Podcasts about Nginx

¿Tu Watchtower te ha dejado alguna vez un servicio crítico caído? Es hora de automatizar la seguridad de tus contenedores Docker, ¡pero con control total y una Interfaz Gráfica (Web UI)! Tugtainer es la alternativa que estabas buscando para decirle adiós a las vulnerabilidades y a los "desastres del sábado". Si gestionas tu propio stack en Linux, esta herramienta self-hosted te va a cambiar la vida. Escucha y descubre cómo tener contenedores siempre al día, pero con seguridad.Hay dos cosas que obsesionan a cualquier administrador de sistemas que utiliza Docker en entornos self-hosted: las copias de seguridad de las bases de datos y la actualización constante de las imágenes para evitar vulnerabilidades. Aunque la actualización automática es fundamental como acción preventiva, si se hace de forma completamente desatendida, puede causar más de un trastorno.Durante años, he usado Watchtower para la mayoría de mis servicios. Sin embargo, esta herramienta, aunque se integra perfectamente con Docker y las etiquetas, tiene dos grandes problemas: carece de una interfaz gráfica para ver qué está ocurriendo y lleva tiempo sin recibir actualizaciones.El Dilema del Control:Los servicios críticos, como las páginas web que administro (con stacks de WordPress, MariaDB y Nginx), no pueden permitirse caídas. Por eso, dejé la política de actualizaciones diarias y la cambié por una revisión semanal (los sábados). Hoy, vamos a resolver este dilema: ¿Cómo conseguimos la automatización de la seguridad sin sacrificar la estabilidad?Llega Tugtainer: El Control Gráfico que NecesitabasEn este episodio, te presento una herramienta nueva y prometedora (¡con solo un mes de vida!) que se posiciona como una alternativa a Watchtower y Ouroboros. Se trata de Tugtainer, la solución que añade una Web UI completa a la gestión de actualizaciones de Docker.Lo que Aprenderás en el Episodio:Por qué mi stack web (con dependencias service_healthy) sigue dándome problemas al actualizar, y la lección aprendida.Las advertencias cruciales del desarrollador de Tugtainer: por qué no se recomienda para entornos de producción (¡al menos por ahora!).Análisis a fondo de las siete características de Tugtainer que te dan control total:Configuración por Contenedor: Decidir si un servicio CRÍTICO (como Traefik) solo se verifica o si se auto-actualiza.Programación Crontab: Control total sobre cuándo se lanzan las comprobaciones.Autenticación y Notificaciones: Seguridad y visibilidad al instante.Limpieza de imágenes: Adiós a las imágenes obsoletas que ocupan espacio.Mi propia implementación de Tugtainer con Docker Compose, Traefik y Dockge (¡una herramienta que deberías conocer!).Si utilizas Linux, Docker y buscas maximizar tu productividad y seguridad en tu VPS o Raspberry Pi, este episodio es una guía esencial para pasar de la automatización ciega a la automatización inteligente.¡Dale al play y descubre si Tugtainer se queda o no en mi propio stack de atareao!Soy Lorenzo Carbonell, "atareao". En este podcast me centro en el software libre y Linux. Mi estilo es práctico y te traigo soluciones, métodos y tutoriales para mejorar la productividad, gestionar datos y optimizar sistemas Linux. Si te interesa Docker, Neovim, Rust, Syncthing o configurar servicios en plataformas como Raspberry Pi o VPS, ¡suscríbete!Más información y enlaces en las notas del episodio

Clipboard Image Stealer Xavier presents an infostealer in Python that steals images from the clipboard. https://isc.sans.edu/diary/Clipboard%20Pictures%20Exfiltration%20in%20Python%20Infostealer/32372 F5 Compromise F5 announced a wide-ranging compromise today. Source code and information about unpatched vulnerabilities were stolen. https://my.f5.com/manage/s/article/K000157005 https://my.f5.com/manage/s/article/K000156572 https://my.f5.com/manage/s/article/K000154696 Adobe Updates Adobe updated 12 different products yesterday. https://helpx.adobe.com/security.html SAP Patchday Among the critical vulnerabilities patched in SAP s products are two deserialization vulnerabilities with a CVSS score of 10.0 https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html https://onapsis.com/blog/sap-security-patch-day-october-2025/

In this episode we sit down with James Strong, Solutions Architect at Isovalent (the team behind Cilium), to talk about one of the biggest evolutions in Kubernetes networking: the shift from Ingress-NGINX to the Gateway API.James, who is also a maintainer of Ingress-NGINX, explains why the project is being phased out and how the community is building its successor — in-gate, a new implementation designed around the Gateway API. We dive into:Why the Gateway API is the next-generation replacement for Ingress.The challenges of migrating existing workloads and dealing with technical debt.How the new API improves security, RBAC separation, and flexibility.The importance of community contribution, not just through code, but by joining discussions, testing, and providing feedback.We also discuss common misconceptions, unusual use cases (like people trying to load balance VPNs and SFTP!), and what the future looks like for networking projects in the CNCF ecosystem.An honest, behind-the-scenes look at the future of Kubernetes networking — from someone helping to build it.Stuur ons een bericht.ACC ICT Specialist in IT-CONTINUÏTEIT Bedrijfskritische applicaties én data veilig beschikbaar, onafhankelijk van derden, altijd en overalSupport the showLike and subscribe! It helps out a lot.You can also find us on:De Nederlandse Kubernetes Podcast - YouTubeNederlandse Kubernetes Podcast (@k8spodcast.nl) | TikTokDe Nederlandse Kubernetes PodcastWhere can you meet us:EventsThis Podcast is powered by:ACC ICT - IT-Continuïteit voor Bedrijfskritische Applicaties | ACC ICT

¿Estás cansado de reconstruir una imagen de Docker cada vez que necesitas cambiar un simple archivo de configuración? Este problema, que consume tiempo y recursos, es más común de lo que piensas. En este episodio de atareao con Linux, te traigo la solución definitiva para optimizar tu flujo de trabajo: las configuraciones de Docker (Docker Configs).Las configuraciones son una herramienta fundamental para la gestión de contenedores en entornos de Docker Compose y Docker Swarm. A diferencia de los volúmenes, que se centran en datos persistentes, las configs te permiten desacoplar los archivos de configuración de tus aplicaciones de la propia imagen de Docker. Esto significa que puedes crear imágenes genéricas y altamente portables, y luego adaptar su comportamiento a cada entorno (desarrollo, pruebas, producción) de manera sencilla y centralizada.En este tutorial práctico, exploraremos todo lo que necesitas saber sobre las configs:¿Qué son las configuraciones de Docker y por qué son cruciales para la productividad? Te explico su propósito y cómo su uso puede acelerar tu ciclo de desarrollo y despliegue.Diferencias clave con otras herramientas de gestión de datos de Docker. Te ayudo a entender cuándo usar configs en lugar de volúmenes o secrets para garantizar la seguridad y la eficiencia en tus proyectos.Un ejemplo práctico y detallado. Nos pondremos manos a la obra para configurar un contenedor de Nginx usando configs. Aprenderás a declarar la configuración en tu archivo docker-compose.yml, a montarla en la ruta correcta del contenedor con el parámetro target, y a establecer los permisos de acceso (mode), como el 0644 que te comenté.Este enfoque de "problema-solución" te permitirá tomar el control total sobre tus despliegues. Olvídate de la tediosa tarea de reconstruir imágenes y adopta una práctica de software de código abierto más robusta y profesional.El conocimiento que adquirirás en este episodio es aplicable a un sinfín de proyectos, ya sea que estés configurando un proxy inverso con Traefik, una base de datos o un servicio de sincronización como Syncthing en una Raspberry Pi o un VPS. Con esta herramienta, podrás hacer "cualquier cosa que quieras hacer con Linux" de forma más inteligente y eficiente.¡Prepárate para llevar tu gestión de Docker al siguiente nivel y optimizar tus sistemas como nunca antes!Más información y enlaces en las notas del episodio

¿Estás cansado de reconstruir una imagen de Docker cada vez que necesitas cambiar un simple archivo de configuración? Este problema, que consume tiempo y recursos, es más común de lo que piensas. En este episodio de atareao con Linux, te traigo la solución definitiva para optimizar tu flujo de trabajo: las configuraciones de Docker (Docker Configs).Las configuraciones son una herramienta fundamental para la gestión de contenedores en entornos de Docker Compose y Docker Swarm. A diferencia de los volúmenes, que se centran en datos persistentes, las configs te permiten desacoplar los archivos de configuración de tus aplicaciones de la propia imagen de Docker. Esto significa que puedes crear imágenes genéricas y altamente portables, y luego adaptar su comportamiento a cada entorno (desarrollo, pruebas, producción) de manera sencilla y centralizada.En este tutorial práctico, exploraremos todo lo que necesitas saber sobre las configs:¿Qué son las configuraciones de Docker y por qué son cruciales para la productividad? Te explico su propósito y cómo su uso puede acelerar tu ciclo de desarrollo y despliegue.Diferencias clave con otras herramientas de gestión de datos de Docker. Te ayudo a entender cuándo usar configs en lugar de volúmenes o secrets para garantizar la seguridad y la eficiencia en tus proyectos.Un ejemplo práctico y detallado. Nos pondremos manos a la obra para configurar un contenedor de Nginx usando configs. Aprenderás a declarar la configuración en tu archivo docker-compose.yml, a montarla en la ruta correcta del contenedor con el parámetro target, y a establecer los permisos de acceso (mode), como el 0644 que te comenté.Este enfoque de "problema-solución" te permitirá tomar el control total sobre tus despliegues. Olvídate de la tediosa tarea de reconstruir imágenes y adopta una práctica de software de código abierto más robusta y profesional.El conocimiento que adquirirás en este episodio es aplicable a un sinfín de proyectos, ya sea que estés configurando un proxy inverso con Traefik, una base de datos o un servicio de sincronización como Syncthing en una Raspberry Pi o un VPS. Con esta herramienta, podrás hacer "cualquier cosa que quieras hacer con Linux" de forma más inteligente y eficiente.¡Prepárate para llevar tu gestión de Docker al siguiente nivel y optimizar tus sistemas como nunca antes!Más información y enlaces en las notas del episodio

Topics covered in this episode: * rathole* * pre-commit: install with uv* A good example of what functools.Placeholder from Python 3.14 allows Converted 160 old blog posts with AI Extras Joke Watch on YouTube About the show Sponsored by DigitalOcean: pythonbytes.fm/digitalocean-gen-ai Use code DO4BYTES and get $200 in free credit Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: rathole A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok. Features High Performance Much higher throughput can be achieved than frp, and more stable when handling a large volume of connections. Low Resource Consumption Consumes much fewer memory than similar tools. See Benchmark. The binary can be as small as ~500KiB to fit the constraints of devices, like embedded devices as routers. On my server, it's currently using about 2.7MB in Docker (wow!) Security Tokens of services are mandatory and service-wise. The server and clients are responsible for their own configs. With the optional Noise Protocol, encryption can be configured at ease. No need to create a self-signed certificate! TLS is also supported. Hot Reload Services can be added or removed dynamically by hot-reloading the configuration file. HTTP API is WIP. Brian #2: pre-commit: install with uv Adam Johnson pre-commit doesn't natively support uv, but you can get around that with pre-commit-uv $ uv tool install pre-commit --with pre-commit-uv Installing pre-commit like this Installs it globally Installs with uv adds an extra plugin “pre-commit-uv” to pre-commit, so that any Python based tool installed via pre-commit also uses uv Very cool. Nice speedup Brian #3: A good example of what functools.Placeholder from Python 3.14 allows Rodrigo Girão Serrão Remove punctuation functionally Also How to use functools.Placeholder, a blog post about it. functools.partial is cool way to create a new function that partially binds some parameters to another function. It doesn't always work for functions that take positional arguments. functools.Placeholder fixes that with the ability to put in placeholders for spots where you want to be able to pass that in from the outer partial binding. And all of this sounds totally obscure without a good example, so thank you to Rodgrigo for coming up with the punctuation removal example (and writeup) Michael #4: Converted 160 old blog posts with AI They were held-hostage at wordpress.com to markdown and integrated them into my Hugo site at mkennedy.codes Here is the chat conversation with Claude Opus/Sonnet. Had to juggle this a bit because the RSS feed only held the last 50. So we had to go back in and web scrape. That resulted in oddies like comments on wordpress that had to be cleaned etc. Whole process took 3-4 hours from idea to “production”duction”. The chat transcript is just the first round getting the RSS → Hugo done. The fixes occurred in other chats. This article is timely and noteworthy: Blogging service TypePad is shutting down and taking all blog content with it This highlights why your domain name needs to be legit, not just tied to the host. I'm looking at you pyfound.blogspot.com. I just redirected blog.michaelckennedy.net to mkennedy.codes Carefully mapping old posts to a new archived area using NGINX config. This is just the HTTP portion, but note the /sitemap.xml and location ~ "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.+?)/?$" { portions. The latter maps posts such as https://blog.michaelckennedy.net/2018/01/08/a-bunch-of-online-python-courses/ to https://mkennedy.codes/posts/r/a-bunch-of-online-python-courses/ server { listen 80; server_name blog.michaelckennedy.net; # Redirect sitemap.xml to new domain location = /sitemap.xml { return 301 ; } # Handle blog post redirects for HTTP -> HTTPS with URL transformation # Pattern: /YYYY/MM/DD/post-slug/ -> location ~ "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.+?)/?$" { return 301 ; } # Redirect all other HTTP URLs to mkennedy.codes homepage location / { return 301 ; } } Extras Brian: SMS URLs and Draft SMS and iMessage from any computer keyboard from Seth Larson Test and Code Archive is now up, see announcement Michael: Python: The Documentary | An origin story is out! Joke: Do you know him? He is me.

زمان كنا بنعمل ديبولويمِنت للفرونت إند بكم أمر بسيط على Nginx أو سيرفر عادي وخلاص.دلوقتي مع كل الادوات والـ platforms الجديدة بقينا بنعتمد على أوتوميشن زيادة ونسينا الأساسيات. النسيان ده مش بس بيخلينا نفقد السيطرة، ده كمان بيكلفنا فلوس أكتر من اللازم.في الحلقة دي هنتكلم عن إزاي نرجع نفكر في الـ Deployment كمهارة أساسية، إزاي نستخدمها كـ cost optimization حقيقي للبزنس، وإزاي نقدر ندخل لوجيك ذكي بين الـ stacks.الحلقة دي هي حلقة عن النوستالجيا، التوفير، وفن Deployment اللي محتاجين نفتكره من جديد.

　コンテナアプリケーションを管理するソフトウェアとして世界的に利用されている Kubernetes が公式にサポートしている管理用ソフトウェアである Ingress NGINX Controller にて、遠隔からの任意のコード実行につながる脆弱性が報告されています。

In this engaging conversation, Bill Kennedy interviews Peter Kelly, VP of Engineering at Tigera, exploring his journey from early experiences with technology to his current role in the tech industry. They discuss the impact of education, sports, and family background on Peter's career path, as well as the challenges faced by young people today in navigating their futures. The conversation also delves into hiring practices and the importance of personal connections in the recruitment process.00:00 Introduction01:00 What is Peter Doing Today?O4:20 First Memory of a Computer9:30 Family Background12:00 Secondary School19:00 Passion for Soccer24:00 Interviewing and Hiring31:00 Entering University 40:30 Work Experience 54:00 AI Tooling 01:07:00 First Go Experience1:14:00 Beginning of Tigera1:37:30 Contact InfoConnect with Peter: Linkedin: https://ie.linkedin.com/in/peterkellyonlineMentioned in this Episode:Tigera: https://www.tigera.io/Want more from Ardan Labs? You can learn Go, Kubernetes, Docker & more through our video training, live events, or through our blog!Online Courses : https://ardanlabs.com/education/ Live Events : https://www.ardanlabs.com/live-training-events/ Blog : https://www.ardanlabs.com/blog Github : https://github.com/ardanlabs

Installing Oracle GoldenGate 23ai is more than just running a setup file—it's about preparing your system for efficient, reliable data replication. In this episode, Lois Houston and Nikita welcome back Nick Wagner to break down system requirements, storage considerations, and best practices for installing GoldenGate.   You'll learn how to optimize disk space, manage trail files, and configure network settings to ensure a smooth installation.   Oracle GoldenGate 23ai: Fundamentals: https://mylearn.oracle.com/ou/course/oracle-goldengate-23ai-fundamentals/145884/237273 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode.   -------------------------------------------------------------   Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Nikita: Hello and welcome to Oracle University Podcast! I'm Nikita Abraham, Team Lead of Editorial Services with Oracle University, and I'm joined by Lois Houston, Director of Innovation Programs.  Lois: Hi there! Last week, we took a close look at the security strategies of Oracle GoldenGate 23ai. In this episode, we'll discuss all aspects of installing GoldenGate. 00:48 Nikita: That's right, Lois. And back with us today is Nick Wagner, Senior Director of Product Management for GoldenGate at Oracle. Hi Nick! I'm going to get straight into it. What are the system requirements for a typical GoldenGate installation? Nick: As far as system requirements, we're going to split that into two sections. We've got an operating system requirements and a storage requirements. So with memory and disk, and I know that this isn't the answer you want, but the answer is that it varies. With GoldenGate, the amount of CPU usage that is required depends on the number of extracts and replicats. It also depends on the number of threads that you're going to be using for those replicats. Same thing with RAM and disk usage. That's going to vary on the transaction sizes and the number of long running transactions. 01:35 Lois: And how does the recovery process in GoldenGate impact system resources?  Nick: You've got two things that help the extract recovery. You've got the bonded recovery that will store transactions over a certain length of time to disk. It also has a cache manager setting that determines what gets written to disk as part of open transactions. It's not just the simple answer as, oh, it needs this much space. GoldenGate also needs to store trail files for the data that it's moving across. So if there's network latency, or if you expect a certain network outage, or you have certain SLAs for the target database that may not be met, you need to make sure that GoldenGate has enough room to store its trail files as it's writing them. The good news about all this is that you can track it. You can use parameters to set them. And we do have some metrics that we'll provide to you on how to size these environments. So a couple of things on the disk usage. The actual installation of GoldenGate is about 1 to 1.5 gig in size, depending on which version of GoldenGate you're going to be using and what database. The trail files themselves, they default to 500 megabytes apiece. A lot of customers keep them on disk longer than they're necessary, and so there's all sorts of purging options available in GoldenGate. But you can set up purge rules to say, hey, I want to get rid of my trail files as soon as they're not needed anymore. But you can also say, you know what? I want to keep my trail files around for x number of days, even if they're not needed. That way they can be rebuilt. I can restore from any previous point in time. 03:15 Nikita: Let's talk a bit more about trail files. How do these files grow and what settings can users adjust to manage their storage efficiently? Nick: The trail files grow at about 30% to 35% of the generated redo log data. So if I'm generating 100 gigabytes of redo an hour, then you can expect the trail files to be anywhere from 30 to 35 gigabytes an hour of generated data. And this is if you're replicating everything. Again, GoldenGate's got so many different options. There's so many different ways to use it. In some cases, if you're going to a distributed applications and analytics environment, like a Databricks or a Snowflake, you might want to write more information to the trail file than what's necessary. Maybe I want additional information, such as when this change happened, who the user was that made that change. I can add specific token data. You can also tell GoldenGate to log additional records or additional columns to the trail file that may not have been changed. So I can always say, hey, GoldenGate, replicate and store the entire before and after image of every single row change to your trail file, even if those columns didn't change. And so there's a lot of different ways to do it there. But generally speaking, the default settings, you're looking at about 30% to 35% of the generated redo log value. System swap can fill up quickly. You do want this as a dedicated disk as well. System swap is often used for just handling of the changes, as GoldenGate flushes data from memory down to disk. These are controlled by a couple of parameters. So because GoldenGate is only writing committed activity to the trail file, the log reader inside the database is actually giving GoldenGate not only committed activity but uncommitted activity, too. And this is so it can stay very high speed and very low latency. 05:17 Lois: So, what are the parameters? Nick: There's a cache manager overall feature, and there's a cache directory. That directory controls where that data is actually stored, so you can specify the location of the uncommitted transactions. You can also specify the cache size. And there's not only memory settings here, but there's also disk settings. So you can say, hey, once a cache size exceeds a certain memory usage, then start flushing to disk, which is going to be slower. This is for systems that maybe have less memory but more high-speed disk. You can optimize these parameters as necessary. 05:53 Nikita: And how does GoldenGate adjust these parameters? Nick: For most environments, you're just going to leave them alone. They're automatically configured to look at the system memory available on that system and not use it all. And then as soon as necessary, it'll overflow to disk. There's also intelligent settings built within these parameters and within the cache manager itself that if it starts seeing a lull in activity or your traditional OLTP type responses to actually free up the memory that it has allocated. Or if it starts seeing more activity around data warehousing type things where you're doing large transactions, it'll actually hold on to memory a little bit longer. So it kinda learns as it goes through your environment and starts replicating data. 06:37 Lois: Is there anything else you think we should talk about before we move on to installing GoldenGate?  Nick: There's a couple additional things you need to think of with the network as well. So when you're deploying GoldenGate, you definitely want it to use the fastest network.  GoldenGate can also use a reverse proxy, especially important with microservices. Reverse proxy, typically we recommend Nginx. And it allows you to access any of the GoldenGate microservices using a single port.  GoldenGate also needs either host names or IP addresses to do its communication and to ensure the system is available. It does a lot of communication through TCP and IP as well as WSS. And then it also handles firewalls. So you want to make sure that the firewalls are open for ingress and egress for GoldenGate, too. There's a couple of different privileges that GoldenGate needs when you go to install it. You'll want to make sure that GoldenGate has the ability to write to the home where you're installing it. That's kind of obvious, but we need to say it anyways. There's a utility called oggca.sh. That's the GoldenGate Configuration Assistant that allows you to set up your first deployments and manage additional deployments. That needs permissions to write to the directories where you're going to be creating the new deployments. The extract process needs connection and permissions to read the transaction logs or backups. This is not important for Oracle, but for non-Oracle it is. And then we also recommend a dedicated database user for the extract and replicat connections. 08:15 Are you keen to stay ahead in today's fast-paced world? We've got your back! Each quarter, Oracle rolls out game-changing updates to its Fusion Cloud Applications. And to make sure you're always in the know, we offer New Features courses that give you an insider's look at all of the latest advancements. Don't miss out! Head over to mylearn.oracle.com to get started. 08:41 Nikita: Welcome back! So Nick, how do we get started with the installation?  Nick: So when we go to the install, the first thing you're going to do is go ahead and go to Oracle's website and download the software. Because of the way that GoldenGate works, there's only a couple moving parts. You saw the microservices. There's five or six of them. You have your extract, your replicat, your distribution service, trail files. There's not a lot of moving components. So if something does go wrong, usually it affects multiple customers. And so it's very important that when you go to install GoldenGate, you're using the most recent bundle patch. And you can find this within My Oracle Support. It's not always available directly from OTN or from the Oracle e-delivery website. You can still get them there, but we really want people going to My Oracle Support to download the most recent version. There's a couple of environment variables and certificates that you'll set up as well. And then you'll run the Configuration Assistant to create your deployments.  09:44 Lois: Thanks, Nick, for taking us though the installation of GoldenGate. Because these are highly UI-driven topics, we recommend that you take a deep dive into the GoldenGate 23ai Fundamentals course, available on mylearn.oracle.com. Nikita: In our next episode, we'll talk about the Extract process. Until then, this is Nikita Abraham… Lois: And Lois Houston signing off! 10:08 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

In this episode, recorded live at DevWorld 2025 in Amsterdam, we sit down with Dave McAllister, Senior Open Source Technologist at NGINX, for a fast-paced, thought-provoking—and surprisingly funny—conversation about observability, statistics, and Kubernetes traffic management.Dave takes us on a journey through the real meaning behind metrics like mean, median, and mode, and explains why so many DevOps teams misread their alerts and dashboards. Using eye-opening anecdotes (yes, including one about beer sales and marriage licenses), he breaks down the danger of acting on misleading correlations and why using the wrong statistical model can lead to chaos.We also dive deep into the future of Ingress versus the Gateway API, the evolution of NGINX's role in Kubernetes environments, and what makes some tools “just good enough” while others aim for performance and reliability at scale.Expect insights on everything from Poisson distributions to eBPF, all wrapped in Dave's sharp storytelling style and decades of open source experience.Stuur ons een bericht.Support the showLike and subscribe! It helps out a lot.You can also find us on:De Nederlandse Kubernetes Podcast - YouTubeNederlandse Kubernetes Podcast (@k8spodcast.nl) | TikTokDe Nederlandse Kubernetes PodcastWhere can you meet us:EventsThis Podcast is powered by:ACC ICT - IT-Continuïteit voor Bedrijfskritische Applicaties | ACC ICT

Desde un login para #traefik hasta bloquear acceso por ip a tus servicios autoalojados y otras cinco recomendaciones para exprimir tu proxy inversoSi bien llevo utilizando Traefik como proxy inverso varios años mas, habiendo, incluso, superado la transición del 1.7 al 2.X, lo cierto es que no paro de descubrir nuevas características y opciones para exprimir el proxy. En general la mayoría de las recomendaciones de las que te voy a hablar son aplicables a cualquier proxy, y otras son mas particulares, o al menos mas fáciles de aplicar con Traefik. De cualquier forma, son ideas o conceptos que se pueden trasladar a otros proxy como Caddy o Nginx, de forma mas o menos sencilla. Aquí simplemente se trata de revisar estas recomendaciones y que dependiendo de la solución que tengas la apliques.Más información y enlaces en las notas del episodio

Desde un login para #traefik hasta bloquear acceso por ip a tus servicios autoalojados y otras cinco recomendaciones para exprimir tu proxy inversoSi bien llevo utilizando Traefik como proxy inverso varios años mas, habiendo, incluso, superado la transición del 1.7 al 2.X, lo cierto es que no paro de descubrir nuevas características y opciones para exprimir el proxy. En general la mayoría de las recomendaciones de las que te voy a hablar son aplicables a cualquier proxy, y otras son mas particulares, o al menos mas fáciles de aplicar con Traefik. De cualquier forma, son ideas o conceptos que se pueden trasladar a otros proxy como Caddy o Nginx, de forma mas o menos sencilla. Aquí simplemente se trata de revisar estas recomendaciones y que dependiendo de la solución que tengas la apliques.Más información y enlaces en las notas del episodio

Apple Updates Apple released updates for iOS, iPadOS, macOS, and VisionOS. The updates fix two vulnerabilities which had already been exploited against iOS. https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/31866 Oracle Updates Oracle released it quarterly critical patch update. The update addresses 378 security vulnerabilities. Many of the critical updates are already known vulnerabilities in open-source software like Apache and Nginx ingress. https://www.oracle.com/security-alerts/cpuapr2025.html Oracle Breach Guidance CISA released guidance for users affected by the recent Oracle cloud breach. The guidance focuses on the likely loss of passwords. https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise Google Chrome Update A Google Chrome update released today fixes two security vulnerabilities. One of the vulnerabilities is rated as critical. https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html CVE Updates CISA extended MITRE s funding to operate the CVE numbering scheme. However, a number of other organizations announced that they may start alternative vulnerability registers. https://euvd.enisa.europa.eu/ https://gcve.eu/ https://www.thecvefoundation.org/

In this episode of Linux Out Loud, we explore the latest in Linux hardware experiments, distro discoveries, and creative workflows. Wendy walks through her setup with Fedora 41 and DaVinci Resolve, Matt dives into Windows frustrations, and Nate teases his excitement about trying out Bazzite, even before getting hands-on with the OneXPlayer. We chat about eGPU setups, Wayland oddities, 3D printer troubleshooting with Mainsail and NGINX, and highlight the unique challenges (and wins) of gaming on Linux—like Dark Envoy. It's a lively mix of tech insights, problem-solving, and distro excitement—all wrapped in open-source goodness. Find the rest of the show notes at https://tuxdigital.com/podcasts/linux-out-loud/lol-109/ Contact info Matt (Twitter @MattTDN (https://twitter.com/MattTDN)) Wendy (Mastodon @WendyDLN (https://mastodon.online/@WendyDLN)) Nate (Website CubicleNate.com (https://cubiclenate.com/)) Bill (Discord: ctlinux, Mastodon @ctlinux)

Critical Remote Code Execution vulnerabilities affect Kubernetes controllers. Senior Trump administration officials allegedly use unsecured platforms for national security discussions. Even experts like Troy Hunt get phished. Google acknowledges user data loss but doesn't explain it. Chinese hackers spent four years inside an Asian telecom firm. SnakeKeylogger is a stealthy, multi-stage credential-stealing malware. A cybercrime crackdown results in over 300 arrests across seven African countries. Ben Yelin, Caveat co-host and Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, joins to discuss the Signal national security leak. Pew Research Center figures out how its online polling got slightly forked. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Ben Yelin, Caveat co-host and Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, on the Signal national security leak. Selected Reading IngressNightmare: critical Kubernetes vulnerabilities in ingress NGINX controller (Beyond Machines) Remote Code Execution Vulnerabilities in Ingress NGINX (Wiz)  Ingress-nginx CVE-2025-1974: What You Need to Know (Kubernetes)  Trump administration is reviewing how its national security team sent military plans to a magazine editor (NBC News) The Trump Administration Accidentally Texted Me Its War Plans (The Atlantic) How Russian Hackers Are Exploiting Signal 'Linked Devices' Feature for Real-Time Spying (SecurityWeek) Troy Hunt: A Sneaky Phish Just Grabbed my Mailchimp Mailing List (Troy Hunt) 'Technical issue' at Google deletes some customer data (The Register) Chinese hackers spent four years inside Asian telco's networks (The Record) Multistage Info Stealer SnakeKeylogger Attacking Individuals and Businesses to Steal Logins (Cyber Security News) Over 300 arrested in international crackdown on cyber scams (The Record) How a glitch in an online survey replaced the word ‘yes' with ‘forks' (Pew Research) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

W Short #66 analizujemy finansowy wyścig gigantów chmurowych z AWS, Microsoftem i Google. Omawiamy nowy model GPT-4o mini dla GitHub Copilot i przełomowe funkcje w OpenTofu 1.9. Przyglądamy się też pierwszemu chipowi kwantowemu Microsoftu z cząsteczkami Majorana. Cloudflare przechodzi na Open Telemetry, co znacząco upraszcza ich infrastrukturę monitorowania. Adidas migruje swoje Ingress Controllery w Kubernetes, wybierając standardowe rozwiązanie Nginx. Dyskutujemy również o security.txt i zabawnej wpadce z agentem AI, który usunął kod Coinbase. Jeśli używasz OpenTofu zamiast Terraform, wypróbuj nową pętlę for each dla providerów. Jeśli wdrażasz security.txt na swojej stronie, sprawdź usługę Cloudflare do dynamicznego wstrzykiwania pliku. A gdy pracujesz z agentami AI, pamiętaj o git commit przed wydaniem polecenia "usuń wszystko"!   A teraz nie ma co się obijać!

Microsoft has revamped its AI-powered Recall feature, shifting from automatic to opt-in use with enhanced security measures like full encryption and Windows Hello authentication, addressing privacy concerns. California Governor Gavin Newsom vetoed SB-1047, which aimed to regulate AI models, citing concerns that smaller models outside the regulation's scope might pose greater risks. Meanwhile, OpenAI is facing a leadership shakeup as CTO Mira Murati and other key executives depart, coinciding with a shift in the company's focus toward a more traditional startup model under Sam Altman's leadership. This and more on the Gestalt IT Rundown. Time Stamps: 0:00 - Welcome to the Rundown 0:58 - Rackspace Gets Attacked, Logically 4:09 - Hurricane Helene Disrupts Critical Supply Chain 8:34 - Tech Giants and Government Support Spark a New Nuclear Renaissance? 14:11 - F5 Launches NGINX One 17:34 - NIST Gives Tips on Passwords 22:20 - AI Safety Roundup 40:39 - The Weeks Ahead 42:37 - Thanks for Watching Hosts: Tom Hollingsworth: https://www.linkedin.com/in/networkingnerd/ Jack Poller: https://www.linkedin.com/in/jackpoller/ Follow Gestalt IT Website: https://www.GestaltIT.com/ Twitter: https://www.twitter.com/GestaltIT LinkedIn: https://www.linkedin.com/company/Gestalt-IT #Rundown, #Cybersecurity, #AISafety, #AI, @GestaltIT, @TheFuturumGroup, @TechFieldDay, @NetworkingNerd, @Poller, @Rackspace, @NGINX, @NIST, @OpenAI, @Microsoft,

This is a recap of the top 10 posts on Hacker News on September 6th, 2024.This podcast was generated by wondercraft.ai(00:39): Did Sandia use a thermonuclear secondary in a product logo?Original post: https://news.ycombinator.com/item?id=41463809&utm_source=wondercraft_ai(01:54): 2M users but no money in the bankOriginal post: https://news.ycombinator.com/item?id=41463734&utm_source=wondercraft_ai(02:58): Swift is a more convenient RustOriginal post: https://news.ycombinator.com/item?id=41464371&utm_source=wondercraft_ai(04:06): Nginx has moved to GitHubOriginal post: https://news.ycombinator.com/item?id=41466963&utm_source=wondercraft_ai(05:13): Effects of Gen AI on High Skilled Work: Experiments with Software DevelopersOriginal post: https://news.ycombinator.com/item?id=41465081&utm_source=wondercraft_ai(06:23): Study: Playing D&D helps autistic players in social interactionsOriginal post: https://news.ycombinator.com/item?id=41464347&utm_source=wondercraft_ai(07:41): Hardware Acceleration of LLMs: A comprehensive survey and comparisonOriginal post: https://news.ycombinator.com/item?id=41470074&utm_source=wondercraft_ai(08:55): Godot founders had desperately hoped Unity wouldn't 'blow up'Original post: https://news.ycombinator.com/item?id=41468667&utm_source=wondercraft_ai(10:06): Inertia.js – Build React, Vue, or Svelte apps with server-side routingOriginal post: https://news.ycombinator.com/item?id=41465900&utm_source=wondercraft_ai(11:11): Parkinson's may begin in the gut, study says, adding to growing evidenceOriginal post: https://news.ycombinator.com/item?id=41466724&utm_source=wondercraft_aiThis is a third-party project, independent from HN and YC. Text and audio generated using AI, by wondercraft.ai. Create your own studio quality podcast with text as the only input in seconds at app.wondercraft.ai. Issues or feedback? We'd love to hear from you: team@wondercraft.ai

Scott and Wes serve up an episode on reverse proxy servers. They discuss popular options like CF Tunnels, Caddy, Nginx, Apache, and more, explaining why you might need one for load balancing, SSL certificates, security, and managing multiple servers. Show Notes 00:00 Welcome to Syntax! 01:30 Brought to you by Sentry.io. 02:25 What is reverse proxy? 03:16 Some examples of reverse proxies. 05:04 Why do you need a reverse proxy? 05:09 Combining multiple servers. 06:51 Load balancing. 07:23 SSL certificates. 10:30 Security. 10:37 Conceal your true IP. 11:24 Access management. 12:31 Routing static assets. 13:31 CDN / local. 15:55 Caddy × websocket support. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

It's only been one week, but it's really been 14 years, and Paul is calling: Microsoft and Qualcomm have finally made Windows 11 on Arm both viable and desirable. Nothing is perfect, but this platform is pretty incredible. Some notes from the past week: Mission Accomplished As a reminder, Paul finally got the Yoga Slim 7x last week and updated on app compatibility, hardware compatibility, gaming, and in-box AI experiences in time for WW - only found one non-working app, Google Drive. Then... More app and game compatibility testing. Since then, played a lot more DOOM (2016), ran into one issue that's surely WOA-related (note beta graphics driver, though) Video encoding performance: Snapdragon X vs Snapdragon X vs Core Ultra 9 H-series vs MacBook Air M3 Initial thoughts on battery life and then More thoughts on battery life. The Yoga Slim 9x and Surface Laptop both get about 10 hours of real-world battery life (so far), compared to 15 hours for the MacBook Air 15-inch M3. Hardware compatibility update: Only one of my devices doesn't work, the Focusrite. Surface Laptop 7 first impressions and second impressions HP Elitebook Ultra first impressions Windows 11 After skipping Week D last Tuesday, Microsoft belatedly delivers a Week D preview update for Windows 11 version 24H2 No new features, so next Patch Tuesday will be light for 24H2 22H2 and 23H2 got a big Week D update last Tuesday, so Patch Tuesday will be meaningful As of July's Patch Tuesday, 22H2, 23H2, and 24H2 will all provide the same basic feature set Canary, Dev, Beta (last Friday): nothing exciting, a few small features or changes AI & Microsoft 365 European Commission "shifts" investigation of Microsoft/OpenAI partnership. Is Ken Starr in charge of this thing? Microsoft highlights new Copilot features coming to Microsoft 365 in July Copilot in OneNote can now recognize handwritten text. It's 2002 all over again! Pixel 9 family will promote unique "Google AI" features Brave introduces a BYOM plan for its web browser Thanks to AI, Google Translate now supports 110 new languages Xbox Xbox Cloud Gaming Fire Sticks it to Amazon Another two weeks of Xbox Game Pass Forza Horizon 4 (from 2018) to be delisted December 15. Why? Tips and Picks Tip of the week: Get $10 off Tony Redmond's Office 365 for IT Pros 11th Edition App pick of the week: Docs in Proton Drive RunAs Radio this week: NGINX as a Service with Buu Lam Brown liquor pick of the week: Jack Daniels Old No. 7 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: canary.tools/twit - use code: TWIT cachefly.com/twit

It's only been one week, but it's really been 14 years, and Paul is calling: Microsoft and Qualcomm have finally made Windows 11 on Arm both viable and desirable. Nothing is perfect, but this platform is pretty incredible. Some notes from the past week: Mission Accomplished As a reminder, Paul finally got the Yoga Slim 7x last week and updated on app compatibility, hardware compatibility, gaming, and in-box AI experiences in time for WW - only found one non-working app, Google Drive. Then... More app and game compatibility testing. Since then, played a lot more DOOM (2016), ran into one issue that's surely WOA-related (note beta graphics driver, though) Video encoding performance: Snapdragon X vs Snapdragon X vs Core Ultra 9 H-series vs MacBook Air M3 Initial thoughts on battery life and then More thoughts on battery life. The Yoga Slim 9x and Surface Laptop both get about 10 hours of real-world battery life (so far), compared to 15 hours for the MacBook Air 15-inch M3. Hardware compatibility update: Only one of my devices doesn't work, the Focusrite. Surface Laptop 7 first impressions and second impressions HP Elitebook Ultra first impressions Windows 11 After skipping Week D last Tuesday, Microsoft belatedly delivers a Week D preview update for Windows 11 version 24H2 No new features, so next Patch Tuesday will be light for 24H2 22H2 and 23H2 got a big Week D update last Tuesday, so Patch Tuesday will be meaningful As of July's Patch Tuesday, 22H2, 23H2, and 24H2 will all provide the same basic feature set Canary, Dev, Beta (last Friday): nothing exciting, a few small features or changes AI & Microsoft 365 European Commission "shifts" investigation of Microsoft/OpenAI partnership. Is Ken Starr in charge of this thing? Microsoft highlights new Copilot features coming to Microsoft 365 in July Copilot in OneNote can now recognize handwritten text. It's 2002 all over again! Pixel 9 family will promote unique "Google AI" features Brave introduces a BYOM plan for its web browser Thanks to AI, Google Translate now supports 110 new languages Xbox Xbox Cloud Gaming Fire Sticks it to Amazon Another two weeks of Xbox Game Pass Forza Horizon 4 (from 2018) to be delisted December 15. Why? Tips and Picks Tip of the week: Get $10 off Tony Redmond's Office 365 for IT Pros 11th Edition App pick of the week: Docs in Proton Drive RunAs Radio this week: NGINX as a Service with Buu Lam Brown liquor pick of the week: Jack Daniels Old No. 7 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: canary.tools/twit - use code: TWIT cachefly.com/twit

It's only been one week, but it's really been 14 years, and Paul is calling: Microsoft and Qualcomm have finally made Windows 11 on Arm both viable and desirable. Nothing is perfect, but this platform is pretty incredible. Some notes from the past week: Mission Accomplished As a reminder, Paul finally got the Yoga Slim 7x last week and updated on app compatibility, hardware compatibility, gaming, and in-box AI experiences in time for WW - only found one non-working app, Google Drive. Then... More app and game compatibility testing. Since then, played a lot more DOOM (2016), ran into one issue that's surely WOA-related (note beta graphics driver, though) Video encoding performance: Snapdragon X vs Snapdragon X vs Core Ultra 9 H-series vs MacBook Air M3 Initial thoughts on battery life and then More thoughts on battery life. The Yoga Slim 9x and Surface Laptop both get about 10 hours of real-world battery life (so far), compared to 15 hours for the MacBook Air 15-inch M3. Hardware compatibility update: Only one of my devices doesn't work, the Focusrite. Surface Laptop 7 first impressions and second impressions HP Elitebook Ultra first impressions Windows 11 After skipping Week D last Tuesday, Microsoft belatedly delivers a Week D preview update for Windows 11 version 24H2 No new features, so next Patch Tuesday will be light for 24H2 22H2 and 23H2 got a big Week D update last Tuesday, so Patch Tuesday will be meaningful As of July's Patch Tuesday, 22H2, 23H2, and 24H2 will all provide the same basic feature set Canary, Dev, Beta (last Friday): nothing exciting, a few small features or changes AI & Microsoft 365 European Commission "shifts" investigation of Microsoft/OpenAI partnership. Is Ken Starr in charge of this thing? Microsoft highlights new Copilot features coming to Microsoft 365 in July Copilot in OneNote can now recognize handwritten text. It's 2002 all over again! Pixel 9 family will promote unique "Google AI" features Brave introduces a BYOM plan for its web browser Thanks to AI, Google Translate now supports 110 new languages Xbox Xbox Cloud Gaming Fire Sticks it to Amazon Another two weeks of Xbox Game Pass Forza Horizon 4 (from 2018) to be delisted December 15. Why? Tips and Picks Tip of the week: Get $10 off Tony Redmond's Office 365 for IT Pros 11th Edition App pick of the week: Docs in Proton Drive RunAs Radio this week: NGINX as a Service with Buu Lam Brown liquor pick of the week: Jack Daniels Old No. 7 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: canary.tools/twit - use code: TWIT cachefly.com/twit

It's only been one week, but it's really been 14 years, and Paul is calling: Microsoft and Qualcomm have finally made Windows 11 on Arm both viable and desirable. Nothing is perfect, but this platform is pretty incredible. Some notes from the past week: Mission Accomplished As a reminder, Paul finally got the Yoga Slim 7x last week and updated on app compatibility, hardware compatibility, gaming, and in-box AI experiences in time for WW - only found one non-working app, Google Drive. Then... More app and game compatibility testing. Since then, played a lot more DOOM (2016), ran into one issue that's surely WOA-related (note beta graphics driver, though) Video encoding performance: Snapdragon X vs Snapdragon X vs Core Ultra 9 H-series vs MacBook Air M3 Initial thoughts on battery life and then More thoughts on battery life. The Yoga Slim 9x and Surface Laptop both get about 10 hours of real-world battery life (so far), compared to 15 hours for the MacBook Air 15-inch M3. Hardware compatibility update: Only one of my devices doesn't work, the Focusrite. Surface Laptop 7 first impressions and second impressions HP Elitebook Ultra first impressions Windows 11 After skipping Week D last Tuesday, Microsoft belatedly delivers a Week D preview update for Windows 11 version 24H2 No new features, so next Patch Tuesday will be light for 24H2 22H2 and 23H2 got a big Week D update last Tuesday, so Patch Tuesday will be meaningful As of July's Patch Tuesday, 22H2, 23H2, and 24H2 will all provide the same basic feature set Canary, Dev, Beta (last Friday): nothing exciting, a few small features or changes AI & Microsoft 365 European Commission "shifts" investigation of Microsoft/OpenAI partnership. Is Ken Starr in charge of this thing? Microsoft highlights new Copilot features coming to Microsoft 365 in July Copilot in OneNote can now recognize handwritten text. It's 2002 all over again! Pixel 9 family will promote unique "Google AI" features Brave introduces a BYOM plan for its web browser Thanks to AI, Google Translate now supports 110 new languages Xbox Xbox Cloud Gaming Fire Sticks it to Amazon Another two weeks of Xbox Game Pass Forza Horizon 4 (from 2018) to be delisted December 15. Why? Tips and Picks Tip of the week: Get $10 off Tony Redmond's Office 365 for IT Pros 11th Edition App pick of the week: Docs in Proton Drive RunAs Radio this week: NGINX as a Service with Buu Lam Brown liquor pick of the week: Jack Daniels Old No. 7 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: canary.tools/twit - use code: TWIT cachefly.com/twit

More application platform pieces make your life better! While at Build in Seattle, Richard sat down with Buu Lam of F5 to discuss F5's latest offering, NGINX as a Service in Azure. Buu discussed how F5's products have evolved to run in the cloud, not just on their hardware. While you could run them as virtual machines or containers, providing them as services in Azure is better. You purchase the service in the marketplace and as part of your Azure billing. The conversation digs into the advantages of the services model in terms of updating and instrumentation, as well as reducing the complexity of your infrastructure as code. LinksNGINXKubernetesBIG-IP NextF5 Distributed CloudNGINX as a Service on AzureDevCentral at F5Recorded May 21, 2024

It's only been one week, but it's really been 14 years, and Paul is calling: Microsoft and Qualcomm have finally made Windows 11 on Arm both viable and desirable. Nothing is perfect, but this platform is pretty incredible. Some notes from the past week: Mission Accomplished As a reminder, Paul finally got the Yoga Slim 7x last week and updated on app compatibility, hardware compatibility, gaming, and in-box AI experiences in time for WW - only found one non-working app, Google Drive. Then... More app and game compatibility testing. Since then, played a lot more DOOM (2016), ran into one issue that's surely WOA-related (note beta graphics driver, though) Video encoding performance: Snapdragon X vs Snapdragon X vs Core Ultra 9 H-series vs MacBook Air M3 Initial thoughts on battery life and then More thoughts on battery life. The Yoga Slim 9x and Surface Laptop both get about 10 hours of real-world battery life (so far), compared to 15 hours for the MacBook Air 15-inch M3. Hardware compatibility update: Only one of my devices doesn't work, the Focusrite. Surface Laptop 7 first impressions and second impressions HP Elitebook Ultra first impressions Windows 11 After skipping Week D last Tuesday, Microsoft belatedly delivers a Week D preview update for Windows 11 version 24H2 No new features, so next Patch Tuesday will be light for 24H2 22H2 and 23H2 got a big Week D update last Tuesday, so Patch Tuesday will be meaningful As of July's Patch Tuesday, 22H2, 23H2, and 24H2 will all provide the same basic feature set Canary, Dev, Beta (last Friday): nothing exciting, a few small features or changes AI & Microsoft 365 European Commission "shifts" investigation of Microsoft/OpenAI partnership. Is Ken Starr in charge of this thing? Microsoft highlights new Copilot features coming to Microsoft 365 in July Copilot in OneNote can now recognize handwritten text. It's 2002 all over again! Pixel 9 family will promote unique "Google AI" features Brave introduces a BYOM plan for its web browser Thanks to AI, Google Translate now supports 110 new languages Xbox Xbox Cloud Gaming Fire Sticks it to Amazon Another two weeks of Xbox Game Pass Forza Horizon 4 (from 2018) to be delisted December 15. Why? Tips and Picks Tip of the week: Get $10 off Tony Redmond's Office 365 for IT Pros 11th Edition App pick of the week: Docs in Proton Drive RunAs Radio this week: NGINX as a Service with Buu Lam Brown liquor pick of the week: Jack Daniels Old No. 7 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: canary.tools/twit - use code: TWIT cachefly.com/twit

It's only been one week, but it's really been 14 years, and Paul is calling: Microsoft and Qualcomm have finally made Windows 11 on Arm both viable and desirable. Nothing is perfect, but this platform is pretty incredible. Some notes from the past week: Mission Accomplished As a reminder, Paul finally got the Yoga Slim 7x last week and updated on app compatibility, hardware compatibility, gaming, and in-box AI experiences in time for WW - only found one non-working app, Google Drive. Then... More app and game compatibility testing. Since then, played a lot more DOOM (2016), ran into one issue that's surely WOA-related (note beta graphics driver, though) Video encoding performance: Snapdragon X vs Snapdragon X vs Core Ultra 9 H-series vs MacBook Air M3 Initial thoughts on battery life and then More thoughts on battery life. The Yoga Slim 9x and Surface Laptop both get about 10 hours of real-world battery life (so far), compared to 15 hours for the MacBook Air 15-inch M3. Hardware compatibility update: Only one of my devices doesn't work, the Focusrite. Surface Laptop 7 first impressions and second impressions HP Elitebook Ultra first impressions Windows 11 After skipping Week D last Tuesday, Microsoft belatedly delivers a Week D preview update for Windows 11 version 24H2 No new features, so next Patch Tuesday will be light for 24H2 22H2 and 23H2 got a big Week D update last Tuesday, so Patch Tuesday will be meaningful As of July's Patch Tuesday, 22H2, 23H2, and 24H2 will all provide the same basic feature set Canary, Dev, Beta (last Friday): nothing exciting, a few small features or changes AI & Microsoft 365 European Commission "shifts" investigation of Microsoft/OpenAI partnership. Is Ken Starr in charge of this thing? Microsoft highlights new Copilot features coming to Microsoft 365 in July Copilot in OneNote can now recognize handwritten text. It's 2002 all over again! Pixel 9 family will promote unique "Google AI" features Brave introduces a BYOM plan for its web browser Thanks to AI, Google Translate now supports 110 new languages Xbox Xbox Cloud Gaming Fire Sticks it to Amazon Another two weeks of Xbox Game Pass Forza Horizon 4 (from 2018) to be delisted December 15. Why? Tips and Picks Tip of the week: Get $10 off Tony Redmond's Office 365 for IT Pros 11th Edition App pick of the week: Docs in Proton Drive RunAs Radio this week: NGINX as a Service with Buu Lam Brown liquor pick of the week: Jack Daniels Old No. 7 Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: canary.tools/twit - use code: TWIT cachefly.com/twit

本期节目我们请到了继续和 Yuchen 聊聊 Cloudflare，以及他主导并开源网络框架 Pingora Pingora 是一个使用 Rust 开发的框架，可以让开发人员在上面实现自定义服务器。Pingora 的开发是基于 Cloudflare 多年的经验和需求，他们发现在代理中需要大量的业务逻辑代码而不是配置，并且用 Lua 或编写配置也不理想。此外，我们讨论了 Pingora 的开发过程中涉及的技术决策和挑战，以及 Cloudflare 的文化和招聘情况。 嘉宾 Yuchen Wu 主播 laixintao NadeshikoManju laike9m 时间点 00:03 Cloudflare Pingora 项目开发背后的故事与原因 04:53 以 Lua 嵌入 Nginx 的 openresty 为基础的强大编程工具 08:47 Lua 的特点和局限性分析 13:03 Nginx 的 C 开发和 Lua 维护的困难性及 ARM 上的问题 16:10 Indrax 架构的问题和需要解决的挑战 22:25 大家决定用 Rust 语言重新开发的决策过程 24:47 对于使用 Rust 语言开发的经验和公司中的实践 27:07 Rust 语言的开发和 API 设计 30:32 流量迁移和切换效果评估 32:53 开发速度改进和问题处理的讨论 37:15 Pingora 框架的开源故事及其 API 设计和扩展性 40:36 关于开源的讨论和决策过程，Rust 语言的优势以及担忧的原因 44:22 Nginx 的发展历程以及与 F5 的关系变动 46:06 Pingora 开源项目及其童话般的发展故事 50:18 Cloudflare 文化和招聘情况讨论 53:40 Cloudflare：科技领域无可匹敌的压倒性存在 链接 Pingora Nginx OpenResty Lua F5 Completes Acquisition of NGINX

Infrastructure engineer and Kubernetes ingress-Nginx maintainer James Strong joins host Robert Blumen to discuss the Kubernetes networking layer. The discussion draws on content from Strong's book on the topic and covers a lot of ground, including: the Kubernetes network's use of different IP ranges than the host network; overlay network with its own IP ranges compared to using expanded portions of the host network ranges; adding routes with kernel extension points; programming kernel extension points with IP tables compared to eBPF; how routes are updated as the host network gains or loses nodes, the use of the Linux network namespace to isolate each pod; routing between pods on the same host; routing between pods across the host network; the container-network interface (CNI); the CNI ecosystem; differences between CNIs; choosing a CNI when running on a public cloud service; the Kubernetes service abstraction with a cluster-wide IP address; monitoring and telemetry of the Kubernetes network; and troubleshooting the Kubernetes network. Brought to you by IEEE Software magazine and IEEE Computer Society.

Join us at our first in-person conference on June 25 all about AI Quality: https://www.aiqualityconference.com/ ⁠Peter Guagenti⁠ is an accomplished business builder and entrepreneur with expertise in strategy, product development, marketing, sales, and operations. Peter has helped build multiple successful start-ups to exits, fueling high growth in each company along the way. He brings a broad perspective, deep problem-solving skills, the ability to drive innovation amongst teams, and a proven ability to convert strategy into action -- all backed up by a history of delivering results. Huge thank you to AWS for sponsoring this episode. AWS - https://aws.amazon.com/ MLOps podcast #222 with Peter Guagenti, President & CMO of Tabnine - What Business Stakeholders Want to See from the ML Teams. // Abstract Peter Guagenti shares his expertise in the tech industry, discussing topics from managing large-scale tech legacy applications and data experimentation to the evolution of the Internet. He returns to his history of building and transforming businesses, such as his work in the early 90s for People magazine's website and his current involvement in AI development for software companies. Guagenti discusses the use of predictive modeling in customer management and emphasizes the importance of re-architecting solutions to fit customer needs. He also delves deeper into the AI tools' effectiveness in software development and the value of maintaining privacy. Guagenti sees a bright future in AI democratization and shares his company's development of AI coding assistants. Discussing successful entrepreneurship, Guagenti highlights balancing technology and go-to-market strategies and the value of failing fast. // Bio Peter Guagenti is the President and Chief Marketing Officer at Tabnine. Guagenti is an accomplished business leader and entrepreneur with expertise in strategy, product development, marketing, sales, and operations. He most recently served as chief marketing officer at Cockroach Labs, and he previously held leadership positions at SingleStore, NGINX (acquired by F5 Networks), and Acquia (acquired by Vista Equity Partners). Guagenti also serves as an advisor to a number of visionary AI and data companies including DragonflyDB, Memgraph, and Treeverse. // MLOps Jobs board https://mlops.pallet.xyz/jobs // MLOps Swag/Merch https://mlops-community.myshopify.com/ // Related Links AI Quality in Person Conference: https://www.aiqualityconference.com/ Measuring the impact of GitHub Copilot Survey: https://resources.github.com/learn/pathways/copilot/essentials/measuring-the-impact-of-github-copilot/ AWS Trainium and Inferentia: https://aws.amazon.com/machine-learning/trainium/ https://aws.amazon.com/machine-learning/inferentia/AI coding assistants: 8 features enterprises should seek: https://www.infoworld.com/article/3694900/ai-coding-assistants-8-features-enterprises-should-seek.htmlCareers at Tabnine: https://www.tabnine.com/careers --------------- ✌️Connect With Us ✌️ ------------- Join our slack community: https://go.mlops.community/slack Follow us on Twitter: @mlopscommunity Sign up for the next meetup: https://go.mlops.community/register Catch all episodes, blogs, newsletters, and more: https://mlops.community/ Connect with Demetrios on LinkedIn: https://www.linkedin.com/in/dpbrinkm/ Connect with Peter on LinkedIn: https://www.linkedin.com/in/peterguagenti/

Cet épisode discute du retour d'experience Java de Netflix, de jQuery, de gouvernance open source, d'Elon Musk, de Kubernetes, de Mistral (gagnant?), d'attaque des LLMs, de developpement de carrière et de Trouble du Déficit de l'Attention avec ou sans Hyperactivité. Enregistré le 15 mars 2024 Téléchargement de l'épisode LesCastCodeurs-Episode-308.mp3 News Les cast codeurs veulent essayer quelque chose de nouveau et le sondage montre que vous aussi. On lance donc une section Ask Me Anything, posez nous une question sur https://lescastcodeurs.com/ama et nous prendrons certaines questions pour donner notre réponse. Lancez-vous, on pense que cette section pourra être sympa :) Langages Retour d'experience de Netflix sur ZGC https://netflixtechblog.com/bending-pause-times-to-your-will-with-generational-zgc-256629c9386b moins de tail latency ce qui veut dire moins de charge sur le systeme (moins de retry) aussi plus facile de trouver les vrais probleme de latence (plus cachés dans les latences de GC) et sans consommation superieure de CPU pour les memes perfs malgré les barrieres differentes de ZGC pas de tuning explicit de leur part (enfin presque) meme si les pointeurs ne sont pas compresses, l'efficacite du GC compense Librairies Sortie de Spock 2.4-M2 https://spockframework.org/spock/docs/2.4-M2/release_notes.html Support de plusieurs librairies de mocking Meilleur support dans les IDEs Et plein d'autres petites améliorations jQuery 4 est sorti ! jQuery est de retour ! https://www.infoq.com/news/2024/03/jquery-4-beta-release-note/ On parle régulièrement du dernier framework JavaScript à la mode, mais jQuery est toujours là Première release majeure depuis 8 ans Suppression de plein de features qui étaient deprecated et maintenant fournie souvent par défaut par les moteurs JavaScript des navigateurs jQuery continue d'être téléchargé de plus en plus au fil du temps, mais peut-être parce qu'il bénéficie du succès des projets qui l'utilisent comme Cypress, WordPress ou Drupal) Quarkus sort sa deuxieme LTS https://quarkus.io/blog/quarkus-3-8-released/ explique les changements importants depuis la LTS 3.2 Infrastructure Linkerd ou plutôt la boîte derrière va faire payer pour accéder aux builds stable du projet. Cela crée des conversations au sein de la CNCF https://www.techtarget.com/searchitoperations/news/366571035/Linkerd-paywall-prompts-online-debate-CNCF-TOC-review deploy envoy, c'est plus dur Buyoant est le principal contributeur derriere Linkerd et ils ont edcider de mettre les distributions stables derriere un paywall pour les societes de plus de 50 employés ($2000 par cluster) les gens se trouve floués par aider au succces et ensuite de trouver piégé La license reste ASL mais la version stable est derriere un paywall, comme red hat enterprise linuix recemment un autre exemple de projet open source qui vire commercial questionne la gouvernance open source, la CNCF va inestiguer et peut etre durcir ces criteres de graduiation Weavework (FLux) a fermé ces dernieres semaines aussi Cloudflare a reecrit un proxy HTTP en rust https://blog.cloudflare.com/how-we-built-pingora-the-proxy-that-connects-cloudflare-to-the-internet/ ils ont utilise NGinx pendant longtemps mais le single worker modele ne permetait pas ceratins optims et ils ont des besolins specifiques bref ils ont reecrit en rust, multi threaded et avec work stealing et ils sont content Le guide du “hater” sur Kubernetes https://paulbutler.org/2024/the-haters-guide-to-kubernetes/ L'auteur se plaint régulièrement de Kubernetes pour sa grande complexité mais reconnait que c'est quand même un grand morceau de technologie A utiliser surtout quand on a besoin de : Exécuter plusieurs processus/serveurs/tâches planifiées. Les exécuter de manière redondante et répartir la charge entre eux. Les configurer, ainsi que les relations entre eux, sous forme de code. L'auteur liste ensuite les fonctionnalités qu'il utilise, qu'il fait attention quand il les utilise, et celles qu'il préfère éviter Utilise : deployments, services, cron jobs, config maps et secrets Attention : stateful set, persistent volume et RBAC Evite : le YAML à la main, les opérateurs et resources customs, Helm, tout ce qui est mesh, les resources ingress, essayer de répliquer la stack K8S complète localement sur sa machine Data et Intelligence Artificielle Mistral AI et Microsoft font un accord sur le modele le plus puissant de Mistral et certains ne sont pas content https://www.latribune.fr/technos-medias/informatique/l-alliance-entre-mistral-et-micr[…]usion-de-l-independance-technologique-europeenne-991558.html Mistral avancait son approche open source mais son modele le plus puissant ne l'est pas ils ont un partenariat exclusif avec Microsoft pour le distribuer Et MS rentre dans le capital Au revoir l'independance de l'IA européenne Au revoir les modeles open source larges cela va a l'encontre du loby et de son positinnement aupres de la commission europeenne ca fait grincer des dents a bruxelles qui avait alléger les contraintes sur les modeles fondamentaux a la demande de Mistral qui menacait de de voir s'allier avec MS si ce n'était pas le cas. Mistral était un fer de lance des modeles open sources pour eviter les biais ils en garderont masi pas les modeles specialisés ou optimisés cela reste une bonne decisione conomique pour Mistral Infinispan 15 est sorti https://infinispan.org/blog/2024/03/13/infinispan-15 JDK 17 Redis Hot Replacement donnant: multi thread, clustering, replication cross site, diff stores de persistence en disk, avoir des caches differentes en namespace différentes avec des règles appliquées à chaque cas d'usage Recherche Vectorielle et stockage des embeddings Integration avec Langchain (Python), Langchain4j, et Quarkus Langchain Améliorations du search, replication cross site, la console, tracing, l'Operateur Kubernetes … Support du Protobuf 3 avec la release de Protostream 5 et meilleur API Outillage Ne pas signer ses commits cryptographiquement ? https://blog.glyph.im/2024/01/unsigned-commits.html L'article cite comme seul avantage d'avoir le petit badge vert sur Github indiquant “vérifié” Responsabilité future inconnue et potentiellement illimitée pour les conséquences de l'exécution du code dans un commit que vous avez signé. Renforcement implicite de GitHub en tant qu'autorité de confiance centralisée dans le monde de l'open source. Introduction de problèmes de fiabilité inconnus dans l'infrastructure qui repose sur les signatures de commit. Une violation temporaire de vos identifiants GitHub entraîne désormais des conséquences potentiellement permanentes si quelqu'un parvient à y introduire une nouvelle clé de confiance. Nouveau type de surcharge de processus continu : les clés de signature de commit deviennent une nouvelle infrastructure permanente à gérer, avec de nouvelles questions comme « que faire des clés expirées », « à quelle fréquence dois-je les renouveler », etc. on peut empecher de pousser des commits non signés Sécurité Des modèles avec des backdoors uploadés sur hugging faces non détecté. https://arstechnica.com/security/2024/03/hugging-face-the-github-of-ai-hosted-code-that-backdoored-user-devices/ par les chercheurs de JFrog Une centaine détectés dont 10 malicieux Des tests de chercheurs mais un faisant un reverse ssh S'appuye sur le format de serialisation pickle en python. Populaire mais connu comme dangereux Une première side attack channel sur les LLMs https://arstechnica.com/security/2024/03/hackers-can-read-private-ai-assistant-chats-even-though-theyre-encrypted/ cela s'appuie sur la taille des packets chiffrés envoyés et leur timing pour détecter la longueur des tokens Ensuite un LLM spécialisé reconstruit la suite de mots la plus probable vu la longueur C'est du à l'UX qui envoie les tokens au fil de l'eau Ć'est facilement corrigeable en rendant les paquets de taille fixe et en ajoutant du hasard de délai d'envoie. Mais c'est rigolo comment les LLMs peuvent amplifier les side channel attacks Architecture Netflix et Java https://www.infoq.com/presentations/netflix-java/ Netflix est un java shop La “stack NEtflix” connue du public a beaucoup evolué Pleins de microservices Gen1: groovy en gateway front end for backend , RxJava et Histrix Gen2: GraphQL et GraphQL federé ; plus de reactif sand dans la gateway Java 17 : 2800 apps java utilisent Azul JDK avait du Java 8 sur du guice et app custom utilisent G1, Java 17 = -20% CPU et Shenandoah pour la gateway Zuul Plans pour Java 21 (ZGC, virtual threads) apres speculatif Ils ont standardisé sur Spring Boot il n'y a pas si longtemps Un long article sur les microservices https://mcorbin.fr/posts/2024-02-12-microservice/ encore un me direz vous oui amis si vous etre en pleine crise existentielle avec votre equipe c'est du mon materiel il va sur les points importants comme synchrone vs asynchrone, les patterns de communication, la copie de données, comment tester le “monotithe” ou plutot comment ne pas le faire etc c'est un peu long mais ca recadre bien Méthodologies Opinion: est-ce qu'on peut devenir dev à partir de 40 ans https://www.codemotion.com/magazine/dev-life/can-you-become-a-programmer-after-40/?utm_source=ActiveCampaign&utm_medium=email&utm_content=5+Frontend+Trends+we+Didn+t+See+Coming+in+2024&utm_campaign=NL_EN_240215+%28Copy%29&vgo_ee=sFCRn4bbw8NuvJwlxj4PgXiVS4eICnA1ZPdkH4DGKyhNNwh6NQ%3D%3D%3Au3g96%2Fz3Uf7kZHAF7tezy9Y0ZJ6paAsE programmeur de CSS a 40 ans, je sais pas :stuck_out_tongue_winking_eye: l'auteur regrette les pubs pour devenir ev a 40 ansd facilement developpeur c'est beaucoup de connaissance et de travail et doit etre un choix, pas un choix pas default ou facile ils decrit certains biais comme un 20 ans sans experience est plus pardonné qu'à 40, le temps a y consacré est différent etc compensé par des actes de motivation (GitHub, participation open source, meetups etc) mais le temps d'apprendre de ces erreurs n'as pas vraiment de court circuit bref une fonrmation c'est bien mais aps suffisant Navigate your own way https://www.infoq.com/presentations/lessons-opportunities-carrier/ IBMer for 21 years. I'm a Java champion Réfléchir à sa carrière en mode time box, chercher sa promotion ? Tu peux décider ton chemin Momentum pandémie ça lui a fait bcp réfléchir sur sa vie et où elle était. Moment où elle quittait IBM pour aller vers RH (cœur se brise) Essentiels pour prendre ton propre chemin Se connaître soit même, reconnaître les différences avec les autres connaître tes valeurs: c'est quoi important pour toi, c'est quoi qui te motive, ce qui te démotive. Écrire des mots Se fixer des objectifs avec l'aide des autres Repusher ses limites, sur des sujets dont tu penses que ce n'est pas possible pour toi Participe activement, entoure toi bien Un talk très personnel et inspirant Un article sur le trouble TDAH chez le développeur adulte https://rlemaitre.com/fr/posts/2023/11/hacker-le-tdah-strat%C3%A9gies-pour-le-d%C3%A9veloppeur-moderne/ Diagnostiqué à 44 ans Schéma d'inattention et d'hyperactivite/implusivite qui interfere avec le fonctionnement Affecte le fonctionnement social scolaire ou professionnel Non diagnistiqué: burn out anxiété ou depression Souvent non diagnostiqué jusqu'à ce que se propres enfants soient diagnostiqués Mais cela amène du positif: hyperfocus, resolution creative de problèmes, adaptation rapide aux changements qui sont du pain béni Le négatif c'est la gestion du temps, organisation, instabilité Discute ensuite les phénomènes dans le cerveau Et donne des techniques et des pièges à éviter Vous avez sûrement des collègues TDAH ou l'êtes-vous meme Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 14-15 mars 2024 : pgDayParis - Paris (France) 17-18 mars 2024 : Cloud Native Rejekts EU 2024 - Paris (France) 19 mars 2024 : AppDeveloperCon - Paris (France) 19 mars 2024 : ArgoCon - Paris (France) 19 mars 2024 : BackstageCon - Paris (France) 19 mars 2024 : Cilium + eBPF Day - Paris (France) 19 mars 2024 : Cloud Native AI Day Europe - Paris (France) 19 mars 2024 : Cloud Native StartupFest Europe - Paris (France) 19 mars 2024 : Cloud Native Wasm Day Europe - Paris (France) 19 mars 2024 : Data on Kubernetes Day - Paris (France) 19 mars 2024 : Istio Day Europe - Paris (France) 19 mars 2024 : Kubeflow Summit Europe - Paris (France) 19 mars 2024 : Kubernetes on Edge Day Europe - Paris (France) 19 mars 2024 : Multi-Tenancy Con - Paris (France) 19 mars 2024 : Observabiity Day Europe - Paris (France) 19 mars 2024 : OpenTofu Day Europe - Paris (France) 19 mars 2024 : Platform Engineering Day - Paris (France) 19 mars 2024 : ThanosCon Europe - Paris (France) 19 mars 2024 : PaaS Forward by OVHcloud | Rancher by SUSE - Paris (France) 19-21 mars 2024 : CloudNativeHacks - Paris (France) 19-21 mars 2024 : IT & Cybersecurity Meetings - Paris (France) 19-22 mars 2024 : KubeCon + CloudNativeCon Europe 2024 - Paris (France) 21 mars 2024 : IA & Data Day Strasbourg - Strasbourg (France) 22-23 mars 2024 : Agile Games France - Valence (France) 26-28 mars 2024 : Forum INCYBER Europe - Lille (France) 27 mars 2024 : La Conf Data | IA - Paris (France) 28-29 mars 2024 : SymfonyLive Paris 2024 - Paris (France) 28-30 mars 2024 : DrupalCamp Roazhon - Rennes (France) 4 avril 2024 : SoCraTes Rennes 2024 - Rennes (France) 4-6 avril 2024 : Toulouse Hacking Convention - Toulouse (France) 8 avril 2024 : Lyon Craft - Lyon (France) 9 avril 2024 : Unconf HackYourJob - Lyon (France) 11 avril 2024 : CI/CDay - Paris (France) 17-19 avril 2024 : Devoxx France - Paris (France) 18-20 avril 2024 : Devoxx Greece - Athens (Greece) 22 avril 2024 : React Connection 2024 - Paris (France) 23 avril 2024 : React Native Connection 2024 - Paris (France) 25-26 avril 2024 : MiXiT - Lyon (France) 25-26 avril 2024 : Android Makers - Paris (France) 3-4 mai 2024 : Faiseuses Du Web 3 - Dinan (France) 8-10 mai 2024 : Devoxx UK - London (UK) 16-17 mai 2024 : Newcrafts Paris - Paris (France) 22-25 mai 2024 : Viva Tech - Paris (France) 24 mai 2024 : AFUP Day Nancy - Nancy (France) 24 mai 2024 : AFUP Day Poitiers - Poitiers (France) 24 mai 2024 : AFUP Day Lille - Lille (France) 24 mai 2024 : AFUP Day Lyon - Lyon (France) 28-29 mai 2024 : Symfony Live Paris - Paris (France) 1 juin 2024 : PolyCloud - Montpellier (France) 6-7 juin 2024 : DevFest Lille - Lille (France) 6-7 juin 2024 : Alpes Craft - Grenoble (France) 7 juin 2024 : Fork it! Community - Rouen (France) 11-12 juin 2024 : OW2con - Paris (France) 12-14 juin 2024 : Rencontres R - Vannes (France) 13-14 juin 2024 : Agile Tour Toulouse - Toulouse (France) 14 juin 2024 : DevQuest - Niort (France) 18 juin 2024 : Tech & Wine 2024 - Lyon (France) 19-20 juin 2024 : AI_dev: Open Source GenAI & ML Summit Europe - Paris (France) 19-21 juin 2024 : Devoxx Poland - Krakow (Poland) 27 juin 2024 : DotJS - Paris (France) 27-28 juin 2024 : Agi Lille - Lille (France) 4-5 juillet 2024 : Sunny Tech - Montpellier (France) 8-10 juillet 2024 : Riviera DEV - Sophia Antipolis (France) 6 septembre 2024 : JUG Summer Camp - La Rochelle (France) 19-20 septembre 2024 : API Platform Conference - Lille (France) & Online 2-4 octobre 2024 : Devoxx Morocco - Marrakech (Morocco) 7-11 octobre 2024 : Devoxx Belgium - Antwerp (Belgium) 10 octobre 2024 : Cloud Nord - Lille (France) 10-11 octobre 2024 : Volcamp - Clermont-Ferrand (France) 10-11 octobre 2024 : Forum PHP - Marne-la-Vallée (France) 16 octobre 2024 : DotPy - Paris (France) 17-18 octobre 2024 : DevFest Nantes - Nantes (France) 17-18 octobre 2024 : DotAI - Paris (France) 6 novembre 2024 : Master Dev De France - Paris (France) 7 novembre 2024 : DevFest Toulouse - Toulouse (France) 8 novembre 2024 : BDX I/O - Bordeaux (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via twitter https://twitter.com/lescastcodeurs Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

Get my backend course https://backend.win Cloudflare has announced they are opening sources Pingora as a networking framework! Big news, let us discuss  0:00 Intro 0:30 Reasons why Cloudflare built Pingora? 3:00 It is a framework!  7:30 What in Pingora? 11:50 Security in Pingora 13:45 Multi-threading in Pingora 21:00 Customization vs Configuration 25:00 Summary ⁠https://blog.cloudflare.com/pingora-open-source/?utm_campaign=cf_blog&utm_content=20240228&utm_medium=organic_social&utm_source=twitter⁠

In this episode of the Laravel Podcast, we are diving into the highlights of Laracon EU including the unveiling of Laravel 11 and the introduction of Laravel Reverb. Taylor Otwell shares insights on the streamlined application structure and new features in Laravel 11. We also discuss the launch of Laravel Herd for Windows and Herd Pro, offering power user features for local development, and provide some exciting updates about the upcoming Laracon US.Taylor Otwell's Twitter - https://twitter.com/taylorotwellMatt Stauffer's Twitter - https://twitter.com/stauffermattLaravel Twitter - https://twitter.com/laravelphpLaravel Website - https://laravel.com/Tighten Website - https://tighten.com/Laracon EU Photo Gallery Tweet - https://x.com/LaraconEU/status/1755957896209113444?s=20Laravel Reverb - https://laravel.com/docs/master/reverbLaravel 11 - https://laravel.com/docs/master/releasesThiery Laverdure's Project - https://github.com/tlaverdure/laravel-echo-serverPusher - https://pusher.com/Ably - https://ably.com/Laravel Herd - https://herd.laravel.com/Adam Wathan Twitter - https://twitter.com/adamwathanJess Archer Twitter - https://twitter.com/jessarchercodesLuke Twitter Downing Twitter - https://twitter.com/lukedowning19Daniel Coulbourne Twitter - https://twitter.com/DCoulbourneJoe Dixon Twitter - https://twitter.com/_joedixonPhilo Hermans Twitter - https://twitter.com/Philo01?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5EauthorLaracon US - https://laracon.us/Laracon CFP Talk Submission Form - https://docs.google.com/forms/d/e/1FAIpQLSdlyTDvqeKNB3r-wVNmDBlE23oHKEL4m8lzL5nci0YPH_5WYA/viewform-----Editing and transcription sponsored by Tighten.

We chat about VMware's rug pull with Bret, aka Raid Owl, and then get into Unraid's big changes and more. Special Guest: Raid Owl.

This week, we discuss open source forks, what's going on at OpenAI and checkin on the IRS Direct File initiative. Plus, plenty of thoughts on taking your annual Code of Conduct Training. Watch the YouTube Live Recording of Episode (https://www.youtube.com/watch?v=PAwXvnb53iY) 455 (https://www.youtube.com/watch?v=PAwXvnb53iY) Runner-up Titles I live my life one iCal screen at a time We always have sparklers Meta-parenting Everyone is always tired Cheaper version of Red Hat This week in “Do we need to be angry?” All we get is wingdings. I'm in a Socialist mood this week Pies shot out of my eyes and stuff Those dingalings bought my boat Dingalings of the mind Rundown CIQ Offers Long-Term Support for Rocky Linux 8.6, 8.8 and 9.2 Images Through AWS Marketplace (https://ciq.com/press-release/ciq-offers-long-term-support-for-rocky-linux-8-6-8-8-and-9-2-images-through-aws-marketplace/) Will CIQ's new support program alienate the community (https://medium.com/@gordon.messmer/will-ciqs-new-support-program-alienate-the-community-it-built-on-an-objection-to-subscriber-only-fb58ea6a810e) NGINX fork (https://narrativ.es/@janl/111935559549855751)? freenginx.org (http://freenginx.org/en/) Struggling database company MariaDB could be taken private in $37M deal (https://techcrunch.com/2024/02/19/struggling-database-company-mariadb-could-be-taken-private-in-a-37m-deal/) Tofu (https://opentofu.org) So Where's That New OpenAI Board? (https://www.theinformation.com/articles/so-wheres-that-new-openai-board?utm_source=ti_app&rc=giqjaz) The IRS has all our tax data. Why doesn't its new website use it? (https://www.washingtonpost.com/business/2024/02/04/direct-file-irs-taxes/) Relevant to your Interests Apple on course to break all Web Apps in EU within 20 days - Open Web Advocacy (https://open-web-advocacy.org/blog/apple-on-course-to-break-all-web-apps-in-eu-within-20-days/) Bringing Competition to Walled Gardens - Open Web Advocacy (https://open-web-advocacy.org/walled-gardens-report/#apple-has-effectively-banned-all-third-party-browsers) Introducing the Column Explorer: a bird's-eye view of your data (https://motherduck.com/blog/introducing-column-explorer/?utm_medium=email&_hsmi=294232392&_hsenc=p2ANqtz-8vobC3nom9chsGc_Y8KM9pO75KKvrGTtL7uS-sfcNQ1sNd8ThaMnP5KsfbSUWCWW2KOjlPpa3AwC4ToYbaCmYOAMva0rvKIZ2jkB461YKJX2TLQtg&utm_content=294233055&utm_source=hs_email) Apple TV+ Became HBO Before HBO Could Become Netflix (https://spyglass.org/its-not-tv-its-apple-tv-plus/?utm_source=substack&utm_medium=email) Sora: Creating video from text (https://openai.com/sora) Sustainability, a surprisingly successful KPI: GreenOps survey results - ClimateAction.Tech (https://climateaction.tech/blog/sustainability-kpi-greenops-survey-results/) Slack AI has arrived (https://slack.com/intl/en-gb/blog/news/slack-ai-has-arrived) What's new and cool? - Adam Jacob (https://youtu.be/gAYMg6LNEMs?si=9PRiK1BBHaBGSypy) Apple is reportedly working on AI updates to Spotlight and Xcode (https://www.theverge.com/2024/2/15/24074455/apple-generative-ai-xcode-spotlight-testing) Apple Readies AI Tool to Rival Microsoft's GitHub Copilot (https://www.bloomberg.com/news/articles/2024-02-15/apple-s-ai-plans-github-copilot-rival-for-developers-tool-for-testing-apps) VMs on Kubernetes with Kubevirt session at Kubecon (https://kccnceu2024.sched.com/event/1YhIE/sponsored-keynote-a-cloud-native-overture-to-enterprise-end-user-adoption-fabian-deutsch-senior-engineering-manager-red-hat-michael-hanulec-vice-president-and-technology-fellow-goldman-sachs) Air Canada must honor refund policy invented by airline's chatbot (https://arstechnica.com/tech-policy/2024/02/air-canada-must-honor-refund-policy-invented-by-airlines-chatbot/?comments=1&comments-page=1) Microsoft 'retires' Azure IoT Central in platform rethink (https://www.theregister.com/2024/02/15/microsoft_retires_azure_iot_central/) The big design freak-out: A generation of design leaders grapple with their future (https://www.fastcompany.com/91027996/the-big-design-freak-out-a-generation-of-design-leaders-grapple-with-their-future) Most of the contents of the Xerox PARC team's work were tossed into a dumpster (https://x.com/DynamicWebPaige/status/1759071289401368635?s=20) 1Password expands its endpoint security offerings with Kolide acquisition (https://techcrunch.com/2024/02/20/1password-expands-its-endpoint-security-offerings-with-kolide-acquisition/) Microsoft Will Use Intel to Manufacture Home-Grown Processor (https://www.bloomberg.com/news/articles/2024-02-21/microsoft-will-use-intel-to-manufacture-home-grown-processor) In a First, Apple Captures Top 7 Spots in Global List of Top 10 Best-selling Smartphones - Counterpoint (https://www.counterpointresearch.com/insights/apple-captures-top-7-spots-in-global-top-10-best-selling-smartphones/) Google Is Giving Away Some of the A.I. That Powers Chatbots (https://www.nytimes.com/2024/02/21/technology/google-open-source-ai.html) Apple Shuffles Leadership of Team Responsible for Audio Products (https://www.bloomberg.com/news/articles/2024-02-20/apple-shuffles-leadership-of-team-responsible-for-audio-products?srnd=premium) Signal now lets you keep your phone number private with the launch of usernames (https://techcrunch.com/2024/02/20/signal-now-lets-you-keep-your-phone-number-private-with-the-launch-of-usernames/) How Google is killing independent sites like ours (https://housefresh.com/david-vs-digital-goliaths/) VMware takes a swing at Nutanix, Red Hat with VM converter (https://www.theregister.com/2024/02/21/vmware_kvm_converter/) (https://narrativ.es/@janl/111935559549855751)## Nonsense An ordinary squirt of canned air achieves supersonic speeds - engineer spots telltale shock diamonds (https://www.tomshardware.com/desktops/pc-building/an-ordinary-squirt-of-canned-air-achieves-supersonic-speeds-engineer-spots-telltale-shock-diamonds) Conferences SCaLE 21x/DevOpsDays LA, March 14th (https://www.socallinuxexpo.org/scale/21x)– (https://www.socallinuxexpo.org/scale/21x)17th, 2024 (https://www.socallinuxexpo.org/scale/21x) — Coté speaking (https://www.socallinuxexpo.org/scale/21x/presentations/we-fear-change), sponsorship slots available. KubeCon EU Paris, March 19 (https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/)– (https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/)22 (https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/) — Coté on the wait list for the platform side conference. Get 20% off with the discount code KCEU24VMWBC20. DevOpsDays Birmingham, April 17–18, 2024 (https://talks.devopsdays.org/devopsdays-birmingham-al-2024/cfp) Exe (https://ismg.events/roundtable-event/dallas-robust-security-java-applications/?utm_source=cote&utm_campaign=devrel&utm_medium=newsletter&utm_content=newsletterUpcoming)cutive dinner in Dallas that Coté's hosting on March 13st, 2024 (https://ismg.events/roundtable-event/dallas-robust-security-java-applications/?utm_source=cote&utm_campaign=devrel&utm_medium=newsletter&utm_content=newsletterUpcoming). If you're an “executive” who might want to buy stuff from Tanzu to get better at your apps, than register. There is also a Tanzu exec event coming up in the next few months, email Coté (mailto:cote@broadcom.com) if you want to hear more about it. SDT news & hype Join us in Slack (http://www.softwaredefinedtalk.com/slack). Get a SDT Sticker! Send your postal address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) and we will send you free laptop stickers! Follow us: Twitch (https://www.twitch.tv/sdtpodcast), Twitter (https://twitter.com/softwaredeftalk), Instagram (https://www.instagram.com/softwaredefinedtalk/), Mastodon (https://hachyderm.io/@softwaredefinedtalk), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk), Threads (https://www.threads.net/@softwaredefinedtalk) and YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured). Use the code SDT to get $20 off Coté's book, Digital WTF (https://leanpub.com/digitalwtf/c/sdt), so $5 total. Become a sponsor of Software Defined Talk (https://www.softwaredefinedtalk.com/ads)! Recommendations Brandon: Fair Play (https://www.netflix.com/title/81674326) on Netflix (https://www.netflix.com/title/81674326) Matt: Julia Evans: Popular Git Config Options (https://jvns.ca/blog/2024/02/16/popular-git-config-options/) Coté: Anker USB C Charger (Nano II 65W) Pod 3-Port PPS Fast Charger (https://www.amazon.de/dp/B09LLRNGSD?psc=1&ref=ppx_yo2ov_dt_b_product_details). Photo Credits Header (https://unsplash.com/photos/a-couple-of-large-sculptures-sitting-on-top-of-a-cement-floor-g4xIcepnx6I) Google Gemini

The US Department of Justice is at it again with a new team for Operation Dying Ember. Sounds spooky, right? This time it was to undertake a secret court order to remove malware from Ubiquiti devices infected by Fancy Bear. The devices in question had default administration passwords as well as remote admin access on the public Internet. The DOJ reinfected the routers with the original malware used to compromise them in the first place and then used that compromise to remove remote access and clean up the secondary payload that had been installed to turn them into a potential botnet. The DOJ said it would then notify users to do a factory reset and install the latest firmware as well as changing their admin password. There's a lot to unpack here! This and more on the Gestalt IT Rundown hosted by Tom Hollingsworth and guest Max Mortillaro. Hosts: Tom Hollingsworth: https://www.linkedin.com/in/networkingnerd/ Max Mortillaro: https://www.linkedin.com/in/maxmortillaro/ Follow Gestalt IT Website: https://www.GestaltIT.com/ Twitter: https://www.twitter.com/GestaltIT LinkedIn: https://www.linkedin.com/company/Gestalt-IT Tags: #Rundown, #Security, #AI, #DataCenters, #GenAI, #Data, @NGINX, @LockbitTeam, @GestaltIT, @NetworkingNerd, @MaxMortillaro

DSL is back, but it's bigger! There's a CUDA implementation for AMD, The Linux Topology code is getting cleaned up, and there's a bit of a tussle over who's the first to ship KDE 6. Nginx forks over a CVE, AMD has new chips, and Asahi is beating Apple on OpenGL. For tips there's zypper for package management, cmp for comparing files, UFW for firewall simplicity, and a quick primer on how Wine handles serial ports! Catch the show notes at https://bit.ly/49z3PDs and enjoy the show! Host: Jonathan Bennett Co-Hosts: Rob Campbell, Ken McDonald, and Jeff Massie Want access to the video version and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.

Nginx is forked, Broadcom/VMware kills ESXi, dedup is finally fixed in ZFS, using multiple network interfaces on a NAS, and more.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News announcing freenginx.org Broadcom-owned VMware kills the free version of ESXi virtualization software OpenZFS Native Encryption Use […]

Nginx is forked, Broadcom/VMware kills ESXi, dedup is finally fixed in ZFS, using multiple network interfaces on a NAS, and more.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes   News announcing freenginx.org Broadcom-owned VMware kills the free version of ESXi virtualization software OpenZFS Native Encryption Use... Read More

Scott and Wes talk about the benefits of owning your own PaaS (platform as a service), the main alternatives in the space, and ways to make passion projects more financially viable. Show Notes 00:00 Welcome to Syntax! 01:12 Brought to you by Sentry.io. 01:56 What is a PaaS? NGINX 04:21 Challenges with payment structures. Render 07:02 What is Kubernetes? Kubernetes 07:51 What are the differences between Kubernetes and Docker? Docker Swarm 09:15 Reasons to own your own PaaS. Nelify Bluehost 15:05 “Pokémon or Web Service” Original 150 Pokémon Characters 16:49 The players and their pros and cons. 18:51 Where can you host these services? 19:47 Kubero. Kubero 21:50 Coolify. Coolify Coolify pricing 28:15 Caprover. Caprover 29:03 Dokku. Dokku Shokku Ledokku Atlas Nixpacks 32:53 Piku. Piku 33:24 Cuber. Cuber 34:13 Acorn. Acorn Coolify creator, Andras Bacsai on X 36:44 The challenges of hosting your own PaaS. 38:46 Jekyll ran on a PC under a desk. Jekyll 39:36 Sometimes less is, in fact, more. 40:09 Final thoughts. 45:03 Scott got Bun to work on Coolify. 51:01 Sick Picks + Shameless Plugs. Sick Picks Wes: GripStic Chip Bag Sealer Amazon, GripStic Chip Bag Sealer Aliexpress Scott: Caseta Diva Smart Dimmer Shameless Plugs Wes: Syntax YouTube Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott:X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Deploying Nextcloud the Nix way promises a paradise of reproducibility and simplicity. But is it just a painful trek through configuration hell? We built the dream Nextcloud using Nix and faced reality. Special Guest: Alex Kretzschmar.

In this New Stack Makers podcast, Mike Stefaniak, senior product manager at NGINX and Kate Osborn, a software engineer at NGINX discusses challenges associated with network ingress in Kubernetes clusters and introduces the Kubernetes Gateway API as a solution. Stefaniak highlights the issues that arise when multiple teams work on the same ingress, leading to friction and incidents. NGINX has also introduced the NGINX Gateway Fabric, implementing the Kubernetes Gateway API as an alternative to network ingress. The Kubernetes Gateway API, proposed four years ago and recently made generally available, offers advantages such as extensibility. It allows referencing policies with custom resource definitions for better validation, avoiding the need for annotations. Each resource has an associated role, enabling clean application of role-based access control policies for enhanced security.While network ingress is prevalent and mature, the Kubernetes Gateway API is expected to find adoption in greenfield projects initially. It has the potential to unite North-South and East-West traffic, offering a role-oriented API for comprehensive control over cluster traffic. The article encourages exploring the Kubernetes Gateway API and engaging with the community to contribute to its development.Learn more from The New Stack about NGINX and the open source Kubernetes Gateway API:Kubernetes API Gateway 1.0 Goes Live, as Maintainers Plan for The Future API Gateway, Ingress Controller or Service Mesh: When to Use What and Why Ingress Controllers or the Kubernetes Gateway API? Which is Right for You?  Join our community of newsletter subscribers to stay on top of the news and at the top of your game.    

In episode 40 of The Kubelist Podcast, Marc and Benjie speak with open source pioneer Dave McAllister. Dave shares stories and lessons from his 40-year career in tech including working for DEC, NASA, Adobe, Red Hat, Splunk, and NGINX. Additionally, they discuss Linux's rise to popularity in the early days of open source, SGI's contribution to modern cinematic effects, predictions around AI, and the overlap of open source and LLMs.

In episode 40 of The Kubelist Podcast, Marc and Benjie speak with open source pioneer Dave McAllister. Dave shares stories and lessons from his 40-year career in tech including working for DEC, NASA, Adobe, Red Hat, Splunk, and NGINX. Additionally, they discuss Linux's rise to popularity in the early days of open source, SGI's contribution to modern cinematic effects, predictions around AI, and the overlap of open source and LLMs.

Today I am speaking with Kevin Jones, Developer Relations Engineer at Edge & Node, a core development team actively contributing to The Graph. Although Kevin is a fresh addition to the Edge & Node team, his presence has already been felt significantly through his engagement in hackathons and leadership of key initiatives.In this engaging conversation, Kevin unveils his captivating career journey. He takes us from his early studies in graphic design through a stint in retail, working in sales at Best Buy – a chapter that included an adventure living in Hawaii. We then explore his trajectory to becoming a well-regarded thought leader within the Ethereum ecosystem, a journey that included some time at the industry-leading NGINX.Kevin also shares the pivotal moments when he encountered The Graph and made the transition to full-time work in web3. He provides insights into his role at Edge & Node and dives into some of the transformative initiatives he is driving. Throughout, Kevin offers valuable insights into open source projects, Scaffold-ETH, BuildersDAO – a new DAO within The Graph ecosystem – and the sources of his drive and determination. Show Notes and TranscriptsThe GRTiQ Podcast takes listeners inside web3 and The Graph (GRT) by interviewing members of the ecosystem.  Please help support this project and build the community by subscribing and leaving a review.Twitter: GRT_iQwww.GRTiQ.com 

4 Months of BSD, Self Hosted Calendar and address Book, Ban scanners IPs from OpenSMTP logs, Self-hosted git page, Bastille template example, Restrict nginx Access by Geographical Location on FreeBSD, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines 4 Months of BSD (https://danterobinson.dev/BSD/4MonthsofBSD) Self Hosted Calendar and address Book (https://www.tumfatig.net/2023/self-hosted-calendar-and-addressbook-services-on-openbsd/) News Roundup Ban scanners IPs from OpenSMTP logs (https://dataswamp.org/~solene/2023-06-22-opensmtpd-block-attempts.html) Self-hosted git page with stagit (featuring ed, the standard editor) (https://sebastiano.tronto.net/blog/2022-11-23-git-host/) Bastille template example (https://bastillebsd.org/blog/2022/01/03/bastille-template-examples-adguardhome/) Nginx: How to Restrict Access by Geographical Location on FreeBSD (https://herrbischoff.com/2021/05/nginx-how-to-restrict-access-by-geographical-location-on-freebsd/) Beastie Bits Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Chris - ARM (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/520/feedback/Chris%20-%20arm.md) Matthew - Groups (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/520/feedback/matthew%20-%20groups.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

Linux and FreeBSD Firewalls Part 1, Why Netflix Chose NGINX as the Heart of Its CDN, Protect your web servers against PHP shells and malwares, Installing and running Gitlab howto, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Linux vs. FreeBSD : Linux and FreeBSD Firewalls – The Ultimate Guide : Part 1 (https://klarasystems.com/articles/freebsd-linux-and-freebsd-firewalls/) Why Netflix Chose NGINX as the Heart of Its CDN (https://www.nginx.com/blog/why-netflix-chose-nginx-as-the-heart-of-its-cdn/) News Roundup FreeBSD: Protect your web servers against PHP shells and malwares (https://ozgurkazancci.com/freebsd-protect-your-web-server-against-php-shells-and-malwares/) HowTo: Installing and running Gitlab (https://forums.FreeBSD.org/threads/howto-installing-and-running-gitlab.89436/) Beastie Bits • [World built in 36 hours on a Pentium 4!](https://www.reddit.com/r/freebsd/comments/13undl9/world_built_in_36_hours_on_a_pentium_4/) • [Fart init](https://x61.sh/log/2023/05/23052023153621-fart-init.html](https://x61.sh/log/2023/05/23052023153621-fart-init.html) • [Organized Freebies](https://mwl.io/archives/22832) • [OpenSMTPD 7.3.0p0 released](http://undeadly.org/cgi?action=article;sid=20230617111340) • [shutdown/reboot now require membership of group _shutdown](http://undeadly.org/cgi?action=article;sid=20230620064255) • [Where does my computer get the time from?](https://dotat.at/@/2023-05-26-whence-time.html) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. *** Feedback/Questions sam - fav episodes (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/515/feedback/sam%20-%20fav%20episodes.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***

In this episode of Critical Thinking - Bug Bounty Podcast, we're back with Joel, fresh (haha) off of back-to-back live hack events in London and Seoul. We start with his recap of the events, and the different vibes of each LHE, then we dive into the technical thick of it, and talk web browsers, XSS vectors, new tools, CVSS 4, and much more than we can fit in this character limit. Just trust us when we say you don't want to miss it!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater______Episode 26 links:https://linke.to/Episode26Notes______Timestamps:(00:00:00) Introduction(00:04:10) LHE Vibes(00:07:45) "Hunting for NGINX alias traversals in the wild"(00:12:30) Various payouts in bug bounty programs(00:16:05) New XSS vectors and popovers(00:24:15) The "magical math element" in Firefox(00:27:15) LiveOverflow's research on HTML parsing quirks(00:32:10) Mr. Tux Racer, Woocommerce, and WordPress(00:40:00) Changes in the CVSS 4 draft spec(00:45:00) TomNomNom's new tool Jsluise(00:51:15) JavaScript's import function(00:55:30) Gareth Hayes' book "JavaScript for Hackers"(01:02:24) Injecting JavaScript variables(01:09:15) Prototype pollution(01:13:15) DOM clobbering(01:18:10) Exploiting HTML injection using meta and base tags(01:25:00) CSS Games(01:28:00) Base tags

In a wonderful blog, Kyle explores the pains he faced managing a Postgres instance for a startup he works for and how enabling partitioning sigintfically created wait events causing the backend and subsequently NGINX to through 500 errors. We discuss this in this video/podcast https://www.kylehailey.com/post/postgres-partition-pains-lockmanager-waits

Jean Yang, CEO of Akita Software, joins Corey on Screaming in the Cloud to discuss how she went from academia to tech founder, and what her company is doing to improve monitoring and observability. Jean explains why Akita is different from other observability & monitoring solutions, and how it bridges the gap from what people know they should be doing and what they actually do in practice. Corey and Jean explore why the monitoring and observability space has been so broken, and why it's important for people to see monitoring as a chore and not a hobby. Jean also reveals how she took a leap from being an academic professor to founding a tech start-up. About JeanJean Yang is the founder and CEO of Akita Software, providing the fastest time-to-value for API monitoring. Jean was previously a tenure-track professor in Computer Science at Carnegie Mellon University.Links Referenced: Akita Software: https://www.akitasoftware.com/ Aki the dog chatbot: https://www.akitasoftware.com/blog-posts/we-built-an-exceedingly-polite-ai-dog-that-answers-questions-about-your-apis Twitter: https://twitter.com/jeanqasaur TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. My guest today is someone whose company has… well, let's just say that it has piqued my interest. Jean Yang is the CEO of Akita Software and not only is it named after a breed of dog, which frankly, Amazon service namers could take a lot of lessons from, but it also tends to approach observability slash monitoring from a perspective of solving the problem rather than preaching a new orthodoxy. Jean, thank you for joining me.Jean: Thank you for having me. Very excited.Corey: In the world that we tend to operate in, there are so many different observability tools, and as best I can determine observability is hipster monitoring. Well, if we call it monitoring, we can't charge you quite as much money for it. And whenever you go into any environment of significant scale, we pretty quickly discover that, “What monitoring tool are you using?” The answer is, “Here are the 15 that we use.” Then you talk to other monitoring and observability companies and ask them which ones of those they've replace, and the answer becomes, “We're number 16.” Which is less compelling of a pitch than you might expect. What does Akita do? Where do you folks start and stop?Jean: We want to be—at Akita—your first stop for monitoring and we want to be all of the monitoring, you need up to a certain level. And here's the motivation. So, we've talked with hundreds, if not thousands, of software teams over the last few years and what we found is there is such a gap between best practice, what people think everybody else is doing, what people are talking about at conferences, and what's actually happening in software teams. And so, what software teams have told me over and over again, is, hey, we either don't actually use very many tools at all, or we use 15 tools in name, but it's you know, one [laugh] one person on the team set this one up, it's monitoring one of our endpoints, we don't even know which one sometimes. Who knows what the thresholds are really supposed to be. We got too many alerts one day, we turned it off.But there's very much a gap between what people are saying they're supposed to do, what people in their heads say they're going to do next quarter or the quarter after that and what's really happening in practice. And what we saw was teams are falling more and more into monitoring debt. And so effectively, their customers are becoming their monitoring and it's getting harder to catch up. And so, what Akita does is we're the fastest, easiest way for teams to quickly see what endpoints you have in your system—so that's API endpoints—what's slow and what's throwing errors. And you might wonder, okay, wait, wait, wait, Jean. Monitoring is usually about, like, logs, metrics, and traces. I'm not used to hearing about API—like, what do APIs have to do with any of it?And my view is, look, we want the most simple form of what might be wrong with your system, we want a developer to be able to get started without having to change any code, make any annotations, drop in any libraries. APIs are something you can watch from the outside of a system. And when it comes to which alerts actually matter, where do you want errors to be alerts, where do you want thresholds to really matter, my view is, look, the places where your system interfaces with another system are probably where you want to start if you've really gotten nothing. And so, Akita view is, we're going to start from the outside in on this monitoring. We're turning a lot of the views on monitoring and observability on its head and we just want to be the tool that you reach for if you've got nothing, it's middle of the night, you have alerts on some endpoint, and you don't want to spend a few hours or weeks setting up some other tool. And we also want to be able to grow with you up until you need that power tool that many of the existing solutions out there are today.Corey: It feels like monitoring is very often one of those reactive things. I come from the infrastructure world, so you start off with, “What do you use for monitoring?” “Oh, we wait till the help desk calls us and users are reporting a problem.” Okay, that gets you somewhere. And then it becomes oh, well, what was wrong that time? The drive filled up. Okay, so we're going to build checks in that tell us when the drives are filling up.And you wind up trying to enumerate all of the different badness. And as a result, if you leave that to its logical conclusion, one of the stories that I heard out of MySpace once upon a time—which dates me somewhat—is that you would have a shift, so there were three shifts working around the clock, and each one would open about 5000 tickets, give or take, for the monitoring alerts that wound up firing off throughout their infrastructure. At that point, it's almost, why bother? Because no one is going to be around to triage these things; no one is going to see any of the signal buried and all of that noise. When you talk about doing this for an API perspective, are you running synthetics against those APIs? Are you shimming them in order to see what's passing through them? What's the implementation side look like?Jean: Yeah, that's a great question. So, we're using a technology called BPF, Berkeley Packet Filter. The more trendy, buzzy term is EBPF—Corey: The EBPF. Oh yes.Jean: Yeah, Extended Berkeley Packet Filter. But here's the secret, we only use the BPF part. It's actually a little easier for users to install. The E part is, you know, fancy and often finicky. But um—Corey: SEBPF then: Shortened Extended BPF. Why not?Jean: [laugh]. Yeah. And what BPF allows us to do is passively watch traffic from the outside of a system. So, think of it as you're sending API calls across the network. We're just watching that network. We're not in the path of that traffic. So, we're not intercepting the traffic in any way, we're not creating any additional overhead for the traffic, we're not slowing it down in any way. We're just sitting on the side, we're watching all of it, and then we're taking that and shipping an obfuscated version off to our cloud, and then we're giving you analytics on that.Corey: One of the things that strikes me as being… I guess, a common trope is there are a bunch of observability solutions out there that offer this sort of insight into what's going on within an environment, but it's, “Step one: instrument with some SDK or some agent across everything. Do an entire deploy across your fleet.” Which yeah, people are not generally going to be in a hurry to sign up for. And further, you also said a minute ago that the idea being that someone could start using this in the middle of the night in the middle of an outage, which tells me that it's not, “Step one: get the infrastructure sparkling. Step two: do a global deploy to everything.” How do you go about doing that? What is the level of embeddedness into the environment?Jean: Yeah, that's a great question. So, the reason we chose BPF is I wanted a completely black-box solution. So, no SDKs, no code annotations. I wanted people to be able to change a config file and have our solution apply to anything that's on the system. So, you could add routes, you could do all kinds of things. I wanted there to be no additional work on the part of the developer when that happened.And so, we're not the only solution that uses BPF or EBPF. There's many other solutions that say, “Hey, just drop us in. We'll let you do anything you want.” The big difference is what happens with the traffic once it gets processed. So, what EBPF or BPF gives you is it watches everything about your system. And so, you can imagine that's a lot of different events. That's a lot of things.If you're trying to fix an incident in the middle of the night and someone just dumps on you 1000 pages of logs, like, what are you going to do with that? And so, our view is, the more interesting and important and valuable thing to do here is not make it so that you just have the ability to watch everything about your system but to make it so that developers don't have to sift through thousands of events just to figure out what went wrong. So, we've spent years building algorithms to automatically analyze these API events to figure out, first of all, what are your endpoints? Because it's one thing to turn on something like Wireshark and just say, okay, here are the thousand API calls, I saw—ten thousand—but it's another thing to say, “Hey, 500 of those were actually the same endpoint and 300 of those had errors.” That's quite a hard problem.And before us, it turns out that there was no other solution that even did that to the level of being able to compile together, “Here are all the slow calls to an endpoint,” or, “Here are all of the erroneous calls to an endpoint.” That was blood, sweat, and tears of developers in the night before. And so, that's the first major thing we do. And then metrics on top of that. So, today we have what's slow, what's throwing errors. People have asked us for other things like show me what happened after I deployed. Show me what's going on this week versus last week. But now that we have this data set, you can imagine there's all kinds of questions we can now start answering much more quickly on top of it.Corey: One thing that strikes me about your site is that when I go to akitasoftware.com, you've got a shout-out section at the top. And because I've been doing this long enough where I find that, yeah, you work at a company; you're going to say all kinds of wonderful, amazing aspirational things about it, and basically because I have deep-seated personality disorders, I will make fun of those things as my default reflexive reaction. But something that AWS, for example, does very well is when they announce something ridiculous on stage at re:Invent, I make fun of it, as is normal, but then they have a customer come up and say, “And here's the expensive, painful problem that they solved for us.”And that's where I shut up and start listening. Because it's a very different story to get someone else, who is presumably not being paid, to get on stage and say, “Yeah, this solved a sophisticated, painful problem.” Your shout-outs page has not just a laundry list of people saying great things about it, but there are former folks who have been on the show here, people I know and trust: Scott Johnson over at Docker, Gergely Orosz over at The Pragmatic Engineer, and other folks who have been luminaries in the space for a while. These are not the sort of people that are going to say, “Oh, sure. Why not? Oh, you're going to send me a $50 gift card in a Twitter DM? Sure I'll say nice things,” like it's one of those respond to a viral tweet spamming something nonsense. These are people who have gravitas. It's clear that there's something you're building that is resonating.Jean: Yeah. And for that, they found us. Everyone that I've tried to bribe to say good things about us actually [laugh] refused.Corey: Oh, yeah. As it turns out that it's one of those things where people are more expensive than you might think. It's like, “What, you want me to sell my credibility down the road?” Doesn't work super well. But there's something like the unsolicited testimonials that come out of, this is amazing, once people start kicking the tires on it.You're currently in open beta. So, I guess my big question for you is, whenever you see a product that says, “Oh, yeah, we solve everything cloud, on-prem, on physical instances, on virtual machines, on Docker, on serverless, everything across the board. It's awesome.” I have some skepticism on that. What is your ideal application architecture that Akita works best on? And what sort of things are you a complete nonstarter for?Jean: Yeah, I'll start with a couple of things we work well on. So, container platforms. We work relatively well. So, that's your Fargate, that's your Azure Web Apps. But that, you know, things running, we call them container platforms. Kubernetes is also something that a lot of our users have picked us up and had success with us on. I will say our Kubernetes deploy is not as smooth as we would like. We say, you know, you can install us—Corey: Well, that is Kubernetes, yes.Jean: [laugh]. Yeah.Corey: Nothing in Kubernetes is as smooth as we would like.Jean: Yeah, so we're actually rolling out Kubernetes injection support in the next couple of weeks. So, those are the two that people have had the most success on. If you're running on bare metal or on a VM, we work, but I will say that you have to know your way around a little bit to get that to work. What we don't work on is any Platform as a Service. So, like, a Heroku, a Lambda, a Render at the moment. So those, we haven't found a way to passively listen to the network traffic in a good way right now.And we also work best for unencrypted HTTP REST traffic. So, if you have encrypted traffic, it's not a non-starter, but you need to fall into a couple of categories. You either need to be using Kubernetes, you can run Akita as a sidecar, or you're using Nginx. And so, that's something we're still expanding support on. And we do not support GraphQL or GRPC at the moment.Corey: That's okay. Neither do I. It does seem these days that unencrypted HTTP API calls are increasingly becoming something of a relic, where folks are treating those as anti-patterns to be stamped out ruthlessly. Are you still seeing significant deployments of unencrypted APIs?Jean: Yeah. [laugh]. So, Corey—Corey: That is the reality, yes.Jean: That's a really good question, Corey, because in the beginning, we weren't sure what we wanted to focus on. And I'm not saying the whole deployment is unencrypted HTTP, but there is a place to install Akita to watch where it's unencrypted HTTP. And so, this is what I mean by if you have encrypted traffic, but you can install Akita as a Kubernetes sidecar, we can still watch that. But there was a big question when we started: should this be GraphQL, GRPC, or should it be REST? And I read the “State of the API Report” from Postman for you know, five years, and I still keep up with it.And every year, it seemed that not only was REST, remaining dominant, it was actually growing. So, [laugh] this was shocking to me as well because people said, well, “We have this more structured stuff, now. There's GRPC, there's GraphQL.” But it seems that for the added complexity, people weren't necessarily seeing the value and so, REST continues to dominate. And I've actually even seen a decline in GraphQL since we first started doing this. So, I'm fully on board the REST wagon. And in terms of encrypted versus unencrypted, I would also like to see more encryption as well. That's why we're working on burning down the long tail of support for that.Corey: Yeah, it's one of those challenges. Whenever you're deploying something relatively new, there's this idea that it should be forward-looking and you, on some level, want to modernize your architecture and infrastructure to keep up with it. An AWS integration story I see that's like that these days is, “Oh, yeah, generate an IAM credential set and just upload those into our system.” Yeah, the modern way of doing that is role assumption: to find a role and here's how to configure it so that it can do what we need to do. So, whenever you start seeing things that are, “Oh, yeah, just turn the security clock back in time a little bit,” that's always a little bit of an eyebrow raise.I can also definitely empathize with the joys of dealing with anything that even touches networking in a Lambda context. Building the Lambda extension for Tailscale was one of the last big dives I made into that area and I still have nightmares as a result. It does a lot of interesting things right up until you step off the golden path. And then suddenly, everything becomes yaks all the way down, in desperate need of shaving.Jean: Yeah, Lambda does something we want to handle on our roadmap, but I… believe we need a bigger team before [laugh] we are ready to tackle that.Corey: Yeah, we're going to need a bigger boat is very often [laugh] the story people have when they start looking at entire new architectural paradigms. So, you end up talking about working in containerized environments. Do you find that most of your deployments are living in cloud environments, in private data centers, some people call them private cloud. Where does the bulk of your user applications tend to live these days?Jean: The bulk of our user applications are in the cloud. So, we're targeting small to medium businesses to start. The reason being, we want to give our users a magical deployment experience. So, right now, a lot of our users are deploying in under 30 minutes. That's in no small part due to automations that we've built.And so, we initially made the strategic decision to focus on places where we get the most visibility. And so—where one, we get the most visibility, and two, we are ready for that level of scale. So, we found that, you know, for a large business, we've run inside some of their production environments and there are API calls that we don't yet handle well or it's just such a large number of calls, we're not doing the inference as well and our algorithms don't work as well. And so, we've made the decision to start small, build our way up, and start in places where we can just aggressively iterate because we can see everything that's going on. And so, we've stayed away, for instance, from any on-prem deployments for that reason because then we can't see everything that's going on. And so, smaller companies that are okay with us watching pretty much everything they're doing has been where we started. And now we're moving up into the medium-sized businesses.Corey: The challenge that I guess I'm still trying to wrap my head around is, I think that it takes someone with a particularly rosy set of glasses on to look at the current state of monitoring and observability and say that it's not profoundly broken in a whole bunch of ways. Now, where it all falls apart, Tower of Babelesque, is that there doesn't seem to be consensus on where exactly it's broken. Where do you see, I guess, this coming apart at the seams?Jean: I agree, it's broken. And so, if I tap into my background, which is I was a programming languages person in my very recently, previous life, programming languages people like to say the problem and the solution is all lies in abstraction. And so, computing is all about building abstractions on top of what you have now so that you don't have to deal with so many details and you got to think at a higher level; you're free of the shackles of so many low-level details. What I see is that today, monitoring and observability is a sort of abstraction nightmare. People have just taken it as gospel that you need to live at the lowest level of abstraction possible the same way that people truly believe that assembly code was the way everybody was going to program forevermore back, you know, 50 years ago.So today, what's happening is that when people think monitoring, they think logs, not what's wrong with my system, what do I need to pay attention to? They think, “I have to log everything, I have to consume all those logs, we're just operating at the level of logs.” And that's not wrong because there haven't been any tools that have given people any help above the level of logs. Although that's not entirely correct, you know? There's also events and there's also traces, but I wouldn't say that's actually lifting the level of [laugh] abstraction very much either.And so, people today are thinking about monitoring and observability as this full control, like, I'm driving my, like, race car, completely manual transmission, I want to feel everything. And not everyone wants to or needs to do that to get to where they need to go. And so, my question is, how far are can we lift the level of abstraction for monitoring and observability? I don't believe that other people are really asking this question because most of the other players in the space, they're asking what else can we monitor? Where else can we monitor it? How much faster can we do it? Or how much more detail can we give the people who really want the power tools?But the people entering the buyer's market with needs, they're not people—you don't have, like, you know, hordes of people who need more powerful tools. You have people who don't know about the systems are dealing with and they want easier. They want to figure out if there's anything wrong with our system so they can get off work and do other things with their lives.Corey: That, I think, is probably the thing that gets overlooked the most. It's people don't tend to log into their monitoring systems very often. They don't want to. When they do, it's always out of hours, middle of the night, and they're confronted with a whole bunch of upsell dialogs of, “Hey, it's been a while. You want to go on a tour of the new interface?”Meanwhile, anything with half a brain can see there's a giant spike on the graph or telemetry stop coming in.Jean: Yeah.Corey: It's way outside of normal business hours where this person is and maybe they're not going to be in the best mood to engage with your brand.Jean: Yeah. Right now, I think a lot of the problem is, you're either working with monitoring because you're desperate, you're in the middle of an active incident, or you're a monitoring fanatic. And there isn't a lot in between. So, there's a tweet that someone in my network tweeted me that I really liked which is, “Monitoring should be a chore, not a hobby.” And right now, it's either a hobby or an urgent necessity [laugh].And when it gets to the point—so you know, if we think about doing dishes this way, it would be as if, like, only, like, the dish fanatics did dishes, or, like, you will just have piles of dishes, like, all over the place and raccoons and no dishes left, and then you're, like, “Ah, time to do a thing.” But there should be something in between where there's a defined set of things that people can do on a regular basis to keep up with what they're doing. It should be accessible to everyone on the team, not just a couple of people who are true fanatics. No offense to the people out there, I love you guys, you're the ones who are really helping us build our tool the most, but you know, there's got to be a world in which more people are able to do the things you do.Corey: That's part of the challenge is bringing a lot of the fire down from Mount Olympus to the rest of humanity, where at some level, Prometheus was a great name from that—Jean: Yep [laugh].Corey: Just from that perspective because you basically need to be at that level of insight. I think Kubernetes suffers from the same overall problem where it is not reasonably responsible to run a Kubernetes production cluster without some people who really know what's going on. That's rapidly changing, which is for the better, because most companies are not going to be able to afford a multimillion-dollar team of operators who know the ins and outs of these incredibly complex systems. It has to become more accessible and simpler. And we have an entire near century at this point of watching abstractions get more and more and more complex and then collapsing down in this particular field. And I think that we're overdue for that correction in a lot of the modern infrastructure, tooling, and approaches that we take.Jean: I agree. It hasn't happened yet in monitoring and observability. It's happened in coding, it's happened in infrastructure, it's happened in APIs, but all of that has made it so that it's easier to get into monitoring debt. And it just hasn't happened yet for anything that's more reactive and more about understanding what the system is that you have.Corey: You mentioned specifically that your background was in programming languages. That's understating it slightly. You were a tenure-track professor of computer science at Carnegie Mellon before entering industry. How tied to what your area of academic speciality was, is what you're now at Akita?Jean: That's a great question and there are two answers to that. The first is very not tied. If it were tied, I would have stayed in my very cushy, highly [laugh] competitive job that I worked for years to get, to do stuff there. And so like, what we're doing now is comes out of thousands of conversations with developers and desire to build on the ground tools that I'm—there's some technically interesting parts to it, for sure. I think that our technical innovation is our moat, but is it at the level of publishable papers? Publishable papers are a very narrow thing; I wouldn't be able to say yes to that question.On the other hand, everything that I was trained to do was about identifying a problem and coming up with an out-of-the-box solution for it. And especially in programming languages research, it's really about abstractions. It's really about, you know, taking a set of patterns that you see of problems people have, coming up with the right abstractions to solve that problem, evaluating your solution, and then, you know, prototyping that out and building on top of it. And so, in that case, you know, we identified, hey, people have a huge gap when it comes to monitoring and observability. I framed it as an abstraction problem, how can we lift it up?We saw APIs as this is a great level to build a new level of solution. And our solution, it's innovative, but it also solves the problem. And to me, that's the most important thing. Our solution didn't need to be innovative. If you're operating in an academic setting, it's really about… producing a new idea. It doesn't actually [laugh]—I like to believe that all endeavors really have one main goal, and in academia, the main goal is producing something new. And to me, building a product is about solving a problem and our main endeavor was really to solve a real problem here.Corey: I think that it is, in many cases, useful when we start seeing a lot of, I guess, overflow back and forth between academia and industry, in both directions. I think that it is doing academia a disservice when you start looking at it purely as pure theory, and oh yeah, they don't deal with any of the vocational stuff. Conversely, I think the idea that industry doesn't have anything to learn from academia is dramatically misunderstanding the way the world works. The idea of watching some of that ebb and flow and crossover between them is neat to see.Jean: Yeah, I agree. I think there's a lot of academics I super respect and admire who have done great things that are useful in industry. And it's really about, I think, what you want your main goal to be at the time. Is it, do you want to be optimizing for new ideas or contributing, like, a full solution to a problem at the time? But it's there's a lot of overlap in the skills you need.Corey: One last topic I'd like to dive into before we call it an episode is that there's an awful lot of hype around a variety of different things. And right now in this moment, AI seems to be one of those areas that is getting an awful lot of attention. It's clear too there's something of value there—unlike blockchain, which has struggled to identify anything that was not fraud as a value proposition for the last decade-and-a-half—but it's clear that AI is offering value already. You have recently, as of this recording, released an AI chatbot, which, okay, great. But what piques my interest is one, it's a dog, which… germane to my interest, by all means, and two, it is marketed as, and I quote, “Exceedingly polite.”Jean: [laugh].Corey: Manners are important. Tell me about this pupper.Jean: Yeah, this dog came really out of four or five days of one of our engineers experimenting with ChatGPT. So, for a little bit of background, I'll just say that I have been excited about the this latest wave of AI since the beginning. So, I think at the very beginning, a lot of dev tools people were skeptical of GitHub Copilot; there was a lot of controversy around GitHub Copilot. I was very early. And I think all the Copilot people retweeted me because I was just their earlies—like, one of their earliest fans. I was like, “This is the coolest thing I've seen.”I've actually spent the decade before making fun of AI-based [laugh] programming. But there were two things about GitHub Copilot that made my jaw drop. And that's related to your question. So, for a little bit of background, I did my PhD in a group focused on program synthesis. So, it was really about, how can we automatically generate programs from a variety of means? From constraints—Corey: Like copying and pasting off a Stack Overflow, or—Jean: Well, the—I mean, that actually one of the projects that my group was literally applying machine-learning to terabytes of other example programs to generate new programs. So, it was very similar to GitHub Copilot before GitHub Copilot. It was synthesizing API calls from analyzing terabytes of other API calls. And the thing that I had always been uncomfortable with these machine-learning approaches in my group was, they were in the compiler loop. So, it was, you know, you wrote some code, the compiler did some AI, and then it spit back out some code that, you know, like you just ran.And so, that never sat well with me. I always said, “Well, I don't really see how this is going to be practical,” because people can't just run random code that you basically got off the internet. And so, what really excited me about GitHub Copilot was the fact that it was in the editor loop. I was like, “Oh, my God.”Corey: It had the context. It was right there. You didn't have to go tabbing to something else.Jean: Exactly.Corey: Oh, yeah. I'm in the same boat. I think it is basically—I've seen the future unfolding before my eyes.Jean: Yeah. Was the autocomplete thing. And to me, that was the missing piece. Because in your editor, you always read your code before you go off and—you know, like, you read your code, whoever code reviews your code reads your code. There's always at least, you know, two pairs of eyes, at least theoretically, reading your code.So, that was one thing that was jaw-dropping to me. That was the revelation of Copilot. And then the other thing was that it was marketed not as, “We write your code for you,” but the whole Copilot marketing was that, you know, it kind of helps you with boilerplate. And to me, I had been obsessed with this idea of how can you help developers write less boilerplate for years. And so, this AI-supported boilerplate copiloting was very exciting to me.And I saw that is very much the beginning of a new era, where, yes, there's tons of data on how we should be programming. I mean, all of Akita is based on the fact that we should be mining all the data we have about how your system and your code is operating to help you do stuff better. And so, to me, you know, Copilot is very much in that same philosophy. But our AI chatbot is, you know, just a next step along this progression. Because for us, you know, we collect all this data about your API behavior; we have been using non-AI methods to analyze this data and show it to you.And what ChatGPT allowed us to do in less than a week was analyze this data using very powerful large-language models and I have this conversational interface that both gives you the opportunity to check over and follow up on the question so that what you're spitting out—so what we're spitting out as Aki the dog doesn't have to be a hundred percent correct. But to me, the fact that Aki is exceedingly polite and kind of goofy—he, you know, randomly woofs and says a lot of things about how he's a dog—it's the right level of seriousness so that it's not messaging, hey, this is the end all, be all, the way, you know, the compiler loop never sat well with me because I just felt deeply uncomfortable that an AI was having that level of authority in a system, but a friendly dog that shows up and tells you some things that you can ask some additional questions to, no one's going to take him that seriously. But if he says something useful, you're going to listen. And so, I was really excited about the way this was set up. Because I mean, I believe that AI should be a collaborator and it should be a collaborator that you never take with full authority. And so, the chat and the politeness covered those two parts for me both.Corey: Yeah, on some level, I can't shake the feeling that it's still very early days there for Chat-Gipity—yes, that's how I pronounce it—and it's brethren as far as redefining, on some level, what's possible. I think that it's in many cases being overhyped, but it's solving an awful lot of the… the boilerplate, the stuff that is challenging. A question I have, though, is that, as a former professor, a concern that I have is when students are using this, it's less to do with the fact that they're not—they're taking shortcuts that weren't available to me and wanting to make them suffer, but rather, it's, on some level, if you use it to write your English papers, for example. Okay, great, it gets the boring essay you don't want to write out of the way, but the reason you write those things is it teaches you to form a story, to tell a narrative, to structure an argument, and I think that letting the computer do those things, on some level, has the potential to weaken us across the board. Where do you stand on it, given that you see both sides of that particular snake?Jean: So, here's a devil's advocate sort of response to it, is that maybe the writing [laugh] was never the important part. And it's, as you say, telling the story was the important part. And so, what better way to distill that out than the prompt engineering piece of it? Because if you knew that you could always get someone to flesh out your story for you, then it really comes down to, you know, I want to tell a story with these five main points. And in some way, you could see this as a playing field leveler.You know, I think that as a—English is actually not my first language. I spent a lot of time editing my parents writing for their work when I was a kid. And something I always felt really strongly about was not discriminating against people because they can't form sentences or they don't have the right idioms. And I actually spent a lot of time proofreading my friends' emails when I was in grad school for the non-native English speakers. And so, one way you could see this as, look, people who are not insiders now are on the same playing field. They just have to be clear thinkers.Corey: That is a fascinating take. I think I'm going to have to—I'm going to have to ruminate on that one. I really want to thank you for taking the time to speak with me today about what you're up to. If people want to learn more, where's the best place for them to find you?Jean: Well, I'm always on Twitter, still [laugh]. I'm @jeanqasaur—J-E-A-N-Q-A-S-A-U-R. And there's a chat dialog on akitasoftware.com. I [laugh] personally oversee a lot of that chat, so if you ever want to find me, that is a place, you know, where all messages will get back to me somehow.Corey: And we will, of course, put a link to that into the [show notes 00:35:01]. Thank you so much for your time. I appreciate it.Jean: Thank you, Corey.Corey: Jean Yang, CEO at Akita Software. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry insulting comment that you will then, of course, proceed to copy to the other 17 podcast tools that you use, just like you do your observability monitoring suite.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.