Podcasts about Node

Resilient Secure Backup Connectivity for SMB/Home Users Establishing resilient access to a home network via a second ISP may lead to unintended backdoors. Secure the access and make sure you have the visibility needed to detect abuse. https://isc.sans.edu/diary/Resilient%20Secure%20Backup%20Connectivity%20for%20SMB%20Home%20Users/31972 BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory An attacker with the ability to create service accounts may be able to manipulate these accounts to mark them as migrated accounts, inheriting all privileges the original account had access to. https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory Flaw in samlify That Opens Door to SAML Single Sign-On Bypass CVE-2025-47949 The samlify Node.js library does not verify SAML assertions correctly. It will consider the entire assertion valid, not just the original one. An attacker may use this to obtain additional privileges or authenticate as a different user https://www.endorlabs.com/learn/cve-2025-47949-reveals-flaw-in-samlify-that-opens-door-to-saml-single-sign-on-bypass

In this episode of Maintainable, Robby speaks with Joe Masilotti, an independent consultant who helps Rails teams ship mobile apps using Hotwire Native.Joe shares his perspective on what makes software maintainable—especially for consultants who need to onboard quickly. He explains why setup scripts often add unnecessary complexity, and how he evaluates a project's maintainability by how quickly he can go from clone to coding.Robby and Joe also discuss how hybrid mobile development can offer faster delivery, fewer bugs, and better long-term flexibility—especially when teams reuse their existing Rails web views. Joe explains how Hotwire Native allows teams to incrementally introduce native features without rewriting their entire app.Whether you're maintaining a mobile shell built two years ago or just starting to explore native development, Joe offers actionable advice on setting expectations, scoping client work, and navigating modern mobile tech stacks.⏱️ Episode Highlights[00:01:17] Onboarding as a Measure of MaintainabilityJoe shares how quickly he can spin up a Rails app often reflects how maintainable it is.[00:05:12] Being a Good Guest in Someone Else's CodebaseJoe outlines his ideal onboarding checklist and how he adapts to unfamiliar environments.[00:08:00] Setting Communication and Collaboration ExpectationsThe three questions Joe asks every client to understand how their team works.[00:13:02] Offering Opinions—Only Where InvitedWhy Joe stays scoped to the work he's hired for, even when tempted to fix more.[00:14:15] When Technical Debt Enters the ConversationJoe explains how debt discussions usually emerge after version one is shipped.[00:15:33] Who Should Read Hotwire Native for Rails DevelopersJoe describes the type of developer his book is written for and what it covers.[00:18:01] Choosing Native vs. Hybrid for Your Rails AppA framework comparison based on your current frontend architecture.[00:20:00] Introducing the Hotwire Native MindsetWhy logic belongs on the server and the client should stay thin.[00:21:00] Bridge Components: How Rails, iOS, and Android ConnectJoe walks through how native and web technologies pass data between layers.[00:24:00] Why Even a Web View-Based App is Worth ShippingThe practical benefits of discoverability, push notifications, and native APIs.[00:28:01] Replacing Unmaintainable Apps with Hotwire NativeJoe describes how hybrid rewrites often reduce mobile code by 90%.[00:31:33] Letting Go of Feature ParityWhy most clients end up cutting features they originally wanted to preserve.[00:32:18] Scoping and Estimating Project-Based WorkHow Joe uses repeatable patterns to price fixed-fee consulting engagements.[00:35:15] Using AI to Translate Between Tech StacksJoe shares how he leverages LLMs to explore unfamiliar languages like Kotlin.[00:42:26] Long-Term Maintainability and When to Touch the CodeWhy some apps don't need changes for years—and that's okay.[00:43:43] Why Hybrid Apps Are Easier to ReplaceJoe explains why hybrid apps are often more disposable and less risky than monolithic web apps.

In this week's episode, it's just me — Charles Max Wood — and I'm joined by the incredibly sharp and open-source-loving Aral Roca, direct from Barcelona! Aral's the creator of Brisa, a new full-stack web framework that flips the script on how we build modern web apps. If you thought the "another day, another framework" meme was played out... well, Brisa might just change your mind.Key Takeaways:-Brisa's Big Idea: It's designed to let you build web apps with minimal or zero JavaScript on the client side. Think HTML streaming, server actions, and components that render server-side first, but can gradually hydrate on the client.-Server-first FTW: Aral walks us through how Brisa handles server actions — even capturing click and scroll events on the server — using ideas inspired by HTMX, LiveView, and server components from frameworks like Next.js.-Tiny and Mighty: The whole framework is incredibly lightweight. Web components come in at just ~3 KB, and the built-in i18n system is under 1 KB!-From Idea to Reality: Aral started Brisa to scratch his own itch — building side projects and blogs without bloated front-end code. But now, others are using it too (yes, even in production!), including one travel agency that's gone all-in.-Multi-platform Future: Brisa has adapters in the works for Vercel, Node, and Deno — plus integration with Tauri for building native Android, iOS, and desktop apps from the same codebase.-What's Coming: Roadmap goals include improved hot reloads, more adapters, transitions, lazy-loaded components, and a better playground for developers to tinker with.Oh, and yes — Aral does parkour. For real.This episode is packed with deep technical insight and exciting potential for a new way to build web apps — especially for devs who love fast performance, server-rendering, and clean architecture.Become a supporter of this podcast: https://www.spreaker.com/podcast/javascript-jabber--6102064/support.

В этом выпуске: является ли 500-ый выпуск юбилейным, как погасить наводки-вибрации на вертушки, что нового в Node.js v24 и почему он будет LTS но пока не LTS, сэмплируем резервуары, выбираем между iPhone 11 Pro, iPhone 12 mini и iPhone 13 mini, выбираем правильный способ 2FA, закапываем SQL, а также обсуждаем темы слушателей. [00:03:17] Чему мы… Читать далее →

Blockchain DXB Podcast – 15th May EpisodeTitle: CPI Drops to 4-Year Low | Trump's $1.2 Trillion Middle East Play | Ethereum's Trillion Dollar Security | Ondo's Cross-Chain DvP | VanEck's NODE ETF

Node is back in the news with some noteworthy updates as v24 drops. It gets an upgrade to 13.6 for its V8 JavaScript engine, runs with npm version 11, and has more efficient implementation of the local storage API and test runner updates.Google has released its newest version of its Gemini AI model: Gemini 2.5 Pro Preview (I/O Edition), which claims to be the best model for front-end and UI development. To prove it, Google links to a site called the WebDev Arena (where Gemini 2.5 Pro Preview ranks #1), that lets users put in a prompt and then pits different AI models head to head to build a site based on the prompt. Figma just had their 2025 Config conference and unveiled a host of new offerings, including Figma Sites that lets folks design, prototype and publish with Figma, and Figma Make the AI prompting tool that can add functionality to a Figma mockup via natural language directions.News:Paige - Node 24 updatesJack - Figma Make and Figma Sites and conference demo videoTJ - Gemini 2.5 updates and WebDev ArenaBonus News:Take the first annual State of Devs surveyOpenAI agrees to buy Windsurf for $3BFire Starters:CSS reading-flow and reading-orderWhat Makes Us Happy this Week:Paige - Old Town Trolley ToursJack -  The Residence TV showTJ - ChatGPT helping with camera & video setupThanks as always to our sponsor, the Blue Collar Coder channel on YouTube. You can join us in our Discord channel, explore our website and reach us via email, or talk to us on X, Bluesky, or YouTube.Front-end Fire websiteBlue Collar Coder on YouTubeBlue Collar Coder on DiscordReach out via emailTweet at us on X @front_end_fireFollow us on Bluesky @front-end-fire.comSubscribe to our YouTube channel @Front-EndFirePodcast

Aprende Grafana y domina el monitoreo de datos en tiempo real

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 03/05 a 09/05.

Nesse episódio trouxemos as notícias e novidades do mundo da programação que nos chamaram atenção dos dias 03/05 a 09/05.

Gros épisode qui couvre un large spectre de sujets : Java, Scala, Micronaut, NodeJS, l'IA et la compétence des développeurs, le sampling dans les LLMs, les DTO, le vibe coding, les changements chez Broadcom et Red Hat ainsi que plusieurs nouvelles sur les licences open source. Enregistré le 7 mai 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-325.mp3 ou en vidéo sur YouTube. News Langages A l'occasion de JavaOne et du lancement de Java 24, Oracle lance un nouveau site avec des ressources vidéo pour apprendre le langage https://learn.java/ site plutôt à destination des débutants et des enseignants couvre la syntaxe aussi, y compris les ajouts plus récents comme les records ou le pattern matching c'est pas le site le plus trendy du monde. Martin Odersky partage un long article sur l'état de l'écosystème Scala et les évolutions du language https://www.scala-lang.org/blog/2025/03/24/evolving-scala.html Stabilité et besoin d'évolution : Scala maintient sa position (~14ème mondial) avec des bases techniques solides, mais doit évoluer face à la concurrence pour rester pertinent. Axes prioritaires : L'évolution se concentre sur l'amélioration du duo sécurité/convivialité, le polissage du langage (suppression des “rugosités”) et la simplification pour les débutants. Innovation continue : Geler les fonctionnalités est exclu ; l'innovation est clé pour la valeur de Scala. Le langage doit rester généraliste et ne pas se lier à un framework spécifique. Défis et progrès : L'outillage (IDE, outils de build comme sbt, scala-cli, Mill) et la facilité d'apprentissage de l'écosystème sont des points d'attention, avec des améliorations en cours (partenariat pédagogique, plateformes simples). Des strings encore plus rapides ! https://inside.java/2025/05/01/strings-just-got-faster/ Dans JDK 25, la performance de la fonction String::hashCode a été améliorée pour être principalement constant foldable. Cela signifie que si les chaînes de caractères sont utilisées comme clés dans une Map statique et immuable, des gains de performance significatifs sont probables. L'amélioration repose sur l'annotation interne @Stable appliquée au champ privé String.hash. Cette annotation permet à la machine virtuelle de lire la valeur du hash une seule fois et de la considérer comme constante si elle n'est pas la valeur par défaut (zéro). Par conséquent, l'opération String::hashCode peut être remplacée par la valeur de hash connue, optimisant ainsi les lookups dans les Map immuables. Un cas limite est celui où le code de hachage de la chaîne est zéro, auquel cas l'optimisation ne fonctionne pas (par exemple, pour la chaîne vide “”). Bien que l'annotation @Stable soit interne au JDK, un nouveau JEP (JEP 502: Stable Values (Preview)) est en cours de développement pour permettre aux utilisateurs de bénéficier indirectement de fonctionnalités similaires. AtomicHash, une implémentation Java d'une HashMap qui est thread-safe, atomique et non-bloquante https://github.com/arxila/atomichash implémenté sous forme de version immutable de Concurrent Hash Trie Librairies Sortie de Micronaut 4.8.0 https://micronaut.io/2025/04/01/micronaut-framework-4-8-0-released/ Mise à jour de la BOM (Bill of Materials) : La version 4.8.0 met à jour la BOM de la plateforme Micronaut. Améliorations de Micronaut Core : Intégration de Micronaut SourceGen pour la génération interne de métadonnées et d'expressions bytecode. Nombreuses améliorations dans Micronaut SourceGen. Ajout du traçage de l'injection de dépendances pour faciliter le débogage au démarrage et à la création des beans. Nouveau membre definitionType dans l'annotation @Client pour faciliter le partage d'interfaces entre client et serveur. Support de la fusion dans les Bean Mappers via l'annotation @Mapping. Nouvelle liveness probe détectant les threads bloqués (deadlocked) via ThreadMXBean. Intégration Kubernetes améliorée : Mise à jour du client Java Kubernetes vers la version 22.0.1. Ajout du module Micronaut Kubernetes Client OpenAPI, offrant une alternative au client officiel avec moins de dépendances, une configuration unifiée, le support des filtres et la compatibilité Native Image. Introduction d'un nouveau runtime serveur basé sur le serveur HTTP intégré de Java, permettant de créer des applications sans dépendances serveur externes. Ajout dans Micronaut Micrometer d'un module pour instrumenter les sources de données (traces et métriques). Ajout de la condition condition dans l'annotation @MetricOptions pour contrôler l'activation des métriques via une expression. Support des Consul watches dans Micronaut Discovery Client pour détecter les changements de configuration distribuée. Possibilité de générer du code source à partir d'un schéma JSON via les plugins de build (Gradle et Maven). Web Node v24.0.0 passe en version Current: https://nodejs.org/en/blog/release/v24.0.0 Mise à jour du moteur V8 vers la version 13.6 : intégration de nouvelles fonctionnalités JavaScript telles que Float16Array, la gestion explicite des ressources (using), RegExp.escape, WebAssembly Memory64 et Error.isError. npm 11 inclus : améliorations en termes de performance, de sécurité et de compatibilité avec les packages JavaScript modernes. Changement de compilateur pour Windows : abandon de MSVC au profit de ClangCL pour la compilation de Node.js sur Windows. AsyncLocalStorage utilise désormais AsyncContextFrame par défaut : offrant une gestion plus efficace du contexte asynchrone. URLPattern disponible globalement : plus besoin d'importer explicitement cette API pour effectuer des correspondances d'URL. Améliorations du modèle de permissions : le flag expérimental --experimental-permission devient --permission, signalant une stabilité accrue de cette fonctionnalité. Améliorations du test runner : les sous-tests sont désormais attendus automatiquement, simplifiant l'écriture des tests et réduisant les erreurs liées aux promesses non gérées. Intégration d'Undici 7 : amélioration des capacités du client HTTP avec de meilleures performances et un support étendu des fonctionnalités HTTP modernes. Dépréciations et suppressions : Dépréciation de url.parse() au profit de l'API WHATWG URL. Suppression de tls.createSecurePair. Dépréciation de SlowBuffer. Dépréciation de l'instanciation de REPL sans new. Dépréciation de l'utilisation des classes Zlib sans new. Dépréciation du passage de args à spawn et execFile dans child_process. Node.js 24 est actuellement la version “Current” et deviendra une version LTS en octobre 2025. Il est recommandé de tester cette version pour évaluer son impact sur vos applications. Data et Intelligence Artificielle Apprendre à coder reste crucial et l'IA est là pour venir en aide : https://kyrylo.org/software/2025/03/27/learn-to-code-ignore-ai-then-use-ai-to-code-even-better.html Apprendre à coder reste essentiel malgré l'IA. L'IA peut assister la programmation. Une solide base est cruciale pour comprendre et contrôler le code. Cela permet d'éviter la dépendance à l'IA. Cela réduit le risque de remplacement par des outils d'IA accessibles à tous. L'IA est un outil, pas un substitut à la maîtrise des fondamentaux. Super article de Anthropic qui essaie de comprendre comment fonctionne la “pensée” des LLMs https://www.anthropic.com/research/tracing-thoughts-language-model Effet boîte noire : Stratégies internes des IA (Claude) opaques aux développeurs et utilisateurs. Objectif : Comprendre le “raisonnement” interne pour vérifier capacités et intentions. Méthode : Inspiration neurosciences, développement d'un “microscope IA” (regarder quels circuits neuronaux s'activent). Technique : Identification de concepts (“features”) et de “circuits” internes. Multilinguisme : Indice d'un “langage de pensée” conceptuel commun à toutes les langues avant de traduire dans une langue particulière. Planification : Capacité à anticiper (ex: rimes en poésie), pas seulement de la génération mot par mot (token par token). Raisonnement non fidèle : Peut fabriquer des arguments plausibles (“bullshitting”) pour une conclusion donnée. Logique multi-étapes : Combine des faits distincts, ne se contente pas de mémoriser. Hallucinations : Refus par défaut ; réponse si “connaissance” active, sinon risque d'hallucination si erreur. “Jailbreaks” : Tension entre cohérence grammaticale (pousse à continuer) et sécurité (devrait refuser). Bilan : Méthodes limitées mais prometteuses pour la transparence et la fiabilité de l'IA. Le “S” dans MCP veut dire Securité (ou pas !) https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b La spécification MCP pour permettre aux LLMs d'avoir accès à divers outils et fonctions a peut-être été adoptée un peu rapidement, alors qu'elle n'était pas encore prête niveau sécurité L'article liste 4 types d'attaques possibles : vulnérabilité d'injection de commandes attaque d'empoisonnement d'outils redéfinition silencieuse de l'outil le shadowing d'outils inter-serveurs Pour l'instant, MCP n'est pas sécurisé : Pas de standard d'authentification Pas de chiffrement de contexte Pas de vérification d'intégrité des outils Basé sur l'article de InvariantLabs https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks Sortie Infinispan 15.2 - pre rolling upgrades 16.0 https://infinispan.org/blog/2025/03/27/infinispan-15-2 Support de Redis JSON + scripts Lua Métriques JVM désactivables Nouvelle console (PatternFly 6) Docs améliorées (métriques + logs) JDK 17 min, support JDK 24 Fin du serveur natif (performances) Guillaume montre comment développer un serveur MCP HTTP Server Sent Events avec l'implémentation de référence Java et LangChain4j https://glaforge.dev/posts/2025/04/04/mcp-client-and-server-with-java-mcp-sdk-and-langchain4j/ Développé en Java, avec l'implémentation de référence qui est aussi à la base de l'implémentation dans Spring Boot (mais indépendant de Spring) Le serveur MCP est exposé sous forme de servlet dans Jetty Le client MCP lui, est développé avec le module MCP de LangChain4j c'est semi independant de Spring dans le sens où c'est dépendant de Reactor et de ses interface. il y a une conversation sur le github d'anthropic pour trouver une solution, mais cela ne parait pas simple. Les fallacies derrière la citation “AI won't replace you, but humans using AI will” https://platforms.substack.com/cp/161356485 La fallacie de l'automatisation vs. l'augmentation : Elle se concentre sur l'amélioration des tâches existantes avec l'IA au lieu de considérer le changement de la valeur de ces tâches dans un nouveau système. La fallacie des gains de productivité : L'augmentation de la productivité ne se traduit pas toujours par plus de valeur pour les travailleurs, car la valeur créée peut être capturée ailleurs dans le système. La fallacie des emplois statiques : Les emplois sont des constructions organisationnelles qui peuvent être redéfinies par l'IA, rendant les rôles traditionnels obsolètes. La fallacie de la compétition “moi vs. quelqu'un utilisant l'IA” : La concurrence évolue lorsque l'IA modifie les contraintes fondamentales d'un secteur, rendant les compétences existantes moins pertinentes. La fallacie de la continuité du flux de travail : L'IA peut entraîner une réimagination complète des flux de travail, éliminant le besoin de certaines compétences. La fallacie des outils neutres : Les outils d'IA ne sont pas neutres et peuvent redistribuer le pouvoir organisationnel en changeant la façon dont les décisions sont prises et exécutées. La fallacie du salaire stable : Le maintien d'un emploi ne garantit pas un salaire stable, car la valeur du travail peut diminuer avec l'augmentation des capacités de l'IA. La fallacie de l'entreprise stable : L'intégration de l'IA nécessite une restructuration de l'entreprise et ne se fait pas dans un vide organisationnel. Comprendre le “sampling” dans les LLMs https://rentry.co/samplers Explique pourquoi les LLMs utilisent des tokens Les différentes méthodes de “sampling” : càd de choix de tokens Les hyperparamètres comme la température, top-p, et leur influence réciproque Les algorithmes de tokenisation comme Byte Pair Encoding et SentencePiece. Un de moins … OpenAI va racheter Windsurf pour 3 milliards de dollars. https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion l'accord n'est pas encore finalisé Windsurf était valorisé à 1,25 milliards l'an dernier et OpenAI a levé 40 milliards dernièrement portant sa valeur à 300 milliards Le but pour OpenAI est de rentrer dans le monde des assistants de code pour lesquels ils sont aujourd'hui absent Docker desktop se met à l'IA… ? Une nouvelle fonctionnalité dans docker desktop 4.4 sur macos: Docker Model Runner https://dev.to/docker/run-genai-models-locally-with-docker-model-runner-5elb Permet de faire tourner des modèles nativement en local ( https://docs.docker.com/model-runner/ ) mais aussi des serveurs MCP ( https://docs.docker.com/ai/mcp-catalog-and-toolkit/ ) Outillage Jetbrains défend la suppression des commentaires négatifs sur son assistant IA https://devclass.com/2025/04/30/jetbrains-defends-removal-of-negative-reviews-for-unpopular-ai-assistant/?td=rt-3a L'IA Assistant de JetBrains, lancée en juillet 2023, a été téléchargée plus de 22 millions de fois mais n'est notée que 2,3 sur 5. Des utilisateurs ont remarqué que certaines critiques négatives étaient supprimées, ce qui a provoqué une réaction négative sur les réseaux sociaux. Un employé de JetBrains a expliqué que les critiques ont été supprimées soit parce qu'elles mentionnaient des problèmes déjà résolus, soit parce qu'elles violaient leur politique concernant les “grossièretés, etc.” L'entreprise a reconnu qu'elle aurait pu mieux gérer la situation, un représentant déclarant : “Supprimer plusieurs critiques d'un coup sans préavis semblait suspect. Nous aurions dû au moins publier un avis et fournir plus de détails aux auteurs.” Parmi les problèmes de l'IA Assistant signalés par les utilisateurs figurent : un support limité pour les fournisseurs de modèles tiers, une latence notable, des ralentissements fréquents, des fonctionnalités principales verrouillées aux services cloud de JetBrains, une expérience utilisateur incohérente et une documentation insuffisante. Une plainte courante est que l'IA Assistant s'installe sans permission. Un utilisateur sur Reddit l'a qualifié de “plugin agaçant qui s'auto-répare/se réinstalle comme un phénix”. JetBrains a récemment introduit un niveau gratuit et un nouvel agent IA appelé Junie, destiné à fonctionner parallèlement à l'IA Assistant, probablement en réponse à la concurrence entre fournisseurs. Mais il est plus char a faire tourner. La société s'est engagée à explorer de nouvelles approches pour traiter les mises à jour majeures différemment et envisage d'implémenter des critiques par version ou de marquer les critiques comme “Résolues” avec des liens vers les problèmes correspondants au lieu de les supprimer. Contrairement à des concurrents comme Microsoft, AWS ou Google, JetBrains commercialise uniquement des outils et services de développement et ne dispose pas d'une activité cloud distincte sur laquelle s'appuyer. Vos images de README et fichiers Markdown compatibles pour le dark mode de GitHub: https://github.blog/developer-skills/github/how-to-make-your-images-in-markdown-on-github-adjust-for-dark-mode-and-light-mode/ Seulement quelques lignes de pure HTML pour le faire Architecture Alors, les DTOs, c'est bien ou c'est pas bien ? https://codeopinion.com/dtos-mapping-the-good-the-bad-and-the-excessive/ Utilité des DTOs : Les DTOs servent à transférer des données entre les différentes couches d'une application, en mappant souvent les données entre différentes représentations (par exemple, entre la base de données et l'interface utilisateur). Surutilisation fréquente : L'article souligne que les DTOs sont souvent utilisés de manière excessive, notamment pour créer des API HTTP qui ne font que refléter les entités de la base de données, manquant ainsi l'opportunité de composer des données plus riches. Vraie valeur : La valeur réelle des DTOs réside dans la gestion du couplage entre les couches et la composition de données provenant de sources multiples en formes optimisées pour des cas d'utilisation spécifiques. Découplage : Il est suggéré d'utiliser les DTOs pour découpler les modèles de données internes des contrats externes (comme les API), ce qui permet une évolution et une gestion des versions indépendantes. Exemple avec CQRS : Dans le cadre de CQRS (Command Query Responsibility Segregation), les réponses aux requêtes (queries) agissent comme des DTOs spécifiquement adaptés aux besoins de l'interface utilisateur, pouvant inclure des données de diverses sources. Protection des données internes : Les DTOs aident à distinguer et protéger les modèles de données internes (privés) des changements externes (publics). Éviter l'excès : L'auteur met en garde contre les couches de mapping excessives (mapper un DTO vers un autre DTO) qui n'apportent pas de valeur ajoutée. Création ciblée : Il est conseillé de ne créer des DTOs que lorsqu'ils résolvent des problèmes concrets, tels que la gestion du couplage ou la facilitation de la composition de données. Méthodologies Même Guillaume se met au “vibe coding” https://glaforge.dev/posts/2025/05/02/vibe-coding-an-mcp-server-with-micronaut-and-gemini/ Selon Andrey Karpathy, c'est le fait de POC-er un proto, une appli jetable du weekend https://x.com/karpathy/status/1886192184808149383 Mais Simon Willison s'insurge que certains confondent coder avec l'assistance de l'IA avec le vibe coding https://simonwillison.net/2025/May/1/not-vibe-coding/ Guillaume c'est ici amusé à développer un serveur MCP avec Micronaut, en utilisant Gemini, l'IA de Google. Contrairement à Quarkus ou Spring Boot, Micronaut n'a pas encore de module ou de support spécifique pour faciliter la création de serveur MCP Sécurité Une faille de sécurité 10/10 sur Tomcat https://www.it-connect.fr/apache-tomcat-cette-faille-activement-exploitee-seulement-30-heures-apres-sa-divulgation-patchez/ Une faille de sécurité critique (CVE-2025-24813) affecte Apache Tomcat, permettant l'exécution de code à distance Cette vulnérabilité est activement exploitée seulement 30 heures après sa divulgation du 10 mars 2025 L'attaque ne nécessite aucune authentification et est particulièrement simple à exécuter Elle utilise une requête PUT avec une charge utile Java sérialisée encodée en base64, suivie d'une requête GET L'encodage en base64 permet de contourner la plupart des filtres de sécurité Les serveurs vulnérables utilisent un stockage de session basé sur des fichiers (configuration répandue) Les versions affectées sont : 11.0.0-M1 à 11.0.2, 10.1.0-M1 à 10.1.34, et 9.0.0.M1 à 9.0.98 Les mises à jour recommandées sont : 11.0.3+, 10.1.35+ et 9.0.99+ Les experts prévoient des attaques plus sophistiquées dans les prochaines phases d'exploitation (upload de config ou jsp) Sécurisation d'un serveur ssh https://ittavern.com/ssh-server-hardening/ un article qui liste les configurations clés pour sécuriser un serveur SSH par exemple, enlever password authentigfication, changer de port, desactiver le login root, forcer le protocol ssh 2, certains que je ne connaissais pas comme MaxStartups qui limite le nombre de connections non authentifiées concurrentes Port knocking est une technique utile mais demande une approche cliente consciente du protocol Oracle admet que les identités IAM de ses clients ont leaké https://www.theregister.com/2025/04/08/oracle_cloud_compromised/ Oracle a confirmé à certains clients que son cloud public a été compromis, alors que l'entreprise avait précédemment nié toute intrusion. Un pirate informatique a revendiqué avoir piraté deux serveurs d'authentification d'Oracle et volé environ six millions d'enregistrements, incluant des clés de sécurité privées, des identifiants chiffrés et des entrées LDAP. La faille exploitée serait la vulnérabilité CVE-2021-35587 dans Oracle Access Manager, qu'Oracle n'avait pas corrigée sur ses propres systèmes. Le pirate a créé un fichier texte début mars sur login.us2.oraclecloud.com contenant son adresse email pour prouver son accès. Selon Oracle, un ancien serveur contenant des données vieilles de huit ans aurait été compromis, mais un client affirme que des données de connexion aussi récentes que 2024 ont été dérobées. Oracle fait face à un procès au Texas concernant cette violation de données. Cette intrusion est distincte d'une autre attaque contre Oracle Health, sur laquelle l'entreprise refuse de commenter. Oracle pourrait faire face à des sanctions sous le RGPD européen qui exige la notification des parties affectées dans les 72 heures suivant la découverte d'une fuite de données. Le comportement d'Oracle consistant à nier puis à admettre discrètement l'intrusion est inhabituel en 2025 et pourrait mener à d'autres actions en justice collectives. Une GitHub action très populaire compromise https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised Compromission de l'action tj-actions/changed-files : En mars 2025, une action GitHub très utilisée (tj-actions/changed-files) a été compromise. Des versions modifiées de l'action ont exposé des secrets CI/CD dans les logs de build. Méthode d'attaque : Un PAT compromis a permis de rediriger plusieurs tags de version vers un commit contenant du code malveillant. Détails du code malveillant : Le code injecté exécutait une fonction Node.js encodée en base64, qui téléchargeait un script Python. Ce script parcourait la mémoire du runner GitHub à la recherche de secrets (tokens, clés…) et les exposait dans les logs. Dans certains cas, les données étaient aussi envoyées via une requête réseau. Période d'exposition : Les versions compromises étaient actives entre le 12 et le 15 mars 2025. Tout dépôt, particulièrement ceux publiques, ayant utilisé l'action pendant cette période doit être considéré comme potentiellement exposé. Détection : L'activité malveillante a été repérée par l'analyse des comportements inhabituels pendant l'exécution des workflows, comme des connexions réseau inattendues. Réaction : GitHub a supprimé l'action compromise, qui a ensuite été nettoyée. Impact potentiel : Tous les secrets apparaissant dans les logs doivent être considérés comme compromis, même dans les dépôts privés, et régénérés sans délai. Loi, société et organisation Les startup the YCombinateur ont les plus fortes croissances de leur histoire https://www.cnbc.com/2025/03/15/y-combinator-startups-are-fastest-growing-in-fund-history-because-of-ai.html Les entreprises en phase de démarrage à Silicon Valley connaissent une croissance significative grâce à l'intelligence artificielle. Le PDG de Y Combinator, Garry Tan, affirme que l'ensemble des startups de la dernière cohorte a connu une croissance hebdomadaire de 10% pendant neuf mois. L'IA permet aux développeurs d'automatiser des tâches répétitives et de générer du code grâce aux grands modèles de langage. Pour environ 25% des startups actuelles de YC, 95% de leur code a été écrit par l'IA. Cette révolution permet aux entreprises de se développer avec moins de personnel - certaines atteignant 10 millions de dollars de revenus avec moins de 10 employés. La mentalité de “croissance à tout prix” a été remplacée par un renouveau d'intérêt pour la rentabilité. Environ 80% des entreprises présentées lors du “demo day” étaient centrées sur l'IA, avec quelques startups en robotique et semi-conducteurs. Y Combinator investit 500 000 dollars dans les startups en échange d'une participation au capital, suivi d'un programme de trois mois. Red Hat middleware (ex-jboss) rejoint IBM https://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html Les activités Middleware de Red Hat (incluant JBoss, Quarkus, etc.) vont être transférées vers IBM, dans l'unité dédiée à la sécurité des données, à l'IAM et aux runtimes. Ce changement découle d'une décision stratégique de Red Hat de se concentrer davantage sur le cloud hybride et l'intelligence artificielle. Mark Little explique que ce transfert était devenu inévitable, Red Hat ayant réduit ses investissements dans le Middleware ces dernières années. L'intégration vise à renforcer l'innovation autour de Java en réunissant les efforts de Red Hat et IBM sur ce sujet. Les produits Middleware resteront open source et les clients continueront à bénéficier du support habituel sans changement. Mark Little affirme que des projets comme Quarkus continueront à être soutenus et que cette évolution est bénéfique pour la communauté Java. Un an de commonhaus https://www.commonhaus.org/activity/253.html un an, démarré sur les communautés qu'ils connaissaient bien maintenant 14 projets et put en accepter plus confiance, gouvernance legère et proteger le futur des projets automatisation de l'administratif, stabiilité sans complexité, les developpeurs au centre du processus de décision ils ont besoins de members et supporters (financiers) ils veulent accueillir des projets au delà de ceux du cercles des Java Champions Spring Cloud Data Flow devient un produit commercial et ne sera plus maintenu en open source https://spring.io/blog/2025/04/21/spring-cloud-data-flow-commercial Peut-être sous l'influence de Broadcom, Spring se met à mettre en mode propriétaire des composants du portefeuille Spring ils disent que peu de gens l'utilisaent en mode OSS et la majorité venait d'un usage dans la plateforme Tanzu Maintenir en open source le coutent du temps qu'ils son't pas sur ces projets. La CNCF protège le projet NATS, dans la fondation depuis 2018, vu que la société Synadia qui y contribue souhaitait reprendre le contrôle du projet https://www.cncf.io/blog/2025/04/24/protecting-nats-and-the-integrity-of-open-source-cncfs-commitment-to-the-community/ CNCF : Protège projets OS, gouvernance neutre. Synadia vs CNCF : Veut retirer NATS, licence non-OS (BUSL). CNCF : Accuse Synadia de “claw back” (reprise illégitime). Revendications Synadia : Domaine nats.io, orga GitHub. Marque NATS : Synadia n'a pas transféré (promesse rompue malgré aide CNCF). Contestation Synadia : Juge règles CNCF “trop vagues”. Vote interne : Mainteneurs Synadia votent sortie CNCF (sans communauté). Support CNCF : Investissement majeur ($ audits, légal), succès communautaire (>700 orgs). Avenir NATS (CNCF) : Maintien sous Apache 2.0, gouvernance ouverte. Actions CNCF : Health check, appel mainteneurs, annulation marque Synadia, rejet demandes. Mais finalement il semble y avoir un bon dénouement : https://www.cncf.io/announcements/2025/05/01/cncf-and-synadia-align-on-securing-the-future-of-the-nats-io-project/ Accord pour l'avenir de NATS.io : La Cloud Native Computing Foundation (CNCF) et Synadia ont conclu un accord pour sécuriser le futur du projet NATS.io. Transfert des marques NATS : Synadia va céder ses deux enregistrements de marque NATS à la Linux Foundation afin de renforcer la gouvernance ouverte du projet. Maintien au sein de la CNCF : L'infrastructure et les actifs du projet NATS resteront sous l'égide de la CNCF, garantissant ainsi sa stabilité à long terme et son développement en open source sous licence Apache-2.0. Reconnaissance et engagement : La Linux Foundation, par la voix de Todd Moore, reconnaît les contributions de Synadia et son soutien continu. Derek Collison, PDG de Synadia, réaffirme l'engagement de son entreprise envers NATS et la collaboration avec la Linux Foundation et la CNCF. Adoption et soutien communautaire : NATS est largement adopté et considéré comme une infrastructure critique. Il bénéficie d'un fort soutien de la communauté pour sa nature open source et l'implication continue de Synadia. Finalement, Redis revient vers une licence open source OSI, avec la AGPL https://foojay.io/today/redis-is-now-available-under-the-agplv3-open-source-license/ Redis passe à la licence open source AGPLv3 pour contrer l'exploitation par les fournisseurs cloud sans contribution. Le passage précédent à la licence SSPL avait nui à la relation avec la communauté open source. Salvatore Sanfilippo (antirez) est revenu chez Redis. Redis 8 adopte la licence AGPL, intègre les fonctionnalités de Redis Stack (JSON, Time Series, etc.) et introduit les “vector sets” (le support de calcul vectoriel développé par Salvatore). Ces changements visent à renforcer Redis en tant que plateforme appréciée des développeurs, conformément à la vision initiale de Salvatore. Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 mai 2025 : GOSIM AI Paris - Paris (France) 7-9 mai 2025 : Devoxx UK - London (UK) 15 mai 2025 : Cloud Toulouse - Toulouse (France) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 22-23 mai 2025 : Flupa UX Days 2025 - Paris (France) 24 mai 2025 : Polycloud - Montpellier (France) 24 mai 2025 : NG Baguette Conf 2025 - Nantes (France) 3 juin 2025 : TechReady - Nantes (France) 5-6 juin 2025 : AlpesCraft - Grenoble (France) 5-6 juin 2025 : Devquest 2025 - Niort (France) 10-11 juin 2025 : Modern Workplace Conference Paris 2025 - Paris (France) 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12 juin 2025 : Positive Design Days - Strasbourg (France) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 19-21 juin 2025 : Drupal Barcamp Perpignan 2025 - Perpignan (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : Devfest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

This week's EYE ON NPI features a new 'everything' sensor, the Sensirion SEN66 Environmental Sensor Node (https://www.digikey.com/en/product-highlight/s/sensirion/environmental-sensor-node-sen6x) . This is a highly-anticipated update to the SEN5x (https://www.digikey.com/en/videos/s/sensirion/eye-on-npi-sen54-environmental-sensor-node) goes hard on gas sensing, with VOC, NOx and CO2 sensors built in. You can even update to the SEN68 and get formaldehyde HCHO sensing! What we like about this series is the complete solution for all kinds of environmental sensing with a single cable. Sensirion is one of our fav sensor companies: from classics like the SHT45 (https://www.adafruit.com/product/5665) to the popular SGP30 (https://www.adafruit.com/product/3709) and the high quality SCD30 (https://www.adafruit.com/product/4867) we have made breakouts for many-a-sensor from this company. Lately they've started to do fully integrated products - like the SEN5x series (https://www.digikey.com/en/videos/s/sensirion/eye-on-npi-sen54-environmental-sensor-node) that we covered earlier on EYE ON NPI. The SEN54 series has particulate matter (PM1, PM2.5, PM4, PM10) dust sensing, plus temperature, humidity, volatile organic compounds (VOCs), with the SEN55 adding NOx. We saw this sensor often paired with an SCD30 (https://www.digikey.com/short/d1h3t1n4) or SCD4x (https://www.digikey.com/short/zmh2zjz3) to add CO2 sensing. Those folks will like the look of the SEN6x series as now we get CO2 sensing in all but the lowest-cost SEN60. One thing to note with CO2 sensing is that once a week it needs to 'self-calibrated' by letting it sense fresh outdoor air which will be ~400ppm. This isn't a bad idea for your health either. Another new sensor added in the upcoming SEN68 is formaldehyde, which integrates the SFA30 (https://www.digikey.com/short/2d5fb8rt). If you've used the SEN5x series, (https://www.digikey.com/en/videos/s/sensirion/eye-on-npi-sen54-environmental-sensor-node) you're probably familiar with their connection interface: a JST GH 6-pin cable is used to connect and provide power and I2C data connection. However, one thing to note is that the cable is the same but the pinout has changed. Power is now 3.3V instead of 5.0 and there's no UART interface, so the SEL pin is not available. For that reason, if you'd like to use the same cable, go for it - but the circuitry will need to change...for example we're revising our SEN5x breakout (https://www.digikey.com/short/h0jffnm2)! We like that, just as with the SEN5x series, the SEN6x (https://www.digikey.com/en/product-highlight/s/sensirion/environmental-sensor-node-sen6x) uses plain I2C to communicate. This makes it easy to integrate with any microcontroller or microcomputer, and the added CRC helps avoid accidental data corruption from EMI or loose cables. The interface is not just to each individual sensor - there's only one I2C address and command structure and once you initialize the sensor you can read all values at once for 'timestamped' consistency. The commands are easy to implement, but if you want a head-start, check out the Sensirion GitHub account (https://github.com/Sensirion?q=sen6&type=all&language=&sort=), they have code in C and Python for a 5-minute quick start. Excited to check this fancy new combo-sensor out? You're in luck because DigiKey has the Sensirion SEN66 Environmental Sensor Node (https://www.digikey.com/short/0d4jt424) in stock right now for immediate shipment! Order today and DigiKey will ship it you in an instant - you will be sensing up a storm by tomorrow afternoon! See at DigiKey https://www.digikey.com/short/0d4jt424 See Sensiron's video https://www.digikey.com/api/videos/videoplayer/smallplayer/6371044300112 Visit the Adafruit shop online - http://www.adafruit.com ----------------------------------------- LIVE CHAT IS HERE! http://adafru.it/discord Subscribe to Adafruit on YouTube: http://adafru.it/subscribe New tutorials on the Adafruit Learning System: http://learn.adafruit.com/ -----------------------------------------

Aquest dimecres 7 de maig a les 10:30 h. Jonatan Aleman, tècnic de l'Àmbit de Turisme del Node Garraf ens detalla els resultats de la diagnosi realitzada que inclou el ‘Pla Estratègic per al Desenvolupament del Cicloturisme' a la comarca. Aquest estudi compta amb la participació de la Diputació de Barcelona i els sis ajuntaments de la comarca i pretén fer una diagnosi exhaustiva sobre el potencial del Garraf com a destinació cicloturística i veure quin seria l'impacte del seu desenvolupament. Es tracta d'un projecte aglutinador per a la comarca i com a model de desenvolupament per a un turisme més sostenible emmarcat dins els objectius ODS (Objectius de Desenvolupament Sostenible). podcast recorded with enacast.com

Aprende cómo crear una app con Vibe Coding y la IA de Hostinger Horizons.

Shiv is in conversation with Mathias Buus Madsen, CEO of Holepunch, Copenhagen. In this episode, Mathias shareshis journey into software development, beginning as a math student and evolving into a passionate advocate for peer-to-peer technology. He explains the foundational concepts behind peer-to-peer systems, their advantages over centralized models, and their applications in both personal and enterprise use. Mathias discusses how these decentralized systems enhance security, minimize infrastructure costs, and improve accessibility—especially for remote or underserved communities. He also compares peer-to-peer networking with blockchain, clarifying the distinct roles each technology plays. He touched on real-world applications of peer-to-peer tech, including its potential for rural connectivity and resilience in low-bandwidth environments. Mathias also reflects on his transition from hacker to entrepreneur, sharing insights into leadership, scaling a business, and the evolving landscape of decentralized internet solutions.As CEO of Holepunch, Mathias brings his passion and extensive expertise in open-source development to the fore, having published more than 1000 modules to npm, the Node.js package manager, totalling billions of downloads every month.Mathias Buus is a self taught JavaScript hacker from Copenhagen. He works full time on open source projects and has been working with Node.js since the 0.2 days. Mathias likes to work with P2P and distributed systems and is the author of more than 550 modules on npm, including some of the most popular ones for working with streams. In addition he has spoken about “mad science” projects at various conferences around the world.You can also see his Github here:https://github.com/mafintosh and more info on Pear Runtime here: https://docs.pears.com/. Youtube Channel: https://www.youtube.com/@Pears_p2pSocial - Mathias X: @mafintoshPears X: @Pears_p2pKeet X: @keet_io

J-Dog is the former maintainer of Bitcoin's Counterparty protocol – a role which he fulfilled for about 8 years. Under his stewardship, XCP witnessed the creation of legendary collections such as Spells of Genesis, Rare Pepes, and Fake Rares – even my Bitcoin Heads and Leftist Tears were created when he was the lead developer and he provided some useful advice. Today, J-Dog builds the FreeWallet.io Counterparty wallet and the TokenScan.io blockchain explorer (formerly Xchain.io). He maintains opinions which diverge from those of current maintainer Adam Krellenstein (who joined the show in S16 E14) and even claims that the Counterparty protocol was forked at block 866000. Time stamps: Introducing J-Dog (00:00:53) Counterparty's Founders (00:02:13) What is Counterparty? (00:03:19) History of Token Platforms (00:04:24) Creation of Dispensers (00:07:57) The Fork Controversy (00:09:50) User Reactions to Changes (00:12:42) Counterparty Classic (00:13:16) Current State of Dispensers (00:13:52) Ongoing FUD in the Community (00:14:41) Recent Developments (00:15:02) Control and Development (00:16:05) Token Scan and Exchange (00:17:25) Counterparty's Early Challenges (00:20:55) The use case for Bitcoin (00:23:16) Counterparty's missed opportunity (00:23:39) Community decision-making challenges (00:24:11) Smart contracts and security (00:25:27) Counterparty's innovative features (00:26:42) Evolution of Counterparty's focus (00:27:40) Concerns about asset transactions (00:28:19) The evolution of meme culture (00:29:26) Collecting Rare Pepes (00:31:03) Geolocation-based token distribution (00:32:04) Comparison to Pokémon Go (00:33:14) Current projects and developments (00:35:50) Citrea's zero-knowledge rollup (00:36:50) Counterparty's future on Layer Two (00:37:53) Current work and future vision (00:38:25) Community-driven development concerns (00:43:07) Consensus measurement in development (00:45:59) Consensus Gathering in Counterparty (00:46:39) Atomic Swaps Explained (00:49:42) Adoption of New Features (00:51:33) Counterparty vs Horizon Market (00:55:05) Impact of Ordinals on Counterparty (00:58:16) Integration of Ordinals with Counterparty (01:00:09) Fallout Among Developers (01:03:21) STAMPs vs Ordinals (01:04:34) Concerns About UTXO Set Bloat (01:07:45) Introduction to the UTXO Set Concerns (01:09:58) Turning Point on Stamps (01:10:48) Pixel Art and Compression Challenges (01:11:07) Nihilistic Moments in Bitcoin History (01:11:47) Innovations in Small Data Graphics (01:12:08) Future of Interoperability Among Protocols (01:13:38) Challenges in Ecosystem Integration (01:14:02) Islands of Unconnected Communities (01:15:35) Historical Significance of Bitcoin Artifacts (01:16:03) Hope for NFT Market Revival (01:17:38) Mixed Feelings on NFT Participation (01:18:37) Sponsor Plug for SideShift.ai (01:20:22) Counterparty Classic and Current Focus (01:22:55) Counterparty's Resilience (01:23:58) Future of Counterparty Protocol (01:24:59) Cultural Acceptance of On-Chain Data (01:27:42) Difference Between Counterparty Assets and Runes (01:28:18) Valuation of Vlad Head Cards (01:29:04) Scams in Low Liquidity Tokens (01:30:39) Concerns Over Domain Squatting (01:31:52) Counterparty Improvement Proposals (01:32:43) Creating an Asset Escrow Service (01:33:44) Resetting Asset Supply (01:34:42) Counterparty Wallet Quirks (01:35:21) Protocol Functionality Improvements (01:36:44) Funding Development through Donations (01:37:31) Betting System Revival (01:41:03) User Feedback on FreeWallet (01:44:24) Creating Exchange Markets (01:47:05) Transaction Fee Issues (01:48:19) Token Description Formatting (01:50:11) Multi-Send Transaction Challenges (01:51:14) User Interface Updates Needed (01:52:58) Mobile Wallet Development (01:53:34) Mobile Free Wallet Update (01:54:51) Free Wallet Confusion (01:55:01) Counterparty's Future (01:56:02) Investment Needs for Counterparty (01:57:18) Competing Visions for Counterparty (01:58:56) Message to Counterparty Team (01:59:46) Community Engagement (02:01:14) Running a Counterparty Node (02:03:37) Hardware Requirements (02:05:06) Importance of Running a Node (02:06:18) Closing Remarks (02:07:39)

Scrimba is just starting to release fullstack/backend courses. They're going to be starting with 8 courses: Suppabase, Command Line Basics, Express, SQL, Nuxt, Vite, Next, and Node. I shared my honest thoughts on some of the courses, who they're for, and what part of your journey you should consider going through them.---------------------------------------------------

In this JCO Article Insights episode, host Jospeh Mathew summaries Pancreatic Adenocarcinoma: Long-Term Outcomes of Adjuvant Therapy in the ESPAC4 Phase III Trial, by Palmer, et al published December 5, 2024. Transcript Joseph Matthew: Hello and welcome to the Journal of Clinical Oncology Article Insights. I'm your host, Joseph Matthew, and today we will be discussing the article "Long-Term Survival in Resected Pancreatic Ductal Adenocarcinoma with Adjuvant Gemcitabine plus Capecitabine Compared to Modified FOLFIRINOX from the ESPAC-4 and the PRODIGE 24 Trials" by Dr. Palmer et al. To summarize the relevant evidence, the ESPAC-4 was a European phase 3 multicenter randomized clinical trial published in 2017 comparing adjuvant gemcitabine and capecitabine (GemCap) with gemcitabine monotherapy following macroscopic margin-negative resections for operable pancreatic ductal adenocarcinoma (PDAC). The trial had included non-metastatic patients aged 18 years or older, World Health Organization (WHO) performance scores of 2 or less, creatinine clearance of at least 50 mL/min, and a life expectancy of over three months who had not received any prior anticancer treatment. Patients who had undergone R2 resections were selectively excluded. Eligible participants were randomized 1:1 within 12 weeks of pancreatectomy to one of the two treatment arms, with chemotherapy initiated within two weeks from the date of randomization. The regimens involved six cycles, each lasting four weeks, for an overall duration of 24 weeks. In the monotherapy arm, gemcitabine dosed at 1 g/m² was given as an intravenous infusion once a week for three weeks, followed by one week off. In the GemCap arm, capecitabine dosed at 1660 mg/m² was added to gemcitabine, given daily for three weeks, followed by one week off. Patients were followed up every three months, with the primary endpoint being overall survival (OS). The study showed that at a median follow-up of 43.2 months, GemCap was associated with a significantly longer OS than gemcitabine alone. Subsequently, in 2018, the Phase 3 randomized PRODIGE 24 trial was conducted in centers across France and Canada, comparing adjuvant modified FOLFIRINOX (mFOLFIRINOX) with gemcitabine in a similar subset of patients with resected PDAC and reported longer OS with the mFOLFIRINOX regimen. This study, however, had more restrictive eligibility criteria when compared to ESPAC-4, including patients aged under 80 years, WHO performance status of 0 or 1, with no significant cardiovascular disease, and a postoperative serum CA 19-9 of less than 180 U/mL. There was hence a subset of ESPAC-4 patients who did not meet the eligibility criteria for mFOLFIRINOX as set by the PRODIGE 24. The present study was conducted to estimate the overall 5-year survival rates for patients of ESPAC-4 receiving GemCap and gemcitabine, further stratifying survival in either arm according to the status of the surgical margins (R status) and the resected nodes (N status), and also to investigate whether GemCap retained a survival benefit over gemcitabine in PRODIGE 24-ineligible patients. A total of 732 patients, evenly distributed between both arms, were followed up for a median period of 104 months. Adjuvant GemCap was found to retain its survival advantage over gemcitabine, with a significantly longer median OS of 31.6 months when compared to 28.4 months with gemcitabine alone. Further subgroup analysis was performed with reference to the resection margins and the nodal status. As a reminder, in the ESPAC-4 trial, 60% of patients were found to have microscopically positive margins (an R1 resection), and 80% were node-positive. The difference in survival was greater in patients undergoing microscopic margin-negative resections (R0) who experienced a median OS of 49.9 months with GemCap when compared to 32.2 months with gemcitabine. Node-negative patients also had a significantly greater 5-year OS rate with GemCap of 59% versus 53% with gemcitabine monotherapy. However, it is important to note that no significant difference in survival outcomes was observed in margin-positive (R1) or node-positive patients in the two arms. The investigators also evaluated GemCap in the subgroup of 193 patients (comprising 26.4% of the ESPAC-4 cohort) who were not considered to have met the eligibility criteria for PRODIGE 24. The survival benefit of combination therapy was retained in this group, with patients receiving GemCap experiencing a median survival of 25.9 months compared to 20.7 months with adjuvant gemcitabine. Although cross-trial comparisons have limited validity, good agreement was noted in adverse grade 3 or greater toxicity associated with the control gemcitabine arms of ESPAC-4 and PRODIGE 24, serving as the basis for a qualitative comparison of toxicities between mFOLFIRINOX and GemCap. Neutropenia was more prevalent in the GemCap arm, affecting 40.8% of patients compared to 28.4% with mFOLFIRINOX. However, granulocyte colony-stimulating factor (G-CSF) was administered to 62.2% of patients in PRODIGE 24. Palmar-plantar erythrodysesthesia (PPE) was also more prevalent with GemCap. Patients on mFOLFIRINOX were more likely to observe grade 3 or greater fatigue, diarrhea, nausea and vomiting, sensory peripheral neuropathy, and paresthesias. The investigators concluded that GemCap was the standard adjuvant treatment for patients with PDAC undergoing an upfront resection who were not feasible for mFOLFIRINOX. Further exploratory analysis revealed that patients under the age of 70 who had undergone a microscopic margin-negative (R0) resection for node-negative PDAC were likely to derive an OS benefit from the addition of capecitabine to gemcitabine in the adjuvant setting. In contrast, mFOLFIRINOX would be more effective than gemcitabine in patients with positive margins (R1) or involved nodes, as per the PRODIGE 24 trial. Thank you for listening to JCO Article Insights. Please come back for more interviews and article summaries, and be sure to leave us a rating and review so others can find our show. For more podcasts and episodes from ASCO, please visit ASCO.org/podcasts. The purpose of this podcast is to educate and to inform. This is not a substitute for professional medical care and is not intended for use in the diagnosis or treatment of individual conditions.   Guests on this podcast express their own opinions, experience, and conclusions. Guest statements on the podcast do not express the opinions of ASCO. The mention of any product, service, organization, activity, or therapy should not be construed as an ASCO endorsement.

Nina Polshakova is a software engineer at Solo.io, where she's worked on Istio and API Gateway projects. She's been part of the Kubernetes release team since v1.27 and is currently serving as the Release Lead for v1.33.   Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod - bluesky: @kubernetespodcast.com   News of the week 229 new things Google announced at Next 25 MCO: Multi-Cluster Orchestrator Golden Kubestronaut Cloud Native Platform Engineering Associate The kube-scheduler-simulator K0s and k0smotron are now CNCF Sandbox projects   Links from the interview Nina Polshakova Kubernetes Deprecation Policy Kubernetes Dev Google Group solo.io Istio API Gateway (General concept, linking to K8s Gateway API) Kubernetes Release Team GitHub Istio revisions Working in Public by Nadia Eghbal (Link to publisher's site about the book) Kubernetes Maintainers Read Mean Comments (KubeCon EU 2024) Kubernetes 1.33 release blog (Link to release announcement blog) Kubernetes Enhancement Proposals (KEPs) Sidecar Containers Multiple Service CIDR support (KEP link) Dynamic Resource Allocation (DRA) DRA support for partitioned devices (KEP link) DRA device taints and tolerations (KEP link) DRA: Prioritized Alternatives in Device Requests (KEP link) Kubernetes 1.33 sneak peak (Link to pre-release highlights) EndpointSlices API Kubernetes Gateway API node.status.nodeInfo.kubeProxyVersion is a lie (issue) KEP-4004: Deprecate the kubeProxyVersion field of v1.Node #4005 (KEP link) Kubelet Removal: Host network support for Windows pods (KEP link) Containerd SIG Windows HostProcess Containers (Windows) Removal: KEP-5040: Disable git_repo volume driver (KEP link) User Namespaces (Beta, Enabled by Default) CRI-O Runc In-place Resource Resize for Pods (Link to the alpha announcement, but now beta) Vertical Pod Autoscaler (VPA) KEP-5080: Ordered Namespace Deletion PyTorch Linkerd Terry Pratchett's Discworld series Tiffany Aching series Guards! Guards! Going Postal Kubernetes Slack New Contributor Orientation  

Freedom Dumlao (CTO at Vestmark) joins Robby to explore what it means to maintain software at scale—and why teams sometimes need to unlearn the hype.With two decades of experience supporting financial systems, Freedom shares how his team manages a Java monolith that oversees $1.6 trillion in assets. But what's most surprising? His story of how a team working on 70+ microservices rebuilt their platform as a single Ruby on Rails monolith—and started shipping faster than ever before.Episode Highlights[00:02:00] Why Respecting Legacy Code MattersFreedom reflects on a lesson he learned at Amazon: "Respect what came before." He discusses the value of honoring the decisions of past developers—especially when their context is unknown.[00:05:00] How Tests Help (and Where They Don't)Freedom discusses how tests can clarify system behavior but not always intent—especially when market logic or business-specific rules come into play.[00:07:00] The Value of Understudies in EngineeringFreedom shares how his team intentionally pairs subject matter experts with understudies to reduce risk and transfer knowledge.[00:09:30] Rethinking Technical DebtHe challenges the fear-based framing of technical debt, comparing it instead to a strategic mortgage.[00:17:00] From 70 Services to 1 MonolithAt FlexCar, Freedom led an unconventional rewrite—consolidating 70 Java microservices into a single Rails app. The result? A dramatic increase in velocity and ownership.[00:25:00] Choosing Rails Over Phoenix, Laravel, and DjangoAfter evaluating multiple frameworks, Rails' cohesiveness, Hotwire, and quick developer ramp-up made it the clear winner—even converting skeptical team members.[00:31:00] How Rails Changed Team DynamicsBy reducing dependency handoffs, the new Rails app enabled solo engineers to own complete features. The impact? Faster delivery and more engaged developers.[00:36:30] Why Rails Still Makes Sense at a 20-Year-Old CompanyEven with a large Java codebase, Vestmark uses Rails for rapid prototyping and new product development.[00:41:00] Using AI to Navigate Legacy SystemsFreedom explains how his team uses retrieval-augmented generation (RAG) to surface relevant code—but also the limitations of AI on older or less common codebases.[00:51:00] Seek Feedback, Not ConsensusFreedom explains why aiming for alignment slows teams down—and how decision-makers can be inclusive without waiting for full agreement.Links and ResourcesFreedom Dumlao on LinkedInVestmarkNo Rules RulesDungeon Crawler Carl seriesThanks to Our Sponsor!Turn hours of debugging into just minutes! AppSignal is a performance monitoring and error-tracking tool designed for Ruby, Elixir, Python, Node.js, Javascript, and other frameworks.It offers six powerful features with one simple interface, providing developers with real-time insights into the performance and health of web applications.Keep your coding cool and error-free, one line at a time! Use the code maintainable to get a 10% discount for your first year. Check them out! Subscribe to Maintainable on:Apple PodcastsSpotifyOr search "Maintainable" wherever you stream your podcasts.Keep up to date with the Maintainable Podcast by joining the newsletter.

In this episode of In-Ear Insights, the Trust Insights podcast, Katie and Chris discuss MCP (Model Context Protocol) and agentic marketing. You’ll learn how MCP connects AI tools to automate tasks—but also why technical expertise is essential to use it effectively. You’ll discover the three layers of AI adoption, from manual prompts to fully autonomous agents, and why skipping foundational steps leads to costly mistakes. You’ll see why workflow automation (like N8N) is the bridge to agentic AI, and how to avoid falling for social media hype. Finally, you’ll get practical advice on staying ahead without drowning in tech overwhelm. Watch now to demystify AI's next big thing! Watch the video here: Can’t see anything? Watch it on YouTube here. Listen to the audio here: https://traffic.libsyn.com/inearinsights/tipodcast-what-is-mcp-agentic-ai-generative-ai.mp3 Download the MP3 audio here. Need help with your company’s data and analytics? Let us know! Join our free Slack group for marketers interested in analytics! [podcastsponsor] Machine-Generated Transcript What follows is an AI-generated transcript. The transcript may contain errors and is not a substitute for listening to the episode. Christopher S. Penn – 00:00 In this week’s In-Ear Insights, let’s talk about MCP—Model Context Protocol—and its applications for marketing and what it means. Katie, you said you have questions. Katie Robbert – 00:13 I do. I saw you posted in our free Slack group, Analytics for Marketers, towards the end of last week that one of the models had MCP available. When I see notifications like that, my first thought is: Is this something I need to pay attention to? Usually, you’re really good about letting me know, but I am a fully grown human who needs to be responsible for what I should be paying attention to and not just relying on the data scientist on my team. That was my first gut reaction—which is fair, because you’re a busy person. I like to keep you very busy, and you don’t always have time to let me know what I should be paying attention to. So that was problem one. Problem number two is, yes, you post things typically ahead of when they become more commonplace announcements. I saw a post this morning that I shared with you about MCP and agentic marketing processes, and how it’s going to replace your SEO if you’re doing traditional SEO. For some reason, that raised all of my insecurities and anxieties. Oh my gosh, I really am falling behind because I like to tell people about getting their foundation squared away. If I’m being really honest with myself, I think I focus on that because I feel so lost when I think about AI, agentic processes, MCP, N8N, and all these other things. So I’m like, let me focus on what I know best. But I am now in the boat where I feel like my boat is trailing behind the giant AI yacht. I’m dog-paddling to try to keep up, and I’m just not there. So help me understand a couple of things. One, what is MCP? Two, we’ve talked about agentic AI, but let’s talk about agentic marketing processes. And three, how is someone who isn’t in the weeds with AI every day supposed to not sit at their desk and cry over all of this? Those are big questions, so maybe let’s take them one at a time. All right, let’s start with: What is MCP? Christopher S. Penn – 02:36 Okay, MCP stands for Model Context Protocol. This is something initially advanced by Anthropic, the makers of Claude. It has since been adopted as a standard by OpenAI and now by Google. Sundar Pichai announced at Google Cloud Next last week that the Gemini family will adopt MCP. So what is this? It’s a way for a generative AI model to interface with other systems—a process called tool handling. MCP is a specific kind of tool. You create an MCP server that does stuff behind the scenes. It can be as simple as reading files from your disk or as complicated as using a bunch of SEO tools to optimize a page. It makes that keyword tool available in a tool like Claude Desktop. You could call the tool something like “Make a Katie Joke.” That would be the tool name. You would build an MCP server that talks to an LLM to do all these things behind the scenes. But in Claude, it would just appear as a little tool icon. You’d say, “Hey, Claude, use the Make a Katie Joke tool to make a joke that Katie would make,” and it would talk to that MCP server and kick off all these processes behind the scenes. So think of MCP as a kind of natural language API where, in a conversation with ChatGPT or Claude, you’d say, “Hey, write me some Google Ads with the Google Ads tool.” If you’ve built this tool for yourself or use one of the many free, open MCP servers available (which have data privacy issues), you can add new capabilities to generative AI that the tools don’t have on their own. The thing is, you still have to know what the tool does. You have to build it if it doesn’t exist, integrate it, and know when you should and shouldn’t use it. So as much as it may feel like you’re falling behind, believe it or not, your expertise is actually more important than ever for this. Even though we have MCP, N8N, and workflow automation, all that is software development. It still has to conform to the SDLC. You may not write code, but you better know the SDLC, or you’re going to waste a lot of time. Katie Robbert – 05:19 That’s helpful to know because, again, this may be—let me back up for a second. The information people share on social media is what they want you to see about them. They’re presenting their best selves. I understand that. I do that too as a representative of the company. That’s my job—to represent the best parts of what we do. And yet, my non-professional persona looks at what everyone else is sharing and thinks, Oh my gosh, I really am falling behind. And yet, here I am. My posts are right up there with the others. It’s like, no, I’m not. So I think that’s a little bit of the psychology of where a lot of people are feeling right now. We’re trying our best to look like we know what we’re talking about, but on a daily basis, we’re like, I have no idea what’s happening. So that’s part one. Now I understand what an MCP is. In a nutshell, it’s kind of like a connector between two systems. The commercial version is Zapier—a lot of marketers use Zapier. It’s like, how do I get my data from this place to that place? It transfers information from one system to another. Interestingly enough, I was at the animal shelter we work with yesterday, talking with the executive director. One of the problems she’s trying to solve is that she has literally hundreds of tabs in different spreadsheets of inventory at the shelter. They’re moving to a new shelter, and she’s trying to figure out where everything goes. I was describing to her a system—which doesn’t exist yet—that could include what you’re telling me is an MCP. In a very short version, I explained: We could take all your spreadsheets with all your tabs (which are basically your categories), put those into a database, and then layer generative AI on top of it with some system instructions. Your staff takes a picture of whatever’s been donated. Generative AI recognizes, Okay, that’s two bags of dog food, one thing of wet food, and some pee pads. It looks like those go in Room 121 with the other things, and it adds to the database. I was explaining this process without knowing what that connector was going to be. I said, Let me go back and talk to Chris about it. But I’m fairly certain that’s a thing that can exist. So it sounds like I was describing something I didn’t have the terminology for. Christopher S. Penn – 08:12 Exactly. Right now, here’s the thing—and this is something the LinkedIn hype crowd won’t tell you. As the average user, let me show you what the “getting started with MCP” quick start for non-technical users is. This is from Claude’s website: For Claude Desktop users, get started using MCP in Claude Desktop. First, install Claude Desktop. Second, go into the config file and edit this JSON. Katie Robbert – 08:41 You’ve already lost me. Christopher S. Penn – 08:42 Exactly. Oh, by the way, you also need Node.js on your computer for this to run properly. So when someone says MCP is the future and it’s so easy—well, yes, if you’re a technical person, that’s true. If you’re a non-technical person, this is useless because you’re not going to sit there and install Node.js just to configure a pre-built MCP server. You and your company—if you want to use these capabilities—need to have some IT resources because this is just straight-up IT. This isn’t even AI. This is just, Hey, you need these components in your kitchen before you can cook anything. As cool as MCP is (and believe me, it is very cool), it also has a very high technical bar of entry. So when you see somebody saying, Hey, this is the new AI-enabled MCP SEO, well, yes, that’s true. But what they’re not saying is, you’re probably not going to do this on your own if you’re a non-technical marketer. It’s a business ploy to say, You should hire us as your SEO firm because we’re AI-enabled and we know how to install MCP services. Like, yeah, I can do that too. I just don’t advertise it because it’s kind of a jerk move. Katie Robbert – 10:13 But I think that’s an important point to raise—not that you’re a jerk, but that a lot of us struggle with feeling like we’re not keeping up with AI because of these individuals—professionals, thought leaders, futurists, content creators—who put out this information: This is the future, this is how you’re going to do it. I can probably accurately describe agentic AI, but I couldn’t build it for you. And I think that’s where everyday marketers are struggling. Yeah, I think now I finally understand the concept, but I have no idea how to get started with the thing because there’s nothing out of the box for non-technical people. It’s all still, to your point, a lot of software development, a lot of IT. Even if it’s just installing things so you can get to the drag-and-drop, asking people to suddenly update their config file is maybe one step beyond their technical comfort zone. I just—I know the purpose of this episode is to understand more about MCP and agentic marketing, but I’m struggling to feel like I’m keeping up with being able to execute on all these things that are happening. Because every day, it’s something new, right? Christopher S. Penn – 11:54 So here’s how you get to MCP usage. First, you have to have the basics. Remember, we have the three layers we’ve talked about in the past: Done by you—You’re copy-pasting prompts. There’s nothing wrong with that, but it’s labor-intensive. If you’ve got a great prompt and a way of doing things that works, you’re already ahead of 95% of the crowd who’s still typing one-sentence prompts into ChatGPT. That’s step one. Done with you—How can you put that in some form of automation? We’ve talked about N8N in the past. I’ll give you an example: I put together a workflow for my newsletter where I say, Here’s my newsletter post. I want you to translate it into these four languages. It sends it to Google Gemini, then writes the updated versions back to my hard drive. This saves me about 20 minutes a week because I don’t have to copy-paste each prompt anymore. This is workflow automation. Done for you (Agentic)—To turn this into an MCP server (which makes it an agent, where I’m not part of the process at all), I’d add the MCP server node. Instead of saying, When manual start (when Chris clicks go), you’d have an MCP server that says, When a generative AI tool like Claude requests this, run the process. So, Claude would say, Hey, here’s this week’s newsletter—go make it. Claude Desktop would recognize there’s an Almost Timely Newsletter tool (an MCP server), send the request, the software would run, and when it’s done, it would send a message back to Claude saying, We’re done. That’s how MCP fits in. It takes the whole automation, puts it in a black box, and now it’s an agent. But you cannot build the agent without the workflow automation, and you cannot build the workflow automation without the standard operating procedure. If you don’t have that fundamental in place, you’re going to create garbage. Katie Robbert – 15:59 I think that’s also helpful because even just thinking about the step of translation—I’m assuming you didn’t just say, Hey, Gemini, translate this and accept whatever it gave back. You likely had to build system instructions that included, Translate it this way, then here’s how you’re going to double-check it, then here’s how you’re going to triple-check it. That to me is very helpful because you’re giving me confirmation that the foundational pieces still have to happen. And I think that’s where a lot of these content creators on social platforms talking about MCP and agentic AI are skipping that part of the conversation. Because, as we’ve said before, it’s not the fun stuff—it’s not the push-the-buttons, twist-the-knob, get-the-shiny-object part. It’s how you actually get things to work correctly. And that’s where, as a regular human, I get caught up in the hype: Oh, but they’re making it look so easy. You just do the thing. It’s like the people on social who post, Look how perfect my sourdough bread came out, but they’re not showing you the 17 loaves and five years of trial and error before this perfect loaf. Or they’re faking it with a mock background. I’m saying all this because I need that reminder—it’s all smoke and mirrors. There’s no shortcut for getting it done correctly. So when I see posts about agentic marketing systems and SEO and email marketing—You’re not even going to have to participate, and it’s going to get it right—I need that reminder that it’s all smoke and mirrors. That’s my therapy session for the morning. Christopher S. Penn – 18:33 And here’s the thing: If you have well-written standard operating procedures (SOPs) that are step-by-step, you can hand that to someone skilled at N8N to turn it into a workflow automation. But it has to be granular—Click here, then click here. That level of detail is so important. Once you have an SOP (your process), you turn it into workflow automation. Once the workflow automation works, you bolt on the MCP pieces, and now you have an agent. But here’s the danger: All these things use APIs, and APIs cost either time, money, or resources. I’m using Gemini’s free version, which Google trains on. If I was doing this for a client, I’d use the paid version (which doesn’t train), and the bills start coming in. Every API call costs money. If you don’t know what you’re doing and you haven’t perfected the process, you might end up with a five-figure server bill and wonder, What happened? Part of MCP construction and agentic AI is great development practices to make your code as efficient as possible. Otherwise, you’re going to burn a lot of money—and you may not even be cash-positive. Katie Robbert – 21:27 But look how fast it is! Look how cool it is! Christopher S. Penn – 21:36 It is cool. Katie Robbert – 21:38 Going back to the original question about MCP—I read a post this morning about agentic marketing systems using MCP and how it’s going to change the way you do SEO. It said it’s going to optimize your content, optimize for competitors, find keywords—all of which sounds really cool. But the way it was presented was like, Oh, duh, why am I not already doing this? I’m falling behind if I’m not letting the machines do my SEO for me and building these systems for my clients. This conversation has already made me feel better about where I am in terms of understanding and execution. Going back to—you still have to have those foundational pieces. Because agentic AI, MCPs, generative AI, shiny objects—it’s all just software development. Christopher S. Penn – 22:59 Exactly. It’s all software development. We’ve just gotten used to writing in natural language instead of code. The challenge with shiny objects is that the people promoting them correctly say, This is what’s possible. But at a certain point, even with agentic AI and MCP automations, it’s more efficient to go back to classical programming. N8N doesn’t scale as well as Python code. In the same way, a 3D printer is cool for making one thing at home, but if you want to make 10,000, classical injection molding is the way to go. New technology doesn’t solve old problems. Katie Robbert – 23:47 And yet, it’s going to happen. Well, I know we’re wrapping up this episode. This has been incredibly helpful and educational for me because every week there’s a new term, a new thing we’re being asked to wrap our heads around. As long as we can keep going back to It’s just software development, you still need the foundation, then I think myself and a lot of other people at my skill level are going to be like, Whew, okay, I can still breathe this week. I don’t have to panic just yet. Christopher S. Penn – 24:23 That said, at some point, we are going to have to make a training course on a system like N8N and workflow automation because it’s so valuable for the boring stuff—like keyword selection in SEO. Stay tuned for that. The best place to stay tuned for announcements from us is our free Slack group, Trust Insights AI Analytics for Marketers, where you and nearly 5,000 marketers are asking and answering each other’s questions every day about data science, analytics, and AI. Wherever you watch or listen to the show, if there’s a channel you’d rather have it on, go to trustinsights.ai/tipodcast to find us at all the places fine podcasts are served. Thanks for tuning in—I’ll talk to you on the next one! (Transcript ends with AI training permission notice.) Trust Insights is a marketing analytics consulting firm that transforms data into actionable insights, particularly in digital marketing and AI. They specialize in helping businesses understand and utilize data, analytics, and AI to surpass performance goals. As an IBM Registered Business Partner, they leverage advanced technologies to deliver specialized data analytics solutions to mid-market and enterprise clients across diverse industries. Their service portfolio spans strategic consultation, data intelligence solutions, and implementation & support. Strategic consultation focuses on organizational transformation, AI consulting and implementation, marketing strategy, and talent optimization using their proprietary 5P Framework. Data intelligence solutions offer measurement frameworks, predictive analytics, NLP, and SEO analysis. Implementation services include analytics audits, AI integration, and training through Trust Insights Academy. Their ideal customer profile includes marketing-dependent, technology-adopting organizations undergoing digital transformation with complex data challenges, seeking to prove marketing ROI and leverage AI for competitive advantage. Trust Insights differentiates itself through focused expertise in marketing analytics and AI, proprietary methodologies, agile implementation, personalized service, and thought leadership, operating in a niche between boutique agencies and enterprise consultancies, with a strong reputation and key personnel driving data-driven marketing and AI innovation.

Mercedes Bernard, Staff Software Engineer at Kit, joins Robby to talk about what it really means to write code that lasts—and who it should be written for.In this episode of Maintainable, Mercedes shares a thoughtful and practical perspective on working with legacy codebases, managing technical debt, and creating a team culture that values maintainability without fear or shame. Her guiding principle? Well-maintained software is friendly software—code that is understandable and approachable, especially for early-career developers.Together, they discuss how to audit and stabilize older systems, avoid full rewrites, and create consistent developer experiences in large applications. Mercedes reflects on her decade in consulting and how that shaped her approach to navigating incomplete documentation, missing historical context, and multiple competing patterns in a codebase. She breaks down different types of technical debt, explains why not all of it is inherently bad, and offers strategies for advocating for maintenance work across engineering and product teams.The conversation also touches on architecture patterns like job fan-out, measuring performance regressions, reducing infrastructure load, and building momentum for improvements even when leadership isn't actively prioritizing them.If you've ever felt overwhelmed by a messy project or struggled to justify maintenance work, this episode will leave you with a fresh mindset—and a few practical tactics—for making code more sustainable and inclusive.Episode Highlights[00:01:08] Defining Well-Maintained SoftwareMercedes explains her top metric: software that feels friendly, especially to early-career developers navigating the codebase for the first time.[00:03:00] What Friendly Code Actually Looks LikeShe shares why consistency, discoverability, and light documentation (like class comments or UML snippets) can make a huge difference.[00:05:00] Assessing Code Like a House TourMercedes introduces her metaphor of giving a house tour to evaluate code: does everything feel like it's in the right place—or is the stove in the cabinet?[00:06:53] Consulting Mindset: Being a Guest in the CodebaseWith a decade of consulting experience, Mercedes shares how she navigates legacy systems when historical context is long gone.[00:10:40] Stabilizing a Startup's Tangled ArchitectureShe walks through an in-depth case study where she helped a client with multiple abandoned services get back to stability—without a rewrite.[00:17:00] The Power of a One-Line FixMercedes shares how a missing check caused a job to fan out 30 million no-op background jobs a day—and how one line of code reduced that by 75%.[00:23:40] Why State Checks Belong EverywhereShe explains how defense-in-depth patterns help avoid job queue flooding and protect system resources early in the fan-out process.[00:24:59] Reframing Technical DebtNot all debt is bad. Mercedes outlines three types—intentional, evolutionary, and time-based—and how to approach each one differently.[00:28:00] Why Teams Fall Behind Without Realizing ItMercedes and Robby talk about communication gaps between engineers and product stakeholders—and why it's not always clear when tech debt starts piling up.[00:34:00] Quantifying Developer FrictionMercedes recommends expressing technical debt in terms of lost time, slow features, and increased cost rather than vague frustrations.[00:42:00] Getting Momentum Without PermissionHer advice to individual contributors: start small. Break down your frustrations into bite-sized RFCs or tickets and show the impact.[00:45:40] Letting the Team Drive StandardsMercedes encourages team-led conventions over top-down declarations, and explains why having any decision is better than indecision.[00:47:54] Recommended ReadingShe shares a surprising favorite: The Secret Life of Groceries, a systems-thinking deep dive into the grocery industry by Benjamin Lorr.Resources & Links

Te enseño como me convertí en millonario gracias a la programación

What happens when the multiverse needs a place to stash its worst offenders? Enter Carcery, the D&D plane that's more sentence than setting. In this deep-dive episode, the RPGBOT crew cracks open the lore, layers, and lethal threats of Carcery—a prison plane where hope goes to die and escape is barely more than a myth. Explore the distinct environments of its six terrifying layers, from the overgrown deathtrap of the Scarlet Jungle to the soul-freezing expanse of Agathys. Discover the twisted ecosystem of beings who call this place home—whether they want to or not—including cursed creatures like the Varguile, the war-worn Shrieking Terror, and the manipulative aristocrats known as Demodans. The crew also journeys into the cursed gate town of Cursed, where fugitives rot and secrets fester. Learn about the arcane mechanics of entering (and barely escaping) this cruel dimension, and what it means for your next dark fantasy campaign. Whether you're looking to trap your players or unleash nightmares into your world, this episode is packed with insights, lore hooks, and storytelling fuel that turns Carcery into more than just a backdrop—it becomes the villain. Links 2014 Dungeon Master's Guide (affiliate link) 2024 Dungeon Master's Guide (affiliate link) Mordenkainen's Tome of Foes (affiliate link) Forgotten Realms Wiki - Carceri Stormwrack (DnD 3.5) (affiliate link) RPGBOT.Podcast Episodes The Abyss Archeron Arcadia The Beastlands Bytopia Celestia The Ethereal Plane The Feywild Hell Part 1 Hell Part 2 Limbo Mechanus Pandemonium Key Takeaways Carcery is D&D's ultimate prison plane—a multiversal Alcatraz where escape is nearly impossible. The structure includes six unique layers: Othrus (the “least bad”), Minethus, Colithus, Porphatys, and the frostbitten hell of Agathys. Travel is a nightmare: planetoids float independently, and the River Styx flows through them but offers no connection. Creatures within Carcery include: Varguile: cursed flying heads with grotesque powers. Demodans: cunning, cursed rulers of the plane, who avoid the Blood War and rebirth painfully if slain outside Carcery. Shrieking Terrors: monstrous weapons of war echoing the cruelty of the plane itself. Carcery connects to the multiverse but remains separate, with theoretical ties to various Prime worlds. The gate town of Cursed is a trap of its own: Slows movement and instills dread. Ruled by Shattor Demodan Villegas Bazangar. Home to bizarre residents like a green hag who manages the dump and a copper dragon in hiding. Lurks the Node, a Cranium Rat collective that trades secrets about the Lady of Pain. Escape is mythic—requiring rare spells, artifacts, or god-tier intervention. Even demons and devils avoid Carcery, a place so grim it makes the Blood War look inviting. Looking to bring a new kind of horror to your campaign? Carcery is a storytelling goldmine wrapped in despair. Whether your party's breaking in, breaking out, or just trying to survive, this episode will leave you cursed—in the best way. If you enjoy the show, please rate and review us on Apple Podcasts, Spotify, or your favorite podcast app. It's a quick, free way to support the podcast, and helps us reach new listeners. If you love the show, consider joining us on Patreon, where backers at the $5 and above tiers get ad free access to RPGBOT.net and the RPGBOT.Podcast, can chat directly to members of the RPGBOT team and community on the RPGBOT.Discord, and can join us for live-streamed recordings. Support us on Amazon.com when you purchase products recommended in the show at the following link: https://amzn.to/3NwElxQ How to Find Us: In-depth articles, guides, handbooks, reviews, news on Tabletop Role Playing at RPGBOT.net Tyler Kamstra Twitter: @RPGBOTDOTNET Facebook: rpgbotbotdotnet Bluesky:rpgbot.bsky.social Ash Ely Professional Game Master on StartPlaying.Games Twitter: @GravenAshes YouTube@ashravenmedia Randall James @JackAmateur Amateurjack.com Producer Dan @Lzr_illuminati

We discuss common use cases and challenges for copying data between S3 buckets and S3-compatible object storage services. We share our experience building an open source Node.js CLI tool called S3-Migrate to efficiently migrate data with separate source and destination credentials. We cover performance considerations like streaming, chunk sizes, concurrency and parallelism.AWS Bites is brought to you in association with fourTheorem. If you need a friendly partner to support you and work with you to de-risk any AWS migration or development project, check them out at ⁠⁠⁠fourtheorem.com⁠⁠⁠In this episode, we mentioned the following resources:s3-migrate CLI tool: https://github.com/lmammino/s3-migrateDigitalOcean Spaces Object Storage: https://docs.digitalocean.com/products/spaces/Cloudflare R2: https://www.cloudflare.com/en-gb/developer-platform/products/r2/Backblaze B2: https://www.backblaze.com/cloud-storageWasabi Cloud Storage: https://wasabi.com/Linode / Akamai Object Storage: https://www.linode.com/products/object-storage/MinIO (Self-hosted S3-compatible storage): https://min.io/Basecamp / Hey's move away from S3: https://world.hey.com/dhh/it-s-five-grand-a-day-to-miss-our-s3-exit-b8293563AWS re:Post - How to move objects between S3 buckets: https://repost.aws/knowledge-center/move-objects-s3-bucketAWS Labs - Utility for S3 Migration: https://github.com/awslabs/utility-for-s3-migrations3s3mirror (Java-based tool): https://github.com/cobbzilla/s3s3mirrorrclone S3 Support: https://rclone.org/s3/knox-copy (Ruby-based, deprecated): https://github.com/goodeggs/knox-copyFlexify.io (paid cloud migration service): https://flexify.io/Do you have any AWS questions you would like us to address?Leave a comment here or connect with us on X/Twitter, BlueSky or LinkedIn:- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ | ⁠⁠https://bsky.app/profile/eoin.sh⁠⁠ | ⁠⁠https://www.linkedin.com/in/eoins/⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠⁠⁠⁠⁠ | ⁠⁠https://bsky.app/profile/loige.co⁠⁠ | ⁠⁠https://www.linkedin.com/in/lucianomammino/

What happens when the multiverse needs a place to stash its worst offenders? Enter Carcery, the D&D plane that's more sentence than setting. In this deep-dive episode, the RPGBOT crew cracks open the lore, layers, and lethal threats of Carcery—a prison plane where hope goes to die and escape is barely more than a myth. Explore the distinct environments of its six terrifying layers, from the overgrown deathtrap of the Scarlet Jungle to the soul-freezing expanse of Agathys. Discover the twisted ecosystem of beings who call this place home—whether they want to or not—including cursed creatures like the Varguile, the war-worn Shrieking Terror, and the manipulative aristocrats known as Demodans. The crew also journeys into the cursed gate town of Cursed, where fugitives rot and secrets fester. Learn about the arcane mechanics of entering (and barely escaping) this cruel dimension, and what it means for your next dark fantasy campaign. Whether you're looking to trap your players or unleash nightmares into your world, this episode is packed with insights, lore hooks, and storytelling fuel that turns Carcery into more than just a backdrop—it becomes the villain. Links 2014 Dungeon Master's Guide (affiliate link) 2024 Dungeon Master's Guide (affiliate link) Mordenkainen's Tome of Foes (affiliate link) Forgotten Realms Wiki - Carceri Stormwrack (DnD 3.5) (affiliate link) RPGBOT.Podcast Episodes The Abyss Archeron Arcadia The Beastlands Bytopia Celestia The Ethereal Plane The Feywild Hell Part 1 Hell Part 2 Limbo Mechanus Pandemonium Key Takeaways Carcery is D&D's ultimate prison plane—a multiversal Alcatraz where escape is nearly impossible. The structure includes six unique layers: Othrus (the “least bad”), Minethus, Colithus, Porphatys, and the frostbitten hell of Agathys. Travel is a nightmare: planetoids float independently, and the River Styx flows through them but offers no connection. Creatures within Carcery include: Varguile: cursed flying heads with grotesque powers. Demodans: cunning, cursed rulers of the plane, who avoid the Blood War and rebirth painfully if slain outside Carcery. Shrieking Terrors: monstrous weapons of war echoing the cruelty of the plane itself. Carcery connects to the multiverse but remains separate, with theoretical ties to various Prime worlds. The gate town of Cursed is a trap of its own: Slows movement and instills dread. Ruled by Shattor Demodan Villegas Bazangar. Home to bizarre residents like a green hag who manages the dump and a copper dragon in hiding. Lurks the Node, a Cranium Rat collective that trades secrets about the Lady of Pain. Escape is mythic—requiring rare spells, artifacts, or god-tier intervention. Even demons and devils avoid Carcery, a place so grim it makes the Blood War look inviting. Looking to bring a new kind of horror to your campaign? Carcery is a storytelling goldmine wrapped in despair. Whether your party's breaking in, breaking out, or just trying to survive, this episode will leave you cursed—in the best way. If you enjoy the show, please rate and review us on Apple Podcasts, Spotify, or your favorite podcast app. It's a quick, free way to support the podcast, and helps us reach new listeners. If you love the show, consider joining us on Patreon, where backers at the $5 and above tiers get ad free access to RPGBOT.net and the RPGBOT.Podcast, can chat directly to members of the RPGBOT team and community on the RPGBOT.Discord, and can join us for live-streamed recordings. Support us on Amazon.com when you purchase products recommended in the show at the following link: https://amzn.to/3NwElxQ How to Find Us: In-depth articles, guides, handbooks, reviews, news on Tabletop Role Playing at RPGBOT.net Tyler Kamstra Twitter: @RPGBOTDOTNET Facebook: rpgbotbotdotnet Bluesky:rpgbot.bsky.social Ash Ely Professional Game Master on StartPlaying.Games Twitter: @GravenAshes YouTube@ashravenmedia Randall James @JackAmateur Amateurjack.com Producer Dan @Lzr_illuminati

Evan Phoenix (@evanphx), CEO of Miren, joins Robby to explore the subtle but powerful difference between writing code that works and writing code that explains itself. They discuss the role of clarity in maintainable systems, why splitting a monolith can backfire, and what developers can learn from artists and tradespeople alike.Episode Highlights[00:01:30] What Makes Software Maintainable?Evan defines maintainability as how easily a newcomer can make a change with minimal context.[00:02:30] Why Business Logic Should Be ObviousA discussion on domain knowledge leakage and abstracting rules like “can we sell today?”[00:05:00] Programming 'Mouthfeel' and the Trap of PrefactoringEvan explains why prematurely optimizing for reuse can lead to unnecessary complexity.[00:07:00] When to Extract Logic: The Copy/Paste SignalA practical approach to identifying reusable components by spotting repeated code.[00:08:00] Technical Debt as a Reflection of Cognitive LoadWhy forgetting your own code doesn't automatically mean it's “bad” code.[00:10:30] Testing as Emotional InsuranceHow writing even basic checks can build team confidence—especially when test coverage is weak.[00:13:00] Daily Integration Tests: A Low-Pressure Safety NetUsing nightly integration runs to catch invisible bugs in complex systems.[00:14:00] Confidence > 100% Test CoverageWhy fast feedback loops matter more than aiming for exhaustive tests.[00:20:00] Splitting the Monolith: A Cautionary TaleEvan shares how decoupling apps without decoupling the database created chaos.[00:22:00] Shared Models, Split Repos, and Hidden PitfallsThe unexpected bugs that emerge when two apps maintain duplicate models and validations.[00:23:00] Better Alternatives to Splitting CodebasesHow separate deployments and tooling can mimic team separation without architectural debt.[00:28:00] The Hidden Cost of Diverging Business DomainsWhen apps evolve independently, business logic begins to drift—undermining consistency.[00:29:00] Building Miren and Staying MotivatedHow Evan approaches early-stage product development with curiosity and detachment.[00:36:00] How to Know When Your Open Source Project Is “Done”Reframing “dead” projects as complete—and why stability is often a feature.[01:01:00] Signals for Trusting Open Source DependenciesEvan's mental checklist for evaluating if a library is worth adopting.[01:07:00] The Importance of Hiring Junior DevelopersWhy investing in beginners is crucial for the future of our industry.[01:08:00] Book RecommendationsEvan recommends The Inner Game of Tennis and Snow Crash.Links and ResourcesEvan Phoenix's WebsiteEvan on GitHubEvan on MastodonBook RecommendationsThe Inner Game of Tennis (book)Snow Crash by Neal StephensonThanks to Our Sponsor!Turn hours of debugging into just minutes! AppSignal is a performance monitoring and error-tracking tool designed for Ruby, Elixir, Python, Node.js, Javascript, and other frameworks.It offers six powerful features with one simple interface, providing developers with real-time insights into the performance and health of web applications.Keep your coding cool and error-free, one line at a time! Use the code maintainable to get a 10% discount for your first year. Check them out! Subscribe to Maintainable on:Apple PodcastsSpotifyOr search "Maintainable" wherever you stream your podcasts.Keep up to date with the Maintainable Podcast by joining the newsletter.

In this episode, Austin sits down with Lei Yang of MegaLabs to explore the architecture behind MegaETH and its unique approach to enabling real-time blockchain applications. By specializing node roles and optimizing for high-frequency transactions, MegaETH tackles technical challenges like network latency and state propagation head-on. The conversation also delves into data flow models and the practical implementation of a scalable, high-performance Ethereum Layer 2 solution—designed to outperform the speed limitations of traditional finance systems.  DISCLAIMER The content herein is provided for educational, informational, and entertainment purposes only, and does not constitute an offer to sell or a solicitation of an offer to buy any securities, options, futures, or other derivatives related to securities in any jurisdiction, nor should not be relied upon as advice to buy, sell or hold any of the foregoing. This content is intended to be general in nature and is not specific to you, the user or anyone else. You should not make any decision, financial, investment, trading or otherwise, based on any of the information presented without undertaking independent due diligence and consultation with a professional advisor. Solana Foundation Foundation and its agents, advisors, council members, officers and employees (the “Foundation Parties”) make no representation or warranties, expressed or implied, as to the accuracy of the information herein and expressly disclaims any and all liability that may be based on such information or any errors or omissions therein. The Foundation Parties shall have no liability whatsoever, under contract, tort, trust or otherwise, to any person arising from or related to the content or any use of the information contained herein by you or any of your representatives. All opinions expressed herein are the speakers' own personal opinions and do not reflect the opinions of any entities. 

Leave feedback!Today I am speaking with Mickey Negus, the Senior Engineering Manager at Edge & Node who oversees Engineering Operations and Customer Success. This is Mickey's second appearance on the GRTiQ Podcast, having first joined us in November 2023 (Ep. 143) where she shared her journey into web3 and initial work at Edge & Node.After joining Edge & Node in 2022, Mickey has focused on revolutionizing how decentralized protocols provide technical support – transforming what was once a seven-day response window into a remarkably efficient three-minute median response time. Her approach goes beyond traditional support models, employing highly-skilled technical experts in frontline roles and coordinating support efforts across multiple organizations, time zones, and communication channels to meet the unique needs of a decentralized network.During our conversation, Mickey shares insights about The Graph's successful transition to Sunrise (moving all traffic from hosted services to the decentralized network), explains the critical differences between web2 and web3 support paradigms, and outlines her three-pillar support playbook for decentralized protocols. She also discusses how they've implemented AI tools for sentiment analysis, documentation improvement, and streamlining support operations across hundreds of concurrent conversations.Show Notes and TranscriptsThe GRTiQ Podcast takes listeners inside web3 and The Graph (GRT) by interviewing members of the ecosystem.  Please help support this project and build the community by subscribing and leaving a review.Twitter: GRT_iQwww.GRTiQ.com

Luca Casanato, member of the Deno core team, delves into the intricacies of debugging applications using Deno and OpenTelemetry. Discover how Deno's native integration with OpenTelemetry enhances application performance monitoring, simplifies instrumentation compared to Node.js, and unlocks new insights for developers! Links https://lcas.dev https://x.com/lcasdev https://github.com/lucacasonato https://mastodon.social/@lcasdev https://www.linkedin.com/in/luca-casonato-15946b156 We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Luca Casonato.

Spit is one of a recent flock of Australian films in cinemas at the moment (Inside, The Correspondent, Every Little Thing). Here we listen to star of Spit David Wenham in conversation with Edan Porter at a pre-release Q&A at the Rivoli.

Static Analysis of GUID Encoded Shellcode Didier explains how to decode shell code embeded as GUIDs in malware, and how to feed the result to his tool 1768.py which will extract Cobal Strike configuration information from the code. https://isc.sans.edu/diary/Static%20Analysis%20of%20GUID%20Encoded%20Shellcode/31774 SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries xml-crypto, a library use in Node.js applications to decode XML and support SAML, has found to parse comments incorrectly leading to several SAML vulnerabilities. https://workos.com/blog/samlstorm One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild A just made public deserialization vulnerablity in Tomcat is already being exploited. Contributing to the rapid exploit release is the similarity of this vulnerability to other Java deserializtion vulnerabilities. https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/ CVE-2025-24813 CSS Abuse for Evasion and Tracking Attackers are using cascading stylesheets to evade detection and enable more stealthy tracking of users https://blog.talosintelligence.com/css-abuse-for-evasion-and-tracking/

AWS Morning Brief for the week of March 17th, with Corey Quinn. Links:Amazon Bedrock now supports multi-agent collaborationAmazon RDS for MySQL announces Extended Support minor 5.7.44-RDS.20250213Amazon Route 53 Traffic Flow introduces a new visual editor to improve DNS policy editingApplication Load Balancer announces integration with Amazon VPC IPAMAnnouncing the end of support for Node.js 14.x and 16.x in AWS CDKWatch the recordings from AWS Developer Day 2025How GoDaddy built a category generation system at scale with batch inference for Amazon BedrockFormula 1® unlocks the most competitive season yet with AWSSecure cloud innovation starts at re:Inforce 2025

Node.js начинался с невинного вопроса: «А что будет, если запустить Javascript вне браузера?». Несмотря на предубеждения и скепсис, отрицать бессмысленно – эксперимент удался, ведь миллионы разработчиков используют Node.js каждый день. Почему так вышло – разбираемся с Игорем Антоновым! Также ждем вас, ваши лайки, репосты и комменты в мессенджерах и соцсетях!
 Telegram-чат: https://t.me/podlodka Telegram-канал: https://t.me/podlodkanews Страница в Facebook: www.facebook.com/podlodkacast/ Twitter-аккаунт: https://twitter.com/PodlodkaPodcast Ведущие в выпуске: Женя Кателла, Катя Петрова Полезные ссылки: Блог «Про JavaScript и разработку» в телеграм — https://t.me/antonovjs Блог «Про JavaScript и разработку» в YouTube — https://www.youtube.com/@antonov_i

Paradigm introduces Stateless Reth. Summer of Protocols returns for its third cohort. And Ethereum Film announces its global release schedule. Read more: https://ethdaily.io/666

Guy Royse, dev advocate at Redis, discusses going beyond the cache with Redis and Node.js. He explores its capabilities as a memory-first database, session management, and even fun use cases like the Bigfoot Tracker API. He also shares insights on Redis OM for object mapping and its future in the JavaScript ecosystem. Links http://guyroyse.com http://github.com/guyroyse https://www.twitch.tv/guyroyse https://www.youtube.com/channel/UCNt5SDc6LosO41E77jr59cQ https://x.com/guyroyse https://www.linkedin.com/in/groyse https://2024.connect.tech/session/693665 We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Guy Royse.

Tänases Algorütmi episoodis on külas Juri Gavšin, kes töötab Bolti principal engineer'ina. Arutleme põhjalikult, miks Bolt valis oma süsteemide arenduseks just Node.js-i ning kuidas see tehnoloogia aitab neil edukalt skaleerida üle tuhande mikroteenuse. Juri jagab kogemusi, kuidas Node.js mõjutab nii meeskonna tööd, teenuste arhitektuuri kui ka kuluefektiivsust.Vestleme ka sellest, millised eelised ja väljakutsed kaasnevad mikroteenuste pideva uuendamise ja refaktoreerimisega ning kuidas Boltis toimub teenuste raamistiku ja Node.js versioonide haldus. Lisaks arutame, kuidas tiimid jälgivad oma teenuste kulusid ja optimeerivad ressursside kasutamist.-----Jaga meile enda jaoks olulisimat mõtet episoodist meie Discord kanalis: https://discord.gg/8X5JTkDxccEpisoodi veavad Priit Liivak ja Martin KappAlgorütmi toetavad Patchstack https://patchstack.comNortal https://nortal.com/Veriff https://www.veriff.com/

Доклады: Cian Ó Maidín | Welcome ( https://youtu.be/TXNklcdXtgI ) Ryan Dahl | Leveling up JavaScript ( https://youtu.be/f7OupG7NnGo ) Marco Ippolito | The path to native TypeScript ( https://youtu.be/4V9qwS--Ksg ) Yagiz Nizipli | Optimizing life and Node.js ( https://youtu.be/bKYG5oxIpC8 ) Aileen Villanueva Lecuona | Node.js ( https://youtu.be/W5QByzuhiI8 ) Michael Dawson | Node.js - What's new and what's next ( https://youtu.be/zDR9xoMKU8M ) Mikola Lysenko | AI powered malware hunting at scale ( https://youtu.be/cxJPiMwoIyY ) Isaac Schlueter | Building a faster package manager ( https://youtu.be/Z1zP6--rta4 ) Jean Burellier | Reviving Express: A challenging road for express 5.0 ( https://youtu.be/9qb6RPWVS4o ) Jonathan Frere | Cleaning up after yourself ( https://youtu.be/dzRGu7aSaLo ) Нас можно найти: 1. Telegram: https://t.me/proConf 2. Youtube: https://www.youtube.com/c/proconf 3. SoundCloud: https://soundcloud.com/proconf 4. Itunes: https://podcasts.apple.com/by/podcast/podcast-proconf/id1455023466 5. Spotify: https://open.spotify.com/show/77BSWwGavfnMKGIg5TDnLz

Explora cómo la programación puede transformar tu vida y abrirte oportunidades.

Episode 111: In this episode of Critical Thinking - Bug Bounty Podcast Justin interviews Kevin Mizu to showcase his knowledge regarding DOMPurify and its misconfigurations. We walk through some of Kevin's research, highlighting things like Dangerous allow-lists and URI Attributes, DOMPurify hooks, node manipulation, and DOM Clobbering.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!====== Resources ======Exploring the DOMPurify library: Bypasses and Fixes (1/2)https://mizu.re/post/exploring-the-dompurify-library-bypasses-and-fixesExploring the DOMPurify library: Hunting for Misconfigurations (2/2)https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurationsDom-Explorer toolhttps://yeswehack.github.io/Dom-Explorer/shared?id=772a440c-b0c2-4991-be71-3e271cf7954fCT Episode 61: A Hacker on Wall Street - JR0ch17https://www.criticalthinkingpodcast.io/episode-61-a-hacker-on-wall-street-jr0ch17/====== Timestamps ======(00:00:00) Introduction(00:01:44) Kevin Mizu - Background and Bring-a-bug(00:15:09) DOMPurify(00:29:04) Misconfigurations - Dangerous allow-lists(00:39:09) Dangerous URI attributes configuration(00:46:08) Bad usage(00:59:55) DOMPurify Hooks: before, after, and upon SanitizeAttribute(01:29:15) Node manipulation, nodeName namespace case confusion, & DOM Clobbering DOS(01:36:51) Misc concepts for future research

Node operators using Geth v1.15.1 are urgently advised to update. Blockscout introduces the OP Interop Explorer. Aztec announces cross-chain bridge grants. And stablecoin TVL on Ethereum reaches a new ATH. Read more: https://ethdaily.io/649

Podcasting 2.0 February 14th 2025 Episode 210: "Mothership Node" Adam & Dave discuss distributed indexing through philosophy ShowNotes We are LIT Chaptervising Bluecry Seventeenth Amendment to the United States Constitution - Wikipedia Kademlia, Explained - YouTube Fountain update Payments Podsage Words of Wisdom ------------------------------------- MKUltra chat Transcript Search What is Value4Value? - Read all about it at Value4Value.info V4V Stats

In this episode of the Modern Web Podcast, hosts Rob Ocel and Danny Thompson sit down with Mariano Cocirio, Staff Product Manager at Vercel, to discuss Fluid Compute, a new cloud computing model that blends the best of serverless scalability with traditional server efficiency. They explore the challenges of AI workloads in serverless environments, the high costs of idle time, and how Fluid Compute optimizes execution to reduce costs while maintaining performance. Mariano explains how this approach allows instances to handle multiple requests efficiently while still scaling to zero when not in use. The conversation also covers what developers need to consider when adopting this model, the impact on application architecture, and how to track efficiency gains using Vercel's observability tools.Is Fluid Compute the next step in the evolution of serverless? Is it redefining cloud infrastructure altogether?Keypoints Fluid Compute merges the best of servers and serverless – It combines the scalability of serverless with the efficiency and reusability of traditional servers, allowing instances to handle multiple requests while still scaling down to zero. AI workloads struggle with traditional serverless models – Serverless is optimized for quick, stateless functions, but AI models often require long processing times, leading to high costs for idle time. Fluid Compute solves this by dynamically managing resources. No major changes required for developers – Fluid Compute works like a standard Node or Python server, meaning developers don't need to change their code significantly. The only consideration is handling shared global state, similar to a traditional server environment. Significant cost savings and efficiency improvements – Vercel's observability tools show real-time reductions in compute costs, with some early adopters seeing up to 85% savings simply by enabling Fluid Compute.Chapters0:00 – Introduction and Guest Welcome1:08 – What is Fluid Compute? Overview and Key Features2:08 – Why Serverless Compute Struggles with AI Workloads4:00 – Fluid Compute: Combining Scalability and Efficiency6:04 – Cost Savings and Real-world Impact of Fluid Compute8:12 – Developer Experience and Implementation Considerations10:26 – Managing Global State and Concurrency in Fluid Compute13:09 – Observability Tools for Performance and Cost Monitoring20:01 – Long-running Instances and Post-operation Execution24:02 – Evolution of Compute Models: From Servers to Fluid Compute29:08 – The Future of Fluid Compute and Web Development30:15 – How to Enable Fluid Compute on Vercel32:04 – Closing Remarks and Guest Social Media InfoFollow Mariano Cocirio on Social Media:Twitter:https://x.com/mcocirioLinkedin:https://www.linkedin.com/in/mcocirio/Sponsored by This Dot:thisdot.co

Join Robby as he chats with Lorna Mitchell, open source advocate and technical writer, about the art of creating documentation that doesn't gather dust. Lorna shares her experiences as a maintainer of the open source project RST2PDF, the value of API governance, and how documentation bridges gaps in developer experience.Highlights:What Makes Software Maintainable: Characteristics like great documentation, automated tests, and onboarding ease.Documentation's Role in Long-Lived Software: Why it's crucial for internal tools and open source projects alike.Open Source in Practice: Lorna's journey with RST2PDF and adopting a tech stack she wasn't initially fluent in.API Governance Simplified: Lorna explains the four levels of API readiness and how teams can work toward more usable APIs.Writing Documentation for Engineers: How style guides can empower contributors without overwhelming them.Using Tools to Improve Documentation: From linters to prose-checking tools like Veil, Lorna discusses practical tips.Key Takeaways:[00:01:00] What makes software well-maintained: documentation, accessibility, and automated tests.[00:03:10] Why documentation isn't just for new users—Lorna's experience with revisiting her own open source projects.[00:06:30] Diving into rst2pdf: Challenges in maintaining an abandoned project.[00:13:45] Balancing ownership and transitioning open source projects to new maintainers.[00:15:30] What is OpenAPI, and how does API governance impact usability?[00:26:10] The art of concise yet helpful documentation for different audiences.[00:33:00] Using examples in APIs to enhance clarity and reduce confusion.[00:40:00] Tools for improving writing, from prose linters to markdown syntax checkers.Resources Mentioned:Lorna Mitchell's Websiterst2pdf ProjectSimon Willison's Post on One-Person ProjectsHow to Take Smart NotesOpenAPI SpecificationVeil Prose LinterFollow Lorna:GitHubIndieWebThanks to Our Sponsor!Turn hours of debugging into just minutes! AppSignal is a performance monitoring and error-tracking tool designed for Ruby, Elixir, Python, Node.js, Javascript, and other frameworks.It offers six powerful features with one simple interface, providing developers with real-time insights into the performance and health of web applications.Keep your coding cool and error-free, one line at a time! Use the code maintainable to get a 10% discount for your first year. Check them out! Subscribe to Maintainable on:Apple PodcastsSpotifyOr search "Maintainable" wherever you stream your podcasts.Keep up to date with the Maintainable Podcast by joining the newsletter.

This week we talk to Jeff Dickey, the creator of Mise, Usage, and Pitchfork. You might know him from his work on Oclif, a CLI framework for Node.js. With his latest tools he is focused on making development easier and faster. https://www.linkedin.com/in/jdxcode/ https://jdx.dev/ https://github.com/jdx/mise https://github.com/jdx/usage https://github.com/jdx/pitchfork https://github.com/oclif/oclif Apply to sponsor the podcast: https://devtools.fm/sponsor Become a paid subscriber our patreon, spotify, or apple podcasts for the ad-free episode. https://www.patreon.com/devtoolsfm https://podcasters.spotify.com/pod/show/devtoolsfm/subscribe https://podcasts.apple.com/us/podcast/devtools-fm/id1566647758 https://www.youtube.com/@devtoolsfm/membership

Episode SummaryIn this episode of Maintainable, Robby sits down with Carola Lilienthal, Software Architect and Managing Director at WPS. Together, they explore the intersection of cognitive science and software architecture, strategies for tackling technical debt, and why simplicity, modularity, and domain knowledge are crucial for maintainability.Carola shares her approach to improving legacy systems, fostering domain-driven development, and introducing sustainable patterns into software design. She also discusses the Modularity Maturity Index (MMI), a tool her team has used to assess and improve over 300 systems.Topics Covered[00:00:43] What makes software maintainable?[00:01:24] The importance of clear structure, modularity, and simplicity in software.[00:02:38] How patterns help reduce complexity and onboard developers faster.[00:04:42] Addressing the challenges of systems with mixed architectural patterns.[00:06:20] Strategies for fostering creativity while maintaining simplicity.[00:07:05] How to guide teams to balance technical experimentation and maintainability.[00:14:03] Practical techniques for documenting architecture and decisions.[00:16:17] What is the Modularity Maturity Index (MMI), and how does it measure system health?[00:18:02] Common mistakes in managing technical debt and how to avoid them.[00:21:20] Why domain knowledge is essential for innovation and problem-solving.[00:33:03] Evolving legacy systems with domain-driven design and transformation.Key TakeawaysModularity matters: Simplified, modular systems with high cohesion and loose coupling reduce cognitive load and technical debt.Patterns as a shared language: Establishing a pattern language within your team creates consistency and eases onboarding.Cognitive science in software: Architecture aligned with how our brains process complexity results in more maintainable systems.Domain knowledge drives innovation: Teams should focus their creativity on solving domain-specific problems, not over-complicating the architecture.The value of architecture documentation: Keeping clear decision records helps teams navigate legacy code and onboard new developers.Resources MentionedCarola's LinkedInWPS WebsiteCarola's books:Sustainable Software ArchitectureDomain-Driven Transformation (English version coming soon)Modularity Maturity Index OverviewBooks Carola recommends:Reinventing Organizations by Frédéric LalouxTeam Topologies by Matthew Skelton and Manuel PaisBe sure to follow Carola on LinkedIn and X.Thanks to Our Sponsor!Turn hours of debugging into just minutes! AppSignal is a performance monitoring and error-tracking tool designed for Ruby, Elixir, Python, Node.js, Javascript, and other frameworks.It offers six powerful features with one simple interface, providing developers with real-time insights into the performance and health of web applications.Keep your coding cool and error-free, one line at a time! Use the code maintainable to get a 10% discount for your first year. Check them out! Subscribe to Maintainable on:Apple PodcastsSpotifyOr search "Maintainable" wherever you stream your podcasts.Keep up to date with the Maintainable Podcast by joining the newsletter.

Scott and Wes explore the experimental world of running TypeScript in Node, breaking down the differences between type stripping and compiling. They cover the pros, cons, and quirks of the current implementation, plus explore tools like tsx, ts-node, and even alternatives like Deno. Show Notes 00:00 Welcome to Syntax! 00:41 Brought to you by Sentry.io. 01:29 Running TypeScript in Node. 01:45 Experimental Type Stripping. 03:17 TypeScript refresher. 04:05 TypeScript can be compiled and/or Type Stripped. 05:09 Current Node implementation is only type stripping. 05:40 Limitations of no compiling. 05:57 Enums. 08:30 Other issues. 08:35 Parameter properties. 09:20 Experimental transform types. 10:01 Importing types with type keyword. 11:17 No need for sourcemaps. 11:42 No dependencies. 13:08 Other tools. 13:25 tsx. 14:28 ts-node. 14:44 JSDoc. 16:30 Deno and Bun. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

Today, Microsoft Patch Tuesday headlines our news with Microsoft patching 209 vulnerabilities, some of which have already been exploited. Fortinet suspects a so far unpatched Node.js authentication bypass to be behind some recent exploits of FortiOS and FortiProxy devices. Microsoft January 2025 Patch Tuesday This month's Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days. https://isc.sans.edu/diary/rss/31590 Fortinet Security Advisory FG-IR-24-535 CVE-2024-55591 An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. https://fortiguard.fortinet.com/psirt/FG-IR-24-535 PRTG Network Monitor Update: Update for an already exploited XSS vulnerability in Paesler PRTG Network Monitor CVE-2024-12833 https://www.paessler.com/prtg/history/stable

Heroku is a cloud platform-as-a-service that enables developers to build, deploy, and manage applications. It was founded in 2007 and was acquired by Salesforce in 2010. The platform supports multiple programming languages, including Ruby, Python, Node.js, and Java, and has features such as automated scaling, database monitoring tools, and a streamlined deployment workflow. Vish Abrams The post Heroku and the Twelve-Factor App with Vish Abrams appeared first on Software Engineering Daily.

Deno is a free and open source JavaScript runtime built on Google's V8 engine, Rust, and Tokio. It's designed to offer a more secure and standardized alternative to Node.js, with native TypeScript support. Deno 2.0 just released and it's a significant update, focusing on improved compatibility with Node.js and addressing developer feedback. Some of the The post Deno 2.0 with Luca Casonato appeared first on Software Engineering Daily.