Podcasts about Linux Foundation

Non-profit technology consortium to develop the Linux operating system

  • 371PODCASTS
  • 937EPISODES
  • 42mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Oct 6, 2025LATEST
Linux Foundation

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about Linux Foundation

Show all podcasts related to linux foundation

Latest podcast episodes about Linux Foundation

All TWiT.tv Shows (MP3)
Untitled Linux Show 223: Doing What Windows Never Could

All TWiT.tv Shows (MP3)

Play Episode Listen Later Oct 6, 2025 117:31


Torvalds is ranting about Rust, Google slightly walks back their developer verification plans, and Alpine Linux is moving to a user-merged filesystem. Bcachefs releases DKMS packages, Red Hat has an NDA with Nvidia, and Curl gets a genuinely awesome AI-powered bug report. For tips we cover the Raspberry Pi imager built right into Pi firmware, Immich for storing and organizing photos, and a WirePlumber logging how-to. You can find the show notes at https://bit.ly/3IuVnNV and enjoy! Host: Jonathan Bennett Co-Hosts: Ken McDonald and Jeff Massie Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

All TWiT.tv Shows (Video LO)
Untitled Linux Show 223: Doing What Windows Never Could

All TWiT.tv Shows (Video LO)

Play Episode Listen Later Oct 6, 2025 117:31


Torvalds is ranting about Rust, Google slightly walks back their developer verification plans, and Alpine Linux is moving to a user-merged filesystem. Bcachefs releases DKMS packages, Red Hat has an NDA with Nvidia, and Curl gets a genuinely awesome AI-powered bug report. For tips we cover the Raspberry Pi imager built right into Pi firmware, Immich for storing and organizing photos, and a WirePlumber logging how-to. You can find the show notes at https://bit.ly/3IuVnNV and enjoy! Host: Jonathan Bennett Co-Hosts: Ken McDonald and Jeff Massie Download or subscribe to Untitled Linux Show at https://twit.tv/shows/untitled-linux-show Want access to the ad-free video and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

Developer Voices
Getting New Technology Adopted (with Dov Katz)

Developer Voices

Play Episode Listen Later Sep 24, 2025 65:15


Getting new technology adopted in a large organization can feel like pushing water uphill. The best tools in the world are useless if we're not allowed to use them, and as companies grow, their habits turn into inertia, then into "the way we've always done things." So how do you break through that resistance and get meaningful change to happen?This week's guest is Dov Katz from Morgan Stanley, who specializes in exactly this challenge - driving developer productivity and getting new practices adopted across thousands of developers. We explore the art of organizational change from every angle: How do you get management buy-in? How do you build grassroots developer enthusiasm? When should you use deterministic tools like OpenRewrite versus AI-powered solutions? And what role does open source play in breaking down the walls between competing financial institutions?Whether you're trying to modernize a legacy codebase, reduce technical debt, or just get your team to try that promising new tool you've discovered, this conversation offers practical strategies for navigating the complex dynamics of enterprise software development. Because sometimes the hardest part of our job isn't writing code - it's getting permission to write better code.---Support Developer Voices on Patreon: https://patreon.com/DeveloperVoicesSupport Developer Voices on YouTube: https://www.youtube.com/@DeveloperVoices/joinMorgan Stanley: https://www.morganstanley.com/OpenRewrite: https://docs.openrewrite.org/Spring Framework: https://spring.io/Spring Integration: https://spring.io/projects/spring-integrationApache Camel: https://camel.apache.org/FINOS (FinTech Open Source Foundation): https://www.finos.org/Linux Foundation: https://www.linuxfoundation.org/Moderne (Code Remix conference organizers): https://www.moderne.io/Code Remix Conference: https://www.moderne.io/eventsKris on Bluesky: https://bsky.app/profile/krisajenkins.bsky.socialKris on Mastodon: http://mastodon.social/@krisajenkinsKris on LinkedIn: https://www.linkedin.com/in/krisjenkins/

Revenue Engine Podcast
How Community-Led Marketing Drives Sustainable B2B SaaS Growth With Derek Weeks

Revenue Engine Podcast

Play Episode Listen Later Sep 19, 2025 47:01


Derek Weeks is the Chief Marketing Officer at Katalon, a company that provides an AI-augmented software quality management platform for automating testing and improving software development workflows. He brings over 30 years of marketing experience, including leadership roles at Sonatype and the Linux Foundation. Derek co-founded All Day DevOps and has pioneered efforts in open-source software supply chain security. He is also the author of Unfair Mindshare: A CMO's Guide to Community-Led Marketing in a Product-Led World.  In this episode… Building a loyal audience is harder than ever in the crowded B2B SaaS landscape. Traditional marketing tactics can struggle to break through, and customer acquisition costs continue to rise. How can companies create authentic connections that lead to long-term growth? According to Derek Weeks, a seasoned marketing leader and pioneer in community-led strategies, the answer is to put audience needs first and consistently provide value before selling anything. He highlights that trust is earned by creating spaces where people can learn, share, and engage without feeling pitched. By leveraging user-generated content and empowering practitioners to create authentic conversations, he has seen communities grow to hundreds of thousands of members. In this episode of the Revenue Engine Podcast, host Alex Gluz sits down with Derek Weeks, Chief Marketing Officer at Katalon, to discuss how community-led marketing drives sustainable B2B SaaS growth. They explore strategies to scale a product community from 60,000 to 117,000 members, why user-generated content lowers acquisition costs, and how to adapt content for the age of LLM search. Derek also shares lessons from building the All Day DevOps community and keeping audiences engaged over time.

De Nederlandse Kubernetes Podcast
#111 Beyond Orchestration: CNCF's Past, Present and Future

De Nederlandse Kubernetes Podcast

Play Episode Listen Later Sep 16, 2025 27:01


In this 11th episode of the 100th-episode series, we speak with Chris Aniszczyk, CTO at the Cloud Native Computing Foundation and the Linux Foundation. He reflects on ten years of CNCF and explains how the community has continually adapted to the needs of its users: from the arrival of Prometheus and containerd, to GitOps tools like Flux and Argo, and the rise of OpenTelemetry as the standard for observability.Chris explains that Kubernetes is much more than just a container orchestrator. Thanks to extensions and CRDs, it is increasingly seen as the “Linux of the cloud” — a generic infrastructure layer on which you can run not only containers but also VMs, databases, and even AI workloads.We discuss the challenges around stateful workloads, the role of projects like Vitess and CloudNativePG, and how Kubernetes is maturing in supporting complex scenarios. We also touch on the future: serverless patterns, better resource optimization, and the growing interconnection between cloud native and AI.---------In deze 11e aflevering in de 100e aflevering-reeks spreken we met Chris Aniszczyk, CTO bij de Cloud Native Computing Foundation en de Linux Foundation. Hij blikt terug op tien jaar CNCF en vertelt hoe de community zich steeds opnieuw heeft aangepast aan de behoeften van gebruikers: van de komst van Prometheus en containerd, tot GitOps-tools als Flux en Argo, en de opmars van OpenTelemetry als dé standaard voor observability.Chris legt uit dat Kubernetes veel meer is dan een container orchestrator. Dankzij extensies en CRD's wordt het steeds vaker gezien als de “Linux van de cloud” – een generieke infrastructuurlaag waarop je naast containers ook VM's, databases en zelfs AI-workloads kunt draaien.We bespreken de uitdagingen rond stateful workloads, de rol van projecten als Vitess en CloudNativePG, en hoe Kubernetes volwassen wordt in het ondersteunen van complexe scenario's. Ook komt de toekomst aan bod: serverless patronen, betere resource-optimalisatie en de steeds hechtere verwevenheid tussen cloud native en AI.Stuur ons een bericht.ACC ICT Specialist in IT-CONTINUÏTEIT Bedrijfskritische applicaties én data veilig beschikbaar, onafhankelijk van derden, altijd en overalSupport the showLike and subscribe! It helps out a lot.You can also find us on:De Nederlandse Kubernetes Podcast - YouTubeNederlandse Kubernetes Podcast (@k8spodcast.nl) | TikTokDe Nederlandse Kubernetes PodcastWhere can you meet us:EventsThis Podcast is powered by:ACC ICT - IT-Continuïteit voor Bedrijfskritische Applicaties | ACC ICT

Les Cast Codeurs Podcast
LCC 330 - Nano banana l'AI de Julia

Les Cast Codeurs Podcast

Play Episode Listen Later Sep 15, 2025 108:38


Katia, Emmanuel et Guillaume discutent Java, Kotlin, Quarkus, Hibernate, Spring Boot 4, intelligence artificielle (modèles Nano Banana, VO3, frameworks agentiques, embedding). On discute les vulnerabilités OWASP pour les LLMs, les personalités de codage des différents modèles, Podman vs Docker, comment moderniser des projets legacy. Mais surtout on a passé du temps sur les présentations de Luc Julia et les différents contre points qui ont fait le buzz sur les réseaux. Enregistré le 12 septembre 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-330.mp3 ou en vidéo sur YouTube. News Langages Dans cette vidéo, José détaille les nouveautés de Java entre Java 21 et 25 https://inside.java/2025/08/31/roadto25-java-language/ Aperçu des nouveautés du JDK 25 : Introduction des nouvelles fonctionnalités du langage Java et des changements à venir [00:02]. Programmation orientée données et Pattern Matching [00:43] : Évolution du “pattern matching” pour la déconstruction des “records” [01:22]. Utilisation des “sealed types” dans les expressions switch pour améliorer la lisibilité et la robustesse du code [01:47]. Introduction des “unnamed patterns” (_) pour indiquer qu'une variable n'est pas utilisée [04:47]. Support des types primitifs dans instanceof et switch (en preview) [14:02]. Conception d'applications Java [00:52] : Simplification de la méthode main [21:31]. Exécution directe des fichiers .java sans compilation explicite [22:46]. Amélioration des mécanismes d'importation [23:41]. Utilisation de la syntaxe Markdown dans la Javadoc [27:46]. Immuabilité et valeurs nulles [01:08] : Problème d'observation de champs final à null pendant la construction d'un objet [28:44]. JEP 513 pour contrôler l'appel à super() et restreindre l'usage de this dans les constructeurs [33:29]. JDK 25 sort le 16 septembre https://openjdk.org/projects/jdk/25/ Scoped Values (JEP 505) - alternative plus efficace aux ThreadLocal pour partager des données immutables entre threads Structured Concurrency (JEP 506) - traiter des groupes de tâches concurrentes comme une seule unité de travail, simplifiant la gestion des threads Compact Object Headers (JEP 519) - Fonctionnalité finale qui réduit de 50% la taille des en-têtes d'objets (de 128 à 64 bits), économisant jusqu'à 22% de mémoire heap Flexible Constructor Bodies (JEP 513) - Relaxation des restrictions sur les constructeurs, permettant du code avant l'appel super() ou this() Module Import Declarations (JEP 511) - Import simplifié permettant d'importer tous les éléments publics d'un module en une seule déclaration Compact Source Files (JEP 512) - Simplification des programmes Java basiques avec des méthodes main d'instance sans classe wrapper obligatoire Primitive Types in Patterns (JEP 455) - Troisième preview étendant le pattern matching et instanceof aux types primitifs dans switch et instanceof Generational Shenandoah (JEP 521) - Le garbage collector Shenandoah passe en mode générationnel pour de meilleures performances JFR Method Timing & Tracing (JEP 520) - Nouvel outillage de profilage pour mesurer le temps d'exécution et tracer les appels de méthodes Key Derivation API (JEP 510) - API finale pour les fonctions de dérivation de clés cryptographiques, remplaçant les implémentations tierces Améliorations du traitement des annotations dans Kotlin 2.2 https://blog.jetbrains.com/idea/2025/09/improved-annotation-handling-in-kotlin-2-2-less-boilerplate-fewer-surprises/ Avant Kotlin 2.2, les annotations sur les paramètres de constructeur n'étaient appliquées qu'au paramètre, pas à la propriété ou au champ Cela causait des bugs subtils avec Spring et JPA où la validation ne fonctionnait qu'à la création d'objet, pas lors des mises à jour La solution précédente nécessitait d'utiliser explicitement @field: pour chaque annotation, créant du code verbeux Kotlin 2.2 introduit un nouveau comportement par défaut qui applique les annotations aux paramètres ET aux propriétés/champs automatiquement Le code devient plus propre sans avoir besoin de syntaxe @field: répétitive Pour l'activer, ajouter -Xannotation-default-target=param-property dans les options du compilateur Gradle IntelliJ IDEA propose un quick-fix pour activer ce comportement à l'échelle du projet Cette amélioration rend l'intégration Kotlin plus fluide avec les frameworks majeurs comme Spring et JPA Le comportement peut être configuré pour garder l'ancien mode ou activer un mode transitoire avec avertissements Cette mise à jour fait partie d'une initiative plus large pour améliorer l'expérience Kotlin + Spring Librairies Sortie de Quarkus 3.26 avec mises à jour d'Hibernate et autres fonctionnalités - https://quarkus.io/blog/quarkus-3-26-released/ mettez à jour vers la 3.26.x car il y a eu une regression vert.x Jalon important vers la version LTS 3.27 prévue fin septembre, basée sur cette version Mise à jour vers Hibernate ORM 7.1, Hibernate Search 8.1 et Hibernate Reactive 3.1 Support des unités de persistance nommées et sources de données dans Hibernate Reactive Démarrage hors ligne et configuration de dialecte pour Hibernate ORM même si la base n'est pas accessible Refonte de la console HQL dans Dev UI avec fonctionnalité Hibernate Assistant intégrée Exposition des capacités Dev UI comme fonctions MCP pour pilotage via outils IA Rafraîchissement automatique des tokens OIDC en cas de réponse 401 des clients REST Extension JFR pour capturer les données runtime (nom app, version, extensions actives) Bump de Gradle vers la version 9.0 par défaut, suppression du support des classes config legacy Guide de démarrage avec Quarkus et A2A Java SDK 0.3.0 (pour faire discuter des agents IA avec la dernière version du protocole A2A) https://quarkus.io/blog/quarkus-a2a-java-0-3-0-alpha-release/ Sortie de l'A2A Java SDK 0.3.0.Alpha1, aligné avec la spécification A2A v0.3.0. Protocole A2A : standard ouvert (Linux Foundation), permet la communication inter-agents IA polyglottes. Version 0.3.0 plus stable, introduit le support gRPC. Mises à jour générales : changements significatifs, expérience utilisateur améliorée (côté client et serveur). Agents serveur A2A : Support gRPC ajouté (en plus de JSON-RPC). HTTP+JSON/REST à venir. Implémentations basées sur Quarkus (alternatives Jakarta existent). Dépendances spécifiques pour chaque transport (ex: a2a-java-sdk-reference-jsonrpc, a2a-java-sdk-reference-grpc). AgentCard : décrit les capacités de l'agent. Doit spécifier le point d'accès primaire et tous les transports supportés (additionalInterfaces). Clients A2A : Dépendance principale : a2a-java-sdk-client. Support gRPC ajouté (en plus de JSON-RPC). HTTP+JSON/REST à venir. Dépendance spécifique pour gRPC : a2a-java-sdk-client-transport-grpc. Création de client : via ClientBuilder. Sélectionne automatiquement le transport selon l'AgentCard et la configuration client. Permet de spécifier les transports supportés par le client (withTransport). Comment générer et éditer des images en Java avec Nano Banana, le “photoshop killer” de Google https://glaforge.dev/posts/2025/09/09/calling-nano-banana-from-java/ Objectif : Intégrer le modèle Nano Banana (Gemini 2.5 Flash Image preview) dans des applications Java. SDK utilisé : GenAI Java SDK de Google. Compatibilité : Supporté par ADK for Java ; pas encore par LangChain4j (limitation de multimodalité de sortie). Capacités de Nano Banana : Créer de nouvelles images. Modifier des images existantes. Assembler plusieurs images. Mise en œuvre Java : Quelle dépendance utiliser Comment s'authentifier Comment configurer le modèle Nature du modèle : Nano Banana est un modèle de chat qui peut retourner du texte et une image (pas simplement juste un modèle générateur d'image) Exemples d'utilisation : Création : Via un simple prompt textuel. Modification : En passant l'image existante (tableau de bytes) et les instructions de modification (prompt). Assemblage : En passant plusieurs images (en bytes) et les instructions d'intégration (prompt). Message clé : Toutes ces fonctionnalités sont accessibles en Java, sans nécessiter Python. Générer des vidéos IA avec le modèle Veo 3, mais en Java ! https://glaforge.dev/posts/2025/09/10/generating-videos-in-java-with-veo3/ Génération de vidéos en Java avec Veo 3 (via le GenAI Java SDK de Google). Veo 3: Annoncé comme GA, prix réduits, support du format 9:16, résolution jusqu'à 1080p. Création de vidéos : À partir d'une invite textuelle (prompt). À partir d'une image existante. Deux versions différentes du modèle : veo-3.0-generate-001 (qualité supérieure, plus coûteux, plus lent). veo-3.0-fast-generate-001 (qualité inférieure, moins coûteux, mais plus rapide). Rod Johnson sur ecrire des aplication agentic en Java plus facilement qu'en python avec Embabel https://medium.com/@springrod/you-can-build-better-ai-agents-in-java-than-python-868eaf008493 Rod the papa de Spring réécrit un exemple CrewAI (Python) qui génère un livre en utilisant Embabel (Java) pour démontrer la supériorité de Java L'application utilise plusieurs agents AI spécialisés : un chercheur, un planificateur de livre et des rédacteurs de chapitres Le processus suit trois étapes : recherche du sujet, création du plan, rédaction parallèle des chapitres puis assemblage CrewAI souffre de plusieurs problèmes : configuration lourde, manque de type safety, utilisation de clés magiques dans les prompts La version Embabel nécessite moins de code Java que l'original Python et moins de fichiers de configuration YAML Embabel apporte la type safety complète, éliminant les erreurs de frappe dans les prompts et améliorant l'outillage IDE La gestion de la concurrence est mieux contrôlée en Java pour éviter les limites de débit des APIs LLM L'intégration avec Spring permet une configuration externe simple des modèles LLM et hyperparamètres Le planificateur Embabel détermine automatiquement l'ordre d'exécution des actions basé sur leurs types requis L'argument principal : l'écosystème JVM offre un meilleur modèle de programmation et accès à la logique métier existante que Python Il y a pas mal de nouveaux framework agentic en Java, notamment le dernier LAngchain4j Agentic Spring lance un serie de blog posts sur les nouveautés de Spring Boot 4 https://spring.io/blog/2025/09/02/road_to_ga_introduction baseline JDK 17 mais rebase sur Jakarta 11 Kotlin 2, Jackson 3 et JUnit 6 Fonctionnalités de résilience principales de Spring : @ConcurrencyLimit, @Retryable, RetryTemplate Versioning d'API dans Spring Améliorations du client de service HTTP L'état des clients HTTP dans Spring Introduction du support Jackson 3 dans Spring Consommateur partagé - les queues Kafka dans Spring Kafka Modularisation de Spring Boot Autorisation progressive dans Spring Security Spring gRPC - un nouveau module Spring Boot Applications null-safe avec Spring Boot 4 OpenTelemetry avec Spring Boot Repos Ahead of Time (Partie 2) Web Faire de la recherche sémantique directement dans le navigateur en local, avec EmbeddingGemma et Transformers.js https://glaforge.dev/posts/2025/09/08/in-browser-semantic-search-with-embeddinggemma/ EmbeddingGemma: Nouveau modèle d'embedding (308M paramètres) de Google DeepMind. Objectif: Permettre la recherche sémantique directement dans le navigateur. Avantages clés de l'IA côté client: Confidentialité: Aucune donnée envoyée à un serveur. Coûts réduits: Pas besoin de serveurs coûteux (GPU), hébergement statique. Faible latence: Traitement instantané sans allers-retours réseau. Fonctionnement hors ligne: Possible après le chargement initial du modèle. Technologie principale: Modèle: EmbeddingGemma (petit, performant, multilingue, support MRL pour réduire la taille des vecteurs). Moteur d'inférence: Transformers.js de HuggingFace (exécute les modèles AI en JavaScript dans le navigateur). Déploiement: Site statique avec Vite/React/Tailwind CSS, déployé sur Firebase Hosting via GitHub Actions. Gestion du modèle: Fichiers du modèle trop lourds pour Git; téléchargés depuis HuggingFace Hub pendant le CI/CD. Fonctionnement de l'app: Charge le modèle, génère des embeddings pour requêtes/documents, calcule la similarité sémantique. Conclusion: Démonstration d'une recherche sémantique privée, économique et sans serveur, soulignant le potentiel de l'IA embarquée dans le navigateur. Data et Intelligence Artificielle Docker lance Cagent, une sorte de framework multi-agent IA utilisant des LLMs externes, des modèles de Docker Model Runner, avec le Docker MCP Tookit. Il propose un format YAML pour décrire les agents d'un système multi-agents. https://github.com/docker/cagent des agents “prompt driven” (pas de code) et une structure pour decrire comment ils sont deployés pas clair comment ils sont appelés a part dans la ligne de commande de cagent fait par david gageot L'owasp décrit l'independance excessive des LLM comme une vulnerabilité https://genai.owasp.org/llmrisk2023-24/llm08-excessive-agency/ L'agence excessive désigne la vulnérabilité qui permet aux systèmes LLM d'effectuer des actions dommageables via des sorties inattendues ou ambiguës. Elle résulte de trois causes principales : fonctionnalités excessives, permissions excessives ou autonomie excessive des agents LLM. Les fonctionnalités excessives incluent l'accès à des plugins qui offrent plus de capacités que nécessaire, comme un plugin de lecture qui peut aussi modifier ou supprimer. Les permissions excessives se manifestent quand un plugin accède aux systèmes avec des droits trop élevés, par exemple un accès en lecture qui inclut aussi l'écriture. L'autonomie excessive survient quand le système effectue des actions critiques sans validation humaine préalable. Un scénario d'attaque typique : un assistant personnel avec accès email peut être manipulé par injection de prompt pour envoyer du spam via la boîte de l'utilisateur. La prévention implique de limiter strictement les plugins aux fonctions minimales nécessaires pour l'opération prévue. Il faut éviter les fonctions ouvertes comme “exécuter une commande shell” au profit d'outils plus granulaires et spécifiques. L'application du principe de moindre privilège est cruciale : chaque plugin doit avoir uniquement les permissions minimales requises. Le contrôle humain dans la boucle reste essentiel pour valider les actions à fort impact avant leur exécution. Lancement du MCP registry, une sorte de méta-annuaire officiel pour référencer les serveurs MCP https://www.marktechpost.com/2025/09/09/mcp-team-launches-the-preview-version-of-the-mcp-registry-a-federated-discovery-layer-for-enterprise-ai/ MCP Registry : Couche de découverte fédérée pour l'IA d'entreprise. Fonctionne comme le DNS pour le contexte de l'IA, permettant la découverte de serveurs MCP publics ou privés. Modèle fédéré : Évite les risques de sécurité et de conformité d'un registre monolithique. Permet des sous-registres privés tout en conservant une source de vérité “upstream”. Avantages entreprises : Découverte interne sécurisée. Gouvernance centralisée des serveurs externes. Réduction de la prolifération des contextes. Support pour les agents IA hybrides (données privées/publiques). Projet open source, actuellement en version preview. Blog post officiel : https://blog.modelcontextprotocol.io/posts/2025-09-08-mcp-registry-preview/ Exploration des internals du transaction log SQL Server https://debezium.io/blog/2025/09/08/sqlserver-tx-log/ C'est un article pour les rugeux qui veulent savoir comment SQLServer marche à l'interieur Debezium utilise actuellement les change tables de SQL Server CDC en polling périodique L'article explore la possibilité de parser directement le transaction log pour améliorer les performances Le transaction log est divisé en Virtual Log Files (VLFs) utilisés de manière circulaire Chaque VLF contient des blocs (512B à 60KB) qui contiennent les records de transactions Chaque record a un Log Sequence Number (LSN) unique pour l'identifier précisément Les données sont stockées dans des pages de 8KB avec header de 96 bytes et offset array Les tables sont organisées en partitions et allocation units pour gérer l'espace disque L'utilitaire DBCC permet d'explorer la structure interne des pages et leur contenu Cette compréhension pose les bases pour parser programmatiquement le transaction log dans un prochain article Outillage Les personalités des codeurs des différents LLMs https://www.sonarsource.com/blog/the-coding-personalities-of-leading-llms-gpt-5-update/ GPT-5 minimal ne détrône pas Claude Sonnet 4 comme leader en performance fonctionnelle malgré ses 75% de réussite GPT-5 génère un code extrêmement verbeux avec 490 000 lignes contre 370 000 pour Claude Sonnet 4 sur les mêmes tâches La complexité cyclomatique et cognitive du code GPT-5 est dramatiquement plus élevée que tous les autres modèles GPT-5 introduit 3,90 problèmes par tâche réussie contre seulement 2,11 pour Claude Sonnet 4 Point fort de GPT-5 : sécurité exceptionnelle avec seulement 0,12 vulnérabilité par 1000 lignes de code Faiblesse majeure : densité très élevée de “code smells” (25,28 par 1000 lignes) nuisant à la maintenabilité GPT-5 produit 12% de problèmes liés à la complexité cognitive, le taux le plus élevé de tous les modèles Tendance aux erreurs logiques fondamentales avec 24% de bugs de type “Control-flow mistake” Réapparition de vulnérabilités classiques comme les failles d'injection et de traversée de chemin Nécessité d'une gouvernance renforcée avec analyse statique obligatoire pour gérer la complexité du code généré Pourquoi j'ai abandonné Docker pour Podman https://codesmash.dev/why-i-ditched-docker-for-podman-and-you-should-too Problème Docker : Le daemon dockerd persistant s'exécute avec des privilèges root, posant des risques de sécurité (nombreuses CVEs citées) et consommant des ressources inutilement. Solution Podman : Sans Daemon : Pas de processus d'arrière-plan persistant. Les conteneurs s'exécutent comme des processus enfants de la commande Podman, sous les privilèges de l'utilisateur. Sécurité Renforcée : Réduction de la surface d'attaque. Une évasion de conteneur compromet un utilisateur non privilégié sur l'hôte, pas le système entier. Mode rootless. Fiabilité Accrue : Pas de point de défaillance unique ; le crash d'un conteneur n'affecte pas les autres. Moins de Ressources : Pas de daemon constamment actif, donc moins de mémoire et de CPU. Fonctionnalités Clés de Podman : Intégration Systemd : Génération automatique de fichiers d'unité systemd pour gérer les conteneurs comme des services Linux standards. Alignement Kubernetes : Support natif des pods et capacité à générer des fichiers Kubernetes YAML directement (podman generate kube), facilitant le développement local pour K8s. Philosophie Unix : Se concentre sur l'exécution des conteneurs, délègue les tâches spécialisées à des outils dédiés (ex: Buildah pour la construction d'images, Skopeo pour leur gestion). Migration Facile : CLI compatible Docker : podman utilise les mêmes commandes que docker (alias docker=podman fonctionne). Les Dockerfiles existants sont directement utilisables. Améliorations incluses : Sécurité par défaut (ports privilégiés en mode rootless), meilleure gestion des permissions de volume, API Docker compatible optionnelle. Option de convertir Docker Compose en Kubernetes YAML. Bénéfices en Production : Sécurité améliorée, utilisation plus propre des ressources. Podman représente une évolution plus sécurisée et mieux alignée avec les pratiques modernes de gestion Linux et de déploiement de conteneurs. Guide Pratique (Exemple FastAPI) : Le Dockerfile ne change pas. podman build et podman run remplacent directement les commandes Docker. Déploiement en production via Systemd. Gestion d'applications multi-services avec les “pods” Podman. Compatibilité Docker Compose via podman-compose ou kompose. Détection améliorée des APIs vulnérables dans les IDEs JetBrains et Qodana - https://blog.jetbrains.com/idea/2025/09/enhanced-vulnerable-api-detection-in-jetbrains-ides-and-qodana/ JetBrains s'associe avec Mend.io pour renforcer la sécurité du code dans leurs outils Le plugin Package Checker bénéficie de nouvelles données enrichies sur les APIs vulnérables Analyse des graphes d'appels pour couvrir plus de méthodes publiques des bibliothèques open-source Support de Java, Kotlin, C#, JavaScript, TypeScript et Python pour la détection de vulnérabilités Activation des inspections via Paramètres > Editor > Inspections en recherchant “Vulnerable API” Surlignage automatique des méthodes vulnérables avec détails des failles au survol Action contextuelle pour naviguer directement vers la déclaration de dépendance problématique Mise à jour automatique vers une version non affectée via Alt+Enter sur la dépendance Fenêtre dédiée “Vulnerable Dependencies” pour voir l'état global des vulnérabilités du projet Méthodologies Le retour de du sondage de Stack Overflow sur l'usage de l'IA dans le code https://medium.com/@amareshadak/stack-overflow-just-exposed-the-ugly-truth-about-ai-coding-tools-b4f7b5992191 84% des développeurs utilisent l'IA quotidiennement, mais 46% ne font pas confiance aux résultats. Seulement 3,1% font “hautement confiance” au code généré. 66% sont frustrés par les solutions IA “presque correctes”. 45% disent que déboguer le code IA prend plus de temps que l'écrire soi-même. Les développeurs seniors (10+ ans) font moins confiance à l'IA (2,6%) que les débutants (6,1%), créant un écart de connaissances dangereux. Les pays occidentaux montrent moins de confiance - Allemagne (22%), UK (23%), USA (28%) - que l'Inde (56%). Les créateurs d'outils IA leur font moins confiance. 77% des développeurs professionnels rejettent la programmation en langage naturel, seuls 12% l'utilisent réellement. Quand l'IA échoue, 75% se tournent vers les humains. 35% des visites Stack Overflow concernent maintenant des problèmes liés à l'IA. 69% rapportent des gains de productivité personnels, mais seulement 17% voient une amélioration de la collaboration d'équipe. Coûts cachés : temps de vérification, explication du code IA aux équipes, refactorisation et charge cognitive constante. Les plateformes humaines dominent encore : Stack Overflow (84%), GitHub (67%), YouTube (61%) pour résoudre les problèmes IA. L'avenir suggère un “développement augmenté” où l'IA devient un outil parmi d'autres, nécessitant transparence et gestion de l'incertitude. Mentorat open source et défis communautaires par les gens de Microcks https://microcks.io/blog/beyond-code-open-source-mentorship/ Microcks souffre du syndrome des “utilisateurs silencieux” qui bénéficient du projet sans contribuer Malgré des milliers de téléchargements et une adoption croissante, l'engagement communautaire reste faible Ce manque d'interaction crée des défis de durabilité et limite l'innovation du projet Les mainteneurs développent dans le vide sans feedback des vrais utilisateurs Contribuer ne nécessite pas de coder : documentation, partage d'expérience, signalement de bugs suffisent Parler du project qu'on aime autour de soi est aussi super utile Microcks a aussi des questions specifiques qu'ils ont posé dans le blog, donc si vous l'utilisez, aller voir Le succès de l'open source dépend de la transformation des utilisateurs en véritables partenaires communautaires c'est un point assez commun je trouve, le ratio parlant / silencieux est tres petit et cela encourage les quelques grandes gueules La modernisation du systemes legacy, c'est pas que de la tech https://blog.scottlogic.com/2025/08/27/holistic-approach-successful-legacy-modernisation.html Un artcile qui prend du recul sur la modernisation de systemes legacy Les projets de modernisation legacy nécessitent une vision holistique au-delà du simple focus technologique Les drivers business diffèrent des projets greenfield : réduction des coûts et mitigation des risques plutôt que génération de revenus L'état actuel est plus complexe à cartographier avec de nombreuses dépendances et risques de rupture Collaboration essentielle entre Architectes, Analystes Business et Designers UX dès la phase de découverte Approche tridimensionnelle obligatoire : Personnes, Processus et Technologie (comme un jeu d'échecs 3D) Le leadership doit créer l'espace nécessaire pour la découverte et la planification plutôt que presser l'équipe Communication en termes business plutôt que techniques vers tous les niveaux de l'organisation Planification préalable essentielle contrairement aux idées reçues sur l'agilité Séquencement optimal souvent non-évident et nécessitant une analyse approfondie des interdépendances Phases projet alignées sur les résultats business permettent l'agilité au sein de chaque phase Sécurité Cyber Attaque su Musée Histoire Naturelle https://www.franceinfo.fr/internet/securite-sur-internet/cyberattaques/le-museum-nati[…]e-d-une-cyberattaque-severe-une-plainte-deposee_7430356.html Compromission massive de packages npm populaires par un malware crypto https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised 18 packages npm très populaires compromis le 8 septembre 2025, incluant chalk, debug, ansi-styles avec plus de 2 milliards de téléchargements hebdomadaires combinés duckdb s'est rajouté à la liste Code malveillant injecté qui intercepte silencieusement l'activité crypto et web3 dans les navigateurs des utilisateurs Le malware manipule les interactions de wallet et redirige les paiements vers des comptes contrôlés par l'attaquant sans signes évidents Injection dans les fonctions critiques comme fetch, XMLHttpRequest et APIs de wallets (window.ethereum, Solana) pour intercepter le trafic Détection et remplacement automatique des adresses crypto sur multiple blockchains (Ethereum, Bitcoin, Solana, Tron, Litecoin, Bitcoin Cash) Les transactions sont modifiées en arrière-plan même si l'interface utilisateur semble correcte et légitime Utilise des adresses “sosies” via correspondance de chaînes pour rendre les échanges moins évidents à détecter Le mainteneur compromis par email de phishing provenant du faux domaine “mailto:support@npmjs.help|support@npmjs.help” enregistré 3 jours avant l'attaque sur une demande de mise a jour de son autheotnfication a deux facteurs après un an Aikido a alerté le mainteneur via Bluesky qui a confirmé la compromission et commencé le nettoyage des packages Attaque sophistiquée opérant à plusieurs niveaux: contenu web, appels API et manipulation des signatures de transactions Les anti-cheats de jeux vidéo : une faille de sécurité majeure ? - https://tferdinand.net/jeux-video-et-si-votre-anti-cheat-etait-la-plus-grosse-faille/ Les anti-cheats modernes s'installent au Ring 0 (noyau système) avec privilèges maximaux Ils obtiennent le même niveau d'accès que les antivirus professionnels mais sans audit ni certification Certains exploitent Secure Boot pour se charger avant le système d'exploitation Risque de supply chain : le groupe APT41 a déjà compromis des jeux comme League of Legends Un attaquant infiltré pourrait désactiver les solutions de sécurité et rester invisible Menace de stabilité : une erreur peut empêcher le démarrage du système (référence CrowdStrike) Conflits possibles entre différents anti-cheats qui se bloquent mutuellement Surveillance en temps réel des données d'utilisation sous prétexte anti-triche Dérive dangereuse selon l'auteur : des entreprises de jeux accèdent au niveau EDR Alternatives limitées : cloud gaming ou sandboxing avec impact sur performances donc faites gaffe aux jeux que vos gamins installent ! Loi, société et organisation Luc Julia au Sénat - Monsieur Phi réagi et publie la vidéo Luc Julia au Sénat : autopsie d'un grand N'IMPORTE QUOI https://www.youtube.com/watch?v=e5kDHL-nnh4 En format podcast de 20 minutes, sorti au même moment et à propos de sa conf à Devoxx https://www.youtube.com/watch?v=Q0gvaIZz1dM Le lab IA - Jérôme Fortias - Et si Luc Julia avait raison https://www.youtube.com/watch?v=KScI5PkCIaE Luc Julia au Senat https://www.youtube.com/watch?v=UjBZaKcTeIY Luc Julia se défend https://www.youtube.com/watch?v=DZmxa7jJ8sI Intelligence artificielle : catastrophe imminente ? - Luc Julia vs Maxime Fournes https://www.youtube.com/watch?v=sCNqGt7yIjo Tech and Co Monsieur Phi vs Luc Julia (put a click) https://www.youtube.com/watch?v=xKeFsOceT44 La tronche en biais https://www.youtube.com/live/zFwLAOgY0Wc Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 15 septembre 2025 : Agile Tour Montpellier - Montpellier (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 22-24 septembre 2025 : Kernel Recipes - Paris (France) 22-27 septembre 2025 : La Mélée Numérique - Toulouse (France) 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 23-24 septembre 2025 : AI Engineer Paris - Paris (France) 25 septembre 2025 : Agile Game Toulouse - Toulouse (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 30 septembre 2025-1 octobre 2025 : PyData Paris 2025 - Paris (France) 2 octobre 2025 : Nantes Craft - Nantes (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-7 octobre 2025 : Swift Connection 2025 - Paris (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 7-8 octobre 2025 : Agile en Seine - Issy-les-Moulineaux (France) 8-10 octobre 2025 : SIG 2025 - Paris (France) & Online 9 octobre 2025 : DevCon #25 : informatique quantique - Paris (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16 octobre 2025 : Power 365 - 2025 - Lille (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 17 octobre 2025 : Sylius Con 2025 - Lyon (France) 17 octobre 2025 : ScalaIO 2025 - Paris (France) 17-19 octobre 2025 : OpenInfra Summit Europe - Paris (France) 20 octobre 2025 : Codeurs en Seine - Rouen (France) 23 octobre 2025 : Cloud Nord - Lille (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 5-6 novembre 2025 : Tech Show Paris - Paris (France) 5-6 novembre 2025 : Red Hat Summit: Connect Paris 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 6 novembre 2025 : Agile Tour Aix-Marseille 2025 - Gardanne (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 19 novembre 2025 : SREday Paris 2025 Q4 - Paris (France) 19-21 novembre 2025 : Agile Grenoble - Grenoble (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : DevFest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 1-2 décembre 2025 : Tech Rocks Summit 2025 - Paris (France) 4-5 décembre 2025 : Agile Tour Rennes - Rennes (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 9-11 décembre 2025 : APIdays Paris - Paris (France) 9-11 décembre 2025 : Green IO Paris - Paris (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 11 décembre 2025 : Normandie.ai 2025 - Rouen (France) 14-17 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 12-13 février 2026 : Touraine Tech #26 - Tours (France) 22-24 avril 2026 : Devoxx France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) 4 septembre 2026 : JUG SUmmer Camp 2026 - La Rochelle (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

Developer Voices
From Unit Tests to Whole Universe Tests (with Will Wilson)

Developer Voices

Play Episode Listen Later Sep 10, 2025 72:12


How confident are you when your test suite goes green? If you're honest, probably not 100% confident - because most bugs come from scenarios we never thought to test. Traditional testing only catches the problems we anticipate, but the 3am pager alerts? Those come from the unexpected interactions, timing issues, and edge cases we never imagined.In this episode, Will Wilson from Antithesis takes us deep into the world of autonomous testing. They've built a deterministic hypervisor that can simulate entire distributed systems - complete with fake AWS services - and intelligently explore millions of possible states to find bugs before production. Think property-based testing, but for your entire infrastructure stack. The approach is so thorough they've even used it to find glitches in Super Mario Brothers (seriously).We explore how deterministic simulation works at the hypervisor level, why traditional integration tests are fundamentally limited, and how you can write maintainable tests that actually find the bugs that matter. If you've ever wished you could test "what happens when everything that can go wrong does go wrong," this conversation shows you how that's finally becoming possible.---Support Developer Voices on Patreon: https://patreon.com/DeveloperVoicesSupport Developer Voices on YouTube: https://www.youtube.com/@DeveloperVoices/joinAntithesis: https://antithesis.com/Antithesis testing with Super Mario: https://antithesis.com/blog/sdtalk/...and with Metroid: https://antithesis.com/blog/2025/metroid/MongoDB: https://www.mongodb.com/etcd (Linux Foundation): https://etcd.io/Facebook Hermit: https://github.com/facebookexperimental/hermitRR (Record-Replay Debugger): https://rr-project.org/T-SAN (Thread Sanitizer): https://clang.llvm.org/docs/ThreadSanitizer.htmlToby Bell's Strange Loop Talk on JPL Testing: https://www.youtube.com/results?search_query=toby+bell+strange+loop+jplAndy Weir - Project Hail Mary: https://www.goodreads.com/book/show/54493401-project-hail-maryAndy Weir - The Martian: https://www.goodreads.com/book/show/18007564-the-martianAntithesis Blog (Nintendo Games Testing): https://antithesis.com/blog/Kris on Bluesky: https://bsky.app/profile/krisajenkins.bsky.socialKris on Mastodon: http://mastodon.social/@krisajenkinsKris on LinkedIn: https://www.linkedin.com/in/krisjenkins/

Cosas de programadores, por campusMVP.es

¿Es la INTELIGENCIA ARTIFICIAL el fin de los desarrolladores o una oportunidad sin precedentes? En el episodio de hoy converso con Emilio Salvador, vicepresidente de relaciones con los desarrolladores en GitLab y ex de Google, Amazon y Microsoft, además de miembro del consejo de la Linux Foundation. Con más de 20 años en la primera línea de la revolución tecnológica, Emilio desmitifica las ganancias de productividad reales con IA, al menos en proyectos grandes y maduros, que te harán cuestionar lo que creías saber. Descubre por qué muchos desarrolladores se sienten más productivos, ¡pero los números dicen lo contrario!Exploraremos cómo la IA está DEMOCRATIZANDO el software y transformando el rol del desarrollador: desde el auge de Visual Basic en los 90 hasta el futuro en 2030. ¿Qué ERRORES están cometiendo las empresas al integrar IA? ¿Y qué HABILIDADES CLAVE necesitas para PROSPERAR en esta nueva era?.Desde la perspectiva de GitLab, líderes en la gestión del ciclo de vida del desarrollo de software, Emilio comparte insights sobre cómo plataformas como GitLab Duo están redefiniendo la programación y el DevOps.Prepárate para entender cómo el trabajo de desarrollador está cambiando y cómo puedes mantenerte relevante.

programmier.bar – der Podcast für App- und Webentwicklung
News 36/25: RippleJS // Zod Codecs // ESLint Multithreading // Apple UICoder

programmier.bar – der Podcast für App- und Webentwicklung

Play Episode Listen Later Sep 4, 2025 35:11


Die „programmier.con 2025 - Web & AI Edition“ findet am 29. und 30. Oktober 2025 statt. Sichert euch jetzt Tickets für die Konferenz!Fabi hat sich diese Woche Ripple genauer angeschaut, ein UI-Framework von einem der Köpfe hinter Svelte und React. Er berichtet, was sich hinter dem TypeScript-native UI-Framework verbirgt und warum es in Sachen Syntax einen ganz eigenen Weg geht.Außerdem erfahren wir von Dave, warum Zod 4.1 mit Codecs seine immerhin zweit-beliebteste Validation-Library in JavaScript ist und wer auf Platz eins steht.Von Garrelt hören wir, wie erfolgreich ESLint mit seiner neuen Multithreading-Implementierung war. Fabi, Dave und Jan lagen mit ihren Schätzungen zu den Performance-Gewinnen weit daneben! Jan hat sich das neuste AI Paper aus dem Hause Apple genauer angeschaut und berichtet über UICoder: Mit automatisierten Selbst-Training hat Apple einem offenen LLM beigebracht, SwiftUI auf dem Level von GPT-4 zu erstellen.Und natürlich gab es auch diese Woche wieder Themen, die nicht ganz in unsere Folge gepasst haben:Supply-Chain-Angriff auf das nx npm-package DocumentDB geht zur Linux Foundation mit Support von Microsoft, Amazon und GoogleDie Zoneless API wird stabil in Angular v20.2Google kann Chrome wohl behalten, aber muss Daten teilenDeno schafft es (noch) nicht, das JavaScript-Trademark von Oracle aufzuhebenGitPod gründet sich rund um AI Agents neu und wird OnaSchreibt uns! Schickt uns eure Themenwünsche und euer Feedback: podcast@programmier.barFolgt uns! Bleibt auf dem Laufenden über zukünftige Folgen und virtuelle Meetups und beteiligt euch an Community-Diskussionen. BlueskyInstagramLinkedInMeetupYouTube

The New Stack Podcast
The Linux Foundation In The Age Of AI

The New Stack Podcast

Play Episode Listen Later Sep 2, 2025 29:04


In a recent episode of The New Stack Agents from the Open Source Summit in Amsterdam, Jim Zemlin, executive director of the Linux Foundation, discussed the evolving landscape of open source AI. While the Linux Foundation has helped build ecosystems like the CNCF for cloud-native computing, there's no unified umbrella foundation yet for open source AI. Existing efforts include the PyTorch Foundation and LF AI & Data, but AI development is still fragmented across models, tooling, and standards. Zemlin highlighted the industry's shift from foundational models to open-weight models and now toward inference stacks and agentic AI. He suggested a collective effort may eventually form but cautioned against forcing structure too early, stressing the importance of not hindering innovation. Foundations, he said, must balance scale with agility. On the debate over what qualifies as "open source" in AI, Zemlin adopted a pragmatic view, acknowledging the costs of creating frontier models. He supports open-weight models and believes fully open models, from data to deployment, may emerge over time. Learn more from The New Stack about the latest in AI and open source, AI in China, Europe's AI and security regulations, and more: Open Source Is Not Local Source, and the Case for Global Cooperation US Blocks Open Source ‘Help' From These Countries Open Source Is Worth Defending Join our community of newsletter subscribers to stay on top of the news and at the top of your game./

I am a Mainframer
Mainframe Coven: The Historian Mainframer that Made History: Interview with Pam Taylor

I am a Mainframer

Play Episode Listen Later Aug 28, 2025 36:00


In this episode of Mainframe Coven, Jessielaine Punongbayan (Product Manager, Dynatrace) and Richelle Anne Craw (Software Engineer, Beta Systems Software) chat with Former SHARE President Pam Taylor, a historian turned mainframer who ended up making history herself. Pam shares her journey into enterprise tech, her advocacy for standards and user-focused solutions, and how she blends technical expertise with creative storytelling.Mainframe Coven is a 10-part mini-series honoring the past, present, and future women of IT. It's about real stories from the essential yet unseen minds behind the machines.The podcast is sponsored by the Open Mainframe Project, a Linux Foundation project that aims to build community and adoption of Open Source on the mainframe by eliminating barriers to Open Source adoption on the mainframe, demonstrating the value of the mainframe.For a transcript of this episode, visit https://openmainframeproject.org/mainframe-coven/mainframe-coven-pam-taylor/Links and Resources Mentioned in the Episode:- SHARE's Women of Influence in Mainframe: https://blog.share.org/Article/shares-women-of-influence-in-mainframe- Pam Taylor's Website: https://pamela-taylor.com/

CHAOSScast
Episode 117: Business Success with Open Source with VM (Vicky) Brasseur

CHAOSScast

Play Episode Listen Later Aug 21, 2025 52:05


Thank you to the folks at Sustain (https://sustainoss.org/) for providing the hosting account for CHAOSSCast! CHAOSScast – Episode 117 In this episode of CHAOSScast, Georg Link and Sean Goggins welcome guest Vicky Brasseur, author of Business Success with Open Source and Forge Your Future with Open Source. The conversation explores Vicky's early journey into open source, starting from discovering Project Gutenberg in the early '90s to using Linux for the first time, the challenges companies face when using open source software, and how organizations can better leverage it strategically. The discussion also delves into her book, Forge Your Future with Open Source, which addresses common questions about contributing to open source projects. Vicky highlights the gaps in strategic open source usage within organizations and offers insights on how companies can better utilize open source software to reduce business risks. The conversation wraps up with practical advice for making a compelling business case for open source contributions and the importance of speaking the language of decision-makers. Press download now! [00:01:05] Vicky introduces herself, shares her journey into open source, and introduces Project Gutenberg, LibriVox, and the value of community contributions to open knowledge and public domain resources. [00:06:44] Vicky shares how her first book, Forge Your Future with Open Source, helps newcomers start their contribution journey and why she wrote it to be reused across audiences. [00:10:54] There's a discussion on how open source opens career path globally, especially in underserved economics. [00:12:46] Vicky shares some advice from her book for new contributors: Don't start with Linux and find a project in an area you love (e.g., music, cars, sewing) to maintain long-term motivation. [00:15:18] Sean and Georg share their personal origin stories in open source. [00:19:23] Georg introduces Vicky's second book, Business Success with Open Source, and she discusses the premise of the book and the “Three Part Framework.” [00:26:08] Vicky argues that even Linux Foundation member companies often don't understand open source at an organizational level. [00:29:19] Vicky is available for consulting, following her layoff. She encourages listeners to reach out via her website. [00:33:55] Why do projects fail? Vicky shares failures come from poor communication and unchecked assumptions across industries, not just tech. [00:35:36] Vicky criticizes companies for chasing vanity metrics like GitHub stars and praises the CHAOSS Project but notes most companies misuse metrics or don't tie them to strategic goals. Also, “Script kiddie” is explained. [00:40:13] Vicky explains how to ethically influence execs by speaking their language, use Power Points and show cost comparisons (e.g., OpenStreetMap vs Google Maps), and she emphasizes to use “TL;DR” (Too Long; Didn't Read) friendly presentations to connect open source financial and operational outcomes. [00:44:27] There's a special discount code for everyone to use on Vicky's eBooks and audiobooks on The Pragmatic Bookshelf website and the code is VBCHAOSS *for 30% off *through Oct 2025. [00:45:16] Find out where you can follow Vicky and her work on the internet. Value Adds (Picks) of the week: [00:46:07] Sean's pick is the movie, Multiplicity (1996) starring Michael Keaton (not Carbon Copy as stated.) [00:47:29] Vicky's pick is sharing her joy in spinning wool with a vintage spinning wheel. [00:49:35] Georg's pick is going to an amusement park with his family. Panelists: Georg Link Sean Goggins Guest: VM (Vicky) Brasseur Links: CHAOSS (https://chaoss.community/) CHAOSS Project X (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) CHAOSS YouTube (https://www.youtube.com/@CHAOSStube/videos) podcast@chaoss.community (mailto:podcast@chaoss.community) Georg Link Website (https://georg.link/) Sean Goggins X (https://twitter.com/sociallycompute) VM (Vicky) Brasseur Website (https://www.vmbrasseur.com/about/) VM (Vicky) Brasseur Blog (https://blog.vmbrasseur.com/) VM (Vicky) Brasseur LinkedIn (https://www.linkedin.com/in/vmbrasseur/) VM (Vicky) Brasseur Mastodon (https://social.vmbrasseur.com/@vmbrasseur) Project Gutenberg (https://www.gutenberg.org/) LibriVox (https://librivox.org/) Forge Your Future with Open Source by VM (Vicky) Brasseur (Code: VBCHAOSS) (https://pragprog.com/titles/vbopens/forge-your-future-with-open-source/) Business Success with Open Source by VM (Vicky) Brasseur (Code: VBCHAOSS) (https://pragprog.com/titles/vbfoss/business-success-with-open-source/) Nora McDonald (College of Engineering and Computing) (https://computing.gmu.edu/profiles/nmcdona4) Zotero (https://www.zotero.org/) Failure: Why It Happens & How to Benefit from It by VM (Vicky) Brasseur (https://archive.org/details/pdxdevops2017-failure) Script kiddie (https://en.wikipedia.org/wiki/Script_kiddie) Kevin Mitnick (https://en.wikipedia.org/wiki/Kevin_Mitnick) Multiplicity (https://en.wikipedia.org/wiki/Multiplicity_(film)) Spinning wheel (https://en.wikipedia.org/wiki/Spinning_wheel) Special Guest: VM (Vicky) Brasseur.

I am a Mainframer
Mainframe Coven: When Computers Wore Skirts

I am a Mainframer

Play Episode Listen Later Jul 31, 2025 46:08


In this episode of Mainframe Coven, Jessielaine Punongbayan (Product Manager, Dynatrace) and Richelle Anne Craw (Software Engineer, Beta Systems Software) look back at a time when women were central to computing and examine how and why that changed, even though the work didn't. Together they reflect on software engineering, cultural bias, institutional gatekeeping, and the motivation to rewrite the narrative.Mainframe Coven is a 10-part mini-series honoring the past, present, and future women of IT. It's about real stories from the essential yet unseen minds behind the machines.The podcast is sponsored by the Open Mainframe Project, a Linux Foundation project that aims to build community and adoption of Open Source on the mainframe by eliminating barriers to Open Source adoption on the mainframe, demonstrating the value of the mainframe.For a transcript of this episode, visit https://openmainframeproject.org/mainframe-coven/mainframe-coven-when-computers-wore-skirtsLinks and Resources Mentioned in the Episode:- She Was a Computer When Computers Wore Skirts: https://www.nasa.gov/centers-and-facilities/langley/she-was-a-computer-when-computers-wore-skirts/- Zeros and Ones: Digital Women and the New Technoculture by Sadie Plant: https://www.4thestate.co.uk/products/zeros-and-ones-digital-women-and-the-new-technoculture-sadie-plant-9781857026986/- Lovelace & Babbage and the creation of the 1843 'notes' by J. Fuegi and J. Francis, in IEEE Annals of the History of Computing, vol. 25, no. 4, pp. 16-26, Oct.-Dec. 2003: https://doi.org/10.1109/MAHC.2003.1253887- Broad Band: The Untold Story of the Women Who Made the Internet by Claire Evans: https://www.penguinrandomhouse.com/books/545427/broad-band-by-claire-l-evans/- Pioneer Programmer: Jean Jennings Bartik and the Computer That Changed the World by Jean Jennings Bartik: https://www.amazon.com/Pioneer-Programmer-Jennings-Computer-Changed/dp/1612480861/- The women of ENIAC by W. B. Fritz, in IEEE Annals of the History of Computing, vol. 18, no. 3, pp. 13-28, Fall 1996: https://doi.org/10.1109/85.511940- Jean J. Bartik and Frances E. “Betty” Snyder Holberton, interview by Henry Tropp, April 1973, Computer Oral History Collection, Archives Center, National Museum of American History, Smithsonian Institution: https://mads.si.edu/mads/id/NMAH-AC0196_bart730427/- When Computers Were Women by Jennifer S. Light, Technology and Culture, vol. 40, no. 3, 1999: https://www.jstor.org/stable/25147356- ENIAC Programmers Project: https://eniacprogrammers.org/- Great Unsung Women of Computing: The Computers, The Coders and The Future Makers: https://www.wmm.com/catalog/film/great-unsung-women-of-computing-the-computers-the-coders-and-the-future-makers/- The Untold History of Women in Science and Technology (White House Archives): https://obamawhitehouse.archives.gov/women-in-stem/- The Queen of Code, directed by Gillian Jacobs. FiveThirtyEight, 2015: https://vimeo.com/118556349/- “Making Programming Masculine” In Gender Codes: Why Women Are Leaving Computing by Nathan Ensmenger: https://homes.luddy.indiana.edu/nensmeng/posts/2010/09/09/misa2010/- The Computer Boys Take Over: Computers, Programmers, and the Politics of Technical Expertise by Nathan Ensmenger: https://thecomputerboys.com/

I am a Mainframer
Mainframe Coven: Kilogirl

I am a Mainframer

Play Episode Listen Later Jul 30, 2025 28:40


In this episode of Mainframe Coven, Jessielaine Punongbayan (Product Manager, Dynatrace) and Richelle Anne Craw (Software Engineer, Beta Systems Software) dive into the origins of the term "Kilogirl", explore its historical context, and discuss the importance of women's visibility in tech.Together, they reflect on the legacy of women in computing, share personal insights, and answer the powerful question:"Why is women visibility important?"Mainframe Coven is a 10-part mini-series honoring the past, present, and future women of IT. It's about real stories from the essential yet unseen minds behind the machines.The podcast is sponsored by the Open Mainframe Project, a Linux Foundation project that aims to build community and adoption of Open Source on the mainframe by eliminating barriers to Open Source adoption on the mainframe, demonstrating the value of the mainframe.For a transcript of this episode, visit https://openmainframeproject.org/main...Links Mentioned in the Episode:- Radical Software: Women, Art & Computing 1960–1991: https://kunsthallewien.at/ausstellung...Computing Power Used to Be Measured in 'Kilo-Girls': https://www.theatlantic.com/technolog...The Gendered History of Human Computers: https://www.smithsonianmag.com/scienc...The Glass Universe: The Hidden History of the Women Who took the Measure of the Stars by Dava Sobel: https://www.4thestate.co.uk/products/... as mentioned in An astronomical feat: https://www.spectator.co.uk/article/a...Broad Band: The Untold Story of the Women Who Made the Internet by Claire Evans: https://www.penguinrandomhouse.com/bo...Anita B.org: https://anitab.org/The Bletchley Circle (2012–2014, ITV): https://www.world-productions.com/pro...Hidden Figures (2016, directed by Theodore Melfi) Based on the book by Margot Lee Shetterly: https://family.20thcenturystudios.com...Re-writing the code: https://rewritingthecode.org/

To The Point - Cybersecurity
Keep People At The Center of it All with Mishi Choudhary Part 2 Rerun

To The Point - Cybersecurity

Play Episode Listen Later Jul 29, 2025 34:25


Joining the podcast this week is Mishi Choudhary, SVP and General Counsel at Virtru. Mishi shares with us some legal perspective on the privacy discussion including freedom of thought, the right to be forgotten, end-to-end encryption for protecting user data, finding a middle ground between meeting customer privacy demands and complying with legal requirements, getting to a federal privacy regulation, and so much more! You won't want to miss what is a truly spirited and candid conversation – in two parts! Mishi Choudhary SVP and General Counsel, Virtru A technology lawyer with over 17 years of legal experience, Mishi has served as a legal representative for many of the world's most prominent free and open source software developers and distributors, including the Free Software Foundation, Cloud Native Computing Foundation, Linux Foundation, Debian, the Apache Software Foundation, and OpenSSL. At Virtru, she leads all legal and compliance activities, builds internal processes to continue to accelerate growth, helps shape Virtru and open source strategy, and activates global business development efforts. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e343

CHAOSScast
Episode 115: Trends from UN OSS Week and OSSNA

CHAOSScast

Play Episode Listen Later Jul 24, 2025 72:58


Thank you to the folks at Sustain (https://sustainoss.org/) for providing the hosting account for CHAOSSCast! In this double-length CHAOSScast special episode, hosts Harmony Elendu and George Link along with panelists from the CHAOSS community, come together to reflect on their experiences at two major open source events: CHAOSScon North America (co-located with the Open Source Summit) and the United Nations Open Source Week in New York. The episode is packed with personal insights, highlighted key talks, software updates, themes from the events, memorable community interactions, and thoughtful conversations about the future of open source, digital sovereignty, and sustainability. Press download now! [00:00:19] Harmony and the guests introduce themselves and their roles in CHAOSS and the open source community. [00:02:36] Everyone shares their CHAOSScon talk highlights. [00:10:49] Conference moments and experiences are talked about such as Linux Foundation's puppy therapy booths to reduce stress, knitting as a conversation starter, and spontaneous hallway discussions about software security and SBOMs. [00:17:10] Software updates: Augur now runs easily via Docker Compose, making it accessible to more users. [00:18:59] Elizabeth explains behind the scenes of organizing CHAOSScon with Linux Foundation support, and challenges with speaker curation, CFP management, and logistics. [00:23:17] Harmony invites listeners to CHAOSScon Africa and OSCAFEST'25 happening in August, both in the same week and same location. [00:23:45] Elizabeth, Laura, and Andrew share their CHAOSS booth experiences. [00:28:28] The guests talk about meeting longtime online collaborators in person for the first time. [00:30:16] Cali talks about the Data Science Hackathon, student participation, hands-on project exploration with 8Knot and Auger and the event was hosted by the CHAOSS Data Science Working Group. [00:36:43] Part 2 starts here as host Georg Link takes over with guests Divya, Ruth, and Daniel, who all attended the United Nations Open Source Week in New York. [00:39:45] We hear some key moments from the UN Open Source Week 2025: Governments increasingly adopting OSPOs, sessions on humanitarian tech and open source for crisis response, the energy, engagement, and diversity of thought. [00:50:09] Ruth shares something new she learned going to an Open Source Hardware presentation where they did a demo of DIY microscopes and Georg shares an inspiring story he learned using open hardware. [00:52:12] After being at this conference, Ruth sees open source headed for digital sovereignty and there's a discussion on the trend toward collaborative Digital Public Infrastructure (DPI) and public goods. [00:55:37] There's a conversation on sustainability and open source communities. [01:01:09] Governance and transparency is discussed, Daniel shares an example with Germany's Sovereign Tech Fund supporting critical infrastructure, and Divya shares going to a session that was focused on payments. [01:06:05] We end with Georg highlighting to check out some recordings from the UN Open Source Week 2025 website and to check out the UN Open Source Principles. Value Adds (Picks) of the week: [00:32:03] Harmony's pick is a local coffee. [00:32:26] Cali's pick is being able to road bike for the first time since surgery. [00:33:05] Elizabeth's pick is feeling grateful to be in an industry that provides opportunities to meet with and connect with people from all over the world. [00:34:39] Laura's pick is spending two weeks with open source folks who care far more about people than profits. [00:35:14] Andrew's pick is reconnecting with Elizabeth and first time traveling with the Timeshifter App to help with jet lag. [01:07:32] Ruth's pick is friends. [01:08:00] Daniel's pick is the Digital Resilience Forum. [01:09:27] Divya's pick is tinkering with pottery. [01:11:16] Georg's pick is his herbal garden. Panelists: Harmony Elendu Georg Link Guests: Elizabeth Barron Andrew Nesbitt Cali Dolfi Laura Langdon Divya Mohan Ruth Ikegah Daniel Izquierdo Links: CHAOSS (https://chaoss.community/) CHAOSS Project X (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) CHAOSS YouTube (https://www.youtube.com/@CHAOSStube/videos) podcast@chaoss.community (mailto:podcast@chaoss.community) Georg Link Website (https://georg.link/) Harmony Elendu X (https://x.com/ogaharmony) Elizabeth Barron X (https://twitter.com/elizabethn) Andrew Nesbitt Mastodon (https://www.timeshifter.com/) Andrew Nesbitt Website (https://nesbitt.io/) Cali Dolfi LinkedIn (https://www.linkedin.com/in/calidolfi/) Cali Dolfi X (https://x.com/calidolphinn?lang=en) Laura Langdon Website (https://www.lauralangdon.io/) Laura Langdon Mastodon (https://hachyderm.io/@LauraLangdon) Ruth Ikegah X (https://twitter.com/IkegahRuth) Ruth Ikegah LinkedIn (https://www.linkedin.com/in/ruth-ikegah/) Divya Mohan Website (https://www.divyamohan.com/) Divya Mohan LinkedIn (https://www.linkedin.com/in/divya-mohan0209/) Daniel Izquierdo LinkedIn (https://www.linkedin.com/in/dicortazar/?original_referer=https%3A%2F%2Fwww%2Egoogle%2Ecom%2F&originalSubdomain=es) CHAOSScon Africa 2025 (https://chaoss.community/chaosscon-africa-2025/) OSCAFEST'25 (https://festival.oscafrica.org/) CHAOSS Data Science Working Group (https://github.com/chaoss/wg-data-science) Timeshifter Apps (https://www.timeshifter.com/) Digital Public Goods Registry (https://www.digitalpublicgoods.net/registry) Sovereign Tech Agency (https://www.sovereign.tech/) United Nations Open Source Week 2025 (https://www.un.org/digital-emerging-technologies/content/open-source-week-2025) United Nations Digital Public Goods (https://www.un.org/digital-emerging-technologies/content/digital-public-goods) United Nations Open Source Principles (https://unite.un.org/news/osi-first-endorse-united-nations-open-source-principles) OpenFlexure Microscope (open hardware project) (https://openflexure.org/projects/microscope/) Digital Resilience Forum (https://digitalresilienceforum.com/) Special Guests: Andrew Nesbitt, Cali Dolfi, Divya Mohan, and Laura Langdon.

To The Point - Cybersecurity
Privacy: Keep People At The Center of it All with Mishi Choudhary Rerun

To The Point - Cybersecurity

Play Episode Listen Later Jul 22, 2025 23:37


Joining the podcast this week is Mishi Choudhary, SVP and General Counsel at Virtru. Mishi shares with us some legal perspective on the privacy discussion including freedom of thought, the right to be forgotten, end-to-end encryption for protecting user data, finding a middle ground between meeting customer privacy demands and complying with legal requirements, getting to a federal privacy regulation, and so much more! You won't want to miss what is a truly spirited and candid conversation – in two parts! Mishi Choudhary, SVP and General Counsel, Virtru A technology lawyer with over 17 years of legal experience, Mishi has served as a legal representative for many of the world's most prominent free and open source software developers and distributors, including the Free Software Foundation, Cloud Native Computing Foundation, Linux Foundation, Debian, the Apache Software Foundation, and OpenSSL. At Virtru, she leads all legal and compliance activities, builds internal processes to continue to accelerate growth, helps shape Virtru and open source strategy, and activates global business development efforts. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e342

Les Cast Codeurs Podcast
LCC 328 - Expert généraliste cherche Virtual Thread

Les Cast Codeurs Podcast

Play Episode Listen Later Jul 16, 2025 90:13


Dans cet épisode, Emmanuel et Antonio discutent de divers sujets liés au développement: Applets (et oui), app iOS développées sous Linux, le protocole A2A, l'accessibilité, les assistants de code AI en ligne de commande (vous n'y échapperez pas)… Mais aussi des approches méthodologiques et architecturales comme l'architecture hexagonale, les tech radars, l'expert généraliste et bien d'autres choses encore. Enregistré le 11 juillet 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-328.mp3 ou en vidéo sur YouTube. News Langages Les Applets Java c'est terminé pour de bon… enfin, bientot: https://openjdk.org/jeps/504 Les navigateurs web ne supportent plus les applets. L'API Applet et l'outil appletviewer ont été dépréciés dans JDK 9 (2017). L'outil appletviewer a été supprimé dans JDK 11 (2018). Depuis, impossible d'exécuter des applets avec le JDK. L'API Applet a été marquée pour suppression dans JDK 17 (2021). Le Security Manager, essentiel pour exécuter des applets de façon sécurisée, a été désactivé définitivement dans JDK 24 (2025). Librairies Quarkus 3.24 avec la notion d'extensions qui peuvent fournir des capacités à des assistants https://quarkus.io/blog/quarkus-3-24-released/ les assistants typiquement IA, ont accès a des capacités des extensions Par exemple générer un client à partir d'openAPI Offrir un accès à la,base de données en dev via le schéma. L'intégration d'Hibernate 7 dans Quarkus https://quarkus.io/blog/hibernate7-on-quarkus/ Jakarta data api restriction nouvelle Injection du SchemaManager Sortie de Micronaut 4.9 https://micronaut.io/2025/06/30/micronaut-framework-4-9-0-released/ Core : Mise à jour vers Netty 4.2.2 (attention, peut affecter les perfs). Nouveau mode expérimental “Event loop Carrier” pour exécuter des virtual threads sur l'event loop Netty. Nouvelle annotation @ClassImport pour traiter des classes déjà compilées. Arrivée des @Mixin (Java uniquement) pour modifier les métadonnées d'annotations Micronaut sans altérer les classes originales. HTTP/3 : Changement de dépendance pour le support expérimental. Graceful Shutdown : Nouvelle API pour un arrêt en douceur des applications. Cache Control : API fluente pour construire facilement l'en-tête HTTP Cache-Control. KSP 2 : Support de KSP 2 (à partir de 2.0.2) et testé avec Kotlin 2. Jakarta Data : Implémentation de la spécification Jakarta Data 1.0. gRPC : Support du JSON pour envoyer des messages sérialisés via un POST HTTP. ProjectGen : Nouveau module expérimental pour générer des projets JVM (Gradle ou Maven) via une API. Un super article sur experimenter avec les event loops reactives dans les virtualthreads https://micronaut.io/2025/06/30/transitioning-to-virtual-threads-using-the-micronaut-loom-carrier/ Malheureusement cela demander le hacker le JDK C'est un article de micronaut mais le travail a ete collaboratif avec les equipes de Red Hat OpenJDK, Red Hat perf et de Quarkus et Vert.x Pour les curieux c'est un bon article Ubuntu offre un outil de creation de container pour Spring notamment https://canonical.com/blog/spring-boot-containers-made-easy creer des images OCI pour les applications Spring Boot basées sur Ubuntu base images bien sur utilise jlink pour reduire la taille pas sur de voir le gros avantage vs d'autres solutions plus portables d'ailleurs Canonical entre dans la danse des builds d'openjdk Le SDK Java de A2A contribué par Red Hat est sorti https://quarkus.io/blog/a2a-project-launches-java-sdk/ A2A est un protocole initié par Google et donne à la fondation Linux Il permet à des agents de se décrire et d'interagir entre eux Agent cards, skills, tâche, contexte A2A complémente MCP Red hat a implémenté le SDK Java avec le conseil des équipes Google En quelques annotations et classes on a un agent card, un client A2A et un serveur avec l'échange de messages via le protocole A2A Comment configurer mockito sans warning après java 21 https://rieckpil.de/how-to-configure-mockito-agent-for-java-21-without-warning/ les agents chargés dynamiquement sont déconseillés et seront interdis bientôt Un des usages est mockito via bytebuddy L'avantage est que la,configuration était transparente Mais bon sécurité oblige c'est fini. Donc l'article décrit comment configurer maven gradle pour mettre l'agent au démarrage des tests Et aussi comment configurer cela dans IntelliJ idea. Moins simple malheureusement Web Des raisons “égoïstes” de rendre les UIs plus accessibles https://nolanlawson.com/2025/06/16/selfish-reasons-for-building-accessible-uis/ Raisons égoïstes : Des avantages personnels pour les développeurs de créer des interfaces utilisateurs (UI) accessibles, au-delà des arguments moraux. Débogage facilité : Une interface accessible, avec une structure sémantique claire, est plus facile à déboguer qu'un code désordonné (la « soupe de div »). Noms standardisés : L'accessibilité fournit un vocabulaire standard (par exemple, les directives WAI-ARIA) pour nommer les composants d'interface, ce qui aide à la clarté et à la structuration du code. Tests simplifiés : Il est plus simple d'écrire des tests automatisés pour des éléments d'interface accessibles, car ils peuvent être ciblés de manière plus fiable et sémantique. Après 20 ans de stagnation, la spécification du format d'image PNG évolue enfin ! https://www.programmax.net/articles/png-is-back/ Objectif : Maintenir la pertinence et la compétitivité du format. Recommandation : Soutenu par des institutions comme la Bibliothèque du Congrès américain. Nouveautés Clés :Prise en charge du HDR (High Dynamic Range) pour une plus grande gamme de couleurs. Reconnaissance officielle des PNG animés (APNG). Support des métadonnées Exif (copyright, géolocalisation, etc.). Support Actuel : Déjà intégré dans Chrome, Safari, Firefox, iOS, macOS et Photoshop. Futur :Prochaine édition : focus sur l'interopérabilité entre HDR et SDR. Édition suivante : améliorations de la compression. Avec le projet open source Xtool, on peut maintenant construire des applications iOS sur Linux ou Windows, sans avoir besoin d'avoir obligatoirement un Mac https://xtool.sh/tutorials/xtool/ Un tutoriel très bien fait explique comment faire : Création d'un nouveau projet via la commande xtool new. Génération d'un package Swift avec des fichiers clés comme Package.swift et xtool.yml. Build et exécution de l'app sur un appareil iOS avec xtool dev. Connexion de l'appareil en USB, gestion du jumelage et du Mode Développeur. xtool gère automatiquement les certificats, profils de provisionnement et la signature de l'app. Modification du code de l'interface utilisateur (ex: ContentView.swift). Reconstruction et réinstallation rapide de l'app mise à jour avec xtool dev. xtool est basé sur VSCode sur la partie IDE Data et Intelligence Artificielle Nouvelle edition du best seller mondial “Understanding LangChain4j” : https://www.linkedin.com/posts/agoncal_langchain4j-java-ai-activity-7342825482830200833-rtw8/ Mise a jour des APIs (de LC4j 0.35 a 1.1.0) Nouveaux Chapitres sur MCP / Easy RAG / JSon Response Nouveaux modeles (GitHub Model, DeepSeek, Foundry Local) Mise a jour des modeles existants (GPT-4.1, Claude 3.7…) Google donne A2A a la Foundation Linux https://developers.googleblog.com/en/google-cloud-donates-a2a-to-linux-foundation/ Annonce du projet Agent2Agent (A2A) : Lors du sommet Open Source Summit North America, la Linux Foundation a annoncé la création du projet Agent2Agent, en partenariat avec Google, AWS, Microsoft, Cisco, Salesforce, SAP et ServiceNow. Objectif du protocole A2A : Ce protocole vise à établir une norme ouverte pour permettre aux agents d'intelligence artificielle (IA) de communiquer, collaborer et coordonner des tâches complexes entre eux, indépendamment de leur fournisseur. Transfert de Google à la communauté open source : Google a transféré la spécification du protocole A2A, les SDK associés et les outils de développement à la Linux Foundation pour garantir une gouvernance neutre et communautaire. Soutien de l'industrie : Plus de 100 entreprises soutiennent déjà le protocole. AWS et Cisco sont les derniers à l'avoir validé. Chaque entreprise partenaire a souligné l'importance de l'interopérabilité et de la collaboration ouverte pour l'avenir de l'IA. Objectifs de la fondation A2A : Établir une norme universelle pour l'interopérabilité des agents IA. Favoriser un écosystème mondial de développeurs et d'innovateurs. Garantir une gouvernance neutre et ouverte. Accélérer l'innovation sécurisée et collaborative. parler de la spec et surement dire qu'on aura l'occasion d'y revenir Gemini CLI :https://blog.google/technology/developers/introducing-gemini-cli-open-source-ai-agent/ Agent IA dans le terminal : Gemini CLI permet d'utiliser l'IA Gemini directement depuis le terminal. Gratuit avec compte Google : Accès à Gemini 2.5 Pro avec des limites généreuses. Fonctionnalités puissantes : Génère du code, exécute des commandes, automatise des tâches. Open source : Personnalisable et extensible par la communauté. Complément de Code Assist : Fonctionne aussi avec les IDE comme VS Code. Au lieu de blocker les IAs sur vos sites vous pouvez peut-être les guider avec les fichiers LLMs.txt https://llmstxt.org/ Exemples du projet angular: llms.txt un simple index avec des liens : https://angular.dev/llms.txt lllms-full.txt une version bien plus détaillée : https://angular.dev/llms-full.txt Outillage Les commits dans Git sont immuables, mais saviez vous que vous pouviez rajouter / mettre à jour des “notes” sur les commits ? https://tylercipriani.com/blog/2022/11/19/git-notes-gits-coolest-most-unloved-feature/ Fonctionnalité méconnue : git notes est une fonctionnalité puissante mais peu utilisée de Git. Ajout de métadonnées : Permet d'attacher des informations à des commits existants sans en modifier le hash. Cas d'usage : Idéal pour ajouter des données issues de systèmes automatisés (builds, tickets, etc.). Revue de code distribuée : Des outils comme git-appraise ont été construits sur git notes pour permettre une revue de code entièrement distribuée, indépendante des forges (GitHub, GitLab). Peu populaire : Son interface complexe et le manque de support des plateformes de forge ont limité son adoption (GitHub n'affiche même pas/plus les notes). Indépendance des forges : git notes offre une voie vers une plus grande indépendance vis-à-vis des plateformes centralisées, en distribuant l'historique du projet avec le code lui-même. Un aperçu dur Spring Boot debugger dans IntelliJ idea ultimate https://blog.jetbrains.com/idea/2025/06/demystifying-spring-boot-with-spring-debugger/ montre cet outil qui donne du contexte spécifique à Spring comme les beans non activés, ceux mockés, la valeur des configs, l'état des transactions Il permet de visualiser tous les beans Spring directement dans la vue projet, avec les beans non instanciés grisés et les beans mockés marqués en orange pour les tests Il résout le problème de résolution des propriétés en affichant la valeur effective en temps réel dans les fichiers properties et yaml, avec la source exacte des valeurs surchargées Il affiche des indicateurs visuels pour les méthodes exécutées dans des transactions actives, avec les détails complets de la transaction et une hiérarchie visuelle pour les transactions imbriquées Il détecte automatiquement toutes les connexions DataSource actives et les intègre avec la fenêtre d'outils Database d'IntelliJ IDEA pour l'inspection Il permet l'auto-complétion et l'invocation de tous les beans chargés dans l'évaluateur d'expression, fonctionnant comme un REPL pour le contexte Spring Il fonctionne sans agent runtime supplémentaire en utilisant des breakpoints non-suspendus dans les bibliothèques Spring Boot pour analyser les données localement Une liste communautaire sur les assistants IA pour le code, lancée par Lize Raes https://aitoolcomparator.com/ tableau comparatif qui permet de voir les différentes fonctionnalités supportées par ces outils Architecture Un article sur l'architecture hexagonale en Java https://foojay.io/today/clean-and-modular-java-a-hexagonal-architecture-approach/ article introductif mais avec exemple sur l'architecture hexagonale entre le domaine, l'application et l‘infrastructure Le domain est sans dépendance L‘appli spécifique à l'application mais sans dépendance technique explique le flow L'infrastructure aura les dépendances à vos frameworks spring, Quarkus Micronaut, Kafka etc Je suis naturellement pas fan de l'architecture hexagonale en terme de volume de code vs le gain surtout en microservices mais c'est toujours intéressant de se challenger et de regarder le bénéfice coût. Gardez un œil sur les technologies avec les tech radar https://www.sfeir.dev/cloud/tech-radar-gardez-un-oeil-sur-le-paysage-technologique/ Le Tech Radar est crucial pour la veille technologique continue et la prise de décision éclairée. Il catégorise les technologies en Adopt, Trial, Assess, Hold, selon leur maturité et pertinence. Il est recommandé de créer son propre Tech Radar pour l'adapter aux besoins spécifiques, en s'inspirant des Radars publics. Utilisez des outils de découverte (Alternativeto), de tendance (Google Trends), de gestion d'obsolescence (End-of-life.date) et d'apprentissage (roadmap.sh). Restez informé via les blogs, podcasts, newsletters (TLDR), et les réseaux sociaux/communautés (X, Slack). L'objectif est de rester compétitif et de faire des choix technologiques stratégiques. Attention à ne pas sous-estimer son coût de maintenance Méthodologies Le concept d'expert generaliste https://martinfowler.com/articles/expert-generalist.html L'industrie pousse vers une spécialisation étroite, mais les collègues les plus efficaces excellent dans plusieurs domaines à la fois Un développeur Python expérimenté peut rapidement devenir productif dans une équipe Java grâce aux concepts fondamentaux partagés L'expertise réelle comporte deux aspects : la profondeur dans un domaine et la capacité d'apprendre rapidement Les Expert Generalists développent une maîtrise durable au niveau des principes fondamentaux plutôt que des outils spécifiques La curiosité est essentielle : ils explorent les nouvelles technologies et s'assurent de comprendre les réponses au lieu de copier-coller du code La collaboration est vitale car ils savent qu'ils ne peuvent pas tout maîtriser et travaillent efficacement avec des spécialistes L'humilité les pousse à d'abord comprendre pourquoi les choses fonctionnent d'une certaine manière avant de les remettre en question Le focus client canalise leur curiosité vers ce qui aide réellement les utilisateurs à exceller dans leur travail L'industrie doit traiter “Expert Generalist” comme une compétence de première classe à nommer, évaluer et former ca me rappelle le technical staff Un article sur les métriques métier et leurs valeurs https://blog.ippon.fr/2025/07/02/monitoring-metier-comment-va-vraiment-ton-service-2/ un article de rappel sur la valeur du monitoring métier et ses valeurs Le monitoring technique traditionnel (CPU, serveurs, API) ne garantit pas que le service fonctionne correctement pour l'utilisateur final. Le monitoring métier complète le monitoring technique en se concentrant sur l'expérience réelle des utilisateurs plutôt que sur les composants isolés. Il surveille des parcours critiques concrets comme “un client peut-il finaliser sa commande ?” au lieu d'indicateurs abstraits. Les métriques métier sont directement actionnables : taux de succès, délais moyens et volumes d'erreurs permettent de prioriser les actions. C'est un outil de pilotage stratégique qui améliore la réactivité, la priorisation et le dialogue entre équipes techniques et métier. La mise en place suit 5 étapes : dashboard technique fiable, identification des parcours critiques, traduction en indicateurs, centralisation et suivi dans la durée. Une Definition of Done doit formaliser des critères objectifs avant d'instrumenter tout parcours métier. Les indicateurs mesurables incluent les points de passage réussis/échoués, les temps entre actions et le respect des règles métier. Les dashboards doivent être intégrés dans les rituels quotidiens avec un système d'alertes temps réel compréhensibles. Le dispositif doit évoluer continuellement avec les transformations produit en questionnant chaque incident pour améliorer la détection. La difficulté c'est effectivement l'évolution métier par exemple peu de commandes la nuit etc ça fait partie de la boîte à outils SRE Sécurité Toujours à la recherche du S de Sécurité dans les MCP https://www.darkreading.com/cloud-security/hundreds-mcp-servers-ai-models-abuse-rce analyse des serveurs mcp ouverts et accessibles beaucoup ne font pas de sanity check des parametres si vous les utilisez dans votre appel genAI vous vous exposer ils ne sont pas mauvais fondamentalement mais n'ont pas encore de standardisation de securite si usage local prefferer stdio ou restreindre SSE à 127.0.0.1 Loi, société et organisation Nicolas Martignole, le même qui a créé le logo des Cast Codeurs, s'interroge sur les voies possibles des développeurs face à l'impact de l'IA sur notre métier https://touilleur-express.fr/2025/06/23/ni-manager-ni-contributeur-individuel/ Évolution des carrières de développeur : L'IA transforme les parcours traditionnels (manager ou expert technique). Chef d'Orchestre d'IA : Ancien manager qui pilote des IA, définit les architectures et valide le code généré. Artisan Augmenté : Développeur utilisant l'IA comme un outil pour coder plus vite et résoudre des problèmes complexes. Philosophe du Code : Un nouveau rôle centré sur le “pourquoi” du code, la conceptualisation de systèmes et l'éthique de l'IA. Charge cognitive de validation : Nouvelle charge mentale créée par la nécessité de vérifier le travail des IA. Réflexion sur l'impact : L'article invite à choisir son impact : orchestrer, créer ou guider. Entraîner les IAs sur des livres protégés (copyright) est acceptable (fair use) mais les stocker ne l'est pas https://www.reuters.com/legal/litigation/anthropic-wins-key-ruling-ai-authors-copyright-lawsuit-2025-06-24/ Victoire pour Anthropic (jusqu'au prochain procès): L'entreprise a obtenu gain de cause dans un procès très suivi concernant l'entraînement de son IA, Claude, avec des œuvres protégées par le droit d'auteur. “Fair Use” en force : Le juge a estimé que l'utilisation des livres pour entraîner l'IA relevait du “fair use” (usage équitable) car il s'agit d'une transformation du contenu, pas d'une simple reproduction. Nuance importante : Cependant, le stockage de ces œuvres dans une “bibliothèque centrale” sans autorisation a été jugé illégal, ce qui souligne la complexité de la gestion des données pour les modèles d'IA. Luc Julia, son audition au sénat https://videos.senat.fr/video.5486945_685259f55eac4.ia–audition-de-luc-julia-concepteur-de-siri On aime ou pas on aide pas Luc Julia et sa vision de l'IA . C'est un eversion encore plus longue mais dans le même thème que sa keynote à Devoxx France 2025 ( https://www.youtube.com/watch?v=JdxjGZBtp_k ) Nature et limites de l'IA : Luc Julia a insisté sur le fait que l'intelligence artificielle est une “évolution” plutôt qu'une “révolution”. Il a rappelé qu'elle repose sur des mathématiques et n'est pas “magique”. Il a également alerté sur le manque de fiabilité des informations fournies par les IA génératives comme ChatGPT, soulignant qu'« on ne peut pas leur faire confiance » car elles peuvent se tromper et que leur pertinence diminue avec le temps. Régulation de l'IA : Il a plaidé pour une régulation “intelligente et éclairée”, qui devrait se faire a posteriori afin de ne pas freiner l'innovation. Selon lui, cette régulation doit être basée sur les faits et non sur une analyse des risques a priori. Place de la France : Luc Julia a affirmé que la France possédait des chercheurs de très haut niveau et faisait partie des meilleurs mondiaux dans le domaine de l'IA. Il a cependant soulevé le problème du financement de la recherche et de l'innovation en France. IA et Société : L'audition a traité des impacts de l'IA sur la vie privée, le monde du travail et l'éducation. Luc Julia a souligné l'importance de développer l'esprit critique, notamment chez les jeunes, pour apprendre à vérifier les informations générées par les IA. Applications concrètes et futures : Le cas de la voiture autonome a été discuté, Luc Julia expliquant les différents niveaux d'autonomie et les défis restants. Il a également affirmé que l'intelligence artificielle générale (AGI), une IA qui dépasserait l'homme dans tous les domaines, est “impossible” avec les technologies actuelles. Rubrique débutant Les weakreferences et le finalize https://dzone.com/articles/advanced-java-garbage-collection-concepts un petit rappel utile sur les pièges de la méthode finalize qui peut ne jamais être invoquée Les risques de bug si finalize ne fini jamais Finalize rend le travail du garbage collector beaucoup plus complexe et inefficace Weak references sont utiles mais leur libération n'est pas contrôlable. Donc à ne pas abuser. Il y a aussi les soft et phantom references mais les usages ne sont assez subtils et complexe en fonction du GC. Le sériel va traiter les weak avant les soft, parallel non Le g1 ça dépend de la région Z1 ça dépend car le traitement est asynchrone Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 14-19 juillet 2025 : DebConf25 - Brest (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 22-24 septembre 2025 : Kernel Recipes - Paris (France) 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2 octobre 2025 : Nantes Craft - Nantes (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-7 octobre 2025 : Swift Connection 2025 - Paris (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9 octobre 2025 : DevCon #25 : informatique quantique - Paris (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16 octobre 2025 : Power 365 - 2025 - Lille (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 17 octobre 2025 : Sylius Con 2025 - Lyon (France) 17 octobre 2025 : ScalaIO 2025 - Paris (France) 20 octobre 2025 : Codeurs en Seine - Rouen (France) 23 octobre 2025 : Cloud Nord - Lille (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 5-6 novembre 2025 : Tech Show Paris - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 6 novembre 2025 : Agile Tour Aix-Marseille 2025 - Gardanne (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 19 novembre 2025 : SREday Paris 2025 Q4 - Paris (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : DevFest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 1-2 décembre 2025 : Tech Rocks Summit 2025 - Paris (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 9-11 décembre 2025 : APIdays Paris - Paris (France) 9-11 décembre 2025 : Green IO Paris - Paris (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 3 février 2026 : Cloud Native Days France 2026 - Paris (France) 12-13 février 2026 : Touraine Tech #26 - Tours (France) 22-24 avril 2026 : Devoxx France 2026 - Paris (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

Paul's Security Weekly
Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339

Paul's Security Weekly

Play Episode Listen Later Jul 15, 2025 67:50


What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. The better question is, "What do you want to secure?" We discuss the Cybersecurity Skills Framework put together by the OpenSSF and the Linux Foundation and how you might prepare for one of its job families. The important basics aren't about memorizing lists or technical details, but demonstrating experience in working with technologies, understanding how they can fail, and being able to express concerns, recommendations, and curiosity about their security properties. Resources: https://cybersecurityframework.io https://owasp.org/www-project-cheat-sheets/ https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/ https://aflplus.plus/ https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-339

Paul's Security Weekly TV
Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339

Paul's Security Weekly TV

Play Episode Listen Later Jul 15, 2025 67:50


What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. The better question is, "What do you want to secure?" We discuss the Cybersecurity Skills Framework put together by the OpenSSF and the Linux Foundation and how you might prepare for one of its job families. The important basics aren't about memorizing lists or technical details, but demonstrating experience in working with technologies, understanding how they can fail, and being able to express concerns, recommendations, and curiosity about their security properties. Resources: https://cybersecurityframework.io https://owasp.org/www-project-cheat-sheets/ https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/ https://aflplus.plus/ https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/ Show Notes: https://securityweekly.com/asw-339

Application Security Weekly (Audio)
Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339

Application Security Weekly (Audio)

Play Episode Listen Later Jul 15, 2025 67:50


What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. The better question is, "What do you want to secure?" We discuss the Cybersecurity Skills Framework put together by the OpenSSF and the Linux Foundation and how you might prepare for one of its job families. The important basics aren't about memorizing lists or technical details, but demonstrating experience in working with technologies, understanding how they can fail, and being able to express concerns, recommendations, and curiosity about their security properties. Resources: https://cybersecurityframework.io https://owasp.org/www-project-cheat-sheets/ https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/ https://aflplus.plus/ https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-339

Application Security Weekly (Video)
Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339

Application Security Weekly (Video)

Play Episode Listen Later Jul 15, 2025 67:50


What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and users. The better question is, "What do you want to secure?" We discuss the Cybersecurity Skills Framework put together by the OpenSSF and the Linux Foundation and how you might prepare for one of its job families. The important basics aren't about memorizing lists or technical details, but demonstrating experience in working with technologies, understanding how they can fail, and being able to express concerns, recommendations, and curiosity about their security properties. Resources: https://cybersecurityframework.io https://owasp.org/www-project-cheat-sheets/ https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/ https://aflplus.plus/ https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/ Show Notes: https://securityweekly.com/asw-339

CHAOSScast
Episode 114: Awesome POSM and Jellyfish Visualizations for the Cardano Community with Christian, Tex, and Johnny

CHAOSScast

Play Episode Listen Later Jul 10, 2025 50:24


Thank you to the folks at Sustain (https://sustainoss.org/) for providing the hosting account for CHAOSSCast! CHAOSScast – Episode 114 In this episode of CHAOSScast, hosts Georg Link and Nicole Huesman engage in a deep discussion with Christian Taylor, Terence (Tex) McCutcheon, and Johnny Kelly about measuring and enhancing open source community health through innovative methods. Christian and his team share their experiences in implementing the 'paid open source model' within the Cardano blockchain community, designed to retain and motivate contributors. The panel discusses a variety of topics, including governance models, the integration of AI for report generation, and the challenges of balancing open source principles with corporate interests. They also explore specific tools and metrics used to evaluate project health and community engagement, providing an illuminating look into the future of open source development. Hit the download button now! [00:01:40] Our guests give a brief introduction. [00:04:37] Christian provides a non-technical intro to Cardano, a top blockchain focused on peer reviewed, academic rigor. [00:06:07] Johnny explains Cardano's high decentralization via SPOs, DReps, and community tools like GovTool, and Christian outlines how open source ties in. [00:09:39] Christian talks about open source governance and Intersect and explains Intersect serves like the Linux Foundation for Cardano, holding code, facilitating contribution ladders, and launching an incubation program. [00:13:06] Georg gives a summary for those who are new: Cardano's treasury is funded via blockchain transaction fees. This funding supports open source development, tools, documentation, and maintainers, and Christian elaborates more about this. [00:15:39] Johnny details governance and funding decisions and Christian emphasizes the transparency and checks and balance system. [00:17:08] Nicole raises concerns about aligning paid models with open source ethos and Christian discusses Intersect's neutral, community-owned governance structure and internal checks and Johnny shares a link about the current members and the elective process within Intersect. [00:20:37] Christian shares using Bitergia and CHAOSS metrics to build out Cardano's open source health dashboard. Focus areas were response times, geographic contributions, contribution ladders, and project maturity. [00:26:03] Tex shares their dashboard is public and useful for spotting high-impact projects. He aims to improve documentation standards and repo governance practices. [00:31:05] Georg gives a brief description of the “jellyfish diagrams” that show how developers connect across projects. [00:33:26] Christian shares their approach to using AI in metrics reporting and Tex emphasizes AI assists analysis but doesn't replace human validation. [00:37:10] Nicole asks if the paid open source model is being shared externally. Christian confirms they presented the model at open source summits, validated it with leading experts, stress-tested with community input, and outlines a six month pilot of the model. Value Adds (Picks) of the week: [00:44:06] Georg's pick is going on his first cruise. [00:45:07] Christian's pick is family. [00:45:54] Tex's pick is simplicity. [00:46:38] Johnny's pick is the Calidus Pool-Key. [00:47:54] Nicole's pick is meeting and interviewing Dr. Laura Kelly. *Panelists: * Georg Link Nicole Huesman Guests: Christian Taylor Terence (Tex) McCutcheon Johnny Kelly Links: CHAOSS (https://chaoss.community/) CHAOSS Project X (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) CHAOSS YouTube (https://www.youtube.com/@CHAOSStube/videos) podcast@chaoss.community (mailto:podcast@chaoss.community) Georg Link Website (https://georg.link/) Nicole Huesman X (https://twitter.com/uoduckswtd) Christian Taylor X (https://x.com/DeOpenSourceGuy) Christian Taylor LinkedIn (https://www.linkedin.com/in/christian-taylor-766b01b1/) Terence McCutcheon X (https://x.com/Tmacqt87) Terence McCutcheon LinkedIn (https://www.linkedin.com/in/tex-oso/) Johnny Kelly X (https://x.com/intertreeJK) Johnny Kelly LinkedIn (https://www.linkedin.com/in/intertreejk/) Open Source Office at Intersect MBO (YouTube) (https://www.youtube.com/@osointersectmbo) Cardano (https://cardano.org/) Cardano GovTool (https://gov.tools/) Intersect (https://www.intersectmbo.org/) Intersect Committees (https://committees.docs.intersectmbo.org/intersect-open-source-committee/about/readme/committee-members) Open Source Office (OSO) (https://committees.docs.intersectmbo.org/intersect-open-source-committee/about/open-source-office-oso) Bitergia Repo Maturity Reports (https://committees.docs.intersectmbo.org/intersect-open-source-committee/all-monthly-reports/bitergia-repo-maturity-reports) Edinburgh Decentralization Index Dashboard (https://informatics.ed.ac.uk/blockchain/edi/dashboard) Contribution Ladder Framework (https://committees.docs.intersectmbo.org/intersect-open-source-committee/policies/contribution-ladder-framework) Current Open Source Committee Members list and Term Rotation Schedules (https://committees.docs.intersectmbo.org/intersect-open-source-committee/about/readme/committee-members) Bitergia Monthly Maturity Reports for 2025 (https://committees.docs.intersectmbo.org/intersect-open-source-committee/all-monthly-reports/bitergia-repo-maturity-reports/monthly-maturity-reports-2025) Introductory Article on POSM (Intersect) (https://www.intersectmbo.org/news/the-paid-open-source-model) Intersecting Open Source and Sustainability: A Paid Open Source Model for Ecosystems Full PDF (https://493748844-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLBdnzp0eZpGri9sVpseI%2Fuploads%2FvuisqFT8uCyKSDgpNmyW%2FPaid%20Open%20Source%20Model-%20LIVE.pdf?alt=media&token=577c8bd1-c9df-43a0-8b57-e883ddb1254a) Bitergia Dashboard (https://intersectmbo.biterg.io/app/dashboards#/view/Overview) The Paid Open Source Model Concept (YouTube) (https://www.youtube.com/watch?v=j4PgqaPWNT4) New Calidus Pool-Key for SPOs and Services Interacting with Pools (https://forum.cardano.org/t/new-calidus-pool-key-for-spos-and-services-interacting-with-pools/143812) She Lights the Way (https://shelightstheway.com/) Dr. Laura Kelly (https://drlaurakelly.com/) Special Guests: Johnny Kelly, Christian Taylor, and Terence (Tex) McCutheon.

Engineering Kiosk
#203 Die Struktur hinter dem weltweit größten Open Source Projekt mit Pascal Vizeli von Home Assistant

Engineering Kiosk

Play Episode Listen Later Jul 8, 2025 81:30 Transcription Available


In dieser Episode nehmen wir dich mit auf eine Reise hinter die Kulissen von Home Assistant – dem Open-Source-Giganten für Home Automation, der den Smart-Home-Markt im Sturm erobert hat. Es geht um eine Frage, die (fast) jede Tech-Community irgendwann beschäftigt: Ab welchem Punkt reicht Ehrenamt nicht mehr aus, und wie schafft man Strukturen, die weltweit Wirkung entfalten?Zusammen mit Pascal Vizeli – Co-Founder und CFO von Nabu Casa und Gründungsvorstand der Open Home Foundation – tauchen wir tief ein: Wie wächst ein Open-Source-Projekt von einer Freizeitidee zum internationalen Backbone für Smart Homes? Warum braucht es eine Schweizer Stiftung, um Kommerzialisierung zu verhindern? Und was hat es mit Works With Home Assistant, lizenzierten Produkten, Hardware-Innovationen und politischen Ambitionen auf sich?Spannend wird's, wenn Pascal erzählt, wie es gelingt, aus Community-Engagement professionelle Jobs zu machen, warum Datenschutz und Nachhaltigkeit zentrale Werte sind und wie Open Source endlich auch die großen Hersteller in die Pflicht nimmt. Dazu gibt's jede Menge Insights aus der Welt des Home Assistant, von Cloud-Diensten und Lizenzmodellen bis hin zum Kampf für offene Standards, Transparenz und das Recht an den eigenen Daten.Eine Folge, die nicht nur Smart-Home-Fans elektrisiert, sondern zeigt, wie Open Source zu echtem gesellschaftlichen Impact wird. Jetzt reinhören und Open Source mit ganz neuen Augen sehen!Bonus: Wer immer schon wissen wollte, warum Vereinsbuchhaltung manchmal wichtiger ist als Programmieren und wie man mit einer Non-Profit-Stiftung weltweit Standards definiert – hier kommt die Antwort.Unsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:

Business Travel 360
Linking the Travel Industry | Google Donates Agent2Agent Protocol to The Linux Foundation

Business Travel 360

Play Episode Listen Later Jul 4, 2025 19:06


Send us a textLinking the Travel Industry is a business travel podcast where we review the top travel industry stories that are posted on LinkedIn by LinkedIn members.  We curate the top posts and discuss with them with travel industry veterans in a live session with audience members.  You can join the live recording session by visiting BusinessTravel360.comYour Hosts are Riaan van Schoor, Ann Cederhall and Aash ShravahStories covered on this session include -As part of a restructure, JetBlue stops serving Miami.Qatar Airways receives plenty of praise for the way in which it handled the airspace closure incident, with thousands of passengers affected. Their CEO posted an open letter about the event.Barcelona's airport receives a $3.7b fund to expand, despite a local community heavily opposed to "overtourism".The yearly business and TravelTech Show in London concludes, with no major announcements.At the North American Open Source Summit held this week, Google announced they will be donating their Agent2Agent protocol to The Linux Foundation. This has huge implications for travel according to the OpenTravel Alliance.UK hotel chain Travelodge Hotels Limited partners with Katanox to improve their bookability amongst TMCs.SAS - Scandinavian Airlines returns to India after 17 years, with a Copenhagen - Mumbai flight planned from June.....next year.Extra Stories & Space News! You can subscribe to this podcast by searching 'BusinessTravel360' on your favorite podcast player or visiting BusinessTravel360.comThis podcast was created, edited and distributed by BusinessTravel360.  Be sure to sign up for regular updates at BusinessTravel360.com - Enjoy!Support the show

Reality 2.0
Episode 158: Reality 2025: Bridging AI, Security, and Open Source Challenges

Reality 2.0

Play Episode Listen Later Jul 3, 2025 34:08


In this episode of Reality 2.0, Doc and Katherine return after a long hiatus to discuss a range of topics including AI and security concerns, the evolution of cloud-native technologies, and the growing complexity of AI-related projects within various Linux Foundation groups. The conversation also touches on approaches to AI and privacy, the potential for AI to assist in personal and professional tasks, and the importance of standardizing and simplifying best practices for AI deployment. The episode wraps up with insights on the innovative 'My Terms' project aimed at flipping the cookie consent model to better respect user privacy. The hosts also emphasize the importance of constructive conversations and maintaining optimism about the future of technology. 00:00 Welcome Back to Reality 2.0 00:36 Upcoming Open Source Summit 01:03 Linux Foundation and AI Initiatives 04:20 Apple's Approach to Personal AI 05:11 Challenges of AI and Data Privacy 07:16 Potential of Personal AI Models 11:10 Human Interaction with AI 26:50 Innovations in Cookie Consent 31:08 Commitment to More Frequent Episodes 33:16 Closing Remarks and Future Plans Site/Blog/Newsletter (https://www.reality2cast.com) FaceBook (https://www.facebook.com/reality2cast) Twitter (https://twitter.com/reality2cast) Mastodon (https://linuxrocks.online/@reality2cast)

The Cloud Gambit
Hello Packet Pushers!

The Cloud Gambit

Play Episode Listen Later Jul 1, 2025 32:01 Transcription Available


Send us a textThe Cloud Gambit is joining the Packet Pushers Network! Launched in 2023 as an independent podcast, The Cloud Gambit was created for engineers who lead, leaders who build, and founders who need both perspectives. We are thrilled at the opportunity to continue our podcasting journey on the Packet Pushers Network. To keep following the show, you will need to resubscribe on your favorite pod catcher. You can find updated links below!New Podcast Links!The Cloud Gambit: https://packetpushers.net/podcast/the-cloud-gambit/Apple Podcasts: https://podcasts.apple.com/us/podcast/the-cloud-gambit/id1823741017Spotify: https://open.spotify.com/show/23UdyZ3ZwCKB7clwULXyeSPocketcasts: https://pocketcasts.com/podcasts/43146260-380d-013e-acd1-0e87279210d5RSS Feed: https://feeds.packetpushers.net/thecloudgambit/Other Links from the ShowA2A to Linux Foundation: https://developers.googleblog.com/en/google-cloud-donates-a2a-to-linux-foundation/OpenAI Google Deal?: https://www.reuters.com/business/retail-consumer/openai-taps-google-unprecedented-cloud-deal-despite-ai-rivalry-sources-say-2025-06-10/Tech Giants Emission Surge: https://www.reuters.com/sustainability/climate-energy/tech-giants-indirect-emissions-rose-150-three-years-ai-expands-un-agency-says-2025-06-05/

Campus Technology Insider
Surge in Student AI Use, Cisco AgenticOps, & Linux Hosts Agent2Agent: News of the Week (6/27/25)

Campus Technology Insider

Play Episode Listen Later Jun 27, 2025 2:23


In this episode of Campus Technology Insider Podcast Shorts, Rhea Kelly discusses a Microsoft report showing increased student AI usage, with 93% of American students using AI for school tasks. Cisco introduces AgenticOps, an AI-first approach to IT operations, featuring the Cisco AI Assistant, AI Canvas, and Deep Network Model. The Linux Foundation will host the Agent2Agent protocol project to promote secure AI agent communication. Stay tuned for more updates in higher education technology. 00:00 Introduction to Campus Technology Insider Podcast 00:15 Microsoft Report: Surge in Student AI Usage 00:50 Cisco's AgenticOps: Revolutionizing IT Operations 01:28 Linux Foundation Hosts Agent2Agent Protocol 02:02 Conclusion and Upcoming Break Announcement Source links: Survey: Student AI Use on the Rise Cisco Introduces AI-First Approach to IT Operations Linux Foundation to Host Protocol for AI Agent Interoperability Campus Technology Insider Podcast Shorts are curated by humans and narrated by AI.

Cyber Briefing
June 26, 2025 - Cyber Briefing

Cyber Briefing

Play Episode Listen Later Jun 26, 2025 9:35


If you like what you hear, please subscribe, leave us a review and tell a friend!

OpenObservability Talks
OpenSearch 3.0 Unveiled: Vector DB on Steroids and More - OpenObservability Talks S6E01

OpenObservability Talks

Play Episode Listen Later Jun 25, 2025 64:14


OpenSearch has become a cornerstone of open source search and observability, empowering developers and organizations to derive meaningful insights from unstructured data at scale. The past year marks a significant milestone in its journey, with OpenSearch officially joining The Linux Foundation, further cementing its position in the open source ecosystem.Now, after two years of 2.x, the next major release is here, and it brings significant advancements in performance, data management, vector database functionality, and much more. In this episode we dive into the 3.0 release, across lexical, semantic, and hybrid search, vector database improvements, observability capabilities, performance boosts, and much more. We also look at the community and ecosystem, the recent move of the project under The Linux Foundation, and some of the interesting use cases out there.  Our guests for this episode are Carl Meadows, Chair of the Governing Board of the OpenSearch Software Foundation, and Pallavi Priyadarshini, member of the Technical Steering Committee and the OpenSearch 3.0 release manager.The episode was live-streamed on 9 June 2025 and the video is available at https://www.youtube.com/watch?v=u4T-ksTAmxgYou can read the recap post: https://medium.com/p/fb526e0d44e5/Show Notes:00:00 - intro03:30 - OpenSearch joins the Linux Foundation06:05 - the community and Technical Steering Committee11:39 - why now 3.0?13:53 - performance improvements17:55 - vector database and MCP for agentic AI support23:20 - what's new with observability30:14 - Discover UI view and anomaly detection33:55 - the vision for OpenSearch and differentiation37:33 - Data Prepper ingestion component44:28 - gRPC and Protobuf support49:47 - 3.1 release and the 3.x line55:25 - where to follow and join the community1:03:12 - outro Resources:OpenSearch 3.0 announcement blog: https://opensearch.org/blog/unveiling-opensearch-3-0/OpenSearch public roadmap: https://github.com/orgs/opensearch-project/projects/220 OpenSearchCon and other events: https://opensearch.org/events/New Observability Special Interest Group: https://www.linkedin.com/feed/update/urn:li:share:7336739972877537281/Socials:BlueSky: https://bsky.app/profile/openobservability.bsky.socialLinkedIn: https://www.linkedin.com/company/openobservability/Twitter:⁠ https://twitter.com/OpenObserv⁠YouTube: ⁠https://www.youtube.com/@openobservabilitytalks⁠Dotan Horovits============Twitter: @horovitsLinkedIn: www.linkedin.com/in/horovitsMastodon: @horovits@fosstodonBlueSky: @horovits.bsky.socialCarl Meadows============Twitter: https://x.com/Carl_F_MeadowsLinkedIn: https://www.linkedin.com/in/carlfmeadows/Pallavi Priyadarshini=================LinkedIn: https://www.linkedin.com/in/pallavipr/OpenObservability Talks episodes are released monthly, on the last Thursday of each month and are available for listening on your favorite podcast app and on YouTube.We live-stream the episodes on Twitch and YouTube Live - tune in to see us live, and chime in with your comments and questions on the live chat.⁠⁠⁠⁠⁠https://www.youtube.com/@openobservabilitytalks⁠⁠  ⁠https://www.twitch.tv/openobservability⁠⁠

Software Defined Talk
Episode 524: It's a Box in a Box

Software Defined Talk

Play Episode Listen Later Jun 20, 2025 63:53


This week, we cover Apple's WWDC updates—from containerization to Foundation Models—and the Linux Foundation's new FAIR Package Manager. Plus, we crown the best SDT Uber rider Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/fNPlQJf7BSw?si=a7decAcUn1Hy-um6) 524 (https://www.youtube.com/live/fNPlQJf7BSw?si=a7decAcUn1Hy-um6) Runner-up Titles Infinite Workday. No more Eudora Revealed productivity. I threw up a tarp over my desk. We agreed to not talk about it It's a box in a box alias docker=containerization When does systemd get an MCP server? All the AIs are above-average We're not going to do anything and Apple's going to make our podcast better I should go read it again, but I won't Don't make the Linux Foundation clean up your mess The Internet Foundation Option (Alt) + Shift + 2 == € Rundown Breaking down the infinite workday (https://www.microsoft.com/en-us/worklab/work-trend-index/breaking-down-infinite-workday) WWDC Enterprise Recap Containerization (https://github.com/apple/containerization) Mac containers (https://github.com/apple/container?tab=readme-ov-file#container) Meet Containerization - WWDC25 - Videos - Apple Developer (https://developer.apple.com/videos/play/wwdc2025/346/) Apple updates Spotlight to take actions on your Mac (https://techcrunch.com/2025/06/09/apple-updates-spotlight-to-take-actions-on-your-mac/) Apple Supercharges Spotlight in macOS Tahoe With Quick Keys and More (https://www.macrumors.com/2025/06/09/apple-supercharges-spotlight-in-macos-tahoe-with-quick-keys-and-more/) Foundation Models (https://developer.apple.com/documentation/foundationmodels) Foundation Models adapter training (https://developer.apple.com/apple-intelligence/foundation-models-adapter/) Apple brings ChatGPT and other AI models to Xcode (https://techcrunch.com/2025/06/09/apple-brings-chatgpt-and-other-ai-models-to-xcode/) Apple services deliver powerful features and intelligent updates to users this fall (https://www.apple.com/newsroom/2025/06/apple-services-deliver-powerful-features-and-intelligent-updates-to-users-this-fall/) tvOS 26 Introduces Automatic Sign-In Feature for Apple TV Apps (https://www.macrumors.com/2025/06/13/tvos-26-automatic-sign-in/) Welcome to WWDC25 (https://www.youtube.com/watch?v=NdgNud1gWzg) One Year Left: Apple's Long Goodbye For Intel Macs (https://tedium.co/2025/06/09/apple-wwdc-intel-mac-support-ending/) Apple is shipping through it (https://www.platformer.news/apple-wwdc-2025-ai/?ref=platformer-newsletter) WordPress must play FAIR Linux Foundation Announces the FAIR Package Manager Project for Open Source Content Management System Stability (https://www.linuxfoundation.org/press/linux-foundation-announces-the-fair-package-manager-project-for-open-source-content-management-system-stability?utm_content=334921785&utm_medium=social&utm_source=twitter&hss_channel=tw-14706299) WordPress veterans launch FAIR project to tackle security and control concerns (https://www.fastcompany.com/91347003/wordpress-veterans-launch-fair-project-to-tackle-security-and-control-concerns) FAIR Package Manager project (https://github.com/fairpm) Relevant to your Interests Door Dash delivery at O'Hare exposes hole in airport security (https://wgntv.com/news/wgn-investigates/ohare-food-delivery-driver-tarmac-airport-security/) Cursor's Anysphere nabs $9.9B valuation, soars past $500M ARR (https://techcrunch.com/2025/06/05/cursors-anysphere-nabs-9-9b-valuation-soars-past-500m-arr/) Ensh*ttification, Live! Micah and Cory Doctorow in Conversation (https://www.wnycstudios.org/podcasts/otm/articles/enshttification-live-micah-and-cory-doctorow-in-conversation) Quant Firm's $1 Billion Code Is Focus of Rare Criminal Case (https://www.bloomberg.com/news/features/2025-06-08/wall-street-trade-secrets-1-billion-code-star-in-theft-case) BYD Unleashes an EV Industry Reckoning That Alarms Beijing (https://finance.yahoo.com/news/byd-unleashes-ev-industry-reckoning-210000104.html?guccounter=1&guce_referrer=aHR0cHM6Ly9tYXN0b2Rvbi5zb2NpYWwv&guce_referrer_sig=AQAAACdyrkbzRsvm2yrjUpnk-ZoEChm2HKfqsRvQ3-5qL5l5DslEVyEIAHBZHJfsWobisLNGXtuXSw6g5UMvSDXinhxt6KQKXRrtrai50TlXVsKzr-9Ch9bk3B3wrqb8MVPHDhM3mnu8sue0e7y6MT2AWzXTlr-9q-9OJuox5ehaI6XS) No Yapping (https://bsky.app/profile/simonwillison.net/post/3lqegqt3gns2v?ck_subscriber_id=512840665&utm_source=convertkit&utm_medium=email&utm_campaign=%5BLast+Week+in+AWS%5D+Issue+#426:%20AWS's%20Snaky%20Region%20-%2017901826) Apple supercharges its tools and technologies for developers (https://www.apple.com/newsroom/2025/06/apple-supercharges-its-tools-and-technologies-for-developers/) Starbucks to roll out Microsoft Azure OpenAI assistant for baristas (https://www.cnbc.com/2025/06/10/starbucks-to-roll-out-microsoft-azure-openai-assistant-for-baristas.html) The Modern Observability Roundtable: AI, Rising Costs and OpenTelemetry (https://thenewstack.io/the-modern-observability-roundtable-ai-rising-costs-and-opentelemetry/?link_source=ta_bluesky_link&taid=6850e84a64f5a20001b6b561&utm_campaign=trueanthem&utm_medium=social&utm_source=bluesky) Python's Security Savior: Chainguard Battles Supply Chain Risk (https://thenewstack.io/pythons-security-savior-chainguard-battles-supply-chain-risk/?link_source=ta_bluesky_link&taid=685158d164f5a20001b6b899&utm_campaign=trueanthem&utm_medium=social&utm_source=bluesky) A Look Back at Q1 '25 Public Cloud Software Earnings (https://cloudedjudgement.substack.com/p/a-look-back-at-q1-25-public-cloud?utm_source=post-email-title&publication_id=56878&post_id=166107679&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Amazon's Jassy Says AI Will Reduce Company's Corporate Workforce (https://www.bloomberg.com/news/articles/2025-06-17/amazon-s-jassy-says-ai-will-reduce-company-s-corporate-workforce?embedded-checkout=true) Message from CEO Andy Jassy: Some thoughts on Generative AI (https://www.aboutamazon.com/news/company-news/amazon-ceo-andy-jassy-on-generative-ai) The changing landscape for news podcasts across countries (https://reutersinstitute.politics.ox.ac.uk/digital-news-report/2025/changing-landscape-news-podcasts-across-countries) FAA to eliminate floppy disks used in air traffic control systems - Windows 95 also being phased out (https://www.tomshardware.com/pc-components/storage/the-faa-seeks-to-eliminate-floppy-disk-usage-in-air-traffic-control-systems) Incremental AI is better than civilization changing AI (https://newsletter.cote.io/p/incremental-ai-is-better-than-civilization?utm_source=post-email-title&publication_id=50&post_id=166221577&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Message from CEO Andy Jassy: Some thoughts on Generative AI (https://www.aboutamazon.com/news/company-news/amazon-ceo-andy-jassy-on-generative-ai) Meta in Talks for Scale AI Investment That Could Top $10 Billion (https://www.bloomberg.com/news/articles/2025-06-08/meta-in-talks-for-scale-ai-investment-that-could-top-10-billion?srnd=phx-deals) Remote MCP support in Claude Code (https://www.anthropic.com/news/claude-code-remote-mcp) Sam Altman says Meta tried and failed to poach OpenAI's talent with $100M offers (https://techcrunch.com/2025/06/17/sam-altman-says-meta-tried-and-failed-to-poach-openais-talent-with-100m-offers/) Nonsense TSA urges people to stop trying to use a Costco card as a sufficient REAL ID (https://www.wsfa.com/2025/06/06/tsa-urges-people-stop-trying-use-costco-card-sufficient-real-id/#jws1au56yepvkb57za6d23t2eoolh67) Buc-ee's, a Pit Stop to Refuel Cars, Stomachs and Souls, Spreads Beyond Texas (https://www.nytimes.com/2025/06/14/us/bucees-mississippi.html?smid=nytcore-ios-share&referringSource=articleShare) 201 ways to say ‘fuck': what 1.7 billion words of online text shows about how the world swears (https://theconversation.com/201-ways-to-say-fuck-what-1-7-billion-words-of-online-text-shows-about-how-the-world-swears-257815) Are you a loudcaster? (https://elizabethtai.com/2025/06/07/are-you-a-loudcaster/) Listener Feedback Wes recommends iSH (https://ish.app/) — Linux shell of the iPhone Conferences CF Day EU (https://events.linuxfoundation.org/cloud-foundry-day-europe/), Frankfurt, October 7th, 2025. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Watch Dept. Q (https://www.netflix.com/title/81487660) Matt: Call of Duty: Modern Warfare Remastered (https://store.steampowered.com/app/393080/Call_of_Duty_Modern_Warfare_Remastered_2017/) Coté: INFILTRATE. SURVEY. PERCEIVE by Reyes Makes Games (https://reyesraine.itch.io/infiltrate-survey-perceive). Photo Credits Header (https://unsplash.com/s/photos/keyboards?license=free&orientation=landscape)

FINOS Open Source in Fintech Podcast
The Evolving Role of Open Source in Finance with GitLab's George Kichukov

FINOS Open Source in Fintech Podcast

Play Episode Listen Later Jun 19, 2025 30:58


The Evolving Role of Open Source in Financial Services with GitLab's George KichukovIn this episode of the FINOS podcast, Grizz Griswold interviews George Kichukov from GitLab to discuss the transformative effect of open-source technology in financial services. The conversation covers the adoption of secure open-source practices, the importance of a strong engineering culture, and the benefits of contributing back to the open-source community. George shares insights from his 20-year career, including his extensive experience at Citibank, and elaborates on his current role in improving software delivery at GitLab. The episode also highlights upcoming events like the Open Source and Finance Forum (OSFF) and the vital role of sponsors in fostering industry collaboration.00:00 The Evolution of Open Source in Financial Services01:32 Upcoming OSFF Events and Sponsors01:33 Upcoming OSFF Events and Sponsors03:31 Introduction to George Kichukov from GitLab03:52 George's Role and Experience at GitLab06:36 George's Career Journey Before GitLab12:15 The Importance of Developer Experience15:56 The Role of Open Source in Developer Experience20:57 The Shift in Financial Services Towards Open Source26:58 Conclusion and Final ThoughtsGeorge Kichukov: https://www.linkedin.com/in/kichukov/GitLab: https://about.gitlab.com/ Grizz Griswold: https://www.linkedin.com/in/aarongriswold Find more info about FINOS: On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletterLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

Late Night Linux
Late Night Linux – Episode 338

Late Night Linux

Play Episode Listen Later Jun 17, 2025 29:24


X11 is basically dead (again) and we are quite pleased, the Linux Foundation sets out to fix the WordPress mess and some of us are cynical, custom ROMs for Pixel phones are going to be much more difficult to make, Apple is adding proper OCI containers to macOS, and more.   News Ubuntu 25.10 drops... Read More

Late Night Linux All Episodes
Late Night Linux – Episode 338

Late Night Linux All Episodes

Play Episode Listen Later Jun 17, 2025 29:24


X11 is basically dead (again) and we are quite pleased, the Linux Foundation sets out to fix the WordPress mess and some of us are cynical, custom ROMs for Pixel phones are going to be much more difficult to make, Apple is adding proper OCI containers to macOS, and more.   News Ubuntu 25.10 drops... Read More

FINOS Open Source in Fintech Podcast
Exploring Data Mesh and Open Source Governance with Daniel Paes | OS in Finance Podcast

FINOS Open Source in Fintech Podcast

Play Episode Listen Later Jun 17, 2025 31:04


Exploring Data Mesh and Open Source Governance with Daniel PaesIn this episode of the FINOS podcast, Grizz Griswold interviews Daniel Paes, a FINOS Ambassador. They discuss concepts like data mesh, data contracts, and the use of open source tools like Legend and CDM in data governance. Daniel shares his journey from a business intelligence analyst in Brazil to a principal director at a CloudOps and DataOps company in Canada. They also talk about the Open Source and Finance Forum (OSFF), upcoming events, and Daniel's innovative projects like Runink. This episode offers insights into the adoption of open source tools in financial services and practical applications of data governance models.00:00 Introduction to CDM and Legend01:07 Upcoming OSFF Events and Sponsors03:06 Meet Daniel Paes: Background and Career04:08 Daniel's Journey with Open Source06:20 Open Source in Brazil and Canada11:31 Daniel's Career Path15:32 Current Projects and API Days Insights15:42 Exploring FINOS Legend and CDM22:07 Runink: A New Open Source Project29:12 Becoming a FINOS Ambassador30:10 Conclusion and Future PlansDaniel Paes: https://www.linkedin.com/in/danspaes/Runink: https://www.runink.org/Grizz Griswold: https://www.linkedin.com/in/aarongriswold Find more info about FINOS: On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletterLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

WordPress | Post Status Draft Podcast
Post Status Cache Up With Carrie Dils, Mika Epstein, and Ryan McCue

WordPress | Post Status Draft Podcast

Play Episode Listen Later Jun 16, 2025 64:56


In this podcast episode, host Michelle Frechette welcomes Carrie Dils, Mika Epstein, and Ryan McCue to discuss their roles in the WordPress community and the new FAIR project. The group explores FAIR's mission to create a federated independent repository system for WordPress plugins and themes, focusing on decentralization, community-driven moderation, inclusive governance, and privacy. They address challenges like supporting premium plugins, reducing environmental impact, and fostering global participation. The episode highlights FAIR's collaborative, open-source approach and invites listeners to get involved through GitHub and community meetings, aiming to shape a more innovative and inclusive WordPress ecosystem.Top Takeaways:FAIR Is Reimagining Plugin Discovery and Trust for WordPress: FAIR is building a more open, decentralized ecosystem for WordPress plugin discovery—empowering both end users and developers. By enabling verified directories and authenticated plugin listings (via methods like DNS verification), FAIR provides an alternative to the limitations of the WordPress.org repo, while increasing transparency, user safety, and trust.Community Participation Is Central to FAIR's Success: The FAIR initiative is deeply community-driven. Contributors are encouraged to get involved through GitHub Discussions, introduce themselves, offer help, or join working groups. The leadership team is intentionally building these groups based on people's skills and availability, rather than predefined roles—making FAIR flexible, inclusive, and open to evolving needs.FAIR Encourages Innovation Outside Traditional WordPress Constraints: The project provides an alternative path for plugin creators who may not want to follow the traditional WordPress.org model (e.g., having to release a free version first). With FAIR, creators can request to be listed in aggregator directories that are more flexible, values-aligned, or niche-focused—fostering innovation and lowering barriers to entry.FAIR Is Still in Early Development—and Actively Growing: While the FAIR plugin and protocol are live (accessible via fair.pm), the ecosystem is in its formative stages. The team is prioritizing essential needs (the “MVP”) and building infrastructure to support future growth in documentation, marketing, design, development, and user testing. They welcome feedback on plugin issues, conflicts, and ideas, encouraging broad experimentation and iteration.Mentioned in the Show:FAIRLinkedIn LearningAwesome MotiveLez Watch TVHuman MadeAspire PressGravatarLinux Foundation ProjectBlueskyWPCCBlack PressMastodon DrupalCourtney RobertsonAutomatticMediaWikiMonster InsightsGravity FormsFastly

Hashtag Trending
Open Source AI Adoption, Google Outage Explained, Starlink-to-Phone Service, and Renewable Energy Challenges

Hashtag Trending

Play Episode Listen Later Jun 16, 2025 14:09


  In this episode of hashtag Trending, host Jim Love covers several significant tech developments. A new Linux Foundation study has found that 89% of companies using AI are adopting open-source models, with smaller businesses leading the trend due to cost benefits. Google's recent major outage, caused by an invalid automated quota update, highlights vulnerabilities in cloud concentration risk. SpaceX's Starlink-to-phone service is set to launch, offering text capabilities in remote areas, though it comes at a premium cost. Lastly, the transition to renewable energy faces a bottleneck due to a shortage of high-voltage cables required to connect renewable sources to the power grid. These cables are crucial but complex to manufacture, posing a significant challenge to global clean energy goals. 00:00 Introduction and Host Welcome 00:19 Open Source AI Adoption 03:32 Google's Major Outage Explained 07:02 Starlink Satellite to Phone Service 09:14 Challenges in Renewable Energy Transition 12:54 Conclusion and Call for Support

FINOS Open Source in Fintech Podcast
Exploring Common Controls and Governance in Finance w Mike Long, CEO, Kosli

FINOS Open Source in Fintech Podcast

Play Episode Listen Later Jun 12, 2025 25:08


Exploring Common Controls and Governance in Financial Services with Kosli's CEO, Mike LongIn this episode of the FINOS podcast, Grizz Griswold interviews Mike Long, CEO and founder of Kosli. They discuss the challenges of AI readiness and managing risk in financial services, focusing on the importance of common control definitions in SDLC processes. Mike shares his journey from studying AI and computer science to founding Kosli, emphasizing the role of automation in governance and compliance. The conversation highlights the significance of community and collaboration within FINOS to solve industry-level problems, touching on AI, regulatory compliance, and the future of governance automation. Mike also reflects on the evolution of agent-based solutions and their applications in current tech environments. Tune in for insights on making engineering processes more efficient and the importance of shared understanding in tech and compliance.00:00 Introduction to Control Definitions01:14 Upcoming OSFF Events and Sponsors03:13 Meet Mike Long, CEO of Kosli03:47 Mike Long's Background and Career Journey07:01 Challenges in Financial Services and Kosli's Solutions09:54 Joining FINOS and Goals for Collaboration16:22 The Importance of Community in FINOS20:37 Future of AI and Autonomous Agents24:11 Closing Remarks and OSFF LondonKosli: https://www.kosli.com/Mike Long: https://www.linkedin.com/in/mikelongkosliGrizz Griswold: https://www.linkedin.com/in/aarongriswold Find more info about FINOS: On the web: https://www.finos.org Open Source in Finance Forum (OSFF Conference): https://www.finos.org/osff-2025 2024 State of Open Source in Financial Services Download: ⁠https://www.finos.org/state-of-open-source-in-financial-services-2024⁠ FINOS Current Newsletter Here: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.finos.org/newsletterLinkedIn: https://www.linkedin.com/company/finosfoundation Twitter: https://twitter.com/FINOSFoundation About FINOSFINOS (The Fintech Open Source Foundation) is a nonprofit whose mission is to foster the adoption of open source, open standards, and collaborative software development practices in financial services. It is the center for open source developers and the financial services industry to build new technology projects that have a lasting impact on business operations. As a regulatory compliant platform, the foundation enables developers from these competing organizations to collaborate on projects with a strong propensity for mutualization. It has enabled codebase contributions from both the buy- and sell-side firms and counts over 50 major financial institutions, fintechs and technology consultancies as part of its membership. FINOS is also part of the Linux Foundation, the largest shared technology organization in the world. Get involved and join FINOS as a Member.

Security Now (MP3)
SN 1029: The Illusion of Thinking - Meta Apps and JavaScript Collusion

Security Now (MP3)

Play Episode Listen Later Jun 11, 2025 165:36


In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

All TWiT.tv Shows (MP3)
Security Now 1029: The Illusion of Thinking

All TWiT.tv Shows (MP3)

Play Episode Listen Later Jun 11, 2025 165:36 Transcription Available


In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

Security Now (Video HD)
SN 1029: The Illusion of Thinking - Meta Apps and JavaScript Collusion

Security Now (Video HD)

Play Episode Listen Later Jun 11, 2025 165:36


In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

Security Now (Video HI)
SN 1029: The Illusion of Thinking - Meta Apps and JavaScript Collusion

Security Now (Video HI)

Play Episode Listen Later Jun 11, 2025 165:36


In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

Radio Leo (Audio)
Security Now 1029: The Illusion of Thinking

Radio Leo (Audio)

Play Episode Listen Later Jun 11, 2025 165:36


In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

Security Now (Video LO)
SN 1029: The Illusion of Thinking - Meta Apps and JavaScript Collusion

Security Now (Video LO)

Play Episode Listen Later Jun 11, 2025 165:36


In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

All TWiT.tv Shows (Video LO)
Security Now 1029: The Illusion of Thinking

All TWiT.tv Shows (Video LO)

Play Episode Listen Later Jun 11, 2025 165:36 Transcription Available


In memoriam: Bill Atkinson Meta native apps & JavaScript collude for a localhost local mess. The EU rolls out its own DNS4EU filtered DNS service. Ukraine DDoS's Russia's Railway DNS ... and... so what? The Linux Foundation creates an alternative Wordpress package manager. Court tells OpenAI it must NOT delete ANYONE's chats. Period! :( A CVSS 10.0 in Erlang/OTP's SSH library. Can Russia intercept Telegram? Perhaps. Spain's ISPs mistakenly block Google sites. Reddit sues Anthropic. Twitter's new encrypted DM's are as lame as the old ones. The Login.gov site may not have any backups. Apple explores the question of recent Large Reasoning Models "thinking" Show Notes - https://www.grc.com/sn/SN-1029-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: hoxhunt.com/securitynow threatlocker.com for Security Now uscloud.com canary.tools/twit - use code: TWIT

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast June, Tuesday, June 10th, 2025: Octosql; Mirai vs. Wazuh DNS4EU; Wordpress Fair Package Manager

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Jun 10, 2025 6:09


OctoSQL & Vulnerability Data OctoSQL is a neat tool to query files in different formats using SQL. This can, for example, be used to query the JSON vulnerability files from CISA or NVD and create interesting joins between different files. https://isc.sans.edu/diary/OctoSQL+Vulnerability+Data/32026 Mirai vs. Wazuh The Mirai botnet has now been observed exploiting a vulnerability in the open-source EDR tool Wazuh. https://www.akamai.com/blog/security-research/botnets-flaw-mirai-spreads-through-wazuh-vulnerability DNS4EU The European Union created its own public recursive resolver to offer a public resolver compliant with European privacy laws. This resolver is currently operated by ENISA, but the intent is to have a commercial entity operate and support it by a commercial entity. https://www.joindns4.eu/ WordPress FAIR Package Manager Recent legal issues around different WordPress-related entities have made it more difficult to maintain diverse sources of WordPress plugins. With WordPress plugins usually being responsible for many of the security issues, the Linux Foundation has come forward to support the FAIR Package Manager, a tool intended to simplify the management of WordPress packages. https://github.com/fairpm

Paul's Security Weekly
Appsec News & Interviews from RSAC on Identity and AI - Rami Saas, Charlotte Wylie - ASW #331

Paul's Security Weekly

Play Episode Listen Later May 20, 2025 61:48


In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for secure design, and discuss the new Cybersecurity Skills Framework from the OpenSSF and Linux Foundation. Then we share two more sponsored interviews from this year's RSAC Conference. With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io's solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization's entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control. This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-331

Paul's Security Weekly TV
Appsec News & Interviews from RSAC on Identity and AI - Charlotte Wylie, Rami Saas - ASW #331

Paul's Security Weekly TV

Play Episode Listen Later May 20, 2025 61:48


In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for secure design, and discuss the new Cybersecurity Skills Framework from the OpenSSF and Linux Foundation. Then we share two more sponsored interviews from this year's RSAC Conference. With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io's solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization's entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control. This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo! Show Notes: https://securityweekly.com/asw-331

Application Security Weekly (Audio)
Appsec News & Interviews from RSAC on Identity and AI - Rami Saas, Charlotte Wylie - ASW #331

Application Security Weekly (Audio)

Play Episode Listen Later May 20, 2025 61:48


In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some research that notes the multitude of definitions for secure design, and discuss the new Cybersecurity Skills Framework from the OpenSSF and Linux Foundation. Then we share two more sponsored interviews from this year's RSAC Conference. With more types of identities, machines, and agents trying to access increasingly critical data and resources, across larger numbers of devices, organizations will be faced with managing this added complexity and identity sprawl. Now more than ever, organizations need to make sure security is not an afterthought, implementing comprehensive solutions for securing, managing, and governing both non-human and human identities across ecosystems at scale. This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them! At Mend.io, we believe that securing AI-powered applications requires more than just scanning for vulnerabilities in AI-generated code—it demands a comprehensive, enterprise-level strategy. While many AppSec vendors offer limited, point-in-time solutions focused solely on AI code, Mend.io takes a broader and more integrated approach. Our platform is designed to secure not just the code, but the full spectrum of AI components embedded within modern applications. By leveraging existing risk management strategies, processes, and tools, we uncover the unique risks that AI introduces—without forcing organizations to reinvent their workflows. Mend.io's solution ensures that AI security is embedded into the software development lifecycle, enabling teams to assess and mitigate risks proactively and at scale. Unlike isolated AI security startups, Mend.io delivers a single, unified platform that secures an organization's entire codebase—including its AI-driven elements. This approach maximizes efficiency, minimizes disruption, and empowers enterprises to embrace AI innovation with confidence and control. This segment is sponsored by Mend.io. Visit https://securityweekly.com/mendrsac to book a live demo! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-331

Blockchain Won't Save the World
S4E27 The State of Interoperability & Enterprise Blockchain w. Dr. Zhang (WANChain & EEA)

Blockchain Won't Save the World

Play Episode Listen Later May 18, 2025 41:35


Dr. Weijia Zhang is a renowned expert on interoperability, bridges, and is the Regional Head of China for the Enterprise Ethereum Alliance. So he knows a thing or two about what it takes to bring Web3 into production.Interoperability was supposed to be the great accelerator (ahead of privacy tech) for Web3 to really scale and connect apps and ecosystems for the greater good. But have we achieved this yet? Are bridges the answer, or can we do better?In this show, we discuss:- The ideal conditions for use of Blockchain technology- The current technologies and maturity of 'interoperability'- Enterprise use cases Dr. Zhang is most excited about- The role and importance of organisations like EEA and Linux Foundation in driving adoption- What more is needed to see widespread usage of Blockchain technology