at https://bit.ly/4esXYSC and enjoy! Host: Jonathan Bennett Co-Hosts: Rob Campbell, Ken McDonald, and David Ruggles Want access to the video version and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

This week, we discuss IBM acquiring Kubecost, AWS moving OpenSearch to the Linux Foundation, and Amazon employees heading back to the office. Plus, some thoughts on what it means to be in "employee mode." Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=aWj5n7LWCdk) 485 (https://www.youtube.com/watch?v=aWj5n7LWCdk) Runner-up Titles That's a good looking setup there Feels like sweatpants London's busy, Amsterdam's laid back AIFinOps Mission Bankruptcy The settings page is more than 1 page Don't get turned into hamburger, that's the goal Feature checkbox acquisition. Employee Mode Using people as a whiteboard. Work on smarter things, not dumber things. Rundown Announcing Kubecost's Acquisition by IBM! (https://blog.kubecost.com/blog/ibm-acquisition-announcement/) AWS hands OpenSearch to the Linux Foundation (https://www.infoworld.com/article/3520875/aws-hands-opensearch-to-the-linux-foundation.html?utm_medium=social&utm_content=content&utm_campaign=organic&utm_source=twitter) Update from Amazon CEO Andy Jassy on return-to-office plans and manager team ratio (https://www.aboutamazon.com/news/company-news/ceo-andy-jassy-latest-update-on-amazon-return-to-office-manager-team-ratio) JPMorgan creates new role overseeing junior bankers as Wall Street wrestles with workload concerns (https://www.cnbc.com/2024/09/18/jpmorgan-investment-bank-creates-new-role-overseeing-junior-bankers.html) Relevant to your Interests OpenAI Fundraising Set to Vault Startup's Value to $150 Billion (https://www.bloomberg.com/news/articles/2024-09-11/openai-fundraising-set-to-vault-startup-s-value-to-150-billion) Lyft CEO keeps it real on his stock price compared to Uber (https://finance.yahoo.com/news/lyft-ceo-keeps-it-real-on-his-stock-price-compared-to-uber-230146967.html) We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI (https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/) How China has ‘throttled' its private sector (https://www.ft.com/content/1e9e7544-974c-4662-a901-d30c4ab56eb7) Wall Street Curbs Young Bankers' Hours After Overwork Outcry (https://www.wsj.com/finance/banking/bank-america-jpmorgan-overtime-work-hours-f9f204a7) Unity is Canceling the Runtime Fee (https://unity.com/blog/unity-is-canceling-the-runtime-fee) Intel Awarded up to $3B by the Biden-Harris Administration (https://www.intel.com/content/www/us/en/newsroom/news/2024-intel-news.html) Free 'JavaScript' from Legal Clutches of Oracle, Devs Petition (https://thenewstack.io/free-javascript-from-legal-clutches-of-oracle-devs-petition/) Instagram makes teen accounts private by default (https://www.platformer.news/instagram-teen-accounts-private-default-daily-limit/?ref=platformer-newsletter) Cisco's second layoff of 2024 affects thousands of employees (https://techcrunch.com/2024/09/17/ciscos-second-layoff-of-2024-affect-thousands-of-employees/) Call For Proposals (CFP) | LF Events (https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/program/cfp/) Londoners will soon see drones ferrying blood between hospitals (https://techcrunch.com/2024/09/17/londoners-will-soon-see-drones-ferrying-blood-between-hospitals/) Nonsense Polishing Cloth (https://www.apple.com/shop/product/MW693AM/A/polishing-cloth) United Airlines is adding free Starlink Wi-Fi to all of its planes (https://www.theverge.com/2024/9/13/24243594/united-airlines-free-starlink-wi-fi-connectivity) Founder mode, baby #tech #founder #foundermode (https://www.tiktok.com/t/ZTFFRvSv1/) Chipotle's New Guac Robots Can Peel Your Avocados in 26 Seconds (https://www.bloomberg.com/news/articles/2024-09-16/chipotle-cmg-robots-for-guac-and-bowls-are-ready-for-brisket-season) LinkedIn Roaster - Brutal honesty for your profile (https://liroast.web.app/) SpaceX Starlink has 2,500 airplanes under contract after United megadeal, director says (https://www.cnbc.com/2024/09/17/spacexs-starlink-has-2500-aircraft-under-contract.html) Passport renewals go digital to ease wait times for American travelers (https://www.axios.com/2024/09/18/online-passport-renewal-us-travelers?utm_campaign=editorial&utm_medium=social&utm_source=twitter) Conferences Cloud Foundry Day EU (https://events.linuxfoundation.org/cloud-foundry-day-europe/), Karlsruhe, GER, Oct 9, 2024, 20% off with code CFEU24VMW. VMware Explore Barcelona (https://www.vmware.com/explore/eu), Nov 4-7, 2024. Coté speaking. SREday Amsterdam (https://sreday.com/2024-amsterdam/), Nov 21, 2024. Coté speaking (https://sreday.com/2024-amsterdam/Michael_Cote_VMwarePivotal_We_Fear_Change), 20% off with code SRE20DAY. DevOpsDayLA (https://www.socallinuxexpo.org/scale/22x/events/devopsday-la) at SCALE22x (https://www.socallinuxexpo.org/scale/22x), March 6-9, 2025, discount code DEVOP SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: iPhone Mirroring: Use your iPhone from your Mac (https://support.apple.com/en-us/120421) Matt: NSW Electoral Commission (https://vtr.elections.nsw.gov.au/LG2401) Coté: Code to Production: From Cloud to DevOps to Platform Engineering, with Purnima Padmanabhan (https://www.tanzutalk.com/e/purnima-career/) Photo Credits Header (https://unsplash.com/photos/aerial-view-photography-of-the-city-Dymu1WiZVko) Artwork (https://unsplash.com/photos/end-sign-on-beige-sand-TgjSku4-g6Q)