Podcasts about Socket

  • 387PODCASTS
  • 637EPISODES
  • 42mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jun 12, 2026LATEST

POPULARITY

20192020202120222023202420252026


Best podcasts about Socket

Latest podcast episodes about Socket

Ethereum Daily - Crypto News Briefing
Fidelity FIDD Live On Curve And Uniswap Pools

Ethereum Daily - Crypto News Briefing

Play Episode Listen Later Jun 12, 2026 4:22


Fidelity's FIDD stablecoin goes live on Curve and Uniswap. Socket relaunches its core infrastructure. Coinbase launches Agent Accounts and adds a High-Yield USDC Vault powered by Morpho. Read more: https://ethdaily.io/966 ETH Daily sponsorships are now open. Reach over 10,000 Ethereum-native subscribers every weekday. Learn more at ethdaily.io/ads Disclaimer: Content is for informational purposes only, not endorsement or investment advice. The accuracy of information is not guaranteed.  

Golfbuddies - Der Pro und sein Amateur
#120 ZWISCHEN DEN OHREN

Golfbuddies - Der Pro und sein Amateur

Play Episode Listen Later Jun 8, 2026 45:12


Leute wo findet Golf statt? RICHTIG zwischen den Ohren! Außerdem der schlimmste Schlag im Golf ist ein Socket. Was findet Ihr schlimmer, fett oder dünn treffen? Ansonsten Fragen an den Pro, Puttn Canner und kann er nicht. Wir wünschen schönes Spiel, wenig FORE und viele Vogelarten.

Latent Space: The AI Engineer Podcast — CodeGen, Agents, Computer Vision, Data Science, AI UX and all things Software 3.0

I'm excited to work with Microsoft once again as the presenting sponsors of the AI Engineer World's Fair! We'll streaming live from MS Build today for a special crossover pod with our friends at No Priors and the one and only Satya Nadella. However we did not hold back with this interview - we asked all the burning questions about uptime and Copilot that we know you have in your minds. Lets go!For almost two decades, GitHub has been the home of software, where both open source and closed flow, through commits, pull requests, reviews, actions, etc.This ecosystem flourished as open-source maintainers and contributors would continue shipping code for the benefit of the community. However as coding agents began to ship mass quantities of code - growing 1400% in 2026, it marked a new era that was both extremely exciting and challenging for GitHub.While these agents help more people ship more projects, they also significantly increase the floor of how much code is shipped, how often it is shipped, how many people commit code, and basically orders of magnitude multiples in every dimension of GitHub infrastructure:Now GitHub inevitably experiences more pressure on their infrastructure which was originally designed around human developers moving at human speed. This has resulted in a very publicly notable uptime story:So it begs the question of whether current systems around code can absorb what AI produces. Can CI/CD keep up when every idea becomes a build? Can open source maintainers survive floods of AI-generated slop contributions? Can GitHub preserve the human social contract of software while becoming the operating layer for agents?Which brings us to the perfect person to answer these questions: GitHub COO Kyle Daigle. In this episode, he joins swyx to unpack what happens when AI doesn't just autocomplete code, but starts changing how companies operate, how open source works, how pull requests get reviewed, and how GitHub itself has to scale. We go deep on GitHub's internal AI workflows: micro-skills, WorkIQ, MCP, Slack, Teams, email, Copilot workflows, the new Copilot desktop app, CLI, cloud agents, and how Kyle uses agents to look backwards across company context before deciding what to do next. Kyle also reflects on GitHub's history building webhooks, APIs, Actions, npm, Dependabot, and Semmle, why the AI era is breaking GitHub in new ways, how Actions became a general-purpose compute layer, and what Copilot becomes after code completion.Full Video PodWe discuss:* Kyle's expanded role across GitHub* How AI got Kyle coding again after years in leadership* Why GitHub rolls out AI through existing workflows instead of forcing new tools* WorkIQ, MCP, Slack, Teams, email, and GitHub as company context* Why massive “mega-skills” are giving way to small, atomic micro-skills* How AI changes summarization, communications, marketing, and analyst work* Why former developers in leadership may have a unique advantage in the AI era* Kyle's “15 agents on Saturday” workflow* How Kyle built an AI-generated executive presentation for CRO/CFO teams* Why AI changes the chief of staff role without removing the human work* GitHub Actions, webhooks, arbitrary code execution, and secure agent compute* The npm acquisition, supply-chain security, 2FA, and token invalidation* Slop forks, vendoring, and whether AI agents change dependency management* What pull requests become when most PRs come from agents* Prompt requests, vouching, AI review, and trust in open source* What counts as a “developer” when AI lowers the barrier to building* GitHub Spark, low-code, and why GitHub refuses to hide the code* 14x commit growth, Actions load, databases, monorepos, and availability* Copilot's evolution from completion to CLI, desktop app, cloud agents, and SDK* Context, memory, rules, and making GitHub “act like Kyle wants it to act”* Ambient AI, OpenClaw, enterprise security, and the new operating system for agents* What swyx should ask Satya Nadella about Microsoft's AI futureKyle Daigle* LinkedIn: https://www.linkedin.com/in/kyledaigle* X: https://x.com/kdaigleTimestamps00:00:00 Introduction00:03:36 Why AI Got Kyle Coding Again00:07:04 Running GitHub with AI: WorkIQ, MCP, Slack, Teams, and Skills00:15:39 The Golden Age for Former Developers in Leadership00:17:31 15 Agents on Saturday and AI-Generated Executive Work00:20:20 How AI Changes the Chief of Staff Role00:21:45 GitHub's History: Actions, npm, Webhooks, and Open Source00:28:45 Slop Forks, Vendoring, and AI Dependency Management00:33:57 Pull Requests, Prompt Requests, and Trust in Agent-Generated Code00:41:21 GitHub Stars, 200M+ Developers, and the New AI Builder Wave00:45:15 GitHub Spark, Low-Code, and Why GitHub Still Shows the Code00:47:38 GitHub's Hardest Era: 14x Growth, Reliability, and Scale00:59:21 Actions as the Compute Layer for CI/CD and Automation01:02:04 The State and Future of GitHub Copilot01:08:24 Ambient AI, Background Agents, and the Future of the SDLC01:13:09 OpenClaw, Enterprise Security, and the New OS for Agents01:18:03 Build Announcements, WorkIQ, FoundryIQ, and Microsoft Context01:21:41 What Should swyx Ask Satya?TranscriptIntroduction: Kyle Daigle's Expanded Role at GitHub and MicrosoftSwyx [00:00:00]: We're here with Kyle Daigle, COO of GitHub. Welcome.Kyle [00:00:07]: Hey, thanks for having me.Swyx [00:00:08]: You're not just CEO of GitHub. People know you as that. You have a new role.Kyle [00:00:11]: So I have an expanded role now. I've been working at GitHub for thirteen years and doing all things developer. Joined as a developer myself. And now, I'm also responsible as the CMO of Developer for Microsoft. And so all the kind of learnings and passion for developers and how we work with them and how we communicate and how we bring our products to market, we're also bringing that expertise to the broader Microsoft ecosystem and helping every developer that uses a Microsoft product or would like to have a sort of similar experience that they've had with GitHub over the years. So it's a different role in some ways, but it's also just building on the experience that I've had at GitHub of just sort of tell the truth, be authentic, show people how to use it and then let the products speak for themselves. Now just doing that with, all of Microsoft.Swyx [00:01:09]: We'll be releasing this in conjunction with Build. You got lots of stuff planned, and we can sort of touch on that whenever it's appropriate. I think one of the interesting things is I rarely meet a COO who's also a CMO. I think you're a very outward facing and you're very confident publicly. That's rare. Do you actually view yourself as COO? What's What is your thing?From GitHub Developer to COO/CMO: Building the Platform and Operating GitHubKyle [00:01:33]: I think for me, it's been funny. The titles have always been, a— have always felt a little strange to me. I joined GitHub as a developer? I wrote so much of theSwyx [00:01:46]: Let's bring that up. You wrote the back ends?Kyle [00:01:48]: I was going through, I was going through, some old photos, when folks were talking about how things were being built or how there was a build GitHub. I built, webhooks and worked with teams building the API, built the platform layer. Anything that integrated with GitHub, up until really twenty eighteen, I built or ran the engineering teams. And that's kind of where my the beginning of my passion always was helping people build things, deliver them to, their customers. And so being a developer, building for developers was always super unique. In a— I think as my role expanded, it became my ability to talk to not just developers, but also enterprise customers or business leaders and have this translation layer. And then through all those years, GitHub has always operated pretty uniquely. Post-pandemic, working remotely was not as novel as it was when GitHub started in two thousand and eight. But all that expertise of running remote teams, doing it well, became this sort of bigger role, ultimately turning into the COO role of how do we operate GitHub in the way that GitHub's always operated after the Microsoft acquisition. And kind of so on from there. So like for me, I think the— I've, I still code. I love coding but the problem has always been, people. It's a much harder problem to both support our own employees, a harder problem to communicate to developers and enterprise buyers what we're building why it matters, ‘cause those are two very different messages. And so getting to work in the mix of COO, CMO, also just being a dev, I think is what's kept me at GitHub for so long.AI Workflows for Leadership: Commits, Retrospectives, and ContextSwyx [00:03:40]: Apparently, you have— your commits have gone up. What's this? What's going on?Kyle [00:03:45]: Rui's called me out pretty aggressively. So I think— as you can imagine, right, you can see my normal era of being a dev In the twenty thirteen, twenty fourteen era, and then moving into management, and then ultimately the COO role. I think what you see there is me, really getting back to coding thanks to AI. I— similar to, attaching problems between how to market and how to operate a business and how to code, I find, building agents and workflows that are connecting very disparate problems to be what's driving this. So that's, some of it's writing software. A lot of it is, connecting a ton of a different data sources to, help me out. But that is completely me really diving in on the AI side in trying out our tools, trying out everyone's tools, But building for me, building for the non-technical leader, though I'm technical and how we're, able to use these tools more than just the simple, call and response that I think a lot of the non-technical, your employers, you have to get— you have to use AI, and so everyone uses, ChatGPT or Copilot or Claude or whatever. To really get into, how is this going to help me out, it— I find that it's not the I need to write a blog post, I need to those simple examples. Helping people find the workflows of, “Okay, I need you to go through all the PRs today. I need you to go through everything that we've posted online. I need you to go through what we did the last three months. Go through all of my Obsidian notes for any mentions of this then go through my transcripts at work.” We use, Teams, so, using WorkIQ, go call that MCP server, grab all the transcripts, go through all the Slack, and then build me out the plan of, what this week's messaging actually was. That's something that was, impossible because for me, I find AI in a what most of this launch here is actually, less building forward. It's actually, a recursive loop backwards. I'm always looking at what had happened first. Go back through the week and tell me what we did, what worked, what didn't work? And then tell me in the next three or four days-What would you tweak based on this sort of like looking backwards and then looking ahead a little bit? I find that to be so much more valuable, especially for like non-technical, because that retrospection is actually LLMs are very good at that. Like finding all the patterns, pulling them out, and then applying that retrospection to just a couple of days or just like a short period of time. Is all a bunch of apps that I've built and launched a bunch of, internal tools. I use the new, GitHub Copilot app, the desktop app with workflows. Every time I crack open my laptop, it's running workflows for me. It's just a ton of different stuff and of course, it all ends up on, it all ends up on GitHub.Swyx [00:06:47]: Of course. That's where, that's where, stuff is hosted. Man, there's so much to ask you. I was going to leave the how do you run a company with AI thing at the end. I have to ask one— double click one thing. You said, you are looking back at the week. You're, you're understanding what happens. When you say we That's three thousand people. How?Rolling Out AI Internally: Skills, CLIs, and Company ContextKyle [00:07:09]: I think when we started rolling out AI internally beyond engineering, right? One of the things that I was really, passionate about is like we have to do this in a way where no one has to change how they work. I don't want to have to teach you a tool. I don't want to have to teach you something new. And so for us, we tried out a few tools. Most of them don't work because I got to get you on board? I got to teach you how to use it. What we've actually ended up doing is we've built like a set of skills internally. We have we each have our set of skills, and we've just been distributing even to the non-technical folks, the CLI. And then effectively, we're just giving it access to like read about everything that we're writing. So that's for us, that's usually GitHub, Teams, Email, and Slack. So Teams for, video chat, generally speaking.Swyx [00:08:03]: Teams and Slack?Kyle [00:08:04]: so we use Teams for video communication, but we don't use it for chat. W-we— GitHub for a long history, right? We're alwaysSwyx [00:08:13]: Also SlackKyle [00:08:14]: Talking about ChatOps and like everything is built into Slack. Like every command, every flow.Swyx [00:08:18]: So even though you have been acquired for I don't know, eight years nowKyle [00:08:22]: we stillSwyx [00:08:23]: You still use Slack?Kyle [00:08:23]: it's a purpose-built tool for us, and I think the reality is that moving off of it would be so bluntly expensive? Simply because all the tooling is, baked in with that paradigm. And they both have their pros and cons but they don't work the same way at all. We still use a bunch of different tools Because it's the purpose-built tools that We need. And thenSwyx [00:08:47]: Well, the same doesn't go for the rest of Microsoft, presumably.Kyle [00:08:50]: like the like various teams like operateSwyx [00:08:53]: They make their own decisionsKyle [00:08:54]: Various ways. I think it just matters what you're trying to what you're trying to do. But we do we do work across kind of every tool that we use, and then by giving everyone access to all of that context and the new WorkIQ MCP server, which is quite cool if you do live in the M365 like world. I can ask it all these backwards-facing questions, and it's incredibly important for our teams that are working remotely. There's a lot of stuff you miss when you're not in an office, and we are spread out all over the world. So most of that is looking back. And then we post, we post either auto-automatically into GitHub issues or discussions, these sorts of like findings or like our industry reports. Like what's happening this morning, today, yesterday. A little automation gets run. We'll use the app. We might use GitHub Actions like with, our agentic workflows just to go do that run, and then we push it into GitHub, and w-we keep having a conversation. So usually for us, it's about that sort of like looking back, looking forward on the non-technical side. And then of course for a lot of those folks, it's also building an app, pushing it to GitHub pages or pushing it somewhere to host it et cetera. But it's just like enabling everyone with that power of it's going to take me a week to figure this out. Instead, we're going “Okay I built a skill. Let's put it into a repo. We'll all share that skill together, and then we'll use the CLI or now the app-” “just to run it.”Micro Skills vs. Mega Skills: How GitHub Uses AI at WorkSwyx [00:10:26]: All right. I think, I think we're going straight into like the team management and productivity thing. I think a lot of people are getting various levels of LLM psychosis. How do you manage the bloat of skills? Like everyone Has their thing, and they're Like trying to promote it to the rest of their peers in their org, right? And obviously, whoever becomes a skill influencer internally becomes like an AI leader, right? Of sorts. I assume you have those.Kyle [00:10:50]: like I think we haveSwyx [00:10:52]: And I assume it's a mess a Yeah.Kyle [00:10:54]: there's like I— like I think the reality is there's two pieces. Like first is I think that we're ending the era of these like massive, beautiful, perfect skills that are just like not any of those things. ‘cause for a while, right every tweet every day is like go download the skills, the perfectly managed thing to do this entire workflow. And I think that like what we've found and what— I was just with my team, this week, and we were talking about the skill side, and we're really talking about these like incredibly micro skills that are just doing one thing for us very well Versus a skill that's going to do I said, that full report. That doesn't really exist on our side anymore. It's usually how do— like a single skill that's going to identify the most important marketing information given any MCP server. Like this is the most important thing. Less about stitch a bunch of tools together and have it produce this mega output because then weeks go by, months go by, things change, and you want to tweakSwyx [00:11:58]: It's brittleKyle [00:11:58]: Your mega skill and you're screwed? You can't do that. And so now we're really just talking about the Legos we're using and just letting the instruction book be something we're all putting together. Whereas I think a lot of AI skills for a while have been that mega instruction book style.Swyx [00:12:15]: I've, thought a lot about Postel's law. I don't know if that's a term that is, means things to folks. It's the idea that you should be liberal in what you accept and strict in what you output, right? And I think that's like a good framing principle for skills. This is my skills, obviously on GitHub. I feel like everyone should have like how like some repos In GitHub are special repos? I feel like we should sort of reify the slash skills and everyone like give it some kind of special presentation. Anyway, so, yeah, this is one of those like download Download anything, transcribe anything, and then you can string together the atomic skills that do one thing well Into like some kind of orchestration skill that calls other skills. I assume, does that match?Kyle [00:12:56]: I like I think so. I think that theSwyx [00:13:00]: Summarize anything.Kyle [00:13:01]: Like I think the- For me, summarizing something for I do communications and PR and analyst relations and marketing and customer activities, and so my summarize everything is very different for each one of those like Contexts. What ‘Cause if I'm summarizing something for an analyst, that's a very different thing than, probably how I'm going to summarize something for like a customer meeting or an engagement. So that's I think like the difference when we're talking about the like the tools I might use on Saturday or the skills I might use on a Saturday when it's just for Kyle. Yeah, those are kind of like they have an atomic actual tool underneath or maybe skill, and then Kyle cares about X. But I think when we're talking about work and enabling the the marketers, communicators there, it's the atomic, this is what good summarization is, and then this is what I care about as for marketing for communications For whatever. And that I think is like the interesting matrix problem when we go from like a developer set of concerns to all kinds of different professions, is that what that word means to me is different than it means to you is different than it means to the analyst or the salesperson, and that's where I think the matrix mess is that we're starting to like still starting to find. It's about these mega skills but they're all just slight permutations, but those permutations are really important. It's the difference between someone reading this and going “Did AI make this?” what Or “This makes total sense, and I would expect this when I'm giving a briefing to Gartner,” or like whatever else.Swyx [00:14:37]: I think the beauty of it maybe is that you don't have to be that careful about what goes in there. It doesn't have to exactly fit as long as it like roughly is contained in there. I used to complain about plugin hell, basically. Like when you have a framework and then you have a hundred things that you need to integrate, everyone does like the GitHub used to be bloated full of these things. And now we don't need them anymore ‘cause now you just use skills.Former Developers in Leadership: AI as a Creation MultiplierKyle [00:15:00]: And like I think the most magical thing is the just that like I can just also crack it open. Like Like yes, I could go like change the how the plugin is coded, or like I could go do that now with AI, but I think there's just something more magical about getting a response back and being “That's not right,” and then you just crack the skill open, you just type English words and it's different. That building block is just, I think very unique. Once I get everyone to kind of understand how to best how to best make those changes to get the most power out of them.Swyx [00:15:36]: Is there a— you have a your peer group that Of people like you. Is there a common framing for Something I'm feeling is, which is true, is that is this a golden age for former developers who are now in leadership? Because you can wield the tools, you would know the right words, you're maybe not too close to the details. Doesn't matter. But like you're more effective than someone who doesn't come from that background.Kyle [00:15:59]: I think that like the secret has always been your ability to identify patterns and solve problems, and I think that for folks that like myself that don't code day to day anymore, that has made me successful as a developer, made me successful as a COO and now CMO. And so now that I have access to get and write code, I'm now applying that sort of like pattern finding and problem solving, and I know enough still about how to then go and say, “Oh, I want to make an app, but I don't want to break into jail or create something that's not going to be able to work or to be deployed scale or whatever.” that ability to apply all that additional business knowledge and still code I think is what makes that so interesting to me. Slightly different than I think some of the other like technical leaders that became business leaders and now are going back to their apps and updating them. Good for them? But I think the more, much more interesting thing is, well, now I have this whole new set of expertise over ten plus years. Why not take that and use that as a developer with these AI tools? So I definitely think that makes me more powerful, but I think that's true for like every dev as well. Most of the dev friends I still have also have some other underlying skill and passion. There's really talented, very kind of linear computer science software devs, absolutely. I just find that the folks that came from a different career, went to school for something else, went off and did this random thing, and then became a software dev, or were a dev, did a random thing, came back. Learning that extra set of information, learning those extra skills, and now having the power of an AI where I can crank up fifteen agents on Saturday while my kids are doing lacrosse, That's like really powerful. And I think it gets me back to that feeling of like creation, and it's very hard to replicate that in most other senses? That first time you build an app and you click it and you show someone that's magical. And so being able to do that not just in code, but across all kinds of different assets that's, that's huge. We were doing we're doing our every year we do our revenue planning. We talk about okay, what is it going to look like for next year? And of course as you imagine, there's, slideshows everywhere talking about what are we going to talk about, what's the narrative, et cetera. And so as you said I'm “Okay, well, I could probably just like build something to build this and then that way I don't have to go build the whole spreadsheet or I have to pass it to my team.” So we went through this process, and I got all the information and used the skills I mentioned. I built like a little app just to make it so I could look at some of the information in a SQLite database, more easily. And I ultimately built this entire presentation without touching any of it and I was “Okay, I'm just going to present this to our CRO, the CFO, their teams,” without mentioning I'd built it with AI. I like built a skill to make it look very much not AI driven. Just not pretty.AI-Generated Presentations, Human Taste, and the Changing Chief of Staff RoleSwyx [00:19:03]: Like a design. Yeah.Kyle [00:19:03]: Not pretty. But just like very clearly not AI. Kind of like don't do anything interesting.Swyx [00:19:08]: That's, yeah, that is valuable.Kyle [00:19:08]: Just go Exactly. We did the whole thing through. It used my notes from Obsidian, it used all the context I mentioned before, the plans, and Never came up once that it was AI generated.Swyx [00:19:20]: It didn't matter.Kyle [00:19:20]: Never once. D It didn't matter. And so now I takeSwyx [00:19:23]: This is a toolKyle [00:19:23]: I can take that tool and go, “Look, I don't want you to go build slideshows.” They're just helping us share information with each other. If this thing can do it With a little bit of crafting from you and then we can look at it together, awesome. There's no value in all that extra work. I think that the ability to, make it look humanly bad and and build a little app to, manipulate the data I think is part of, that upside for devs that are now in leadership roles. Because, the thing that I feel like I said before, this that's all a people, that's all a people problem. I know if you've used a coworker or not to build a slide deck, unless you spent a bunch of time to not do it.Swyx [00:20:07]: I know, but like it was so, I think there's a certain charm to just being blatantly AI. ‘Cause I think that you're well, you're just honest about There may be mistakes here that I cannot vouch for. So how much value is there? But anyway I think, actually the real question I want to ask is, there's a— You were a chief of staff To Thomas. And in the pre-AI world, the that job would've been a chief of staff job of like Can you prep me these slides and all that? And now you do it yourself.Kyle [00:20:35]: I still, I still have a chief of staff. Because, the difference is it's sort of the discussion every time we have some sort of technology evolution is it's not that the jobs the roles don't all go away, they just change? And so yeah, I don't have someone spending all their time building out slides for me and presentations ‘cause I don't need that anymore. But now I need that person that is able to go and find all the different connections between humans in those discussions to help me find out, okay, I should be meeting with this group and this team, and they have an opportunity, and I'm going to be in San Francisco today, I'm going to be in Seattle tomorrow. Those sorts of human connection aspects are still incredibly valuable and has always been a big part of that chief of staff role. But now just like chiefs of staff are not opening up, letters to process, they're doing emails. What It's the same thing. And now they're, they're not building out as many of these presentations because they have the the ability to have a AI take it on for, and share that with me and great. Let's keep moving ‘cause it's allowing us to go faster and make better decisions more quickly.Swyx [00:21:45]: Awesome. Well, so we can dive into more sort of, Productivity insights as you go. I did want to do a little bit of a brief history of colleague and hub. Because, we started here. And then you also involved the NPM acquisition. I did, I do want to touch upon that. And then more recently, I just want to bring up to present day where we're having uptime issues Which transparently we've already Addressed publicly, but we'll, we'll discuss in the pod. Did I miss anything? Like what, any other major highlights? Obviously, it's, it's a lot of years to cover.A Brief History of GitHub: Webhooks, Actions, Acquisitions, and Platform EvolutionKyle [00:22:15]: No the I think one of one highlight was right before the acquisition closed in twenty eighteen, I got to launch the first version of ActionsSwyx [00:22:27]: OhKyle [00:22:27]: At GitHub Universe. So it was OSwyx [00:22:29]: They're that young?Kyle [00:22:30]: It was October of twenty eighteen, I think. Yeah. Yeah.Swyx [00:22:33]: Gee, Jesus.Kyle [00:22:34]: I got to I was the engineering leader on that project and got to launch that. And then, yeah, we did acquisitions of NPM you said, Semmle, Dependabot Pul Panda a whole bunch of things. That was a bigSwyx [00:22:47]: Pul Panda.Kyle [00:22:48]: Abi is doing well.Swyx [00:22:51]: DX. Holy crap.Kyle [00:22:52]: Did well on DX. I and like that was a that was the big shift, after the acquisition. I had to join the sort of business side.Swyx [00:23:00]: So I need to hit you on some of these things ‘cause you were there. Right? And how often do I get to talk to someone who was there? But yeah, Actions. Is that the number one source of security issues on GitHub?Kyle [00:23:11]: Oh, sh I think that the number one source of, security issues is probably like all, the literal code in everyone's like underlying repositories. I would say back further than that is, if you remember I had to show in this graph was this is, I'm, didn't say this before, this is ultimately webhooks.Swyx [00:23:30]: You yeah.Kyle [00:23:31]: Like circa whatever it was.Swyx [00:23:32]: It says Hookshot in there.Kyle [00:23:32]: I forget. Yeah. Yeah, Hookshot's in there. And so like back then, it says GitHub Services. Do you see, it says Hookshot FE for front end, and then it says GitHub Services. GitHub Services back in the old days, right? You we had a repository that was Ruby code, and you could write any Ruby code in there, and then we would execute that On your behalf As a service, and then that way if an if you were trying to integrate with something, it didn't we would run it for you.Swyx [00:23:57]: And of course no containers ‘causeKyle [00:23:58]: No, ‘cause it wasSwyx [00:23:59]: Well, no containersKyle [00:24:00]: Twenty fourteen. And so there was some isolation obviously, but it was mostly the separations on the server level. That's like an example as long as the very old version of Pages, which ran on its own containerization infrastructure, not on Actions.Swyx [00:24:15]: Which like all-time great product.Kyle [00:24:16]: Pages powers the internet at this point to some degree. Those were places where like clearly there were no like issues like to my knowledge. But it was those things where I'm looking at and going “Okay, well we can't be running arbitrary Ruby code,” like on everyone's behalf. Then containerizing all of that up intoUh into actions now where yeah the containerization, is r-really good. The pinning most folks aren't pinning it the like to a particularSwyx [00:24:48]: ImagesKyle [00:24:48]: Sha, et cetera like their workflows, and so that's a big that's a big place Of pain for folks if they're just doing similar to any dependency management, just V1 or newest or latest, I think. But, that journey from that day to “Okay, we're just going to run all this arbitrary code, and, it'll basically be okay,” to now, no, we have, really good containerization. We have a new, underlying, ag-agent, containerization, service. It's like we're using it under the hood. It's through Azure. They recently announced it. The Azure, Dev Compute, but it's, very fast, very fast compute to be able to, spin up your own cloud agents, or whatnot. We're using it under the hood for some parts of the new,Swyx [00:25:36]: Microsoft Dev Box?Kyle [00:25:37]: No. Dev Compute, yeah.Swyx [00:25:41]: Hmm. Not finding it just yet.Kyle [00:25:44]: Oh, it's, it's in there somewhere.Swyx [00:25:46]: All right. Well, we'll cut that out.Kyle [00:25:47]: Sorry. But with, Dev Compute, you can, run, really fast, spin up really, small VMs really quickly, so you're doing a tool callSwyx [00:25:58]: Same conceptKyle [00:25:58]: Just do it containerize exact-exactly. So we're using that so definitely moving that direction to protect us from every every piece of code that we're ultimately running.Swyx [00:26:07]: look, that grows into the full SDLC? Code hosting was just the start and and then it's grown beyond that. Let's talk about NPM may-maybe ‘cause I think that's also, a very major point in the industry. I do think, it was looking for a home. It was, kind of struggling as a business, right? I don't know, I don't know how you would characterize that whole acquisition and how itNPM, Package Security, and Keeping the Internet RunningKyle [00:26:33]: like when we were talking to the team, I think the big thing for the both of us was to find a way to keep NPM, which was basically powering the internet then and way more so now to some degree running. Keep it going keep continuing to scale. It was having scaling problems, if I recall, back at that time. They were doing some rewrites. ItSwyx [00:27:00]: that's cute compared to now.Kyle [00:27:01]: Well, that's the thing is like when I'm talking to folks now, there's there's so many more underlying uses of NPM than there were back when we had them join in with GitHub. But that was ultimately the goal. It was really okay, we used to have pages. We have, the world's code. Let's make sure that we can keep NPM running well for the world. And we put a bunch of time and investment into fixing some of the underlying backend, changes, some of which we talked about some of the manifest work, et cetera. And then now, really trying to bring the the security posture of NPM up to speed. But, it is a unique challenge in that every move that we make to make it more secure will break a lot of people. And security is paramount. And also, we take it very seriously. We're, the any time that we have a problem with GitHub or we make a change that makes us more secure but hurts, there's, a snow day for developers or a really bad fire that they have to go put out. And so we've, have changed the 2FA policies. We've changed the way the tokens work. When we find tokens that have been exposed or potentially, exposed, we invalidate them, andSwyx [00:28:22]: I love that feature in GitHub. Yeah, it's greatKyle [00:28:23]: That creates issues, but, the but that's the thing is we're trying to push the community, forward without necessarily, doing something that is going to break the contract that's been for 15 years or close to it or some amount of years on NPM.Slop Forks, Vendoring, and the Future of Open Source Supply ChainsSwyx [00:28:43]: I think the— So now we're talking about, open source and publishing. And I think there's something here with what people are calling slop forks, which, I think Malta from Vercel is doing. And, part of me thinks, well, the way to get past any vulnerabilities, we just, let's just get rid of the concept of NPM. And we only publish source code. And anytime you want to import it you have your coding agent look at it and then adapt whatever subset you're going to use into your vendor it. But, the AI vendor it. Is that realistic? I don't know. Is it— Will that solve all our security issues? I don't know.Kyle [00:29:24]: I don't think it'll solve I so Mitchell was just talking Mitchell Hashimoto Was just talking about this today, and I think that I-in some ways, it's all all things, old or new again? Yeah, absolutely vendoring everything. Like I do I do remember twenty thirteen, twenty fourteen.Swyx [00:29:42]: This is Yeah. Let's, we must return toKyle [00:29:43]: That's what is We were vendoring everything. We were having actual discussions around, or at least I remember we were “Should we take this full thing?” “Why is this so big? We only need this one file.” And so I do think there's something true there where having either taking only what you need or the dependencies just getting incredibly small over time, I think will help to some degree, but it's not going to solve the fundamental problem, I don't think, because the vulnerabilities in an agent looking at them, there's time and time again, there's a million different ways in which we can convince an agent that this thing is, secure or not and pull it in. Or we can do static code analysis or runtime testing to say whether the code works or not. That is, I think, the step that needs to continue to be, invested in. The question is just on, how much scope. Should it be this enormous project that I'm pulling down, or should it be this piece? Either most companies are running some amount of security checking on the on the packages that they're bringing in or vendoring. That I think won't change. That's like what advanced security does to some degree, Socket does some degree. Like everyone is doing a piece of that. How we each do that like especially when we're talking to enterprise customers, is just like very different. No there's no one wants one single way to do it. And I think that's always been GitHub's, unique position in the world. I talk a lot to maintainers, I talk a lot to folks about this. It's we're— we rarely start like a process and a practice and like push it onto the community. We usually wait for the sort of like RFC process socially or literally, everyone agreeing, and then we'll cement something in. Because otherwise we'reMaintainers, RFCs, Vouching, and the Social Layer of TrustSwyx [00:31:35]: That fits your role in the ecosystem, yeahKyle [00:31:36]: We're GitHub. Yeah, we don't want to shape the whole thing. We want it to be figured out. But like how do you balance that like sort of Role in the industry to keep everything as secure as is possible and make sure that you're you're not going to be compromised as a human, ‘cause that's usually how it all happens. And Not not create a process or lock us into a flow that you're not going to or like Mitchell's not going to or other open source projects aren't going to like. That's always been a tricky balance for us, and I think that's something that we haven't talked about enough is we're not going to be able to fix everything for everyone in a way that everyone is going to like. So tell, help us, tell us what is working. When Mitchell was talking about, the Upvote, the upSwyx [00:32:22]: I was going to bring up his thing. Yeah.Kyle [00:32:23]: I forget what it Yeah. When he's talking to us, I was chatting with him and talking to him about this and I put it on Twitter and we talked to, also over DM, was “We're going to keep working.” but I think the important thing is I do actually want to hear what isn't working for you. And as, be as specific and clear for your project as is possible. And to every piece of credit over the many years that we've known each other through the industry, he's always done that and I appreciate that ‘cause there are places that we need to fix up, and we hear from him, and we'll fix up just like we do all other kinds of maintainers. But that that process between making those types of improvements and being more secure and like creating, I forget what he calls it's not the proof process, not the claims process. Do what I'm talking about? He has that he his projects have a way for you to kind of like,Swyx [00:33:13]: VouchKyle [00:33:13]: Vouch. Thank you. Yeah. He has like the vouch system for saying, “Hey, you should accept my PRs.” That's beenSwyx [00:33:20]: I just built this into GitHub. I don't know.Kyle [00:33:22]: Well, see, but that's the thing is that you say that and like he and his community really likes this and then I'll go talk to other maintainers and other maintainers, globally, and they're “No, this doesn't work for me.” And that is the tension, but also the kind of beauty of GitHub, depending on which way you look at it is we want to help maintainers, so we create all these tools to let you have more control over how much you take in from AI and PRs. But you can also use this. What You can go use this project, and if it takes off and becomes the kind of mostly standard, then yeah, we probably wouldn't enforce it but we would add it in because that's the flow that we tend to do?Swyx [00:34:02]: I hear a lot of people don't know the history of the pull request. And like like that's how, that's something that GitHub standardized basically.Kyle [00:34:08]: Yeah. It was a very messy process Like beforehand, and now the we have the benefit of it being the process? And now we have to go and Figure out the next best process or what adaptations change, or what does a pull request look like when eighty percent of your PRs are just coming from your agents and not From other devs?Swyx [00:34:31]: Do you like the prompt request idea from Peter?Kyle [00:34:34]: like I think that for each like each idea I think has its merits. I'm not, I'm not avoiding saying anything good or bad, but I feel like I've seen a version of we have that we have entire Thomas' store. Take all the assets of what you've built and put that in. I think that's got great ideas. There's all these various permutations of the PR flow, but I think the reason why there's not a single answer is ultimately we're trying to codify trust. We're trying to say “Okay, if Sean reviews this I'm going to trust it because you're Sean or you're the senior dev or you're the whatever.” And right now, when we are working in a flow where an agent writes code and another agent reviews code and then Kyle goes and looks at it the trust is kind of diffuse. And most of the tools that we're talking about are talking more about verification flows. We have more assets to look at, so I can probably say whether this is a good PR or not. But that still doesn't solve, I think, the human problem of I'm looking at a PR and I want to know if I can trust it. And we're still, we still tend to use human signals for that? Mitchell approving it or Kyle approving it or whatever. And so I think that's, I think that's why most of these options haven't really solved it is because, it's a social problem ultimately. It's a it's a human problem to review it and agree. Or you fully trust the tool and you're imbuing that tool with full trust Which I think in some cases that absolutely exists.AI-Generated PRs, Trust, and the Waymo AnalogySwyx [00:36:08]: And so like in the same way that there will be a tipping point in society when we don't allow humans to drive anymore Because machines are measurably better than Than humans. I'm looking for that tipping point, right? Like Mythos is ridiculously expensive. Someday we'll have Mythos on a desktop. I don't know. Will, does that change the equation?Kyle [00:36:30]: I think it's more I took a Waymo here, and I was on my phone and not looking around at all. There are other, self-driving, vehicles that I would not trust while, staring at the road. And I think that trust is something that isSwyx [00:36:48]: Is this a Zoox thing? What is itKyle [00:36:50]: I think that is both. I think that is both. LikeSwyx [00:36:53]: There's Zoox in this robo taxi. That's it. It'sKyle [00:36:56]: Well, depending on what level Of self-driving. But, my point is sort of that I think part of that is I strongly believe that's, a mixture of verifiable proof. Like how many accidents, how much data, and so on, and the human aspect of how I feel when I'm in this car, what it tells me, et cetera. And so that's why I think some of the like Some of these some of our AI tools tend to, imbue me with more of that feeling of trust, even if the data says this is 100% accurate. I feel like it takes more time for us to go, “Should I trust this or not?” And that's in the soft sense of, startups with high agency, weekend projects, and open source. And then there's enterprises and regulated industries and everything else, and that is an even harder problem to go solve because even when it is fully verified, not only do you have to have trust from the humans on the team, you probably have to have trust from multinational,Swyx [00:37:55]: Oh my GodKyle [00:37:55]: Multi governments around the world and regulating agencies. And so that's where I feel like until we tip over to your point on the sort of like human EQ side of it. I feel okay this feels okay I've been proven enough. Then the ball will start to roll a lot faster, where we'll end up getting to the “Okay, we can trust this,” and feel good about it in the Most difficult of cases.Reputation, Sponsors, Stars, and Bot Activity on GitHubSwyx [00:38:18]: If human trust is the thing that matters, I feel like GitHub as the developer social network could maybe do more there. Like vouchers are one system But, we have star counts, and then we have Contributor rights, and that's it. And I feel like there should be more in that space. I don't know if there's any other design decisions there.Kyle [00:38:37]: I think that one of the places that we don't really expose right now in this sort of way is, some degree of like hard trust and support, which would like for me is like sponsors is a good example of that.Swyx [00:38:49]: Ah.Kyle [00:38:49]: It like costs you something. To prove that I believe in your project and I trust you To some degree or I want to support you at the very least.Swyx [00:38:56]: Solve payments for open source. Why not?Kyle [00:38:58]: I think that I think that like as we keep moving forward, right, there's more and more projects where I'm, adding more and more dollars into sponsors personally because I want to like support them, but I also like know of I've probably never met them in person, but, I know of enough of their work that I want to support them. I think the thing that I don't love about stars or commit counts or anything else is ultimately, even with all of the various, abuse and de-spamming and deduplication work that we do or anti-abuse work that we do, these are all, not active social signals. They're passive ones that are ultimately gamifiable. And you may trust me, but another open source maintainer may not. And on what heuristic should you be, trusting me? That I think, is kind of where some of our thinking is right now. What signal from me is most important to you? You— If you can define that potentially, honestly in an agentic workflow that's what we see some of these open source projects do, where you have GitHub actions, and then you have like an agentic workflow that's calling AI, and you're setting these rules. Like if Kyle has submitted and gotten accepted PRs across any given project and has a social handle tied to his account in GitHub, and that social account's older than a certain amount. Really complex measures that matter to you ‘cause most open source projects have that heuristic built into their heads, if not written down in the contributing guidelines. You could take that and then go apply that and then just say, “Oh, we're not going to accept this PR.” Building something that is, I think, malleable to everyone's needs, is a little bit better, rather than going “Hmm, this account's too young.” Because what happens? The attackers just go and go and create a multitude of accounts, and they wait Until it ages up. Needs to have a certain amount of stars. That's how star inflation happens. Need to have a certain amount of reposSwyx [00:40:46]: Oh my God. YeahKyle [00:40:47]: With PRs. They all just create repos and submit PRs to each other, and then they come in and do something nefarious. And so, it's hard. It's hard to find the measure. So I think we're, we're looking more at how can we provide you tools so you can kind of choose what's best for you. And of course, we'll give you some standards. But the trust vector, gets down to I don't know, some version of like human digital ID like everyone's been talking about. Like how do I prove that it's meSwyx [00:41:13]: Give me your eyeballsKyle [00:41:14]: On the internet. Give me your eyeballs. Exactly.Swyx [00:41:18]: The I got to keep moving on Topics, but obviously I can go all day on this stuff because, I've been involved in GitHub and open source My entire professional career. Stars. Very superficial. Everyone knows it. But I think time to one hundred thousand stars is the fastest I've ever seen. Like people just reached that in I don't know, months. And then like at the same time I don't trust it right? Like how many of these are real or bot or like whatever. I don't know how to ask this but like what can we do about it? LikeKyle [00:41:49]: JustSwyx [00:41:49]: Is stars broken? Is stars fine?Kyle [00:41:51]: I think that there's kind of two, there's like two pieces. Obviously we're constantly like trying to find ways in which like your users are producing spam, which would, I would include like be like only doing star gamification. When we find them, we pluck ‘em out and we,Swyx [00:42:08]: But it's like a Whac-A-MoleKyle [00:42:10]: It's a hundred percent like a Whac-A-MoleSwyx [00:42:11]: There's no wayKyle [00:42:11]: Now, powered by AI to be helpful. But I think more so what I'm seeing is, a lot of the like fastest time to X tends to be because we're now inviting so many more people into like software development on GitHub That like the zeitgeist is just swarming? And it'sSwyx [00:42:32]: It's not just developers anymoreKyle [00:42:33]: And it's not you and I. Like like however you want to say like what a developer is it's not just folks who have been coding for a very long time. It's folks that have maybe started coding or only joined in since the AI era. And nowSwyx [00:42:44]: what's the latest Octoverse number? I know eighty million was my lastRem- member that a number of developers on GitHubKyle [00:42:50]: Oh, we're over 200 million now.Swyx [00:42:53]: Okay. Well, so you see?Kyle [00:42:55]: Like over 200 million developers now.Swyx [00:42:56]: But it's not developers, right? It's, it's people with a GitHub account.What Counts as a Developer in the AI Era?Kyle [00:43:00]: So, so this is, this is the biggest debate that I would say, everyone loves to have at GitHub at this point. From my perspective, right, I think that there's, there's clearly a difference between, professional enterprise developer and then developers. But I think that I think that the idea that we should be I don't know, splitting hairs or segmenting developers in the early era of software development is, not worth our not worth the time. SoSwyx [00:43:29]: When you get into gatekeepingKyle [00:43:31]: 100%Swyx [00:43:31]: What is a developer?Kyle [00:43:31]: 100%. ‘Cause I wasn't a developer when I started writing code? I was going toSwyx [00:43:36]: Oh, no. I made— I cloned a thing, seven years before I learned to code. And then I and then I wrote about my learning to code journey, and people Just called me a fraud ‘cause I had a GitHub account. And I'm “Well, no, I just use GitHub, but I don't know-” “I didn't know what I was doing.”Kyle [00:43:49]: I I remember that. I remember those sets of posts, and like that's, that's b******t. So I fight very clearly on the line of, if you create code, if you have an idea and you create it into some way of, I'm, I'm going to run it and use the app right now, you may still use AI in that moment, but that's okay. At some point you're going to do the next thing. You're going to create a big— You're going to have to learn about this database. You're going to fix a bug, whatever. We're all on some same journey, and those people are also hearing about the great new agent skill package or a new CLI tool or a new whatever. And those projects are going up because you want to be a part of this moment, just like I wanted to be a part of the Ruby community when Ruby was popping off when I started becoming a developer, and now I can just click the star button. And so I think that yes, there's clearly some amount of like spamming and game gamification that we're working against, but I really think we're just seeing this whole new cohort of folks that are moving from technology to technology because they're not working on a 20-year-old software application. They're working on a side app that they built on the weekend for their friends or for their new idea or whatever. And that's how you see these enormous charts going up and to the right with With stars.Swyx [00:44:59]: I think something that's remarkable is the persistence or, that GitHub extends to those folks. Usually when I see platforms go into a new audience, they usually have to, have like a second platform with a different name that wraps the main platform. But somehow GitHub has been able to sort of persist and extend, and it's friendly and whatever? So it's, it's nice.Spark, Low-Code, and Always Showing the CodeKyle [00:45:19]: I that's partially why I think as we've tried to move into I don't know, more like low-code-y things. We so we started working on Spark as like a way to, build an app and run it. I think that the reality is that we anytime we try to, kind of put even a veneer on top of it without when we put a veneer on top of something, we still always show you the code. That's kind of like a tenant. We're never going to, hide the code from you ever, because whatSwyx [00:45:52]: Why would you?Kyle [00:45:52]: That's, yeah, that's the whole point? However, I think that what we learned with things like Spark is that really the value of Spark for most devs is, easy runtime. And you may have a runtime or a host that you're going to use for that or you just build something and run it but, the package of making that even more simple isn't really needed for folks that are trying to build software and not just trying to build, an app, which is, slightly different, a slightly different goal. So I want to get you in, I want to get you comfortable. I think the best thing for me as, someone that did not traditionally come into software dev way back, I want anyone to be able to breach that chasm and not be in the I don't know, I feel like we're, we're still in an era of, STEM. I've got a 12-year-old and an eight-year-old, and it's “We got to get ‘em into STEM,”? Over and over. And I like I do, I do the things that good parents do. I was “Oh, you want to do coding?” “Yes, I want to do coding.” Do coding classes. But now they're just not afraid of doing software. And that's, I think, the thing that's honestly kept me at GitHub for so long. Anyone should be able to go and build a thing, just like I can go change a light switch in my house. I'm not going to go into the breaker box ‘cause I'll probably kill myself? But, I can go change that light switch. Everyone should be able to go and say, “This fricking app doesn't do what I want. I want it to work like this.” And that I think, is what's kind of kept us all connected with GitHub through the years and some and during the easiest of times or in the hard times because of that opportunity of, we're the home for all developers, and we want everyone to be able to have that feeling that we've had of, had an idea, I created it and holy s**t here it is.Swyx [00:47:37]: Here it is. All right, I'm going to try to do more spicy questions.GitHub's Hardest Scaling Moment: Growth, Agents, and UptimeKyle [00:47:42]: Great.Swyx [00:47:42]: Is it an easy time now or a hard time?Kyle [00:47:45]: Oh at GitHub? It's a hard time. Like, it's a hard time and also, I was just with my team and I said, “This is also, the best and most exciting time that I think I can remember at GitHub.” BecauseSwyx [00:47:57]: Best of times, worst of times. It's never oneKyle [00:47:59]: ‘cause we've we were talking about Octoverse reports and, usually we do an Octoverse report once a year, and we look at the numbers, and we say, “Oh my goodness.” I was at Universe in October saying, “This was the fastest year of growth that we've ever had,” right? And now we're doing more in a month than we did in a year last year.Swyx [00:48:20]: You're talking about PRs.Kyle [00:48:21]: Commits.Swyx [00:48:21]: Commits, yeah.Kyle [00:48:22]: PRs. Kind of like you name it by roughly every measure that we're looking at, there's some amount of sort of growth that is much bigger, and that is breaking our system in new ways, not old ways. Like webhooks were always notoriously, unreliable over the years?Swyx [00:48:38]: Whose fault is that?Kyle [00:48:39]: not anymore mine, but for a period of time, I'm sure you could pull up a tweet that was “It was me. I'm sorry.” but, now, that got rewritten at a scale level that is still working and is not having problems today. Now what we're finding isn't just the isn't the-The simple stuff that folks are on the sometimes on Twitter or on the internet are “Hey, why is this like this?” Sure. There's absolutely silly problems that we shouldn't exist. But now we're talking about, unique, novel permission problems that happen only at a scale across all different objects or whatever, that now we have to go rewrite this underlying system. And so it's, there are problems that yeah, caught us off guard, which I think I said. Like the growth is astronomical, but also we're making such material progress in that I'm excited once we're once we've kind of like reimagined the underlying foundation layer, or pieces of it at least, what's going to be possible when it's not just all of us and all the new people that are being developers and all of their agents and all the tools like working together. Because that'll still happen in that in that GitHub tool, that GitHub community. But it's a it's a hard day anytime we can't give you what you're looking for. We have the same problem internally. We operate through github. Com. Of course, we have backups when things go down and whatnot for our own operations but we feel it too. If it's not working it's not working for us, and that's kind of like the promise of dogfooding for GitHub. It's always been true. We're using the same tool you're using. We're not using a super secret version. We and so we also need it to be great for us for our customers of course for open source. And now an exponential growth of agents, Doing it too.Swyx [00:50:32]: I wanted to load for audio listeners who maybe haven't seen your tweets, whatever. So one billion commits in twenty-five. Now it's two hundred and seventy-five million per week on pace for fourteen billion this year, if growth remains linear. Is that still the pace? I don't know. It's been aKyle [00:50:48]: it's, it's speedingSwyx [00:50:50]: Roughly.Kyle [00:50:50]: It's still speeding up.Swyx [00:50:51]: It's, it's April, so yeah.Kyle [00:50:51]: Exactly. This was in April.Swyx [00:50:53]: All right. So basically you have fourteen x growth, right? Year on year on year. And I think that's a scaling issue. I think, I'm going to like try to really steel man this thing. People have experienced fourteen x growth. They haven't had your downtime. And that's like— C-can we go dig into that? Why? Like what's the— what broke? What are we doing to fix it? Like just anything for the community to reassure them.Why GitHub Reliability Is Breaking in New WaysKyle [00:51:18]: so there's a Like I was saying, there's a couple different places that we've seen the growth issues. Some of the growth issues, which is why we're t— I was talking about pushing hard on more CPUs is in actions in particular. More tools, more agents, more PRs mean more builds, more builds mean more CPUs. And so we are expanding through not just our data center, but obviously we were talking about moving to Azure and moving to, adding an additional cloud compute because we simply need more CPUs. Not as much GPUs. We definitely need GPUs too, but now CPUs are becoming a factor.Swyx [00:51:53]: It's very CPU heavy.Kyle [00:51:54]: Underneath the hood when it comes to some of the underlying services, we've been breaking up over the years our database infrastructure, so that way we have, more cognitive separation between our the various services. The place that we continue to have pain is in, permissioning. And so right now m-many of our permissioning layers sit into a database that we like internally call MySQL One, and old Hubbers will know what I'm talking about. And so we've been pulling things out of MySQL One for many years, because like and we use we use Vitess and we use other technologies to shard and we do it as one bigSwyx [00:52:31]: Famous thing, PlanetScale was born from this andKyle [00:52:32]: A hundred percent. Sam Old Hubber and friend. And so finding these opportunities to like break this out and then do that globally. The other thing that I think is interesting and both a unique opportunity and tricky is we also run everything I just talked about in a black box container with GitHub Enterprise Server for people that work on-prem. So we take everything I just said, and we also do it on-prem, and we also do all of that and we do it in a data residence setup for customers that need to have their data in a single location. Each of these has the unique characteristic around how we're sort of storing that data in MySQL or in a permissioning setup. That's where some of these outages have oc-occurred, where you're seeing it more like across the board rather than just like the one pieceSwyx [00:53:17]: Filling the databaseKyle [00:53:17]: Isn't quite working. Exactly. And so part of it is that. I think there's been some other places where agents are much more or more projects appear to be moving towards monorepo versus we were going the other direction for many years in the industry. Repos were smaller, but there were more of them, and now we're seeing the opposite. Repos are bigger, and there's, not fewer of them per se ‘cause there's new growth, but, we're just seeing many more big repos. Big repos, big monorepos have always had, a unique performance problem. Because each one, is slightly different if, particularly if the underlying blobs are incredibly big Inside the repos. And so we've done a ton of work that you pro— like most people haven't probably experienced, unless you're in this case of the monorepo. But that Git, infrastructure layer improvement does help the overall, system because, many of the improvements that make monorepos work better make all repo infrastructure work better. And so, I could kind of keep going down the line where it's another thing where we're moving out of, We're changing how we do j I'll just say job queuing for lack of a better, explanation changing the underlying technologies there.Swyx [00:54:32]: I spent two years being a job queuing guy, so.Kyle [00:54:34]: And so it's kind of a little bit of a little bit of piece by piece, and it's mostly because as we were— as it was built, we built everything in a way that assumed, I guess in some ways that the size of the pipe of work was going to remain the same. There's just going to be more people coming through each of those pipes. But instead now in places whereA git push was, generally a certain size for example, is now, no longer true.Swyx [00:55:03]: Oh, yeah.Kyle [00:55:03]: OrSwyx [00:55:05]: I push a thousandKyle [00:55:06]: On the average. 100%Swyx [00:55:06]: A thousand line commits like dailyKyle [00:55:07]: Same thing with PRs. Like PRs same thing. And like we've talked about optimizing that and making changes where, and there were technology choices that did not work there? And it got slow, and it didn't It was not fast. It did not do what the users wanted. And so we've been reeling that all out and going “Okay, that's just not right. Let's stop putting good money after bad and do it the do it the right way or the right way now.” So there's It's a it's a lot of things, not quite when I've experienced scale at GitHub historically, it's almost always two options that we've used. We go vertical scaling, particularly with databases, right? And we go horizontal scaling. Oh, we just have more people using this service. Great. We're going to add more servers, and we rack them in our data center, or we use it in a cloud. And now we're sort of in a like diagonal, where like vertical doesn't really work anymore. Horizontal isn't work either because we're all We all have some CPU or GPU constraints in the world now, and now we have to go in and like crack open services that have been running for 10 or 15 years and go, “Okay, the rules of this service have legitimately changed, and now we have to rewrite them.” None of this is an excuse. This is like we're We have to do the work. We have to make it better.Swyx [00:56:22]: actually as an infra guy, I'm “This is like one of the most fascinating scaling challenges I've ever seen.”Kyle [00:56:26]: That's that's, that's the thing that's the thing that it's hard for Like when we weren't talking about it publicly, and I was like I came out, and I was “Hey, I just want to explain what's going on.” Part of it comes from a very old GitHub ethos, which is it's our it's our uptime. It's down. W What I know you're a developer, so you're, you're inclined to want to understand more what's going on. But at the same time us going “Hey, this service didn't, perform the way we expected, and now we have to go change it,” we weren't We're not trying to hide anything from you i

Digi-Tools In Accrual World
What Accountex, Hg's write-down and Sage's CEO tell us about where accounting tech is heading

Digi-Tools In Accrual World

Play Episode Listen Later Jun 1, 2026 57:53


Indi Tatla, Ryan Pearcy and guest host Alastair Barlow are in the chair this week, with John Toon taking the week off. The episode opens fresh from Accountex, comparing notes on the talks, the vendors and what the arrival of a dedicated FD show on the floor might mean for the direction of the market. The Xero conversation is substantial, and not entirely kind. Alastair, who built his firm on Xero, gives a candid view of a product he thinks is well-intentioned but slow and lacking cohesion. The team work through a refreshed app navigation, Xero Coaches launching in the US, the new benchmarking tool built on Sift Analytics data, and the replacement of Xero HQ with Partner Hub from 15 June. Ryan's concern about Coaches is pointed: he does not want Xero going the way of QuickBooks Live, where Intuit's move into the advisory space caused serious conflict with the accountant community in the US. Alastair covers Socket's new feature, which ingests a call transcript from any note-taker and produces a first-draft client proposal with a confidence rating on each point. Indi is broadly positive but flags that AI note-takers still miss commercial nuance, so the 20% that matters most still needs human judgment. Ryan runs through the Intuit Enterprise Suite spring 2026 update: inter-company eliminations, enhanced board reporting, Workforce Elite for HCM and deeper WIP reporting for construction. The team read it as Intuit pushing hard into mid-market territory. Indi takes both Sage stories. On the expanded MTD IT agent she argues the tool's complexity partly reflects Sage's own fragmented product estate. On Steve Hare's AI trust comments, she goes further than the auditability argument: the real test will come when firms understand the margin implications of AI-native versus AI-infused pricing. Alastair closes with Hg Capital, explaining why HG Trust's share price fell even as its portfolio companies improved, and introduces Damon Anderson's a2z AI Accounting report: 300-plus apps mapped, with the argument that accountants' defensible position is liability absorption, future value sits in the orchestration layer between tools, and 80% of point solutions are barnacles on the whale. Also covered: Xero Ultra, launching in Australia in late June targeting the 20 to 200 employee segment. 00:00 Reflections on Accountex 2026 01:14 The FD Show, fractional CFOs and where the market is heading 12:14 Xero refreshes its app navigation 16:53 Xero is hiring coaches to onboard small businesses in the US 19:45 Xero launches industry benchmarking inside Analytics 24:16 Xero is replacing Xero HQ with Partner Hub from 15 June 25:43 Socket can now turn a meeting transcript into a client proposal 30:23 Intuit Enterprise Suite spring 2026: inter-company, board reporting and HCM 35:10 Sage expands its MTD IT agent with automatic client matching 41:40 Hg marks down its software fund by 9% as valuations hit a 20-year low 47:01 Sage CEO: accountants won't trust AI they can't inspect 52:41 Damon Anderson's a2z AI Accounting report 56:45 Outro

ITmedia PC USER
DDR4メモリでもまだ戦える!! AMDが「Socket AM4」の10周年を祝う Carbice Ice Pad付きの「Ryzen 7 5800X3D」記念パッケージを349ドルで投入

ITmedia PC USER

Play Episode Listen Later Jun 1, 2026 0:43


DDR4メモリでもまだ戦える!! AMDが「Socket AM4」の10周年を祝う Carbice Ice Pad付きの「Ryzen 7 5800X3D」記念パッケージを349ドルで投入。 AMDは5月31日(米国東部時間)、Socket AM4の誕生10周年を記念して、同ソケットに対応するCPU「Ryzen 7 5800X3D」の記念パッケージを6月25日(同)に発売することを発表した。記念パッケージにはCarbice Ice Padが付属し、想定価格は349ドル(約5万5600円)となる。

ITmedia PC USER
AMDが「Socket AM5」対応CPUの新製品供給年限を2029年まで延長 「Ryzen 7 7700X3D」など新製品を投入

ITmedia PC USER

Play Episode Listen Later Jun 1, 2026 0:37


AMDが「Socket AM5」対応CPUの新製品供給年限を2029年まで延長 「Ryzen 7 7700X3D」など新製品を投入。 AMDは5月31日(米国東部時間)、デスクトップ向けCPUプラットフォーム「Socket AM5」について、新製品の供給年限を当初予定の2027年から2年間延長し、2029年とすることを発表した。Socket AM5へのコミットメントを一層深めることで、ユーザーに“安心”を与えることが狙いだ。

Po3tryjournal by Alex Murdock
The What is Evil? | part 2

Po3tryjournal by Alex Murdock

Play Episode Listen Later May 19, 2026 39:11


The MadPo3t and guest Poet Strings Scrubbs the Medieval definitions of Evil to reveal the Archaic Resilience hidden in the darkness. As the LIRR Strike looms—a Systemic Friction in the physical realm—we Socket into the Unconscious realm where the Fabric is ripped and torn.We Bore Witness to the Mental Cradle we must abandon to Grasp for the Self beyond reality. This is not Static philosophy; it is Temporal Mastery for those Feeding Mentally on the Grotesque truths of the 2026 landscape.

Po3tryjournal by Alex Murdock
What is Evil ? | part 1

Po3tryjournal by Alex Murdock

Play Episode Listen Later May 14, 2026 29:53


The MadPo3t and guest Poet Strings Scrubbs the Medieval definitions of Evil to reveal the Archaic Resilience hidden in the darkness. As the LIRR Strike looms—a Systemic Friction in the physical realm—we Socket into the Unconscious realm where the Fabric is ripped and torn.We Bore Witness to the Mental Cradle we must abandon to Grasp for the Self beyond reality. This is not Static philosophy; it is Temporal Mastery for those Feeding Mentally on the Grotesque truths of the 2026 landscape.

Talent Acquisition Trends & Strategy
EP 213: A Non-Traditional Path to a Ruthless Hiring Bar

Talent Acquisition Trends & Strategy

Play Episode Listen Later May 7, 2026 56:01 Transcription Available


Lauren Valencia grew up in a small town outside Seattle, where adventure, sports, and early problem-solving shaped a non-traditional path into recruiting. Now Head of Talent at Socket, she's scaling teams quickly while rethinking org design, first-in hires, and what actually drives success in a startup. In this conversation, she shares why recruiters need to think like founders, how to evaluate real builders, and why picking your hires like you pick your inner circle is so crucial.Episode mentioned: EP 187 with Joe WilsonConnect with host James Mackey on LinkedIn! Thank you to our sponsor, SecureVision, for making this show possible!  Follow us:https://www.linkedin.com/company/82436841/SecureVision: #1 Rated Embedded Recruitment Firm on G2!https://www.g2.com/products/securevision/reviewsThanks for listening!

The Cybersecurity Defenders Podcast
Power systems under threat, Claude Mythos, suspicious KICS activity & JFrog / Intel Chat [#319]

The Cybersecurity Defenders Podcast

Play Episode Listen Later May 6, 2026 31:14


In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Researchers are raising concerns about a new cybersecurity risk emerging from the systems that regulate electrical power inside modern electronics and infrastructure.Japan's financial sector is responding to concerns around Anthropic's new AI model, Claude Mythos, which some officials believe could significantly impact cybersecurity.Docker and Socket researchers discovered that malicious images were pushed to the official checkmarx/kics Docker Hub repository, indicating a supply chain compromise affecting the KICS infrastructure-as-code scanning tool.JFrog security researchers identified a malicious npm package published as @bitwarden/cli version 2026.4.0 that impersonates the legitimate Bitwarden command-line client.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

ScreamQueenz: Where Horror Gets GAY!
SQ Classics - SOCKET (2007)

ScreamQueenz: Where Horror Gets GAY!

Play Episode Listen Later May 1, 2026 93:03


This episode first aired on December 21, 2012.Show notes TBASOCKET is currently available for free on YouTube herehttps://www.youtube.com/watch?v=F3iFFr05Y3gFollow director Sean Abley at GayOfTheDead on InstagramSOCKET was written & directed by Sean Abley and stars Derek Long, Matthew Montgomery, Alexandra Billings, Allie Rivenbark and Rasool JahanMentioned in this episode:Network Plug with musicThis podcast uses the following third-party services for analysis: Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp

classics socket podtrac alexandra billings musicthis matthew montgomery sean abley
Smart Software with SmartLogic
The State of Security in Elixir with Holden Oullette

Smart Software with SmartLogic

Play Episode Listen Later Apr 30, 2026 41:54


In the Elixir Wizards season 15 premiere, host Charles Suggs is joined by Holden Oullette, Senior Security Software Engineer at Netflix and maintainer of Sobelow, to talk about how security is evolving in the Elixir ecosystem. We discuss how certain features of the Elixir programming language (like functional patterns and server-side rendering) provide natural immunity against some common vulnerabilities, and what that means as the language continues to grow. Holden shares how tools like Sobelow are adapting and how new technologies like LLMs and Elixir's type system may help to strengthen security practices. We cover supply chain risks, ecosystem-level responsibility and reputation management, and how initiatives like AEGIS are prepping the community for more widespread adoption. We wrap with practical tips for teams to be more security-minded throughout the software development lifecycle without slowing everything down. Key topics discussed in this episode: How Elixir's design influences secure-by-default development Security tradeoffs between server-side and client-heavy architecture Supply chain risks and what the ecosystem is doing to prepare Static analysis with tools like Sobelow and AST-based pattern matching Where LLMs fit into modern security workflows The role of Elixir's upcoming type system in improving tooling Securing CI/CD pipelines and production environments Balancing development speed with security requirements Dependency management and vulnerability monitoring The AEGIS Initiative and ecosystem-wide security efforts Links mentioned: Holden's GitHub https://github.com/houllette Elixir Programming Language https://elixir-lang.org/ Security-focused static analysis for the Phoenix Framework https://github.com/nccgroup/sobelow Code Security for Builders https://semgrep.dev/ Erlang Ecosystems Foundation https://erlef.org/ Phoenix Framework https://www.phoenixframework.org/ WebSockets https://hexdocs.pm/phoenix_live_view/Phoenix.LiveView.Socket.html https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API Open Worldwide Application Security Project https://owasp.org/ https://github.com/elixir-ecto/ecto Log4j Vulnerability https://www.ncsc.gov.uk/information/log4j-vulnerability-what-everyone-needs-to-know React2Shell Vulnerability https://www.finra.org/guidance/guidance/cybersecurity-advisory-react2shell The Heartbleed Bug https://www.heartbleed.com/ Elixir Type System https://hexdocs.pm/elixir/main/gradual-set-theoretic-types.html Holden Oullette “Securing the Future: A Roadmap to Making Elixir the Safest Language” ElixirConf 2024 https://youtu.be/gpvKxS6sY8Y Aegis Initiative: Supply Chain Security & Compliance Initiative https://security.erlef.org/aegis/ OIDC Tokens https://openid.net/ Anthropic's Claude Mythos & Cybersecurity https://red.anthropic.com/2026/mythos-preview/ Igniter Code Generation Framework https://github.com/ash-project/igniter https://smartlogic.io/podcast/elixir-wizards/s13-e01-igniter-code-generation-zach-daniel/ Secure-by-default open source software https://www.chainguard.dev/ https://www.docker.com/ https://github.com/dependabot https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/apis-apiid-models.html https://nixos.org/ https://smartlogic.io/podcast/elixir-wizards/s14-e08-nix-for-elixir-apps/ https://fedoraproject.org/ https://kubernetes.io/ https://netflix.github.io/chaosmonkey/ https://netflixtechblog.com/all?topic=chaos-monkeySpecial Guest: Holden Oullette.

Eagle Eye News On Demand
(LISTEN): Socket president Carson Coffman and Socket Fiber's Jim Gleason appear on 939 the Eagle's "CEO Roundtable"

Eagle Eye News On Demand

Play Episode Listen Later Apr 25, 2026 44:50


Columbia-based Socket has recapitalized their company and brought in new majority owners to raise money. Socket president Carson Coffman emphasizes that the original shareholders are still owners and are active in the company. The new majority owners are Charlotte-based Pamlico Capital and Oak Hill Capital. Mr. Coffman and Socket Fiber executive chairman Jim Gleason joined host Fred Parry Saturday in-studio for the hour on 939 the Eagle's “CEO Roundtable.” Mr. Coffman tells listeners that Socket needed another $250-million to grow the way they wanted to. He says Socket has added staff, with the new arrangement. “I think we've added 75 people already in the first year and we'll be up over 300 by the end of this year,” he tells listeners. He says the infusion of cash has allowed Socket to build in Missouri towns like Webb City, Odessa and Oak Grove:

The Adam and Dr. Drew Show
Classic #421: My Shoulder Was Out Of Socket For 4 Days

The Adam and Dr. Drew Show

Play Episode Listen Later Apr 17, 2026 32:18


September 25, 2016Adam and Drew open the show discussing the recent traumatic injury that Adam's daughter Natalia suffered. After going down memory lane to talk about some of Adam's childhood injuries the guys turn to the phone and speak to a caller whose sister is suffering from a brain injury. Later they speak to a gentlemen who has a child with a woman who has a drug problem that has led to numerous recent arrests.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Every Day Oral Surgery: Surgeons Talking Shop
Reading the Socket: How Extraction Sites Teach Better Surgery

Every Day Oral Surgery: Surgeons Talking Shop

Play Episode Listen Later Mar 18, 2026 53:57


When a tooth comes out, the real learning starts. In this episode, Dr. Grant Stucki and returning guest Dr. Richard Akin delve into how, after an extraction, the socket can reveal bur marks, bone cracks, flap tension, and root morphology that can influence your surgical outcomes for better or worse. They break down what to look for in mandibular and maxillary sockets, how to manage loose bone fragments and avoid future bone spicules, when to extend or modify your flap, and how to use imaging and instrumentation more effectively in difficult molar extraction cases. They explore why open communication among the dental team is essential, what to check for after a successful extraction, how to prevent complications, the impact of mobility on the healing process, and why training and empowering staff are crucial for patient care. Dr. Akin also explains the role of assistants as a second set of skilled eyes and gives his thoughts on perfectionism, humility, and the idea of continuous learning in surgical practice. Tune in now!Key Points From This Episode:The “black hole” analogy for the extraction socket and why it is a source of feedback.Why the patient's tooth ‘belongs' to the surgeon and what is at the core of molar surgery. They each share what they look for in the socket and how this helps guide their approaches. Find out why the right assistant for delicate work on extraction sockets is essential.Unpack why visualization, lighting, and flap exposure are vital for a successful surgery. They compare their tooth extraction procedures and surgical techniques. Dr. Akin explains why performing tooth extractions systematically ensures a good outcome.Find out whether to remove small bone fragments after maxillary tooth extraction.Learn about post-surgery flap management techniques and the ‘reading the roots' concept.Discover the importance of self-assessment and continuous learning for patient outcomes.Links Mentioned in Today's Episode:Dr. Richard Akin — https://www.drakin.com/Dr. Richard Akin on LinkedIn — https://www.linkedin.com/in/rick-akin-644aa932/Dr. Richard Akin email —  rick@drakin.comEveryday Oral Surgery Website — https://www.everydayoralsurgery.com/ Everyday Oral Surgery on Instagram — https://www.instagram.com/everydayoralsurgery/ Everyday Oral Surgery on Facebook — https://www.facebook.com/EverydayOralSurgery/Dr. Grant Stucki Email — grantstucki@gmail.comDr. Grant Stucki Phone — 720-441-6059

Echo Sthlm - News in Russian on the war in Ukraine

Эхо Хельсинки – 18 марта 2026 года Война – день 1484 Финляндия не будет участвовать в операции в Ормузском проливе, – заявил президент Александр Стубб в интервью агентству Bloomberg. Европа ищет компромисс с США по Ирану и Украине. В Багдаде беспилотник атаковал отель, где находится посольство Финляндии. Финскую компанию с российским руководством подозревают в нарушении санкций. Большинство финнов поддерживают климатическую политику, но против резкого роста расходов на нее. Президент Кубы ответил на слова главы США о «взятии» острова. Важно смотреть не только сквозь призму того, как люди себя позиционируют, а сквозь призму того, что они делают, – интервью с бывшим главой московского штаба Алексея Навального, а ныне общественным деятелем и product owner в компании VPN.Socket Олегом Степановым, с которым мы поговорили о российской оппозиции.

The Haute Garbage Podcast
Gas Station Labubu with DRY SOCKET

The Haute Garbage Podcast

Play Episode Listen Later Mar 17, 2026 91:48 Transcription Available


Dry Socket are the super-heavy, load-bearing wall of Portland hardcore punk music. Their music blends the intensely personal (warts and all) with communal, universal catharsis, and they are just embarking on their biggest year yet. To celebrate their upcoming European tour and the March 27 release of their latest record "Self Defense Lessons", Dani and Geoff from Dry Socket stop by to wage the war of the hot dog versus the garbage disposal, discuss authenticity with empathy, growing up hardcore and its complicated legacy, grassroots anti-boofing, and the clear holder of the most hardcore bird (MHB) championship belt. Music this week:"Abomination" by Dry Socket (17:52)"The Hull" by Weft (28:12)"Leglock" by Dry Socket (57:46)"Bootlicker" by SPY (74:49)"Again" by Railing (88:55)

Electrical News Weekly
Making Tax Digital: Electricians ‘Unprepared' for Change

Electrical News Weekly

Play Episode Listen Later Mar 16, 2026 13:39 Transcription Available


Send a textThe alarm is raised over thousands of electricians who are unprepared for big tax changes next month……Wales makes solar panels compulsory on new buildings……and two firms are fined after a father of three is electrocuted in a cherry picker…Welcome to Electrical News Weekly, Whether you're listing on site, in the van or down at the wholesale counter.======================Show Notes:Catch all the stories, links, and product info from this episode - it's all waiting for you in the show notes at

Atareao con Linux
ATA 778 ¡Adiós Docker! Cómo configurar Traefik con Podman (Rootless y Seguro)

Atareao con Linux

Play Episode Listen Later Mar 12, 2026 21:00


Bienvenidos a un episodio clave en la serie de Podman. Soy Lorenzo y hoy configuramos nuestro proxy inverso de referencia utilizando Podman y Quadlets. Si alguna vez te has preguntado si puedes dejar atrás Docker sin perder la potencia de Traefik, este podcast te dará todas las respuestas.Lo que aprenderás en este episodio:Seguridad Rootless: Cómo ejecutar Traefik sin ser root y por qué es la mejor decisión para tu servidor.Gestión de Puertos: El truco para usar los puertos 80 y 443 con un usuario común de forma persistente.Persistencia con Systemd: Configuramos el sistema para que tus servicios sigan vivos aunque cierres tu sesión.Quadlets y IaC: Organización de volúmenes, redes y contenedores mediante archivos de configuración limpios.Rendimiento Avanzado: Implementación de HTTP/3, optimización de cifrados (como ChaCha20) y compresión de tráfico.Ecosistema de Plugins: Integración de OIDC con Pocket ID para una autenticación centralizada y segura.Exploramos cómo el uso de variables como %H y %T simplifica el despliegue en diferentes entornos y cómo la configuración dinámica de Traefik nos permite añadir servicios "al vuelo" sin interrupciones. También profundizo en las medidas de seguridad extremas, como eliminar todas las capacidades del kernel excepto las necesarias para el bind de puertos y forzar que el sistema de archivos del contenedor sea de solo lectura.Marcadores de tiempo:00:00:00 - Introducción y objetivos00:02:18 - El reto de los puertos 80 y 44300:04:14 - Persistencia de procesos de usuario00:05:13 - Socket de Podman vs Docker00:06:43 - Quadlets: La magia de la infraestructura00:09:34 - Seguridad y privilegios mínimos00:12:12 - Configuración estática y dinámica00:14:39 - Autenticación avanzada con OIDC00:18:43 - Podman como el futuro del self-hostingNo te pierdas los detalles técnicos disponibles en las notas del episodio y únete a nuestra comunidad en Telegram para debatir sobre el fascinante mundo del Open Source.Más información y enlaces en las notas del episodio

Golf – meinsportpodcast.de

Du triffst den Ball eigentlich ganz gut – aber irgendwie fliegen die Schläge zu hoch, zu weit rechts oder im schlimmsten Fall mit einem Socket direkt in die Bäume. Oft liegt das Problem nicht am Schwung selbst, sondern daran, was Deine Hände und Unterarme durch den Ball hindurch machen. Viele Golfer haben vom »Release« eine völlig falsche Vorstellung, besonders wenn es um das Thema »Hände vor dem Ball« geht. Wie sollten Deine Unterarme wirklich rotieren, welche Rolle spielt der Griffdruck und was hat das Logo auf Deinem Handschuh damit zu tun? Links zur Folge** Video: ...Dieser Podcast wird vermarktet von der Podcastbude.www.podcastbu.de - Full-Service-Podcast-Agentur - Konzeption, Produktion, Vermarktung, Distribution und Hosting.Du möchtest deinen Podcast auch kostenlos hosten und damit Geld verdienen?Dann schaue auf www.kostenlos-hosten.de und informiere dich.Dort erhältst du alle Informationen zu unseren kostenlosen Podcast-Hosting-Angeboten. kostenlos-hosten.de ist ein Produkt der Podcastbude.

Golfstunde
#321 Release

Golfstunde

Play Episode Listen Later Mar 6, 2026 18:26


Du triffst den Ball eigentlich ganz gut – aber irgendwie fliegen die Schläge zu hoch, zu weit rechts oder im schlimmsten Fall mit einem Socket direkt in die Bäume. Oft liegt das Problem nicht am Schwung selbst, sondern daran, was Deine Hände und Unterarme durch den Ball hindurch machen. Viele Golfer haben vom »Release« eine völlig falsche Vorstellung, besonders wenn es um das Thema »Hände vor dem Ball« geht. Wie sollten Deine Unterarme wirklich rotieren, welche Rolle spielt der Griffdruck und was hat das Logo auf Deinem Handschuh damit zu tun?

Funfiltered
Vol. 38 - "Ungodly Socket"

Funfiltered

Play Episode Listen Later Mar 6, 2026 108:35


This week, Jordan and I (Sam) middle-classify THE ‘BURBS, get on tropic for LORD OF THE FLIES, study the alchemy of SMALL PROPHETS, take a stab at swillogy terminus THE STRANGERS: CHAPTER 3, get back on tropic for SEND HELP, Roper off THE NIGHT MANAGER - SEASON 2, beg U not to F O for LOONEY TUNES: THE DAY THE EARTH BLEW UP, ponder who's at Vault for FALLOUT - SEASON 2, buddy cop to our thoughts on THE WRECKING CREW, Run to the Hills with 28 YEARS LATER: THE BONE TEMPLE and suffocate on IRON LUNG.

ITmedia PC USER
AMDの「Ryzen AI PRO 400」にデスクトップ版登場 50TOPSのNPUがSocket AM5で利用可能

ITmedia PC USER

Play Episode Listen Later Mar 2, 2026 0:27


AMDの「Ryzen AI PRO 400」にデスクトップ版登場 50TOPSのNPUがSocket AM5で利用可能。 AMDは3月2日(中央ヨーロッパ時間)、APU(GPU統合型CPU)の「Ryzen AI PRO 400シリーズ」にデスクトップPC向けモデルを追加することを発表した。搭載PCは、パートナー企業を通して順次提供される。

Risky Business News
Sponsored: The smouldering trashfire of AI and open source

Risky Business News

Play Episode Listen Later Feb 22, 2026 24:59


In this Risky Business sponsor interview, Casey Ellis and Feross Aboukhadijeh discuss how AI is affecting open source, chat about a few attacks the company has seen in the wild and introduce Socket's answer to the smouldering trashfire: Socket Firewall. Show notes

ai open source risky business socket trash fire casey ellis feross aboukhadijeh
The Stupid History Minute
The Electric Lamp Socket

The Stupid History Minute

Play Episode Listen Later Feb 8, 2026 1:21 Transcription Available


The Stupid History of The Electric Lamp SocketBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-stupid-history-minute--4965707/support.

Soft Robotics Podcast
Ball-and-Socket… But for Locomotion, Enchanted Tools

Soft Robotics Podcast

Play Episode Listen Later Feb 6, 2026 52:50


Ball-and-Socket… But for Locomotion, Enchanted Tools by Marwa ElDiwiny

Living Word
Thrust a Flaming Arrow into the Devil's Eye Socket | Pastor Mike Faherty

Living Word

Play Episode Listen Later Feb 2, 2026 39:00


Well... That’s Interesting
Ep. 263: First UK Patient To Have Tumor Removed Through An Eye Socket + Toddler Accidentally Eats Gonorrhea From A Lab Dish

Well... That’s Interesting

Play Episode Listen Later Jan 15, 2026 30:26


What a day. Believe it or not, these are feel good stories. Join me. — Support and sponsor this show! Venmo Tip Jar: @wellthatsinteresting Instagram: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@wellthatsinterestingpod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Bluesky: @wtipod Threads: @wellthatsinterestingpod Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@wti_pod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Listen on YouTube!! Oh, BTW. You're interesting. Email YOUR facts, stories, experiences... Nothing is too big or too small. I'll read it on the show: wellthatsinterestingpod@gmail.com WTI is a part of the Airwave Media podcast network! Visit AirwaveMedia.com to listen and subscribe to other incredible shows. Want to advertise your glorious product on WTI? Email me: wellthatsinterestingpod@gmail.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Be-YOU-tiful Adaptive Warrior
Unleash the Warrior Within You

Be-YOU-tiful Adaptive Warrior

Play Episode Listen Later Jan 7, 2026 27:54


The Year of the Fire Horse and the Power of Becoming Welcome to Season Six of the Be-YOU-tiful Adaptive Warrior (BA Warrior) Podcast—a milestone that still takes my breath away. If you had told me years ago that I would be hosting a podcast, let alone entering its sixth season, I would have laughed. It was never a dream I set out to chase. And yet, here we are. Proof that life doesn't always unfold according to our plans—but often according to something far greater. If you're new here, I want to personally welcome you. And if you've been walking this road with me for years, please know how deeply grateful I am. Your messages, your comments, your shared stories, and your willingness to show up week after week are the reason this podcast exists. Be a Warrior is not something I do alone—it's something we build together. This podcast is rooted in amputee life. I am an above-knee amputee and have been for seven years. Everything I share comes from lived experience—the victories, the mistakes, the frustrations, the growth, and the moments that test every ounce of resilience. My hope has always been that by sharing my journey honestly, someone else might feel less alone in theirs. A New Season, A New Energy Season Six begins with a theme that feels deeply personal to me: the Year of the Horse—specifically, the Fire Horse. This year carries amplified energy, movement, instinct, and transformation. It also aligns beautifully with where I am in life right now. I recently completed my equine therapy certification, which allows me to bring the healing power of horses to others in a deeper, more intentional way. Horses have long been part of my life, but this year marks a turning point—where passion, purpose, and service come together. My goal for 2026 is to help expand access to equine therapy for overall well-being, especially for people navigating trauma, change, or physical loss. But before we talk about where we're going, let me tell you how this year actually started—because it wasn't graceful. A Rough Start and an Important Lesson My husband and I took a short getaway to Sedona, Arizona—a place that feels like a deep breath for the soul. We live in the desert, but a quick drive north brings cooler air, pine trees, red rocks, and a sense of escape. It was meant to be a simple, restorative weekend. In typical fashion, I packed last minute. I grabbed my makeup, hair products, clothes—and we were out the door. What I didn't grab? Two things no above-knee amputee should ever forget: My prosthetic charging cord The bag I use to pull my leg into my socket My bag to put my socket on….that I forgot. I realized the charging cord was missing first. Panic set in—until I checked my prosthetic's battery level. Eighty-two percent. I could manage one day. Then came the second realization. No bag. For those unfamiliar, I am a skin-fit amputee, meaning I don't use liners or traditional suction. My leg requires a specific bag to pull the skin properly into the socket. Without it, my prosthesis does not go on. No shortcuts. No substitutes—at least, not easily. I didn't sleep that night. I ran through every possible outcome: crutching around town, canceling plans, going home early. I was frustrated—not just because I forgot something critical, but because I knew better. Ironically, the reason I forgot was also a sign of progress. I had become so comfortable in my body, so confident in my mobility, that I wasn't thinking about “what ifs” anymore. My prosthesis had become as normal to me as legs are to two-legged people. Comfort is a gift—but complacency can be costly. Adaptation Is a Warrior Skill The next morning, I went into full problem-solving mode. I asked myself: What do I have? What can I use? Garbage bags wouldn't work—they'd tear. A standard pillowcase was too thick. Then I spotted a silk pillowcase. Thin. Slippery. Flexible. It wasn't perfect—but it worked. I was able to walk around town that day. I didn't hike, knowing my limits. When I got home later, I had blisters and raw skin—but I was mobile. I adapted. And that's what amputee life often requires: creativity, patience, resilience, and the willingness to meet challenges head-on. The Unpredictability of Phantom Pain Just days later, I was reminded again how unpredictable this journey can be. Despite having minimal phantom pain since my nerve revision surgery, I was suddenly hit with intense, stabbing sensations in a foot that no longer exists. The pain came in waves—sharp, jolting, and relentless. It lasted for hours and woke me from sleep. There was no obvious trigger. No overexertion. No trauma. Through experience, I've learned that phantom pain doesn't need permission. It arrives when it wants—and leaves when it's ready. What got me through wasn't panic. It was instinct. I ran through my mental checklist: Socket fit? Fine. Injury? No. Stress? Manageable. Weather? Stable. Hydration? Questionable. I drank water—lots of it. And the pain faded. Whether coincidence or correlation, I logged it as wisdom for the future. Always adapting! The Fire Horse Mentality The horse symbolizes freedom, movement, instinct, truth, nervous system wisdom, and connection over control—all things that resonate deeply with amputee life. Freedom didn't come to me through saving my leg. It came when I let it go. Movement returned not through endless surgeries, but through acceptance, adaptation, and the right prosthetic support. Instinct tells me when to rest, when to push, and when to trust that pain will pass. Truth asks me to acknowledge that this life is hard—but still meaningful. Horses understand nervous system regulation instinctively. As amputees, learning to regulate our own nervous systems is critical—not just for physical comfort, but emotional health. And perhaps most importantly: connection over control. Trying to control everything—our bodies, our recovery, our outcomes—often creates more suffering. Connection, whether to our prosthetist, our body, our community, or our faith, is what carries us forward. Stop Comparing. Start Living. One of the most destructive habits amputees fall into is comparison. Just because someone else is doing something you aren't doesn't mean you're failing. Different bodies. Different trauma. Different prosthetics. Different lives. You are not behind. You are not weak. You are not less than. Compare yourself only to who you were yesterday. A Call to Rise Season Six is about listening, connecting, trusting, and becoming. It's about letting go of the reins just enough to allow life—and faith—to lead. You are a warrior. Not because of what you've lost—but because of how you keep showing up. This year is a fresh page. A new chapter. Write it with courage. Live it with intention. And remember—you don't have to do it alone. Welcome to Season Six. Let's ride forward together. And as always, Be Healthy, Be Happy, Be YOU!! Much love, Rise up, Warriors!!!

Horror Movie Survival Guide
HMSG Interview Sean Abley ~ Author of QUEER HORROR: A Film Guide! "Horror High"

Horror Movie Survival Guide

Play Episode Listen Later Dec 15, 2025 62:12


HMSG Interview Sean Abley ~ Author of QUEER HORROR: A Film Guide! - "Horror High"This week we got to chat with author & friend of the show SEAN ABLEY about his wonderful book QUEER HORROR: A Film Guide and more about his life, career and some of our favorite films! Of course he brought us a gem, neither Julia or Teri had watched, to cover for our show ~ HORROR HIGH (1974)! We hope you enjoy this fresh episode!More about our guest: Sean Abley is an entertainment journalist, B-movie screenwriter, and award-winning playwright. His "Gay of the Dead" column (est. 2009 for Fangoria.com) was the first blog to focus solely on LGBTQ filmmakers working in horror. He is a regular contributor to Fangoria magazine and a frequent panelist and podcast guest for all things horror-related. He's written three entries in the Witchcraft film franchise, the 9th entry in the Camp Blood franchise, and his own film, the gay sci-fi thriller, Socket. He wrote multiple episodes of the Disney Channel series So Weird, as well as Sabrina: The Animated Series, Digimon, and MegaBabies. He also produced Pornography: A Thriller for filmmaker David Kittredge. He's written over 60 plays including Attack of the Killer Bs, Santa Claus Conquers the Martians: The Musical, End of the World (With Prom to Follow), and the stage adaptation of Ted V. Mikels' The Corpse Grinders. Most recently, he created and co-edited Queer Horror: A Film Guide, a 500-page encyclopedia of horror films with LGBTQ content, as well as the companion podcast.Support the show

True Stories with Seth Andrews
True Stories #436 - Quick Release

True Stories with Seth Andrews

Play Episode Listen Later Dec 10, 2025 7:06 Transcription Available


Peter Roberts invented a quick-release socket wrench. He then went to war with Sears over his creation.Become a supporter of this podcast: https://www.spreaker.com/podcast/true-stories-with-seth-andrews--5621867/support.

Software Engineering Daily
Blocking Software Supply Chain Attacks with Feross Aboukhadijeh

Software Engineering Daily

Play Episode Listen Later Dec 9, 2025 47:48


Modern software relies heavily on open source dependencies, often pulling in thousands of packages maintained by developers all over the world. This accelerates innovation but also creates serious supply chain risks as attackers increasingly compromise popular libraries to spread malware at scale. Feross Aboukhadijeh is the founder and CEO of Socket which is a security The post Blocking Software Supply Chain Attacks with Feross Aboukhadijeh appeared first on Software Engineering Daily.

Podcast – Software Engineering Daily
Blocking Software Supply Chain Attacks with Feross Aboukhadijeh

Podcast – Software Engineering Daily

Play Episode Listen Later Dec 9, 2025 47:48


Modern software relies heavily on open source dependencies, often pulling in thousands of packages maintained by developers all over the world. This accelerates innovation but also creates serious supply chain risks as attackers increasingly compromise popular libraries to spread malware at scale. Feross Aboukhadijeh is the founder and CEO of Socket which is a security The post Blocking Software Supply Chain Attacks with Feross Aboukhadijeh appeared first on Software Engineering Daily.

Mel & Floyd
That Socket Is Very Tender

Mel & Floyd

Play Episode Listen Later Dec 5, 2025 55:51


This week on Mel & Floyd: IRS agents to review Only Fans content; Punching wax in San Antonio; And other random topics. The post That Socket Is Very Tender appeared first on WORT-FM 89.9.

All JavaScript Podcasts by Devchat.tv
Guarding the JavaScript Supply Chain: Preventing NPM Attacks with Feross Aboukhadijeh - JSJ 695

All JavaScript Podcasts by Devchat.tv

Play Episode Listen Later Nov 1, 2025 60:01 Transcription Available


Hey everyone—it's Steve Edwards here, and in this episode of JavaScript Jabber, I'm joined by returning guest Feross Aboukhadijeh, founder of Socket.dev, for a deep dive into the dark and fascinating world of open source supply chain security. From phishing campaigns targeting top NPM maintainers to the now-infamous Chalk library compromise, we unpack the latest wave of JavaScript package attacks and what developers can learn from them.Feross explains how some hackers are even using AI tools like Claude and Gemini as part of their payloads—and how defenders like Socket are fighting back with AI-powered analysis of their own. We also dive into GitHub Actions vulnerabilities, the role of two-factor authentication, and the growing need for “phishing-resistant 2FA.” Whether you're an open source maintainer or just someone who runs npm install a little too often, this episode will open your eyes to how much happens behind the scenes to keep your code safe.

The Oculofacial Podcast
Surgical Technique Battle - Nonporous vs. Porous Orbital Implants in Anophthalmic Socket Surgery

The Oculofacial Podcast

Play Episode Listen Later Oct 6, 2025 36:01


ASOPRS Website: Click Here Join Dr. Natalie Homer hosts Dr. David Jordan and Dr. Stuart Seiff as they debate the advantages and disadvantages of these two implant types and discuss technique nuances of enucleation and evisceration surgery.

PodRocket - A web development podcast from LogRocket
Unpacking the NPM supply chain attacks with Feross Aboukhadijeh

PodRocket - A web development podcast from LogRocket

Play Episode Listen Later Sep 23, 2025 40:09


Feross Aboukhadijeh, founder of Socket, joins us to break down the recent wave of NPM supply chain attacks hitting the JavaScript ecosystem, including how attackers used phishing to target developers, snuck malware into popular packages like Prettier and "is", and even abused tools like Claude, Gemini, and TruffleHog. We dig into how GitHub Actions vulnerabilities were exploited, what makes postinstall scripts risky, and and what you can do to protect yourself from future attacks. Links Website: https://feross.org X: https://x.com/feross GitHub: https://github.com/feross LinkedIn: https://www.linkedin.com/in/feross YouTube: https://www.youtube.com/channel/UCHM4OEvQDUq8UszyUrdov-w Resources npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack: https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack Compromised files replace npm packages with a combined 2 billion weekly downloads: https://www.techradar.com/pro/security/compromised-files-replace-npm-packages-with-a-combined-2-billion-weekly-downloads Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware: https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack Chapters 00:00 Intro: NPM supply chain attacks explained 01:10 What is a software supply chain attack? 02:00 NPM phishing campaign: Fake login pages 03:00 Prettier ecosystem compromised 04:00 The “is” package malware incident 05:30 NX package breach (August 27 attack) 06:40 AI-powered supply chain exploit 08:00 GitHub Actions misconfiguration 12:00 Lessons from recent NPM attacks 20:00 How malicious packages get published 25:00 Why install scripts are so risky 30:00 Limitations of banning install scripts 35:00 Open source maintainer challenges 40:00 Smarter approaches to dependency updates 44:00 The future of open source supply chain security 47:00 Closing thoughts and resources We want to hear from you! How did you find us? Did you see us on Twitter? In a newsletter? Or maybe we were recommended by a friend? Fill out our listener survey (https://t.co/oKVAEXipxu)! Let us know by sending an email to our producer, Em, at emily.kochanek@logrocket.com (mailto:emily.kochanek@logrocket.com), or tweet at us at PodRocketPod (https://twitter.com/PodRocketpod). Follow us. Get free stickers. Follow us on Apple Podcasts, fill out this form (https://podrocket.logrocket.com/get-podrocket-stickers), and we'll send you free PodRocket stickers! What does LogRocket do? LogRocket provides AI-first session replay and analytics that surfaces the UX and technical issues impacting user experiences. Start understanding where your users are struggling by trying it for free at LogRocket.com. Try LogRocket for free today. (https://logrocket.com/signup/?pdr) Special Guest: Feross Aboukhadijeh.

Peter von Panda
Can a Wireless Light Bulb Socket Switch Transform Your Home Lighting?

Peter von Panda

Play Episode Listen Later Sep 8, 2025 4:14


Tired of dealing with hard-to-reach light switches or pull chains? In this episode, Peter Von Panda explore the SURAIELEC wireless light bulb socket switch, a game-changing solution for remote-controlled lighting. See how it turns any light bulb into a switch-controlled setup, perfect for crawl spaces, basements, and beyond. He tests its ease of installation, range, and practicality, showing you how it simplifies lighting in difficult-to-access areas.

The Legacy Music Hour Video Game Music Podcast

You don't need to hack the system to access these great tracks.  They've been compiled into this convenient mixtape, just for you!  There's a lot to explore here, starting with a pumped up piece from the run-and-gun game Ranger X.  Ending 2 (The End) from Don Doko Don 2 is a triumphant and whimsical Famicom tune and Emerald Forest from Socket for the Genesis is fantastic -listen

Risky Business
Risky Biz Soap Box: How to measure vulnerability reachability

Risky Business

Play Episode Listen Later Aug 14, 2025 35:48


In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications. It's great to know there's a CVE in a library you're using, but it's even better if you can say whether or not that vulnerability actually impacts your application. They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it's playing the CVE game as well. This episode is also available on Youtube. Show notes

The Tech Trek
The Security Gap No One's Talking About

The Tech Trek

Play Episode Listen Later Aug 5, 2025 28:26


Feross Aboukhadijeh, founder and CEO of Socket, joins The Tech Trek to pull back the curtain on software supply chain security, why legacy tools are failing, and what it really takes to build trust into modern development. Feross explains how Socket is tackling vulnerabilities most vendors can't even detect and shares why they made a rare early-stage acquisition—and how it's reshaping their roadmap.Whether you're an engineering leader, security pro, or founder eyeing M&A moves, this episode offers sharp insights into product strategy, AI implications, and the real work behind the scenes.Key Takeaways:Socket proactively secures the software supply chain by detecting malicious code injections and not just known vulnerabilitiesLegacy tools rely on outdated databases and can't keep up with real-time threats or malicious actorsThe explosion of AI-generated code is expanding the attack surface and introducing new vectors like “slop squatting”Socket's acquisition of Kawana was driven by tight product fit, culture alignment, and shared technical DNA—not just business rationaleReachability analysis reduced Socket's security alert noise by 80 percent, boosting signal and developer trustTimestamped Highlights:01:00 — What Socket actually does and why open source dependency risk is a blind spot for most companies06:40 — Why most tools in this space haven't solved the real security problem—and how Socket is different11:50 — AI's unexpected impact on software security and the rise of hallucinated packages16:30 — Behind Socket's acquisition of Kawana and how academic research drove product synergy22:58 — How integrating the acquisition is evolving Socket's roadmap and deepening its technical edge25:00 — What Feross learned from the legal side of M&A and how his past experience at Yahoo helped shape this oneQuote of the Episode:“We care way more about first-party code than third-party code, even though it all runs in one app. That has to change.”Resources Mentioned:Socket: https://socket.devCall to Action:Enjoyed the episode? Follow The Tech Trek to catch conversations with the builders shaping the future. And if you're deep in security or scaling a dev team, check out socket.dev or reach out to Feross directly—he's happy to share lessons learned.

ceo ai dna security yahoo socket feross aboukhadijeh feross tech trek
The Dave Ryan Show
7am Hour - Ball Socket Drop Candy

The Dave Ryan Show

Play Episode Listen Later Jul 3, 2025 30:10


It's the Throwback Threesome and we're reliving some gems, that and a brand new War of the Roses, and more!

The Dave Ryan Show
7am Hour - Ball Socket Drop Candy

The Dave Ryan Show

Play Episode Listen Later Jul 3, 2025 29:23 Transcription Available


It's the Throwback Threesome and we're reliving some gems, that and a brand new War of the Roses, and more!

101.3 KDWB Clips
7am Hour - Ball Socket Drop Candy

101.3 KDWB Clips

Play Episode Listen Later Jul 3, 2025 30:10


It's the Throwback Threesome and we're reliving some gems, that and a brand new War of the Roses, and more!

Soft Robotics Podcast
How Does the Orbit Actuator Solve the Ball-and-Socket Challenge in Robotics?

Soft Robotics Podcast

Play Episode Listen Later Jun 28, 2025 100:51


For more info about the orbit actuator, please check https://cnprnd.com/ Or contact Michael Cortez: michael.cortez@cnprnd.com

Convergence
Malware by Prompt: How Vibe Coding and AI Assistants Can Compromise Your Codebase

Convergence

Play Episode Listen Later May 21, 2025 24:45


Large language models are helping developers move faster than ever. But behind the convenience of AI-generated code lies a security vulnerability: package hallucinations. In this episode, Ashok sits down with U.S. Army cybersecurity officer and PhD researcher Joe Spracklen to unpack new research on how hallucinated package names—fake libraries that don't yet exist—can be weaponized by attackers and quietly introduced into your software supply chain. Joe's recent academic study reveals how large language models like ChatGPT and Code Llama are frequently recommending software packages that don't actually exist—yet. These fake suggestions create the perfect opportunity for attackers to register malicious packages with those names, compromising developer machines and potentially entire corporate networks. Whether your team is deep into AI pair programming or just starting to experiment, this conversation surfaces key questions every tech leader should be asking before pushing AI-generated code to production. Unlock the full potential of your product team with Integral's player coaches, experts in lean, human-centered design. Visit integral.io/convergence for a free Product Success Lab workshop to gain clarity and confidence in tackling any product design or engineering challenge. Inside the episode... What "package hallucinations" are and why they matter How AI code assistants can introduce real vulnerabilities into your network Which models were most likely to hallucinate packages Why hallucinated package names are often persistent—not random How attackers could weaponize hallucinated names to spread malware What mitigation strategies were tested—and which ones failed Why simple retrieval-based techniques (like RAG) don't solve the problem Steps security-conscious teams can take today to protect their environments The importance of developer awareness as more non-traditional engineers enter the field Mentioned in this episode Python Package Index (PyPI) npm JavaScript package registry Snyk, Socket.dev, Phylum (dependency monitoring tools) Artifactory, Nexus, Verdaccio (private package registries) ChatGPT, Code Llama, DeepSeek (AI models tested) Subscribe to the Convergence podcast wherever you get podcasts including video episodes on YouTube at youtube.com/@convergencefmpodcast Learn something? Give us a 5 star review and like the podcast on YouTube. It's how we grow. Unlock the full potential of your product team with Integral's player coaches, experts in lean, human-centered design. Visit integral.io/convergence for a free Product Success Lab workshop to gain clarity and confidence in tackling any product design or engineering challenge. Subscribe to the Convergence podcast wherever you get podcasts including video episodes to get updated on the other crucial conversations that we'll post on YouTube at youtube.com/@convergencefmpodcast Learn something? Give us a 5 star review and like the podcast on YouTube. It's how we grow.   Follow the Pod Linkedin: https://www.linkedin.com/company/convergence-podcast/ X: https://twitter.com/podconvergence Instagram: @podconvergence

Lenny's Podcast: Product | Growth | Career
Everyone's an engineer now: Inside v0's mission to create a hundred million builders | Guillermo Rauch (founder & CEO of Vercel, creators of v0 and Next.js)

Lenny's Podcast: Product | Growth | Career

Play Episode Listen Later Apr 13, 2025 87:44


Guillermo Rauch is the founder and CEO of Vercel, creators of v0 (one of the most popular AI app building tools), and the mind behind foundational JavaScript frameworks like Next.js and Socket.io. An open source pioneer and legendary engineer, Guillermo has built tools that power some of the internet's most innovative products, including Midjourney, Grok, and Notion. His mission is to democratize product creation, expanding the pool of potential builders from 5 million developers to over 100 million people worldwide. In this episode, you'll learn:1. How AI will radically speed up product development—and the three critical skills PMs and engineers should master now to stay ahead2. Why the future of building apps is shifting toward prompts instead of code, and how that affects traditional product teams3. Specific ways to improve your design “taste,” plus practical tips to consistently create beautiful, user-loved products4. How Guillermo built a powerful app in under two hours for $20 (while flying and using plane Wi-Fi) that would normally take weeks and thousands of dollars in engineering time5. The exact strategies Vercel uses internally to leverage AI tools like v0 and Cursor, enabling their team of 600 to ship faster and better than ever before6. Guillermo's actionable advice on increasing your product quality through rapid iteration, real-world user feedback, and creating intentional “exposure hours” for your team—Brought to you by:• WorkOS—Modern identity platform for B2B SaaS, free up to 1 million MAUs• Vanta — Automate compliance. Simplify security• LinkedIn Ads—Reach professionals and drive results for your business—Where to find Guillermo Rauch:• X: https://x.com/rauchg• LinkedIn: https://www.linkedin.com/in/rauchg/• Website: https://rauchg.com/—Where to find Lenny:• Newsletter: https://www.lennysnewsletter.com• X: https://twitter.com/lennysan• LinkedIn: https://www.linkedin.com/in/lennyrachitsky/—In this episode, we cover:(00:00) Introduction to Guillermo Rauch(04:43) v0's mission(07:03) The impact and growth of v0(15:54) The future of product development with AI(19:05) Empowering engineers and product builders(24:01) Skills for the future: coding, math, and eloquence(35:05) v0 in action: real-world applications(36:40) Tips for using v0 effectively(45:46) Core skills for building AI apps(49:44) Live demo(59:45) Understanding how AI thinks(01:04:35) AI integration and future prospects(01:07:22) Building taste(01:13:43) Limitations of v0(01:16:54) Improving the design of your product(01:20:09) The secret to product quality(01:22:35) Vercel's AI-driven development(01:25:43) Guillermo's vision for the future—Referenced:• v0: https://v0.dev/• Vercel: https://vercel.com/• GitHub: https://github.com/• Cursor: https://www.cursor.com/• Next.js Framework: https://nextjs.org/• Claude: https://claude.ai/new• Grok: https://x.ai/• Midjourney: https://www.midjourney.com• SocketIO: https://socket.io/• Notion's lost years, its near collapse during Covid, staying small to move fast, the joy and suffering of building horizontal, more | Ivan Zhao (CEO and co-founder): https://www.lennysnewsletter.com/p/inside-notion-ivan-zhao• Notion: https://www.notion.com/• Automattic: https://automattic.com/• Inside Bolt: From near-death to ~$40m ARR in 5 months—one of the fastest-growing products in history | Eric Simons (founder & CEO of StackBlitz): https://www.lennysnewsletter.com/p/inside-bolt-eric-simons• v0 Community: https://v0.dev/chat/community• Figma: https://www.figma.com/• Git Commit: https://www.atlassian.com/git/tutorials/saving-changes/git-commit• What are Artifacts and how do I use them?: https://support.anthropic.com/en/articles/9487310-what-are-artifacts-and-how-do-i-use-them• Design Engineering at Vercel: https://vercel.com/blog/design-engineering-at-vercel• CSS: https://en.wikipedia.org/wiki/CSS• Tailwind: https://tailwindcss.com/• Wordcel / Shape Rotator / Mathcel: https://knowyourmeme.com/memes/wordcel-shape-rotator-mathcel• Steve Jobs's Ultimate Lesson for Companies: https://hbr.org/2011/08/steve-jobss-ultimate-lesson-fo• Bloom Hackathon: https://bloom.build/• Expenses Should Do Themselves | Saquon Barkley x Ramp (Super Bowl Ad): https://www.youtube.com/watch?v=p1Tgsy7D0Jg• Velocity over everything: How Ramp became the fastest-growing SaaS startup of all time | Geoff Charles (VP of Product): https://www.lennysnewsletter.com/p/velocity-over-everything-how-ramp• JavaScript: https://www.javascript.com/• React: https://react.dev/• Mapbox: https://www.mapbox.com/• Leaflet: https://leafletjs.com/• Escape hatches: https://react.dev/learn/escape-hatches• Supreme: https://supreme.com/• Shadcn: https://ui.shadcn.com/• Charles Schwab: https://www.schwab.com/• Fortune: https://fortune.com/• Semafor: https://www.semafor.com/• AI SDK: https://sdk.vercel.ai/• DeepSeek: https://www.deepseek.com/• Stripe: https://stripe.com/• Vercel templates: https://vercel.com/templates• GC AI: https://getgc.ai/• OpenEvidence: https://www.openevidence.com/• Paris Fashion Week: https://www.fhcm.paris/en/paris-fashion-week• Guillermo's post on X about making great products: https://x.com/rauchg/status/1887314115066274254• Everybody Can Cook billboard: https://www.linkedin.com/posts/evilrabbit_activity-7242975574242037760-uRW9/• Ratatouille: https://www.imdb.com/title/tt0382932/—Production and marketing by https://penname.co/. For inquiries about sponsoring the podcast, email podcast@lennyrachitsky.com.—Lenny may be an investor in the companies discussed. Get full access to Lenny's Newsletter at www.lennysnewsletter.com/subscribe

Kottke Ride Home
Tumor Removed Through Eye Socket, Unique Inheritance for a Town, Lazio Team Mascot Canned, Drug Addicted Rats, and TDIH - The Creation of the CIA

Kottke Ride Home

Play Episode Listen Later Jan 22, 2025 18:56


Groundbreaking surgery that removed a brain tumor through the eye socket, the inheritance left to a town that the deceased never visited, the Lazio team mascot won't be allowed at the games anymore due to inappropriate pictures, and drug addicted rats cause havoc at police stations. Plus, on This Day in History, the creation of the CIA. Surgeons Make History by Removing Woman's Brain Tumor Through Her Eye | Gizmodo Surgeons remove tumour through patient's eye socket in UK first | UK News | Sky News Man Leaves €10m Fortune to a Tiny French Town He Never Visited | Good News Network Small town shocked to inherit $10 million fortune from stranger | New York Post Italian soccer club Lazio fires falconer for posting photos of his penis implant | AP News 'Drug-addicted rats' infesting Houston police evidence room | NBC News Watch: 'Drug-addicted rats' destroying evidence in Houston police lockers - UPI.com History of CIA - CIA Establishment of the CIA | Harry S. Truman The Creation of the Central Intelligence Group - CSI Central Intelligence Agency (CIA) | History, Organization, Responsibilities, Activities, & Criticism | Britannica History of the Central Intelligence Agency (CIA) | Harris Federal Contact the show - coolstuffcommute@gmail.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Wisdom of the Sages
1493: Vishnu's the Socket and We're the Plugs

Wisdom of the Sages

Play Episode Listen Later Dec 16, 2024 61:34


'Properly understood and applied, (prayer) is the most potent instrument of action.' - Mahatma Gandhi / Prayer is a yogic means to cultivate inner strength, clarity, and resolve /  Similarities in Dhruva and Aditi - both had devotion mixed with material objective, but both surrendered to a valid spiritual guide, both performed devotional practices with extraordinary focus and determination, both were purified through devotional acts / we don't lose dignity when we pray / through recognition of Vishnu's greatness one can align with the source of power and get connected, like a plug aligns with a socket / Vishnu agrees to become Aditi's son SB 8.17.4-20 To join a Sage Group for Session 9, go to https://www.wisdomofthesages.com/c/sagegroups/ ********************************************************************* LOVE THE PODCAST? WE ARE COMMUNITY SUPPORTED AND WOULD LOVE FOR YOU TO JOIN! Go to https://www.wisdomofthesages.com WATCH ON YOUTUBE: https://youtube.com/@WisdomoftheSages LISTEN ON ITUNES: https://podcasts/apple.com/us/podcast/wisdom-of-the-sages/id1493055485 CONNECT ON FACEBOOK: https://facebook.com/wisdomofthesages108 CONNECT ON INSTAGRAM: https://www.instagram.com/wisdom_of_the_sages