POPULARITY
Welchen Wert haben GitHub-Stars?GitHub selbst ist ein Social Network für Entwickler*innen. Ob du es wahrhaben willst oder nicht. Man interagiert miteinander, kann sich gegenseitig folgen und Likes werden in Form von Stars ausgedrückt. Das bringt mich zu der Frage: Welchen Wert haben eigentlich GitHub Stars? Denn Fraud in Social Networks, wie das Kaufen von Followern, ist so alt wie die Existenz solcher Plattformen.Wie sieht es also auf GitHub damit aus? In dieser Episode schauen wir uns eine wissenschaftliche Untersuchung zum Thema Fake Stars auf GitHub an. Was sind GitHub-Stars wert? Aus welcher Motivation heraus kaufen sich Leute eigentlich GitHub Stars? Welche Herausforderungen gibt es, Fake Stars zu erkennen? Wie werden GitHub Stars eigentlich genutzt?Aber bei der wissenschaftlichen Untersuchung bleibt es nicht. Wir haben die Community gefragt, welche Bedeutung GitHub Stars für sie haben, ob Stars ein guter Indikator für die Qualität eines Projekts sind, wie diese Entscheidungen beeinflussen und nach welchen Kriterien die Community Stars vergibt.Zwei kleine Sneak-Peaks:Einen GitHub Star kannst du auf dem Schwarzmarkt bereits für $0.10 kaufenDas Kaufen von GitHub Stars beeinflusst das organische Stars-Wachstum von Repositories innerhalb der ersten zwei Monate. Danach flacht es ab.Du willst mehr davon? Dann schalte jetzt ein.Bonus: GitHub als Social Network für Entwickler.Ein Dank an unsere Community-Mitglieder:Dario TignerSchepp Christian Schäfer Philipp WolframMoritz KaiserStefan BrandtSimon BrüggenMelanie PatrickMaxi KurzawskiStefan BetheTim GlabischHolger Große-PlankermannMirjam ZiselsbergerSimon LegnerUnsere aktuellen Werbepartner findest du auf https://engineeringkiosk.dev/partnersDas schnelle Feedback zur Episode:
I recently had a chat with Kairo about a project he maintains called Repository Service for TUF (RSTUF). We explain why TUF is tough (har har har), what RSTUF can do, and some of the challenges around securing repositories. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-05-rstuf-with-kairo-de-araujo/
De geopolitieke spanningen tussen de VS en Europa leiden tot een hernieuwde focus op technologische soevereiniteit. In deze Techzine Talks-aflevering duiken we in de recente aankondigingen van Microsoft, dat miljarden euro's investeert in Europese datacenters en belooft een onafhankelijke Europese infrastructuur en organisatie op te tuigen. Is dit een oprechte poging tot decentralisatie, of een slimme PR-strategie?Microsoft lijkt vooral vertrouwen naar Europa te willen uitstralen. Dat het ondanks de geopolitieke spanningen en de zorgen die in Europa leven over de afhankelijkheid van Amerikaanse technologie wel degelijk een betrouwbare partner kan zijn.Microsoft kiest ervoor om fors te investeren in Europa, in maar liefst 16 Europese landen worden nieuwe datacenters gebouwd om het totaal op 200 te brengen. Ook in Nederland zal uitbreiding plaatsvinden. Deze expansie volgt nadat het eerder in de Verenigde Staten plannen voor nieuwe datacenters heeft geannuleerd.Europese Raad van BestuurEen opmerkelijke stap is ook de oprichting van een Europese Raad van Bestuur voor de Europese Microsoft-entiteiten, bestaande uit uitsluitend Europese burgers. Deze raad kan niet persoonlijk aansprakelijk worden gesteld door niet-Europese autoriteiten. Dit is een veelgebruikte strategie om Europese soevereiniteit te claimen. Daar gaan we dieper op in.Worst case scenario: toegang tot broncodeMicrosoft treft ook maatregelen voor een worst case scenario, waarbij de conflicten zover op zouden lopen dat Amerikaanse bedrijven in Europa geen diensten meer mogen leveren. Daarvoor gaat het broncodes opslaan in beveiligde Zwitserse repositories, waar partners toegang toe hebben mocht dat nodig zijn. Verder stelt Microsoft te gaan investeren in meer partnerships met grote Europese IT-organisaties. Ook mogelijke joint ventures worden daarbij overwogen.Europa zoekt naar alternatieven, risico voor MicrosoftDe kans dat het ooit allemaal zover komt is klein. Het blokkeren van diensten in Europa zou Microsoft miljarden euro's aan kwartaalinkomsten kosten, wat juridische stappen onvermijdelijk maakt. De EU's toenemende focus op data-soevereiniteit en regelgeving die Amerikaanse bedrijven beïnvloedt, speelt een grotere rol. Daarnaast speelt in Europa nu dat er eigenlijk maar weinig levensvatbare alternatieven zijn voor veel Amerikaanse diensten. Het gevolg is dat Europa serieus kijkt naar alternatieven van eigen bodem en ook bereid is investeringen te doen.Op termijn zou dat ten koste kunnen gaan van de omzet van Amerikaanse spelers. Door zichzelf nu als een betrouwbare partner voor Europa te positioneren, hoopt Microsoft dat effect wellicht ook tegen te gaan.
Lucy and Ellie chat about large language models, chat interfaces, and causal inference. Do LLMs Act as Repositories of Causal Knowledge?: https://arxiv.org/html/2412.10635v1 Follow along on Twitter: The American Journal of Epidemiology: @AmJEpi Ellie: @EpiEllie Lucy: @LucyStats
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Yes, the Trump admin really did just add a journo to their Yemen-attack-planning Signal group The Github actions hack is smaller than we thought, but was targeting crypto Remote code exec in Kubernetes, ouch Oracle denies its cloud got owned, but that sure does look like customer keymat Taiwanese hardware maker Clevo packs its private keys into bios update zip US Treasury un-sanctions Tornado Cash, party time in Pyongyang? This week's episode is sponsored by runZero. Long time hackerman HD Moore joins to talk about how network vulnerability scanning has atrophied, and what he's doing to bring it back en vogue. Do you miss early 2000s Nessus? HD knows it, he's got you fam. This episode is also available on Youtube. Show notes The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT | WIRED Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21) Critical vulnerabilities put Kubernetes environments in jeopardy | Cybersecurity Dive Researchers back claim of Oracle Cloud breach despite company's denials | Cybersecurity Dive The Biggest Supply Chain Hack Of 2025: 6M Records Exfiltrated from Oracle Cloud affecting over 140k Tenants | CloudSEK Capital One hacker Paige Thompson got too light a sentence, appeals court rules | CyberScoop US scraps sanctions on Tornado Cash, crypto ‘mixer' accused of laundering North Korea money | Reuters Tornado Cash Delisting | U.S. Department of the Treasury Major web services go dark in Russia amid reported Cloudflare block | The Record from Recorded Future News Clevo Boot Guard Keys Leaked in Update Package Six additional countries identified as suspected Paragon spyware customers | CyberScoop The Citizen Lab's director dissects spyware and the ‘proliferating' market for it | The Record from Recorded Future News Malaysia PM says country rejected $10 million ransom demand after airport outages | The Record from Recorded Future News Hacker defaces NYU website, exposing admissions data on 1 million students | The Record from Recorded Future News Notre Dame uni students say outage creating enrolment, graduation, assignment mayhem - ABC News DNA of 15 Million People for Sale in 23andMe Bankruptcy
23,000 repositories targeted in popular GitHub action Apache Tomcat RCE exploit hits servers—no authentication required Microsoft 365 users targeted in new BEC campaigns Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals. With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout.
Roy Derks, Developer Experience at IBM, talks about the integration of Large Language Models (LLMs) in web development. We explore practical applications such as building agents, automating QA testing, and the evolving role of AI frameworks in software development. Links https://www.linkedin.com/in/gethackteam https://www.youtube.com/@gethackteam https://x.com/gethackteam https://hackteam.io We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Let us know by sending an email to our producer, Emily, at emily.kochanekketner@logrocket.com (mailto:emily.kochanekketner@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understand where your users are struggling by trying it for free at [LogRocket.com]. Try LogRocket for free today.(https://logrocket.com/signup/?pdr) Special Guest: Roy Derks.
Vielen Dank an alle Hörer:innen, die bei unserer Umfrage mitgemacht haben! Die Person, die gewonnen hat, weiß Bescheid und wird in den nächsten Tagen ein Paket mit programmier.bar-Merch erhalten.Es geht direkt weiter mit den Gewinnen: Zusammen mit heise/iX und dpunkt.verlag verlosen wir ein Ticket für die enterJS am 7. und 8. Mai in Mannheim. Wie ihr teilnehmen könnt, erfahrt ihr in der Podcastfolge.Auf der Konferenz für Enterprise-JavaScript erwarten euch Vorträge rund um UX, Security, Accessibility, Angular, React, Vue, Svelte, Astro und KI. Das programmier.bar-Team sowie einige ehemalige Podcast-Speaker:innen sind ebenfalls vor Ort und wir freuen uns auf den Austausch mit euch! Details zum Gewinnspiel findet ihr unter https://www.programmier.bar/gewinnspiel Zu den News dieser Woche:Wie kann es sein, dass GitHubs Copilot Inhalte aus vermeintlich privaten Repositories ausplaudert? Dave erläutert den Hintergrund und verrät, welche Rolle Bing dabei gespielt hat.Außerdem erfahren wir von Garrelt, wie es gelingen kann, Doom in TypeScript zu bauen – ohne dabei eine einzige funktionale Zeile Code geschrieben zu haben.Jan hat sich diese Woche tiefer mit Browser Benchmarks beschäftigt und musste feststellen, dass diese ganzen Zahlen wohl gar nicht so belastbar sind wie sie scheinen. Er berichtet stattdessen von einem Selbstversuch.Und von Dennis gibt es nicht nur alle Details zum neuen iPhone 16e, sondern auch zu Microsofts neuen Quantencomputing-Chip „Majorana“. Schreibt uns! Schickt uns eure Themenwünsche und euer Feedback: podcast@programmier.barFolgt uns! Bleibt auf dem Laufenden über zukünftige Folgen und virtuelle Meetups und beteiligt euch an Community-Diskussionen. BlueskyInstagramLinkedInMeetupYouTube
Fredrik talks to Dejan Milicic about software development - understanding, methods, and stories. We start by talking about encapsulation of knowledge and the essential software in organizations. Almost every organization should - it can be argued - be developing software that solves their unique problems, and yet so many outsource so much of their knowledge encapsulation. Oh, and we can never completely encapsulate our knowledge in code either, so all the more reason to keep people who actually know what the code does and why around. Dejan tells us about his way to Ravendb and a developer relations role - and how you can craft your own job, stepping suitably outside of your comfort zone along the way. We also talk about shortening attention spans, daring to dig down a bit and find out about the context of things. Like the second sentence of some oft-repeated quote. Prohibit bad things, but help automate doing good things and avoid doing the bad things completely. Dejan shares some database backstories - why would someone want to build one more database? Specifically, what lead to the creation of Ravendb? And the very strong opinions which have been built into it. Avoiding falling into marketing-driven development. After that, we drift into talking about processes and how we work. Every organization is unique - which strongly speaks against adapting the “best practices” and methodologies of others. Or keeping things completely the same for too long. Innovation is also about doing what other people are not doing. Why is concurrency still hard? The free lunch has been over for twenty years! Functional programming and immutability offer ways forward, why aren't these concepts spreading even more and faster? We get right back to understanding more context when Dejan discusses how few of us seem to have understood, just for example, the L in SOLID. Dive deeper, read more, and you will find new things and come up with new ideas. Finally, Dejan would like to see software development becoming just a little bit more mathematical. So that things can be established, verified and built on in a different way. Thank you Cloudnet for sponsoring our VPS! Comments, questions or tips? We a re @kodsnack, @tobiashieta, @oferlundand @bjoreman on Twitter, have a page on Facebook and can be emailed at info@kodsnack.se if you want to write longer. We read everything we receive. If you enjoy Kodsnack we would love a review in iTunes! You can also support the podcast by buying us a coffee (or two!) through Ko-fi. Links Dejan Ravendb Informatics Domain-driven design Event sourcing Data is worthless - said in episode 601 Developer relations Nosql databases Jack of all trades Jimmy - who introduced Fredrik to Dejan at Øredev 2024 Hibernate Relational databases Oren Eini - creator of Ravendb Antipatterns n+1 Couchbase Scrum Agile software development The Toyota approach The Scrum guide Unison programming language - VC funded Dr. Dobb's journal The free lunch is over Concurrency SOLID Liskov substitution principle Repositories on top Unitofwork are not a good idea - by Rob Conery Elm Titles A mathematician turned software developer Coding, but without deadline Saturated with software development Encapsulation of knowledge A bit surreal Accept people as they are There's a second line Professional depression Prevented, not diagnosed The pipeline kind of thinking Frustration-driven development (You shouldn't be) Punished for being successful The largest company of his or her life so far Optimized for maintaining the status quo Wash away all the context Manager of one The proverbial Jira Substantial content Methods of moving forward
Fredrik talks to Dejan Milicic about software development - understanding, methods, and stories. We start by talking about encapsulation of knowledge and the essential software in organizations. Almost every organization should - it can be argued - be developing software that solves their unique problems, and yet so many outsource so much of their knowledge encapsulation. Oh, and we can never completely encapsulate our knowledge in code either, so all the more reason to keep people who actually know what the code does and why around. Dejan tells us about his way to Ravendb and a developer relations role - and how you can craft your own job, stepping suitably outside of your comfort zone along the way. We also talk about shortening attention spans, daring to dig down a bit and find out about the context of things. Like the second sentence of some oft-repeated quote. Prohibit bad things, but help automate doing good things and avoid doing the bad things completely. Dejan shares some database backstories - why would someone want to build one more database? Specifically, what lead to the creation of Ravendb? And the very strong opinions which have been built into it. Avoiding falling into marketing-driven development. After that, we drift into talking about processes and how we work. Every organization is unique - which strongly speaks against adapting the “best practices” and methodologies of others. Or keeping things completely the same for too long. Innovation is also about doing what other people are not doing. Why is concurrency still hard? The free lunch has been over for twenty years! Functional programming and immutability offer ways forward, why aren’t these concepts spreading even more and faster? We get right back to understanding more context when Dejan discusses how few of us seem to have understood, just for example, the L in SOLID. Dive deeper, read more, and you will find new things and come up with new ideas. Finally, Dejan would like to see software development becoming just a little bit more mathematical. So that things can be established, verified and built on in a different way. Thank you Cloudnet for sponsoring our VPS! Comments, questions or tips? We a re @kodsnack, @tobiashieta, @oferlund and @bjoreman on Twitter, have a page on Facebook and can be emailed at info@kodsnack.se if you want to write longer. We read everything we receive. If you enjoy Kodsnack we would love a review in iTunes! You can also support the podcast by buying us a coffee (or two!) through Ko-fi. Links Dejan Ravendb Informatics Domain-driven design Event sourcing Data is worthless - said in episode 601 Developer relations Nosql databases Jack of all trades Jimmy - who introduced Fredrik to Dejan at Øredev 2024 Hibernate Relational databases Oren Eini - creator of Ravendb Antipatterns n+1 Couchbase Scrum Agile software development The Toyota approach The Scrum guide Unison programming language - VC funded Dr. Dobb’s journal The free lunch is over Concurrency SOLID Liskov substitution principle Repositories on top Unitofwork are not a good idea - by Rob Conery Elm Titles A mathematician turned software developer Coding, but without deadline Saturated with software development Encapsulation of knowledge A bit surreal Accept people as they are There’s a second line Professional depression Prevented, not diagnosed The pipeline kind of thinking Frustration-driven development (You shouldn’t be) Punished for being successful The largest company of his or her life so far Optimized for maintaining the status quo Wash away all the context Manager of one The proverbial Jira Substantial content Methods of moving forward
Episode web page: https://bit.ly/3Vlc2q8 ----------------------- Rate Insights Unlocked and write a review If you appreciate Insights Unlocked, please give it a rating and a review. Visit Apple Podcasts, pull up the Insights Unlocked show page and scroll to the bottom of the screen. Below the trailers, you'll find Ratings and Reviews. Click on a star rating. Scroll down past the highlighted review and click on "Write a Review." You'll make my day. ----------------------- Episode show notes In this episode of Insights Unlocked, host Lija Hogan speaks with Kate Towsey, a leading voice in research operations, author of Research That Scales, and founder of the Cha-Cha Club for research ops professionals. Kate takes us through her fascinating journey to becoming a trailblazer in research operations. Along the way, she highlights the transformative power of systems thinking and strategic scaling in the evolving field of research. What You'll Learn in This Episode: The Evolution of Research Ops: How research operations has grown from an overlooked role to a critical component of organizational strategy. Why nuanced job descriptions and specialized roles are becoming the norm in research ops. Scaling Research with Systems Thinking: The importance of scalable systems that create value efficiently rather than simply expanding headcount. How strategic thinking can prioritize impactful research aligned with organizational goals. Building Trust and Embedding Culture: Why trust is foundational for research outcomes to be accepted and acted upon. The cultural impact of well-integrated research tools and practices on organizational learning. Knowledge Management in Research: The contrast between collaborative "campfires" of learning and structured libraries for long-term access and utility. Practical advice for implementing effective research knowledge management strategies. The Role of AI in Research: How AI can enhance research operations, provided organizations foster trust in these technologies.
What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io
What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io
What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io
What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io
What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io
What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io
What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io
What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io
SUMMARYIn this first episode of Season 6, producer Andrew Whiteman invites listeners to step into an arena of collaboration between poetry and sound. We all know it when we hear it, and we have mixed feelings about it. Why does the archaic meeting place of music and poem hit such a nerve? Is this art form literature or is it music? Surely, it's not song, is it? And if poems already carry their prosodic intentions within themselves – why bother supplementing them with extraneous audio?" These questions are answered by Siren Recordings, a new digital-DIY sonic poetry label run by Kelly Baron and Andrew Whiteman.*SHOW NOTESAudio played in the episode“Happy Birthday Ed Sanders Thank You!”, written and performed by Edward Sanders ( from "This is the Age of Investigation Poetry and Every Citizen Must Investigate” part of the “Totally Corrupt Dial-a-Poem Series by John Giorno. Found at https://www.ubu.com/sound/gps.html ) and Andrew Whiteman. Unreleased track. Audio clips of Amiri Barak, Helen Adam, and the Four Horseman from Ron Mann's 1980 film Poetry in Motion. found at https://vimeo.com/14191903.“The Great Reigns” written and performed by Erica Hunt ( from Close Listening with Charles Bernstein at WPS1 Clocktower Studio, New York, June 20, 2005, available at https://writing.upenn.edu/pennsound/x/Hunt.php ), and Andrew Whiteman. “#7” by Alice Notley and AroarA. Unreleased track. Text taken from Notley's book “In The Pines”, Penguin Books. 2007.“ Pinbot” and “Abu Surveillance” by Anne Waldman and Andrew Whiteman. Unreleased track. Text taken from Waldman's book “Iovis: the Trilogy”, Coffeehouse Press. 2011.“How I wrote Certain of my Books” by David UU and the Avalettes. from the casette Very Sound (Sound Poems By David UU). Underwhich Audiographic Series, No.18. 1984. "whn i first came to vancouvr” by bill bissett. from the cassette Sonic Horses. Underwhich Audiographic Series, No.19.1984. "From The Life & Work Of Chapter 7 (For Steven Smith)” by Tekst. from the cassette "Unexpected Passage”.Underwhich Audiographic Series – No. 15. 1982. “ Canto One” by Andrew Whiteman featuring Robert Duncan, Ezra Pound, Richard Sieberth, Al Filreis. buried somewhere at Penn Sound. https://writing.upenn.edu/pennsound/. Unreleased track.*PRODUCER BIOAndrew Whiteman is a founding member of the indie-rock collective Broken Social Scene, and a PhD student at Concordia University investigating the confluence of mythology and experimental poetics. He is a musician, producer and sound artist with special interest in Sonic Poetics, and has collaborated on recordings with Alice Notley (In The Pines, 2013) and Anne Waldman (IOVIS, 2023) among others. This work has led directly to the creation of Siren Recordings, a boutique sonic poetry label, hub and ever-growing archive he runs with Kelly Baron and Brandon Hocura. His divinatory practice is located at https://intarotgate.com.
In this Risky Business News sponsored interview, Tom Uren talks to Feross Aboukhadijeh, CEO and Founder of Socket about how open source repositories are riddled with horrible software. Feross explains why it makes a difference if a package is vulnerable, malicious or just unwanted and how current transparency mechanisms such as CVEs and the NVD just aren't suitable for the challenge of open source repositories.
FCC moves forward with BGP security measures LockBit ransomware gang victims get lifeline from FBI Gitloker attacks target GitHub repositories Thanks to today's episode sponsor, Conveyor Why did the AI cross the road? To complete your security questionnaires for you. Conveyor, the company using market-leading AI to automate the entire security review, wants you to check them out and book a call so they can stop writing these cheesy podcast ads. If you're ready for AI to instantly complete security questionnaires for you, visit www.conveyor.com to try a free proof of concept. Mention this podcast for 5 free questionnaire credits when you purchase a Pro plan.
Our latest podcast episode explores a key developer's dilemma: Should they go deep or wide in technical mastery? Hosts Mike and Rob dissect this decision, focusing primarily on platforms and technology. The Developer's Dilemma: Technical Mastery Unveiled Embracing Breadth: The Power of Versatility First, Rob advocates for a broad approach. He emphasizes being well-versed across technologies, languages, and frameworks. Create a technical roadmap and regularly explore new tech. Stay adaptable and informed with wide skills. This enhances career prospects and understanding of tools' strengths/weaknesses. Going Deep: Delving into Technical Mastery Alternatively, Mike advocates deep specialization in one area. He promotes technical mastery and specialization in that domain. Broad knowledge has benefits, but going deep excels. However, continued learning and adaptation within specialization avoid stagnation, which remains relevant in rapidly evolving fields. Practical Application: Building Projects for Technical Mastery Next, the hosts discuss the importance of using practical applications. They recommend building projects/apps to solidify learning and showcase skills. Repositories like GitHub are valuable for storing and revisiting projects. Utilizing these tools allows developers to learn and grow over time. Finding Balance: Navigating the Depth vs. Breadth Conundrum In addition, the hosts emphasize the need for balance. Listeners are encouraged to find their own path and combine depth and breadth in their technical expertise. They suggest investing time and effort into learning and experimentation through side projects or professional development opportunities. Forge Your Path to Technical Mastery Finally, the hosts remind listeners that technology is constantly evolving. Therefore, the key to success requires adaptability and continuous learning. Whether specializing or generalizing (deep vs. wide), developers must stay curious and flexible. They must proactively pursue knowledge and technical mastery. Feedback and questions are welcome at info@develpreneur.com. We invite listeners to connect with Develpreneur on YouTube for more insights and discussions. Additional Resources Software Development Challenges and How To Navigate Them Leverage Your Unique Skills – Interview With Tyler Foley Run Towards Success Not Away From Challenges Learning From Challenges – A Season With a Positive Focus Behind the Scenes Podcast Video
This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet, and more
Josh and Kurt talk about an attack against GitHub where attackers are creating malicious repositories then artificially inflating the number of stars and forks. This is really a discussion about how can we try to find signal in all the noise of a massive ecosystem like GitHub. Show Notes GitHub besieged by millions of malicious repositories in ongoing attack
In this part of the conversation, we dive into the fundamentals of Git and GitHub. We explain that Git serves as a system for storing and collaborating on code, while GitHub enhances collaboration with additional features. Git is the offline method of conducting version control, while GitHub provides a remote repository for storing code. We highlight that GitHub now offers free private repositories and extends additional benefits to students and open source contributors. However, our focus in this episode is directed towards Git, exploring its built-in mechanisms for making changes. We delve into the various commands within the Git interface that allow for staging changes to be committed.Moving forward, we explore different strategies for staging and committing changes in version control. Visual cues within the source control tab of VS Code represent uncommitted changes with a dot and two branches, providing a clear overview. Once changes are staged, they can be committed to source control. Repositories, or repos, are pivotal in tracking different elements of a project. The main branch, often named "main" or "master," represents the version intended for production. Branches offer the flexibility to develop and experiment with different ideas without affecting the main branch. To illustrate the power of branching, we use the analogy of writing a book, where each chapter is written in its own branch, committed, and then merged back into the main branch. Git flow, a technique that leverages branching for feature development, ensures that developers do not interfere with each other's work, minimizing the occurrence of merge conflicts. Merge conflicts commonly arise when multiple developers modify the same lines of code. VS Code provides valuable assistance in resolving merge conflicts by presenting options to view and select different versions of the code. It's worth noting that merge conflicts are more prevalent on GitHub and less likely to occur with a local repository unless changes from multiple branches are merged.Proceeding further, we transition to discussing remotes and command line operations in Git. We cover topics such as committing changes using the git commit command, creating branches using git branch and git checkout, and how tools like VS Code can simplify these tasks. Additionally, we touch upon the process of retrieving projects from GitHub using git clone and contributing to them by forking and sending pull requests. We touch upon updating Mastodon source code using git and highlight the significance of staying informed about new releases. When it comes to pulling and pushing changes, we clarify that git pull integrates remote changes into the local code, while git push propagates local changes to online repositories. We also introduce the concept of git flow, which incorporates branches like main, develop, feature branches, and hotfix branches to manage different versions of a project. In passing, we briefly discuss software releases, noting that GitHub typically serves as the platform for such releases, surpassing the command line or VS Code. Ultimately, we emphasize the distinction between Git features and GitHub features, notably pull requests, forking, and releases, underlining that these functionalities primarily belong to GitHub.Understanding the features of GitHub and Git is of utmost importance, and we discuss the significance of conducting research to determine what suits individual needs best. While GitHub remains a popular choice for code storage, alternatives like GitLab also exist. Different Git providers may vary in terms of accessibility and features. We mention GitHub Copilot as a valuable tool and encourage listeners to find the tools and platforms that align with their preferences. Additionally, we briefly mention Xcode Cloud, which facilitates continuous integration and delivery for iOS apps, although it poses challenges in handling environment
Today's episode of Research Like a Pro is an interview with Scandinavian research expert, Torhild Shirley, AG. Torhild is a native of Norway. We discuss the challenges of genealogical research in Scandinavia, focusing on a case study from Sweden. In the case, Torhild aims to uniquely identify a person named Rasmus Gudmundsson, born around 1719 in Malmöhus, Sweden, using Swedish tax and church records. We discuss challenges from the patronymic naming system and the use of the feast day calendar for dating events. Links Researching Your Scandinavian Ancestors Part 1: Introduction and Patronymics - https://familylocket.com/researching-your-scandinavian-ancestors-part-1-introduction-and-patronymics/ Researching Your Scandinavian Ancestors Part 2: Locality Research and Repositories - https://familylocket.com/researching-your-scandinavian-ancestors-part-2-locality-research-and-repositories/ Sponsor – Newspapers.com For listeners of this podcast, Newspapers.com is offering new subscribers 20% off a Publisher Extra subscription so you can start exploring today. Just use the code “FamilyLocket” at checkout. Research Like a Pro Resources Airtable Research Logs Quick Reference - by Nicole Dyer - https://familylocket.com/product/airtable-research-logs-for-genealogy-quick-reference/ Research Like a Pro: A Genealogist's Guide book by Diana Elder with Nicole Dyer on Amazon.com - https://amzn.to/2x0ku3d Research Like a Pro Webinar Series 2023 - monthly case study webinars including documentary evidence and many with DNA evidence - https://familylocket.com/product/research-like-a-pro-webinar-series-2023/ Research Like a Pro eCourse - independent study course - https://familylocket.com/product/research-like-a-pro-e-course/ RLP Study Group - upcoming group and email notification list - https://familylocket.com/services/research-like-a-pro-study-group/ Research Like a Pro with DNA Resources Research Like a Pro with DNA: A Genealogist's Guide to Finding and Confirming Ancestors with DNA Evidence book by Diana Elder, Nicole Dyer, and Robin Wirthlin - https://amzn.to/3gn0hKx Research Like a Pro with DNA eCourse - independent study course - https://familylocket.com/product/research-like-a-pro-with-dna-ecourse/ RLP with DNA Study Group - upcoming group and email notification list - https://familylocket.com/services/research-like-a-pro-with-dna-study-group/ Thank you Thanks for listening! We hope that you will share your thoughts about our podcast and help us out by doing the following: Write a review on iTunes or Apple Podcasts. If you leave a review, we will read it on the podcast and answer any questions that you bring up in your review. Thank you! Leave a comment in the comment or question in the comment section below. Share the episode on Twitter, Facebook, or Pinterest. Subscribe on iTunes, Stitcher, Google Podcasts, or your favorite podcast app. Sign up for our newsletter to receive notifications of new episodes - https://familylocket.com/sign-up/ Check out this list of genealogy podcasts from Feedspot: Top 20 Genealogy Podcasts - https://blog.feedspot.com/genealogy_podcasts/
In dieser Folge spricht Jacqueline Klusik-Eckert mit Harald Sack und Holger Simon über den Knowledge Graph und seine Bedeutung für die Kunstgeschichte. Schon jetzt finden sich viele Informationen über Kulturgüter und Geschichte digital im Netz. Datenbanken und Repositories bieten zwar verstärkt Zugang zu Informationen, sind aber oft in isolierten Silos verstreut. Institutionen nutzen unterschiedliche Systeme zur Datenbereitstellung, was zu einer fragmentierten Landschaft führt. Meta-Datenbanken wie Europeana und die Deutsche Digitale Bibliothek versuchen, diese Fragmentierung zu überwinden, aber ihr Erfolg ist begrenzt. Es scheint, als bräuchten wir eine Meta-Meta-Datenbank, um diese Silos zu durchbrechen. Die Grundidee des Internets und das Konzept Linked Open Data (LOD) versprechen hier Abhilfe zu leisten. Die Herausforderung besteht darin, dieses vernetzte Wissen digital abzubilden. Hier kommt der Knowledge Graph ins Spiel. Im Rahmen des NFDI 4 Culture Projekts entsteht ein solcher Wissensgraph. Während in anderen Bereichen die Technologie des Knowledge Graphs schon länger im Einsatz ist – Google hat seit 2012 einen solchen Graphen etabliert –, befindet sich die Kunstgeschichte möglicherweise noch am Anfang dieser Entwicklung. GLAM-Institutionen (Galleries, Libraries, Archives, Museums) haben eine wichtige Rolle bei der Datenbereitstellung, müssen aber auch Anreize für den Austausch schaffen und erhalten.Für die Forschung eröffnet der Knowledge Graph neue Horizonte. Er ermöglicht nicht nur andere Fragestellungen und Visualisierungen von Datenmassen, sondern auch eine komplexere Anreicherung von Museumsinformationen. Aber letztendlich gewinnt der Mensch durch die Erkenntnisse, die aus diesen Daten gezogen werden.Von der Modellierung im Graphen bei der Digitalisierung bis hin zur Unterstützung durch die NFDI gibt es verschiedene Wege, sich einzubringen. Doch letztendlich liegt die Herausforderung darin, wie wir als Gemeinschaft von Forschenden und Kulturerbebewahrenden diese komplexe Datenlandschaft gemeinsam gestalten und nutzen können.Prof. Dr. Harald Sack isst Bereichsleiter für Information Service Engineering bei FIZ Karlsruhe – Leibniz-Institut für Informationsinfrastruktur und Professor am Karlsruher Institut für Technologie (KIT), Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB) mit der Forschungsgruppe „Information Service Engineering“. Und NFDI4Culture Co-Spockesperson von FIz KarlsruheProf. Dr. Holger Simon ist Sprecher im AK Digitale Kunstgeschichte, Geschäftsführer der Pausanio GmbH & Co. KG, Er ist außerplanmäßiger Professor an der Universität zu Köln und im Culture Steering Board NFDI 4 Culture.Begleitmaterial zu den Folgen findest du auf der Homepage unter https://www.arthistoricum.net/themen/podcasts/arthistocastAlle Folgen des Podcasts werden bei heidICON mit Metadaten und persistentem Identifier gespeichert. Die Folgen haben die Creative-Commons-Lizenz CC BY 4.0 und können heruntergeladen werden. Du findest sie unterhttps://doi.org/10.11588/heidicon/1738702Bei Fragen, Anregungen, Kritik und gerne auch Lob kannst du gerne per Mail an uns schicken unterpodcast@digitale-kunstgeschichte.de
In today's episode, I'm chatting with Stephanie Marsh. Stephanie has a wealth of experience and most recently led user research at the UK's Government Digital Service before hopping over to lead Research Ops at Springer Nature Group. Our conversation covers the gnarly and much-discussed topic of knowledge management. In this chat with Stephanie we discuss: How frustration with 3D pie charts kick-started their career in research. Why knowledge management is a more gnarly problem in UX research than in other functions. The allure of research repos as a knowledge management solution. The value using research skills to determine knowledge management needs. Repositories vs libraries. Practical steps to get started with improved knowledge management. -- You can connect with Stephanie using the links below. LinkedIn: Stephanie Marsh Twitter: @Steph_Marsh81 Medium: Stephanie Marsh Book: User Research --- Send in a voice message: https://podcasters.spotify.com/pod/show/scalingresearch/message
Vanilla OS ist ein besonderes Linux-System: Die Distribution sieht mit dem unverbastelten Gnome schick aus, hat eine unveränderliche Root-Partition und installiert Apps nach dem Container-Prinzip. c't-Redakteur Niklas Dierking gefällt es, dass sich einerseits Einsteiger schnell zurechtfinden, Linux-Experten andererseits Pakete aus verschiedensten Repositories installieren können. An einigen Stellen hakelt es bei der ersten stabilen Version jedoch noch. Markus Montz befasst sich für c't mit Zahlungsdienstleistern, Händlern und Verkaufsplattformen im Netz. Dabei stößt er immer wieder auf neue Betrugsmaschen, mit denen Kriminelle arglose Käufer, aber auch Verkäufer und größere Unternehmen betrügen. Deshalb rät er, ein paar Grundregeln beim Online-Handel zu beachten, selbst wenn das Gegenüber noch so vertrauenswürdig erscheint. Für den aktuellen c't-Schwerpunkt rund um VPNs hat Dušan Živadinović diverse Peer-to-Peer-VPNs getestet. Deren moderne Struktur erlauben besonders kurze Latenzen und viel Komfort beim Einrichten. Angetan hat es ihm außerdem ein neuer VPN-Dienst für Smartphones, Pretty Good Phone Privacy, der sogar die Identifikationsnummer der SIM-Karte, die IMSI, verschleiert. Mit dabei: Achim Barczok, Niklas Dierking, Markus Montz, Dušan Živadinović
Vanilla OS ist ein besonderes Linux-System: Die Distribution sieht mit dem unverbastelten Gnome schick aus, hat eine unveränderliche Root-Partition und installiert Apps nach dem Container-Prinzip. c't-Redakteur Niklas Dierking gefällt es, dass sich einerseits Einsteiger schnell zurechtfinden, Linux-Experten andererseits Pakete aus verschiedensten Repositories installieren können. An einigen Stellen hakelt es bei der ersten stabilen Version jedoch noch. Markus Montz befasst sich für c't mit Zahlungsdienstleistern, Händlern und Verkaufsplattformen im Netz. Dabei stößt er immer wieder auf neue Betrugsmaschen, mit denen Kriminelle arglose Käufer, aber auch Verkäufer und größere Unternehmen betrügen. Deshalb rät er, ein paar Grundregeln beim Online-Handel zu beachten, selbst wenn das Gegenüber noch so vertrauenswürdig erscheint. Für den aktuellen c't-Schwerpunkt rund um VPNs hat Dušan Živadinović diverse Peer-to-Peer-VPNs getestet. Deren moderne Struktur erlauben besonders kurze Latenzen und viel Komfort beim Einrichten. Angetan hat es ihm außerdem ein neuer VPN-Dienst für Smartphones, Pretty Good Phone Privacy, der sogar die Identifikationsnummer der SIM-Karte, die IMSI, verschleiert.
This episode reports on ransomware number for November and trouble in open-source repositories
Roger Grimes is an industry expert and the Data Driven Defense Evangelist for KnowBe4. In this episode, Roger and host Hillarie McClure discuss the recent security breach disclosed by Dropbox, during which hackers stole 130 code repositories after gaining access to one of its GitHub accounts, as well as the CISA's latest memo that urges all organizations to implement phishing-resistant MFA. KnowBe4 is the world's first and largest New-school security awareness training and simulated phishing provider that helps you manage the ongoing problem of social engineering. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com
Can We Get to “Yes” on Better UX?What does WordPress need to do to appeal more to do-it-yourself website builders and creators who are trying to take a business, hobby, or side project online? This week in an article he shared in Post Status Slack, Eric Karkovack suggested some ways to improve the WordPress user experience, especially for DIY users setting up a website for the first time.We also have lists of plugins we disrecommend — to the point that it's a dealbreaker if a client insists on using them. And of course, these lists change a lot over time. We all know these things — but it's a kind of “open secret” within professional WordPress circles. That's understandable! Comparison is the thief of joy — and possibly revenue.Some of the things Eric wants to see happen, like a standard interface for plugins and a curated view of the plugin ecosystem, are similar to views commonly expressed by designers, developers, and people in other professional roles at WordPress agencies serving enterprise clients. And why not? In the WordPress enterprise space, are the end users really that much different than mass-market WordPress users in what they don't need to know or see — and what they do need to perform routine content creation and management tasks as easily as possible? That's where my thinking has been lately, so I had a conversation with Eric to see if we might identify areas where nearly everyone thinks WordPress offers a poor experience and how they might align themselves toward solutions. Can we get everyone to “yes” on a better UX?Don't Play Favorites — Recognize ExcellenceStandardizing admin interfaces and notifications might be easier than figuring out how to curate best-of-breed themes and plugins. But imagine, as Eric and I do in this conversation, some kind of “plugin quality score” at wordpress.org based on neutral, objective data. It might be “gamed” — in a positive way. It would encourage developers to do better, deeper, ever-maturing work.Personally, I'd like to see the maximum and the average number of queries a plugin adds to a page. That, along with PHP and WordPress versions that have been tested for compatibility (existing features of the plugin repository) would be key code quality indicators. Frequency of updates, reviews, and support responses would indicate a capacity for long-term sustainability. Raising standards for testing aimed mainly at security would be great too. All of this could be done or encouraged by key players in the WordPress ecosystem coming together to set standards for their industry. It would impact how all users of the plugin directory understand quality.Don't Hide it from the Noobs: Too Many Open Secrets About Quality are Bad for EveryoneAs of today, there are 60,153 un-curated free plugins at wordpress.org that can only be explored via external search and a limited (arguably broken) site search tool. WordPress professionals with high-end client services would never expose their customers to this chaos — so why does the WordPress community expose its newcomers to it? Anyone who has developed WordPress sites for very long has a list of plugins they prefer, particularly in combination with each other, for common feature sets and use cases. We also have lists of plugins we dis-recommend — to the point that it's a deal breaker if a client insists on using them. And of course, these lists change a lot over time. We all know these things — but it's a kind of “open secret” from professional WordPress circles. That's understandable! Comparison is the thief of joy — and possibly revenue. But we need to be more open and better at communicating these things in a problem-solving, always-learning way within appropriate channels. Open source security is a different issue, but performance and code quality standards — and the products/people who follow them in exemplary ways — should be much more visible and celebrated.(What if someone did a tutorial series walking through current WordPress code standards and the history of their evolution?)Information that maturing developers and product owners can learn from to improve their work doesn't trickle down as openly or as easily as it should. It's inside baseball, and it shouldn't be quite so insider-y. It's not out there alongside independent plugin performance reviews or clear standards and guidance for anyone who wants them.Why not?What are the barriers?Who can lift them?Industry peers and WordPress community members working together on common interests?As we end up saying in our conversation, we hope so.✨ Sponsor: GoDaddy ProManage your clients, websites, and tasks from a single dashboard with GoDaddy Pro. Perform security scans, backups, and remote updates to many sites on any host. Check up on site performance, monitor uptime and analytics, and then send reports to your clients. GoDaddy Pro is free — and designed to make your life better.Learn More:The WordPress Coding Standards can be found evolving on GitHub.
Today on the Day Two Cloud podcast we're going to talk with someone who was part of a DevOps teams deploying Infrastructure as Code (IaC) and applications in the public cloud. This project ran into challenges around scaling, the environments they needed to support, how to store certain artifacts, working with pipeline, and breaking up a monolithic repo into smaller repos and the repercussions of that decision.
Today on the Day Two Cloud podcast we're going to talk with someone who was part of a DevOps teams deploying Infrastructure as Code (IaC) and applications in the public cloud. This project ran into challenges around scaling, the environments they needed to support, how to store certain artifacts, working with pipeline, and breaking up a monolithic repo into smaller repos and the repercussions of that decision. The post Day Two Cloud 169: Splitting Up Mono-Repositories In Infrastructure As Code appeared first on Packet Pushers.
Today on the Day Two Cloud podcast we're going to talk with someone who was part of a DevOps teams deploying Infrastructure as Code (IaC) and applications in the public cloud. This project ran into challenges around scaling, the environments they needed to support, how to store certain artifacts, working with pipeline, and breaking up a monolithic repo into smaller repos and the repercussions of that decision. The post Day Two Cloud 169: Splitting Up Mono-Repositories In Infrastructure As Code appeared first on Packet Pushers.
Today on the Day Two Cloud podcast we're going to talk with someone who was part of a DevOps teams deploying Infrastructure as Code (IaC) and applications in the public cloud. This project ran into challenges around scaling, the environments they needed to support, how to store certain artifacts, working with pipeline, and breaking up a monolithic repo into smaller repos and the repercussions of that decision.
Today on the Day Two Cloud podcast we're going to talk with someone who was part of a DevOps teams deploying Infrastructure as Code (IaC) and applications in the public cloud. This project ran into challenges around scaling, the environments they needed to support, how to store certain artifacts, working with pipeline, and breaking up a monolithic repo into smaller repos and the repercussions of that decision.
Today on the Day Two Cloud podcast we're going to talk with someone who was part of a DevOps teams deploying Infrastructure as Code (IaC) and applications in the public cloud. This project ran into challenges around scaling, the environments they needed to support, how to store certain artifacts, working with pipeline, and breaking up a monolithic repo into smaller repos and the repercussions of that decision. The post Day Two Cloud 169: Splitting Up Mono-Repositories In Infrastructure As Code appeared first on Packet Pushers.
Vulnerabilities exist everywhere; no matter their age, they can come back to haunt you. This episode talks about a vulnerability that was discovered 15 years ago in Python but was never patched. Now that bug has biting 350,000 repositories putting them at risk. Vulnerability Detector - Creosote - https://github.com/advanced-threat-research/Creosote Be aware, be safe. Support the show and get access to behind the scenes content as a patron - https://www.patreon.com/SecurityInFive *** Support the podcast with a cup of coffee *** - Ko-Fi Security In Five Mighty Mackenzie - https://www.facebook.com/mightymackie Where you can find Security In Five - https://linktr.ee/binaryblogger Email - bblogger@protonmail.com
Application development has become very community driven and open source modules are commonplace to build fast powerful apps. However, there is a security risk when downloading others' code. This episode talks about a recent revelation of malicious packages in PyPI. Source - https://research.checkpoint.com/2022/cloudguard-spectral-detects-several-malicious-packages-on-pypi-the-official-software-repository-for-python-developers/ Be aware, be safe. Support the show and get access to behind the scenes content as a patron - https://www.patreon.com/SecurityInFive *** Support the podcast with a cup of coffee *** - Ko-Fi Security In Five Mighty Mackenzie - https://www.facebook.com/mightymackie Where you can find Security In Five - https://linktr.ee/binaryblogger Email - bblogger@protonmail.com
Roberta Dombrowski, VP of UX Research at User Interviews, is back for the second installment of Tacos and Tide Pods with Erin and JH. In this episode, they discuss the importance of an effective personal productivity process, overestimated expectations, and the (very Tide Pod-y) state of the global economy. In this episode: Creating a research repository at User Interviews Setting up an effective personal productivity process Overestimated expectations Meetings vs asynchronous collab Get the transcript and show notes: userinterviews.com/podcast --- Send in a voice message: https://anchor.fm/awkwardsilences/message
Episode Summary: In this episode, we learned all about repositories and how to use them in a PowerShell context. We briefly discussed the challenges of working from Home. We learned how Adil got started in the PowerShell community including getting involved in the PowerShell Slack/Discord, attending PowerShell Summit, and even stepping up and helping put on an event: BridgeConf. Adil convinces Jordan to submit to speak at Summit 2023, and Jordan agrees. The crowd goes wild! We tried to capture the code that we ran on this episode in a transcript file, which can be found below. Guest Bio and links: Adil Leghari is a 15-year Sysadmin-turned-Solutions Engineer, who is super-passionate about PowerShell and automation. He's active in the PowerShell community Slack and Discord servers. When not working, he enjoys designing stickers, traveling, and giving back to the tech community. Adil Blog – adilio.io Adil Twitter - https://twitter.com/adilio PowerShell Community Call - https://www.youtube.com/watch?v=ZYCQArCXEiI Working with Repos - https://docs.microsoft.com/en-us/powershell/scripting/gallery/how-to/working-with-local-psrepositories?view=powershell-7.2 Get-PSRepository - https://docs.microsoft.com/en-us/powershell/module/PowerShellGet/Get-PSRepository?view=powershell-7.2 PowerShell Gallery - https://docs.microsoft.com/en-us/powershell/scripting/gallery/overview?view=powershell-7.2 Is it Down Again? - Is it Down Again? PowerShell Gallery Outage Mitigation Strategies by Adil Leghari - YouTube Show Notes Repo - show-notes/episodes at main · PowerShellPod/show-notes (github.com)
Public libraries have been using insights repositories for decades—and it's time user research teams catch up. This week, we're joined by Nada Alnakeeb, Head of Design and Research Operations at DoorDash, and Joanna Perez, Sr. Taxonomy Strategist/Digital Archivist, Studio Production at Netflix. Nada and Joanna shared learnings from their experience building the insights repository at Meta, using familiar organizational patterns to reduce mental load, tips for effective taxonomies, and more. --- Send in a voice message: https://anchor.fm/awkwardsilences/message