Podcasts about Red Hat

American software company owned by IBM providing open-source software products to enterprises

  • 1,390PODCASTS
  • 4,490EPISODES
  • 41mAVG DURATION
  • 1DAILY NEW EPISODE
  • Jul 1, 2025LATEST
Red Hat

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about Red Hat

Show all podcasts related to red hat

Latest podcast episodes about Red Hat

The Lunduke Journal of Technology
Red Hat Says: Wayland is Perfect, It's Your Software That's Broken

The Lunduke Journal of Technology

Play Episode Listen Later Jul 1, 2025 12:11


"Applications being broken and not conforming to what Wayland requires isn't an issue with Wayland, it's an issue with applications," says Red Hat engineer. More from The Lunduke Journal: https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe

Musings of a Middle Aged Man
Big Brother in a Red Hat

Musings of a Middle Aged Man

Play Episode Listen Later Jun 24, 2025 3:52


If you had told me the seminal book 1984 by George Orwell, I read decades ago, was a prognosticator rather than a theoretical dissertation based on historical realities, I would have laughed in your face while keeping my fingers crossed that we as a society, learned enough from experience with the totalitarian regimes of Hitler, Mao, Mussolini, and others to never slide down that vile rabbit hole again. Still, I was not overly surprised when tRump beat one of the most despised women in the country to become the 45th US president. Disappointed in the American people, but not overly surprised at their lack of compassion for the less fortunate, exacerbated by a dearth of critical thinking skills.

De Nederlandse Kubernetes Podcast
#99 The Hidden Cost of Doing Nothing: Hunting Cloud Zombies

De Nederlandse Kubernetes Podcast

Play Episode Listen Later Jun 24, 2025 34:00


In this episode, we speak with Holly Cummins, Principal Software Engineer at Red Hat, recorded live at KubeCon + CloudNativeCon 2025 in London. With a background in quantum physics and years of experience in enterprise software, Holly has a unique talent for making complex topics easy to understand.We discuss her talk “Zombie Hunting for Kubernetes Users,” where she highlights servers and workloads that quietly consume energy while doing no useful work. Holly explains that waste in our infrastructure is often easier to solve than we think. With simple automation, time-bound resources, or tools like Dailyclean, it's possible to make an impact without large investments.We also dive into the world of Java in Kubernetes—why Java was never designed for containers and how Quarkus is changing that. Holly explains how Quarkus addresses Java's traditional weaknesses with faster startup times, dramatically lower memory usage, and significantly better cloud cost-efficiency.We wrap up with a look at the future of Kubernetes and AI. How can AI help clean up our infrastructure? And what does the rise of stateful AI workloads mean for an ecosystem built around stateless microservices?-------------In deze aflevering spreken we met Holly Cummins, Principal Software Engineer bij Red Hat, tijdens KubeCon + CloudNativeCon 2025 in Londen. Holly combineert een achtergrond in kwantumfysica met jarenlange ervaring in enterprise software, en weet als geen ander complexe onderwerpen helder uit te leggen.We hebben het over haar talk “Zombie Hunting for Kubernetes Users”, waarin ze vertelt over servers en workloads die ongemerkt energie verbruiken zonder nog werk te doen. Holly laat zien dat verspilling in onze infrastructuur vaak makkelijker op te lossen is dan we denken. Door simpele automatisering, tijdsgebonden resources of tools als Dailyclean kun je zonder grote investeringen al impact maken.Daarnaast duiken we in de wereld van Java in Kubernetes: waarom Java oorspronkelijk totaal niet was ingericht op containeromgevingen en hoe Quarkus daar verandering in brengt. Holly legt uit hoe Quarkus de traditionele zwakke plekken van Java aanpakt, met snellere opstarttijden, een veel kleiner geheugenverbruik én betere cloudkosten.We sluiten af met een blik op de toekomst van Kubernetes en AI. Hoe kunnen we AI inzetten voor het opschonen van onze infrastructuur? En wat betekent de opkomst van stateful AI-workloads voor een ecosysteem dat jarenlang draaide om stateless microservices?Stuur ons een bericht.Dutch Cloud Native Day 2025Koop je tickets met kortingscode: Community30 en ontvang 30% korting! https://acc-ict.com/liveSupport the showLike and subscribe! It helps out a lot.You can also find us on:De Nederlandse Kubernetes Podcast - YouTubeNederlandse Kubernetes Podcast (@k8spodcast.nl) | TikTokDe Nederlandse Kubernetes PodcastWhere can you meet us:EventsThis Podcast is powered by:ACC ICT - IT-Continuïteit voor Bedrijfskritische Applicaties | ACC ICT

The FIT4PRIVACY Podcast - For those who care about privacy
CISO Role In Age of AI with Nick Shevelyov and Punit Bhatia in the FIT4PRIVACY Podcast E141 S06

The FIT4PRIVACY Podcast - For those who care about privacy

Play Episode Listen Later Jun 19, 2025 30:23


In the AI era, trust is everything and it's under attack. How do you build digital trust when AI is changing the rules and attackers are getting smarter? Discover how today's CISOs are stepping up, adapting to AI risks, and learning from history to protect our digital future. In this episode of the Fit4Privacy Podcast, host Punit Bhatia is joined by Nick Shevelyov, a cybersecurity expert with extensive experience as a CISO and Chief Privacy Officer, and author of Cyber War and Peace. The discussion focuses on the evolving challenges for Chief Information Security Officers (CISOs) in the age of AI, highlighting risks such as deep fakes and hyper-targeted attacks. Nick emphasizes the importance of translating technical risks into business risks for board members and discusses the implications of new AI legislation, particularly California's SB 468.  Tune in to gain insights into managing digital trust, safeguarding personal data, and the strategic initiatives needed to combat emerging cybersecurity threats.  KEY CONVERSION POINT 00:01:50 How would you define the concept of trust 00:05:26 How do you place trust? How are they shifting? What kind of swans? 00:09:06 How are CISO coping with the change of AI era? 00:20:01 Insights in CISO Perspective for US/California direction in law of terms 00:23:06 About “Cyber War…and Peace: Building Digital Trust Today, with History as our Guide” book 00:27:50 How to get in touch with Nick   ABOUT GUEST Nick Shevelyov helps build next-gen tech companies from the ideation stage. His work includes StackRox (Kubernetes security, acquired by Red Hat for $400M), Kodem (software composition analysis, Greylock Series A), Bedrock Security (data-loss prevention, Greylock Series A), and Laminar (shadow data discovery, Insight Ventures Series A).He advises founders and CEOs on product and go-to-market strategy, boosting time-to-value for companies like Pixee.ai, Quokka.io, Boostsecurity.io, and ETZ. He works across all stages, from seed to IPO.Nick consults with Insight Partners (also an LP) and FTV Capital, and serves on advisory boards for ForgePoint Capital, Mayfield Fund, Evolution Equity Partners, NightDragon, YL Ventures, and Glynn Capital.He is on the boards of Cofense | Phishme and the Bay Area CSO Council (BACC), an invite-only group of CISOs from leading Bay Area companies. A former CIO, he is also an honorary member of the Blumberg Technology Council.Nick authored Cyber War…and Peace and brings historical and behavioral insights to tech and risk management. He holds an Executive MBA from USF and certifications from Stanford, Harvard, plus CISSP, CISM, and CIPPE.ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.  RESOURCES Websites: www.fit4privacy.com,www.punitbhatia.com,https://www.linkedin.com/in/nicholasshevelyov/, https://vcso.ai/   Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy   

The Lunduke Journal of Technology
Phoronix Suggests Open Source Projects Should be Controlled by Big Tech

The Lunduke Journal of Technology

Play Episode Listen Later Jun 19, 2025 16:59


Phoronix spent the last few years praising the X11Libre developer. Now that Red Hat has decided that dev (and project) is evil, Phoronix is now attacking it. More from The Lunduke Journal: https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe

PolySécure Podcast
Teknik - Living Off the Pipeline - From Supply Chain 0-Days to Predicting the next XZ-like attacks - Parce que... c'est l'épisode 0x602!

PolySécure Podcast

Play Episode Listen Later Jun 18, 2025 34:52


Parce que… c'est l'épisode 0x602! Shameless plug 27 et 29 juin 2025 - LeHACK 12 au 17 octobre 2025 - Objective by the sea v8 10 au 12 novembre 2025 - IAQ - Le Rendez-vous IA Québec 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2065 Description Introduction et contexte François Proulx fait son retour pour présenter l'évolution de ses recherches sur la sécurité des chaînes d'approvisionnement (supply chain) depuis sa présentation de l'année précédente. Ses travaux portent sur la détection de vulnérabilités dans les pipelines de construction (build pipelines) des projets open source, un sujet qui avait suscité beaucoup d'intérêt suite à l'incident XZ Utils. Évolution de la méthodologie de recherche Depuis l'année dernière, l'équipe de François a considérablement amélioré ses outils et sa stratégie de détection. Plutôt que de scanner massivement tous les dépôts disponibles, ils ont adopté une approche plus ciblée en se concentrant sur des entités majeures comme Google, Red Hat, Nvidia et Microsoft. Ces organisations sont des contributeurs importants de projets open source critiques et bien maintenus. Cette nouvelle approche leur permet de découvrir des centaines d'organisations GitHub par entité, chacune contenant parfois des milliers de dépôts. L'objectif reste le même : détecter des vulnérabilités zero-day dans les build pipelines qui permettent de compiler, tester et distribuer les projets open source, notamment via GitHub Actions. La problématique fondamentale des CI/CD François présente une analogie frappante pour expliquer la dangerosité des systèmes d'intégration continue : “un CI/CD, c'est juste du RCE as a service” (Remote Code Execution as a Service). Ces systèmes sont des applications web qui attendent de recevoir des déclencheurs sur une interface publique accessible via Internet. Dans le cas de GitHub Actions, il suffit d'ouvrir une pull request pour déclencher automatiquement l'exécution de tests. Cette situation rappelle les vulnérabilités des années 1990-2000 avec les débordements de pointeurs. François utilise une formule percutante : “les build pipelines ressemblent à une application PHP moyenne de 2005 en termes de codage sécurisé”. Cette comparaison souligne que malgré les décennies d'évolution en sécurité informatique, les mêmes erreurs fondamentales se répètent dans de nouveaux contextes. Les mécanismes d'exploitation Les vulnérabilités exploitent principalement les entrées non fiables (untrusted input) provenant des pull requests. Même les brouillons de contributions peuvent déclencher automatiquement l'exécution de tests avant qu'un mainteneur soit notifié. Le problème s'aggrave quand les pipelines nécessitent des secrets pour communiquer avec des systèmes externes (notifications Slack, télémétrie, etc.). Par défaut, GitHub Actions hérite parfois d'anciennes permissions en lecture-écriture, ce qui permet aux tests d'avoir accès à un token avec des droits d'écriture sur le dépôt. Cette configuration peut permettre à un attaquant d'écrire dans le dépôt de manière non visible. Résultats impressionnants des analyses L'équipe a considérablement affiné ses outils de détection. À partir de 200 000 résultats initiaux, ils appliquent des règles plus précises pour identifier environ 10 000 cas intéressants. Ces règles valident non seulement la présence de vulnérabilités, mais aussi les critères d'exploitation et la présence de secrets exploitables. Après validation manuelle, environ 25% de ces 10 000 cas s'avèrent facilement exploitables. Ces chiffres démontrent l'ampleur du problème dans l'écosystème open source, même en reconnaissant l'existence probable de nombreux faux négatifs. Cas concrets : Google et les régressions François rapporte avoir découvert des vulnérabilités dans 22 dépôts appartenant à Google, notamment dans un projet lié à Google Cloud (probablement Data Flow). Après avoir signalé et reçu une récompense pour la correction, une régression est survenue une semaine plus tard dans le même workflow, leur valant une seconde récompense. Cette situation illustre un problème récurrent : même les grandes organisations comme Google peuvent reproduire les mêmes erreurs après correction, souvent par méconnaissance des mécanismes sous-jacents de ces nouvelles techniques d'exploitation. L'affaire Ultralytics : un cas d'école L'incident le plus marquant concerne la bibliothèque Python Ultralytics, très populaire pour la détection d'images par apprentissage automatique. En août, l'équipe avait détecté une vulnérabilité dans ce projet mais s'était concentrée sur les découvertes chez Google, négligeant de signaler cette faille. En décembre, Ultralytics a été compromis par l'injection d'un crypto-mineur, exploitant précisément la vulnérabilité identifiée quatre mois plus tôt. Cette attaque était particulièrement ingénieuse car elle ciblait des environnements avec des GPU puissants (utilisés pour le machine learning), parfaits pour le minage de cryptomonnaies, tout en restant discrète dans un contexte où une forte consommation GPU est normale. Pivot vers la détection proactive Cet incident a motivé un changement stratégique majeur : passer de la simple détection de vulnérabilités à la détection proactive d'exploitations en cours. L'équipe ingère désormais le “firehose” des événements publics GitHub, soit environ 5,5 millions d'événements quotidiens. Après filtrage sur les projets critiques avec des build pipelines, ils analysent environ 500 000 événements intéressants par jour. En appliquant leurs analyses sophistiquées et en croisant avec leurs connaissances des vulnérabilités, ils obtiennent environ 45 événements suspects à investiguer quotidiennement. Validation forensique avec Kong Cette nouvelle approche s'est rapidement avérée efficace. Pendant les vacances de Noël, leur système a continué d'ingérer les données automatiquement. Au retour, l'incident Kong (un contrôleur Ingress pour Kubernetes) leur a permis de créer une timeline forensique détaillée grâce aux données accumulées pendant leur absence. Découverte sur les forums cybercriminels La collaboration avec Flare, spécialisée dans l'analyse du dark web, a révélé des informations troublantes. En recherchant “Ultralytics” sur Breach Forum avec un filtrage temporel précis, François a découvert qu'un utilisateur avait créé un compte 24 heures avant l'attaque, publié exactement la vulnérabilité du pipeline Ultralytics en mentionnant l'utilisation de “Poutine” (leur outil), puis confirmé 24 heures après l'exploitation avoir gagné des Monero grâce à cette attaque. Cette découverte confirme que les cybercriminels utilisent activement les outils de recherche en sécurité pour identifier et exploiter des vulnérabilités, transformant ces outils défensifs en armes offensives. Implications et recommandations Cette situation soulève des questions importantes sur la responsabilité des chercheurs en sécurité. François insiste sur le fait que Poutine, leur outil de détection, devrait devenir le minimum absolu pour tout projet open source. Il compare cette nécessité à l'interdiction d'avoir des dépôts Git pour ceux qui n'implementent pas ces vérifications de base. L'analogie avec PHP 2005 reste pertinente : il a fallu des années pour que la communauté PHP matûrisse ses pratiques de sécurité. Les build pipelines traversent actuellement la même phase d'évolution, avec des erreurs fondamentales répétées massivement dans l'écosystème. Défis techniques et limites François reconnaît honnêtement les limitations de leur approche. Leur système ne détecte que les attaques les moins sophistiquées - des “low hanging fruits”. Des attaques complexes comme celle de XZ Utils ne seraient probablement pas détectées par leurs outils actuels, car elles sont trop bien camouflées. Le défi principal reste de filtrer efficacement le bruit dans les millions d'événements quotidiens pour obtenir un nombre d'alertes gérable par une petite équipe d'analystes. Ils reconnaissent que la majorité des incidents leur échappe probablement encore. Perspective d'avenir François exprime l'espoir que la maturation de l'écosystème des build pipelines sera plus rapide que les 20 ans qu'il a fallu pour sécuriser PHP. Leur travail de pionnier contribue à cette évolution en sensibilisant la communauté et en fournissant des outils concrets. L'angle d'analyse des build pipelines est particulièrement pertinent car il se situe à la croisée des chemins entre le code source et sa distribution, avec des possibilités d'exécution de code qui en font un point critique de la chaîne d'approvisionnement logicielle. Cette présentation illustre parfaitement l'évolution rapide des menaces dans l'écosystème open source moderne et la nécessité d'une vigilance constante pour sécuriser les infrastructures critiques dont dépend l'ensemble de l'industrie logicielle. Notes François Proulx Collaborateurs Nicolas-Loïc Fortin François Proulx Crédits Montage par Intrasecure inc Locaux réels par Northsec

The Lunduke Journal of Technology
Fedora Silences Support for Xorg Fork, But Other Distros Voice Support

The Lunduke Journal of Technology

Play Episode Listen Later Jun 18, 2025 30:12


Red Hat does not want you to know that X Windows still exists, but Devuan & OpenMandriva support X11Libre. Plus: KiCad dev shares why Wayland is not ready. More from The Lunduke Journal: https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe

That Tech Pod
Helping SMBs Cut Through the AI Noise with Alex Heublein

That Tech Pod

Play Episode Listen Later Jun 17, 2025 32:23


On this episode of That Tech Pod, Laura and Kevin chat with Alex Heublein, President of Culture and Innovation at Netsurit, about what it actually takes for small and midsize businesses to modernize their tech without getting overwhelmed. Alex has spent time at major companies like IBM and Oracle, but he makes it clear why working with SMBs is often more rewarding: they're nimble, adaptable, and ready to try new things, as long as those things make sense.They dig into Netsurit's approach to “Innovate as a Service,” a subscription-style model built around co-innovation, outcomes, and a mindset shift from traditional consulting. Alex also shares his framework for helping clients navigate the noise around AI, how to pick the right use cases, and why some businesses are better off waiting before diving in.The conversation touches on everything from AI ethics and return on investment to why culture and tech have to evolve together. Plus, there's a lighthearted trivia round on the inventors behind the internet, some talk about the future of augmented reality glasses, and a few laughs along the way. If you've ever wondered how to actually apply AI without just chasing trends, or what makes an IT partner worth working with, this one's worth a listen.Alex Heublein is the President of Culture and Innovation at Netsurit, where he focuses on helping small and midsize businesses navigate digital transformation, cybersecurity, and operational growth through practical, forward-thinking technology solutions. With a strong background in both business strategy and technical leadership, Alex has held senior executive roles at major tech companies including IBM, HP, Oracle, and Red Hat. His experience spans innovation strategy, IT modernization, cloud services, and organizational culture development. At Netsurit, he leads efforts to blend culture with technology, ensuring that companies not only adopt new tools but also build the internal mindset and processes to make them work.

Scale Your Sales Podcast
#287 Laura Erdem - Pipeline Optimization and Content Strategy for Revenue Leaders

Scale Your Sales Podcast

Play Episode Listen Later Jun 16, 2025 35:26


In this weeks' Scale Your Sales Podcast episode, my guest is Laura Erdem.   Laura is a sales manager with a flavour for marketing. Joined a Dreamdata startup almost 5 years ago after a long sales career in Enterprise companies like Gartner and Red Hat. Recently moved with the family from Copenhagen to New York to continue the Dreamdata company growth in the US.   In today's episode of Scale Your Sales podcast, Laura shares how data-driven strategies and precise audience tracking can bridge the persistent gap between sales and marketing. She explore the modern B2B buying journey, where buyers often engage with marketing content long before speaking to sales. Laura explains how DreamData helps revenue teams track every touchpoint, optimize spend, and measure pipeline impact. Discussing the evolving profile of today's successful salesperson, the enduring power of content, and how aligned teams drive sustainable growth—even in tough markets.   Welcome to Scale Your Sales Podcast, Laura Erdem.     Timestamps: 00:00 Building Measurable Sales Impact 05:10 Effective Social Selling Strategies 08:21 Challenge: Effective Marketing Tracking 09:52 Optimizing Marketing and Sales Alignment 14:44 Marketing Strategy: Data vs. Gut Feeling 17:21 Prospect Questions Drive Content Creation 21:09 Optimizing Sales Metrics Effectively 25:16 Rethinking Sales: Seniority & Diversity 27:01 Introverts Succeed in Sales 29:39 Data-Driven Recruitment Strategy 33:12 Prioritize Quality Content     https://www.linkedin.com/in/lerdem/     Janice B Gordon is the award-winning Customer Growth Expert and Scale Your Sales Framework founder. She is by LinkedIn Sales 15 Innovating Sales Influencers to Follow 2021, the Top 50 Global Thought Leaders and Influencers on Customer Experience Nov 2020 and 150 Women B2B Thought Leaders You Should Follow in 2021. Janice helps companies worldwide to reimagine revenue growth thought customer experience and sales.   Book Janice to speak virtually at your next event: https://janicebgordon.com LinkedIn: https://www.linkedin.com/janice-b-gordon/ Twitter: https://twitter.com/JaniceBGordon Scale Your Sales Podcast: https://scaleyoursales.co.uk/podcast More on the blog: https://scaleyoursales.co.uk/blog Instagram: https://www.instagram.com/janicebgordon Facebook: https://www.facebook.com/ScaleYourSales And more!   Visit our podcast website https://scaleyoursales.co.uk/podcast/ to watch or listen.

Tech Lead Journal
#220 - From Hibernate to Quarkus: Modernizing Java for Cloud-Native - Sanne Grinovero

Tech Lead Journal

Play Episode Listen Later Jun 16, 2025 75:06


In this special in-person episode, Sanne Grinovero shares the story of Java's evolution from his unique perspective as a long-time open-source contributor. He shares his 16-year career journey at Red Hat, highlighting his amazing work on key projects like Hibernate, Infinispan, and especially the creation of Quarkus. His career trajectory, from a student who initially disliked Java's complexity to a leading figure in its modernization, shows the transformative power of open source.A key part of the conversation focuses on how technical challenges spark innovation. Sanne explains how the task of making the popular Hibernate framework compatible with GraalVM's limitations led directly to the birth of Quarkus. This journey tells the bigger story of how Java adapted for cloud-native development, ensuring it continues to be a top choice for developers seeking high performance and a great developer experience.  Timestamps:(00:00:00) Trailer & Intro(00:02:16) Career Turning Points(00:04:52) Winning an Innovation Award(00:06:35) Java Heroes(00:08:04) Working as a Consultant(00:09:56) Taking a Massive Pay Cut to Work on Open Source(00:10:59) Contributing to Big Open Source as a Youngster(00:12:53) State of Hibernate Project(00:15:15) Spring Boot(00:16:54) Making Hibernate Work on GraalVM(00:21:05) GraalVM Limitations for Running Hibernate(00:26:09) Java for Cloud Native Application(00:28:04) Quarkus vs Spring Boot(00:33:21) JRebel & Quarkus(00:34:35) Java vs New Programming Languages(00:39:22) The ORM Dilemma(00:42:38) Some Hibernate Design Pattern Tips(00:46:40) Getting Paid Working on Open Source(00:48:41) Hibernate License Change(00:51:05) Intellectual Property & Meaningful Contributions(00:52:52) AI Usage & Copyright in Open Source(00:55:21) Biggest Challenge Working in a Big Open Source(00:56:08) Politics in Open Source(00:58:32) Security Risks in Open Source(01:02:25) Donating Hibernate to Commonhaus Foundation(01:04:49) The Future of Red Hat(01:06:39) 3 Tech Lead Wisdom_____Sanne Grinovero's BioSanne Grinovero has been a member of the Hibernate team for 10 years; today he leads this project in his role of Sr. Principal Software Engineer at Red Hat, while also working on Quarkus as a founding R&D engineer.Deeply interested in solving performance and concurrency challenges around data access, scalability, and exploring integration with new storage technologies, distributed systems and search engines.Working on Hibernate features led him to contribute to related open source technologies; most notably to Apache Lucene and Elasticsearch, Infinispan and JGroups, ANTLR, WildFly, various JDBC drivers, the OpenJDK and more recently getting interested in GraalVM.After being challenged to reduce memory consumption and improve bootstrap times of Hibernate, Sanne worked as part of a small R&D team at Red Hat on some ideas which have evolved into what is known today as Quarkus.Follow Sanne:LinkedIn – linkedin.com/in/sannegrinoveroTwitter – twitter.com/SanneGrinoveroGitHub – github.com/sanneLike this episode?Show notes & transcript: techleadjournal.dev/episodes/220.Follow @techleadjournal on LinkedIn, Twitter, and Instagram.Buy me a coffee or become a patron.

LINUX Unplugged
619: The Trouble with TUIs

LINUX Unplugged

Play Episode Listen Later Jun 15, 2025 72:56 Transcription Available


We spent the week learning keybindings, installing dependencies, and cramming for bonus points. Today, we score up and see how we did in the TUI Challenge.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Unraid: A powerful, easy operating system for servers and storage. Maximize your hardware with unmatched flexibility. Support LINUX UnpluggedLinks:

Feds At The Edge by FedInsider
Ep. 204 Harnessing Automation to Reach Zero Trust

Feds At The Edge by FedInsider

Play Episode Listen Later Jun 12, 2025 56:39


Everyone knows automation is powerful, but it's also a double-edged sword.   This week on Feds At The Edge, we speak with cybersecurity experts who share how to securely align automation with Zero Trust principles. We spend the hour diving to importance of shared responsibility models, protecting critical surfaces, and using automation to enhance observability and control, especially in cloud environments.  Michael Hardee, Chief Architect for Red Hat, shares insights on how automation can reduce social engineering risks by eliminating human override. While Don Yeske, Director, National Security Cyber Division at DHS, highlights how AI can uncover vulnerabilities in outdated enterprise architectures, including a recent zero-day attack.  Both experts emphasize the “human-in-the-loop" approach, agreeing that automation should augment, not replace, human insight. As Michael Hardee reminds us, “automation is not a license for us to check out.”   Tune in on your favorite podcast platform today!         

The Lunduke Journal of Technology
Open Source People are Fighting to Kill Open Source Projects

The Lunduke Journal of Technology

Play Episode Listen Later Jun 12, 2025 12:42


A large portion of the people in "Open Source" -- including Red Hat -- have been moving, rather dramatically, away from some of the core ideals of "Open Source". More from The Lunduke Journal: https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe

Let's Talk About (Secur)IT
Distribution, Cybersecurity, and Tech Evolution - A Talk with Phillip Privett

Let's Talk About (Secur)IT

Play Episode Listen Later Jun 11, 2025 50:34


In this episode of Secure It, we're joined by Phillip Privett, Senior Vice President of Vendor Management at TD SYNNEX, where he oversees strategic sales and business development for North America's Advanced Solutions portfolio and manages the North American IBM and Red Hat executive relationships.With over three decades of industry experience, Phillip offers a deep dive into the transformation of IT distribution—from traditional logistics to sophisticated solution orchestration. He shares timely insights on the growing influence of AI in data management, the urgent need for cyber resilience, and the looming implications of quantum computing.Whether you're an IT professional, a VP of vendor management, or simply curious about the future of cybersecurity and enterprise tech, this conversation is packed with expert perspectives and actionable foresight

The Lunduke Journal of Technology
Ubuntu & GNOME Drop Xorg Following Xorg Fork Announcement

The Lunduke Journal of Technology

Play Episode Listen Later Jun 11, 2025 15:00


On June 5th, XLibre (Xorg fork) was announced. Red Hat immediately worked to suppress it. 3 days later, GNOME dropped Xorg. 2 days after that, Ubuntu Xorg as well. More from The Lunduke Journal: https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe

Notícia no Seu Tempo
Podcast Red Hat #40: IA e Open Source, caminho aberto para a evolução

Notícia no Seu Tempo

Play Episode Listen Later Jun 10, 2025 17:29


Segundo dados da McKinsey, a adoção de IA por empresas já atinge um total de 72% das corporações em 2024. A Inteligência Artificial, especialmente nos modelos generativos, deve continuar crescendo – e levando benefícios indiscutíveis ao dia a dia dos negócios. Mas também há algumas facetas nebulosas, como regulamentações pouco claras sobre dados confidenciais e dúvidas sobre o uso de informações externas, como as de terceiros. Neste novo episódio do podcast, a country manager para o Brasil na Red Hat, Sandra Vaz, fala sobre como o Open Source é capaz de democratizar o acesso à IA, construindo as bases para aplicações mais seguras e sustentáveis. Ela fala ainda sobre o impacto das ferramentas Open no avanço da Inteligência Artificial no País. A apresentação é de Daniel GonzalesSee omnystudio.com/listener for privacy information.

The Lunduke Journal of Technology
Red Hat & FreeDesktop Go Into Mass Censorship Mode over Xorg Fork, Bans Dev

The Lunduke Journal of Technology

Play Episode Listen Later Jun 9, 2025 12:37


Immediately following news of the Xorg fork (Libre), the developer was banned by FreeDesktop and Red Hat mass closed hundreds of past Xorg merge requests. More from The Lunduke Journal: https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe

LINUX Unplugged
618: TUI Challenge Kickoff

LINUX Unplugged

Play Episode Listen Later Jun 8, 2025 70:23 Transcription Available


Our terminal apps are loaded, the goals are set, but we're already hitting a few snags. The TUI Challenge begins...Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Unraid: A powerful, easy operating system for servers and storage. Maximize your hardware with unmatched flexibility. Support LINUX UnpluggedLinks:

Drop In CEO
Ryan Carey: Why Video Presence Matters for CEOs

Drop In CEO

Play Episode Listen Later Jun 6, 2025 33:59


In this episode of the Drop In CEO podcast Ryan Carey, CEO of BetterOn, a company that helps leaders build authentic video presence. Ryan shares his journey from being on YouTube's early team to founding BetterOn, emphasizing the importance of self-awareness and authentic connection in leadership. He discusses the transformative power of video presence and how it can enhance professional influence and personal confidence. Deb and Ryan also delve into the process of self-reflection, the psychological impact of seeing oneself on camera, and the broader implications for corporate and personal growth. This insightful conversation offers valuable guidance for C-Suite leaders and entrepreneurs looking to elevate their communication skills and connect more effectively with their audiences. Episode Highlights: 02:44 Ryan's Journey with YouTube 05:00 The Birth of BetterOn 07:10 The Power of Authentic Presence 11:17 Transformative Client Stories 22:24 The Importance of Professional Presence Ryan Carey is the CEO behind BetterOn, a company dedicated to helping leaders and professionals build authentic presence on video, in person, and across workplaces. A pioneer in the video space, he was one of YouTube’s earliest team members, witnessing firsthand the platform’s explosive growth and transformative power. After his own journey as a YouTube content creator, Ryan launched BetterOn in 2014, combining his unique insights into video with a mission to elevate workplace communication. Forward thinking companies like Google, IBM, Deloitte, and Red Hat use BetterOn to invest in their high potential people. Connect with Ryan Carey: Company Website: www.betteron.com Ryan’s Linkedin: https://www.linkedin.com/in/ryancarey/ For More Insights from The Drop In CEO:

Audio News
RED HAT ACELERA EL DESARROLLO DE APLICACIONES

Audio News

Play Episode Listen Later Jun 6, 2025 3:28


Ante los crecientes desafíos de complejidad, escalabilidad y velocidad de entrega que enfrentan los equipos de desarrollo, Red Hat Advanced Developer Suite se posiciona como una solución estratégica que reúne herramientas clave para facilitar el diseño, desarrollo, prueba, implementación y gestión de aplicaciones en Kubernetes y Red Hat OpenShift.

Ask Noah Show
Ask Noah Show 444

Ask Noah Show

Play Episode Listen Later Jun 4, 2025 58:36


Akash Srivastava & Mairin “Mo” Duffy join the Ask Noah Show to talk about Red Hat's approach to AI models. -- During The Show -- 00:45 Intro Talking about christmas gifts Presentation season Christmas time 03:30 Communicating Technical Things Who are you talking to Willingness to learn Knowledge for Knowledge sake Steve's process for teaching We all compare to things we know Building vocabulary How to know an idea isn't landing What do you aim for time wise 10:28 Red Hat Granite Models Small Language Model Language and Code Model Indemnify the Model What is an Open Source Model? Models are not software Weights Why smaller models for enterprise use? Tuning models Why monolithic vs agentic AI? Is it better to train your own model? Beam search and inference time scaling Why InstructLab? InstructLab safety rails HuggingFace, InstructLab, formats AI in general use -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/444) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)

Sales Is King
201: Unlocking Business Value @RedHat | Anurag Goel

Sales Is King

Play Episode Listen Later Jun 4, 2025 39:34


SummaryIn this episode, Dan Sixsmith interviews Anurag Goel, the Global Head of Business Value and Realization at Red Hat and one of the highest profile experts in the value engineering world. They discuss the importance of shifting the conversation from product features to business outcomes, the challenges of scaling business value, and the role of AI in enhancing value propositions. Anurag shares insights on navigating buyer confidence, the significance of customer success, and the value of partnerships. He also reflects on his personal journey and leadership style, emphasizing the importance of relationships and team growth in achieving success.TakeawaysThe shift from feature selling to value selling is crucial for success.AI's ROI is a major concern for customers today.Value selling provides a framework for addressing buyer confidence.Customer success is integral to maintaining and growing accounts.Partnerships are essential for scaling business value.Anurag's journey includes significant roles at SAP, Adobe, and Salesforce.Building relationships is key to success in sales and leadership.Cultural synergy is important for team cohesion, especially in remote settings.Success is defined by team impact, shared vision, and individual growth.Chapters00:00 Introduction to Business Value at Red Hat02:26 Scaling Business Value and Overcoming Challenges06:38 The ROI of AI: Insights and Strategies11:00 Navigating Buyer Confidence in Complex Sales14:11 Customer Success as a Demand Generation Strategy18:32 Partnering for Success: The Role of Partners21:17 Anurag's Journey: From Aspirations to Leadership30:41 Leadership Style and Team Motivation35:34 Defining Success: Goals for 2025

Business of Tech
PC Market Growth Driven by Tariffs; AI in Customer Service Faces Trust Issues Amid Breaches

Business of Tech

Play Episode Listen Later Jun 2, 2025 14:21


ConnectWise has confirmed it was the target of a cyber attack by a nation-state threat actor, affecting a small number of its ScreenConnect customers. The company has since patched the software and implemented enhanced monitoring measures to secure its environment. This incident highlights the increasing targeting of remote monitoring and management (RMM) tools by advanced threat actors, particularly from Russian and Chinese intelligence services. The breach, occurring shortly before the IT Nation Secure Conference, raises concerns about the security of RMM tools, which are now viewed as critical infrastructure by hostile foreign actors.In the broader technology landscape, PC sales are projected to grow by 4.1% in 2025, primarily due to a temporary pause in tariffs that has encouraged manufacturers to increase shipments. However, this growth is not indicative of sustainable demand, as challenges such as rising prices and declining consumer sentiment loom. Meanwhile, U.S. smartphone sales are expected to decline due to ongoing tariffs, with the average selling price projected to rise by 4%. This situation reflects a complex interplay of market dynamics influenced by tariff policies.A global study from Kindle reveals that while 95% of organizations have adopted AI, a significant skills gap exists, with 71% of leaders believing their workforces are unprepared to leverage AI effectively. The report indicates that only 40% of leaders utilize AI-powered insights for decision-making, underscoring the need for better alignment between workforce strategies and AI technology. Additionally, the IoT Asset Tracking and Visibility Adoption Report 2025 highlights that 74% of asset tracking projects meet or exceed ROI expectations, emphasizing the importance of managed asset tracking solutions over in-house developed tools.Recent announcements from major companies like Barracuda, Red Hat, and Salesforce indicate a shift towards AI-driven solutions in the enterprise sector. Barracuda has launched an AI-powered cybersecurity platform, while Red Hat introduced AI-driven system administration tools to address the skills gap in Linux management. Salesforce's acquisition of Informatica aims to enhance its data management capabilities, further integrating AI into its offerings. These developments suggest that the focus is shifting from flashy AI features to practical applications that simplify security and enhance operational efficiency. Four things to know today 00:00 Tariffs Distort Tech Growth: PCs Surge While Smartphones Stall, AI and Asset Tracking Reveal Readiness Gaps05:11 Tariffs and AI Redefine Channel Strategy: Uncertainty, Automation, and the Margin Squeeze08:23 Enterprise AI Gets Real: Barracuda, Red Hat, and Salesforce Target Ops, Not Optics10:17 ConnectWise Breach Underscores Rising Nation-State Interest in RMM Tools Supported by:  https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorshiphttps://timezest.com/mspradio/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Irish Tech News Audio Articles
Dell Technologies Transforms Data Centre Operations with Software-Driven Disaggregated Infrastructure Innovations

Irish Tech News Audio Articles

Play Episode Listen Later May 30, 2025 4:52


Dell Technologies helps customers design modern disaggregated data centres with storage, cyber resilience, software, and integrated solution innovations. Why it matters Organisations face increasing demands to efficiently manage and secure both modern and traditional workloads across on-premises data centres, cloud, and edge environments. IT and business needs keep changing, so the modern data centre must be ready for anything. Dell's approach to disaggregated infrastructure combines management of shared compute, networking and storage resource pools with software-driven automation, security, and partner integrations. Advanced storage and cyber resiliency capabilities Dell storage and cyber resiliency advancements deliver the performance and protection that modern data centres need. Dell PowerProtect Data Domain All-Flash appliances improve cyber resiliency with up to four times faster data restores and two times faster replication performance. They are more efficient, taking up 40% less rack space and saving up to 80% on power when compared to HDD systems. Dell PowerScale software advancements enhance object storage support and cyber resilience. The PowerScale Cybersecurity Suite offers comprehensive solutions to protect, access and recover critical data. Customers can boost application performance with Amazon EC2 cloud burst and reduce costs by backing up to Dell ObjectScale, Amazon S3 or Wasabi. PowerStore Advanced Ransomware Detection helps organisations validate data integrity and minimise downtime from ransomware attacks using advanced AI analytics. The news comes as Dell celebrates PowerStore's fifth anniversary and over 17,000 global customers. Automate private cloud and edge operations Dell software automates the deployment and management of disaggregated private cloud and edge solutions built with Dell's industry-leading infrastructure and partner technologies. Dell Private Cloud offers a new approach to deploying, managing and scaling private clouds built with cloud software from vendors like Broadcom, Nutanix and Red Hat on Dell disaggregated infrastructure. Organisations can protect their investment with reusable infrastructure, simplify operations with full lifecycle management and support customer choice with a catalogue of validated blueprints. Automation helps customers provision a private cloud stack in 90% fewer steps than manual processes, delivering a cluster in just two and a half hours with no manual effort. Dell Private Cloud is delivered using the Dell Automation Platform, a software platform designed to simplify how customers deploy and operate disaggregated solutions with secure, zero-touch onboarding and centralised management. "Dell Private Cloud has proven to be the right fit to help us meet our business priorities," said Keith Bradley, vice president, IT and Security, Nature Fresh Farms. "The flexibility to transition between cloud ecosystems and the ability to repurpose hardware is a game-changer for us by providing investment protection and enabling us to respond to evolving business needs quickly." New Dell NativeEdge features make it the most advanced and cost-effective solution for virtualised workloads at the edge and in remote branch offices.7 Critical data is protected and secured with policy-based load balancing, VM snapshots and backup and migration capabilities. Organisations can manage diverse edge environments consistently with non-Dell and legacy infrastructure support. "At Dell Technologies, we're defining the future architecture of the intelligent enterprise," said Arthur Lewis, president, Infrastructure Solutions Group, Dell Technologies. "Our disaggregated infrastructure approach helps customers build secure, efficient modern data centres that turn data into intelligence and complexity into clarity." More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous epis...

The ERP Advisor
The ERP Minute Episode 188 - May 28th, 2025

The ERP Advisor

Play Episode Listen Later May 29, 2025 3:11


In ERP this week, Workday announced results for the fiscal 2026 first quarter ended April 30, 2025, Salesforce entered into an agreement to acquire Informatica for approximately $8 billion in equity value, net of Salesforce's current investment in Informatica, QAD announced a new partnership with Boomi, a provider of AI-driven automation, and Red Hat, a provider of open-source solutions, announced Red Hat AI Inference Server, a significant step towards democratizing generative AI across the hybrid cloud.Connect with us!https://www.erpadvisorsgroup.com866-499-8550LinkedIn:https://www.linkedin.com/company/erp-advisors-groupTwitter:https://twitter.com/erpadvisorsgrpFacebook:https://www.facebook.com/erpadvisorsInstagram:https://www.instagram.com/erpadvisorsgroupPinterest:https://www.pinterest.com/erpadvisorsgroupMedium:https://medium.com/@erpadvisorsgroup

Ask Noah Show
Episode 443: Ask Noah Show 443

Ask Noah Show

Play Episode Listen Later May 28, 2025 53:52


This week Mike McGrath from Red Hat joins us and we talk about RHEL AI, quantum computing, and we get an update as to where Red Hat landed with all the licensing drama from a few years ago. -- During The Show -- 00:50 Real ID Real ID Act from 20 years ago Problems with Real ID Canadian Central Government Alternatives to Real ID Surrendering information "Be Your Real Self" Government creating problems they can solve No one wants to admit they are wrong EFF.org (https://www.eff.org/deeplinks/2025/05/security-theater-realized-and-flying-without-real-id) 12:57 News Wire Firefox 139 - mozilla.org (https://www.mozilla.org/en-US/firefox/139.0/releasenotes/) Firefox shutting down Pocket - mozilla.org (https://support.mozilla.org/en-US/kb/future-of-pocket) Linux 6.15 - kernelnewbies.org (https://kernelnewbies.org/Linux_6.15) Most of WSL Open Source - zdnet.com (https://www.zdnet.com/article/microsoft-finally-open-sources-most-of-windows-subsystem-for-linux/) NixOS 25.05 - nixos.org (https://nixos.org/blog/announcements/2025/nixos-2505/) RHEL 10 - redhat.com (https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux-10) AlmaLinux 9.6 - almalinux.org (https://almalinux.org/blog/2025-05-20-almalinux_96_release/) Fedora Removes X11 - pagure.io (https://pagure.io/fesco/issue/3408) Karton - blogs.kde.org (https://blogs.kde.org/2025/05/18/gsoc-2025-project-intro-developing-karton-the-kde-virtual-machine-manager/) SMB Server Zero Day - gbhackers.com (https://gbhackers.com/linux-kernel-zero-day-smb-vulnerability/) Devstral - venturebeat.com (https://venturebeat.com/ai/mistral-ai-launches-devstral-powerful-new-open-source-swe-agent-model-that-runs-on-laptops/) LlamaFirewall - helpnetsecurity.com (https://www.helpnetsecurity.com/2025/05/26/llamafirewall-open-source-framework-detect-mitigate-ai-centric-security-risks/) Woodpecker - siliconangle.com (https://siliconangle.com/2025/05/21/operant-ai-launches-woodpecker-bring-open-source-red-teaming-ai-cloud-environments/) 14:25 Mike McGrath - VP of Software engineering Have things calmed down? Red Hat and Communities RHEL 10 RHEL Lightspeed Mike McGrath's background Lightspeed vs Search Engine CentOS Stream SIGs & community Upstream and CentOS Stream RHEL AI RHEL AI "developer license" How is AI effecting RHEL? Is the OS a "bootloader" for AI? Agentic AI Post Quantum attacks 39:33 OPNSense What Steve and Noah run at home Netgate/PFSense have done shady things ycombinator.com (https://news.ycombinator.com/item?id=36489192) reddit.com (https://www.reddit.com/r/homelab/comments/ssk8zj/til_in_2017_pfsense_netgate_had_to_hand_over/) PFSense Requires an account to download Can't virtualize Can't between CE and Appliance Starts at ~$1000 Many devices failed, soldered in Netgate hardware doesn't meet PFSense Standards Zero Support No update cadence Can't reliably automate PFSense OPNSense Fork of PFSense Much nicer interface DHCP backend switching Always moving forward Hardware device doesn't have weird VLAN bonding Newegg (https://www.newegg.com/p/22Z-007C-003M8?Item=9SIAK3UGAF5164) Up date cadence Shop and kids router changed over Steve's attempt to migrate -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/443) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Special Guest: Mike McGrath.

Gestalt IT Rundown
OpenAI Acquires io for $6.4 Billion || Tech Field Day News Rundown: May 28, 2025

Gestalt IT Rundown

Play Episode Listen Later May 28, 2025 29:05


OpenAI has announced its largest acquisition to date, agreeing to acquire io, an AI device startup founded by former Apple executive Jony Ive, in an all-equity deal worth approximately $6.5 billion. The acquisition includes OpenAI's existing stake in io. As part of the merger, Jony Ive will assume significant creative and design responsibilities across both OpenAI and io. Despite the merger, Ive's design firm, LoveFrom, will continue to operate independently.Time Stamps: 0:00 - Cold Open 0:40 - Welcome the Tech Field Day News Rundown1:39 - AT&T Acquires Century Link4:43 - VAST Data Reveals their AI Operating System8:51 - Salesforce to Acquire informatica for $8 Billion12:01 - Red Hat's Linux Push for Smart Vehicles14:49 - Google's New Approach to AI Infrastructure19:01 - Datadog Broadens Its Observability Platform Vision22:16 - OpenAI Acquires io for $6.4 Billion27:16 - The Weeks Ahead28:25 - Thanks for Watching the Tech Field Day News RundownGuest Host: Kori Rongey, Founder of TotalPacketsFollow our hosts ⁠⁠⁠Tom Hollingsworth⁠⁠⁠, ⁠⁠⁠Alastair Cooke⁠⁠⁠, and ⁠⁠⁠Stephen Foskett⁠⁠⁠. Follow Tech Field Day ⁠⁠⁠on LinkedIn⁠⁠⁠, on ⁠⁠⁠X/Twitter⁠⁠⁠, on ⁠⁠⁠Bluesky⁠⁠⁠, and on ⁠⁠⁠Mastodon⁠⁠⁠.

Cyber Briefing
May 27, 2025 - Cyber Briefing

Cyber Briefing

Play Episode Listen Later May 27, 2025 9:16


If you like what you hear, please subscribe, leave us a review and tell a friend!

LINUX Unplugged
616: From Boston to bootc

LINUX Unplugged

Play Episode Listen Later May 25, 2025 90:37 Transcription Available


Fresh off Red Hat Summit, Chris is eyeing an exit from NixOS. What's luring him back to the mainstream? Our highlights, and the signal from the noise from open source's biggest event of the year.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:

Mixture of Experts
Google I/O, NLWeb, llm-d and is Stack Overflow dead?

Mixture of Experts

Play Episode Listen Later May 23, 2025 42:11


Should you pay for Google's AI Ultra subscription plan? In episode 56 of Mixture of Experts, host Tim Hwang is joined by Abraham Daniels, Gabe Goodhart and Marina Danilevsky to debrief the announcements from Google I/O 2025. Next, RedHat dropped llm-d, a Kubernetes-native distributed inference serving stack; what is it and why does it matter? Then, we analyze Microsoft's NLWeb: is everything becoming conversational? Finally, Stack Overflow has been on a decline. Is AI to blame? Find out more on this week's Mixture of Experts! 00:01 – Intro 00:52 --Google I/O 2025 announcements 11:36 -- Stack Overflow 22:04 -- llm-d 30:08 -- NLWeb The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Elevate Your Career
63 | Jim Palermo | Futurescape: Navigating the New World of Artificial Intelligence

Elevate Your Career

Play Episode Listen Later May 13, 2025 52:56


In today's episode of the Elevate Your Career podcast, Nicole is joined by Jim Palermo, former Chief Information Officer at Red Hat, a leading provider of enterprise open source solutions.During this fascinating discussion, Nicole and Jim explore the intersection of emerging technologies and the future of human society, focusing on an area of innovation that promises to revolutionize industries and everyday life. You'll learn about the potential risks and rewards of this rapidly evolving field, addressing concerns about its unintended consequences and how humanity might grapple with its power.Hear how these innovations are already starting to affect key sectors like healthcare. Jim shares compelling stories of how technology is making strides in life-saving diagnostics and medical breakthroughs, offering hope for transformative change. The potential for this technology to alleviate long-standing problems and improve quality of life is examined with a mixture of awe and caution, recognizing both its promise and the urgent need for oversight.With a focus on curiosity and adaptability, this episode suggests that future success will hinge on understanding the underlying structures of technology, data, and business processes—without necessarily needing to follow a conventional route through academia.If you've enjoyed this episode of the Elevate Your Career podcast, be sure to leave a review and subscribe today! Enjoy!In This Episode You'll Learn:How Jim's early exposure to computers and programming led him to pursue a career in computer science.The security challenges associated with AI, including the injection of bad prompts and data leakageThe impact of AI on jobs, particularly in support roles, and the need for employees to adapt and develop new skills.The potential for AI to address pressing issues, such as healthcare and national debt, and the importance of responsible development.Why aspiring AI professionals should focus on full-stack engineering and developing skills in data models, data integrity, and business context.And much more...Guest Bio:Jim Palermo is the former Chief Information Officer at Red Hat, a leading provider of enterprise open source solutions. As a global technology leader, he drives strategic IT transformations that align infrastructure with business objectives to accelerate innovation, fuel sales growth, and sharpen competitive advantage. With a blend of technical depth and business insight, Jim delivers strong ROI on technology investments. He has architected scalable, secure IT service delivery and implemented a technology roadmap focused on best-in-class products and platforms. Recognized with the 2023 CIO 100 Award and TBM Council's Business Optimization Award, Jim has led major initiatives in hybrid cloud, automation, and AI. He also advises client CIOs through Red Hat's Strategic Council, shaping product direction and modernizing global infrastructure to support future-ready, containerized cloud environments.Resources:Jim's LinkedInRed HatDisclaimer: The views, information, or opinions expressed during this podcast are solely those of the individuals involved and do not necessarily represent those of the Elevate Your Career podcast or its affiliates. The content provided is for informational and entertainment purposes only and is not intended to be a substitute for professional advice. We make no representations as to the accuracy, completeness, suitability, or validity of...

EM360 Podcast
Can Open Source Ensure AI Works For Everyone, Not Just The Largest Enterprises?

EM360 Podcast

Play Episode Listen Later May 12, 2025 32:58


“Before starting a new AI project, it is really worthwhile defining the business priority first,” asserts Joanna Hodgson, the UK and Ireland regional leader at Red Hat.“What specific problem are you trying to solve with AI? Do we need a general purpose AI application or would a more focused model be better? How will we manage security, compliance and governance of that model? This process can help to reveal where AI adoption makes sense and where it doesn't," she added. In this episode of the Tech Transformed podcast, host Shubhangi Dua, podcast producer at EM360Tech speaks with Hodgson, a seasoned business and technical leader with over 25 years of experience at IBM and Red Hat. They talk about the challenges of scaling AI projects, the importance of open source in compliance with GDPR, and the geopolitical aspects of AI innovation. They also discuss the role of small language models (SLMs) in enterprise applications and the collaboration between IBM and Red Hat in advancing AI technology. Joanna emphasises the need for a strategic approach to AI and the importance of data quality for sustainable business practices. While large language models (LLMs) dominate headlines, SLMs offer a cost-effective and efficient alternative for specific tasks.The podcast answers key questions, like ‘how do businesses balance ethical considerations, moral obligations, and even patriotism with the drive for AI advancement?' Hodgson shares her perspective on how open source can facilitate this balance, ensuring AI works for everyone, not just those with the deepest pockets.Hodgson also provides her vision on the future of AI. It comprises interconnected small AI models, agentic AI, and a world where AI frees up teams to create personal connections and exceptional customer experiences.TakeawaysCuriosity is a strength in technology.AI is becoming embedded in existing applications.Regulatory compliance is crucial for AI systems.Open source can enhance trust and transparency.Small language models are efficient for specific tasks.AI should free teams to create personal connections.A strategic AI platform is essential for businesses.Data quality is key for sustainable business success.Collaboration in open source accelerates innovation.AI can be used for both good and bad outcomes.Chapters00:00 Introduction to the Tech Transform Podcast01:35 Pivotal Moments in Joanna's Career05:12 Challenges in Scaling AI Projects09:15 Open Source and GDPR Compliance13:11 Regulatory Compliance and Data Security17:30 Geopolitical Aspects of AI Innovation22:31 Collaboration Between IBM and Red Hat23:58 Understanding Small Language Models29:54 Future Trends in AI and SustainabilityAbout Red HatRed Hat is a leading provider of enterprise open source solutions, using a community-powered approach to deliver high-performing Linux, hybrid cloud, edge, and Kubernetes technologies. The company is known for Enterprise Linux.They offer a wide range of hybrid cloud platforms and open source...

Les Cast Codeurs Podcast
LCC 325 - Trier le hachis des concurrents

Les Cast Codeurs Podcast

Play Episode Listen Later May 9, 2025 109:42


Gros épisode qui couvre un large spectre de sujets : Java, Scala, Micronaut, NodeJS, l'IA et la compétence des développeurs, le sampling dans les LLMs, les DTO, le vibe coding, les changements chez Broadcom et Red Hat ainsi que plusieurs nouvelles sur les licences open source. Enregistré le 7 mai 2025 Téléchargement de l'épisode LesCastCodeurs-Episode-325.mp3 ou en vidéo sur YouTube. News Langages A l'occasion de JavaOne et du lancement de Java 24, Oracle lance un nouveau site avec des ressources vidéo pour apprendre le langage https://learn.java/ site plutôt à destination des débutants et des enseignants couvre la syntaxe aussi, y compris les ajouts plus récents comme les records ou le pattern matching c'est pas le site le plus trendy du monde. Martin Odersky partage un long article sur l'état de l'écosystème Scala et les évolutions du language https://www.scala-lang.org/blog/2025/03/24/evolving-scala.html Stabilité et besoin d'évolution : Scala maintient sa position (~14ème mondial) avec des bases techniques solides, mais doit évoluer face à la concurrence pour rester pertinent. Axes prioritaires : L'évolution se concentre sur l'amélioration du duo sécurité/convivialité, le polissage du langage (suppression des “rugosités”) et la simplification pour les débutants. Innovation continue : Geler les fonctionnalités est exclu ; l'innovation est clé pour la valeur de Scala. Le langage doit rester généraliste et ne pas se lier à un framework spécifique. Défis et progrès : L'outillage (IDE, outils de build comme sbt, scala-cli, Mill) et la facilité d'apprentissage de l'écosystème sont des points d'attention, avec des améliorations en cours (partenariat pédagogique, plateformes simples). Des strings encore plus rapides ! https://inside.java/2025/05/01/strings-just-got-faster/ Dans JDK 25, la performance de la fonction String::hashCode a été améliorée pour être principalement constant foldable. Cela signifie que si les chaînes de caractères sont utilisées comme clés dans une Map statique et immuable, des gains de performance significatifs sont probables. L'amélioration repose sur l'annotation interne @Stable appliquée au champ privé String.hash. Cette annotation permet à la machine virtuelle de lire la valeur du hash une seule fois et de la considérer comme constante si elle n'est pas la valeur par défaut (zéro). Par conséquent, l'opération String::hashCode peut être remplacée par la valeur de hash connue, optimisant ainsi les lookups dans les Map immuables. Un cas limite est celui où le code de hachage de la chaîne est zéro, auquel cas l'optimisation ne fonctionne pas (par exemple, pour la chaîne vide “”). Bien que l'annotation @Stable soit interne au JDK, un nouveau JEP (JEP 502: Stable Values (Preview)) est en cours de développement pour permettre aux utilisateurs de bénéficier indirectement de fonctionnalités similaires. AtomicHash, une implémentation Java d'une HashMap qui est thread-safe, atomique et non-bloquante https://github.com/arxila/atomichash implémenté sous forme de version immutable de Concurrent Hash Trie Librairies Sortie de Micronaut 4.8.0 https://micronaut.io/2025/04/01/micronaut-framework-4-8-0-released/ Mise à jour de la BOM (Bill of Materials) : La version 4.8.0 met à jour la BOM de la plateforme Micronaut. Améliorations de Micronaut Core : Intégration de Micronaut SourceGen pour la génération interne de métadonnées et d'expressions bytecode. Nombreuses améliorations dans Micronaut SourceGen. Ajout du traçage de l'injection de dépendances pour faciliter le débogage au démarrage et à la création des beans. Nouveau membre definitionType dans l'annotation @Client pour faciliter le partage d'interfaces entre client et serveur. Support de la fusion dans les Bean Mappers via l'annotation @Mapping. Nouvelle liveness probe détectant les threads bloqués (deadlocked) via ThreadMXBean. Intégration Kubernetes améliorée : Mise à jour du client Java Kubernetes vers la version 22.0.1. Ajout du module Micronaut Kubernetes Client OpenAPI, offrant une alternative au client officiel avec moins de dépendances, une configuration unifiée, le support des filtres et la compatibilité Native Image. Introduction d'un nouveau runtime serveur basé sur le serveur HTTP intégré de Java, permettant de créer des applications sans dépendances serveur externes. Ajout dans Micronaut Micrometer d'un module pour instrumenter les sources de données (traces et métriques). Ajout de la condition condition dans l'annotation @MetricOptions pour contrôler l'activation des métriques via une expression. Support des Consul watches dans Micronaut Discovery Client pour détecter les changements de configuration distribuée. Possibilité de générer du code source à partir d'un schéma JSON via les plugins de build (Gradle et Maven). Web Node v24.0.0 passe en version Current: https://nodejs.org/en/blog/release/v24.0.0 Mise à jour du moteur V8 vers la version 13.6 : intégration de nouvelles fonctionnalités JavaScript telles que Float16Array, la gestion explicite des ressources (using), RegExp.escape, WebAssembly Memory64 et Error.isError. npm 11 inclus : améliorations en termes de performance, de sécurité et de compatibilité avec les packages JavaScript modernes. Changement de compilateur pour Windows : abandon de MSVC au profit de ClangCL pour la compilation de Node.js sur Windows. AsyncLocalStorage utilise désormais AsyncContextFrame par défaut : offrant une gestion plus efficace du contexte asynchrone. URLPattern disponible globalement : plus besoin d'importer explicitement cette API pour effectuer des correspondances d'URL. Améliorations du modèle de permissions : le flag expérimental --experimental-permission devient --permission, signalant une stabilité accrue de cette fonctionnalité. Améliorations du test runner : les sous-tests sont désormais attendus automatiquement, simplifiant l'écriture des tests et réduisant les erreurs liées aux promesses non gérées. Intégration d'Undici 7 : amélioration des capacités du client HTTP avec de meilleures performances et un support étendu des fonctionnalités HTTP modernes. Dépréciations et suppressions : Dépréciation de url.parse() au profit de l'API WHATWG URL. Suppression de tls.createSecurePair. Dépréciation de SlowBuffer. Dépréciation de l'instanciation de REPL sans new. Dépréciation de l'utilisation des classes Zlib sans new. Dépréciation du passage de args à spawn et execFile dans child_process. Node.js 24 est actuellement la version “Current” et deviendra une version LTS en octobre 2025. Il est recommandé de tester cette version pour évaluer son impact sur vos applications. Data et Intelligence Artificielle Apprendre à coder reste crucial et l'IA est là pour venir en aide : https://kyrylo.org/software/2025/03/27/learn-to-code-ignore-ai-then-use-ai-to-code-even-better.html Apprendre à coder reste essentiel malgré l'IA. L'IA peut assister la programmation. Une solide base est cruciale pour comprendre et contrôler le code. Cela permet d'éviter la dépendance à l'IA. Cela réduit le risque de remplacement par des outils d'IA accessibles à tous. L'IA est un outil, pas un substitut à la maîtrise des fondamentaux. Super article de Anthropic qui essaie de comprendre comment fonctionne la “pensée” des LLMs https://www.anthropic.com/research/tracing-thoughts-language-model Effet boîte noire : Stratégies internes des IA (Claude) opaques aux développeurs et utilisateurs. Objectif : Comprendre le “raisonnement” interne pour vérifier capacités et intentions. Méthode : Inspiration neurosciences, développement d'un “microscope IA” (regarder quels circuits neuronaux s'activent). Technique : Identification de concepts (“features”) et de “circuits” internes. Multilinguisme : Indice d'un “langage de pensée” conceptuel commun à toutes les langues avant de traduire dans une langue particulière. Planification : Capacité à anticiper (ex: rimes en poésie), pas seulement de la génération mot par mot (token par token). Raisonnement non fidèle : Peut fabriquer des arguments plausibles (“bullshitting”) pour une conclusion donnée. Logique multi-étapes : Combine des faits distincts, ne se contente pas de mémoriser. Hallucinations : Refus par défaut ; réponse si “connaissance” active, sinon risque d'hallucination si erreur. “Jailbreaks” : Tension entre cohérence grammaticale (pousse à continuer) et sécurité (devrait refuser). Bilan : Méthodes limitées mais prometteuses pour la transparence et la fiabilité de l'IA. Le “S” dans MCP veut dire Securité (ou pas !) https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands-for-security-91407b33ed6b La spécification MCP pour permettre aux LLMs d'avoir accès à divers outils et fonctions a peut-être été adoptée un peu rapidement, alors qu'elle n'était pas encore prête niveau sécurité L'article liste 4 types d'attaques possibles : vulnérabilité d'injection de commandes attaque d'empoisonnement d'outils redéfinition silencieuse de l'outil le shadowing d'outils inter-serveurs Pour l'instant, MCP n'est pas sécurisé : Pas de standard d'authentification Pas de chiffrement de contexte Pas de vérification d'intégrité des outils Basé sur l'article de InvariantLabs https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks Sortie Infinispan 15.2 - pre rolling upgrades 16.0 https://infinispan.org/blog/2025/03/27/infinispan-15-2 Support de Redis JSON + scripts Lua Métriques JVM désactivables Nouvelle console (PatternFly 6) Docs améliorées (métriques + logs) JDK 17 min, support JDK 24 Fin du serveur natif (performances) Guillaume montre comment développer un serveur MCP HTTP Server Sent Events avec l'implémentation de référence Java et LangChain4j https://glaforge.dev/posts/2025/04/04/mcp-client-and-server-with-java-mcp-sdk-and-langchain4j/ Développé en Java, avec l'implémentation de référence qui est aussi à la base de l'implémentation dans Spring Boot (mais indépendant de Spring) Le serveur MCP est exposé sous forme de servlet dans Jetty Le client MCP lui, est développé avec le module MCP de LangChain4j c'est semi independant de Spring dans le sens où c'est dépendant de Reactor et de ses interface. il y a une conversation sur le github d'anthropic pour trouver une solution, mais cela ne parait pas simple. Les fallacies derrière la citation “AI won't replace you, but humans using AI will” https://platforms.substack.com/cp/161356485 La fallacie de l'automatisation vs. l'augmentation : Elle se concentre sur l'amélioration des tâches existantes avec l'IA au lieu de considérer le changement de la valeur de ces tâches dans un nouveau système. La fallacie des gains de productivité : L'augmentation de la productivité ne se traduit pas toujours par plus de valeur pour les travailleurs, car la valeur créée peut être capturée ailleurs dans le système. La fallacie des emplois statiques : Les emplois sont des constructions organisationnelles qui peuvent être redéfinies par l'IA, rendant les rôles traditionnels obsolètes. La fallacie de la compétition “moi vs. quelqu'un utilisant l'IA” : La concurrence évolue lorsque l'IA modifie les contraintes fondamentales d'un secteur, rendant les compétences existantes moins pertinentes. La fallacie de la continuité du flux de travail : L'IA peut entraîner une réimagination complète des flux de travail, éliminant le besoin de certaines compétences. La fallacie des outils neutres : Les outils d'IA ne sont pas neutres et peuvent redistribuer le pouvoir organisationnel en changeant la façon dont les décisions sont prises et exécutées. La fallacie du salaire stable : Le maintien d'un emploi ne garantit pas un salaire stable, car la valeur du travail peut diminuer avec l'augmentation des capacités de l'IA. La fallacie de l'entreprise stable : L'intégration de l'IA nécessite une restructuration de l'entreprise et ne se fait pas dans un vide organisationnel. Comprendre le “sampling” dans les LLMs https://rentry.co/samplers Explique pourquoi les LLMs utilisent des tokens Les différentes méthodes de “sampling” : càd de choix de tokens Les hyperparamètres comme la température, top-p, et leur influence réciproque Les algorithmes de tokenisation comme Byte Pair Encoding et SentencePiece. Un de moins … OpenAI va racheter Windsurf pour 3 milliards de dollars. https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion l'accord n'est pas encore finalisé Windsurf était valorisé à 1,25 milliards l'an dernier et OpenAI a levé 40 milliards dernièrement portant sa valeur à 300 milliards Le but pour OpenAI est de rentrer dans le monde des assistants de code pour lesquels ils sont aujourd'hui absent Docker desktop se met à l'IA… ? Une nouvelle fonctionnalité dans docker desktop 4.4 sur macos: Docker Model Runner https://dev.to/docker/run-genai-models-locally-with-docker-model-runner-5elb Permet de faire tourner des modèles nativement en local ( https://docs.docker.com/model-runner/ ) mais aussi des serveurs MCP ( https://docs.docker.com/ai/mcp-catalog-and-toolkit/ ) Outillage Jetbrains défend la suppression des commentaires négatifs sur son assistant IA https://devclass.com/2025/04/30/jetbrains-defends-removal-of-negative-reviews-for-unpopular-ai-assistant/?td=rt-3a L'IA Assistant de JetBrains, lancée en juillet 2023, a été téléchargée plus de 22 millions de fois mais n'est notée que 2,3 sur 5. Des utilisateurs ont remarqué que certaines critiques négatives étaient supprimées, ce qui a provoqué une réaction négative sur les réseaux sociaux. Un employé de JetBrains a expliqué que les critiques ont été supprimées soit parce qu'elles mentionnaient des problèmes déjà résolus, soit parce qu'elles violaient leur politique concernant les “grossièretés, etc.” L'entreprise a reconnu qu'elle aurait pu mieux gérer la situation, un représentant déclarant : “Supprimer plusieurs critiques d'un coup sans préavis semblait suspect. Nous aurions dû au moins publier un avis et fournir plus de détails aux auteurs.” Parmi les problèmes de l'IA Assistant signalés par les utilisateurs figurent : un support limité pour les fournisseurs de modèles tiers, une latence notable, des ralentissements fréquents, des fonctionnalités principales verrouillées aux services cloud de JetBrains, une expérience utilisateur incohérente et une documentation insuffisante. Une plainte courante est que l'IA Assistant s'installe sans permission. Un utilisateur sur Reddit l'a qualifié de “plugin agaçant qui s'auto-répare/se réinstalle comme un phénix”. JetBrains a récemment introduit un niveau gratuit et un nouvel agent IA appelé Junie, destiné à fonctionner parallèlement à l'IA Assistant, probablement en réponse à la concurrence entre fournisseurs. Mais il est plus char a faire tourner. La société s'est engagée à explorer de nouvelles approches pour traiter les mises à jour majeures différemment et envisage d'implémenter des critiques par version ou de marquer les critiques comme “Résolues” avec des liens vers les problèmes correspondants au lieu de les supprimer. Contrairement à des concurrents comme Microsoft, AWS ou Google, JetBrains commercialise uniquement des outils et services de développement et ne dispose pas d'une activité cloud distincte sur laquelle s'appuyer. Vos images de README et fichiers Markdown compatibles pour le dark mode de GitHub: https://github.blog/developer-skills/github/how-to-make-your-images-in-markdown-on-github-adjust-for-dark-mode-and-light-mode/ Seulement quelques lignes de pure HTML pour le faire Architecture Alors, les DTOs, c'est bien ou c'est pas bien ? https://codeopinion.com/dtos-mapping-the-good-the-bad-and-the-excessive/ Utilité des DTOs : Les DTOs servent à transférer des données entre les différentes couches d'une application, en mappant souvent les données entre différentes représentations (par exemple, entre la base de données et l'interface utilisateur). Surutilisation fréquente : L'article souligne que les DTOs sont souvent utilisés de manière excessive, notamment pour créer des API HTTP qui ne font que refléter les entités de la base de données, manquant ainsi l'opportunité de composer des données plus riches. Vraie valeur : La valeur réelle des DTOs réside dans la gestion du couplage entre les couches et la composition de données provenant de sources multiples en formes optimisées pour des cas d'utilisation spécifiques. Découplage : Il est suggéré d'utiliser les DTOs pour découpler les modèles de données internes des contrats externes (comme les API), ce qui permet une évolution et une gestion des versions indépendantes. Exemple avec CQRS : Dans le cadre de CQRS (Command Query Responsibility Segregation), les réponses aux requêtes (queries) agissent comme des DTOs spécifiquement adaptés aux besoins de l'interface utilisateur, pouvant inclure des données de diverses sources. Protection des données internes : Les DTOs aident à distinguer et protéger les modèles de données internes (privés) des changements externes (publics). Éviter l'excès : L'auteur met en garde contre les couches de mapping excessives (mapper un DTO vers un autre DTO) qui n'apportent pas de valeur ajoutée. Création ciblée : Il est conseillé de ne créer des DTOs que lorsqu'ils résolvent des problèmes concrets, tels que la gestion du couplage ou la facilitation de la composition de données. Méthodologies Même Guillaume se met au “vibe coding” https://glaforge.dev/posts/2025/05/02/vibe-coding-an-mcp-server-with-micronaut-and-gemini/ Selon Andrey Karpathy, c'est le fait de POC-er un proto, une appli jetable du weekend https://x.com/karpathy/status/1886192184808149383 Mais Simon Willison s'insurge que certains confondent coder avec l'assistance de l'IA avec le vibe coding https://simonwillison.net/2025/May/1/not-vibe-coding/ Guillaume c'est ici amusé à développer un serveur MCP avec Micronaut, en utilisant Gemini, l'IA de Google. Contrairement à Quarkus ou Spring Boot, Micronaut n'a pas encore de module ou de support spécifique pour faciliter la création de serveur MCP Sécurité Une faille de sécurité 10/10 sur Tomcat https://www.it-connect.fr/apache-tomcat-cette-faille-activement-exploitee-seulement-30-heures-apres-sa-divulgation-patchez/ Une faille de sécurité critique (CVE-2025-24813) affecte Apache Tomcat, permettant l'exécution de code à distance Cette vulnérabilité est activement exploitée seulement 30 heures après sa divulgation du 10 mars 2025 L'attaque ne nécessite aucune authentification et est particulièrement simple à exécuter Elle utilise une requête PUT avec une charge utile Java sérialisée encodée en base64, suivie d'une requête GET L'encodage en base64 permet de contourner la plupart des filtres de sécurité Les serveurs vulnérables utilisent un stockage de session basé sur des fichiers (configuration répandue) Les versions affectées sont : 11.0.0-M1 à 11.0.2, 10.1.0-M1 à 10.1.34, et 9.0.0.M1 à 9.0.98 Les mises à jour recommandées sont : 11.0.3+, 10.1.35+ et 9.0.99+ Les experts prévoient des attaques plus sophistiquées dans les prochaines phases d'exploitation (upload de config ou jsp) Sécurisation d'un serveur ssh https://ittavern.com/ssh-server-hardening/ un article qui liste les configurations clés pour sécuriser un serveur SSH par exemple, enlever password authentigfication, changer de port, desactiver le login root, forcer le protocol ssh 2, certains que je ne connaissais pas comme MaxStartups qui limite le nombre de connections non authentifiées concurrentes Port knocking est une technique utile mais demande une approche cliente consciente du protocol Oracle admet que les identités IAM de ses clients ont leaké https://www.theregister.com/2025/04/08/oracle_cloud_compromised/ Oracle a confirmé à certains clients que son cloud public a été compromis, alors que l'entreprise avait précédemment nié toute intrusion. Un pirate informatique a revendiqué avoir piraté deux serveurs d'authentification d'Oracle et volé environ six millions d'enregistrements, incluant des clés de sécurité privées, des identifiants chiffrés et des entrées LDAP. La faille exploitée serait la vulnérabilité CVE-2021-35587 dans Oracle Access Manager, qu'Oracle n'avait pas corrigée sur ses propres systèmes. Le pirate a créé un fichier texte début mars sur login.us2.oraclecloud.com contenant son adresse email pour prouver son accès. Selon Oracle, un ancien serveur contenant des données vieilles de huit ans aurait été compromis, mais un client affirme que des données de connexion aussi récentes que 2024 ont été dérobées. Oracle fait face à un procès au Texas concernant cette violation de données. Cette intrusion est distincte d'une autre attaque contre Oracle Health, sur laquelle l'entreprise refuse de commenter. Oracle pourrait faire face à des sanctions sous le RGPD européen qui exige la notification des parties affectées dans les 72 heures suivant la découverte d'une fuite de données. Le comportement d'Oracle consistant à nier puis à admettre discrètement l'intrusion est inhabituel en 2025 et pourrait mener à d'autres actions en justice collectives. Une GitHub action très populaire compromise https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised Compromission de l'action tj-actions/changed-files : En mars 2025, une action GitHub très utilisée (tj-actions/changed-files) a été compromise. Des versions modifiées de l'action ont exposé des secrets CI/CD dans les logs de build. Méthode d'attaque : Un PAT compromis a permis de rediriger plusieurs tags de version vers un commit contenant du code malveillant. Détails du code malveillant : Le code injecté exécutait une fonction Node.js encodée en base64, qui téléchargeait un script Python. Ce script parcourait la mémoire du runner GitHub à la recherche de secrets (tokens, clés…) et les exposait dans les logs. Dans certains cas, les données étaient aussi envoyées via une requête réseau. Période d'exposition : Les versions compromises étaient actives entre le 12 et le 15 mars 2025. Tout dépôt, particulièrement ceux publiques, ayant utilisé l'action pendant cette période doit être considéré comme potentiellement exposé. Détection : L'activité malveillante a été repérée par l'analyse des comportements inhabituels pendant l'exécution des workflows, comme des connexions réseau inattendues. Réaction : GitHub a supprimé l'action compromise, qui a ensuite été nettoyée. Impact potentiel : Tous les secrets apparaissant dans les logs doivent être considérés comme compromis, même dans les dépôts privés, et régénérés sans délai. Loi, société et organisation Les startup the YCombinateur ont les plus fortes croissances de leur histoire https://www.cnbc.com/2025/03/15/y-combinator-startups-are-fastest-growing-in-fund-history-because-of-ai.html Les entreprises en phase de démarrage à Silicon Valley connaissent une croissance significative grâce à l'intelligence artificielle. Le PDG de Y Combinator, Garry Tan, affirme que l'ensemble des startups de la dernière cohorte a connu une croissance hebdomadaire de 10% pendant neuf mois. L'IA permet aux développeurs d'automatiser des tâches répétitives et de générer du code grâce aux grands modèles de langage. Pour environ 25% des startups actuelles de YC, 95% de leur code a été écrit par l'IA. Cette révolution permet aux entreprises de se développer avec moins de personnel - certaines atteignant 10 millions de dollars de revenus avec moins de 10 employés. La mentalité de “croissance à tout prix” a été remplacée par un renouveau d'intérêt pour la rentabilité. Environ 80% des entreprises présentées lors du “demo day” étaient centrées sur l'IA, avec quelques startups en robotique et semi-conducteurs. Y Combinator investit 500 000 dollars dans les startups en échange d'une participation au capital, suivi d'un programme de trois mois. Red Hat middleware (ex-jboss) rejoint IBM https://markclittle.blogspot.com/2025/03/red-hat-middleware-moving-to-ibm.html Les activités Middleware de Red Hat (incluant JBoss, Quarkus, etc.) vont être transférées vers IBM, dans l'unité dédiée à la sécurité des données, à l'IAM et aux runtimes. Ce changement découle d'une décision stratégique de Red Hat de se concentrer davantage sur le cloud hybride et l'intelligence artificielle. Mark Little explique que ce transfert était devenu inévitable, Red Hat ayant réduit ses investissements dans le Middleware ces dernières années. L'intégration vise à renforcer l'innovation autour de Java en réunissant les efforts de Red Hat et IBM sur ce sujet. Les produits Middleware resteront open source et les clients continueront à bénéficier du support habituel sans changement. Mark Little affirme que des projets comme Quarkus continueront à être soutenus et que cette évolution est bénéfique pour la communauté Java. Un an de commonhaus https://www.commonhaus.org/activity/253.html un an, démarré sur les communautés qu'ils connaissaient bien maintenant 14 projets et put en accepter plus confiance, gouvernance legère et proteger le futur des projets automatisation de l'administratif, stabiilité sans complexité, les developpeurs au centre du processus de décision ils ont besoins de members et supporters (financiers) ils veulent accueillir des projets au delà de ceux du cercles des Java Champions Spring Cloud Data Flow devient un produit commercial et ne sera plus maintenu en open source https://spring.io/blog/2025/04/21/spring-cloud-data-flow-commercial Peut-être sous l'influence de Broadcom, Spring se met à mettre en mode propriétaire des composants du portefeuille Spring ils disent que peu de gens l'utilisaent en mode OSS et la majorité venait d'un usage dans la plateforme Tanzu Maintenir en open source le coutent du temps qu'ils son't pas sur ces projets. La CNCF protège le projet NATS, dans la fondation depuis 2018, vu que la société Synadia qui y contribue souhaitait reprendre le contrôle du projet https://www.cncf.io/blog/2025/04/24/protecting-nats-and-the-integrity-of-open-source-cncfs-commitment-to-the-community/ CNCF : Protège projets OS, gouvernance neutre. Synadia vs CNCF : Veut retirer NATS, licence non-OS (BUSL). CNCF : Accuse Synadia de “claw back” (reprise illégitime). Revendications Synadia : Domaine nats.io, orga GitHub. Marque NATS : Synadia n'a pas transféré (promesse rompue malgré aide CNCF). Contestation Synadia : Juge règles CNCF “trop vagues”. Vote interne : Mainteneurs Synadia votent sortie CNCF (sans communauté). Support CNCF : Investissement majeur ($ audits, légal), succès communautaire (>700 orgs). Avenir NATS (CNCF) : Maintien sous Apache 2.0, gouvernance ouverte. Actions CNCF : Health check, appel mainteneurs, annulation marque Synadia, rejet demandes. Mais finalement il semble y avoir un bon dénouement : https://www.cncf.io/announcements/2025/05/01/cncf-and-synadia-align-on-securing-the-future-of-the-nats-io-project/ Accord pour l'avenir de NATS.io : La Cloud Native Computing Foundation (CNCF) et Synadia ont conclu un accord pour sécuriser le futur du projet NATS.io. Transfert des marques NATS : Synadia va céder ses deux enregistrements de marque NATS à la Linux Foundation afin de renforcer la gouvernance ouverte du projet. Maintien au sein de la CNCF : L'infrastructure et les actifs du projet NATS resteront sous l'égide de la CNCF, garantissant ainsi sa stabilité à long terme et son développement en open source sous licence Apache-2.0. Reconnaissance et engagement : La Linux Foundation, par la voix de Todd Moore, reconnaît les contributions de Synadia et son soutien continu. Derek Collison, PDG de Synadia, réaffirme l'engagement de son entreprise envers NATS et la collaboration avec la Linux Foundation et la CNCF. Adoption et soutien communautaire : NATS est largement adopté et considéré comme une infrastructure critique. Il bénéficie d'un fort soutien de la communauté pour sa nature open source et l'implication continue de Synadia. Finalement, Redis revient vers une licence open source OSI, avec la AGPL https://foojay.io/today/redis-is-now-available-under-the-agplv3-open-source-license/ Redis passe à la licence open source AGPLv3 pour contrer l'exploitation par les fournisseurs cloud sans contribution. Le passage précédent à la licence SSPL avait nui à la relation avec la communauté open source. Salvatore Sanfilippo (antirez) est revenu chez Redis. Redis 8 adopte la licence AGPL, intègre les fonctionnalités de Redis Stack (JSON, Time Series, etc.) et introduit les “vector sets” (le support de calcul vectoriel développé par Salvatore). Ces changements visent à renforcer Redis en tant que plateforme appréciée des développeurs, conformément à la vision initiale de Salvatore. Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 mai 2025 : GOSIM AI Paris - Paris (France) 7-9 mai 2025 : Devoxx UK - London (UK) 15 mai 2025 : Cloud Toulouse - Toulouse (France) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 22-23 mai 2025 : Flupa UX Days 2025 - Paris (France) 24 mai 2025 : Polycloud - Montpellier (France) 24 mai 2025 : NG Baguette Conf 2025 - Nantes (France) 3 juin 2025 : TechReady - Nantes (France) 5-6 juin 2025 : AlpesCraft - Grenoble (France) 5-6 juin 2025 : Devquest 2025 - Niort (France) 10-11 juin 2025 : Modern Workplace Conference Paris 2025 - Paris (France) 11-13 juin 2025 : Devoxx Poland - Krakow (Poland) 12 juin 2025 : Positive Design Days - Strasbourg (France) 12-13 juin 2025 : Agile Tour Toulouse - Toulouse (France) 12-13 juin 2025 : DevLille - Lille (France) 13 juin 2025 : Tech F'Est 2025 - Nancy (France) 17 juin 2025 : Mobilis In Mobile - Nantes (France) 19-21 juin 2025 : Drupal Barcamp Perpignan 2025 - Perpignan (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 25-26 juin 2025 : Agi'Lille 2025 - Lille (France) 25-27 juin 2025 : BreizhCamp 2025 - Rennes (France) 26-27 juin 2025 : Sunny Tech - Montpellier (France) 1-4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 7-9 juillet 2025 : Riviera DEV 2025 - Sophia Antipolis (France) 5 septembre 2025 : JUG Summer Camp 2025 - La Rochelle (France) 12 septembre 2025 : Agile Pays Basque 2025 - Bidart (France) 18-19 septembre 2025 : API Platform Conference - Lille (France) & Online 23 septembre 2025 : OWASP AppSec France 2025 - Paris (France) 25-26 septembre 2025 : Paris Web 2025 - Paris (France) 2-3 octobre 2025 : Volcamp - Clermont-Ferrand (France) 3 octobre 2025 : DevFest Perros-Guirec 2025 - Perros-Guirec (France) 6-10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 7 octobre 2025 : BSides Mulhouse - Mulhouse (France) 9-10 octobre 2025 : Forum PHP 2025 - Marne-la-Vallée (France) 9-10 octobre 2025 : EuroRust 2025 - Paris (France) 16 octobre 2025 : PlatformCon25 Live Day Paris - Paris (France) 16-17 octobre 2025 : DevFest Nantes - Nantes (France) 30-31 octobre 2025 : Agile Tour Bordeaux 2025 - Bordeaux (France) 30-31 octobre 2025 : Agile Tour Nantais 2025 - Nantes (France) 30 octobre 2025-2 novembre 2025 : PyConFR 2025 - Lyon (France) 4-7 novembre 2025 : NewCrafts 2025 - Paris (France) 6 novembre 2025 : dotAI 2025 - Paris (France) 7 novembre 2025 : BDX I/O - Bordeaux (France) 12-14 novembre 2025 : Devoxx Morocco - Marrakech (Morocco) 13 novembre 2025 : DevFest Toulouse - Toulouse (France) 15-16 novembre 2025 : Capitole du Libre - Toulouse (France) 20 novembre 2025 : OVHcloud Summit - Paris (France) 21 novembre 2025 : DevFest Paris 2025 - Paris (France) 27 novembre 2025 : Devfest Strasbourg 2025 - Strasbourg (France) 28 novembre 2025 : DevFest Lyon - Lyon (France) 5 décembre 2025 : DevFest Dijon 2025 - Dijon (France) 10-11 décembre 2025 : Devops REX - Paris (France) 10-11 décembre 2025 : Open Source Experience - Paris (France) 28-31 janvier 2026 : SnowCamp 2026 - Grenoble (France) 2-6 février 2026 : Web Days Convention - Aix-en-Provence (France) 23-25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

Dealcasters
How a $6 Hat Built a Six-Figure Brand: Larry Roberts' Accidental Success Story

Dealcasters

Play Episode Listen Later May 5, 2025 60:58


What do red hats, artificial intelligence, and podcasting have in common? Larry Roberts, that's what! We do our best to tap into the brilliant (and slightly eccentric) mind of Larry Roberts, the founder of Red Hat Media and the king of AI-assisted content creation. Larry comes clean on his latest book, Under the Red Hat—written faster than you can decide on a Netflix show—and reveals how AI is reshaping podcasting faster than your grandma figuring out TikTok. If you've ever wondered how to blend brains, branding, and a dash of tech wizardry, buckle up. This is going to be a wild ride!Grab “Under The Red Hat” by Larry Roberts (Amazon): https://geni.us/UnderTheRedHat

Defense Unicorns, A Podcast
Shipping Software Faster and Safer with Pepr

Defense Unicorns, A Podcast

Play Episode Listen Later May 5, 2025 45:07


On this episode of The Defense Unicorns Podcast, host Rebecca Lively chats with Case Wylie, Software Engineering Lead, about building security-minded software that keeps up with developer velocity. From his early days at Red Hat to architecting open-source tools at Defense Unicorns, Case shares how Pepr—a TypeScript-based operator framework—is redefining how Kubernetes clusters are secured and managed in airgapped environments. It's not just about enforcing policy; it's about enabling developers to move faster, safer, and smarter.Through real-world metaphors (ever been to a nightclub with strict bouncers?), Case breaks down the roles of admission controllers, operator frameworks, and how Pepr works seamlessly with GitOps without adding friction. He explains why Pepr isn't just a tool, but part of a broader movement to standardize security postures, reduce configuration drift, and empower app teams to focus on delivering real value. With a human-first API and open-source DNA, Pepr is built to be accessible to all, not just Kubernetes power users.If you're curious about what it takes to scale secure software in complex, mission-critical environments—or just want a fresh, practical take on DevSecOps—this episode delivers. Case also shares his philosophy on open-source collaboration and what it means to build tools that truly stand the test of scale and scrutiny.Key Quote:“Pepr will always be open source and the reason why it's open source is because frankly, open source software, when your software is open source, you expose the application or the software or the platform, whatever it is to exponentially more eyes and more eyes over time and then more people start adopting it and using it and saying like, ‘Hey, you know what? I do have this simple thing I always have to do in my cluster. Maybe I try Pepr for that.' Right? And then they do it with a simple task, and then they say, ‘Hey, you know what? It would be great if Pepr could do this thing. And they put in a feature request. Then we develop that feature request, or they develop it, and they submit a PR to Pepr. And now Pepr as a whole is better because now you're using it. I'm using it. They're using it. The more people that use it, the better.”Case WylieTime Stamps:(02:44) Introduction to UDS and Pepr(05:59) The Importance of Air-Gapped Environments(11:40) Understanding Kubernetes Admission Control(16:05) Comparing Pepr with Other Tools(22:00) Why Pepr Uses TypeScript(34:03) The Benefits of Open Source for Pepr(43:31) Lightning RoundLinks:Connect with Casey WylieConnect with Rebecca LivelyLearn More About Defense Unicorns

Estadão Notícias
Tecnologia #375: #Start Eldorado: planejar e experimentar, o sucesso para a IA

Estadão Notícias

Play Episode Listen Later May 3, 2025 24:16


Na adoção de sistemas de Inteligência Artificial para uma ou mais áreas do negócio, as empresas devem começar cada um dos projetos de maneira estruturada e bem planejada. Pensando mais pequeno, se for o caso - e depois, baseadas nos dados, irem escalando o uso da IA de forma mais assertiva, evitando cair no hype de investir recursos e tempo em uma tecnologia tão inovadora sem muito planejamento, apenas para surfar a onda do momento. Para falar desse tema e das iniciativas para democratizar a IA a grandes, médios e pequenos negócios, por meio do processamento em CPUs, mais baratas e energeticamente mais eficientes do que os grandes sistemas baseados em GPUs, tecnologia que vem ganhando espaço no mercado, e o casamento entre a Inteligência Artificial com o desenvolvimento no padrão Open Source (Código Aberto), que incentiva a colaboração e a integração de ecossistemas com diferentes parceiros, o Start Eldorado recebe Sandra Vaz, country manager da Red Hat para o Brasil, que conversou sobre estes e mais temas com o apresentador Daniel Gonzales. O programa vai ao ar todas as quartas-feiras, às 21h, em FM 107,3 para toda a Grande São Paulo, site, app, canais digitais e assistentes de voz.See omnystudio.com/listener for privacy information.

Canary Cry News Talk
TIME TRAVELING HACKERS | Red Hat Faith Revival Op, Future Politics, Nephilim Programming | 837

Canary Cry News Talk

Play Episode Listen Later May 1, 2025 154:37


BestPodcastintheMetaverse.com Canary Cry News Talk #837 - 04.30.2025 - Recorded Live to 1s and 0s TIME TRAVELING HACKERS | Red Hat Faith Revival Op, Future Politics, Nephilim Programming Deconstructing World Events from a Biblical Worldview Declaring Jesus as Lord amidst the Fifth Generation War! CageRattlerCoffee.com SD/TC email Ike for discount   Join the Canary Cry Roundtable This Episode was Produced By:   Executive Producers Sir LX Protocol V2 Baron of the Berrean Protocol*** Arnie W*** Jill B*** Sarah P*** Sir Tristan Knight of Garden*** Jason***   Producers of TREASURE (CanaryCry.Support) American Hobo, Aaron B, Sir Marty K Knight of the Wrong Timeline, Cage Rattler Coffee, Mrs TinfoilHatMan, Anonymous, Veronica D, Sir Scott Knight of Truth, Sir Casey the Shield Knight   Producers of TALENT Arnie W   Producers of TIME Timestampers: Jade Bouncerson, Morgan E Clippy Team: Courtney S, JOLMS, Kristen Reminders: Clankoniphius Links: JAM   SHOW NOTES/TIMESTAMPS HELLO WORLD EFNO   CYBERPANDEMIC FBI warns of time-traveling hackers (MSN/Fox)   EXECS   PSYOPS Niel Degrass Tyson Red Hat (X) Red Hat poll in comments(X) Red Hat Poll from Tyson   BIBLICAL Why is Gen Z finding Religion (VOX) Why Christianity is taking an Asian turn (The Economist)   PRODUCERS   TRANSHUMAN → Forbes deleted article about Zoltan (Forbes) → Screenshot of article headline (X) Zoltan Istvan announces CA Gubernatorial bid on X (X)  World Renowned Futurist, AI Expert Zoltan Istvan Running for CA Gov as Dem (ABC News)   AI/BEING WATCHED Researchers Secretly Ran Massive, Unauthorized AI Persuasion Experiment on Reddit Users (404)   NEPHILIM UPDATE Jack's transformation in Supernatural final season redefined show's mythology (MSN/Primetimer)   PRODUCERS   TALENT/MEET UP TIME/END

CHAOSScast
Episode 109: SBOMs and Project Health with Brittany Istenes

CHAOSScast

Play Episode Listen Later May 1, 2025 39:53


Thank you to the folks at Sustain (https://sustainoss.org/) for providing the hosting account for CHAOSSCast! CHAOSScast – Episode 109 In this episode of CHAOSScast, host Georg Link is joined by Cali Dolfi, Senior Data Scientist at Red Hat, and Brittany Istenes, FINOS Ambassador. The discussion delves into the importance of measuring open source community health and the role of Software Bill of Materials (SBOM) in ensuring software security and compliance. They talk about the rising threats in open source software, the need for standardizing SBOMs, and how organizations can leverage these tools to proactively manage risks and project health. Also, they touch on practical steps being taken at Red Hat and other organizations to address these challenges. Hit download now to hear more! [00:00:21] Our guests introduce themselves and their backgrounds. [00:01:55] Georg explains the rise of malicious packages (700%) and the risks of neglected open source components. [00:04:36] What is a SBOM? Brittany explains SBOMs as a list of all software components and libraries in each application and automation and tooling adoption is discussed. [00:06:08] Cali outlines the lack of consensus on SBOM fields and formats and advocates for including upstream repo links to assess project health. Brittany mentions companies being cautious about publicizing SBOMs due to IP concerns. [00:09:12] Georg gives a historical overview about SBOMs began as tools for license compliance and how SBOMs now cover more including cybersecurity, post U.S. Executive Order 14028 (May 2021). [00:15:51] Georg shares three pillars of SBOM strategy: License compliance, Security, and Project Health and how CHAOSS Metrics can be combined with SBOMs to move from reactive to proactive strategies. [00:16:59] Brittany emphasizes risk analysis and good design from project inception and proactive open source strategies save effort later. [00:18:43] Cali talks about using project health metrics and advocates for tracking maintainer activity, patch frequency, and project responsiveness. [00:21:28] Brittany stresses internal engineering education on project health and risk and developer smush understand what makes a project “healthy.” [00:22:55] Georg talks about how open source has evolved and details using CHAOSS metrics for risk assessment and CI/CD integration. [00:27:36] Cali shares Red Hat's efforts to define what makes a project vulnerable and how it's focused on detecting and sunsetting unmaintained dependencies. [00:31:37] Brittany emphasizes risk from version mismatches and misinterpreted CVEs and mentions a CHAOSS doc to read, “Metrics for OSS Viability” by Gary White. [00:34:17] We end with Georg sharing some upcoming events: CHAOSScon North America, June 26 and Open Source Summit North America, June 23-25. Value Adds (Picks) of the week: [00:36:08] Georg's pick is building a platform for his dog to look out the window. [00:37:06] Brittany's pick is spending time with Georg and Cali. [00:38:12] Cali's pick is her great support system since having ACL surgery. *Panelist: * Georg Link Guests: Cali Dolfi Brittany Istenes Links: CHAOSS (https://chaoss.community/) CHAOSS Project X (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) podcast@chaoss.community (mailto:podcast@chaoss.community) Georg Link Website (https://georg.link/) Britany Istenes LinkedIn (https://www.linkedin.com/in/brittany-istenes-91b902152/) Brittany Istenes GitHub (https://github.com/BrittanyIstenes) Cali Dolfi LinkedIn (https://www.linkedin.com/in/calidolfi/) State of the Software Supply Chain (Sonatype) (https://www.sonatype.com/state-of-the-software-supply-chain/introduction) CHAOSScast Podcast-Episode 103: GrimoireLab at FreeBSD (https://podcast.chaoss.community/103) CHAOSS Community: Metrics for OSS Viability by Gary White (https://chaoss.community/viability-metrics-what-its-made-of/) CHAOSScon North America 2025, Denver, CO, June 26 (https://chaoss.community/chaosscon-2025-na/) Open Source Summit North America, Denver CO, June 23-25 (https://events.linuxfoundation.org/open-source-summit-north-america/) Fintech Open Source (FINOS) (https://www.finos.org/) Cyber Resilience Act (European Commission) (https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act) Rising Threat: Understanding Software Supply Chain Cyberattacks And Protecting Against Them(Forbes) (https://www.forbes.com/councils/forbestechcouncil/2024/02/06/rising-threat-understanding-software-supply-chain-cyberattacks-and-protecting-against-them/) Executive Order on Strengthening and Promoting Innovation in the Nation's Cybersecurity (The White House) (https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2025/01/16/executive-order-on-strengthening-and-promoting-innovation-in-the-nations-cybersecurity/) Types of Software Bill of Material (SBOM) Documents (https://www.cisa.gov/sites/default/files/2023-04/sbom-types-document-508c.pdf) OpenSSF Scorecard (https://openssf.org/projects/scorecard/) OSS Project Viability Starter (CHAOSS) (https://chaoss.community/kb/metrics-model-project-viability-starter/) Show Me What You Got: Turning SBOMs Into Actions- Georg Link & Brittany Istenes (https://lfms25.sched.com/event/1urWz) Special Guests: Brittany Istenes and Cali Dolfi.

WALL STREET COLADA
Rally Pierde Fuerza, Tesla y Aurora Apuestan por Autonomía y Dudas en IBM.

WALL STREET COLADA

Play Episode Listen Later Apr 24, 2025 4:35


En este episodio, repasamos los temas más importantes del día: • Wall Street retrocede tras el rebote: Los futuros bajan con $SPX -0.6%, $US100 -0.8%, $INDU -0.6% mientras se enfría el rally por la posible desescalada comercial. El Tesoro a 10Y en 4.35%. Trump moderó su tono, pero el Tesoro advierte que un acuerdo con China podría tardar 2-3 años. Hoy reportan $GOOG, $INTC, $AAL y $CMCSA. • Tesla avanza con robotaxis: $TSLA inicia pruebas de su servicio de robotaxis con empleados en Austin y el Área de la Bahía. Lanzamiento oficial previsto para verano 2025. Buscará competir con $GOOGL (Waymo), $AMZN (Zoox) y otros jugadores en el espacio autónomo. • Aurora marca hito con camión autónomo: $AUR lanza su primer camión sin conductor en ruta de Dallas a Houston. Planea tener decenas operando en 2025. Ya tiene acuerdos con $FDX y $UBER. Los analistas piden cautela mientras la acción ronda los $6. • IBM cae por dudas en consultoría: Aunque $IBM superó expectativas en ingresos y mantiene guía optimista, la caída en Consultoría (-2%) y las dudas sobre DOGE generan presión. Ingresos de Software +7% y Red Hat con crecimiento de doble dígito, pero el modelo de crecimiento anual sigue bajo revisión. Un episodio para entender cómo la autonomía, la política comercial y las estrategias corporativas están moviendo los mercados.

Business of Tech
MSP Regulations Shift: CMMC 2.0, FedRAMP Overhaul, UK Cyber Bill & AI Security Concerns

Business of Tech

Play Episode Listen Later Apr 2, 2025 15:30


Michael Duffy, President Donald Trump's nominee for Undersecretary of Defense for Acquisition and Sustainment, has committed to reviewing the Pentagon's Cybersecurity Maturity Model Certification (CMMC) 2.0 if confirmed. This revamped program, effective since December, mandates that defense contractors handling controlled, unclassified information comply with specific cybersecurity standards to qualify for Department of Defense contracts. Concerns have been raised about the burden these regulations may impose on smaller firms, with a report indicating that over 50% of respondents felt unprepared for the program's requirements. Duffy aims to balance security needs with regulatory burdens, recognizing the vulnerability of small and medium-sized businesses in the face of cyber threats.In addition to the CMMC developments, the General Services Administration (GSA) is set to unveil significant changes to the Federal Risk Authorization Management Program (FedRAMP). The new plan for 2025 focuses on establishing standards and policies rather than approving cloud authorization packages, which previously extended the process for up to 11 months. The GSA intends to automate at least 80% of current requirements, allowing cloud service providers to demonstrate compliance more efficiently, while reducing reliance on external support services.Across the Atlantic, the UK government has announced a comprehensive cybersecurity and resilience bill aimed at strengthening defenses against cyber threats. This legislation will bring more firms under regulatory oversight, specifically targeting managed service providers (MSPs) that provide core IT services and have extensive access to client systems. The proposed regulations will enhance incident reporting requirements and empower the Information Commissioner's Office to proactively identify and mitigate cyber risks, setting higher expectations for cybersecurity practices among MSPs.The episode also discusses the implications of recent developments in AI and cybersecurity. With companies like SolarWinds, CloudFlare, and Red Hat enhancing their offerings, the integration of AI into business operations raises concerns about security and compliance. The ease of generating fake documents using AI tools poses a significant risk to industries reliant on document verification. As the landscape evolves, IT service providers must adapt by advising clients on updated compliance practices and strengthening their cybersecurity measures to address these emerging threats. Four things to know today 00:00 New Regulatory Shifts for MSPs: CMMC 2.0, FedRAMP Overhaul, and UK Cyber Security Bill05:21 CISA Cuts and Signal on Gov Devices: What Could Go Wrong?08:15 AI Solutions Everywhere! SolarWinds, Cloudflare, and Red Hat Go All In11:37 OpenAI's Image Generation Capabilities Raise Fraud Worries: How Businesses Should Respond  Supported by:  https://www.huntress.com/mspradio/https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship  Join Dave April 22nd to learn about Marketing in the AI Era.  Signup here:  https://hubs.la/Q03dwWqg0 All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Packet Pushers - Full Podcast Feed
TNO022: Secure Automation at Enterprise Scale for the Public Sector with Red Hat Ansible (Sponsored)

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Mar 28, 2025 68:21


There are both benefits and challenges when adopting automation in the public sector, but Red Hat Ansible enhances efficiency, security and service delivery. With the right tooling, network operators can integrate automation into existing environments and improve network security.  Providing insights into adopting automation in the public sector are Tony Dubiel, Principal Specialist Solution Architect... Read more »

Packet Pushers - Fat Pipe
TNO022: Secure Automation at Enterprise Scale for the Public Sector with Red Hat Ansible (Sponsored)

Packet Pushers - Fat Pipe

Play Episode Listen Later Mar 28, 2025 68:21


There are both benefits and challenges when adopting automation in the public sector, but Red Hat Ansible enhances efficiency, security and service delivery. With the right tooling, network operators can integrate automation into existing environments and improve network security.  Providing insights into adopting automation in the public sector are Tony Dubiel, Principal Specialist Solution Architect... Read more »

Code Story
S10 Bonus: Quinn Li O'Shea, Braid

Code Story

Play Episode Listen Later Mar 27, 2025 23:26


Quinn Li started into tech well before college. In High School, she was into fashion and would take pictures of herself and her friends. She wanted to share these pictures, and found her way to Squarespace - which ultimately, led her getting into HTML and CSS - and the rest is history. Outside of tech, she plays a lot of tennis, and teaches Aerial. I had to ask what this was, and she explained it was the art form that you see in the circus, when people are climbing the sheets in the air, acrobatically.Quinn Li has been focused on productivity throughout her career. As she started to swing her focus to building connections at work through play. One of the games she and her team built went viral on TikTok - and they knew they were on to something.This is the creation story of Braid.SponsorsPropelAuthTeclaSpeakeasyQA WolfSnapTradeLinkshttps://www.trybraid.io/https://www.linkedin.com/in/qloshea/Our Sponsors:* Check out Kinsta: https://kinsta.com* Check out Red Hat: https://www.redhat.com* Check out Vanta: https://vanta.com/CODESTORYSupport this podcast at — https://redcircle.com/code-story/donationsAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

Surveillance Report
Q&A: Keeping Passwords Safe From Malware

Surveillance Report

Play Episode Listen Later Mar 26, 2025 22:54


Q&A219: How can you keep your password manager safe from infostealing malware? Do we prefer Debian-based or RedHat-based Linux distros? How do we harden or customize our distros? How can you recreate Qubes' Disposable VMs on a non-Qubes device? Join our next Q&A on Patreon: https://www.patreon.com/collection/415684?view=expanded or XMR Chat: https://xmrchat.com/surveillancepodWelcome to the Surveillance Report Q&A - featuring Techlore & The New Oil answering your questions about privacy and security.❤️ Support us on Patreon: https://www.patreon.com/surveillancepod

Code Story
S10 E25: Alberto Simon, Masterworks

Code Story

Play Episode Listen Later Mar 25, 2025 25:59


Alberto Simon is an immigrant from Mexico, moving to Florida with his small family when he was very young. At a young age, he got interested in computers, through gaming and building his own computers. In college, he briefly studied mechanical engineering, but quickly switched over to MIS. Post that, he joined an adtech startup, caught hold of the rocket, and built the professional skills he still utilizes today. Outside of tech, he enjoys dancing, specifically salsa and machata, and participates in CrossFit. For both things, he enjoys the challenge, working hard towards goals, and seeing progress.Alberto and his co-founders had worked in the startup world for quite some time. They noticed the trends of platforms leading the charge on portfolio management, without advisors, alongside the democratization of investments in things like real estate, crypto, etc. They decided to move forward in removing the opaqueness from investment in art.This is the creation story of Masterworks.SponsorsPropelAuthTeclaSpeakeasyQA WolfSnapTradeLinkshttps://www.masterworks.com/https://www.linkedin.com/in/albertosimonOur Sponsors:* Check out Kinsta: https://kinsta.com* Check out Red Hat: https://www.redhat.com* Check out Vanta: https://vanta.com/CODESTORYSupport this podcast at — https://redcircle.com/code-story/donationsAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

Code Story
S10 Bonus: Don Gossen, Nevermined

Code Story

Play Episode Listen Later Mar 20, 2025 32:22


Don Gossen is Canadian, but at this point, in name only. He lives in Portugal with his wife and 2 daughters. He grew up all over the world, and his career has afforded him to travel the globe. He's been in the machine learning space for 20 years, but spent his early days in statistical modeling - which was fun to setup, but boring to operate. For fun, he enjoys traveling and skiing, in particular off trail - and anywhere in Japan during the winter.In 2016, Don caught the crypto bug, but not from the speculative component. He was fascinated with the providential integrity that is found in the blockchain. This culminated with 20 years of experience in deep tech, and led him down the path of AI agent payments.This is the creation story of Nevermined.SponsorsPropelAuthTeclaSpeakeasyQA WolfSnapTradeLinkshttps://nevermined.app/https://www.linkedin.com/in/donald-gossen-40ab96/Our Sponsors:* Check out Kinsta: https://kinsta.com* Check out Red Hat: https://www.redhat.com* Check out Vanta: https://vanta.com/CODESTORYSupport this podcast at — https://redcircle.com/code-story/donationsAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

DealMakers
Rami Tamir On Selling Two Companies To Cisco And Red Hat, A Third $500-Million Company To Oracle, And Now Helping Businesses Configure Their Applications

DealMakers

Play Episode Listen Later Mar 20, 2025 40:18


Rami Tamir is no stranger to the startup world. A seasoned entrepreneur with multiple successful exits, he has honed his ability to build, scale, and navigate acquisitions like a veteran baseball player hitting home runs with each venture. Rami's latest venture, Salto, has attracted funding from top-tier investors like Bessemer Venture Partners, Accel, Lightspeed Venture Partners, Salesforce Ventures.

Code Story
S10 E25: Shmuel Kliger, Causely

Code Story

Play Episode Listen Later Mar 18, 2025 29:23


Shmuel Kliger is a self proclaimed old man. He was born in Israel, and served in the army for 6 years. It was in the army where he obtained his passion for the space, from which he got his bachelors, masters and eventually, his PhD. Outside of tech, he is married with 4 kids and 2 grandchildren. He met his wife during grad school, and they now live in New York. When asked what he did for fun, he laughed and said that he enjoyed living in the "best city in the world", with everything at his fingertips.When his past venture winded down, Schmuel found himself at the center of an idea that was the culmination of all his years in technology. To build something that could not only process large amounts of observability data - but could make sense of it, and take appropriate action.This is the creation story of Causely.SponsorsPropelAuthTeclaSpeakeasyQA WolfSnapTradeLinkshttps://www.causely.ai/https://www.linkedin.com/in/shmuel-kliger-1a91963/Our Sponsors:* Check out Kinsta: https://kinsta.com* Check out Red Hat: https://www.redhat.com* Check out Vanta: https://vanta.com/CODESTORYSupport this podcast at — https://redcircle.com/code-story/donationsAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

Code Story
Podcasthon & the American Cancer Society

Code Story

Play Episode Listen Later Mar 17, 2025 2:45


Hello Listeners.Today is going to be a special episode, a bit out of the ordinary to our normal programming. I'm participating in Podcasthon, which gives Code Story the opportunity to dedicate one episode to a charity of choice. Hundreds of podcasts are participating in this, releasing their episodes simultaneously in a coordinate effort, with the goal of creating a massive and international wave of inspiring audio content.Whats the point? The point is to raise awareness for a huge number of charities worldwide.The charity I've chosen is the American Cancer Society.The American Cancer Society is fighting cancer through research into cures and support for existing patients in their family. This not for profit organization, and is enabled to do its work through donations, grants and other sources.If you feel led to help fight cancer and support patients, go to the cancer.org website and click Donate. You can even give in Honor & Memorial of someone who's life has been impacted by cancer.If you want to learn more, go to cancer.org. That C A N C E R.org.Big thanks to the American Cancer Society for the work they do, and to Podcasthon, for coordinated this effort for charity.And thanks again for listening.SponsorsPodcasthonLinkshttps://www.cancer.org/Our Sponsors:* Check out Kinsta: https://kinsta.com* Check out Red Hat: https://www.redhat.com* Check out Vanta: https://vanta.com/CODESTORYSupport this podcast at — https://redcircle.com/code-story/donationsAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy