Podcasts about ssh

Show Notes - https://forum.closednetwork.io/t/episode-58-the-price-of-being-watched/198Website / Donations / Support - https://closednetwork.io/support/BTC Lightning Donations - closednetwork@getalby.com / simon@primal.netThank You Patreons & Direct Supporters! - https://www.patreon.com/closednetworkhttps://xmrchat.com/closednetworkDirect Support - https://closednetwork.ioSubscribe Without Patreon - https://closednetwork.io/#/portal/signupMichael Bates - Privacy Bad AssDavid - Privacy Bad AssTK - Privacy Bad AssTrying - Privacy Bad AssVO - Privacy Bad AssMrMilkMustache - Privacy SupporterHutch - Privacy AdvocateInferno_Potato Privacy SupporterDolores Y - Privacy SupporterDirect Support - Craig D Thank You Producers! You Produce This Show!TOP LIGHTNING BOOSTERS !!!! THANK YOU !!!@bon thousands and thousands and thousands of SATs sats!!@fireflygow - 5,000 sats!!frigolay - 34,540 SATs.. HOLY SHITEwardemoff - 5,000 SATsSilas ThornbrookThank You To Our Moderators:Unintelligentseven - Follow on NOSTR primal.net/p/npub15rp9gyw346fmcxgdlgp2y9a2xua9ujdk9nzumflshkwjsc7wepwqnh354dMaddestMax - Follow on NOSTR primal.net/p/npub133yzwsqfgvsuxd4clvkgupshzhjn52v837dlud6gjk4tu2c7grqq3sxavtJoin Our CommunityClosed Network Forum - https://forum.closednetwork.ioJoin Our Matrix Channels!Main - https://matrix.to/#/#closedntwrk:matrix.orgOff Topic - https://matrix.to/#/#closednetworkofftopic:matrix.orgSimpleX Group Chat - https://smp9.simplex.im/g#SRBJK7JhuMWa1jgxfmnOfHz7Bl5KjnKUFL5zy-Jn-j0Join Our Mastodon server!https://closednetwork.socialFollow Simon On The SocialsMastodon - https://closednetwork.social/@simonNOSTR - Public Address - npub186l3994gark0fhknh9zp27q38wv3uy042appcpx93cack5q2n03qte2lu2 - primal.net/simonTwitter / X - @ClosedNtwrkInstagram - https://www.instagram.com/closednetworkpodcast/YouTube - https://www.youtube.com/@closednetworkEmail - simon@closednetwork.ioSpecial Thanks to - EloquentWinter for creating - A Linux guide on MAC address randomizationhttps://forum.closednetwork.io/t/a-linux-guide-on-mac-address-randomization/189TOPICSEncourage curiosity - This week ties together a single thread: someone else holds your data, and therefore holds the power. From algorithmic pricing to supply-chain malware to government scanning to cloud-AI assistants — and the hopeful counter-move, taking your data back. The episode theme is curiosity: in every story, one extra question would have changed the outcome.Segment 1 — Surveillance PricingInspired by More Perfect Union, "We Found the Radical Solution to Surveillance Pricing"Surveillance pricing (a.k.a. personalized / surveillance-based pricing) = charging you an individual price based on sensitive data about you — purchase history, browsing, geolocation, social activity, even biometric and financial signals. The economic endgame is "perfect price discrimination": charging each person their exact maximum.DoorDash holds a patent describing promotions based on a user's stress level.Delta Air Lines (with AI firm Fetcherr) has talked about expanding generative-AI pricing to ~20% of domestic fares, with ambitions to go further. Senators (Gallego, Blumenthal, Warner) and House members demanded answers.A Groundwork Collaborative / Consumer Reports / More Perfect Union study found different shoppers charged different prices for identical Instacart items. Former FTC chair Lina Khan has voiced concern.The "radical" fix is a law: New York's proposed One Fair Price Act would ban surveillance pricing outright — one posted price for everyone.Defensive moves (partial): private/container browsing, block cookies, disable ad personalization, use a VPN, compare logged-out vs. logged-in prices. Honest caveat: this is a structural problem — regulation, not browser tricks, is the real fix.Curious question: Is this price the market — or is it me being read?Segment 2 — "Arch malware btw": the AUR supply-chain attackInspired by Michael Tunnell and Switched to Linux — developing story, June 2026.The Arch User Repository (AUR) is community-maintained, unvetted package build scripts (PKGBUILDs). In a ~24-hour window, a coordinated attack poisoned a large number of packages — reports cite 1,500+ touched, with community trackers confirming ~400–500 malicious package names and rising.How: Attackers adopted orphaned packages (abandoned by maintainers — anyone can claim them) and edited the PKGBUILD to add a pre/post-install hook that pulls a malicious npm package, atomic-lockfile (Sonatype tracked one strand as the "Atomic Arch" campaign).Payload: A Linux infostealer + optional root-only eBPF rootkit. Targets developer secrets — browser creds/cookies, SSH keys, GitHub creds, Vault/npm tokens, Docker/Podman, VPN configs, shell history, Slack/Teams/Discord/Telegram, crypto wallets. eBPF lets it run in-kernel and hide processes/files/connections.If you were hit and the rootkit deployed: rotate every credential (from a clean machine) and reinstall from scratch. A normal uninstall is not enough.Status: Maintainers are removing malicious commits and banning accounts; the official repos of Arch-based distros (CachyOS, Garuda, Chaotic-AUR) were not infected — only users who installed/upgraded a compromised AUR package during the window. Community checker script + affected-package list were published within hours.Action checklist (Arch users):pacman -Qm → list your foreign (AUR) packages.Compare against the community list / run the checker script (CachyOS advisory).If matched → rotate credentials from a clean machine, then clean-reinstall.Curious habit: Before installing, ask who maintains this, when did it last legitimately update, and did ownership recently change? On the AUR, read the PKGBUILD — the malicious line was visible to anyone who looked.Segment 3 — UK Device Scanning: 90 Days to ComplyInspired by "Signal's Warning: The UK's Phone Scanning Plan Just Got Real"The UK government signaled that phone makers (Apple, Google) will get ~90 days to start scanning photos on young people's devices for nude images. Running alongside: Online Safety Act powers for Ofcom aimed at encrypted messaging (key report expected ~April). The mechanism: client-side scanning — every message/image checked on your device, before encryption.Why it matters: Client-side scanning doesn't break encryption directly — it inspects content before the lock clicks shut. The "end-to-end encrypted" label survives, but the privacy guarantee (nobody is looking) is gone.Signal's position: scanning won't protect children and builds surveillance infrastructure that "endangers us all."Security: once scanning exists on every device, the match-database can be expanded — swap it and you're scanning for slogans, documents, faces. Signal would withdraw from the UK rather than build a backdoor. Mullvad raised parallel alarms.Misdiagnosis: real child safety = better-funded education, social services, AI-platform guardrails — not default scanning. Rallying phrase: "Surveillance is not safety."Bigger picture: This is a template (cf. the EU's "Chat Control"). Sympathetic justification + a mechanism that, once built, can point anywhere.Curious question: Not is the goal good? (it usually is) but what else can this machine do once built, and who decides what it points at next?Segment 4 — iOS 27 at WWDC: the Privacy Fine PrintApple WWDC 2026 keynote coverage.Genuine wins: New Siri AI (next-gen Apple Intelligence) uses a tiered architecture — simple requests on-device, moderate ones via Private Cloud Compute (inspectable, hardened). Plus stronger family safety: child-account setup, parental controls, redesigned Screen Time, new Safari safeguards.The fine print (two concerns):Total context access. Siri AI indexes across your messages, emails, photos, and apps — a unified, queryable view of your whole digital life. Conversation history syncs via iCloud ("with privacy protections"), but strength depends on whether you've enabled Advanced Data Protection (Apple's E2EE for iCloud — not on by default).New Google dependency. Apple made official a Gemini partnership — the heaviest reasoning routes to Google Cloud. Apple says queries are anonymized and tokenized so neither Apple nor Google can link them to you (Federighi: "privacy in AI is non-negotiable"). Critics counter that PCC/anonymization is "only as private as the weakest link" — if Google retains any path to usage data for training/debugging, the guarantee weakens.Takeaway: Apple's defaults are still among the best of the mainstream — but don't let "privacy" in a keynote switch off your curiosity. On update: review Siri AI indexing settings, turn on Advanced Data Protection, and understand where your hardest queries travel.Curious question: A magical assistant that knows everything about you is, by definition, a system granted everything about you. Did you make that trade on purpose?Segment 5 — Self-Hosting 101: What to Migrate FirstOriginal recurring segment — Part 1 (scope). Part 2 next week: hands-on photos build.Self-hosting = run the services yourself, on hardware you own, instead of renting space on a company's servers. It's the deliberate counter-move to every other story this week. Honest caveat: you become your own IT department (backups, updates, downtime). Don't eat the elephant at once — scope first.The five candidates (ranked by impact-to-effort):Photos — highest emotional and surveillance value (faces, locations, timestamps). Self-host with Immich (Google-Photos-like: app, auto camera-roll backup, face/object search). Difficulty: moderate; biggest single win.Calendar — a forward-looking map of your life. CalDAV via Radicale or Nextcloud; syncs to your existing calendar app. Easy–moderate; great first project.Contacts — your social graph (everyone else's data too). CardDAV on the same Radicale/Nextcloud server — bundle it with calendar. Easy.File backups — documents and digital paperwork. Often Nextcloud.

Si has estado escuchando los últimos capítulos, te habrás dado cuenta de que he estado sumergido de lleno en el fascinante (y a veces abrumador) mundo de la Inteligencia Artificial. De vez en cuando mi mente me pide a gritos un descanso. Y para mí, descansar significa volver a los orígenes: ponerme a cacharrear con la terminal y escribir código en Rust.En el episodio de hoy quiero cambiar completamente de tercio. Te voy a contar mi experiencia de las últimas semanas saliendo de mi zona de confort con un editor de texto modal que me tiene maravillado en los servidores, y te presentaré cuatro herramientas que he desarrollado en Rust para solucionar pequeños problemas del día a día directamente en la consola de comandos. Así que, ponte cómodo mientras cocinas, vas de camino al trabajo o das un paseo, ¡porque nos vamos directos al turrón!El gran dilema de la terminal: ¿Por qué uso Helix en mis servidores si soy fiel a NeoVim?Los que me seguís desde hace tiempo sabéis que mi editor de cabecera en mi equipo de trabajo habitual es NeoVim. Llevo muchísimos años puliendo mi configuración y, a día de hoy, tengo más de cien plugins instalados que hacen que mi entorno sea espectacular: autocompletado instantáneo, una barra de estado genial, un explorador lateral de archivos y un sistema de análisis de código brutal. Pero, ¿qué pasa cuando me conecto por SSH a mis servidores de producción? Normalmente, estos servidores corren distribuciones Ubuntu de soporte a largo plazo con paquetes más antiguos, por lo que mi configuración de NeoVim moderna empieza a fallar estrepitosamente.Instalar y mantener más de cien plugins en cada uno de los servidores que gestiono es un dolor de cabeza inmanejable. Para solucionar esto sin renunciar a la agilidad de un editor modal en terminal, decidí darle una oportunidad a Helix.Peleándome con la memoria muscularTengo que confesarte que adaptarme a Helix ha sido un ejercicio duro para mis dedos. Cuando llevas años interiorizando los comandos de Vim, tu cerebro automatiza la edición. Mis herramientas caseras desarrolladas en RustAquí te hablo de ellas en detalle:1. mkdr (Markdown Reader/Render): Como todos mis artículos de atareao.es y mis notas personales están guardados en formato Markdown, necesitaba un renderizador potente para leerlos cómodamente desde la consola de comandos. 2. id3cli: Automatizar los metadatos de los episodios de este podcast es crucial para mí. 3. rustled: Para que mi asistente de inteligencia artificial, Cloe, pudiera comunicarse conmigo por voz, necesitaba una herramienta de texto a voz (Text-to-Speech) flexible4. ssrs: Si en algún momento no dispongo de conexión a internet o prefiero que los textos se procesen con absoluta privacidad, recurro a susurros.00:00:00 Introducción y un descanso de la Inteligencia Artificial00:00:56 ¿Qué es Helix y por qué me costó al principio?00:02:27 El problema de llevar NeoVim (y sus plugins) a los servidores00:06:23 Primeros pasos con Helix: el tutor y las diferencias con Vim00:09:34 Pantalla dividida, multicursor y velocidad extrema00:10:54 Temas, resaltado de sintaxis de serie y comandos00:15:12 Mis propias herramientas: renderizar Markdown en terminal con mkdr00:18:40 Navegación estilo Wiki y otras ventajas de mkdr00:20:18 id3click: gestionando etiquetas MP3 sin depender de terceros00:21:52 Dándole voz a Cloe: raslet y la API de Microsoft Edge TTS00:24:35 susurros: generación de voz 100% en local con Rust00:26:55 El futuro: ssrs (Whisper en Rust) y conclusiones00:28:35 Recomendación de podcast: Legalmente Productivos y despedidaMás información y enlaces en las notas del episodio

In this episode, we sit down with Agent P to unpack his open-source project GridPool, a radically simple approach to decentralizing Bitcoin mining payouts. We trace his journey from early concerns about mining centralization during the China ban to reverse‑engineering Ocean's Datum client to build a compatible, open server—enabling client-side block template construction without relying on a centralized payout custodian. Agent P walks us through GridPool's on-deck and winners lists, how difficulty-ordered but evenly split payout slots remove the need for a latency-prone share chain, and why this design can serve both medium-size miners seeking lower variance and small “lottery” miners. We also discuss compatibility with Hydrapool, potential Stratum V2 and CKPool integrations, bootstrapping a decentralized node network, and how GridPool preserves censorship resistance by only sharing minimal data necessary for verification. We close with a fascinating detour into vibe coding: Agent P details using AI agents to port open-source firmware onto closed miners—compiling and live-loading Mujina onto an S19 XP via SSH with minimal manual intervention—illustrating how AI lowers the barrier for anyone to contribute to open-source mining tools. If you're passionate about censorship resistance, decentralized pool payouts, and hands-on experimentation, this is a must-listen. Resources: gridpool.net • Hydropool and P2Pool v2 repos (community forks) • February Forum thread on firmware tips for Antminers • Testnet4 participation for GridPool bootstrapping

Scott and Wes sit down with Ben Vinegar, former Syntax GM and founder of Modem.dev, to geek out over terminal-maxxing, from SSH-based development and tmux workflows to AI-powered coding agents. Ben also demos two of his open source tools: Hunk, a slick terminal code reviewer with 4k+ GitHub stars, and TermDraw, a terminal-based diagramming tool that posts directly to your agent. Show Notes 00:00 Welcome to Syntax! 00:49 Introduction to Modem and AI Project Management 01:40 Exploring Terminal Usage and Productivity 04:26 Setting Up Remote Development Environments 08:38 The Power of TMUX in Development 11:20 What makes TMUX splitting different? 12:46 Integrating AI with Terminal Workflows 14:56 The Future of Terminal Applications 17:31 Balancing GUIs and Terminal Interfaces getfresh.dev Ben's talk at AI Engineer Miami 24:39 Navigating Development Tools and Environments 26:44 The Balance of Security and Convenience in Coding 30:27 Cautionary Tales: The Risks of YOLO Mode 33:53 Innovative Tools for Enhanced Coding Experience 34:09 Hunk: Terminal code review. 41:39 TermDraw: A New Way to Visualize Code and Ideas 46:22 The Dynamics of Open Source Contributions 48:31 Visualizing Code: Tools and Techniques 50:54 Podcasting and Editing Processes State of Agentic Coding. Podguy: Agent-driven post-production workflow for video podcasts 56:23 Introducing Modem: A Product Intelligence Platform 01:01:39 Connecting Feedback to Product Development 01:03:15 Sick Picks Sick Picks Ben: Nirvanna: The Band - The Show - The Movie, Timecrimes Shameless Plugs Ben: https://modem.dev/ Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

In this episode, I take you through how I set up a Cardano node at home using a low-cost HP Elite mini PC, why I decided to do it this way, and how I'm thinking about turning it into a machine that can help pay for itself over time.The main goal here was to reduce the cost of running relay infrastructure for my Cardano stake pool, but in doing that, I can also use this node for other things, too, like a private submit API and other services that may earn rewards over time.I walk through the full setup flow I followed, including installing Ubuntu, enabling SSH access, hardening the server using the CoinCashew guide, deploying the Cardano node with Guild Operators, setting it up as a background service, using Mithril snapshots to speed up sync, and checking everything with gLiveView.If you've been thinking about running your own home relay, or you want to understand how a low-cost machine can fit into a wider Cardano infrastructure setup, this one will help.Tutorials and references used in this setup:CoinCashew Cardano stake pool guideCoinCashew Ubuntu hardening guideCoinCashew topology guideGuild Operators node setup guideTimestamps0:00 Why I bought this mini PC1:02 Turning it into a profitable machine2:08 Reducing relay costs for my stake pool3:24 Whats a Cardano submit API does5:10 Other services this node can run6:22 Installing Ubuntu on the HP Elite mini PC8:40 Switching Ubuntu to command-line boot10:12 Enabling SSH and remote access12:08 CoinCashew server hardening guide13:35 Setting up SSH keys properly15:22 Configuring SSH and changing the port17:48 System updates and fail2ban19:42 UFW firewall rules and opening port 600021:18 Chrony time sync setup22:44 Guild Operators install and dependencies26:10 Choosing binaries and Mithril tools28:34 Deploying the node as a systemd service30:12 Setting CPU cores and installing htop31:40 Configuring gLiveView and mempool tracing33:26 Mithril snapshot setup35:14 Downloading the Cardano DB snapshot37:08 Starting the node and checking status38:20 Topology configuration and relay peers40:05 Final checks in gLiveView41:22 Final thoughts and next stepsIf you want, I can also turn this into a shorter, tighter Spreaker version with less SEO language and more natural podcast copy.DISCLAIMER: This content is for informational and educational purposes only and is not financial, investment, or legal advice. I am not affiliated with, nor compensated by, the project discussed—no tokens, payments, or incentives received. I do not hold a stake in the project, including private or future allocations. All views are my own, based on public information. Always do your own research and consult a licensed advisor before investing. Crypto investments carry high risk, and past performance is no guarantee of future results. I am not responsible for any decisions you make based on this content.

Parce que… c'est l'épisode 0x301! Shameless plug 3 au 5 juin 2026 - SSTIC 2026 24 et 25 juin 2026 - Troopers 26 et 27 juin 2026 - leHACK 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Description Dans cet épisode, Georges Badro, consultant chez Mandiant à Paris spécialisé dans les infrastructures critiques et les systèmes industriels, explique le fonctionnement et la sécurisation des sous-stations électriques. Architecture du réseau électrique Le réseau électrique se décompose en trois zones : la génération (centrales hydrauliques, nucléaires, thermiques, renouvelables), le transport et la distribution. Le réseau de transmission permet de limiter les pertes d'énergie et surtout d'équilibrer production et consommation afin de maintenir une fréquence stable. Contrairement à un réseau d'eau, un réseau électrique exige un équilibre permanent entre ce qui est produit et ce qui est consommé, sous peine de l'endommager. Les sous-stations sont les nœuds névralgiques de ce réseau de transmission : ces grands parcs clôturés que l'on aperçoit au bord des routes centralisent et redistribuent l'électricité. On y trouve des transformateurs et des disjoncteurs, ces derniers permettant d'ouvrir ou de fermer le courant. Aujourd'hui, ces équipements ne sont plus opérés manuellement mais via du contrôle numérique : interfaces homme-machine (IHM), contrôle à distance, RTU (Remote Terminal Units servant de passerelle vers le centre de contrôle), relais de protection et de contrôle (qui lisent tension, intensité et fréquence pour automatiser des décisions), postes d'ingénierie et équipements réseau. Interconnexion croissante et surface d'attaque Badro insiste sur la disparition de l'« air gap » d'autrefois. Les sous-stations sont désormais interconnectées avec les centres de contrôle, des tiers, des partenaires, parfois directement à internet, voire avec le cloud pour la maintenance prédictive. L'architecture type comprend un réseau IT, une DMZ séparant l'IT des systèmes industriels (OT), un centre de contrôle régional ou national (avec historians, serveurs SCADA, bases de données) relié aux sous-stations via VPN ou MPLS. Chaque sous-station est configurée différemment. Certaines connexions exploitent le Powerline Communication (PLC), qui utilise les câbles électriques existants pour transmettre des paquets TCP/IP. Cette multiplication des accès distants, justifiée par la difficulté d'intervenir physiquement dans des zones rurales, augmente considérablement le risque. Les protocoles courants incluent IEC 104, DNP3 et GOOSE. Scénario d'attaque en Red Team Badro détaille l'approche Red Team de Mandiant, précisant qu'un véritable attaquant ne prendrait pas les mêmes précautions. L'attaque commence généralement par un accès initial à l'IT via phishing ou exploitation de vulnérabilités. Suit une phase de reconnaissance : énumération du domaine, recherche de documentation sur les partages réseau et wikis, fichiers de configuration aux extensions spécifiques, mots de passe en clair (notamment de VPN) et schémas d'architecture. L'accès au réseau OT s'obtient ensuite via un VPN, l'exploitation de flux autorisés au firewall, ou la compromission d'hyperviseurs hébergeant des VM IT et OT. Plutôt qu'un scan NMAP destructeur, l'équipe privilégie une reconnaissance furtive : écoute passive du trafic, analyse des adresses IP et MAC, utilisation de logiciels légitimes d'opérateurs et de scripts spécialisés (Modbus, DNP3). Les vulnérabilités exploitées sont souvent basiques : mots de passe par défaut sur interfaces web, SSH ou Telnet, parfois sur des fonctionnalités cachées utilisées par les fournisseurs et inconnues des équipes. À partir d'une IHM, l'attaquant remonte vers les relais de protection, cibles plus insidieuses permettant des dégâts coûteux. Compromissions réelles Badro compare deux attaques réelles. En Ukraine en 2015, l'attaque a démarré sur l'IT par phishing (malware Black Energy via macro), récupéré des mots de passe VPN, accédé aux IHM, RTU et switchs Moxa, puis ouvert les disjoncteurs et déployé des firmwares corrompus pour empêcher la reprise de contrôle. En Pologne en décembre 2025, l'attaque a ciblé directement l'OT en exploitant une CVE connue mais non corrigée pendant plusieurs semaines sur des firewalls exposés à internet. L'attaquant s'est étendu aux RTU, relais, IHM et convertisseurs série-Ethernet via des comptes par défaut, a lancé des scans locaux, uploadé des firmwares corrompus, supprimé des fichiers système des relais et déployé des wipers sur les IHM. Le constat marquant : malgré dix ans d'écart, les mêmes vulnérabilités basiques persistent. Si l'entrée dans les réseaux IT s'est durcie, le côté OT reste comme l'IT « d'il y a très longtemps » — peu de mots de passe robustes, peu de contrôles — par préjugé d'isolement et par des pratiques de maintenance figées. Attaques avancées et défense Au-delà de la simple ouverture d'un disjoncteur, des attaques plus subtiles ciblent la logique des relais : modifier des valeurs de déclenchement, fausser une LED, ou altérer la fonction de réenclenchement automatique. Ces manipulations restent invisibles jusqu'à une condition rare (un arbre tombant sur une ligne) et sont très difficiles à diagnostiquer sans journalisation. Côté défense, Badro recommande : changer les mots de passe par défaut (et alerter si l'ancien est réutilisé), maintenir à jour les systèmes exposés à internet, restreindre les accès SSH/HTTP à des points spécifiques, contrôler les flux PLC venant des centrales, et surtout établir une visibilité réseau et événementielle à tous les niveaux. La prévisibilité des réseaux OT facilite la définition d'une baseline et la détection d'anomalies. L'approche consiste à décomposer chaque système, comprendre les fonctions et leurs interfaces internes/externes (par exemple le GPS spoofing), puis concevoir protections et détections adaptées — en protégeant avant tout le disjoncteur, élément le plus critique. Collaborateurs Nicolas-Loïc Fortin Georges Badro Crédits Montage par Intrasecure inc Locaux réels par Google Paris

Parce que… c'est l'épisode 0x300! Shameless plug 3 au 5 juin 2026 - SSTIC 2026 24 et 25 juin 2026 - Troopers 26 et 27 juin 2026 - leHACK 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Description Dans cet épisode du podcast Polysécure enregistré au NorthSec, Gaëtan Ferry et Guillaume Valadon, tous deux cyber security researchers chez GitGuardian depuis deux ans, présentent une recherche consacrée aux fuites de clés privées cryptographiques. Guillaume est par ailleurs mainteneur du logiciel Scapy et rédacteur en chef du magazine MISC. Le problème de l'attribution Contrairement à des secrets classiques comme les clés AWS, dont on peut retrouver le propriétaire en interrogeant les services associés, une clé privée cryptographique (RSA par exemple) ne se rattache à aucune identité. C'est un simple objet mathématique aux propriétés cryptographiques, utilisable pour de multiples usages : connexion SSH, protection d'un site web en TLS, etc. En regardant la clé seule, impossible de savoir à quoi elle sert ou à qui elle appartient. Quelques indices existent parfois — le nom de fichier (norssec.io.key) — mais souvent on tombe sur des private.key inexploitables. L'enjeu de la recherche était donc de trouver une technique générique de catégorisation. La méthode : Certificate Transparency La solution repose sur les Certificate Transparency logs, un mécanisme de l'infrastructure X.509 datant de 2015. Chaque fois qu'une autorité de certification émet un certificat, elle doit le journaliser dans ces registres publics, souvent opérés par d'autres autorités. Ces journaux contiennent donc l'historique de tous les certificats émis. Le principe du matching est le suivant : une clé privée contient des informations sur sa partie publique (le module, dans le cas de RSA). On extrait cette partie publique, on calcule une empreinte SHA-256, et on fait de même pour les certificats. Comme un certificat TLS associe une clé publique à une identité (généralement le nom du site protégé), une simple jointure entre les deux bases d'empreintes permet de relier une clé privée à un site et à son propriétaire. La recherche s'est accélérée lors de la conférence Pass the SALT à Lille, où des contacts chez Google les ont alertés : les anciens logs de Certificate Transparency, coûteux à opérer, allaient être mis hors ligne. Or c'était précisément la dimension historique du dataset qui les intéressait. Un partenariat s'est noué : GitGuardian a fourni une liste d'empreintes, et Google a effectué la correspondance dans sa base propriétaire, renvoyant les certificats associés. Les chiffres Le dataset de fin 2025 comptait un million de clés privées distinctes, collectées via l'activité historique de GitGuardian — le public monitoring qui scanne GitHub, Docker Hub et d'autres sources à la recherche de secrets codés en dur, puis avertit les victimes en mode « bon samaritain ». Sur ce million, 42 000 clés correspondaient à des certificats émis par des autorités. Le chiffre peut sembler modeste, mais la majorité des clés ne servent jamais au TLS (projets personnels, SSH, autorités privées d'entreprise absentes des logs publics). Ces 42 000 clés étaient liées à plus de 140 000 certificats, signe que certaines avaient servi à émettre plusieurs certificats successifs, prolongeant d'autant la durée d'exposition. Après vérification, 2 600 clés restaient associées à un certificat valide en septembre 2025. Grâce à des techniques d'OSINT, 1 300 certificats ont pu être rattachés à environ 600 entités. La divulgation responsable, un parcours décevant L'équipe a entrepris un responsible disclosure en envoyant environ 4 300 emails à ces 600 entreprises. Résultat : seulement 54 réponses, soit environ 9 %. Même en se limitant aux adresses certaines à près de 100 %, le taux ne dépassait pas 36 %. Pour gérer un envoi aussi massif sans être bloqués comme spam, ils ont dû collaborer avec leurs collègues du marketing, rompus aux techniques de délivrabilité. Plus frappant que le silence : l'incompréhension des répondants. Beaucoup confondaient clé privée et certificat. Certains ont répondu avoir « changé le certificat », croyant le problème réglé. Une équipe de réponse à incident d'une grande entreprise a même produit une analyse détaillée pour conclure que l'endpoint utilisait désormais un autre certificat, refusant toute révocation — alors qu'un attaquant peut toujours mener une attaque man-in-the-middle avec l'ancien certificat non révoqué. Le certificat a fini par expirer un mois plus tard. Fait notable, 19 entités gouvernementales étaient concernées, et aucune n'a répondu. Comprendre TLS Le malentendu de fond tient au fonctionnement de TLS. On génère sa clé privée chez soi, puis on signe une demande de certificat (CSR) envoyée à l'autorité avec la clé publique. L'autorité vérifie les informations, journalise dans CT et renvoie le certificat. Le certificat n'est qu'une partie publique : il associe une clé publique à une identité, sans contenir le secret. Changer de certificat sans changer de clé n'invalide donc rien : l'ancien certificat reste exploitable pour usurper le service tant qu'il n'est pas révoqué. Forcer la révocation et la vraie solution Face au silence, l'équipe a contacté directement les autorités de certification pour demander la révocation, en fournissant les preuves de possession. Cette voie autoritative s'est révélée plus efficace, mais a généré des réactions parfois hostiles — dont un individu insultant expliquant que sa clé était « volontairement publique » pour permettre l'interception (cas d'usage type Burp), sans que le site l'indique clairement. Les chercheurs avouent un moment de doute, au point de vérifier auprès d'anciens collègues de l'ANSSI : le problème est bien systémique. La solution qu'ils privilégient n'est pas seulement l'éducation, mais l'automatisation. La réduction drastique de la durée de vie des certificats (vers 47 jours) imposera des outils comme Certbot, qui renouvelle déjà la clé privée en même temps que le certificat. Or 20 % des clés trouvées avaient fui plus de deux ans avant l'expiration du certificat le plus récent : des clés compromises réutilisées sur de nouveaux certificats pendant des années. Renouveler systématiquement la clé aurait éliminé ce cinquième des compromissions. Notes Private Key Leaks in the Wild: Insights from Certificate Transparency Collaborateurs Nicolas-Loïc Fortin Guillaume Valadon Gaetan Ferry Crédits Montage par Intrasecure inc Locaux réels par NorthSec

Jon Westfall and I were joined by frequent guest panelists Frank McPherson, and Sven Johannsen to discuss  the announcements from the recent "Gemini I/O" and Android shows. I kicked off the episode with a real-world tech success story: the Google app on my Pixel devices provided a magnitude and epicenter alert for a 6.0 earthquake in Hawaii that occurred 200 miles away. I felt a relatively mild rumble but thought it was a feral pig bumping the side of my home. Much of our hardware discussion focused on the Google Book, a premium AI-first device running the "Aluminium" (Android-based) OS. We speculated that Google is positioning this to compete with the high-demand MacBook Neo, which is currently so popular that rumors suggest Apple may release a spec-bumped "Neo 2" to address chip shortages and stay ahead of the competition. On the software and AI front, we looked ahead to Android 17 and its new "Rambler" feature for Gboard, which uses AI to filter out "ums" and "ahs" from voice transcriptions. I shared my experience with Gemini Pro's voice cloning, which was "scary good" at mimicking my voice with minimal training, while Frank voiced skepticism about Wear OS 7 replacing tiles with widgets, fearing it's a step backward for round-screen usability. The episode also served as a warning about the dangers of auto-updates; Jon shared how a Ubiquiti router update broke his HomeKit setup—requiring an SSH command to fix—and I recounted a corrupt OneDrive for Mac update that forced me to roll back to its previous version using Time Machine. We wrapped up with a demonstration from Sven, who demonstrated his new Pixel Fold 10's unique feature in Google Meet that allows for a split-view using the front and back cameras simultaneously. This "double-vision" mode allows a caller to show their face while also providing a high-resolution view of their surroundings, which we agreed would be a game-changer for remote tech support or traveling. d there is still plenty of innovation happening in the Android ecosystem.

Microsoft confirms active exploitation of two Defender flaws. Europol dismantles a VPN service tied to ransomware gangs. A nine-year-old Linux kernel bug exposes SSH keys and password hashes. Cisco patches a critical Secure Workload vulnerability, while Drupal fixes a highly critical SQL injection flaw. Android malware quietly signs victims up for premium SMS scams. Webworm upgrades its espionage toolkit with Discord and Microsoft Graph backdoors. Plus, China and Russia deepen cooperation on AI, cybersecurity, and satellite systems. Our guest is Jake Moore, Global Cybersecurity Advisor for ESET, sharing a glimpse into his Infosecurity Europe keynote "The Deepfake Interview." Greg doesn't even work here anymore… Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Maria Varmazis speaks with Jake Moore, Keynote speaker for the upcoming Infosecurity Europe conference and Global Cybersecurity Advisor for ESET, getting a glimpse into his session "The Deepfake Interview: Breaking In From the Inside." This interview is part of our partnership with Infosecurity Europe.  Selected Reading Microsoft Defender vulnerabilities exploited in the wild (Help Net Security) Europol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator (Hackread) Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes (Infosecurity Magazine) Cisco Patches Critical Vulnerability in Secure Workload (SecurityWeek) Android Malware Spotted Subscribing Victims to Paid Services Without Consent (Hackread) Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking (SecurityWeek) Webworm: New burrowing techniques (We Live Security) Xi and Putin pledge closer cooperation on AI, cyberspace and satellite systems (The Record) Zombie user account let hackers control the city's water (The Register) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

#351: Entry-level tech jobs are down 67% since 2022. Junior developer roles are down 40 to 50%. The instinct is to blame AI and call it unprecedented, but the layoffs are not the new part. The boom-bust cycle has happened before -- dot-com to dot-bomb, the 2020 hiring spree to the 2022 correction, now this. The new part is that the thing replacing the bottom of the ladder is not a cheaper human in another country. It is an agent that takes instruction and ships code overnight. Here is the uncomfortable reframe. A junior developer is told what to do, does not change the architecture, does not make decisions, and produces better work the more detail you give them. Replace the word junior with agent and the description does not change. That is the whole problem. The traditional path from junior to senior assumed five years of grunt work would teach you the things grunt work teaches. The grunt work has a new owner now, and nobody knows what the new on-ramp looks like. Seniors are not safe either. If you have spent 30 years writing pretty code and you have already started rejecting the idea that an agent can do it better, history is not on your side. The same people who refused to embrace cloud and containers are the people who will refuse this -- and the SSH-key-maker on the team that took a week to provision a key is not pivoting to AI either. Two types of employees. The ones you can replace in five minutes and the ones whose departure feels like a loss. Only one type thrives in this cycle. So what actually works? Capacity to learn over experience. Specific knowledge over generic knowledge -- if every developer on the internet can do what you do, the model trained on the internet can too. The job is becoming managing a team of agents the way a manager manages people: figure out what should be done, how, and when, then check on the team and work with individuals. The hiring test that still works after all these years is the one where the candidate switches to the browser and Googles. That is the person who can adapt. That is the person who survives this market.   YouTube channel: https://youtube.com/devopsparadox   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

Take the 2026 AI Engineering Survey and get >$2k in credits and AIE WF tickets!This was recorded before Railway suffered a major GCP outage on May 19, despite being a multi-AZ, multi-zone mesh ring, with HA fiber interconnects between their Metal GCP AWS, because workload discoverability was unintentionally still tied to GCP. All has been resolved with a post-mortem.Railway did not start as an AI infrastructure company.It was founded in 2020 years before agents became the default way people thought about deploying software. Jake Cooper, formerly at Bloomberg and Uber, started Railway with a simple obsession: the activation energy to ship something to production should be near zero. Push code, get a URL, iterate. No Docker files, no Kubernetes manifests, no Ansible scripts stacked on Ansible scripts.For years, this was a slow grind. Railway spent its first 18 months hand-acquiring its first 100 users with Jake personally greeting every Discord signup on a second monitor.Today, Railway has raised $124m and is growing very fast. A 35-person team supports 3 million users, adding roughly 100,000 signups a week. Their bare metal data centers have a 3-month payback period vs. renting in the cloud, with 70% margins funding aggressive cloud bursting when needed. The servers they own have actually appreciated in value as RAM prices have climbed basically meaning the value of their hardware now exceeds the capital they've raised.From rebuilding Railway's network overlay over a weekend to moving the vast majority of workloads onto its own bare metal data centers, Jake Cooper is trying to build a new cloud for an agent-native world. In this episode, Railway's founder and “conductor” joins swyx and Alessio to unpack why the next era of software infrastructure is not just “Heroku but newer,” what agents need that humans did not, and why the old deployment loop of Git, PRs, CI/CD, and static cloud resources may be heading for a rewrite.We go deep on Railway's infrastructure stack: own-metal data centers, three-month cloud payback periods, cloud bursting, data center debt, Railpack, Nixpacks, Temporal, feature flags, Central Station, content-addressable filesystems, agent-safe production forks, and why the CLI may become more important than the canvas in an agent world. Jake also shares the founder journey behind Railway, how the company survived losing $500K/month, why it now serves millions of users with only 35 people, and why he believes the pull request is dying.We discuss:* How Railway went from a slow six-year grind to adding 100,000 users a week* How Railway thinks about agents as the next dominant software species* Why agents need version control, observability, compute, storage, and orchestration at 1000x scale* The economics of Railway's own-metal data centers and three-month payback* How Railway uses cloud bursting while scaling its own infrastructure* Why data center debt can be a better tool than venture debt for infra startups* Central Station, Railway's internal system for clustering customer feedback and incidents* Why responsible disclosure and over-communication matter for platforms* Why feature flags, progressive rollouts, and shadow traffic are essential for agents* Temporal's strengths, pain points, and why workflows matter for agents* Railpack, Nixpacks, Nix, and lazy-loaded content-addressable filesystems* Why “cattle, not pets” may change if you can clone the pets* Why Railway is building a new cloud from scratch instead of copying hyperscalers* The solo founder path, focus, writing, and how Jake thinks about company buildingRailway:* Website: https://railway.com/* X: https://x.com/RailwayJake Cooper:* LinkedIn: https://www.linkedin.com/in/thejakecooper/* X: https://x.com/JustJakeTimestamps00:00:00 Introduction: What Is Railway?00:02:07 Jake's Path to Railway00:06:13 Railway's Six-Year Growth Story00:08:52 Rebuilding the Business After the Free Tier00:11:17 Agents as the Next Software Platform00:13:29 Railway's Infrastructure Philosophy00:15:42 Bare Metal, Cloud Economics, and the Compute Crunch00:17:22 Cloud Bursting and Five-Cloud Networking00:20:20 Data Center Debt and Infra Financing00:23:31 Data Centers in Space00:25:24 What Agents Need From Infrastructure00:28:24 CLIs, Canvas, and Agent-Native UX00:35:15 Central Station, Incidents, and Responsible Disclosure00:40:30 Safe Rollouts, SRE Agents, and Production Forks00:45:00 AI SRE, Specs, Code, and Tests00:48:24 Self-Replicating Infrastructure and the New Serverless00:53:18 Heroku, Temporal, and Workflow Engines01:04:07 Railpack, Nixpacks, and Lazy-Loaded Filesystems01:06:01 Coding Agents, Token Spend, and Roadmap Acceleration01:10:56 The Pull Request Is Dying01:12:28 Feature Flags and the Agent-Era SDLC01:16:15 Cattle, Pets, and Cloning Machines01:19:29 Solo Founder Lessons01:24:12 Focus, GPUs, and Building a New Cloud01:28:20 Closing ThoughtsTranscriptAlessio [00:00:00]: Hey, everyone. Welcome to the Latent Space Podcast. This is Alessio, founder of Kernel Labs, and I'm joined by Swyx, editor of Latent Space.Swyx [00:00:10]: Hey, hey, hey. Today we're in the studio with Jake Cooper of Railway.Alessio [00:00:14]: Conductor of Railway.Swyx [00:00:15]: Conductor at Railway. Yeah.Alessio [00:00:16]: Choo-choo.Swyx [00:00:17]: Do you actually have that anywhere, like on your business card?Jake [00:00:20]: We call some of our volunteer moderators conductors. I don't have a business card. We're not that big yet. At some point I will. I got handed a nice business card from the Supermicro folks, and I was like, “Damn, this is pretty official.”Swyx [00:00:30]: Business cards are coming back.Jake [00:00:32]: They're cool. They're hip. The conductor thing is good. We're trying to figure out what we want to call each other internally. Some people think it's super cringe and say, “You don't need a name for people internally.” Some people want to call each other something. We still don't have a really good one.Jake [00:00:55]: We've got New Railcrews, Trainiacs. Nothing has stuck yet.Swyx [00:01:00]: I like Trainiac. Trainiac sounds good. Railwayians. For those who don't know, what is Railway? Let's give people a crisp definition up front.Jake [00:01:09]: Railway is the easiest way to ship anything. You go to the canvas, or you talk with Claude, and you say, “Deploy a Postgres instance, deploy my GitHub repository, run this code,” and you're off to the races.Swyx [00:01:22]: You've got a nice animation on the landing page.Jake [00:01:24]: Thank you. None of my work, by the way. They don't let me touch the design stuff anymore.Jake [00:01:25]: We want to make it trivially easy not just to deploy things, but to evolve applications over time. Most tooling right now stacks entropy on top of entropy: Docker, Kubernetes, Ansible scripts, and all these other things. If we can version all of your software and keep track of all the changes, then we can make it trivial to clone environments, fork into a parallel universe, get copies of production data, get copies of any services, make changes, validate them, and collapse them back in without reproducing everything across a staging environment.The Railway Origin Story: From Uber Systems to a New CloudSwyx [00:02:07]: I was looking at your background: Bloomberg, Uber. Nothing immediately stands out as, “This guy is going to found the next great platform as a service.” What prepared you for Railway?Jake [00:02:21]: It was curiosity to keep going deeper. I started out on front-end stuff, working on Wolfram Mathematica and porting it over. Then I briefly moved to Bloomberg, then toward Uber and distributed systems, taking the Jump Bikes systems and moving them to a distributed system built on top of Cadence, the pre-Temporal Temporal.Swyx [00:02:44]: Which, by the way, I'm happy to talk about, pros and cons.Jake [00:02:48]: Totally.Swyx [00:02:51]: But let's do the Railway story.Jake [00:02:52]: It has been a continual step of wanting an experience. Whether it's walking up to a bike, unlocking it, and having it work frictionlessly, or something else, the depth required to make that happen follows from the experience. A lot of the work I do, and a lot of the team does, is in service of that experience. We fundamentally don't care how deep we have to go. We will swim to the bottom of the swimming pool to get the experience.Jake [00:03:17]: I don't have a physics PhD. I did an EECS degree. It has always been about figuring out the next step: how do we get there? That's what led to starting Railway for that experience and then moving all the way to bare metal data centers. I was adding patches to the kernel this week to get the experience there because I can see how much better it can be.Swyx [00:03:49]: Other patches to the Linux kernel this week?Jake [00:03:51]: Yeah. Not upstream. Our fork.Swyx [00:03:52]: That's a flex. Railpack? No, this is different. This is the OS on top of Railpack?Jake [00:03:57]: No, this is an actual kernel patch. It's always literally: what do we have to do to get that experience? Then figure it out. Anything is figureoutable.Swyx [00:04:10]: Would you send the patch upstream, or does it not fit other use cases?Jake [00:04:13]: Maybe. We have to work out the experience internally. It has to do with the storage layer we're building for some of the agentic stuff. Maybe it'll be useful upstream, but it's deeply useful for us internally.Open Source, Forks, and Non-Deterministic VersioningSwyx [00:04:29]: You mentioned open source before. How do you think about starting from open source, and then coding agents letting you do a lot more from forks of it?Jake [00:04:38]: GitHub's original sin is that it's almost a series of broken pointers. You have this thing, then you clone it, and now you've lost the whole upstream. How do we make it trivial for people to modify really small pieces of it?Jake [00:04:51]: We think of Git in a discrete sense: I've either made a change and merged upstream, or I haven't. What would it look like if it were percentage-based, a little more non-deterministic, or a stream of changes that users traverse as a percentage rolled out in general and then rolled all the way up?Jake [00:05:13]: We have the open-source kickback program and let you deploy templates because we want to make it trivial for people to version these shards over time. It solves a large problem around authentication, authorization, and security. NPM has a way to define, “Don't take any new packages.” The ideal end state is that you roll out progressively to users with the minimum impact zone and continue rolling up. JPMorgan should probably be the last one on the patch line, for all our sakes, because our money and livelihoods are there.Jake [00:05:53]: It's okay if Johnny Vibe Coder gets a broken patch because there's so much entropy in the system that the rubber has to meet the road at some point. You have to test at varying levels.The Long Grind: First Users, Free Tier, and Making the Business WorkSwyx [00:06:13]: I wanted to pull up this glorious chart, which is your usage or number of daily signups?Jake [00:06:22]: Daily signups, I think.Swyx [00:06:24]: You started six years ago. It was a slow grind, and now you're on a rocket ship. You say, “Don't doubt your fight and don't quit.” Maybe pick out certain points that were key inflections for the company.Jake [00:06:40]: At the start, it's about getting your first 100 users, hell or high water. We had a website and a support link. The support link was the Discord channel. I had notifications on with two monitors: the monitor I was working on and the other monitor with Discord. If anybody came in, I was immediately like, “Hey, how's it going?” It was rare, so getting those first 100 users to come back was the start.Jake [00:07:14]: Then you build a consultancy factory because users want all these things. You have to go back to the board and ask, “What is the actual product offering I want to build on top of this?”Jake [00:07:28]: VCs want charts that always go up and to the right, but in reality you don't necessarily want charts that look like that. For us, there have been periods of expansion where we add features to test use cases, and periods of compaction where we ask, “If the experience we have is good, how do we make it significantly better?” Maybe we strip out features that don't fit our ICP anymore.Jake [00:07:57]: The boom from 2022 to 2023 came from the free tier. Everybody under the sun was using it.Swyx [00:08:09]: A lot of Reddit bots and Discord bots.Jake [00:08:12]: And crypto miners. When you build an open product on the internet where anybody can sign up, the internet is a horrible place with so many things. You go through periods of asking, “How do I reach as many people as possible?” Then, “How do I fit the exact use case for the people who really matter and are really excited about this specific thing?”Jake [00:08:39]: Then there was a two-year period of making the actual business work. During the free-tier era, we were losing about half a million dollars a month.Swyx [00:08:59]: On a $20 million bank account.Jake [00:09:02]: On a $20 million bank account with maybe $50,000 a month in revenue. That's a horrible business. I don't know how anybody invested. But you have to go through it and say, “We have an experience people love, but the business has to work.”Jake [00:09:17]: There are two schools of thought. You can run the horrible business all the way up with bad margins, or you can go back and make it work. We've always wanted a super lean team. We're 35 people right now. It's very small.Swyx [00:09:36]: Supporting three million already?Jake [00:09:38]: Yeah. We're adding 100,000 users a week right now, so it's growing fast. We don't want to add headcount for the sake of headcount or throw bodies at problems. We want to build systems. It's hard to build systems during expansion because you're adding things to the system because people are asking for them or things are breaking.Jake [00:10:00]: We had to cut off the free users for a little while, rebuild the business, and make sure it worked. We want to reach as many people as possible because software is important. It's become difficult to create things in the physical world, so it's important to make it easy for people to build in the virtual world and have access to creation. But there are legs to that journey.Jake [00:10:30]: You can see divots in the charts. If you follow between 2025 and 2026, it's either summer or winter. People go on holiday with family.Swyx [00:10:50]: It affects that much?Jake [00:10:51]: Yeah. It's kind of B2C and kind of B2B. People are shipping constantly, then they stop. Our activation curve now shows more people activating on weekdays because we have more business users, so it smooths out over time.Agents as the New Interface to DeploymentSwyx [00:11:17]: Was there a point where you started prioritizing AI development or agent development?Jake [00:11:24]: We've prioritized agentic as a top-of-funnel thing. Over the last six months, we've deeply prioritized agentic as a mechanism to build and deploy things because we believe the curve is so steep and that is how people will build and deploy software.Jake [00:11:42]: It almost fundamentally doesn't matter whether this is dot-com or not because we're all on the internet anyway. If agents are going to deploy a bunch of things and we hit an inference wall at some point, we'll fix those problems. The dominant species over the next 10 years is that we've moved from assembly to C to C++ to JavaScript to words. You're going to need to close that loop.Swyx [00:12:13]: When you say this is dot-com, did you mean buying the domain, or the general case?Jake [00:12:17]: I mean the dot-com era, when companies had a huge run-up because people understood the internet was important. Then they hit bottlenecks, fundamental laws of physics, math didn't work, and everybody came back down to earth. But it didn't matter because the internet became so impactful. If you operate on a long enough time horizon, you should build these things anyway because you can see where it's going.Jake [00:12:45]: That's where I think a lot of agent stuff is. You get to a point where you're running thousands of agents in parallel. What is the inference cost? What is the compute cost? How do you make that efficient? How do you coordinate all this? We have issues coordinating humans; we don't even have good tooling for that. Now we have to figure out how to get agents to coordinate, safely version changes, and know when to raise their hand for someone to intervene. Otherwise it becomes an interrupt factory.Railway's Infrastructure Thesis: Network, Compute, Storage, and MetalSwyx [00:13:19]: Let's go right into the technical side. What are the core infrastructure or architectural beliefs of Railway that allow you to do what you do?Jake [00:13:29]: The primitives matter a lot for us. We need network, compute, storage, and orchestration around it. You need control over a lot of those things. We've talked a lot about how we don't really use Kubernetes because we want higher-order control to place workloads in very specific places.Jake [00:13:48]: The reason is that you have to be very efficient with agents: memory reuse and all these other things, or you're going to massively blow up your cost structure. Being able to rack and stack your own servers and build your own metal unlocks performance and cost. Experiences where you're running 1,000 agents in parallel are not massively cost prohibitive.Jake [00:14:13]: Token use and compute use are blowing up. Over time, those things have to get a lot more efficient. You can get a lot of margin to make those experiences solid by building your own metal. That's all in service of offering a differentiated experience to as many people as humanly possible.Swyx [00:14:51]: You have a data center in Singapore.Jake [00:14:53]: Yeah. We have two in every other region now. In Singapore, we're adding a second one in Q3.Swyx [00:14:58]: What's it like? I've never built a data center. Do you go to Equinix and say, “I want some slots?”Jake [00:15:05]: Yeah. Equinix. You basically go and say, “I want power and I want a cage.” They say, “Great, here's what it's going to be.” You rent the cage for a period of time, fill it with racks and servers, and hook up internet to it. That's all the pieces.Swyx [00:15:36]: Then you handle everything else.Jake [00:15:37]: You handle everything else.Swyx [00:15:39]: What's the math versus clouds doing it for you?Jake [00:15:43]: If we rented in the cloud, our payback period when we go to metal is about three months.Swyx [00:15:50]: Which is crazy.Jake [00:15:51]: It's nuts. That's four years of depreciated hardware. You're going to see a lot of this compute crunch because hyperscalers are buying up a lot of stuff. We're working directly with OEMs, resellers, and people building these machines: Supermicro, Dell, and others.Jake [00:16:11]: Upstream, there's a bunch of supply pressure. When we raised our last round, between deploying capital for servers and now, the amount of money we've raised is less than the amount of money we have in the bank plus the value of the servers because the servers have appreciated as RAM has gone up. It's nuts how valuable hardware has become.Jake [00:16:50]: If you look at hyperscalers, they deployed around $80 billion of capital expenditures this year, and next year will be more. That's a massive infrastructure build-out. You look at that and think it's crazy that they're spending way more than the Manhattan Project. But if every person is going to run dozens or hundreds of agents in parallel, you have no conceptual idea how much compute is required to make that experience happen, even if you're deeply efficient and sharing resources. And that doesn't even count inference.Swyx [00:17:22]: How do you plan the build-out? The growth chart is so vertical. Are you usually at 100% utilization as soon as racks are live? How far ahead are you planning?Jake [00:17:33]: We still maintain cloud presence for bursting. We work with AWS, GCP, and a few other clouds. We can rent, and then the moment we get space or power, we compact those workloads off the cloud. We started on the clouds, then built a system to migrate to our own metal. There's nothing that says you can't continually do that again, and that's exactly what we do. We never want to be compute constrained.Jake [00:18:09]: At the start of the year, we actually became compute constrained because one upstream provider wasn't able to give us quota at the rate we needed, and the hardware was slower. I spent a weekend rebuilding our entire network overlay so we could straddle five clouds: Oracle, AWS, ourselves, GCP, and one other one. We can do more than that now.Jake [00:18:38]: We got into a spot where we were trying to pack instances tight because we couldn't get enough compute. That led to a few reliability issues, which are now past us. I made a tweet pointing out that it's becoming harder and harder to acquire compute at the rate these models need to acquire compute. We got bit by it.Swyx [00:19:15]: How do you think about pricing knowing you might not have your own metal available at all times? Are you pricing assuming you need extra margin if you end up going into the cloud?Jake [00:19:26]: Because we've built out our metal data centers, our margins on metal are around 70%. We can deeply subsidize the cloud business if we want to scale at a reasonable rate. We have a few levers: metal, which makes the margins; cloud burst; debt to buy servers; and venture capital. It's an interesting operational problem: how much cash do we have, how much should we raise, how quickly can we deploy it, and can we scale revenue as quickly as we scale compute?Jake [00:20:05]: If we continue making it trivially easy for people to build and deploy, then the faster we close that loop and the more operationally excellent we are with capital, the faster the business can scale. It's almost a straight linear deployment rate.Financing Infrastructure: Hardware Debt, VC, and Operational LeverageSwyx [00:20:20]: I think infra startups raising debt is a tool people don't utilize enough or know enough about. What can you tell us about that? Is it secured against your CPUs?Jake [00:20:32]: It's secured against our hardware.Swyx [00:20:37]: What rates do you get? Who are the lenders?Jake [00:20:39]: We pay prime plus a spread, and we can refinance any of the debt as rates go down. The terms are pretty good. The unfortunate thing is that Twitter has no nuance, so people say, “Venture debt bad.” But as with all things, there are specific tools and areas where you can be deliberate instead of using one tool as a hammer. Venture capital is not the hammer for everything. You have to explore and figure out what works.Swyx [00:21:12]: VC is usually the most expensive financing you can get.Jake [00:21:15]: Yeah. I also think people think about VC incorrectly from a capital-raising perspective. Most people think, “How do I raise as much money as possible from whoever is probably the best I can get at that time?” That's close to right, but what we've tried to do is figure out what unfair advantage we can buy with that equity.Jake [00:21:34]: It's the most expensive equity you're going to give away at that point in time, assuming the company keeps getting better. How do you use it to work with someone stellar who complements you? In the seed stage, I had never started a company. Ray Tonsing had good advice, and I could text him all the time. He was really fast. Awesome.Jake [00:22:01]: Then with John and Erica at Unusual, they said, “You roughly know what you're doing building a product. We'll mostly leave you alone and be available for advice.” Amazing. Then we got to Series A and the business was an operational tire fire because we didn't know how to scale a business. Work with Erica, and Jordan is over at Redpoint, so bonus.Jake [00:22:28]: Now we've raised from TQ and FPV as we're moving into enterprises. Every step of the way, we've asked: who can we partner with at this specific time to unlock the next section of the journey? I don't know enterprise sales. As an engineer, I can eyeball what features we might need, and we have wonderful people internally who can help. But you want boardroom dynamics where everyone is aligned and asking, “How do we win this?” instead of bickering about strategy.Data Centers in Space and the Physics of ComputeSwyx [00:23:31]: You had a tweet about data centers in space. Why no data centers in space?Jake [00:23:37]: It's not “no data centers in space.” My hot take is that I think it is solvable. I've just never seen anybody solve it.Swyx [00:23:49]: You said, “How are you going to dissipate that much heat in a vacuum?” You're making a physics claim.Jake [00:23:55]: I haven't seen anybody prove how you're going to dissipate that much heat in a vacuum. It doesn't mean it's not possible. It just means nobody has brought it up yet.Swyx [00:24:05]: Astrophage.Jake [00:24:06]: I don't know what that is.Swyx [00:24:07]: The Martian thing. Okay, you're very logical.Jake [00:24:09]: It could work. A lot of people are putting the cart before the horse. They say, “We're going to put data centers in space.” Okay, but how? “We have time to figure it out.” It's like in The Martian where they ask how they're going to intercept something and say, “We'll figure it out.”Swyx [00:24:36]: Making a bet on human invention is weird because you blind trust that it can be solved. But with physics, there are first-principles bounds you can put on it. Maybe not. Maybe you're asking to travel time or break a fundamental thermodynamic law.Jake [00:24:57]: I don't know how VCs do this either. How do you know what's not possible and a grift versus what's possible but sounds completely insane? “We're going to put data centers in space.” Coin flip as to which it is, and I guess you'll know in 10 years. That's one cycle.What Agents Need: Versioning, Observability, and 1,000x ScaleSwyx [00:25:23]: Moving back to agents. The branching, fast spin-up, and orchestration you do feels like pre-work that happened to be exactly what agents want. What do agents want differently than humans?Jake [00:25:37]: They want the ability to version things. It's not that different; it materializes slightly differently. Agents want a way to test changes incrementally. Engineers have feature flags. Is there a reason agents can't use feature flags? I don't think so.Jake [00:25:54]: They want version control. Can we use Git or not Git? That one is up in the air. I think something outside Git will emerge for how we version these things over time. They need observability. You need to query what happened, when it happened, which steps failed, traces, logs, metrics, and all the rest. They need network, compute, and storage. They need to write files, save files, iterate on files, and snapshot file systems.Jake [00:26:25]: A lot of what humans needed is in line with what agents need. Branching and forking are not different; we're just moving 1,000 times quicker. It can look like you need something massively different, but what you need is something massively better than what existed. You need orchestration massively better than Kubernetes. You need networking probably better than Envoy. It goes all the way down the stack.Jake [00:26:55]: If the workload profile doesn't change so much as it gets massively compressed because you need thousands of these things, what assumptions change? etcd is going to melt. You need to replace it with something. You can go all the way down the stack and say, “That part has to change, that part has to change, and that part has to change.”Jake [00:27:19]: The interesting thing about the super-exponential curve is that you have to build systems where you can rip out those parts at any time because a new bottleneck might emerge. You get good at parallel agents, and a different part of the system breaks. So it's similar to what humans needed, but at 1,000x scale.Jake [00:27:55]: How do you do code review in the age of agents?Swyx [00:28:00]: You throw more agents at it.Jake [00:28:01]: You don't. But then who reviews for CVEs and all these other things?Swyx [00:28:07]: More agents.Jake [00:28:08]: And that's how we hit the inference wall. You can continually throw agents at the problem, but I think there's a limit to the number of agents you can throw at a problem.CLI, Agent Handles, and Closing the LoopSwyx [00:28:24]: You already had a CLI before it was cool. How is the shape of what you're exposing changing, if at all?Jake [00:28:28]: CLIs have always been cool. The CLI changes because we think about how to give Claude, Codex, ChatGPT, or any model a handhold.Jake [00:28:50]: A CLI is a single command: deploy, get logs, and so on. Things that were prohibitively annoying to humans are not annoying to agents. They're nice. If I handed you a CLI with 40 arguments and 600 flags, you'd think, “I'm never going to use all of this.” But if you hand it to an agent, it says, “This is excellent. I have so many handles to work with.”Jake [00:29:24]: If you're going to expose things to agents that way, you want as many handles as possible where they can get information, query dynamic information, and close the loop quickly. Most problems right now are about how to close the loop as quickly as possible. Where does the agent get stuck, and how can you remove that?Jake [00:29:49]: Telemetry is important. If you can tell where the agent gets stuck from the CLI and say, “12% of people deviate from the happy path because of this, and now I add this argument and drive it down to 2%,” you massively increase the rate of loop closure.Jake [00:30:03]: That's how we think about not just the CLI, but every point in the dashboard. It's a user journey: I hear about Railway. I get something deployed. I get my first green build or aha moment. I see an endpoint, logs, whatever. Then I iterate. The iteration loop is indefinite. The user wants to deploy a new thing, a Postgres instance, change code, and keep iterating.Jake [00:30:36]: If you focus on the iteration loops and what's blocking them from closing quickly, one thing we say internally is: you never want to be waiting on compute anymore. You always want to be waiting on intelligence. If you're waiting on compute, there's a bottleneck that needs to be destroyed because eventually that bottleneck becomes so large that another workflow emerges to change it.Jake [00:31:04]: We've built a product where you push code, build it, and so on. But I fundamentally believe the push-pull loop is going away. We'll get to a point where you make a small change in production, that change is versioned across your infrastructure, you're working alongside copy-on-write versions of your database and infrastructure, and then you merge it in and it's instantaneously live. That's the holy grail of loops. The push-pull-rebuild thing is a point of friction that we're removing entirely.Canvas as Output: Dashboards, Context Anchors, and HyperstructuresSwyx [00:31:43]: It's incredibly fast. If anyone hasn't tried it, that fast feedback is great. My hot take is that Railway was famous for its canvas, which visualizes your infrastructure and lets you manipulate it visually. But that was for humans. For the next phase of growth, Railway CLI is more important than canvas.Jake [00:32:05]: The canvas is funny because it's a mechanism to show changes over time. You're right that previously we used it a lot as an input. Moving forward, its goal is more like an output. You would go to the canvas, make changes, see them, and watch your infrastructure evolve. Now agents have access to the CLI and can make those changes. So the canvas becomes an output: what information does the human need at this moment to make suitable decisions about control requests? Do I approve this or not?Jake [00:32:57]: It also has to be an anchor for your context, a port in the storm. Think of it like layers in a file system. You start with a project, then drill down into services, then into a function or code, because you want to represent the entire thing not just in your head, but in the canvas. Other people can share that representation, think on the same wavelength, and move quickly.Jake [00:33:33]: A lot of organizations get in trouble as they scale because all the context lives in someone's head. “How does this microservice work?” “I have no idea; go ask this person.” Then you have whole categories of products built around context discovery. A lot of that melts away if you have a solid hierarchy and can infinitely nest services, code, context, and everything else all the way down. That's what lets you build these structures over time.Jake [00:34:18]: It's also what lets us build what I've called hyperstructures: things that are way bigger. You look at the Golden Gate Bridge and ask, “How did we build that?” There's a meme that we lost the technology. To some extent, yes, because the coordination that built those things evolved and changed. We lost some of the art of building structure as we jammed everything into Slack.Swyx [00:34:52]: But you jam everything in Discord.Jake [00:34:53]: Same point. It doesn't matter. It's message passing and interrupts, message passing and interrupts.Swyx [00:35:00]: So you're arguing there should be something better and more structured than Slack?Jake [00:35:04]: Yeah. For sure. I think Slack is awful, and Discord is awful too.Central Station: Context Routing, Support, and Incident ClustersSwyx [00:35:09]: This is the equivalent of my mom test. What have you done that has your solution to this?Jake [00:35:15]: Internally, we've built a tool called Central Station that aggregates all the context from our users. Every piece of feedback, every customer support item, everything gets aggregated into clusters. If an incident is brewing, we can determine how many users are affected and break off a discussion based on that.Jake [00:35:40]: That is more helpful than long-running channels where you're trying to decide which channel to put something in. If you can dynamically aggregate information and dynamically route it to the right person based on context, it works better. We know internally that these four people are close to networking. If we see a networking thing, we can drill it down to those four people. If it's with this part, we can look at the commits. This is no longer a manual process internally.Jake [00:36:13]: If you go to station or help.railway.com, that's why we built it. We wanted to scale with a massive amount of leverage by aggregating feedback.Swyx [00:36:27]: This is built in-house?Jake [00:36:28]: Yep.Swyx [00:36:29]: I remember helping out on this one with Angelo in 2023. You scale a lot with a very small team.Jake [00:36:38]: Yeah. We're about 10 times bigger now.Swyx [00:36:40]: You have your full developer code here? Very cool.Jake [00:36:44]: If you go to railway.com/stats, we expose this as a pub-sub-able thing. It's all real-time metrics. There's a way to get it as JSON somewhere if you care.Jake [00:37:01]: We're big on trying to build everything in public and talk about what we're working on. We've had issues in the past, and we'll say, “Here's how we're fixing these things.” We've gotten compliments and flak for incident reports. We're always trying to make them better and talk with people.Incidents, Disclosure, and Progressive RolloutsSwyx [00:37:20]: You had a big one recently. I liked that it was scoped to 3,000. You presumably used Central Station. Talk through what happened and how you address it internally as a team.Jake [00:37:38]: Internally, this one really sucked. It had to do with an upstream provider that didn't do the behavior it said it documented, which is unfortunate given they wrote the RFC for how the behavior should work. We rolled those things out, and Central Station caught it initially when a couple users said caches weren't invalidating. We turned it off immediately.Jake [00:38:03]: When you roll out to a large user base of three million people, you get a lot of disparate behaviors. We tested in staging and had tests, but we hit an edge case. We've hardened those systems, and now we can make that better. But it was a tough one.Swyx [00:38:39]: I always wonder how private disclosure is supposed to work if people find an issue. Are they supposed to contact you first? When you run a platform, these things will happen. What channels should people pursue to quietly resolve it before it becomes a bigger incident?Jake [00:38:59]: There's responsible disclosure. We err on the side of over-disclosing and letting you know something is wrong versus having your provider gaslight you. We've erred on sharing those things more publicly, even if they impact a small subset of users. That's a decision we've made internally. We have four values. One is honor. The honorable thing is to notify people to the widest degree at which they may have been affected or there was an issue, and then confront it head-on: why did it happen, what can we do better?Swyx [00:39:45]: Not the whole user base. That's because of incremental rollouts and other things?Jake [00:39:50]: Yeah. Progressive rollouts.Swyx [00:39:54]: That should be the norm at all large platforms.Jake [00:39:58]: It should. A variety of companies do this. There's the quote that Meta runs 10,000 different versions of Meta. To our earlier point about agents, they need the same thing. They need shadow traffic and all these other things. We've built so much ceremony around production being sacred that we need to make it trivially easy to test different behaviors in a safe environment. Then you can make mistakes in a safe environment.Safe AI SRE: Customer Agents, Forked Environments, and Production ParityAlessio [00:40:30]: Do you see a world where these things get automatically caught, not necessarily by your agent, but by your customer's agent? The cache invalidation issue seems easy to check if you know to look for it.Jake [00:40:44]: It's hard because to determine it, we almost need to hook into your observability infrastructure. That's why we have the template loop on the platform: so you can roll things out progressively. You can roll out to Johnny Vibe Coder initially, or push a shard that someone consumes at their own leisure. Or you can roll it out over weeks: 0.1% of people, 1% of people, early adopters, then all the way up. That's the non-deterministic version control we talked about earlier.Jake [00:41:30]: I believe that's where most things should go, because most companies end up building staged rollout systems in-house. It's the same thing built again and again at every company. There's a massive opportunity to consolidate developer debt.Alessio [00:41:45]: You should have a free tier. Model providers give free tokens if you let them use the data. You could give free compute if someone is the number-one shard that goes out and lets you plug into their observability.Jake [00:41:55]: We do that. That's why we talked about the impact on 3,000 people. We start with lower-impact people. Larger companies on the platform are last to receive those rollouts so they have a version of the platform that's deeply stable.Alessio [00:42:16]: I have three services, so I'm sure I get the first rollout. You can nuke my thing at any time. There are all these SRE agent companies. Observability people also want agents that fix upstream problems. You have your own agent in the canvas now. How do you see that playing out?Jake [00:42:39]: It's the stacking entropy problem. If you don't have primitives to make iteration in production safe, it becomes difficult. If you're an observability provider saying, “Here's the fix to this error,” assume 80% are good and make sense. But in the last 20% long tail of complex issues, if you let somebody stamp it, you create an opportunity for an incident.Jake [00:43:08]: That's why forked environments are important. People have staging, but it always drifts from production. You need primitives, workflows, and experience built first-party on the platform so you can fork any service at any point in time.Jake [00:43:33]: I think of the canvas as a sheet of transparency paper. The agent is a little guy you push up into the canvas. It should say, “I need to copy that service and that service so I can test these two things.” It gets a read-only copy of production. Anything that's PII gets marked as a transform when we clone the database, create a copy-on-write version, or read from it. Then the agent makes changes and asks, “Does this actually work?” as close to production as possible.Jake [00:44:22]: That's how close you have to be, or you get massive drift. The system becomes unstable. You see this with massive systems built on Docker for local, Kubernetes for production, and a specific thing for something else. That complexity slows developers and becomes unstable at scale, making it hard to iterate. We want to compress that way down and say, “As close to prod as possible is where we want to be.”From AISRE Skeptic to Agent BelieverSwyx [00:45:00]: I was texting Erica for questions, and she says you were originally not a believer in AISRE. Have you come around on it?Jake [00:45:10]: I flipped, but I'm still not a believer in AISRE if you don't have the primitives to make it safe. If you unleash AISRE on production infrastructure without safe primitives for copying volumes and making sure things are fine, it's going to nuke your production database. It's not a matter of if, but when. I'm a big believer in making those loops safe.Jake [00:45:33]: I was a deep AI skeptic until 2023. In 2024, I thought, “Maybe I can roughly make this thing do it.” In 2025, I thought, “Now I can hold this.” Over winter break, everybody came back saying, “It's almost impossible to hold this.”Swyx [00:46:01]: Did you see this on the Claude docs? CloudBot? OpenCloud?Jake [00:46:06]: It's gotten to a point where it's harder to hold it wrong than to hold it right. There's a scene in Avengers where Vision picks up Thor's hammer and says it's terribly well-balanced. It self-balances and works well. I'm a deep believer at this point that this will be the dominant species: assembly, C, C++, JavaScript, words.Swyx [00:46:35]: It feels like a big jump.Jake [00:46:37]: It is. But it's not like you abandon CPU-based discrete logic and move straight to fuzzy logic. You need both. Your skills should call code or applications or some static structure. You can use skills to distill what the procedure should be or how the code should act.Jake [00:47:02]: I'm coming to a thesis: you need three points. You need a clear spec defining the system, the code, and the tests. When you say it out loud, if you've been in engineering long enough, you're like, “Of course. That's an RFC, tests, and code.” But they all matter. Having them together lets them reinforce each other: the spec and tests match, but the code doesn't, so reconcile it. Or the tests and code match but the spec doesn't, so reconcile that. That's the iteration loop.Jake [00:47:41]: That's why you're seeing people talk about software factories, docs, and reconciliation. Some of that is architectural astronomy if you don't implement it, but that loop is where most things will end up.Swyx [00:48:07]: For listeners, we've been talking about this on the pod for three years: the holy trinity of specs and tests. Itamar Friedman from Qodo is the reference if people want to look it up.Self-Modifying Infrastructure and the End of Push-Pull-RebuildSwyx [00:48:18]: One thing I want to mention on the OpenCloud idea is self-modification. I don't know how Railway would support it, but I have my OpenClaw, and I just tell it it has the Railway CLI and can do whatever. In theory, whatever capabilities or new infra it needs, it can call the Railway CLI, provision it, and add it to itself. The agent can modify its own infra.Jake [00:48:45]: It's nuts. I have a loop set up where you put the Railway CLI on top of something that runs on Railway. You're authenticated as whatever the current box is, and you can make any changes to it. Then you call Railway deploy, and it deploys itself.Jake [00:49:04]: It's like: “I need to spin up this instance of this environment. I already exist in this environment. Excellent, I have access to a Postgres instance now.” That's where we want to go with agentic, self-replicating infrastructure. That's your loop: iterate in production. You continue making changes. If it works, merge it upstream. If it doesn't, throw it away.Jake [00:49:37]: How do you make throwaway copies trivial to spin up and super cheap? The era of “I have an AWS instance with four vCPU and 16 gigs of RAM” is going to get destroyed. If you do that for agents, you need a thousand of those machines. It's prohibitively expensive compared with what we've spent a ton of time figuring out: the atomic unit of deploy, whether you call it isolates, sandboxes, or something else. Only pay for what you use, spin up instantaneously, and close the loop as quickly as possible.Jake [00:50:15]: If the system can self-replicate safely and say, “This is my environment, I'm making these changes,” it can come back with, “Does this look good? This is a new state of infrastructure given this prompt. I think I've solved it.” Then you go back and say, “Actually, it looks different.” It does the loop again. Then you say, “Cool. Apply.”Swyx [00:50:38]: That's retroactively obvious, which is the most useful kind. Any other comments on agent deployment on Railway?Jake [00:50:51]: It's getting better every day. I'm on X or Twitter. You can always yell at me about the parts not working as well as they should, because plenty of things should work way better.The New Serverless: Stateful, Long-Running, Pay-for-What-You-Use LinuxSwyx [00:51:04]: At this stage, when people want massively or embarrassingly parallel compute, they usually talk serverless. I feel like there's a new serverless compared to the previous five years of serverless. You're in that new bucket. Do you have comparisons or philosophical differences you want to call out?Jake [00:51:31]: It's somewhere in between. It's the ability to run stateful, long-running workflows or executions.Swyx [00:51:42]: Vercel has Fluid Compute, Cloudflare has some container thing, Google has App Runner and others.Jake [00:51:55]: That's where everything is roughly going, and it's why we've been working on this for six years. We believe users need access to a computer: a box that speaks Linux. They need to deploy what they want. Other systems change the surface area of what you can build. For us, users need a computer and need to deploy anything they truly want. That's why we've focused on the primitives: network, compute, storage. If we give you those and expose them so you can run things indefinitely, that's where we believe it's going.Jake [00:52:43]: Twitter has no nuance, so everyone says “servers” or “serverless.” It's always somewhere in the middle: I want to run it for a long time, but I don't want to provision the resource statically or pay for things I'm not using. That's been our thesis from day one: pay only for what you use, run it indefinitely, and it is full Linux.Swyx [00:53:12]: That's why I like the naming of Fluid. It's fluid. Flexible.Heroku, Focus, and Carrying the Torch Without Becoming the PastSwyx [00:53:18]: Another milestone is the Heroku official deprecation. You're one of the presumptive new Herokus. “New Heroku” has been a category for as long as I've been in developer tooling. It's finally happening. What was that like? Any behind-the-scenes of, “This is the moment”?Jake [00:53:42]: You have people where you're like, “You were running stuff on here? You, as this company?” It's crazy that names you would know are running on it and now coming to us saying, “We want to move a lot of this off.”Swyx [00:54:00]: Any behind-the-scenes on why Salesforce let Heroku stagnate?Jake [00:54:05]: I can only guess. It's hard when it's not your business. Salesforce's business is to build a great CRM. That's their focus. Then you acquire a compute business as an offshoot. A lot of early Meta people talk about focus. Boz has a write-up about how in the early days of Meta they had no money, so they were forced to focus. Then they turned on the money tree and had no reason not to split their focus.Jake [00:54:52]: But that dilutes your product. You get offshoots where you ask, “Is this the focus of the business?” If it's not core, it languishes. A lot of companies get in trouble when they split focus because they're fighting a multi-front war, not just externally but internally for alignment. Where are we going? What are we doing? What is our purpose?Jake [00:55:24]: If you're Salesforce-built and mission-driven, you want to work on Salesforce. Heroku is off to the side. It's not core to the business. Getting resources, budget, focus, and alignment internally becomes hard. It was a matter of time.Swyx [00:56:06]: Kudos for them to call it out instead of leaving it unknown.Jake [00:56:12]: Their release was a little odd. They called it out, but they didn't say they were shutting it down. Behind the scenes, I think they issued messages to people saying they should close accounts and that they were going to deprecate and remove things over time.Jake [00:56:30]: It's crazy because some of my first deployment experiences were on Heroku. You start with dragging things into an FTP server, then you try to get a deploy working, and then it's Heroku. It was the on-ramp for us. But the wheel turns. New things emerge. We're happy to carry the torch for a lot of that. But we don't want to be the new Heroku. We want to be the way people build and deploy software, and ultimately the way people monetize software over time.Swyx [00:57:19]: It's still a big crown to be the new Heroku. There are 50 companies that fought for that.Jake [00:57:23]: Everybody is holding some portion of it. We're happy to support people and companies. The platform works differently. The game loop is similar, but we've been dogmatic about where these things are going: primitives, agents, fan-out. Some things fit; some workflows need to change. We have an approximation of Heroku pipelines with the environment system. It's exciting. We've got a ton of people we can support, and it's growing a lot.Temporal, Workflow Engines, and State MachinesSwyx [00:58:12]: I have one more technical question about Temporal. I've sold my shares. You're a power user and one of our earliest customers. I met you through Temporal. You built on Temporal. You have complaints. This may be the most neutral and informed conversation anyone will hear about Temporal without someone working at the company.Jake [00:58:39]: That's fair. I've used Temporal for almost 10 years because of Cadence at Uber.Swyx [00:58:52]: Give people a sense of what Cadence was at Uber.Jake [00:58:57]: Cadence was the precursor to Temporal. It powers trip actions, rides, when you rent a Jump bike or scooter or car. You're running workflows for a period of time and saying, “This ride will run indefinitely until it finishes.” You attach information: you paused in this zone, so add this charge to the bill. When you end the trip, the workflow is done. That experience was powered by Cadence at the time.Swyx [00:59:34]: I used to say it's like programming the entire user journey top-down as one function.Jake [00:59:39]: It's a powerful idea and important. It's also important for the next phase of the agentic journey. You want an agent to do a specific task, be complete or incomplete on that task, and move on to the next thing. You need a way to manage workflows dynamically.Jake [00:59:59]: Temporal was always great in theory, and great when you got it working the way you wanted in production. But it required you to model the entire journey in your head. If you didn't, you could cause issues where replaying the state of the workflow causes non-determinism.Swyx [01:00:25]: Because it works on deterministic workflow history.Jake [01:00:28]: Exactly. I describe it as a jet engine. If you know how to operate it and run it, it's great. But you can't hand it to people trying to build complicated things if they don't have the whole state in their head.Jake [01:00:48]: We run our whole deployment pipeline on top of it. That's a reasonably complicated workflow: pre-commit hooks, signaling, queuing, and all the rest. We ran into the same thing at Uber. As you express a large workflow, it gets more complicated, with more states in the state machine that you have to map back to the workflow.Swyx [01:01:15]: It's a lot of ifs.Jake [01:01:16]: Exactly. At Uber, we built a system for doing the state machine and testing it. We've started to build some of those things here because it's grown heavily. It's not quite love-hate. When it works well, it works super well. But if someone who doesn't have full context puts something into the system that invalidates state or causes non-determinism, or spins off a ton of activities, you have to keep track of underlying SRE knobs like activity slots. Those should scale with memory, vCPU, and so on. It becomes a bear to scale.Swyx [01:02:10]: You need a capable sysadmin running things behind the scenes. If you moved off, what would you do?Jake [01:02:19]: We'd build our own workflow engine. We have a few internally that we've worked on.Swyx [01:02:27]: This is one of those classes of things you typically wouldn't vibe code, but I'm wondering if you can.Jake [01:02:33]: I still don't think you should vibe code it. You still want to run decent tests to make sure it works.Swyx [01:02:39]: Timo didn't invent that from scratch either. There are libraries you can run. On top of that, it's just a state machine that you have to map out. Ultimately, you define the instructions you want and run them through a state machine.Jake [01:03:00]: It's very doable. Workflow stuff is interesting. Restate is doing neat stuff here.Swyx [01:03:10]: You're tied into JavaScript. Are you a JavaScript maxi?Jake [01:03:13]: Internally, we have TypeScript, Rust, and Go. We don't add more languages. Actually, we have a little C because we write BPF code and hooks. But those are the languages.Swyx [01:03:28]: Is this for sidecars?Jake [01:03:32]: No. It's for the networking stack, volumes, and things like that. We use TypeScript a lot because it powers the dashboard, but we're moving a lot of workflow stuff off the dashboard stack and into the infrastructure stack.Railpack, Nixpacks, and Content-Addressable FilesystemsSwyx [01:04:00]: Cool. Any other technical infrastructure stuff? Railpacks?Jake [01:04:07]: We built an engine for determining dependencies based on source code. It's called Railpack. We built the first version, Nixpacks, on top of Nix, and then we moved.Swyx [01:04:17]: People have been trying to get me to adopt Nix and NixOS for four years. Is it ever going to be a thing?Jake [01:04:23]: I don't know. We're excited about it, but it has pain points. Think of it as a stack of versioned binaries at specific slices in time. If you want version X and version Y, you bloat the package space, which blows up image size and makes real-world workloads difficult.Swyx [01:04:53]: But you content-address it and cache it. In theory, there are optimizations.Jake [01:05:00]: In theory, yes. But with a large enough user base and disparate enough machines, you run into a problem Meta described in the XFAAS paper, their internal serverless system. It becomes difficult at scale unless you break out specific runtimes.Jake [01:05:24]: We didn't want to do that because we wanted to truly allow you to deploy anything. That was our initial thing with Nix. But we've moved toward interesting work around content-addressable file systems that can lazy-load anything from any point and page it into memory.Swyx [01:05:48]: Amazing.Jake [01:05:49]: The future is very bright. It's crazy, and it's going to be nuts.Coding Agent Spend, Roadmaps, and Token ROISwyx [01:05:54]: Founder journey stuff?Alessio [01:05:56]: Your cloud usage: you tweeted you're going to spend $300K this month?Jake [01:06:01]: I think we got to $200K.Alessio [01:06:02]: Coding agents?Jake [01:06:03]: Yeah.Swyx [01:06:04]: Across the company?Alessio [01:06:05]: You only have 35 people, so I'm sure they're not all spending $10K a month. What's the distribution?Jake [01:06:10]: I think I'm at about $25K. We have power users all the way down. We came back from winter break, and I basically said, “If you're writing code by hand, you're doing this wrong.” The tools are good enough now that you can move extremely quickly. There are issues and pain points, but you should be reviewing the code you are writing instead of writing it by hand.Jake [01:06:40]: Architectural patterns matter more now than ever, but you shouldn't spend your time generating code you would write. If you know how to write it, ask the agent to write it and reconcile it until it looks like you would have written it yourself.Jake [01:06:58]: People misconstrue my propensity to push people toward agents as connected to our growth and some reliability bumps. They're not necessarily related. The tools are good enough to move extremely quickly and build things way larger than you could before.Jake [01:07:19]: To the earlier point about cooling data centers in space: I don't know. But with software, you can ask, “How would I build block storage from scratch? How would I do these things?” I have ideas because I have history and have read papers. Let me work them out and build massive test benches with thousands of tests, because those are now free to author. If you're not using AI systems to speed-run your roadmap and reconcile your existing system onto the future, you're missing a large point of what's happening.Alessio [01:08:12]: What's the path to spending $3 million a month? Is it bound by ideas and things customers can absorb?Jake [01:08:19]: For most companies, it's bound by deployment at this point. That's why we've seen a massive boom in users and companies, from Fortune 50s down, asking how to get developers to move faster. You'll probably hit your CFO before any technical limits because they'll look at the eye-watering amount of money spent on tokens. Inference costs have to come down, but we're inference constrained now. There will be price discovery around what makes sense for an org to adopt.Jake [01:09:06]: I think you'll end up with the F1 driver concept. If someone is really adept at these things, it makes sense to put them in a $3 million car. If they're not, it probably doesn't make sense. You'll take a few people and say, “You can drive the F1 car. We need to go in this direction. Figure out if it works and prototype it.”Jake [01:09:33]: We've done some of that and vastly accelerated our roadmap. We thought we'd ship something in a few years; now we can probably ship it in a few months because we validated it and don't have to build it incrementally. We can skip steps and move toward our vision.Alessio [01:09:58]: A lot of people are realizing the roadmap doesn't always have a business impact, so they say tokens are too expensive. But if your roadmap were built to make more money by the time you built it, you'd have token pricing for it, the same way you do with sales. You'd spend a billion dollars on sales if you knew you would get $2 billion of revenue.Jake [01:10:19]: Exactly. A naive way to measure this is the percentage of tokens that end up in production. If you can measure impact because those tokens end up in production, that's awesome. But the burden of proof will rise. Internally, we have a growing number of pull requests that haven't merged. The question becomes: how do you get this into production? It's about how quickly you can build and deploy software, which is exciting because that's our whole thing.The SDLC Shift: Prompt Requests, Feature Flags, and Safe RolloutsSwyx [01:10:56]: The SDLC is changing. One thesis is that the pull request is dying. It's going to be the prompt request. Beyond that, code review is also kind of dying if you have all the other systems in place. What else is changing about the SDLC?Jake [01:11:19]: The AISRE and the tools to make it happen. AISRE is pie-in-the-sky aspirational. What does it take to get an AISRE? What tools do you need to build?Swyx [01:11:32]: You should expose your tooling to customers at some point. The Central Station command center.Jake [01:11:39]: We have it for template maintainers. Template maintainers can deploy and maintain templates, and they get feedback. We're going to expose those things incrementally.Swyx [01:11:51]: Clustering around incidents. Everyone has a version of that, but I don't think anyone has solved it.Jake [01:11:56]: I won't say we've solved it internally, but it's gotten so good that we can see incidents forming pretty quickly. At some point, those will be things either someone else builds or we build. We've always built things purpose-built for us. If it makes sense to make it useful for users, monetize it, or turn that loop into a profit center instead of a cost center, we want to do that.Jake [01:12:28]: Pull request is definitely dying.Swyx [01:12:29]: Do you do first-party feature flagging and incremental rollout stuff?Jake [01:12:34]: We have a feature-flagging engine we built internally and will eventually roll out.Swyx [01:12:38]: I don't see it as a user. How come you didn't give us what you have?Jake [01:12:43]: We have to beta test it. We care a lot about the quality of the things. There's plenty we've used internally that doesn't make it all the way through the journey because it fails. It works for one service but not multiple services. We'd have to build it for multiple services and know that if we released it, we'd rebuild it again and again. Some things are worth that, but many inform the roadmap.Jake [01:13:18]: We don't want to dilute the experience by saying, “This works, but only for this service,” unless it's a core initiative. Over the next few months, we'll roll out things that work for a single service, then multiple services, then multiple services across the environment. You have to be deliberate. Otherwise you create broken disparate experiences and support load because people ask how to use the feature.Jake [01:13:52]: It's the earlier expansion and compaction pattern. You expand the company to get features, then compact and smooth them out so the experience is stellar. You told me in the hallway, “It's gotten so much better.” Internally we're saying, “This part really sucks. We need to make it significantly better.”Swyx [01:14:11]: I can attest to that over the last three years watching you build Railway. For listeners, feature flagging is a huge part of Uber culture. So much so that they have too many feature flags and another thing to remove feature flags. Facebook has Gatekeeper. Agents are going to need this. It's fundamental to incremental rollouts. OpenAI acquired Statsig. GPT-5 is routing and flagging through different models.Jake [01:14:56]: It's super important. If the software development lifecycle is going to change because we're doing things 1,000 times faster and 1,000 times more concurrently, what becomes important at scale?Jake [01:15:16]: Before I started Railway, I built a feature-flagging product and tried to sell it. It was an easier version of LaunchDarkly. I ran into a problem: anyone small enough to adopt your technology doesn't care about feature flags, and anyone large enough to need feature flags needs so much scale that you have to build out all the infrastructure. I scrapped it.Jake [01:15:42]: But what is old is new again. Companies are trying to move quickly, but you can't YOLO a vibe-coded thing straight into production. You need to say, “Here's my blast radius, my impact, and I want to shadow it for these users.” Feature flags. You're going to need the tools larger companies built to maintain their structures. Everything gets compressed by 1,000x so everybody can build those structures quickly.Jake [01:16:07]: That's exactly where we are: compressing the software development lifecycle, then expanding it and adding more new things.Cattle, Pets, and Clonable InfrastructureSwyx [01:16:15]: Another term that comes to mind for newer developers is “cattle, not pets.” People treat production like a pet. It has a name. You baby it and keep it alive. With cattle, you can mass farm, roll out, portion parts out, and kill them.Jake [01:16:37]: I think that might change. You can move toward having pets as long as you have a cloning machine for your pets.Swyx [01:16:52]: Yeah.Jake [01:16:52]: If you can snapshot every single thing at every frame, it doesn't matter if something gets obliterated because you have a snapshot of it. The things we've built right now are designed to block changes from the hermetically sealed DevOps line. You have to write a Dockerfile because you nee

New Malware Libraries means New Signatures https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20%20New%20Malware%20Libraries%20means%20New%20Signatures/32986 Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498 Microsoft Authenticator Update CVE-2026-41615 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41615 ssh-keysign-pwn (CVE-2026-46333) Patches Released https://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/

¿Te imaginas tener a tu propio Jarvis en Telegram? Pues eso es OpenClaw

Wendy is back from hauling robots to Texas and getting ready to drive another one to California, so the crew leans hard into life on the road with Linux. Bill talks about moving his systems over to Bazzite, tells the story of an overworked NVIDIA 1080 that literally ate into another GPU, and explains how HomeBridge 2.0 keeps his smart‑home world humming. Nate shares his first impressions of Tux Manager, a Linux clone of the classic Windows Task Manager, and walks through the Framework‑plus‑Flip‑Go combo that makes his roaming setup feel like CubicleLabs away from home. From Steam Decks and One X Players to UniFi travel routers and noise‑canceling headphones, everyone opens their travel bags and talks about the gear they actually trust when Wi‑Fi is sketchy and power outlets are rare. Wendy also geeks out over her new MOVA V50 robot vacuum, complete with a dedicated “Sentinels” Wi‑Fi SSID, and how little self‑hosted comforts make a hotel room feel just a bit more like a homelab. Along the way, there are jokes about Ethernet‑cable hair, data having weight, and why the best layover is the one where your SSH tunnel actually connects. If you're curious about the recent Linux vulnerabilities and the ABCs of CVEs, don't miss SUDO Show 76, where they break it all down in a fun and informative way. Connect with the Hosts on Discord: Matt – @Dark1ltg Wendy – @Wendy.sh Nate – CubicleNate.com @CubicleNate Bill – @ctlinux on Mastodon Special Guest: Bill.

Hey everyone, Alex here

Brett records an episode without Christina and Jeff and chats with Melissa Davis (The Mac Mommy) about her start as a mommy blogger and longtime Mac podcaster, her tech-support work, and the strange lack of closure when online friends disappear. They trade mental-health and chronic-illness updates, Adderall vs. Vyvanse, difficulty finding curious doctors, and being labeled “worried well.” Don’t worry, they nerd out on mechanical keyboards, Karabiner, and remapping keys. GrAPPtitudes include Bartender 6 Pro, Sortio for AI tagging, Sketch Party TV, and Karabiner. Sponsor OneSkin improves your skincare routine with science-backed skin care products. With over 10,000 five-star reviews and validation from clinical studies, OneSkin has made a name for itself in the skincare industry. If you’re interested in trying OneSkin for yourself, you can get 15% off your order with the code OVERTIRED at oneskin.co/OVERTIRED. Chapters 00:00 Meet Melissa Davis 00:56 Early Podcast Days 02:20 Tech Support Seniors 05:52 Digital Legacy Work 06:50 Sponsor: OneSkin 08:14 Mental Health Check In 08:34 Insomnia And Focus 13:19 Doing Time Tracker 16:04 Suspenders And Stenosis 20:18 Mobility And Home Hacks 22:10 Melissa Health Update 23:25 ADHD Meds And Mutations 25:25 Curious Doctors Matter 27:59 Vyvanse Vs Adderall 30:26 Tracking Mood With Data 32:27 Cane And Somatic Therapy 36:09 Somatics For EDS 36:50 Yoga Modifications 38:19 Polycystic Liver Shock 39:20 Fatphobia In Healthcare 40:56 Pole Dancing Reality Check 41:55 Mechanical Keyboard ASMR 45:56 Nail Art And Picking 49:09 Keyboard Layout Rabbit Hole 01:00:59 Shortcuts And Muscle Memory 01:03:12 GrAPPtitude App Picks 01:14:07 Karabiner Power Tips 01:17:30 Wrap Up And Thanks Show Links hEDS Doing Timing Royal Kludge Keyboard Gamakey Silent Linear Switches EPOMAKER Switch Benefit Section EPOMAKER AegisSil Keycaps Set SketchParty TV Karabiner Sortio Bartender Pro Day One Join the Conversation Merch Come chat on Discord! Twitter/ovrtrd Instagram/ovrtrd Youtube Get the Newsletter Thanks! You’re downloading today’s show from CacheFly’s network BackBeat Media Podcast Network Check out more episodes at overtiredpod.com and subscribe on Apple Podcasts, Spotify, or your favorite podcast app. Find Brett as @ttscoff, Christina as @film_girl, Jeff as @jsguntzel, and follow Overtired at @ovrtrd on Twitter. Transcript Nails and Keys with Melissa Davis (The Mac Mommy) [00:00:00] Meet Melissa Davis Brett: Hey, this is Brett Terpstra. I am without my usual cohorts, Christina and Jeff. Um, so I, I wanted to, you know, get a, get an episode out for all of you listeners, and I reached out to Melissa Davis, known as The Mac Mommy. Um, I don’t, I, I don’t know if they’re still known as The Mac Mommy, but in m- in my lifetime they have been. Um, Melissa, why don’t you introduce yourself, let people know, like, M-Ma- long time, like Mac personality, podcaster. Tell us where you came from. Melissa: Where did I come from? Outer space. Uh, I came from being a mom. I, I, I will admit, this is hard to admit, But I will admit I started out as a mommy blogger. That’s, like, kind of a bad word nowadays. Brett: back, back, yeah, this is way Back when Melissa: [00:01:00] Yeah. Early Podcast Days Melissa: so we’re talking, like… Well, my oldest is gonna be 20, Brett. My oldest is gonna be 20 this summer. End of, end of June he’ll be 20 years old. So that’s about how long I’ve been doing podcasting. I mean, I started, I started, like, when… Well, you know what? I started listening to Adam Christianson’s The MacCast Brett: But you know what? I started Sure. Like one of the very first podcasts, Yeah. Melissa: still, I still listen to him on the Mac Geek Gab. Like, his voice is just so soothing to me. I used to… Like, that was the f- Back when I had, I had, I remember I had, like, an old G4, uh, Quicksilver Mac, and in the stinky little back room of our old house. And I used to, I used to download the podcasts, burn them on a CD, put them in my Walkman, ’cause I didn’t have an iPod yet at the time. I wasn’t that… I was never really that cutting edge. And I’d burn them on a CD, I’d put the CD in my Walkman, and then I would sit and nurse, I would nurse my baby. I, [00:02:00] and I would have to tuck the, uh, the headphones, you know, I’d have the ear- the, the wired, kinda like I have now, uh, and tuck it behind my back, like, behind my shoulder, because otherwise he’d, like, yank on the cord. And I would just listen to podcasts while I nursed. And I… And then, uh, then I met Victor Cajiao, and I started just kind of being, like, a serial podcaster, showing up here and there, and then it just kinda grew from there. Tech Support Seniors Melissa: Um, and I do… So I do tech support. I’m an IT tech s- tech support person. I… People call me their computer guru. I mostly work with, uh, the senior population, our, our vintage people, which I, I’m slowly becoming one of them. We’re all, we’re all gonna go that way. Brett: I feel like anyone who does Mac tech support deals with probably an, a, a population that skews older. Melissa: Mm-hmm. Mm-hmm. Yeah, it’s actually, it’s actually more– I will say it’s actually more difficult to work with somebody younger. Like, especially people my age or people [00:03:00] that are like, say, in their sixties I consider pretty young, 70 even. Uh, yeah, so but it’s, you know, the people are so, so interesting. You can learn so much. I love working with this population because they’re like encyclopedias, and the stories they tell you and the things you learn, it’s pretty amazing. And I could just, I could just spend– I have actually spent all day with some of them. Some of us just have really great chemistry and, you know, it’s… They– I, I’m also– I have ADHD, that’s no secret. And I think when you get older, um, not– it doesn’t affect everybody, but I do see a lot of what could be either they, they have ADHD or it’s like a– Brett: they have Melissa: of creeps in and it’s just a natural process of aging, cognitive decline. So, yep. Brett: have a lot of patience. Sure. S- some of my, some of my most interesting relationships over the last 10 years have been with, uh, Mac users in their late 70s, [00:04:00] 80s. And, uh, like they’ve been– They’re very– Like, they’re definitely… The people that I’ve known have been technically capable and very interested in learning. That’s why they follow me. That’s how I meet them, right? They’re like, they read my blog, which is just all nerd stuff. And, and so they’re, they’re technically competent, and they’re doing things that I can only aspire to be doing in my 70s and 80s. Um, I had a guy who was writing his memoirs at, in between like mountain bike rides. And so here’s the thing, though, is when you, when you know someone online and they’re in their 80s and you stop hearing from them for a Melissa: Yes. Yes. Brett: you have to assume that they have passed on. and that is sad, and you never really get any closure because you don’t know their friends or family. You [00:05:00] never get like a notice, an obituary. You don’t, you don’t know where these people go, um, and you don’t know how to check in on them once your normal channels of communication are severed. Melissa: Yeah, we’re at that age where we probably start reading the obituaries. Like, I haven’t heard from so-and-so in a while. Let me check the obits." Brett: I had, I had– Before NVUltra went on for, what’s it, like five years now, uh, without a release, um, I had a project called BitWriter with David Halter. And Melissa: remember you mentioning that, yeah. Yeah, and you wondered. Mm-hmm. Brett: he stopped responding. Melissa: you find out any at all? Any, Any, concrete… Brett: Nothing. I have put feelers out everywhere I can think of. I have no idea what happened to him. Melissa: went Richard Simmons, huh? Brett: yeah. Yeah. With less Melissa: No contact. No contact. Aw. Digital Legacy Work Melissa: I, I’m lucky that, uh, in my line of [00:06:00] work, I do typically hear from the family if they’ve passed on, because I form kind of a bond with a lot of people. I, I typically don’t lose clients unless they die, so… Brett: and you have some, like, in real life connections to Melissa: Oh, yeah. Yeah, I do, I do both. I do… I have some clients where I’ve never met them in person, I’ve only ever done remote. Uh, and then, but most of my clients are, are local, the majority of them. But I, I still s- see them remotely too, so yeah. I’ve, I’ve actually been hired by some people, um, mostly I’ve had two male clients who they got a terminal illness, they knew they were terminal, and they followed me online and they pretty much hired me to take care of their surviving spouse. So that, that was… that’s a difficult thing, but I’m just honored that they chose me to, to help them out with that. So I’ve kind of been a bit of a digital undertaker in that regard. Sponsor: OneSkin Christina: I want to take a moment to share something that has significantly improved my skincare routine, OneSkin. [00:07:00] So we all have those days when our skin doesn’t feel its best, and I’ve certainly been in that boat, especially recovering from surgery. And I was tired of navigating through endless products that promised results, but often fell short. And that’s when I discovered OneSkin. It was founded by scientists dedicated to longevity, and this brand stands out for its commitment to real science over marketing hype. They tackle the fundamental question of how to actually slow down skin aging rather than just masking it. And their groundbreaking ingredient is, uh, ZeroS01, and it’s a proprietary peptide designed to help deactivate the damaged cells that contribute to aging skin. Since incorporating OneSkin into my routine, I’ve actually been noticing some improvements. My skin feels smoother. It looks more vibrant. Um, it’s definitely more moisturized, and so this is benefiting from its focus on supporting collagen and strengthening the skin barrier. With over 10,000 five-star reviews and validation from clinical studies, OneSkin has made a name for itself in the skincare industry. If [00:08:00] you’re interested in trying OneSkin for yourself, you can get 15% off your order with the code OVERTIRED at oneskin.co/overtired. That’s 15% off at oneskin.co/overtired using the code OVERTIRED. Thank you for supporting our show by checking them out Mental Health Check In Brett: Um, so do you wanna do a mental health Melissa: Sure. Brett: I, I know, I know you’ve listened to the show before. I know you know how this works. Melissa: how this works. Brett: Would you like to start? Melissa: I think I would like to hear you start, and then I’ll, I’ll add on Brett: that sounds good. Insomnia And Focus Brett: Um, so sleep continues to be a major issue for me. Um, I actually for four days in a row last week, I got eight hours of sleep a night, which was insane. I felt so good. Um- The first night… So I take [00:09:00] Lamictal for bipolar, and if I miss my evening dose, I crash and I sleep in the next morning, and I sleep soundly. Like, it’s the best sleep I can get. And then I wake up and all of a sudden the withdrawal kicks in, and then I’m shaky and dizzy for half an hour after I take the dose. Um, but that’s after, like, a solid night of sleep, and it never works two nights in a row. And, like, I’ve tried, like, maybe if I take Lamictal in the mornings instead of the evenings, maybe I’ll sleep through the night. It doesn’t work after that first missed dose. Um, but then I just, without making any changes in my lifestyle, started sleeping, and I thought finally after, like, two years of insomnia, I had turned a corner, because I can’t remember the last time I got eight hours of sleep for more than two nights in a [00:10:00] row. And then it ended, and then I was up. I’ve been up since 2:30 today. Melissa: I wondered, yep. Brett: I mean, I went to bed at 8:00, so that’s still nine, 10, 11, 12, 11, Melissa: I actually dozed off on the couch around 8:30. Like, if only I could just be in my bed right now, just be, like, transported. Yeah. Oh. Brett: Oh, I, I wish. If I could go back to bed… Like, sometimes I’ll, I’ll lay back down around 7:00 or 8:00 and get, like, another half hour of sleep, but it’s really that, like, uninterrupted block of deep sleep that I need, not… I take naps during the day, and I can usually fall asleep for half an hour, um, given that I’m usually functioning on five hours of sleep anyway. But anyway, um, I– That, that’s just kind of par for the course for me, so, like, any, any of our listeners know that that’s gonna be the first thing I report. Melissa: are you, [00:11:00] like, kinda competing? Like, are you trying to get eight hours because that’s what’s prescribed? Have you ever thought about Brett: be- actually, what works eight and a half, like I’ve, I’ve… Back when I had the option to sleep more than five hours, like, I did a lot of kind of experimentation and Melissa: know where your sweet spot is. Brett: Well, it… See, the sweet pot- spot changes as you age, though, and you need less sleep as you get older. So, so I can’t say for sure that eight and a half hours is still my sweet spot. Um, and I think honestly, if I can sleep seven hours, I feel pretty good, and I consider seven hours a good night’s sleep. Melissa: Yeah, ’cause mine’s like between four and six. Brett: really? Yeah. See, Melissa: feel Brett: I don’t function well. Oh, I don’t function well on anything less than seven hours. Melissa: I just have a love-hate relationship with sleep. I just don’t– I just hate to sleep. I just would rather be doing other things. Life is [00:12:00] just too interesting. Brett: I get that. I– get that. I– as someone who’s bipolar and has had like manic episodes where I’m up for five days straight, like I, I love not sleeping. Um, w- when, when I have the mania to give me energy and back it up. It’s when I’m just dragging all day and feel like a zombie. The thing– The, the plus side to it is the more tired I am, up to a certain point, the better I can focus. Like my brain slows down and it’s really easy for me to get into hyperfocus. And like most mornings I’m up at, you know, 2:30, 3:00 and I just start coding. And I can not only hyperfocus, but I can switch focus between three or four different projects like simultaneously. I hit compile on one, I move on to the next one, and I can rotate [00:13:00] through them and like keep track of all of it. And then right around 10:00 AM, my ability to do that ends and suddenly I like flip to a project and I cannot for the life of me remember what I was doing, which is why I’ve spent my life building note-taking apps and, and time tracking tools. Melissa: Yep, same thing. Doing Time Tracker Brett: dude, h- d- I don’t… You might not be familiar with my project Doing. Melissa: N-no, but I– you alluded to something. that’s not what you’re working on with Dan though, is it? Brett: No, no, that’s gonna be Melissa: Dan on that too. I, I, don’t know what it is yet, but yeah, I’m, I’m Brett: Oh, it’s… Yeah, it’s gonna be cool. Melissa: that’s so exciting. Brett: no, Doing is a command line tool where you can type things like, “Doing now podcasting with Melissa,” and it starts a timer for like what I’m doing now, and then I can ask it if I leave and come back, I can say, “What was I doing?” And it’ll tell me, [00:14:00] “You’re podcasting with Melissa.” Obviously, that’s a weird example ’cause I’m not gonna leave in the middle of this. But then it can give you like totals, time, tag-based time totals, uh, for your week and everything. It can show you like what you finished yesterday. Um, it’s not so much a task tracking app as it is a tool for keeping track of what you’re doing in the moment. Um, for, for people like me who switch between four projects at once, it’s really handy. And some guy, some fucking guy Melissa: Some fucking guy. Brett: it, rewrote it in Rust, and it is really good. it is really good. Uh, he like, I- Oh yeah, I use Melissa: Okay, ’cause Brett: This is, this is separate. this is this is a little more ‘ intentional than Timing. Um, I use both. They kind of work together, and Doing can actually import Timing’s JSON exports. So you can turn your, you can turn [00:15:00] all your Timing data into command line, uh, readable Doing files. Um, but anyway, this guy rewrote it in Rust with my permission, and he gave me full credit on the page. And I think I’m switching ’cause Doing is written in Ruby, and Ruby is slow, and Rust is fast. And like my Doing file where it stores all of my current projects, like my Doing items, gets so big that it can take Doing like up to five seconds to respond when I ask it, “What was I doing today?” Which is five seconds is a long time on the command line. Um, and his Melissa: pretty instantaneous. Brett: his version is like 100 milliseconds. Boom. But anyway, Melissa: It’s almost like you built your own little AI thing. Like, what was I doing? What Brett: kinda, kinda, yeah. Melissa: you doing, Dave? Brett: This is, this [00:16:00] was built long before AI was a common thing, but the other thing that’s contributing to my mental health Suspenders And Stenosis Brett: is suspenders. Melissa: Ah, yes. Brett: So I have I have gained 100 pounds, um, not, n-not of my own choice, but like I had rapid weight gain and I recently got a stenosis diagnosis, which I hate the Melissa: telling you, I’m telling you, we’re like 23 and me here. I’ve got that too. Brett: apparently during one of my, like when I gained 50 pounds in like six weeks, my body was looking for places to store all the new fat and decided my spine might be a good place for that. Um, so I have fat in my spine and I have degrading discs. This is separate from my love of suspenders, so I’ll get back to [00:17:00] that. I, um, Melissa: Wait till you get it in your eyeballs. Brett: Oh, for real? Melissa: Yeah, you can have… I have, um, what’s it called? Cholesterol. Yeah, if you look at your eyes really close, if you see like a white kind of w- ridge around your irises, that’s cholesterol. Brett: Oh, wow. Yeah, I hope, I hope that hasn’t happened yet, but who knows? Um, Melissa: Brings out Brett: I– So I have all this, I have all this extra weight and I had a lot of trouble with belts. A, belts hurt ’cause they dig into my, my gut, and they don’t really work. I, every, every time I stood up, my butt crack showed and I had to like wiggle my pants up. And then I I tried a pair of suspenders and it was like a l- a switch had been flipped. All of a sudden my pants just stayed up without any constriction around my waist, just like they just stayed with me wherever I went. And now I can, [00:18:00] I can tuck my shirts in and it actually looks kinda cool when you got the suspenders look going on. Which means, so like for a long time I only wore one brand of shirt, um, and because they, it was, it fit my belly and it was long enough and like it wasn’t, wasn’t baggy around the top and didn’t hang off my belly like a muumuu. Melissa: Mm-hmm, Brett: And like, so I, I, I only wore this brand of shirt and I own like 15 of them, and I would just cycle through Melissa: dresses, they’re just your Walmart $10 cotton tank dress. Love it. Brett: Yeah. But now that I can tuck my shirts in and feel okay about it, I can buy those extra large nerd shirts, ones with funny slogans and stuff on them. And normally those would hang straight down off my belly, and I hate the way that looks. But now I can tuck those in, which means I can get back to wearing funny, [00:19:00] ironic T-shirts, and it, it’s like opening up a whole new world of possibilities Melissa: That is a bonus for mental health. Brett: every day now I put on my suspenders and it makes me happy. Um, Melissa: wonderful. It’s almost like a, like a mobility aid. Brett: Kinda, yeah. Melissa: yeah. Brett: of, I– So I, I have a monopod, um, like a tripod that folds up into a walking stick, and it’s nice and light and it is an adjustable height ’cause it’s designed to be used as a camera tripod. Um, and I’ve started walking with it Melissa: yeah. kinda like you’re Brett: I c- yeah. Yeah. Like one of my fat friends has s- literal like ski poles. They’re like half height ski poles and they walk with them and it helps them a ton, and I Melissa: Yeah, hikers use those. Brett: try that out. But a walking stick [00:20:00] really does help with my stenosis, but I can still, even with a stick, I can only walk for about five minutes, which is about .3, Melissa: Yeah. Brett: 3, .3 miles. Um, and then I have to stop and sit, and it’s been a real pain, literally. Mobility And Home Hacks Melissa: And is standing difficult, too? Brett: standing is worse than walking. Melissa: thing, yeah. Standing’s worse. Brett: Yeah. Like if I am in the kitchen and I’m at the stove cooking, before the onions start to brown, I have to sit Melissa: Yeah. Yep. Brett: Uh, so we now have a stool in our kitchen, Melissa: Do you have one in the shower? Brett: yes. Well, our shower, our shower has a nice, like the back of the tub is a seat. Melissa: Oh, okay. Yeah. Brett: I don’t know if this house was designed by old people or not, but, um, but it’s certainly everything is relatively [00:21:00] accessible in that way. Um, but the stool in the kitchen means I can cook dinner. Emptying the dishwasher is the worst for me. That just like bending over, picking stuff up, and then just moving back and forth, like the five feet across our kitchen. My– I, it takes me three stops, three rests to get a dishwasher emptied. Um, and then I’m kind of ruined after that. I hate it. And I hate that I Melissa: stress mat? Brett: What’s that? Oh, you mean Melissa: mat to stand on? Gotta get, gotta Brett: think that would help? Melissa: Oh, yeah. Yeah, I have Brett: used to have one Melissa: and one in front of the kitchen, and I don’t even, I don’t even, do the cooking. Brett: Ha. I used to, I used to have one of those in front of the stove when I w- when I didn’t have pain, but just because I was really getting into cooking and I was spending a lot of time, and I was starting to feel it in my knees. Um, yeah, maybe I should do Melissa: I think it’s a fatigue [00:22:00] mat, I think they call it. Brett: Yeah. Melissa: Yeah, Brett: That sounds Melissa: plus they look cool if you get little designs on them and stuff. Yeah. Oh, we could spend the day talking about just mobility aids and ergonomics and all that kind of stuff. Melissa Health Update Brett: Well, it’s your turn. Talk about whatever you like. Melissa: Yeah, you give me some ideas to talk about. Um, yeah, I struggle with a lot of the same things that you do. Um, I’m always like kinda comparing notes every time you post something. I’m like, "Oh No, ‘Cause you talked about Have you … You haven’t started the injections yet, have you? Brett: No, and they just delayed those. I don’t get them until like June 20th or something. Melissa: nervous about those for you, because I’ve had those and I’ve decided to just swear off them, so I’ll just kinda give you just a heads-up. I mean, it does raise your blood sugar, so that’s not great, and, um, it can give you the roid rage, kinda make you angry, so that’s something to watch out for, and more weight gain, so …But it’s like one of those things where you just have to kinda try [00:23:00] it and see if it works, because if it does work, then you could be more mobile and then maybe drop a few pounds and get some of that weight off of your spine. But if it doesn’t work, just know that that can happen, Brett: my doctor did not mention any of those side effects, so good to Melissa: Yeah. Yeah. It’s, it’s the chronic life, so that’s, that’s what, that’s what, uh, affects my mental health, so I’m, I’m really good at faking it. I am actually … I will say I’m actually feeling a little bit more even. ADHD Meds And Mutations Melissa: I’m on, uh … I love when you talk about different prescriptions and stuff. Uh, I just mentioned, so I’m taking Adderall. That is, ugh, it’s a mixed bag. Um, I wanted to ask you about Vyvanse, cause that’s the next thing for me, but it’s, like, super expensive, so I’m trying to make Adderall work as best I can, but I’m, I’m in the process of playing with the dosage. But I think she told me, like, the highest was 30. The thing is, uh, I’ve had genetic testing done, and [00:24:00] I have this condit- not a condition, but it’s a I’m a mutant. It’s a genetic mutation called, it’s, it’s just initials. It’s MTHFR, lovingly known as Brett: you process your, your, chemicals twice as … fast. I have Melissa: Yes, faster processing in the liver. So that’s when she told me, ’cause she started, uh, me out on methylphenidate, and I was like, “Well, what about Adderall?” Because it, I see it work for my kids, you know? The kids are chip off the old block, right? And so I’ve had them tested too, and all three of us are positive for that. It’s lovelin- lovingly known as the motherfucker gene mutation. Um, yeah, so, and it is. It’s, it’s quite a bitch, um, ’cause it causes a whole bunch of other problems. And of course, we’ve talked about Ehlers-Danlos, so I have, uh, hypermobile Eh- Ehlers-Danlos. I’m having a hard time … I’m just having a hard time with that in general, mental health wise, because there’s just not enough awareness about it, enough people, and doctors, doctors and nurses. And you know, I’ll, I’ll say I wanna, I would love to be able to get [00:25:00] to a point where I can just say, “I have H-E-D-S,” or heads or what- however they’re gonna pronounce it, and, like, somebody know what that is when I go in for an appointment. But I still have to explain it, you know? And then that, that cuts into my time. ‘Cause they only … When you’re, when you’re our age, they only give you, like, 15 minutes, if that. When you’re much older, ’cause I’ve had to take, I’ve had to take family members to the doctor, they get a whole lot more time. But, uh, you know, it’s like, "Oh, you’re, you’re too young to be this sick. You’re too young to be this old," Brett: Right. Yeah. Curious Doctors Matter Brett: Um, I did– I found that doctor for me that knew exactly what all those acronyms meant, knew exactly, like, not only did they know what POTS was, they knew like seven different kinds of POTS and what tests to use to narrow it down. And then she got called up to National Guard Melissa: Oh, I wondered, I wondered, what happened to that doctor, ’cause it sounded so Brett: I waited. I was on a, I was on– I w- I had an appointment scheduled that was gonna be six months from the time she [00:26:00] left. Um, and I had it scheduled, and it was on July 7th. And then I got a letter in the mail saying that her Guard duty had been extended, and now I can’t see her again until September. And, like, I’ve, I’ve tried seeing other doctors that work with her, but none of them have the knowledge she has, and it was such a relief Melissa: Is this the curious one? Okay. I always think about you whenever I’m either looking for a provider or in the, in the midst of, of getting, you know, shuffled around to a new provider. I’m like, “I hope they’re curious,” ’cause that made– that meant so much to me when you explained about how a doctor needs to be curious. I’m like, “That’s what I need.” I need somebody… Or even just my therapist. I have a new, a new therapist that I see, and she’s really curious, and I really, really like that about her. That’s something that helps with mental health, is when somebody’s curious, ’cause I’m Brett: it goes h- it goes hand in hand with credulousness. Like, [00:27:00] first they have to be willing to believe you, and like, especially when it comes to invisible issues like EDS. Like, you have to be willing to believe a person and then be curious enough to look for answers. Like, the first step is believing, and the second step is curiosity. Melissa: Yes. I’ve already had my patient record marked as… Have you ever heard this one? Worried well. Brett: No. Melissa: I looked it up. It’s basically hypochondriac. Brett: Yeah, that’s what I was gonna guess. That Melissa: Yep. I actually– I was proud of myself because I actually did confront the doctor about it and I said, “What does this mean?” I said, “I, I looked it up and it kinda concerns me ’cause it makes me look like a hypochondriac.” And she said, "Oh, no, no, that’s just a, a code that we use when we don’t have something else to assign to it so that insurance will pay." Bullshit. Brett: Yeah, right? I feel like that’s exactly the kind of [00:28:00] thing insurance doesn’t pay. Melissa: Mm-hmm. so Vyvanse Vs Adderall Brett: what do you wanna know about Vyvanse? Melissa: Um, a- and I know it’s different for everybody, but I just kinda wondered what your take was on it. Um, how– can you compare it to Adderall at all for me, Brett: Yeah. Melissa: no comparison? Brett: it’s basically a non-abusable, I would call it lower lying version of, of Adderall. Like, it’s in the same family of stimulant as Adderall, but it can’t– It isn’t processed or it’s… I don’t remember how the mechanics of it work, but you can’t snort it basically. Like, it doesn’t, it doesn’t do anything Melissa: Which I wouldn’t wanna do anyway ’cause there’s nothing up here. Brett: Sure. Sure. And then, yeah, I’m not suggesting that was gonna be a problem for you. Um, but it’s also, like, it’s way, um, for me anyway, it’s way calmer. [00:29:00] Um, and there are people that say it doesn’t do anything at all. Um, especially a lot of people, a lot of people say the generic version doesn’t do anything, um, and that the name brand version does, but I haven’t found that to be true. Like the generic, which you’re correct, still costs like 200 bucks a month, um, for the generic. Um, but it is– It’s not my favorite. Melissa: I wondered why– what made you stop taking it. Did it just not work for you? Brett: No, I still take Vyvanse. Um, yeah. Um, I used to take, um, Focalin, which I loved. Melissa: That really worked for my kiddo, yep. Brett: but it also triggered my mania, Melissa: Mm-hmm. Mm-hmm. Brett: so I was always walking this line of like, do I wanna be super productive and manic with like weeks of depression in between, [00:30:00] or do I just wanna be somewhat productive and stable? Um, which is why I’ve stuck with Vyvanse, and my doctor loves it enough for me that she won’t, she won’t prescribe anything else for me at this point. Like, I’ve asked about switching. I’ve asked about moving back to Adderall and things like that, but, Melissa: It seems like you’re, like you’re kinda on an evening out. Brett: Yeah, I haven’t had a manic episode for a couple years now. Tracking Mood With Data Melissa: Do you track it? Do you– Like, have you ever seen those– I keep seeing these ads for it ’cause, you know, the algorithm feeds us the stuff for wearables that are, um, called– I think it’s called Visible, so it makes your symptoms more visible instead of invisible. Like, do you track it? Do you Have you nerded out on your own data? Brett: like my mania and depression? Melissa: Yeah, like do you track it and look at graphs or anything like that to Brett: See, I’ve never had to use an external tool because I can just look at GitHub contribution graphs, and I can look at [00:31:00] my RSS feed, and I can see exactly, like for a period of like eight years, I can pinpoint exactly where my manic episodes were, um, because that data is historically preserved out there on the internet for all to see. Um, it’s, yeah, it’s– Well, and that’s, like I built tools that gathered that, those various sources of data. Um, and then there was a, a tool called, um, I forget. Melissa: cool, though? Hmm. We’ll think Brett: But it could pull, it could pull in all that data. Um, Bell Beth Cooper, Hello Code, I can’t remember the name of the app. Melissa: Yeah, it’ll come to you eventually. Brett: sure. Uh, but it could pull in like your GitHub, uh, commits along with like what the weather was at the time, how many songs you listened to that Melissa: Oh, day one sorta does that, yeah. Brett: Does it now? Melissa: A little bit, yeah, your locations, [00:32:00] um, if you turn on some of those things. Like not– I don’t think it does the music and things like that, but Brett: I haven’t used it for a while. I haven’t used it for a Melissa: I was gonna switch to the journal app. I was actually really… I held off on upgrading to Tahoe for the longest time, but that one kept nagging at me ’cause I thought, oh, you know, maybe. I mean, as much as I love Day One, I, I thought about, I thought about actually switching over, but no. I tried it. I’m, I’m gonna stick with Day One. Brett: Cool. All right. Cane And Somatic Therapy Brett: Um, so did you have, did you have more to add to your Melissa: Oh, I was gonna, I was gonna add on to what you were talking about with the suspenders. I did start… I think you probably… Well, yeah, you commented on it. Um, I started using a cane, and that I have mixed feelings about that. Um, I should have brought it in here so I could show you. I’ll show you later, ’cause, uh, anyway, it’s, it’s purple. I did get a pimp cane. That’s what my husband calls it. I thought, damn it, if I’m gonna use, like, a cane, then it’s gonna be [00:33:00] purple, and I’m gonna like looking at it, as much as I hate to use it, so. So I’ve been trying to use it. I… What you were talking about with, uh, with finding a curious doctor, I do have new physical therapist, um, so I’m really happy about that. Same kind of thing where she’s super booked. I think that’s just how it is. Like, the really good ones, they’re good, and, you know, it shows because it’s, it’s hard to get in to see them. So yeah. So I’m, I’m looking forward to that. We’re gonna be doing… Have you heard of somatic therapy? Brett: Yeah. Melissa: Yeah. So ha- have you tried it? Do, do you like it? Okay. That’s, that’s what I’m embarking on. Brett: I actually have a friend who teaches classes in it. Melissa: Oh, Al probably knows about that. Brett: y- yeah, Melissa: Yeah, I’ll, I’ll Brett: and it is, it is amazing how hard just doing things, doing motions you’re used to, but doing them very slowly and intentionally. It is like you– Just like, Just like, doing y- like a clamshell where you drop your knee, you’re [00:34:00] on your back and you drop your knee down to the side and bring it back up. Like that motion, most of us, even infirmed people can do that okay. You try to take… You try to do that and take like five breaths in each direction, and you’ll start shaking. It’s very Melissa: Ah, uh-huh. Yep. Brett: Yeah, but it’s good. Like it’s g- it really retrains your muscles. It really, it strengthens, retrains, and helps with, uh, finer motor control. Melissa: Oh, that’s interesting. Yeah, I, I’m, I’m a little bit on the skeptical end of it, so that’s why I’m, I’m glad that, that you, you vouch for it too. It’s like I know that it works, but I just… I guess I wanna understand the science of it a little bit more. Like, for example, I’ve tried, uh, acupuncture, and I just didn’t feel like it did, did anything for me. I think you have to be, like, a believer, and I just Brett: think so. Melissa: I, I, I even did that on purpose knowing that I kinda felt like it wasn’t gonna work. I was like, well, what if I just go into this? ‘Cause, [00:35:00] ’cause I talk to people and they’re like, "Well, you have to believe in it." I’m like, but what if I don’t? I just don’t, you know? I’m, I see it Brett: it’s not medicine if you have to believe in it. Melissa: Yeah. I mean, I see it work for other people. I know there’s, you know, such a thing as placebos and things like that, and I don’t know, it’s, it’s woo-woo and I, I, I like woo-woo stuff. I, it just, it didn’t do anything for me, so… It’s not to say that it doesn’t work for other people, but it just did not work for me, and I, I kind of, I, maybe I just, uh, did that on purpose when I, I try- probably just tripped myself up going into it thinking, well, I just don’t believe it, so if it works, then there must be science behind it. And then, then, I’ll believe. But it didn’t work out, so. So the, I’m a little bit on the fence about the somatic thing, but the, the, the gal that I’m working with is just so, she has EDS herself, and like, like what you were saying, like, she, she knows all about it and she could even, you know, tell me the, the type that she has, and I was like, I met, I met, actually last week I met two zebras in one week. [00:36:00] You, you’re familiar with the, the zebra mascot? If you, uh, the saying goes, if you hear hooves, think horses. But we’re not horses, are we? Yeah, so Yeah, so that’s, that’s our, our Somatics For EDS Melissa: EDS Brett: somatic– somatics you don’t have to believe in for them to work. Melissa: Okay, that is Brett: it’s an actual physical therapy method that trains the finer muscles, um, that surround your larger muscles and, and strengthens those, and it– Yeah, it’s for real. It’s, yeah, it’s not like a… It’s soma- I think, Melissa: w- totally Brett: ’cause I I had the same reaction when someone said somatics, ’cause I think, “Oh, that’s some holistic idea of the body, um, of soma,” and it’s… No, it’s, it’s got legit physical therapy behind it. Melissa: And, Yoga Modifications Melissa: you used to do a lot of yoga too, so that probably makes Brett: I still do. Melissa: Yeah? That’s [00:37:00] wonderful. Brett: it’s gotten really hard. Um, I can’t, I can’t– So I get dizzy Melissa: Yeah. Brett: going from sitting to standing, um, and my back gives out if I am in, like, horse or warrior two for more than a couple minutes. Um, and I can’t do cobras because I have a belly like a nine-month pregnancy. Um, so I have to do, like, prenatal yoga, um, which is actually a thing. Melissa: that’s a good idea. I’m glad you brought that up. I should look Brett: a- and I do chair yoga, um, where I I take the class that everyone else takes, but I modify it to work with… Like, there, there are defined moves that you do with a chair instead of. Instead of doing down dog, you do, like, a 90-degree down dog holding the back of a chair. Um, and you put, like, a knee on the chair to do warrior two, so you’re actually [00:38:00] resting. And Um, and you can do it fully seated too and get at least the arm exercises out of it. So I’ve been trying to maintain, maintain flexibility and some endurance. I’m not doing yoga the way I used to do it, but I am still Melissa: I’ve seen some of your poses. It’s pretty impressive. Brett: Yeah, back in the day. Melissa: W- when you could be upside down. Polycystic Liver Shock Melissa: I should look into that because I, you know, although I’m done having babies, like far done having babies, I have… You probably know about this too, I have polycystic liver disease, which is a really rare type of liver disease, and it’s not fatty liver. Oh my God, I have to keep telling doctors that. That’s the other thing. It’s like, it is not fatty liver. It is not. It- they’re cysts. It’s a totally different thing. I’m basically full of bubbles. So I… But it feels like that’s why I went in to get it. I didn’t actually get that checked. I found it accidentally when I went in for an heart, for a heart CT. That’s when they found it, and for a, a breast MRI, so [00:39:00] both those, those types of scans caught it. The other parts were fine, so my heart’s fine, so that’s a relief. But yeah, so this was a bit of a shock. And so I don’t know exactly what it means moving forward, um, but my entire liver is, like, engulfed in cysts, so. Right? But my blood work is, is fantastic right now, so I’m just gonna keep Brett: That’s good. Melissa: hoping it stays that way. Brett: That’s something. Fatphobia In Healthcare Brett: Um, I I have heard for a long time about, um, doctors being fatphobic and, and always assuming that, um, always assuming that your health i-issue is because you’re fat and not even looking for underlying issues, which has been an interesting experience for me because that really never happened to me. Melissa: Mm. Brett: Um, at least not once I switched to Gundersen from, like, a local clinic. Then I realized that it’s not just being fat that gets you [00:40:00] stigmatized, it’s being a fat woman. Melissa: Mm, I was gonna say try having a uterus and being Brett: yeah. Yeah. Um, like I talked to one of my best friends, April, who he’s, has been on Melissa: by, women doctors. Brett: Yeah. Yeah. And that’s, that’s what April tells me. She tells me all these horror stories. Even after finding care she trusted, she still has to deal with people saying, “Well, if you just lost some weight.” Like, she’s been fat her whole life. She’s in better shape than most skinny people Melissa: Yeah. Mm-hmm. Brett: I mean, she does sit-ups with 50-pound plates and does, like, five, 10 miles at a time on her, like, on her bike and, like, she’s in great shape and still has to walk with the ski poles, and she’s getting her second knee replaced this week. And, like, it, it’s just infuriating to hear the way that doctors dismiss Melissa: You know what the problem is, Brett? Brett: goes through [00:41:00] when Pole Dancing Reality Check Melissa: Not enough doctors have watched fat pole dancers. That is the problem right there. They need more education. Brett: Um, yeah. There’s, there are a couple of, um, queer burlesque shows Melissa: shows, yes. Brett: in my area that almost always include a plus-size pole dance, and it is amazing to Melissa: Oh, it’s mesmerizing. It should be an Olympic sport. Remind me to send you the, the link to, unless you’ve already seen it, have you seen the Deadpool pole dancer? Brett: No, I don’t think Melissa: you are in for a treat. We might just have to put that in the show notes, but I don’t know, I don’t know if your listeners are that, are into that It’s fully clothed, but it’s, there’s even blue Crocs involved. Brett: So this is nobody that you’re seeing on the Melissa: I wondered, yep. I wondered, yeah. Aw, he looks so soft. Mm. Mechanical Keyboard ASMR Brett: So you’ve [00:42:00] gotten really into mechanical keyboards. Melissa: have, I have. In fact, uh, I was gonna, I was gonna see how this might sound, but I, I brought my little box of key caps to show you so that I could say, welcome to my ASMR channel. Brett: That would… is is that a thing? I bet there are ASMR, like, key switch testing. Melissa: yeah, yeah. I’ve run across a couple of videos where, you know, they’ll have a hashtag ASMR in there, and that’s, that’s what it is. Do you experience ASMR yourself? Brett: No. Melissa: No? So when you listen to those videos you don’t get like the s- the tickling of the spine and stuff? Brett: No. Melissa: I do. It actually, it goes, it… I forget. I always forget what the acronym stands for, but it, you know, has something to do with the meridian. So if you can i- imagine your brain like split in half, and I feel it right on this side. It goes, it goes like the, down the back of my head, behind my ear, and down into my shoulder. It [00:43:00] is the funkiest feeling, and I love it. I love it so much. Even when we were talking about animals in the, in the beginning and I even had a cat that would come and just like kind of lick my ear and, oh, I just, I love that. Most people cannot stand that sound. They have the opposite condition where they can’t handle somebody chewing gum. My grandfather had that. Um, some, some kinda, it ends in a tonia. Misatonia or something like that, um, where… I don’t know. Do you have any of those like sound sensory issues? I have a lot of Brett: really don’t. I’m very, I’m very, like, sound Like, I like loud, heavy music. Like, that does something for my psyche. Um, but general sounds, they neither bo-bother me nor stimulate me. Melissa: imagine what that’s like. I just can’t. I’m So bothered, and my kids too, and you know, ugh, God, Brett: So El Melissa: has been problematic. Brett: El is, El is, definitely sensitive to sound, um, in a way that Like, even my [00:44:00] mechanical keyboards can’t be, can’t be on the same floor of the house as Elle. We pretty much live in silence, and that’s fine for me most of the time because, like, it just doesn’t affect me either way. So, like, keeping things quiet is easy, and I focus well in silence. And then when Elle’s gone, I blast my music, and w- when I’m in the car, I blast my music, and then the rest of the time I live in the quiet place. Melissa: Mm-hmm. In The Quiet Place. Brett: Yeah. Melissa: Yeah, we have- something a little similar, but m- my husband and I have, uh… We have our his and hers kind of setup here in, in the, in our den, in our inner study. So he’s got his side and I’ve got my side. So we’re together, and he does a lot of grading papers, and he’s really good about putting his, his earbuds in and just tuning the whole world out. He’s… It’s fascinating to watch that man just [00:45:00] execute. I mean, I just am so envious of people who can just execute. But the, the, the, yeah, the sensory, it’s all about the sensory stuff for me when it comes to keyboards. I actually thought about… I don’t know how popular it would be, but I also thought about making a podcast, a video podcast, that would highlight the intersection of nail art and mechanical keyboards. Because I’ll tell you, that’s actually what… I’ve always loved mechanical keyboards, but yeah, the, the one that I had, someone had given me a, a Matias, and oh, it’s, it’s so loud, but it’s like high-pitched. It’s kinda sharp. And it was even kind of annoying to me after a while. And then it does not, it’s not a mechanical keyboard in that you can’t pull the switches out, so you’re kinda stuck with what you got. Like, you might be able to change the key caps if you could find them, but couldn’t change the switches. And something happened to the S key, and I was like, “All right, it’s over,” so. But I can’t get rid of them either, so one of these days I wanna have like a display of, of keyboards. [00:46:00] Nail Art And Picking Melissa: But what got me, what got me into saying, “Okay, I’m finally, I’m just gonna invest in a keyboard because it’s ergonomically important to me,” is I have… And I can’t pronounce it, so I’m not even gonna try, but there’s a condition, and it’s a self-diagnosed thing. But I, I am a picker. I pick my skin a lot. Um, I think it’s called derma something Anyway, so I wasn’t gonna try to pronounce it. But, uh, I’ve always had that condition since I was a kid. I didn’t even know it was a thing. I just thought everybody get, uh, picks. But then during the pande- during the pandemic, it got super bad. Like, I had, I had, um, some panic attacks and, you know, as a lot of probab- people probably did. But it got so bad to the point where I had picked my fingers and they were bleeding and they were throbbing and they were hurting. And I said to one of my kids, I said to my youngest, I said, “Can you just, like, if I, if I’m picking, can you just let me know?” And then I regretted doing that because then he took it on as this, like, full-time job, you know? And it kinda [00:47:00] gave him anxiety, and I thought, “Oh, okay, that, that was a bad thing to do.” So I s- I let him off the hook. I said, “No, you don’t have to tell me anymore.” Um, because, yeah, ev- even if I went to, like, just kinda, like, clean under my nail or something. So it was actually causing a real problem for the family that I was just picking so much. And it’s not just my fingers, it’s, like, other parts of my body. So I thought to myself, “Well, what can I do about this?” And so I started putting fake nail tips on. And I hate to be all, like… I don’t know, I’m not, I try not to be, like, a very vain person, but I really started kinda falling into the nail art side of things, and I, I just recently learned how to do gel and work with, um, uh, what’s it called? Uh, not resin. So I… Oh, that’s another ASMR thing. Do you like to watch resin pours? Brett: I do, actually, yes. Melissa: that’s… Okay, so if you like resin pours, if you like to watch the viscosity and the way the, the chemicals, like, form together and when they, when they mix colors in and stuff, [00:48:00] that’s what it’s like with nail art but on more of, like, a macro level because it’s, you know, you’re working with small stuff. Like, just, just recently I learned how to do… So I’m showing Brett this on, on camera, but I recently learned how to do the kind of nail polish that you take a magnet and you run the magnet along it, and it makes this, like, a cat’s eye. Brett: Yeah, that’s cool. Melissa: I love it. So, so that, so combining nail art then, and I thought, “Well, now I’ve got these long nails,” but all of my keyboards have been these flat, really low-profile keyboards. And, you know, I just, I started to dread it. So then I was kinda caught between a crossroads. Like, either I leave nails off and I can type really, really fast and have high accuracy with no nails, but then as soon as, as soon as I get, like, a little snag or something, then I start picking and then it’s just, it’s all over then. Or I try to find a way to work with these nails. So that’s what I started thinking, “Well, maybe if I had higher keys.” And so then I just, yeah, rabbit hole. [00:49:00] Went down the rabbit hole, and I’ve, I’ve just kinda been there ever since. And, uh, it really, I think, uh… Let’s see. How long ago did this start? It’s only been about maybe like six months or something like that, so. Keyboard Layout Rabbit Hole Melissa: But in that time so I’ve started, um, building a collection of switches. So I’ve been really interested in both the key caps and the switches. Um, I’ve got my baseboards. I like my Royal Kludge the best. This is… I’m gonna show Brett my Royal Kludge. So, so this is what it’s looking like right now. Brett: Yeah. Melissa: It is very purpley. Um, I did post some pictures. I can… I don’t know if you do pictures in show notes, but I could take some pictures for you It’s got a knob. It’s got, um… Let me see if I can do it real Brett: Do you use the knob. I have a couple keyboards with knobs and even a joystick, and I never actually use them Melissa: Good question. Um, I, I use it, I try to use it for volume at [00:50:00] times, and that’s probably what I use it for the most. But this one does have a… Let’s see if I can get this into focus here, backwards and upside down. It’s gonna be upside down, but you see how you can put, you can put your logo Brett: Oh, yeah. Nice. Melissa: got my The Mac Mommy little logo on there. Otherwise, it gives you the time in military format, so that’s kind of handy to have. Um, but yeah, it’s… To be honest, I, I love the, I love this Royal Kludge because it’s nice and heavy, and I love the form factor. It’s got a number pad, um, because I’m, because I am a grown-ass adult and I need a number pad. Um, but it’s nice and heavy. It doesn’t, it doesn’t move around my desk a lot. I kind of have to type, like, kind of crooked, ’cause that’s just the way my neck goes to the wrong way and stuff like that. So I like being able to fit it on my desk. I have a, I had a larger one made by Red, uh, what is it? Redragon. This is the one that I started [00:51:00] out with. Gonna make lots of noise here. But as you can see, this one is way bigger. And it was, as much as I liked it, I mean, I fell in love with it, but what was happening was my accuracy was, like, really thrown off because I fe- I kept feeling like it just needs to be, like, a couple centimeters to the right or a couple centimeters to the left. It just wasn’t centered very well. So this one, my husband gets all the hand-me-downs, so that one went over onto his desk. Uh, and then I also have a baby keyboard here, and this is another Redragon. This is my little mini one. Brett: that’s, that’s the kind of keyboard I mostly use, like a 70% keyboard. Melissa: Yeah, I think this one’s even 60. Um… Brett: My– The one I’m using right now is, uh, 60. There’s no, there’s no function row, there’s no arrow, there’s no keypad or, like, arrow pad. Um, Melissa: No [00:52:00] arrows? How do you live without arrows? Oh, do you, you mapped your keys to something Brett: so it looks like this, Melissa: nice. I love the Brett: that the, the space bar is split in two. Yeah, my, my, my partner says it looks like, uh, gay ’80s. It’s all pink and blue and purple. Um, but the, the space bar is split, and the right half of mine functions as something called a mod key, and when I hold that down, then my I, J, K, and L keys become arrow keys. Melissa: Oh, wow. Brett: once you get used to it, you never have to take your hand off the home row. Melissa: Oh my God, that must be amazing. Brett: It– Yeah, once you get used to it, it, it’s so… Like, g- moving to a keyboard that doesn’t have that is kind of tortuous. On my MacBook Pro, I have remapped it using Karabiner so that Melissa: [00:53:00] That’s what I’m using. Brett: if I hold, the semicolon down with my pinky, then H-I-J-K-L become, Melissa: Oh, nice. Brett: become arrow keys, so I still don’t have to move my hand all the way down and to the right. Like, that’s such a inefficient movement that then I have to, like… Because I don’t have great feeling in my fingers, so finding, on a low-profile keyboard, finding the, the homing buttons again Melissa: Oh, do you use the humming buttons? See, that’s the thing, I was never taught that. I mean, I took like a ty- I took like a typewriting class back in high school, and I just didn’t like it. I, I just taught myself. I just… I’m an autodidact that way, so I just taught myself. Brett: my dad, back in 1984, we had a typing program on our PCjr, and I Melissa: It wasn’t Mavis Beacon, was it? Brett: remember. I don’t remember. All I know is, like, It taught you touch typing, and it would give you [00:54:00] these lessons, and you would basically just mirror what was on screen. And at the age of seven, I was typing at about 68 words per minute on an, on an old IBM PCjr keyboard. Um, got a lot faster through high school and everything. But yeah, I was, I was, from day one, I was raised to be a touch typist, and, and I took all the classes they had in school. Melissa: But you still touch Brett: labs. Yeah. Melissa: Uh-huh, yeah. So you don’t do the home rows. Brett: No, that is touch Melissa: Oh, touch typing, so you do feel… for the bumps. Brett: Yeah, I feel for the bumps, and then I just, like, my f- my key, my fingers never really leave the Melissa: Oh, yeah. See, I wish I could do Brett: centered home row. Yeah. It’s, it, it’s good. Um, Melissa: And you’re using the split, so my gosh. Brett: What– You get used to that too. Um, like, [00:55:00] I can’t do it with the split far apart. I’ve seen people use, like, splits, like, way out to the sides, and I can’t, my, my brain doesn’t do that. Like, my hands have to be within, like, six inches of each other. Melissa: I always thought, it would be so cool to have something where you could have it, like, raised up like this, right? And use your hands sideways. Brett: Yeah. Well, that’s I mean, that’s essentially, I have, on the bottom of this keyboard, I have these risers. Melissa: Oh, uh-huh. Oh, Brett: So it sits, right now I have it at about a 45-degree tent, tent, tent. Um, but it can go up to more like an 80-degree tent, where you’re actually Melissa: Wow. Brett: uh, almost like you’re clapping, you’re typing. Um, I don’t Melissa: of that. I have a, a, handshake mouse. Brett: Vertical mouse. Melissa: You like… Is that what you have for a mouse too? Brett: no, I, I love Melissa: Trackballs. Oh, trackpads. Oh, okay. Brett: Apple’s Magic Trackpad changed my life. I’ve never used– I’ve never gone back to a [00:56:00] mouse since the first Magic Trackpad came out. Melissa: So you’re all about the gestures then? Brett: yeah, Melissa: Yeah. Yeah, yeah. That’s great. Brett: Bet- bet- better touch tool for the win. Melissa: You know what it is for me, is because of the type of work that I do, and this is very much true for both of us, you do these things because of the type of work that you do. The type of work that I do, I’m in everybody’s homes, so I have to ty- I have to be able to type and use their mouse and, I mean, it’s actually a very dirty job. So I keep hand wipes with me everywhere. Um, that, that was why during the pandemic I was like, “I am not coming to your house and I am not touching the stuff that you just picked your nose and…” Yeah, mm-mm. But, so, so i- it’s been kind of keeping me almost like a purist in a way as far as keyboards have gone all these years. I, I finally just kind of let go and embraced this recently, th- which is why I’m so excited and why I’m just kind of nerding out on it, because when, when I worked [00:57:00] in, like, I’ll call it the industry, um, I got my f- my start in prepress. So I worked in prepress, I was a typesetter, and we had… That’s what I kind of miss. We had the old clunky beige keyboards, and I had my muscle memory such that I think my o- my Option key would have, like, the indentation of my nail on it. You know? ‘Cause I had, just like you have, keys that are programmed. I could… I was a Quark queen. I don’t know if you’re familiar with QuarkXPress? Brett: Oh, yeah. Yeah. I was a graphic designer. I I know Quark. Melissa: Yeah, I loved it. I was… And, and I used it back in the OS 9 days, OS 7 really, is when I started out. Uh, I did not like the OS X vers- OS 10 version of Quark. Did not like it at all. Brett: No, but that’s Melissa: it was slow. Brett: Adobe came out with, what was, what was Adobe’s… InDesign. Yeah. By the time I had started, by the time I had started my own ad agency, we were all InDesign. Melissa: Oh, [00:58:00] nice. Okay. I mean, it was a Brett: and none of the, none of the print shops expected Quark files Melissa: Yeah. Oh, it was so expensive. I remember I had to buy it when I was in college, and I remember it cost, like, $800. I’m probably still paying for that, damn it, in interest. Yeah, so that, that’s how I got my start originally, and that’s how I was doing… I, I went to… So I have, I have a Bachelor of Fine Arts. I went to college in order to be a designer. I wanted to be a designer designer, and that’s what I, what I thought I was good at and thought that I liked doing, ’cause, you know, “Oh, you’re a girl. Go to art school. You like to draw.” You know? I’m always bitter about that because I really wish that I would’ve been able to go… I mean, this was, you know… I’m, I’m 51, so this was back in the day where girls, girls don’t do computers and girls don’t do coding. G- girls don’t do computer science. They didn’t even call it computer science. They didn’t even call it graphic design back then. It was commercial art. Um, so I studied that and, you know, I liked it ’cause I thought, “Well, this is what I could, I could take my art and make [00:59:00] a living into it.” And then fast-forward, um, I just started to fall in love with the technical troubleshooting side of things. So as, as good as I was at the technical typesetting and the technical, like, putting prepress things together, you know, um, uh, key sheets and s- you know, things like that. Do you remember, was there, uh, did you ever use a program called Quick Keys? That was one of the ones Brett: familiar. Melissa: you could map your own keys to things. So w- when I was in prepress and doing typesetting, I used that program and I, I mapped all my keys, and I had all these quick keys and stuff so I could go really, really fast, you know? So when they wanted something done fast, they gave it to me, and I could just fly through documents with this. But then as people learned that I was good at this kind of stuff and troubleshooting, they’re like, “Oh, hey, Roger needs, you know, has a problem. Can you go help him?” So I’d go over to his cubicle, I sit down, and he’s got nothing. You know, he’s got [01:00:00] no quick keys, no nothing, and you just kinda get lost because your muscle memory just adapts to it. And I couldn’t help people the way… And, and that was what it was about for me. I really liked more helping people and troubleshooting and the technology side of things than the actual design process. So I kind of went to the other side with it. And so I just kind of, like, vowed that, okay, I’m not gonna do any kind of, like, customization on my own workstation because then I’ll, my, my muscle memory will map to it, and then when I go to sit down to help somebody else, I won’t… You know, I’ll be so much in my own world that I won’t be able to help them. And so I just kind of, like, remained a, a pu

Java 26 est là, GraalVM cartonne chez Trivago (43 à 12 réplicas !), OpenJDK interdit le code généré par LLM, Spring et Quarkus enchaînent les releases. Côté IA : ADK 1.0, A2A, Lyria 3 chante (mal ?), Yann LeCun lance Ami Labs et ses World Models. Mythos d'Anthropic fait trembler la sécu, Claude Code a leaké son source, et les git worktrees envahissent vos terminaux. Bonus : la mort annoncée de l'IDE, vagues de licenciement chez Oracle et Block, et nos voix toutes clonées. Bon week-ends de mai ! Enregistré le 7 mai 2026 Téléchargement de l'épisode LesCastCodeurs-Episode-340.mp3 ou en vidéo sur YouTube. News Langages Retour d'expérience d'une migration vers graalVM chez Trivago https://medium.com/graalvm/inside-trivagos-graalvm-migration-native-image-for-graphql-at-scale-912bca9df841 La passerelle GraphQL de Trivago (point d'entrée de tout le trafic vers 48 microservices) souffrait de pics de timeout au démarrage JVM Résultats spectaculaires après migration vers GraalVM Native Image : réduction des réplicas de 43 à 12, CPU de 15 à 5 cœurs, images Docker plus légères Obstacles techniques : incompatibilité Log4j → migration vers Logback, remplacement de Mockk par Testcontainers, compilation CI/CD très gourmande Netflix DGS et d'autres librairies manquaient de support GraalVM → l'équipe a contribué des correctifs upstream en open source Approche recommandée : commencer par les services les moins complexes, investir massivement dans les tests automatisés À la 14e migration, le processus était si rodé qu'il allait plus vite que la toute première tentative OpenJDK Interim Policy on Generative AI - https://openjdk.org/legal/ai OpenJDK adopte une politique intérimaire interdisant toute contribution incluant du contenu généré par des LLMs, modèles de diffusion ou systèmes deep-learning Le périmètre est large : code source, texte, images dans les dépôts Git, pull requests GitHub, emails, pages wiki et issues JBS Les contributeurs peuvent utiliser les outils d'IA de manière privée pour comprendre, déboguer et relire le code OpenJDK, mais ne peuvent pas contribuer le contenu généré Trois risques justifient cette politique : surcharge des relecteurs face au code plausible mais incorrect, risques de sûreté/sécurité pour une plateforme critique, et risques de propriété intellectuelle (l'OCA exige que les contributeurs possèdent les droits IP de leurs contributions) Même éditer partiellement du code AI-généré ne le rend pas acceptable à la contribution Oracle, sponsor corporatif d'OpenJDK, travaille sur une politique complète à soumettre au Governing Board GraalVM Native Image et la Closed-World Assumption en Java https://pvs-studio.com/en/blog/posts/java/1357/ Un bon article de rappel du contexte de closed world en Java GraalVM Native Image compile les applications Java en exécutables natifs statiques, sans JVM au runtime. La JVM fonctionne en monde ouvert : les classes sont chargées à la demande, les appels sont des références symboliques résolues dynamiquement. Native Image impose la "closed-world assumption" : tous les chemins d'exécution doivent être connus à la compilation. Les fonctionnalités dynamiques Java (réflexion, proxies, chargement de classes) créent des chemins cachés invisibles à l'analyse statique. C'est pourquoi Native Image exige des fichiers de configuration explicites pour la réflexion, les proxies, les ressources et la FFM API. L'article illustre le problème avec la Foreign Function & Memory API pour appeler printf natif : fonctionne sur JVM, échoue en Native Image sans config. Inclure tout le bytecode accessible serait inutilisable : binaire géant, compilation très lente, et la réflexion nécessite des métadonnées précises. La configuration n'est pas un défaut de conception mais une conséquence logique du passage du dynamique au statique. Java 26 : les nouveautés https://foojay.io/today/java-26-whats-new/ Java est le langage de la JVM, publié tous les 6 mois depuis Java 9 ; Java 26 est une version non-LTS avec 10 JEPs. JEP 500 : protection des champs final modifiés par réflexion profonde, avec des avertissements configurables. JEP 504 : suppression définitive de l'API Applet, plus supportée par les navigateurs. JEP 516 : le cache AOT (Project Leyden) fonctionne désormais avec n'importe quel garbage collector. JEP 517 : support HTTP/3 dans le client HTTP, HTTP/2 reste le défaut mais HTTP/3 est accessible à la demande. JEP 522 : amélioration du débit du GC G1 en réduisant la synchronisation entre threads applicatifs et threads GC. Nouveau support des UUIDv7 via UUID.ofEpochMillis(), naturellement triables et adaptés aux identifiants de bases de données. Process devient AutoCloseable, utilisable dans un try-with-resources. Aucune fonctionnalité en preview n'est graduée en standard ; Structured Concurrency en est à sa 6e preview. Librairies Guillaume a créé une petite librairie Java sans dépendance pour extraire le JSON d'une réponse d'un LLM un peu verbeux https://glaforge.dev/posts/2026/03/22/extracting-json-from-llm-chatter-with-jsonspotter/ Les LLM génèrent souvent du JSON, mais il est parfois entouré de bla-bla et/ou contient des erreurs (ex: commentaires, virgules finales) qui bloquent les parseurs JSON standards. Guillaume a créé une petite librairie légère sans dépendance pour localiser et extraire la structure la plus longue ressemblant à du JSON (même malformé) On peut ensuite passé cette chaîne à un parseur "lénient" (plus tolérant) comme Jackson pour ensuite avoir de bons vieux objets Java fortement typés Librairie dispo sur Maven Central ADK Java sort sa version 1.0 (Agent Development Kit par Google) https://developers.googleblog.com/announcing-adk-for-java-100-building-the-future-of-ai-agents-in-java/ ADK est un framework open source de Google pour créer des agents IA, initialement en Python, maintenant multi-langages (Python, Java, Go, Typescript). Nouvelles fonctionnalités majeures : Outils puissants : GoogleMapsTool, UrlContextTool, ContainerCodeExecutor, VertexAiCodeExecutor, abstraction ComputerUseTool. Architecture de plugins centralisée : Nouveau conteneur App pour gérer les Plugins à l'échelle de l'application (ex: LoggingPlugin, GlobalInstructionPlugin). Context engineering amélioré : Compaction d'événements pour gérer la taille des fenêtres de contexte (résumé et rétention). Human-in-the-Loop (HITL) : Supporte les workflows ToolConfirmation pour approbation humaine des actions d'agent. Services de session et de mémoire : Contrats clairs pour la gestion de l'état (InMemory, VertexAI, Firestore) et la mémoire à long terme. Support Agent2Agent (A2A) : Collaboration native entre agents distants de différents frameworks via le protocole A2A. Dans cet autre article, Guillaume partage comment il a développé l'application Comic Trip montrée dans la vidéo YouTube et qui utilise ADK 1.0 https://glaforge.dev/posts/2026/03/30/building-my-comic-trip-agent-with-adk-java-1-0/ Nouvelle version du SDK Java pour Agent2Agent Protocol, avec le support de la version 1.0 de la spécification https://medium.com/google-cloud/a2a-java-sdk-1-0-0-beta1-released-e83c414b34cc Alignement avec la version 1.0 de la spécification Nouveau groupId org.a2aproject.sdk et package org.a2aproject.sdk Protocoles de transport : support complet et équivalent pour JSON-RPC, gRPC et HTTP+JSON/REST. Gestion des erreurs : introduction de codes d'erreur et détails structurés pour une meilleure observabilité. Optimisation HTTP : ajout d'en-têtes de cache pour les métadonnées des agents (Agent Card). Flexibilité du client HTTP : support par défaut du JDK HttpClient, avec option Vert.x pour les environnements Quarkus. Nouvelles fonctionnalités techniques : méthode DataPart.fromJson() pour la création simplifiée d'objets depuis du JSON brut. Prochaines étapes (v1.0.0.GA) : support simultané des versions 1.0.0 et 0.3.0 du protocole pour assurer l'interopérabilité. JPA 4.0 Milestone 2 : nouvelles fonctionnalités pour Jakarta Persistence https://in.relation.to/2026/04/23/JPA-4-M2/ Jakarta Persistence (JPA) est la spécification standard Java pour le mapping objet-relationnel (ORM), implémentée notamment par Hibernate. JPA 4.0 M2 est la deuxième milestone de la prochaine version majeure de la spécification, annoncée par Gavin King. Construction de requêtes Criteria à partir de chaînes JPQL, offrant plus de flexibilité dans la composition dynamique des requêtes. Nouveaux types d'expressions spécialisés (TextExpression, NumericExpression) pour simplifier l'écriture des requêtes Criteria. Nouvelle interface FetchOption pour contrôler explicitement la stratégie de chargement des associations, dont un BatchSize intégré. Nouvelle annotation @EntityListener qui découple les classes entités de leurs listeners, supprimant les dépendances à la compilation. Les listeners peuvent cibler plusieurs types de callbacks et s'appliquer globalement à toute l'unité de persistance. Introduction de FlushModeType.EXPLICIT et QueryFlushMode pour un contrôle plus fin de la synchronisation avec la base de données. La méta-annotation @Discoverable permet de placer des annotations comme @NamedQuery sur n'importe quelle classe ou interface. Améliorations du DDL via @Index amélioré et clarifications de la spécification via la javadoc. Quarkus 3.35 : tree-shaking, PGO et AOT Semeru https://quarkus.io/blog/quarkus-3-35-released/ Quarkus est un framework Java cloud-natif optimisé pour GraalVM et HotSpot, conçu pour les microservices et les environnements conteneurisés. Nouveau JAR tree-shaking expérimental : analyse des dépendances à la compilation pour supprimer les classes inutilisées. Sur le CLI Quarkus, cela supprime plus de 6 000 classes et économise environ 18 Mo (39,5 %). Support du Profile-Guided Optimization (PGO) pour les builds natifs via quarkus.native.pgo.enabled=true. Le PGO est une fonctionnalité Oracle GraalVM, non disponible dans la Community Edition. Support de l'AOT IBM Semeru : le démarrage passe de ~380 ms à ~190 ms dans les premiers tests. Nouvelle extension quarkus-reactive-transactions : support de @Transactional pour les méthodes Hibernate Reactive retournant Uni. Configuration CORS dédiée pour l'interface de management, indépendante de l'interface HTTP principale. Les tests n'utilisent plus les System Properties pour la propagation de configuration, facilitant la parallélisation future. Le serializer jackson sans reflection n'est pas le default du aux retours de cas limites, encore du travail This Week in Spring - 21 avril 2026 https://spring.io/blog/2026/04/21/this-week-in-spring-april-21-2026 Spring Framework 6.2.18 et 7.0.7 corrigent trois failles de sécurité : DoS via fichiers multipart WebFlux, empoisonnement de cache de ressources statiques, et DoS sur Windows. Le support open source de Spring Framework 5.3.x et 6.1.x est terminé, la migration est recommandée. Spring Data 2026.0.0-RC1 introduit l'upsert (MERGE/INSERT ON CONFLICT) dans l'API Template de Spring Data Relational. Spring Data ajoute un RedisMessageSendingTemplate pour la cohérence avec les listeners Redis, et une optimisation de réinitialisation de caches en un seul appel. Spring AI introduit une Session API (série Agentic Patterns, partie 7) : architecture event-sourcée pour la mémoire des agents IA. La Session API supporte la compaction turn-safe, l'isolation de sous-agents en parallèle, et la persistence JDBC (PostgreSQL, MySQL, MariaDB, H2). Elle vise Spring AI 2.1 (novembre 2026) et remplacera à terme l'API ChatMemory. Spring Vault 4.1.0-RC1 et 4.0.2 sont disponibles. Netflix a présenté son usage de Java, Spring Boot et Spring AI dans une vidéo. This Week in Spring - 28 avril 2026 https://spring.io/blog/2026/04/28/this-week-in-spring-april-28-2026 Cette série hebdomadaire de Josh Long compile les nouveautés de l'écosystème Spring : articles, outils, podcasts et annonces de la communauté. Spring Boot 4 introduit un package natif de résilience org.springframework.resilience avec une nouvelle API de retry qui remplace les approches fragiles via Spring Retry ou Resilience4j. L'API retry native de Spring Boot 4 a des noms d'attributs et sémantiques différents des anciennes bibliothèques, rendant les tutoriels pré-2025 obsolètes et sources de bugs silencieux. Le SDK Spring AI pour Amazon Bedrock AgentCore est disponible en GA : il intègre les capacités AgentCore dans Spring AI via annotations et auto-configuration. Le SDK AgentCore gère automatiquement le contrat runtime AgentCore : endpoint /invocations, health check /ping, SSE avec backpressure. Il offre mémoire court terme (sliding window) et long terme (sémantique, préférences, résumé, épisodique), ainsi que des outils pour navigateur et exécution de code en sandbox. Un plugin Maven (Nullability Maven Plugin) simplifie l'intégration de JSpecify et NullAway pour enforcer la null-safety à la compilation dans les projets Java. Le plugin génère automatiquement les fichiers package-info.java par package et configure le compilateur pour traiter les violations de nullabilité comme des erreurs. Josh Long et Dr. Venkat Subramaniam ont co-présenté à Voxxed Days Amsterdam sur "Intelligent Kotlin", avec un épisode de podcast associé. Cloud Amazon S3 Files https://aws.amazon.com/about-aws/whats-new/2026/04/amazon-s3-files/ Amazon S3 Files est un nouveau service donnant un accès système de fichiers direct aux données stockées dans les buckets S3 Basé sur la technologie Amazon EFS, il supprime la barrière entre stockage objet et interface système de fichiers sans dupliquer les données Débit en lecture pouvant atteindre plusieurs téraoctets par seconde ; des milliers de ressources de calcul peuvent y accéder simultanément Les données restent accessibles via les deux interfaces : S3 API classique et système de fichiers standard, sans migration nécessaire Cas d'usage : agents IA pour la persistance de mémoire entre pipelines, équipes ML sans staging, simplification des data lakes Disponible dans 34 régions AWS Data et Intelligence Artificielle Comment générer de la musique et des clips audio en Java avec le modèle Lyria 3 https://glaforge.dev/posts/2026/03/25/generating-music-with-lyria-3-and-the-gemini-interactions-java-sdk/ Génération musicale avec Lyria 3 (DeepMind) et le SDK Java Gemini Interactions. Lyria 3 : modèle d'IA générative pour créer musique avec paroles ou pistes instrumentales. Utilisation via le SDK Java de l'API Gemini, nécessite une clé API Gemini. Deux versions de modèle Lyria 3 : lyria-3-clip-preview : Clips courts (30s), extraits. lyria-3-pro-preview : Chansons complètes (jusqu'à 3 min), structurées. Personnalisation via les prompts : Fournir ses propres paroles ou les faire générer. Contrôler la structure de la chanson ([Intro], [Verse], [Chorus], [Outro]). Générer des morceaux instrumentaux uniquement. Utiliser des images comme source d'inspiration (modèle multimodal). Sortie : Audio (MP3) et texte (paroles/structure) directement, sans décodage complexe. Facilite l'intégration de la génération musicale dans les applications Java. Les world model, la prochaine étape pour les IA https://www.lepoint.fr/sciences-nature/comment-le-commando-de-yann-le-cun-se-prepare-a-ringardiser-les-geants-mondiaux-de-lia-depuis-paris-OZVUWTDYBNE25C6WF44265ZQKE/ Yann LeCun a quitté Meta FAIR pour créer AMI Labs (Advanced Machine Intelligence) basée à Paris Sa thèse : les LLMs ne mèneront pas à l'intelligence générale, la vraie IA doit partir de la compréhension du monde physique AMI Labs a levé 1,03 milliard de dollars en seed (le plus grand seed round de l'histoire européenne) à 3,5 milliards de valorisation Les world models apprennent à prédire et comprendre la réalité physique plutôt qu'à prédire le prochain token d'une séquence Slogan d'AMI : "Real intelligence does not start in language. It starts in the world." Paris comme base stratégique pour challenger la Silicon Valley dans la prochaine rupture de l'IA Debezium 2026 : résultats du sondage communautaire https://debezium.io/blog/2026/04/27/debezium-2026-survey-results/ Debezium est un outil de Change Data Capture (CDC) open source qui capture les modifications de bases de données en temps réel pour les diffuser vers des systèmes comme Kafka. 98,6% des répondants utilisent Debezium activement ou prévoient de le faire dans l'année, avec 91,3% déjà en production. 63,8% des déploiements tournent sur Kubernetes, 60,9% utilisent Kafka Connect auto-géré, et 17,4% restent sur des VMs ou bare metal. Helm charts est l'approche dominante pour la gestion de configuration, souvent combiné avec GitOps, CI/CD, Ansible ou Terraform. PostgreSQL domine les connecteurs utilisés à 69,6%, suivi de MySQL (33,3%), SQL Server (29%) et Oracle (27,5%). Les volumes de changements capturés vont de 1-25 modifications par minute jusqu'à 1-2 millions par minute selon les environnements. Infinispan rejoint l'écosystème OGX comme fournisseur de stockage vectoriel https://infinispan.org/blog/2026/04/17/infinispan-joins-ogx-ecosystem OGX (anciennement Llama Stack) est un serveur API agentique open source pour construire des applications d'IA complètes. OGX compose des fournisseurs d'inférence, des stores vectoriels, des backends de sécurité, des runtimes d'outils et du stockage de fichiers en un seul serveur déployable. OGX se positionne comme une alternative à l'API OpenAI, déployable sur diverses infrastructures et modèles. OGX cible les workflows RAG (Retrieval-Augmented Generation) et les applications agentiques. Infinispan s'y intègre comme fournisseur de vector IO, apportant recherche vectorielle, par mots-clés et hybride. Je n'ai pas entendu parlé de ce renommage, vous le voyez dans vos deploiements ? Outillage cmux un nouveau terminal basé sur Ghostty spécialisé pour les coding agents https://cmux.com/ Application macOS native construite sur le moteur de rendu Ghostty (libghostty), offrant une accélération GPU pour une fluidité maximale Conçu spécifiquement pour le multitâche et les workflows assistés par IA, avec des onglets verticaux affichant la branche Git, le répertoire et les ports actifs Intègre des notifications qui illuminent les panneaux lorsqu'un agent IA (Claude Code, Codex, etc.) nécessite l'attention de l'utilisateur Propose un navigateur web intégré et scriptable qui peut être affiché en écran scindé à côté du terminal via une API Alternative moderne à tmux, ne nécessitant pas de fichiers de configuration complexes ou de préfixes de touches pour la gestion des vitres et des sessions Supporte nativement tous les agents de codage en ligne de commande et permet l'automatisation via une API socket et une interface CLI dédiée Git Worktree comme un chef https://www.metal3d.org/blog/2026/git-worktree-comme-un-chef/ Article par Patrice Ferlet Git Worktree: Travailler sur plusieurs branches simultanément via des répertoires distincts. Évite git stash ou clones multiples pour le changement de contexte rapide. Méthode "bare" (recommandée): Cloner le dépôt en mode bare (ex: .bare). Lier le dossier racine au dépôt bare via un fichier .git. Configurer le remote tracking pour voir toutes les branches distantes. Ajouter des worktrees pour chaque branche (git worktree add ). Avantages: Économie d'espace, source de vérité unique (un git fetch met tout à jour), hooks/configs partagés, sécurité. Conseils: Ne jamais faire de git checkout à l'intérieur d'un worktree. git fetch --all depuis n'importe quel worktree pour tout mettre à jour. git worktree add --detach pour tester des merges temporaires sans créer de branche. Supprimer: git worktree remove puis git worktree prune. Un script wtree est fourni pour automatiser l'initialisation du setup "bare". Améliore considérablement le workflow. L'IDE meurt et vite https://x.com/jdegoes/status/2036931874057314390?s=46&t=C18cckWlfukmsB_Fx0FfxQ Des leaders techniques prédisent la fin rapide de l'IDE traditionnel, remplacé par des interfaces conversationnelles agentiques Le changement de paradigme : le développeur n'écrit plus des lignes de code mais exprime son intention et supervise des agents autonomes Des outils comme Claude Code, Copilot et Cursor transforment déjà radicalement les workflows de développement quotidiens L'IDE centré sur l'éditeur de code perd sa raison d'être quand l'agent lit, modifie et structure le code de manière autonome La transition est comparable au passage du desktop au mobile : les pratiques établies depuis 30 ans remises en question en quelques mois Le source de Claude Code a leaké via probablement le codemap et un site decrit sont fonctionnement https://ccunpacked.dev/ Le 31 mars 2026, Anthropic a accidentellement inclus les sourcemaps dans un package npm de Claude Code, exposant ~512 000 lignes de TypeScript La fuite n'était pas un piratage mais une erreur humaine : un "*.map" oublié dans .npmignore Le site ccunpacked.dev a été lancé pour analyser et visualiser le code source décompressé Le code révèle un agent background permanent nommé "KAIROS", un mode furtif pour cacher les contributions des employés Anthropic à l'open source, et 44 feature flags cachés Une fonctionnalité inédite "Buddy" (animal de compagnie électronique dans le terminal) et un mode "dream" pour l'idéation continue ont été découverts Anthropic a confirmé : "Aucune donnée client sensible n'était impliquée. Erreur humaine dans le packaging de la release." Gemini CLI passe aux agents https://x.com/srithreepo/status/2039794081925382307?s=46&t=GLj1NFxZoCFCjw2oYpiJpw Gemini CLI, l'agent IA open source de Google pour le terminal, introduit des hooks dans sa boucle agentique Les hooks permettent d'exécuter des scripts automatiquement (scanners de sécurité, vérifications de conformité, logging) à chaque étape de l'agent Lancement de Gemini CLI GitHub Actions : un agent autonome pour les repositories qui peut exécuter des tâches de codage de routine Support des MCP servers pour étendre les capacités et des "Agent Skills" pour des workflows spécialisés Mode agent disponible dans VS Code et IntelliJ avec accès aux outils du système de fichiers et terminal Wispr, le speech to text en local sur macOS http://wispr.stormacq.com/ Wispr est une application macOS de dictée vocale entièrement locale, propulsée par Whisper (OpenAI) sur appareil, sans cloud ni tracking Sébastien Stormacq a développé Wispr en un jour et demi sans écrire une seule ligne de code, grâce à Kiro CLI (agent IA Amazon) Disponible en open source sur GitHub et via Homebrew Détection automatique de la langue, insertion du texte au curseur dans n'importe quelle application via un raccourci global En un mois : 19 releases incluant mode mains-libres, suppression des mots de remplissage, auto-envoi pour les chats, et un outil CLI Exemple concret de développement vibe coding produisant un outil de qualité production sans expertise Swift préalable Comment, Gordon, l'assistant spécialisé en Docker est né https://n9o.xyz/posts/202603-building-gordon/ Nuno Coração (n9o.xyz) détaille comment Gordon, l'assistant spécialisé Docker, a été construit sur docker-agent, le runtime d'agents IA open source de Docker écrit en Go Les agents sont définis en YAML déclaratif et distribués comme des artefacts OCI, sans mise à jour binaire nécessaire L'architecture initiale en essaim de 9 agents spécialisés a été abandonnée au profit d'un agent racine unique avec un prompt soigneusement conçu Le modèle utilisé est Claude Haiku 4.5, suffisant après optimisation des prompts Principe clé "show, then do" : toute action de l'agent nécessite une approbation explicite de l'utilisateur La description des outils impacte fortement la précision du LLM : ajouter des outils peut paradoxalement dégrader les performances existantes Le prompt est une spécification détaillée (identité, patterns d'accès fichiers, règles de sécurité) plutôt qu'une simple instruction IBM Bob https://bob.ibm.com/blog/announcing-ibm-bob-launch IBM Bob assistant IA d'IBM pour coder sur de vraies codebases (lancé avril 2026) 5 modes : Ask, Plan, Code, Advanced (MCP), Orchestrator Détecte la complexité du code en temps réel et propose des refactos Fait des revues de code automatiques sur tes branches/issues GitHub Permet d'écrire en langage naturel directement dans l'éditeur Fonctionne aussi en terminal/CLI et dans les pipelines CI/CD Sécurité : approbation manuelle, .bobignore, checkpoints, pas de training sur tes prompts How I use Claude - 50 tips pratiques https://www.youtube.com/watch?v=mZzhfPle9QU Staff Engineer Meta partage 50 tips après 6 mois d'utilisation intensive de Claude Code Basé sur ~12h/jour d'usage perso et professionnel Couvre tout : bases, workflows avancés, parallélisation Objectif : partager ce qu'il aurait voulu savoir dès le départ Méthodologies Quelqu'un rale sur la non soutenabilité des bases de code écritent avec des agents https://mariozechner.at/posts/2026-03-25-thoughts-on-slowing-the-fuck-down/ Mario Zechner estime que les agents IA font les mêmes erreurs répétitivement sans apprendre, accumulant la complexité à grande vitesse faute de bottlenecks humains Sans vision globale, les agents créent du cargo-cult : les "best practices" de l'industrie appliquées localement sans cohérence architecturale La croissance de la base de code dégrade la capacité des agents à retrouver le code existant → duplication et incohérences croissantes Il cite des pannes AWS et des initiatives qualité Microsoft comme signes préoccupants liés au code généré par IA Solution : réserver les agents aux tâches délimitées et évaluables, garder l'architecture, les APIs et les systèmes critiques écrits à la main Maintenir une revue de code rigoureuse et traiter les humains comme les gardiens finaux de la qualité On m'oblige à utiliser l'IA https://n.survol.fr/n/on-moblige-a-utiliser-lia Éric D. défend l'adoption obligatoire de l'IA comme décision stratégique légitime, comparable au choix du full remote ou de la stack technique Il distingue la décision stratégique (adoption IA) de la méthode d'accompagnement (qui reste collaborative et bienveillante) La compétence IA devient un critère de recrutement : chercher des candidats déjà curieux et explorateurs de ces outils L'alignement culturel sur les pratiques et outils est un prérequis à la cohésion d'équipe Le refus d'adopter certains outils stratégiques peut justifier de ne pas recruter un candidat autrement compétent Encore une metodo SPDD https://martinfowler.com/articles/structured-prompt-driven/ Problème : l'IA accélère le dev individuel mais amplifie ambiguïtés et incohérences à l'échelle d'une équipe. martinfowler SPDD : traiter les prompts comme des artefacts versionnés, révisables et réutilisables plutôt que des échanges jetables. martinfowler Canvas REASONS : 7 dimensions (Requirements, Entities, Approach, Structure, Operations, Norms, Safeguards) pour guider le LLM de l'intention à l'exécution. martinfowler Workflow en 6 étapes : exigences → analyse → contexte → prompt structuré → code → tests unitaires, chaque étape s'appuyant sur la précédente. martinfowler 3 compétences clés : abstraction d'abord, alignement de l'intention, revue itérative. martinfowler Limites : fort ROI sur du code métier complexe, peu adapté aux hotfixes urgents, scripts jetables ou travail créatif/visuel. m Sécurité Le projet Glasswing pour sécuriser les logiciels https://www.anthropic.com/glasswing Anthropic lance Glasswing, une initiative de cybersécurité utilisant Claude Mythos Preview pour identifier des vulnérabilités zero-day 12 partenaires fondateurs dont AWS, Apple, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft et NVIDIA Anthropic investit 100 millions de dollars en crédits de modèle et 4 millions en dons aux organisations de sécurité open source Le modèle opère avec une autonomie substantielle, identifiant des milliers de vulnérabilités dans les OS, navigateurs et infrastructures critiques Plus de 40 organisations supplémentaires ont accès pour scanner et sécuriser leurs systèmes Objectif : donner l'avantage aux défenseurs avant que les techniques de hacking assistées par IA ne se généralisent chez les attaquants LinkedIn vous espionne https://frenchbreaches.com/blog/linkedin-est-accuse-de-fouiller-dans-votre-ordinateur-illegalement Scandale "BrowserGate" : LinkedIn injecte du JavaScript qui tente de détecter les extensions Chrome installées sur votre navigateur Le script analysé contient une liste codée en dur de 6 222 extensions Chrome avec identifiants et chemins de fichiers internes Croissance alarmante de la liste ciblée : 38 extensions en 2017 → 461 en 2024 → ~1 000 en mai 2025 → 6 222 début 2026 Les données collectées incluent aussi CPU, RAM, résolution d'écran, timezone et état batterie pour du fingerprinting Certaines extensions ciblées sont liées à la neurodivergence, aux pratiques religieuses ou aux opinions politiques → violation grave du RGPD LinkedIn défend que le scan vise uniquement à détecter les extensions qui pratiquent le scraping de données Post mortem de la supply chain attack sur la librairie NPM axios https://github.com/axios/axios/issues/10636 Le 31 mars 2026, deux versions malveillantes d'axios (1.14.1 et 0.30.4) ont été publiées via un compte mainteneur compromis Vecteur d'attaque : RAT installé via ingénierie sociale ciblée sur la machine personnelle du mainteneur principal La 2FA ne protège pas si la machine de l'utilisateur est compromise : l'attaquant contrôle tout et peut agir comme l'utilisateur Les packages malveillants injectaient plain-crypto-js@4.2.1, un cheval de Troie multi-plateforme (macOS, Windows, Linux) Détection communautaire en ~3 heures, suppression par npm, mesures correctives : rotation complète des credentials Changements préventifs : publication via OIDC, releases immuables, amélioration des pratiques GitHub Actions Passbolt un gestionnaire de mots de passe open source https://lesjoiesducode.fr/passbolt-gestionnaire-de-mots-de-passe-gratuit-open-source-que-votre-equipe-merite-vraiment Gestionnaire de mots de passe open source conçu pour le partage d'identifiants en équipe, utilisé par plus de 50 000 organisations Chiffrement individuel par utilisateur et par version de credential, pas de coffre-fort partagé — architecture zero-knowledge "Forward secrecy" : quand un membre quitte l'équipe, ses copies chiffrées sont automatiquement révoquées sans reset manuel Supporte TOTP, clés SSH, tokens API et champs personnalisés avec piste d'audit complète de tous les accès Édition communautaire entièrement gratuite avec utilisateurs illimités, auto-hébergeable ou cloud Chiffrement OpenPGP nécessitant passphrase + clé privée, avec tokens visuels anti-phishing Loi, société et organisation Anthropic fait un don d'1,5 millions de dollars à la fondation Apache https://news.apache.org/foundation/entry/the-apache-software-foundation-announces-1-5m-donation-from-anthropic Anthropic donne 1,5 million de dollars à l'ASF pour soutenir l'infrastructure, la sécurité et la communauté open source Vitaly Gudanets (CISO d'Anthropic) : "Soutenir l'ASF est un investissement direct dans la résilience et l'intégrité des systèmes dont dépend l'IA moderne" Les fonds financeront les systèmes de build, les processus de sécurité et les services aux projets Apache Ce don est le déclencheur de l'initiative IA responsable à 10 millions de dollars de l'ASF L'infrastructure Apache est invisible mais critique : des systèmes financiers aux plateformes de santé, elle sous-tend l'écosystème logiciel mondial L'ASF lance l'initiative IA responsable https://news.apache.org/foundation/entry/the-apache-software-foundation-launches-10m-responsible-ai-initiative-with-initial-1-75m-donation L'ASF lance une initiative pour une IA responsable dotée d'un budget de 10 millions de dollars sur 3 ans minimum Anthropic est le premier donateur avec 1,5 million de dollars ; Alpha-Omega contribue 250 000 dollars L'initiative fournit aux projets Apache un accès à des modèles IA pour l'expérimentation et la sécurité Elle soutient l'ensemble de la chaîne IA/ML : pipelines de données, infrastructure, frameworks de deep learning Des tracks de conférences, hackathons et bourses de voyage sont prévus pour élargir la communauté Les principes directeurs incluent la supervision humaine, l'intégrité des licences et la sécurité open source Oracle vire 30000 personnes https://rollingout.com/2026/03/31/oracle-slashes-30000-jobs-with-a-cold-6/ Oracle licencie 20 000 à 30 000 employés, 18% de ses effectifs mondiaux. Les salariés ont appris leur licenciement par un simple email à 6h du matin, sans aucun préavis. L'accès à tous les systèmes (Slack, Zoom, badges) a été coupé immédiatement après. But : libérer 8 à 10 milliards de dollars pour construire des centres de données IA. Oracle a déjà contracté 50 milliards de dettes en 2026 pour financer ses projets IA. Paradoxe : l'entreprise affiche un bénéfice record de 6,13 milliards, mais ses liquidités sont dans le rouge. L'action Oracle a perdu plus de la moitié de sa valeur depuis septembre 2025. Et si l'IA n'était qu'un prétexte pour licencier https://eventuallycoding.com/p/ia-licenciements-et-si-l-intelligence-artificielle-n-etait-qu-une-excuse Hugo Lassiège (eventuallycoding) estime que les entreprises utilisent l'IA comme narratif commode pour masquer des erreurs de gestion passées (Block a triplé ses effectifs post-COVID sans croissance des revenus correspondante) Moins de 1% des licenciements technologiques seraient réellement dus à des gains de productivité IA selon les analyses citées Mesurer la productivité des développeurs reste un problème non résolu, mais les entreprises affirment des gains d'efficacité sans preuves Des pressions économiques réelles (inflation, guerres commerciales, coûts énergétiques) sont masquées derrière le discours IA Les restructurations nécessaires sont présentées comme des transformations AI-driven positives pour rassurer les investisseurs Il y voit une fenêtre d'opportunité pour l'Europe pendant que les géants américains se restructurent GitHub Copilot va utiliser les interacitons pour entrainer ses modèles sauf si vous vous délistez https://github.blog/news-insights/company-news/updates-to-github-copilot-interaction-data-usage-policy/ À partir du 24 avril 2026, GitHub utilise par défaut les interactions des utilisateurs Copilot Free, Pro et Pro+ pour entraîner ses modèles Les données collectées incluent le code accepté ou modifié, les snippets envoyés, les noms de fichiers et structures de dépôts, et les retours utilisateurs Les utilisateurs Copilot Business, Enterprise et les dépôts d'entreprise sont exclus de cette collecte de données d'entraînement Opt-out disponible dans les paramètres GitHub > "Privacy" ; les préférences de désactivation préalables sont conservées automatiquement Objectif déclaré : améliorer la précision des modèles sur les langages et cas d'usage du monde réel Grosse percée de Claude Code dans les commits sur GitHub https://aifoc.us/damn-claude-thats-a-lot-of-commits/ Explosion de Claude Code : En six mois, Claude Code est passé de 0,7 % à 4,5 % de tous les commits publics sur GitHub, surpassant tous les autres outils d'IA combinés. Adoption massive des agents IA : Environ 5 % des commits publics sur GitHub sont désormais générés par des agents IA, un chiffre en croissance rapide depuis fin 2025. Domination des bots sur GitHub : Au-delà des commits, les outils d'IA sont omniprésents dans la gestion des pull requests et des problèmes (Copilot et CodeRabbit notamment). Limites méthodologiques : Les données ne concernent que les dépôts publics (les entreprises utilisent massivement des dépôts privés, invisibles ici). Le comptage dépend fortement de la visibilité des signatures (certains outils comme Claude marquent systématiquement leurs commits, d'autres non) L'API de recherche GitHub présente une fiabilité variable à cette échelle. Changement de paradigme : Le développement logiciel vit une transition majeure, comparable au passage du desktop au mobile. L'intégration des agents IA dans le cycle de production n'est plus une expérimentation, mais une réalité opérationnelle à grande échelle. Dysmaths une application pour aider à apprendre les mathématiques et la géométrie lorsque l'on souffre de dyspraxie, dysgraphie https://dysmaths.com/ Application web pour aider les élèves de collège et lycée souffrant de dysgraphie et dyspraxie à faire des maths et de la géométrie Outils de dessin à main levée, géométrie précise (compas, rapporteur, règle) et opérations structurées (fractions, racines, puissances, symboles mathématiques) Export PDF et PNG avec conservation fidèle de l'échelle pour l'impression et la soumission des exercices Options d'accessibilité : police OpenDyslexic, personnalisations d'interface, import d'images et de PDFs Répond à un besoin réel : les outils standards ne sont pas adaptés aux difficultés de coordination et d'organisation spatiale en mathématiques IA ou réalité ? Par Amistory https://www.youtube.com/watch?v=PPYdAhBBF2I L'IA génère des contenus (images, voix, vidéos) de plus en plus indétectables Les arnaques au clonage de voix et deepfakes sont en forte hausse Les faux contenus viraux manipulent l'opinion à grande échelle Le faux n'est plus un accident, c'est devenu un système organisé La société entre dans une ère de doute généralisé sur le réel Comment s'informer quand le réel lui-même peut être simulé ? Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 6-7 mai 2026 : Devoxx UK 2026 - London (UK) 12 mai 2026 : Lead Innovation Day - Leadership Edition - Paris (France) 12-13 mai 2026 : Lyon Craft - Lyon (France) 19 mai 2026 : La Product Conf Paris 2026 - Paris (France) 19-20 mai 2026 : Green Code Challenge - Paris (France) 21-22 mai 2026 : Flupa UX Days 2026 - Paris (France) 22 mai 2026 : AFUP Day 2026 Lille - Lille (France) 22 mai 2026 : AFUP Day 2026 Paris - Paris (France) 22 mai 2026 : AFUP Day 2026 Bordeaux - Bordeaux (France) 22 mai 2026 : AFUP Day 2026 Lyon - Lyon (France) 27 mai 2026 : aMP Day Strasbourg 2026 - Strasbourg (France) 28 mai 2026 : DevCon 27 : I.A. & Vibe Coding - Paris (France) 28 mai 2026 : Cloud Toulouse 2026 - Toulouse (France) 29 mai 2026 : NG Baguette Conf 2026 - Paris (France) 29 mai 2026 : Agile Tour Strasbourg 2026 - Strasbourg (France) 2-3 juin 2026 : Agile Tour Rennes 2026 - Rennes (France) 2-3 juin 2026 : OW2Con - Paris-Châtillon (France) 3 juin 2026 : IA–NA - La Rochelle (France) 4 juin 2026 : Workplace Intelligence Days - 1ère édition - Lyon (France) 5 juin 2026 : TechReady - Nantes (France) 5 juin 2026 : Fork it! - Rouen - Rouen (France) 6 juin 2026 : Polycloud - Montpellier (France) 9 juin 2026 : JFTL - Montrouge (France) 9 juin 2026 : C: - Caen (France) 9 juin 2026 : France API 2026 - Paris (France) 11-12 juin 2026 : DevQuest Niort - Niort (France) 11-12 juin 2026 : DevLille 2026 - Lille (France) 12 juin 2026 : Tech F'Est 2026 - Nancy (France) 15 juin 2026 : Jupyter Workshops: Demystifying MyST Markdown in Education - Orsay (France) 16 juin 2026 : Mobilis In Mobile 2026 - Nantes (France) 17-19 juin 2026 : Devoxx Poland - Krakow (Poland) 17-20 juin 2026 : VivaTech - Paris (France) 18 juin 2026 : Tech'Work - Lyon (France) 22-26 juin 2026 : Galaxy Community Conference - Clermont-Ferrand (France) 23-24 juin 2026 : MWCP 2026 - Paris (France) 24-25 juin 2026 : Agi'Lille 2026 - Lille (France) 24-26 juin 2026 : BreizhCamp 2026 - Rennes (France) 25-26 juin 2026 : Agile Tour Toulouse 2026 - Toulouse (France) 27 juin 2026 : Asynconf - Paris (France) 2 juillet 2026 : Azur Tech Summer 2026 - Valbonne (France) 2-3 juillet 2026 : Sunny Tech - Montpellier (France) 3 juillet 2026 : Agile Lyon 2026 - Lyon (France) 6-8 juillet 2026 : Riviera Dev - Sophia Antipolis (France) 28-30 août 2026 : State of the Map - Champs-sur-Marne (France) 4 septembre 2026 : JUG Summer Camp 2026 - La Rochelle (France) 10-11 septembre 2026 : Nantes Craft - Nantes (France) 17 septembre 2026 : dotAI - Paris (France) 17-18 septembre 2026 : API Platform Conference 2026 - Lille (France) 18 septembre 2026 : dotJS - Paris (France) 18 septembre 2026 : WordCamp Bretagne - Rennes (France) 22 septembre 2026 : Salon Data 2026 - Nantes (France) 22-23 septembre 2026 : Agile en Seine & IA 2026 - Paris (France) 24 septembre 2026 : OWASP AppSec Days France 2026 - Paris (France) 24 septembre 2026 : PlatformCon Paris - Paris (France) 24 septembre 2026 : React Native Connection 2026 - Paris (France) 24-26 septembre 2026 : Paris Web 2026 - Paris (France) 28-29 septembre 2026 : 4th Tech Summit on AI & Robotics - Paris (France) & Online 1 octobre 2026 : WAX 2026 - Marseille (France) 1-2 octobre 2026 : Volcamp - Clermont-Ferrand (France) 2 octobre 2026 : DevFest Perros-Guirec 2026 - Perros-Guirec (France) 5-9 octobre 2026 : Devoxx Belgium - Antwerp (Belgium) 12 octobre 2026 : Dev With AI - Paris (France) 27-29 octobre 2026 : Directions EMEA 2026 - Paris (France) 29-30 octobre 2026 : BDX I/O 2026 - Bordeaux (France) 30 octobre 2026 : Cloud Nord 2026 - Lille (France) 4-5 novembre 2026 : Devoxx Morocco - Casablanca (Morocco) 14-15 novembre 2026 : Capitole du Libre - Toulouse (France) 19 novembre 2026 : DevFest Toulouse 2026 - Toulouse (France) 27 novembre 2026 : DevFest Paris 2026 - Paris (France) 1-3 décembre 2026 : Apidays Paris - Paris (France) 4 décembre 2026 : DevFest Lyon 2026 - Lyon (France) 4 décembre 2026 : DevFest Dijon 2026 - Dijon (France) 9-10 décembre 2026 : OpenSource Expérience - Paris (France) 9-10 décembre 2026 : DevOps REX - Paris (France) 10 décembre 2026 : KCD Provence - Aix-en-Provence (France) 7-9 avril 2027 : Devoxx France 2027 - Paris (France) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via X/twitter https://twitter.com/lescastcodeurs ou Bluesky https://bsky.app/profile/lescastcodeurs.com Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

PHP Podcast – April 30, 2026 Hosts: Eric Van Johnson & John Congdon Another fun episode of the PHP Podcast! Here’s what we covered: The Drone Slayer Strikes Eric and John wrapped up a Padres game at beautiful Petco Park in downtown San Diego — and things got weird on the way out. A rogue drone started buzzing around a busy intersection, lingering on a guy on a scooter, before making a fateful attempt to fly in front of Eric’s car. It did not make it. The controller came running out, Eric kept driving, and John has already dubbed him “the drone slayer.” Eric still hasn’t looked at whether his wife’s car got scratched, which feels like the bravest choice of all. Baseball Week Never Ends The reason today’s episode started an hour early? Baseball. John’s week was wall-to-wall: a Tuesday night little league game, the Padres game with Eric on Wednesday, practice Thursday night, the playoff draft reveal Friday, a little league game Saturday, and another Padres game Sunday. Eric pointed out John was wearing his own last name on a jersey to a Padres game, which opened up a whole sidebar on why anyone buys a $200 jersey with a player’s name on it when players change teams every two years anyway. Walking Pneumonia and the Power of the Right Antibiotic John’s week was also scrambled because his son had been diagnosed with regular pneumonia — but after not getting better, a second doctor visit revealed it was actually atypical (walking) pneumonia, which requires a completely different antibiotic. Once on the correct medication, his son bounced back almost immediately. The kid had been pushing himself trying to feel well enough for sixth grade camp, but there’s really no faking it with the wrong treatment. The Archie Situation — AI Standups Gone Sideways Eric has had a rough stretch after Anthropic shut down OpenClaw, the platform that powered their internal Discord bot Archie (a.k.a. Alfred). Archie had been running daily team standups, generating weekly summaries, letting team members tag it with updates throughout the day, and even setting reminders. Everyone got spoiled by it. Since then, attempts to migrate to Ollama — both locally and through the web service — have been plagued by slow response times and dropped messages. Eric is close to pulling the plug and going back to the old manual method, and he’s not happy about it. Claude SSH’d Into Eric’s Server and Fixed Everything For weeks, Eric had been fighting a broken Postiz Docker container — a self-hosted social media scheduling tool he uses to post across platforms. After updates broke it and multiple attempts at a fresh install still left it broken, he dropped the problem in Claude’s lap and explained the whole situation. Claude asked for permission to SSH into the remote server on Eric’s Tailscale network, and Eric said sure. Thirty minutes later, Claude had identified the culprit — a Temporal workflow engine losing its configuration on restart — wrote a fix script, configured the service to reconfigure properly on boot, and even set up a cron job to restart the container on reboot. Eric’s still trying to find that chat to review exactly what it did, but the service is running. GitHub is Getting Hammered by AI Agents GitHub has had a rough patch of outages, and the numbers tell the story: 20 million new repos per month, 1.4 billion commits, 90 million pull requests — with a dramatic spike right at the start of 2026. Part of the culprit? AI agents being unleashed on codebases to automatically open pull requests from backlog tickets. Eric has a client doing exactly this, and while it sounds impressive from the owner’s perspective (“look at all this work getting done!”), the developers on the ground report that a high percentage of those AI-generated PRs require significant human correction before they’re anywhere close to mergeable. The comparison to Reddit’s early explosion — and the one engineer who basically didn’t sleep for two years — felt pretty apt. The GitHub Security Vulnerability Nobody Talked About As if the outages weren’t enough, GitHub quietly disclosed a serious security vulnerability: a specially crafted git push — using malformed options in the push metadata — could allow arbitrary code execution on GitHub’s own servers. Eric had to dig to find the blog post because GitHub was not exactly shouting about it. To their credit, they state that their investigation found no evidence the vulnerability was ever exploited in the wild. But knowing that a specific sequence of bytes in a git push could have handed someone the keys to GitHub’s servers is genuinely unsettling. The Creator of Ghosty Is Leaving GitHub Mitchell Hashimoto — creator of the Ghostty terminal and formerly of HashiCorp — announced he’s leaving GitHub, where he’s been a user since 2008 (user #1299). This comes shortly after the Zig programming language made the same move, also citing reliability concerns. Eric was mildly skeptical of the “announcing I’m leaving” genre of posts, pointing out that GitHub doesn’t especially need your permission to stop using it. Notably, Hashimoto’s post doesn’t say what he plans to use instead. John joined GitHub in 2009, which led to a fun live expedition through his commit history — turns out he got serious about coding right around July 2013, roughly when DiegoDev landed its first client. Update Composer. Like, Right Now. PHP developers tend to set Composer up and forget about it — but there’s been a serious security vulnerability patched in a recent release that you absolutely want. The fix is simple: just run composer self-update. It updates in place and keeps a rollback copy in case anything breaks. While you’re at it, if you have global Composer packages installed, run composer global update to catch those too. Eric noted that Composer should really warn you when you’re significantly behind versions, the way Claude Code does. Until it does, just make a habit of it. Linux Kernel Exploit — Patch Your Servers A CVE was shared in the phparch Discord that affects Ubuntu, Amazon Linux, and Red Hat: a Linux kernel exploit that lets an attacker gain root access with a remarkably small payload — around 732 bytes targeting setuid. It’s a good reminder that the old sysadmin badge of honor (“my server has 5-year uptime, never rebooted”) is the wrong mentality now. With tools like Terraform and infrastructure-as-code, spinning up a freshly patched machine is the move. Keep your operating systems current, especially Linux servers running in production. Holly Built a PHP Tek App — And It’s Already Good Community member Holly built a native attendee app for PHP Tek, available now in beta on iOS (via TestFlight) and Android. You can browse the schedule, select the talks you want to attend, and it’ll warn you if two of your picks are in conflict — a “merge conflict,” as Eric put it. Best of all, it sends push notifications when sessions you’ve favorited get moved or rescheduled, which happens constantly at tech conferences. Eric’s wife installed it without being told anything about it and figured it out on her own — about as good a usability test as you can get. The app is built natively in Swift and Kotlin. Be kind to Holly — this is a gift to the community. PHP Tek in 19 Days + New PHP Architect Merch PHP Tek is nearly here — 19 days out in Chicago. A brand new PHP Architect elephant is coming (tentatively named Holly, after a live-stream vote). Eric also walked through new merch at store.phparch.com: a v-neck version of the classic rainbow PHP Architect shirt, and his personal labor of love — the “I have standards, specifically PSR 0, 1” tee — which he admits has sold exactly zero copies. If the hotel room block is sold out by the time you read this, reach out to the team directly and they’ll see what they can do. Links from the show: Postiz — Open Source Social Media Scheduling GitHub Security Advisory: Remote Code Execution via Git Push Options PHP Tek 2026 — Chicago PHP Architect Store PHP Architect Discord An update on GitHub availability Migrating from GitHub to Codeberg Ghostty Is Leaving GitHub Securing the git push pipeline: Responding to a critical remote code execution vulnerability Composer 2.9.6 fixes Perforce Driver Command Injection Vulnerabilities (CVE-2026-40261, CVE-2026-40176) Copy Fail: 732 Bytes to Root on Every Major Linux Distribution. Host: Eric Van Johnson X: @shocm Mastodon: @eric@phparch.social Bluesky: @ericvanjohnson.bsky.social PHPArch.me: @eric John Congdon X: @johncongdon Mastodon: @john@phparch.social Bluesky: @johncongdon.bsky.social PHPArch.me: @john Streams: Youtube Channel Twitch Connect & Hire PHP Architect Website Twitter/X Mastodon Hire PHP Developers Looking to hire PHP developers? Email support@phparch.com – Joe and the team are available for consulting, infrastructure work, Ansible playbooks, and code review. Partner This podcast is made a little better thanks to our partners Displace Infrastructure Management, Simplified Automate Kubernetes deployments across any cloud provider or bare metal with a single command. Deploy, manage, and scale your infrastructure with ease. https://displace.tech/ PHPScore Put Your Technical Debt on Autopay with PHPScore CodeRabbit Cut code review time & bugs in half instantly with CodeRabbit. Music Provided by Epidemic Sound https://www.epidemicsound.com/ Join Us Live Next Week Youtube Channel Got feedback? Join us on Discord at discord.phparch.com The post The PHP Podcast 2026.04.30 appeared first on PHP Architect.

Curious about what really goes on inside a cloud data center?   In this episode, Lois Houston and Nikita Abraham dive into how cloud data centers are transforming the way organizations manage technology. They explore the differences between traditional and cloud data centers, the roles of CPUs, GPUs, and RAM, and why operating systems and remote access matter more than ever.   Cloud Tech Jumpstart: https://mylearn.oracle.com/ou/course/cloud-tech-jumpstart/152992 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, Anna Hulkower, Radhika Banka, and the OU Studio Team for helping us create this episode.   --------------------------------------------------------   Episode Transcript:   00:00 Hi there! We're hitting rewind for the next few weeks and bringing back some of our most popular episodes. So, sit back and enjoy these highlights from our archive. 00:12 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:37 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services.   Nikita: Hi everyone! Today, we're covering the fundamentals you need to be successful in a cloud environment. If you're new to cloud, coming from a SaaS environment, or planning to move from on-premises to the cloud, you won't want to miss this. With us today is Orlando Gentil, Principal OCI Instructor at Oracle University. Hi Orlando! Thanks for joining us.   01:13 Lois: So Orlando, we know that Oracle has been a pioneer of cloud technologies and has been pivotal in shaping modern cloud data centers, which are different from traditional data centers. For our listeners who might be new to this, could you tell us what a traditional data center is?  Orlando: A traditional data center is a physical facility that houses an organization's mission critical IT infrastructure, including servers, storage systems, and networking equipment, all managed on site.   01:44 Nikita: So why would anyone want to use a cloud data center?  Orlando: The traditional model requires significant upfront investment in physical hardware, which you are then responsible for maintaining along with the underlying infrastructure like physical security, HVAC, backup power, and communication links.  In contrast, cloud data centers offer a more agile approach. You essentially rent the infrastructure you need, paying only for what you use. In the traditional data center, scaling resources up and down can be a slow and complex process.  On cloud data centers, scaling is automated and elastic, allowing resources to adjust dynamically based on demand. This shift allows business to move their focus from the constant upkeep of infrastructure to innovation and growth.  The move represents a shift from maintenance to momentum, enabling optimized costs and efficient scaling. This fundamental shift is how IT infrastructure is managed and consumed, and precisely what we mean by moving to the cloud.  02:52 Lois: So, when we talk about moving to the cloud, what does it really mean for businesses today?  Orlando: Moving to the cloud represents the strategic transition from managing your own on-premise hardware and software to leveraging internet-based computing services provided by a third-party.  This involves migrating your applications, data, and IT operations to a cloud environment. This transition typically aims to reduce operational overhead, increase flexibility, and enhance scalability, allowing organizations to focus more on their core business functions.    03:29 Nikita: Orlando, what's the "brain" behind all this technology?  Orlando: A CPU or Central Processing Unit is the primary component that performs most of the processing inside the computer or server. It performs calculations handling the complex mathematics and logic that drive all applications and software.  It processes instructions, running tasks, and operations in the background that are essential for any application. A CPU is critical for performance, as it directly impacts the overall speed and efficiency of the data center.  It also manages system activities, coordinating user input, various application tasks, and the flow of data throughout the system. Ultimately, the CPU drives data center workloads from basic server operations to powering cutting edge AI applications.  04:23 Lois: To better understand how a CPU achieves these functions and processes information so efficiently, I think it's important for us to grasp its fundamental architecture. Can you briefly explain the fundamental architecture of a CPU, Orlando?  Orlando: When discussing CPUs, you will often hear about sockets, cores, and threads. A socket refers to the physical connection on the motherboard where a CPU chip is installed.  A single server motherboard can have one or more sockets, each holding a CPU. A core is an independent processing unit within a CPU. Modern CPUs often have multiple cores, enabling them to handle several instructions simultaneously, thus increasing processing power.  Think of it as having multiple mini CPUs on a single chip. Threads are virtual components that allow a single CPU core to handle multiple sequence of instructions or threads concurrently. This technology, often called hyperthreading, makes a single core appear as two logical processors to the operating system, further enhancing efficiency.  05:39 Lois: Ok. And how do CPUs process commands?  Orlando: Beyond these internal components, CPUs are also designed based on different instruction set architectures which dictate how they process commands.   CPU architectures are primarily categorized in two designs-- Complex Instruction Set Computer or CISC and Reduced Instruction Set Computer or RISC. CISC processors are designed to execute complex instructions in a single step, which can reduce the number of instructions needed for a task, but often leads to a higher power consumption. These are commonly found in traditional Intel and AMD CPUs.  In contrast, RISC processors use a simpler, more streamlined set of instructions. While this might require more steps for a complex task, each step is faster and more energy efficient. This architecture is prevalent in ARM-based CPUs.  06:47 Are you looking to boost your expertise in enterprise AI? Check out the Oracle AI Agent Studio for Fusion Applications Developers course and professional certification, now available through Oracle University. This course helps you build, customize, and deploy AI Agents for Fusion HCM, SCM, and CX, with hands-on labs and real-world case studies. Ready to set yourself apart with in-demand skills and a professional credential? Learn more and get started today! Visit mylearn.oracle.com for more details.     07:22 Nikita: Welcome back! We were discussing CISC and RISC processors. So Orlando, where are they typically deployed? Are there any specific computing environments and use cases where they excel?  Orlando: On the CISC side, you will find them powering enterprise virtualization and server workloads, such as bare metal hypervisors in large databases where complex instructions can be efficiently processed. High performance computing that includes demanding simulations, intricate analysis, and many traditional machine learning systems.  Enterprise software suites and business applications like ERP, CRM, and other complex enterprise systems that benefit from fewer steps per instruction. Conversely, RISC architectures are often preferred for cloud-native workloads such as Kubernetes clusters, where simpler, faster instructions and energy efficiency are paramount for distributed computing.  Mobile device management and edge computing, including cell phones and IoT devices where power efficiency and compact design are critical. Cost optimized cloud hosting supporting distributed workloads where the cumulative energy savings and simpler design lead to more economical operations.  The choice between CISC and RISC depends heavily on the specific workload and performance requirements. While CPUs are versatile generalists, handling a broad range of tasks, modern data centers also heavily rely on another crucial processing unit for specialized workloads.  09:07 Lois: We've spoken a lot about CPUs, but our conversation would be incomplete without understanding what a Graphics Processing Unit is and why it's important. What can you tell us about GPUs, Orlando?  Orlando: A GPU or Graphics Processing Unit is distinct from a CPU. While the CPU is a generalist excelling at sequential processing and managing a wide variety of tasks, the GPU is a specialist.  It is designed specifically for parallel compute heavy tasks. This means it can perform many calculations simultaneously, making it incredibly efficient for workloads like rendering graphics, scientific simulations, and especially in areas like machine learning and artificial intelligence, where massive parallel computation is required.  In the modern data center, GPUs are increasingly vital for accelerating these specialized, data intensive workloads.   10:11 Nikita: Besides the CPU and GPU, there's another key component that collaborates with these processors to facilitate efficient data access. What role does Random Access Memory play in all of this?  Orlando: The core function of RAM is to provide faster access to information in use. Imagine your computer or server needing to retrieve data from a long-term storage device, like a hard drive. This process can be relatively slow.  RAM acts as a temporary high-speed buffer. When your CPU or GPU needs data, it first checks RAM. If the data is there, it can be accessed almost instantaneously, significantly speeding up operations.  This rapid access to frequently used data and programming instructions is what allows applications to run smoothly and systems to respond quickly, making RAM a critical factor in overall data center performance.  While RAM provides quick access to active data, it's volatile, meaning data is lost when power is off, or persistent data storage, the information that needs to remain available even after a system shut down.   11:26 Nikita: Let's now talk about operating systems in cloud data centers and how they help everything run smoothly. Orlando, can you give us a quick refresher on what an operating system is, and why it is important for computing devices?  Orlando: At its core, an operating system, or OS, is the fundamental software that manages all the hardware and software resources on a computer. Think of it as a central nervous system that allows everything else to function.  It performs several critical tasks, including managing memory, deciding which programs get access to memory and when, managing processes, allocating CPU time to different tasks and applications, managing files, organizing data on storage devices, handling input and output, facilitate communication between the computer and its peripherals, like keyboards, mice, and displays. And perhaps, most importantly, it provides the user interface that allows us to interact with the computer.  12:31 Lois: Can you give us a few examples of common operating systems?  Orlando: Common operating system examples you are likely familiar with include Microsoft Windows and MacOS for personal computers, iOS and Android for mobile devices, and various distributions of Linux, which are incredibly prevalent in servers and increasingly in cloud environments.  12:54 Lois: And how are these operating systems specifically utilized within the demanding environment of cloud data centers?  Orlando: The two dominant operating systems in data centers are Linux and Windows. Linux is further categorized into enterprise distributions, such as Oracle Linux or SUSE Linux Enterprise Server, which offer commercial support and stability, and community distributions, like Ubuntu and CentOS, which are developed and maintained by communities and are often free to use.  On the other side, we have Windows, primarily represented by Windows Server, which is Microsoft's server operating system known for its robust features and integration with other Microsoft products. While both Linux and Windows are powerful operating systems, their licensing modes can differ significantly, which is a crucial factor to consider when deploying them in a data center environment.  13:55 Nikita: In what way do the licensing models differ?  Orlando: When we talk about licensing, the differences between Linux and Windows become quite apparent. For Linux, Enterprise Distributions come with associated support fees, which can be bundled into the initial cost or priced separately. These fees provide access to professional support and updates. On the other hand, Community Distributions are typically free of charge, with some providers offering basic community-driven support.  Windows server, in contrast, is a commercial product. Its license cost is generally included in the instance cost when using cloud providers or purchased directly for on-premise deployments. It's also worth noting that some cloud providers offer a bring your own license, or BYOL program, allowing organizations to use their existing Windows licenses in the cloud, which can sometimes provide cost efficiencies.  14:58 Nikita: Beyond choosing an operating system, are there any other important aspects of data center management?  Orlando: Another critical aspect of data center management is how you remotely access and interact with your servers. Remote access is fundamental for managing servers in a data center, as you are rarely physically sitting in front of them. The two primary methods that we use are SSH, or secure shell, and RDP, remote desktop.  Secure shell is widely used for secure command line access for Linux servers. It provides an encrypted connection, allowing you to execute commands, transfer files, and manage your servers securely from a remote location. The remote desktop protocol is predominantly used for graphical remote access to Windows servers. RDP allows you to see and interact with the server's desktop interface, just as if you were sitting directly in front of it, making it ideal for tasks that require a graphical user interface.  16:06 Lois: Thank you so much, Orlando, for shedding light on this topic.    Nikita: Yeah, that's a wrap for today! To learn more about what we discussed, head over to mylearn.oracle.com and search for the Cloud Tech Jumpstart course. In our next episode, we'll take a close look at how data is stored and managed. Until then, this is Nikita Abraham…   Lois: And Lois Houston, signing off!   16:28 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

Hey, Alex here, I'll try to catch you up, but it's one of the more intense weeks in AI in recent memory. Here's the TL;DR - OpenAI dominates across the board this week! Finally launches “spud”, called it GPT 5.5 (and 5.5 Pro), and it's SOTA on most things,nearly matching the mysterious Claude Mythos but released and we can actually use it (we tested it extensively). OpenAI also took the crown in image generate with the incredible GPT-image-v2 release, beating Nano Banana 2 and pro by a significant margin, the images are incredible, this model can generate working QR codes and 360 images it's quite bonkers. Codex was updated with Computer Use (which I told you about last week), in-app browser and a bunch of other tools that match GPT 5.5 intelligence. Meanwhile, Anthropic launched an incredible research preview of Claude Design, finally admitted that Claude was dumb and reset quotas across the board, while breaking the trust of the community with removing Claude code from the pro plan. We've also got great open source updates, Kimi K2.6 and Qwen 3.6 27B are both great performers! We were live on the stream for almost 4 hours today waiting for GPT 5.5 and finally got it and tested it live on the show + had Peter Gostev on from Arena who had early access and shared with us his insights. Let's get into it! ThursdAI - Highest signal weekly AI news show is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.OpenAI's GPT 5.5 is here - SOTA AI intelligence you can actually use (Release Blog)OpenAI finally gave us all access to their latest intelligence boost, GPT 5.5 thinking (and GPT 5.5 Pro). These models take the crown across many benchmarks, including TerminalBench (82.7%), GPDval (84%) and more. You can see the highlited versions on the image above. Though, its not uncommon for OpenAI to do some chart crimes, so @d4m1n created a chart that also showed the full benchmarks, including the ones GPT 5.5 is not beating Opus at, as you can see below, it underperforms on Humanity's Last Exam, and scaled tool use. But, benchmarks don't tell the full story. GPT 5.5 uses significantly less tokens, compared to 5.4, about 40% less. It's also more expensive, but given the lower token usage, it nets out at about ~20% price increase, while being more intelligence and faster. Tons of folks who had early access are reporting the same things, this model excels in long running tasks, Peter Gostev from Arena, who joined our live stream, showed us an incredible demo that ran overnight for over 8h! This model can work until the task is done, no longer just pausing in the middel asking for your input. The real highlight is, paired with the recent GPT-image-2 (which I'll expand on later in this newsletter), GPT 5.5 becomes an excellent UI designer. This is a big area in which Claude still has moat and OpenAI is trying to catch up here, and the real alpha now is to use both the Image gen and 5.5 in tandem to create beautiful visuals and UIs. The main thing is, after testing it quite a few times, this only works if you generate an image outside of the session that builds the actual UI. we tried a couple of times to do it in 1 session, and the resulting UI doesn't seem to be remotely close to the generated image. Only after sending this image to a completely fresh session and asking for a “pixel perfect” implementation, did GPT 5.5 start to resemble the input image and rebuild the whole ui in pixel perfect fidelity! GPT Image v2 - SOTA thinking image model, finally beating Nano Banana (Blog, Live)Like we said, OpenAI is dominating this week, and in both instances those are great models. Though, apples to apples comparison, GPT-image-v2 is a much higher jump — from previous models — than GPT 5.5! According to Artificial Analysis, the jump in how many people prefer GPT-image-2 in blind tests compared to other model is the higest we've ever seen, over 250 points. And you can clearly see it in the generations as well. Previously this week, we did a live streaming session with Peter Gostev (from Arena) and we did a deep dive comparing this new model to GPT Image 1.5, Nano Banana and Grok Imagine, and it's a clear winner across most categories.Character consistency is immaculate, high resolution imagery, instruction following, are all so so good it's a bit hard to explain in text. Reasoning visual intelligence Like with Nano Banana, this model is likely based on a big GPT image, it's no longer just diffusion, as you can see, it reasons! And apparently the more reasoning you give it (if you choose GPT pro) the better it'll be. The examples are indeed wild, the model can generate images of code that works, generate functional QR codes and bar codes! The craziest thing people figured out it can do, is functional 360 imagery (equirectangular format), you can just ask the model to create a 360 image of “scene” and then drop this in to a 360 viewer! Peter shows us on the show how he combined GPT 5.5 and Image v2 to create a sort of “street view” from a bunch of 360 images, it blew our minds. He literally spun up an overnight GPT 5.5 task in Codex that planned out the hanging gardens of Babylon, generated hundreds of equirectangular images, stitched them into a walkable interface, and had it running 8+ hours without babysitting. A street view of a place we don't actually know what it looked like, hallucinated from latent space. What a time.Day one availability is wide: Figma, Canva, Adobe Firefly, fal.ai, and Microsoft Foundry all have it. Nano Banana dominated for what felt like an eternity in AI time (it was really only a few months

We all have data to rescue, you just don't realize it yet. This week we build our own custom live rescue distros, recover real data, and show you how to make your own.Sponsored By:Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.Support LINUX UnpluggedLinks:

Recorded April 14th, 2026. A public talk by Gabi Lombardo (European Alliance for Social Sciences and Humanities) organised jointly by the Social Sciences and Humanities Working Group of the Coimbra Group, Trinity Global and the Trinity Long Room Hub. As negotiations for the next Horizon Europe Framework Programme (2028-2034) proceed, the EU must broaden its research priorities beyond economic output and tech-driven competitiveness to include the social dimension of progress. A more inclusive and sustainable research strategy is necessary to address the complex challenges that Europe faces and to secure its social model and global competitiveness. This workshop will explore the debate around the contribution of the research community of social sciences and humanities into the design of European funding - to align EU research with citizen needs and democratic values, and better inform public policies and drive economic growth. About the speaker: Gabi Lombardo (PhD LSE), is Director of the European Alliance for SSH one of the largest advocacy and science policy organizations in Europe. EASSH advocates for an evidence-based approach to policy-making, and researchers' inclusion in funding design. High-level experience in science policy research and implementation working in international organisations like London School of Economics, European Research Council and Science Europe. She is a member of the CoARA Steering Board and other organisations' steering boards. She's an evaluator for the EU, World Bank, and COST. Gabi received the Young Academy of Europe Prize in 2018. Learn more at www.tcd.ie/trinitylongroomhub

Is it time to replace GitHub in our workflow? We git into it. Plus, our favorite features in the new Linux 7.0 release.Sponsored By:Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!Managed Nebula: Meet Managed Nebula from Defined Networking. A decentralized VPN built on the open-source Nebula platform that we love.Support LINUX UnpluggedLinks:

When you fire up Claude Code, Cursor, or any AI coding agent, it launches with your full system permissions, your SSH keys, cloud credentials, browser passwords, every file on your machine. Most developers never think twice about it.Luke Hinds did. And then he built something about it.Luke is the creator of Sigstore, the cryptographic signing infrastructure now used by PyPI, Homebrew, GitHub, and Google as the industry standard for software supply chain security. In this episode, he joins Chris to talk about why he's watching the industry make the exact same mistake it made a decade ago, and what he built to try to stop it.We cover the full picture: why application-layer guardrails and system prompts fundamentally fail as security boundaries for AI agents (and what kernel-level enforcement actually means), the .md file as an emerging control plane attack surface, the OpenClaw wake-up call and what the skills marketplace ecosystem gets structurally wrong about trust and provenance, the approval fatigue problem and Anthropic's 17% false negative rate on Claude Code's auto-mode classifier, extending SLSA and Sigstore attestation frameworks to AI-generated code, and why LLM-as-a-judge may not be the silver bullet many are hoping for.Luke also makes a broader argument about where this is all heading — volumes of AI-generated code growing faster than human capacity to review it, junior engineers being priced out of the industry, and an aging cohort of engineers who can actually read and reason about code at depth. It's a candid, technically grounded conversation from someone who's been in open source security for 20+ years and has seen this movie before.nono is at nono.sh, one line to install, one line to run. No excuse not to

Join hosts Lois Houston and Nikita Abraham as they explore one of the most exciting innovations in enterprise AI: Retrieval Augmented Generation (RAG) powered by Oracle AI Vector Search. In this episode, Senior Principal APEX & Apps Dev Instructor Brent Dayley walks through the fundamentals of RAG, explaining how it combines Oracle Database 23ai, vector embeddings, and large language models to deliver accurate, context-rich answers from both business and unstructured data. Discover the typical RAG workflow, practical setup steps on Oracle Cloud Infrastructure, and how to work with embedding models for real-world applications.   Oracle AI Vector Search Deep Dive: https://mylearn.oracle.com/ou/course/oracle-ai-vector-search-deep-dive/144706/ Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, Anna Hulkower, Kris-Ann Nansen, and the OU Studio Team for helping us create this episode.   Please note, this episode was recorded before Oracle AI Database 26ai replaced Oracle Database 23ai. However, all concepts and features discussed remain fully relevant to the latest release.   ----------------------------------------------   Episode Transcript 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:26 Nikita: Welcome to the Oracle University Podcast! I'm Nikita Abraham, Team Lead: Editorial Services with Oracle University, and joining me is Lois Houston, Director of Communications and Adoption Programs with Customer Success Services. Lois: Hi everyone! If you've been with us this season, you'll know we've already covered a lot about Oracle AI Vector Search. In Episode 1, we introduced the core concepts—how vectors let you search by meaning, not just keywords, and how embedding models translate your unstructured data into a searchable format inside Oracle Database 23ai.  Nikita: Then, in Episode 2, we took a deeper dive into how these vectors are actually stored and managed. We explored the different types of vector indexes, similarity metrics, and best practices for designing and optimizing your database for semantic search.  Lois: Right. Today, we're shifting gears into one of the most exciting real-world applications: Retrieval Augmented Generation, or RAG. You'll learn how RAG combines the power of Oracle AI Vector Search with large language models to answer natural language questions using both business and unstructured data.  01:39 Nikita: We'll walk through the workflow, highlight why Oracle Database is uniquely suited for RAG, and give you the essential steps to get started. Back again is Senior Principal APEX & Apps Dev Instructor Brent Dayley. Hi Brent! Could you explain what RAG is, and why it's important for working with AI and large language models? Brent: Well, RAG stands for Retrieval Augmented Generation. And this is a technique that allows us to enhance the capabilities of large language models, also known as LLMs, and this provides them with relevant context from external knowledge sources. This will allow the LLMs to generate more accurate, informative, and context-aware responses. Real world applications include answering questions, chatbot development, content summarization, and knowledge discovery.  02:35 Lois: Brent, what makes Oracle Database 23ai a good platform for implementing RAG workflows? Brent: Now, there are some key advantages of using Oracle Database 23ai as a RAG platform. These include native functionality, allowing built-in tools and packages specifically designed for RAG pipeline development.  Also, if you are a PL/SQL developer, then this will allow you to develop within a familiar and robust database environment. Also, Oracle has a plethora of security and performance tools. And this ensures enhanced security and optimized performance.  03:18 Nikita: What does a typical RAG workflow look like in Oracle Database 23ai? What are the main steps involved? Brent: Now, the primary workflow steps are going to be to generate vector embeddings from your unstructured data. You do this using vector embedding models. And you can generate those embeddings either inside or outside of the database.  Next, you need to store the vector embeddings, the unstructured data, and the relational business data, and you can store all of that in the Oracle Database. You might want to also create vector indexes that can allow you to run similarity searches over huge vector spaces with really good performance.  Finally, you need to query data with similarity searches. You can use Oracle AI Vector Search native SQL operations to combine similarity with relational searches to retrieve relevant data. And optionally, you can generate a prompt and send it to a large language model for full RAG inference.  04:30 Lois: Can you give us an example of how this workflow operates in practice? Brent: A user's natural language question is encoded as a vector and sent to AI Vector Search. Next, AI vector search finds private content, such as documents, that are stored in the database, and those will match the user's question. The content is then sent to Oracle's GenAI service to help answer the user's question. And then GenAI uses the content plus general knowledge to provide an informed answer back to the user.  05:14 Nikita: What does the overall user experience look like when interacting with RAG? How does Oracle ensure the answers are both accurate and up to date? Brent: In this case, we have a chatbot. This is the interface that we usually use to enable dialogue with the large language model. Now, in order to improve the quality of the answers, we want to search your private business data, and that allows us to pass the most relevant facts back to the LLM.  Next, we want to format the similarity search results as a prompt and context for the large language model. Now, this will allow us to use up to date facts as input to LLMs. And that will minimize the probability of the LLM hallucinating. And those high-quality responses are then returned back to the chatbot.  06:12 Lois: Brent, what does the setup process look like for getting RAG up and running with Oracle AI Vector Search on OCI? Can you take us through the main steps? Brent: First, you will log into OCI. Provide your cloud account name and click Next. There are also interfaces for signing in using a traditional cloud account. And if you're not an Oracle Cloud customer yet, you can also sign up using this page.  Next, after signing in, you will create a compute instance. And you will use Oracle Infrastructure Cloud Console in order to do this. And you will wind up with the user called OPC. You'll notice that you're using SSH in order to connect to your compute instance, and you're running a script in order to set up the Oracle Database.  After that, you will set up the Python environment, again using SSH to connect as an OPC user to your compute instance.  07:22 Do you want to optimize your implementation strategies? Check out the Oracle Fusion Cloud Applications Process Essentials training and certifications for insight into key processes and efficiencies across every phase of your Fusion Cloud Apps journey. Learn more at mylearn.oracle.com.  07:43 Nikita: Welcome back! So far, we've seen how Oracle AI Vector Search powers RAG, letting you surface relevant business knowledge for large language models and enhance their answers. At the heart of all this is the process of transforming unstructured data, like text or documents, into mathematical representations called embeddings.  Lois: Those embeddings are what make meaningful, semantic search possible. But have you wondered how those embeddings actually get created, or what goes on behind the scenes when you choose an embedding model?  Nikita: Up next, we'll take a closer look at embedding models themselves: what they are, how to use them inside Oracle Database 23ai, and how you can experiment with different models to get the results that best fit your business needs.  Lois: We'll walk through importing models, generating embeddings, and even how you can swap out embedding models to compare results. But before we get into the nitty-gritty details, let's quickly recap embedding models, since we've mentioned them in our previous episodes.  08:47 Nikita: Brent, for listeners who might need a refresher, can you explain what embedding models are and why they're so central to AI Vector Search?  Brent: AI Vector Search is based on similarity properties. You can search data by semantic similarity rather than by the actual values. Vector embeddings are created by embedding models to represent the unstructured data. So we have input data.  What we'll want to do is to use an embedding model to generate vector embeddings. And then the vector embeddings would be stored inside of a vector column in a table. We would then compare those vectors to each other using vector distance function.  And we would get the relevant content back based on the number of returns that we describe. For instance, maybe we want to bring back the five closest pieces of data compared to the input data.  There is a new function that allows you to generate vector embeddings that is called the vector embedding function. It allows you to generate vectors within the database.  10:08 Lois: Can you walk us through the practical steps for using embedding models with Oracle AI Vector Search? Brent: In order to create and set up a table, we might use the Python program called create_schema.py. And that will allow us to create a table.  We would ensure that the table was successfully created with the data. As an example, I would create a table called MY_DATA. Next, we would use a sentence transformers embedding model in order to vectorize the table. We can use the Python program, vectorize_table_SentenceTransformers.py. We would then query the MY_DATA table in the Oracle Database to verify that the data has been updated.  And then we would use sentence transformers in order to perform the similarity search. The Python program is called similarity_search_SentenceTransformers.py And what that would do is create the table and then perform a similarity search using the sentence transformers. Now what if you decide that you want to maybe change embedding models? Maybe you want to compare the results by using one particular model as compared to a different model.  So you can change the embedding model. And in order to do that, you would change the embedding model in both of the programs and re-vectorize the table using the vectorize_table_SentenceTransformers.py program. You would then use the new model with different words, possibly, and then compare and review the results, and then choose which one gets you back the data that you're looking for that is most similar.  12:02 Nikita: Well, that's a wrap on this episode. A big thank you, Brent, for sharing your expertise with us.  Lois: If you want to learn more about the topics we discussed today, visit to mylearn.oracle.com and search for the Oracle AI Vector Search Deep Dive course. Until next time, this is Lois Houston… Nikita: And Nikita Abraham, signing off! 12:25 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

AOBPrime SHIPPING!FTF with ZachSamourai Domain PSALauren on with Danny from WBDQ still vibingNEWSKentucky HB 380 requires HWW manufacturers to reset users' seeds upon request https://x.com/bitcoinpolicy/status/2034702487995768878GrapeheneOS refuses to comply with new age verification laws for OS https://www.tomshardware.com/software/operating-systems/grapheneos-refuses-to-comply-with-age-verification-lawsGoogle reverses Android developer verification requirement amidst user backlash - https://www.scworld.com/brief/google-reverses-android-developer-verification-requirement-amidst-user-backlashDOJ Seeks October Retrial for Tornado Cash Developer Roman Storm — https://www.coindesk.com/business/2026/03/10/u-s-requests-october-retrial-for-tornado-cash-developer-roman-stormBitrefill Hacked by North Korea's Lazarus Group — 18,500 Purchase Records Exposed — https://bitcoinmagazine.com/news/bitrefill-cyberattack-points-north-koreaPokemon Go's 30 Billion Images Now Training Delivery Robots — Mass Surveillance Data Harvesting Revealed — https://www.therage.co/pokemon-go-users-trained-killer-robots/UPDATES/RELEASESAm I Exposed? https://am-i.exposed/ by Arkad and CoSelf hosted chain analysis toolAlready on startOSStealth Fork already emergedhttps://x.com/MgkMshrmBrkfst/status/2033771448255566082?s=20Last Signal App https://lastsignal.app/Self hosted dead man switchSparrow Wallet 2.4.2 — March 10, 2026Introduces support for v3 transactions in the editor, implements TOFU certificate pinning for TLS connections, and adds BIP-322 signing via QR and file methods. Numerous dependency upgrades plus bug fixes for PSBTv2 transaction issues, potential database corruption, and dark theme display problems.https://github.com/sparrowwallet/sparrow/releases/tag/2.4.2Aqua v0.4.1 — March 13, 2026Patch addressing multiple bugs and performance improvements. Re-adds region selector to the marketplace, introduces Arabic and Chinese language support, and adds new iOS icon designs. Fixes wallet setup errors when scanning certain QR codes.https://github.com/AquaWallet/aqua-wallet/releases/tag/v0.4.1Boltz USDT Swaps - March 18, 2026Announces USDT Swaps - connecting Bitcoin to the world's most used stablecoin. Swap between Lightning and USDT on all major networks, without custody, accounts, or KYC! Envoy 2.2.12 — March 13, 2026Major update centred on Passport Prime device support. Includes multi-device pairing capability, Bluetooth reliability improvements, and fixes for dozens of bugs across BLE pairing, QuantumLink stability, and the Passport Prime onboarding flow.https://github.com/Foundation-Devices/envoy/releases/tag/2.2.12BTCPay v2.3.6 — March 15, 2026Stable release introducing wallet label filtering, API enhancements for payment method inclusion, invoice modal improvements, security upgrades for API key permissions, and plugin permission policy creation.https://github.com/btcpayserver/btcpayserver/releases/tag/v2.3.6Bisq v2.1.10 — March 17, 2026Implements new trade rules for payment references, adds trade history and QR code pairing support for the Bisq Connect mobile app, introduces TLS support for clearnet connections.https://github.com/bisq-network/bisq2/releases/tag/v2.1.10Phoenix Android v2.7.5 — March 17, 2026Introduces a diagnostics button and adds the spend-channel-address recovery tool to iOS. Android app now supports Indonesian language.https://github.com/ACINQ/phoenix/releases/tag/android-v2.7.5Nunchuk 2.2.8 — March 18, 2026Introduces support for sending to Silent Payment addresses and adds an option to view seed phrases for software keys after a two-hour security delay, along with various bug fixes.https://github.com/nunchuk-io/nunchuk-android/releases/tag/2.2.8Peach Bitcoin 0.69.0 — March 18, 2026Introduces unlimited premium functionality for offers, decimal premium values, improved dark mode colour contrast, and fixes for Revolut/Wise/M-Pesa payment information transmission.https://github.com/Peach2Peach/peach-app/releases/tag/v0.69.0-337Mostro v0.17.0 — March 19, 2026Three releases in the window (v0.16.4, v0.16.5, v0.17.0). Major refactoring work: migration to AppContext-based dependency injection, removal of legacy global state patterns, elimination of password-based database encryption infrastructure.https://github.com/MostroP2P/mostro/releases/tag/v0.17.0Cake Wallet v6.0.1–v6.0.3 — March 6–21, 2026Major redesign + Bitcoin Lightning support via Spark protocol. v6.0.1 (March 6) was the major release with the new UI and Lightning; v6.0.2 (March 17) added Linux distribution support; v6.0.3 (March 21) adds design improvements, performance enhancements, and bug fixes.https://github.com/cake-tech/cake_wallet/releases/tag/v6.0.3Pre-release / Alpha / BetaBitkey App Release 2026.2.1 — March 18, 2026App update with emergency APK download for users who have lost app access and an Emergency Exit Kit reference document for account recovery.https://github.com/proto-at-block/bitkey/releases/tag/2026.2.1Ibis Wallet v3.0 + v3.0.1-betaLiquid w/LN swaps, Boltz on backend, wallet locks, cancel txs with RBF, notificationsLNBits v1.5.2-rc3 — March 20, 2026Three release candidates (rc1 through rc3) published March 18–20, building toward v1.5.2 stable.https://github.com/lnbits/lnbits/releases/tag/v1.5.2-rc3Mempool v3.3.0-beta2 — March 20, 2026Beta release tag with minimal release notes.https://github.com/mempool/mempool/releases/tag/v3.3.0-beta2Start9 v0.4.0-alpha.21 — March 18, 2026UI refinements for port labelling, SSH corrections, WiFi fixes, and support for preferred external ports beyond port 443.https://github.com/Start9Labs/start-os/releases/tag/v0.4.0-alpha.21EducationThe Core Issue: Your Node Vs. The Digital Wilderness — https://bitcoinmagazine.com/print/the-core-issue-your-node-vs-the-digital-wildernessThe Core Issue: Outrunning Entropy, Why Bitcoin Can't Stand Still — https://bitcoinmagazine.com/print/the-core-issue-outrunning-entropy-why-bitcoin-cant-stand-stillThe Core Issue: Consensus Cleanup — https://bitcoinmagazine.com/print/the-core-issue-consensus-cleanupTO DONATE TO ROMAN'S DEFENSE FUND: https://freeromanstorm.com/donateHELP GET SAMOURAI A PARDONSIGN THE PETITION ----> https://www.change.org/p/stand-up-for-freedom-pardon-the-innocent-coders-jailed-for-building-privacy-tools DONATE TO THE FAMILIES ----> https://www.givesendgo.com/billandkeonneSUPPORT ON SOCIAL MEDIA ---> https://billandkeonne.org/VALUE FOR VALUEThanks for listening you Ungovernable Misfits, we appreciate your continued support and hope you enjoy the shows.You can support this episode using your time, talent or treasure.TIME:- create fountain clips for the show- create a meetup- help boost the signal on social mediaTALENT:- create ungovernable misfit inspired art, animation or music- design or implement some software that can make the podcast better- use whatever talents you have to make a contribution to the show!TREASURE:- BOOST IT OR STREAM SATS on the Podcasting 2.0 apps @ https://podcastapps.com- DONATE via Monero @ https://xmrchat.com/ugmf- BUY SOME STICKERS @ https://www.ungovernablemisfits.com/shop/FOUNDATIONhttps://foundation.xyz/ungovernableFoundation builds Bitcoin-centric tools that empower you to reclaim your digital sovereignty.As a sovereign computing company, Foundation is the antithesis of today's tech conglomerates. Returning to cypherpunk principles, they build open source technology that “can't be evil”.Thank you Foundation Devices for sponsoring the show!Use code: Ungovernable for $10 off of your purchaseCAKE WALLEThttps://cakewallet.comCake Wallet is an open-source, non-custodial wallet available on Android, iOS, macOS, and Linux.Features:- Built-in Exchange: Swap easily between Bitcoin and Monero.- User-Friendly: Simple interface for all users.Monero Users:- Batch Transactions: Send multiple payments at once.- Faster Syncing: Optimized syncing via specified restore heights- Proxy Support: Enhance privacy with proxy node options.Bitcoin Users:- Coin Control: Manage your transactions effectively.- Silent Payments: Static bitcoin addresses- Batch Transactions: Streamline your payment process.Thank you Cake Wallet for sponsoring the show!MYNYMBOXhttps://mynymbox.ioYour go-to for anonymous server hosting solutions, featuring: virtual private & dedicated servers, domain registration and DNS parking. We don't require any of your personal information, and you can purchase using Bitcoin, Lightning, Monero and many other cryptos.Explore benefits such as No KYC, complete privacy & security, and human support.(00:00:00) INTRO(00:00:57) THANK YOU FOUNDATION(00:01:38) THANK YOU CAKE WALLET(00:02:43) PRIME TIME(00:07:16) PSA: Avoid SamouraiWallet.com(00:12:16) Vibe Coding Corner(00:20:09) Kentucky HB 380 Would Break Self‑Custody(00:24:31) GrapheneOS Stands Firm(00:25:21)

A PyPI software supply chain attack hit LiteLLM — a library pulled into developer environments 97 million times a month — and if you use it, you may already be compromised. This wasn't a fake package or a typo-squatting trick. Attackers stole real credentials, published malicious code as the real thing, and walked out with SSH keys, cloud credentials, Kubernetes tokens, API keys, and more — all encrypted and sent home before anyone knew what happened.I'm doing something I've never done before: an emergency episode, recorded and published immediately because this is that serious. I brought in Dr. Mike Saylor, co-author of our book Learning Ransomware Response and Recovery, and my co-host Prasanna Malaiyandi to break down exactly what happened, how to find out if you were hit, and what you need to do to protect yourself going forward.We open with a story from 1982 that perfectly captures what this attack really is — getting poisoned by something you trusted completely. That framing matters. This wasn't a failure of the library. It was a failure of the supply chain. And it can happen again.Chapters:00:00:00 - Intro: Why this is an emergency episode00:01:35 - Meet the guests: Dr. Mike Saylor and Prasanna Malaiyandi00:02:31 - The Tylenol poisoning analogy and what it means for software supply chains00:05:51 - What LiteLLM is and what the malware actually did to your environment00:09:04 - Dependencies explained: why you're affected even if you didn't install LiteLLM directly00:12:24 - How to find out if you were hit: the first things to check right now00:14:23 - IOCs and TTPs: what to look for in your logs and on your systems00:19:07 - Network indicators: unusual traffic and what it tells you00:22:12 - How security teams can find out if developers installed it without telling anyone00:30:38 - Action items for the future: inventory, pinning, and hash verification00:36:55 - Sandboxing new downloads before they touch your environment00:37:59 - Immutable backups: why this attack makes the case for them00:40:33 - Modern authentication: MFA, its limits, and why passkeys matter00:46:53 - Where to get threat intel so you hear about attacks like this faster00:53:23 - Wrap-upIf you installed or upgraded LiteLLM on or after March 24, 2026 without a pinned version, stop what you're doing and listen to this episode first.The story:https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/ https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/ https://snyk.io/articles/poisoned-security-scanner-backdooring-litellm/ https://www.wiz.io/blog/threes-a-crowd-teampcp-trojanizes-litellm-in-continuation-of-campaignhttps://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/ https://www.upwind.io/feed/litellm-pypi-supply-chain-attack-malicious-release https://docs.litellm.ai/blog/security-update-march-2026 https://www.helpnetsecurity.com/2026/03/25/teampcp-supply-chain-attacks/ https://www.darktrace.com/resources/the-cisos-guide-to-cyber-aihttps://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/Resources:https://www.stopransomware.comhttps://www.cisa.govhttps://www.cve.org/

Every day, employees at hotels, restaurants, and resorts across the country are doing exactly what they were hired to do: being warm, responsive, and eager to help. It's what makes hospitality work. It's also what makes hospitality one of the most targeted industries in cybersecurity. When your entire workforce is trained to say yes, teaching them to be suspicious is an uphill battle. The smarter solution might be to take the target off their backs entirely. Jasson Casey is the co-founder and CEO of Beyond Identity, a company built around one idea: making identity-based attacks impossible. With over 20 years of experience designing large-scale security infrastructure for global enterprises and carriers, Jasson has spent his career thinking about what happens when stolen credentials open doors they never should have. Beyond Identity's answer isn't better passwords or more authentication hoops, it's eliminating the credential that can be stolen in the first place. Josh Johansen is the Director of IT Systems and Technology at Brandt Hospitality Group, an owner, operator, and developer of hotels under brands including Marriott, Hilton, Hyatt, and IHG. Josh came up through hotel operations, not a computer science program, and that background shapes how he thinks about security practically, from the floor up. He knows his workforce isn't looking to become cybersecurity experts. His job is to build systems that protect them anyway. We talk about why the hospitality industry is such a rich target for phishing attacks, and what happened when one of Josh's general managers nearly paid a fraudulent invoice because she couldn't log in without a password she no longer had. Jasson breaks down how device-bound passkeys work, why most consumer passkeys aren't nearly as secure as people think, and what separates a real security system from one that just looks like one. Josh shares the lessons learned from rolling out this technology across a multi-brand hotel portfolio including what he'd do differently and what it means for an industry still wrestling with shared logins, high turnover, and workers using four different brand systems before lunch. Show Notes: [3:05] A cyber insurance mandate pushes Brandt Hospitality Group to find an MFA solution, and complaints about authentication fatigue make the obvious options the Brandt partners are already using feel like the wrong fit. [4:03] After months of evaluating vendors and completing a full proof of concept, the leading candidate drops smaller accounts without warning, sending Josh back to square one and into a same-day demo with Beyond Identity. [5:09] Beyond Identity moves fast, puts together a rapid proof of concept, and earns the business. Josh describes meeting Jasson in person for the first time at BeyondCon shortly after signing on. [5:45] Hospitality is uniquely vulnerable to phishing attacks, and the industry's culture of helpfulness connects directly to the behaviors bad actors are counting on. [6:49] A general manager calls convinced she needs her password to pay an overdue vendor invoice. When she can't get a login prompt, the situation is recognized immediately as a phishing attempt she nearly fell for. [7:33] Reflecting on that moment, someone sharp and experienced nearly became a victim, and removing the password from the equation entirely turns out to be the real breakthrough. [9:05] The conversation turns to the limitations of cyber awareness training, and why even well-intentioned employees with heavy workloads cannot be expected to function as a reliable last line of defense. [11:13] Jasson describes how Beyond Identity works, using the analogy of a monkey in a jail cell to explain how a signing key stored in a secure hardware enclave can authenticate a user without ever leaving the device. [12:06] The concept of stealable credentials expands beyond passwords to include API tokens, session cookies, SSH keys, and anything else that can be copied and lifted from a system. [17:33] The discussion shifts to agentic identity and AI-driven workflows, with customers on opposite ends of the spectrum — some where agents make up the majority of their workforce, others who paused rollouts after discovering how easily prompt injections could expose sensitive data. [19:17] The biggest mistake organizations make going into a passkey rollout is diving in without a clear understanding of how their identity environment is actually configured and what that means when things don't behave as expected. [20:35] A lesson from their own deployment — initially limiting passkeys to senior staff and leaving line-level employees on passwords — makes clear that partial coverage leaves meaningful gaps. [22:58] Most organizations under active phishing load will experience an incident during a mid-deployment window, and that moment often becomes the event that accelerates full adoption. [24:33] The shared workstation challenge in hospitality comes into focus, along with how the device-bound passkey differs from the consumer versions employees may already be familiar with through Google or Facebook. [29:14] Jasson draws a clear line between consumer passkeys optimized for conversion and enterprise passkeys built for security, explaining how sync fabric trades credential protection for convenience in ways that matter in a corporate environment. [31:07] One enrolled device can cryptographically authorize the enrollment of another, allowing organizations to scale without moving keys or introducing new vulnerabilities. [33:33] The passkey model changes accountability inside a hotel operation — device-bound credentials and role-based access make it significantly harder for well-meaning managers to share login access with staff informally. [36:55] As the conversation wraps, a simple test is offered for evaluating any passkey system: if the passkey can move, it is not a security product. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Jasson Casey - LinkedIn Jasson Casey - National Security Institute Beyond Identity Joshua Johansen - LinkedIn Brandt Hospitality Group

Neste episódio comentamos sobre as principais atualizações e desafios no mercado de tecnologia, trazendo uma análise objetiva sobre cibersegurança e proteção de dados. Ao longo da reprodução, você irá descobrir os recentes desdobramentos éticos do uso de inteligência artificial em contextos militares, envolvendo a recusa da Anthropic em aderir aos termos do Departamento de Defesa norte-americano e os impactos disso para a privacidade global. Você também irá aprender sobre o novo marco regulatório do Conselho Federal de Medicina para ferramentas automatizadas na área da saúde, compreendendo como as exigências da LGPD se aplicam à segurança da informação na proteção de dados médicos sensíveis. Além disso, você entenderá os detalhes do recente ataque hacker que causou graves incidentes de segurança no setor financeiro, e saberá identificar as vulnerabilidades críticas na integração de modelos de linguagem via protocolo MCP, como a perigosa injeção de prompts em servidores expostos. O host Guilherme Goulart compartilha ainda sua vivência no evento SecOps Summit, refletindo sobre a importância dos profissionais de segurança na governança corporativa. Por fim, você poderá avaliar como o uso excessivo do ChatGPT pode afetar a criatividade e gerar a homogeneização do pensamento. Para continuar acompanhando nossas discussões, não se esqueça de assinar o podcast na sua plataforma preferida, seguir nossos perfis nas redes sociais e avaliar o programa para apoiar o nosso trabalho. Esta descrição foi realizada a partir do áudio do podcast com o uso de IA, com revisão humana.     Visite nossa campanha de financiamento coletivo e nos apoie!  Conheça o Blog da BrownPipe Consultoria e se inscreva no nosso mailing Acesse WhisperSafe – Transcreva áudio e grave reuniões direto no seu computador, mesmo offline. Rápido, leve e pronto para usar com qualquer IA. Use o cupom SEGLEG50 para 50% de desconto na sua assinatura. ShowNotes Episódio citado – 2013-06-18 – Episódio #28 – PRISM – Privacidade X Segurança The Pentagon formally labels Anthropic a supply-chain risk Anthropic's Claude is suddenly the most popular iPhone app following Pentagon feud Anthropic vs. U.S. Department of War The Pentagon Can't Afford This A.I. Fight Statement from Dario Amodei on our discussions with the Department of War Employees across OpenAI and Google support Anthropic's lawsuit against the Pentagon AI safety leader says ‘world is in peril’ and quits to study poetry Microsoft & Anthropic MCP Servers at Risk of RCE, Cloud Takeovers AI Conundrum: Why MCP Security Can’t Be Patched Away MCP is the backdoor your zero-trust architecture forgot to close Ministério da Educação – REFERENCIAL PARA DESENVOLVIMENTO E USO RESPONSÁVEIS DE INTELIGÊNCIA ARTIFICIAL NA EDUCAÇÃO Nova resolução de uso de IA na CFM Artigo “When ChatGPT is Gone: Creativity Reverts and Homogeneity Persists“ BTG Pactual restabelece operações via Pix após ser alvo de ataque hacker BTG Pactual sofre ataque hacker e suspende operações via Pix PF investiga participação de funcionários no ataque hacker de R$ 100 milhões ao BTG Pactual Imagem do Episódio: A Torre de Babel — Pieter Bruegel

Compliance Startup Audit-Faking Claims, Trivy Supply-Chain Backdoor, Russia Targets Signal/WhatsApp, and Iran-Linked Stryker Disruption Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst This episode covers allegations that Y Combinator-backed compliance startup Delve helped customers fake privacy and security audits by generating fabricated evidence that auditors then rubber-stamped, alongside Delve's denial and a report of sensitive Delve data being externally accessible. It also details a TeamTNT/Team PCP-style supply-chain compromise of Aqua Security's Trivy scanner via GitHub build and tag tampering, briefly distributing a backdoored release that stole cloud credentials, SSH keys, tokens, and more, with guidance to treat affected environments as fully compromised and rotate secrets. The FBI and CISA warn of Russian intelligence-linked phishing targeting Signal and WhatsApp accounts through social engineering and malicious QR codes. Finally, it describes the real-world impact of an Iran-linked Handala cyberattack on Stryker, disrupting custom implant logistics and delaying surgeries. 00:00 Sponsor Message Meter 00:18 Headlines Overview 00:48 Delve Audit Allegations 03:27 Trivy Scanner Backdoor 06:01 Russian Phishing Signals 08:54 Stryker Attack Fallout 11:30 Wrap Up And RSAC 11:48 Sponsor Message Meter

¡Hola! Soy Lorenzo y en este episodio te abro las puertas de mi laboratorio personal para contarte cómo estoy viviendo la gran migración de toda mi infraestructura —incluyendo atareao.es— de Docker hacia Podman. Si llevas tiempo siguiéndome, sabrás que desde mediados de enero te he estado dando pinceladas sobre las bondades de Podman, pero hoy bajamos al barro: te cuento cómo me he puesto manos a la obra para que esta transición no sea solo un cambio de herramienta, sino una evolución total en seguridad y eficiencia.El corazón de este movimiento es el concepto "rootless". He rediseñado por completo la forma en la que entiendo el servidor virtual. Olvídate de ejecutarlo todo como root; aquí te explico cómo he separado las responsabilidades creando un usuario administrador con sudo (que apenas usamos) y un usuario dedicado exclusivamente a las aplicaciones ("apps") que no tiene privilegios de administrador. Esta capa de seguridad adicional cambia las reglas del juego y nos permite dormir mucho más tranquilos.A lo largo del podcast, desgloso mi metodología para lograr un despliegue homogéneo, reproducible e idempotente. Te hablo de los Quadlets, de cómo orquestar servicios como Traefik, WordPress y MariaDB de forma sencilla, y de por qué he decidido tratar mis archivos de configuración de contenedores como si fueran simples "dotfiles". Para ello, te presento mi flujo de trabajo con YADM (Yet Another Dotfiles Manager), que me permite replicar toda mi configuración en cualquier servidor nuevo en menos de dos minutos.También entramos en detalles técnicos de "hardening". Te cuento qué parámetros del kernel he tocado para evitar ataques de red, cómo he configurado el SSH para que sea una fortaleza inexpugnable y por qué he vuelto a confiar en Fail2Ban, no solo por seguridad, sino para ahorrar ciclos de CPU que antes se desperdiciaban gestionando ataques por fuerza bruta. Además, te muestro mi kit de herramientas esenciales: desde Crypta para la gestión de secretos hasta utilidades como Zoxide, Starship o Neovim que hacen que trabajar en la terminal sea una delicia.Capítulos:00:00:00 Introducción: La migración de atareao.es a Podman00:00:44 Por qué abandonar Docker: Ventajas del modelo Rootless00:01:05 Orquestación con Quadlets: Homogeneidad e Idempotencia00:02:12 Estrategia de pruebas: El entorno en Hetzner00:03:05 Seguridad avanzada: Configuración de usuarios Admin vs Apps00:05:12 Automatización con Scripts: Instalación de herramientas esenciales00:06:25 Hardening del Kernel y Red: Protegiendo el servidor00:07:28 Hardening de SSH y la importancia de Fail2Ban en el consumo de CPU00:08:54 Firewall y optimización para HTTP/300:09:25 El script del usuario 'Apps': Persistencia y Sockets de Podman00:10:20 Herramientas de terceros: Sops, Crypta y gestión de secretos00:11:27 El dilema de la gestión: ¿Por qué tratar contenedores como Dotfiles?00:12:21 YADM: El motor de despliegue para mis archivos de configuración00:13:03 Estructura de directorios: Available vs Systemd00:14:36 Demostración lógica: Habilitando y deshabilitando stacks (Qlist)00:16:34 Conclusiones de las pruebas: Estabilidad y rapidez de réplica00:18:14 Ventajas e inconvenientes del flujo de trabajo en terminal00:19:17 Próximos pasos y despedida: El futuro en PodmanEspero que disfrutes de este viaje técnico tanto como yo he disfrutado rompiendo y reconstruyendo mi servidor para traerte esta solución estable. ¡No olvides unirte al grupo de Telegram de Atareao con Linux para comentar tus propias experiencias migrando a Podman!Más información y enlaces en las notas del episodio

Claude Cowork came out of an accident.Felix and the Anthropic team noticed something interesting with Claude Code: many users were using it primarily for all kinds of messy knowledge work instead of coding. Even technical builders would use it for lots of non-technical work.Even more shocking, Claude cowork wrote itself. With a team of humans simply orchestrating multiple claude code instances, the tool was ready after a brief week and a half.This isn't Felix's first rodeo with impactful and playful desktop apps. He's helped ship the Slack desktop app and is a core maintainer of Electron the open-source software framework used for building cross-platform desktop applications, even putting Windows 95 into an Electron app that runs on macOS, Windows, and Linux.In this episode, Felix joins us to unpack why execution has suddenly become cheap enough that teams can “just build all the candidates” and why the real frontier in AI products is no longer better chat, but trusted task execution.He also shares why Anthropic is betting on local-first agent workflows, why skills may matter more than most people realize, and how the hardest questions ahead are about autonomy, safety, portability, and the changing shape of knowledge work itself.We discuss* Felix's path: Slack desktop app, Electron, Windows 95 in JavaScript, and now building Claude Cowork at Anthropic* What Claude Cowork actually is: a more user-friendly, VM-based version of Claude Code designed to bring agentic workflows to non-terminal-native users* Why “user-friendly” does not mean “less powerful”: Cowork as a superset product, much like how VS Code initially looked simpler than Visual Studio but became more hackable and extensible* Anthropic's prototype-first culture: why Cowork was built in 10 days using many pre-existing internal pieces, and how internal prototypes shaped the final product* Why execution is getting cheap: the shift from long memos, specs, and debate toward rapidly building multiple candidates and choosing based on reality instead of theory* The local debate: why Felix thinks Silicon Valley is undervaluing the local computer, and why putting Claude “where you work” is often more powerful* Why Claude gets its own computer: the VM as both a safety boundary and a capability unlock, letting Claude install tools, run scripts, and work more independently without constant approval* Safety through sandboxing: why “approve every command” is not a real long-term UX, and how virtual machines create a middle ground between uselessly safe and dangerously autonomous* How Cowork differs from Claude Code: coding evals vs. knowledge-work evals, different system-prompt tradeoffs, longer planning horizons, and heavier use of planning and clarification tools* Why skills matter: simple markdown-based instructions as a lightweight abstraction layer for reusable workflows, personalized automation, and portable agent behavior* Skills vs. MCPs: why Felix is increasingly interested in file-based, text-native interfaces that tell the model what to do, rather than forcing everything through rigid tool schemas* The portability problem: why personal skills should move across agent products, and the unresolved tension between public reusable workflows and private user-specific context* Real use cases already happening today: uploading videos, organizing files, handling taxes, managing calendars, debugging internal crashes, analyzing finances, and automating repetitive browser workflows* Why AI products should work with your existing stack: Anthropic's bias toward integrating with Chrome, Office, and existing workflows instead of rebuilding every app from scratch* Computer use one year later: how much better it has gotten, why vision plus browser context is such a superpower, and why letting Claude see the thing it is working on changes everything* Why many “AI verticals” may get compressed: specialized wrappers may matter in the short term, but better general models and stronger primitives could absorb a lot of narrow use cases* The future of junior work: Felix's concerns about entry-level roles, labor-market disruption, and whether AI can compress early-career learning into denser simulated experience* Why Waterloo grads stand out: internships, shipping experience, and learning how real teams build products versus purely theoretical academic preparation* The agentic future of the desktop: what it means for Claude to have its own computer, whether AI should act on your machine or a remote one, and how intimacy with personal data changes the product design space* Why Electron still mattered: shipping Chromium as a controlled rendering stack, the limits of OS-native webviews, and why browser engines remain one of the great software abstractions* Anthropic's Labs mentality: wild internal experiments, half-broken future-looking prototypes, and the broader effort to move users from asking questions to delegating increasingly long and valuable tasks* Why the endgame is not just more capability, but more independence: teaching users to trust AI with bigger scopes of work, for longer durations, with fewer interventionsFelix Rieseberg* X: https://x.com/felixrieseberg* LinkedIn: https://www.linkedin.com/in/felixrieseberg* Website: https://felixrieseberg.com/Anthropic* Website: http://anthropic.comFull Video PodTimestamps00:00 — Cheap execution and building all the candidates00:44 — Intro in the new Kernel studio02:47 — What Claude Cowork is04:18 — Why user-friendly can be more powerful05:33 — How Anthropic built Cowork07:09 — Prototype-first product development08:00 — Why local computers still matter09:20 — Skills, primitives, and platform leverage12:13 — Cowork's architecture: VM + Chrome + system prompt15:38 — Felix's own bug-fixing Cowork workflows17:38 — Local-first agents20:16 — Evals, planning, and knowledge-work optimization23:14 — What Anthropic means by evals24:21 — Scaffolding, tools, and why skills matter27:44 — Demo: YouTube uploads and self-generated skills31:03 — Calendar automation and cleaning your desktop34:47 — Browser context and why DOM access matters37:47 — Skills portability and plugins44:36 — Which AI categories survive?46:19 — Junior jobs, simulated work, and labor disruption52:00 — Gradual takeoff vs big-bang takeoff53:42 — Finance, taxes, and enterprise verticals56:24 — Vision and the improvement in computer use57:31 — Why Claude writes its own scripts58:06 — Should Claude have its own computer?1:01:26 — Windows 95 in JavaScript1:03:19 — VM tradeoffs and sandbox design1:07:23 — Approval fatigue and safe delegation1:11:18 — The future of Cowork1:12:27 — What comes next for agentic knowledge work1:15:13 — Electron, Chromium, and desktop software lessons1:22:16 — Multiplayer agents and coworker-to-coworker workflows1:26:05 — Anthropic Labs and closing thoughtsTranscriptAlessio: Hey everyone. Welcome to the Latent Space Podcast, our first one in the new studio. This is Alessio, founder of Kernel Labs, and I'm joined by swyx, editor of Latent Space.swyx: Yeah, so nice to be here. Thanks to, uh, TJ, Alessio, Allen helping to set everything up. It looks beautiful. We even have the logo outside.Yeah, kind.Felix: It's like really nice, right? When you walk in here as a guest, you're like, ah, this is a serious production. You're like, feel it immediately.swyx: Yeah. Felix, you've been, you're, you're currently a product manager of Cowork or,Felix: uh, really Technicswyx: Eng. Yeah. The, the identities are kind of vague member technical staff.Felix: I know member staff is like, the official title will carry around forever.swyx: Yeah. I basically kind of wanted, like we've been. Kinda obsessed. I, I've been using it a lot, even for managing latent space. Like, uh, cowork helps me upload videos and like title things and like edit and everything. It's, it's like really amazing.Alessio: Cool. He said multiple times Cowork has said gi in the group track.swyx: Yeah, yeah, yeah. So, so we have a second, uh, we have a second channel, uh, for latent space tv. Uh, and I, uh, and uh, we basically, this is our Discord meetup. Um, and I I, we have like Claude Coworks, it might be a GI, I don't know if we, we have, uh, uploaded it yet, but one of the sessions was like a, like a Claude cowork thing.Felix: I, you have to see, I would love to see it. Like, I'm so curious, like one of the most fun parts of my job is like constantly see the weird things people use Cowork for because it's obviously like very hard for us to actually design for specific use cases we do. But like every single person who's like most amazed is usually amazed about a thing that I didn't even expect cowork would be good at.Um, we have a new designer and it's one of the first small tasks. I was like, Hey, we need like a new emoji for cowork for our internal stock. It's like a pretty small thing. I like, can you please do it? And he drew an SVG and just gave it to coworker was like, can you animate this emoji? And now it has like this beautiful loopy animation.Um, and I mean, I think obviously this goes down to like, it turns out you can do more things with code than you expected, but it, it's like that kind of stuff that is really fun to me. So, long story short, I would love to see like, the kind of things you're doing.swyx: I'll pull it up. I'll pull it up.Felix: Yeah. Yeah.swyx: Uh, but before we get into it, I, I think always wanna start with like a top level. What is Claude Cowork for people who haven't heard of it? Haven't tried it out.Felix: Okay. Uh, real quick, Claude Cowork is a user friendly version of Claude Code. So the way it basically works is we have Claude Code and for us, fairly impressive agent harness that over December we noticed more and more people are using either, even though they're not technical, they, they're not at home in the terminal or they are at home in the terminal, but they started using Claude Code for non-coding workloads, right?Like managing expenses or like filling out receipts or organizing a knowledge base. Like there was a big obsidian moment that a lot of people liked and we wanted to capitalize on that, but also bring, bring this capability to people who are not terminal native and who might not know how to like brew and store something.So cowork is Claude Code running in original machine with a little bit of padding, a little bit more guardrails, making it a little safer and a little bit more convenient for people who don't wanna first open up the terminal when they go to work.swyx: It's interesting, uh, that is kind of. Pitch that way as a more user friendly thing because I always feel like it, it, to me, I I treat it as like why I'm familiar with Claude Code.Like we, we did a Claude Code episode Yeah. A year ago. But this one is like even more power user tools ‘cause it, uh, it kind of integrates much better with like clotting Chrome and, uh, in all the, all the other tooling. But like, maybe, maybe that's like a perception thing, right? LikeFelix: No, honestly, I don't think you're wrong.This is like a, a thing I've been thinking a lot about for like the last two weeks. So,swyx: but when they say user friendly, it's like, oh, it's the dumb down version. But no, actually this is the superset.Felix: Yeah. Like, I think a similar thing happened, A similar thing happened to me about 10 years ago, like maybe 12 years ago when I was at Microsoft and we started working on, on Electron and like browser-based technologies and cross-platform stuff.And one of the first use cases was Visual Studio Code, which used to be a website. And the initial narrative was, or Visual Studio Code is, is like a more user-friendly version of Visual Studio. But in a similar vein, I think there was some voices saying, oh, this is. For serious developers, like, we're not gonna use this.Right? For like anything. And I think in the end what happened is people have different stories about why Visual Studio Code became such a big thing. But my personal, my personal belief is that the Hackability and the extendability has like played a pretty big role, right? You can hook in Visual Studio Code that like almost any workload, it's so easy to hack on, so easy to put extensions for it.And I think cowork might be hitting a similar thing where it's very easy to extend and it's very easy to bring into your workflows. Uh, so the convenience I think is a bit of a, it's obviously the thing we strive for as developers, but I think the way people find value in it then is by probably mapping it onto whatever they actually have to do in their job.Alessio: So end of last year, you see the spike of like non-technical usage and clock code. What's the design process to say we should make clock code work? Because I mean, you built it in only 10 days. Um, I'm sure there was some discussion before on whether it's easier to use mean. You know, like making, making like a desktop GUI is obviously one way to do it, but like there's a lot of nuance in the product.Like maybe talk people through what was like the trigger of like, we should build a separate thing. We should not build like a different plot code thing. And then maybe some of the more interesting design decisions that maybe you didn't take.Felix: Yeah, I think philanthropic, we've been thinking about ways to move people who are comfortable with using Claude to answer questions and bring more of the power of like this thing to now like, execute tasks for you.I can like solve problems for you can like build things for you. How do we bring that capability to people who are currently mostly comfortable with like a like question answer paradigm within the chat. And we've had a lot of prototypes around that. Just going back as far as like easily a year and a half.Like we had a lot of people working on that. Um, and internally philanthropic is a very prototype demo, first culture. We have a lot of like internal prototypes that don't reach the public. What Cowork actually became is like we sort of picked the right pieces out of the many prototypes that we had.Right. And that's, that's maybe also like, I think an important qualifier whenever people mention this like 10 day number. I do think it's important to me to mention that within Double Scratch there was like a lot of stuff already happening, right? Like, and I think it's important for people to remember that when you build a website, you use React, you use like a bunch of other things.And this is like a similar scenario with like a lot of pieces we already had. Um, and in terms of decision path, I think we live in like an interesting new world where execution is actually quite cheap.swyx: Mm-hmm.Felix: So maybe, maybe what you would do That's so crazy. The year. I know it's wild.swyx: You should be, ideas are cheap.Execution is the hard part. IFelix: know. And like the, we, we used to live in this world maybe where you would take a product manager and the product manager would go to a number of potential customers and in this like very low bandwidth way, would try to. Try to like tease out what are the problems they're having, what are they willing to buy?Um, and then maybe what can you build to like drive out that need and then you go back and you like draft a spec and you think about it and then like you make a design and you execute it. We internally philanthropic app, not pretty much closer to the point where we're like, don't even write a memo, just like build, like let's build all the candidates very quickly.Let's just build all of them and then pick the best ones. I think the, the decision that is most impactful both for the product as well for the users right now is like the way we put value on your local computer. I think that's a big decision point a lot of people have thought about. Should this thing, whatever it is, should it ultimately run into computer or should it run in the cloud?‘cause they're big trade offs, right?Alessio: I guess like if we solve auth, it would be easy to do in the cloud. But I think like the fact that I can just download any file from anywhere and then put it and cowork there, it's like a big unlock. Um, I mean it's interesting you mentioned reusing certain pieces. I think this is something I've been thinking about even with Claude Code, right?The price of like writing code is going to zero, blah, blah, blah. But it actually seems like the value of having some sort of platform substrate is like increasing because as you build these new things, you can kind of plug them together.Felix: Yeah.Alessio: So I almost feel like when people are saying, oh, the value of a lot of software is gonna zero because you can recreate it, to me it's almost like the opposite.It's like having an existing platform to build on top of. It's like even more valuable because you can kind of bolt things on.Felix: Yeah.Alessio: You have obviously mcps, you have skills, you have like obviously the models, which is a big part. All these things kind of come together. Do you feel like that's a valid way to think about it, where people should invest even more in kind of like primitives.To rebuild on or are you like recreating a lot of it each time because like things change and it's easier to rewrite than reuse?Felix: You know, I think, I think you're right. I think you're right that the holistic platform is really useful. And this is maybe a whole like a somewhat contrarian view to a lot of people in ai.I actually don't think that the future is going to be hyper personalized software down to the point where everyone is running their own version. Like, I actually think it's going to be quite hard for all of us to have our own internal chat tool and like, if I wanna talk to you, likeswyx: howFelix: is that gonna work, right?In the, in the context of cowork and how we build it, I think it's a bit of a combination. Like what the, the execution that gets cheap is not necessarily rebuilding all the primitives. I think our priori, there's also not a lot of value in it. So for instance, my team did not think about rebuilding clock code.We're like very much started with the. The core thesis of this should be Claude Code.Mm-hmm.Felix: And then we'll like build things on top of it. The part of the execution that gets a little cheaper is like, how do you take all of these Lego pieces and put them together in a way that makes sense for users?It's like actually valuable. You have so many different approaches now in terms of what kind of, what kind of things do you actually elevate to a primitive, do you strongly believe that all your products should be built by just combining primitive that the public also has available? Do you keep some things internal?Um, and I think that's still evolving, but I think what's probably gonna go away is like, I'm not sure if it's gonna fully go away, but I'm gonna say, I think for me personally, I will probably no longer try to come up with a really good product without testing up with people. This is not a new concept, but wherever you used to have to make costly decisions around, do we pick technology A or technology B, or do we like, um, build it this way, build it the other way.I really strongly believe now you just build all of them and try them out with a small focus group and then whatever, whatever is better is what you go with. Right. And that, that is probably quite different even from how we maybe worked a year ago. Right. Like, I think, I think this happened very recently.Alessio: Yeah. I started building something in on Electron since you're here. Coincidence. Uh, but then Electron and like SQL Light are like, there's like some issues that like between development and like, uh, building anyway. And I was like, let's just rebuild the whole thing in Swift and just recreated the whole thing in Swift.And it's like, I. It's done.swyx: You know, I didn't take any effort. I, I, I don't even know Swift.Alessio: Yeah, exactly. I was like, I'm the, I'm not reviewing it anyway, whatever. You can write in whatever language you pick, but the important stuff that I did was not write the electron bindings. Yeah. It was like the logic of what happens in the app, you know, and then the model is like, yeah, I can just recreate the same thing as withswyx: Yeah.I, I think you still want, especially for people who are doing like high performance software or like very complex software, uh, you still want like, some view of the architecture. Uh, but you can use markdown for that,Felix: right? Yeah.swyx: Uh, you don't actually have to read the code again. I, I'm still like on a sort of like a definitional thing.Um, can we build a good mental model of Claude Cowork? Um, this is what I have, right? Like you you said it's like fundamentally cloud co. We don't wanna touch it. There's the cloud app, there's clouding Chrome. I think you guys do something different in planning, but, uh, I've been talking with Tariq who is on the cloud co team, and you guys are, he's like, no, we just exposed planning.Maybe we can clarify like, what are the major pieces. That people should be aware. It goes into cowork, like,Felix: okay, I think you basically have them. So really, um, you can, you can take planning more or less out. I think there's a few things that are really valuable in cowork. Um, the virtual machine is probably the most powerful thing.So we currently run like a, we currently run like a lightweight VM and we put clocked out into the vm and we do that for, for, um, a number of reasons. Safety and security is a big one, but even if you, even if you ignore for a second safety and security and you're just like, okay, Yolo, I want this thing to do whatever.It is quite powerful to give Claus on computer that is like generally a good idea. And in terms of architecture and UX and everything else that we've been working on, philanthropic, it often is quite useful for you to like anthropomorphize, um, clot aggressively and just be like, this is a person. What will you do if you give a, if you had a person, right?Yeah. And the analogy I've given my dad this morning who is still like quite insistent on using chat even for like coding things, is if you were a developer and your employer told you that you don't need a computer, they're just gonna like, send you emails with a code and you send emails with code back like that, maybe work for Patrick Miles in the back, but that it's not very effective.Um, so what we can do with the VM is because it's a, it's a Linux system, Claude Code has more or less free reign to install whatever needs to install. It can install Python, it can install no js. We do have strict network ingress and egress controls. So you can still, as, as a user in like plain human language, make it clear to, to the entire system what you're okay with and what you're not okay with.But at no point do we have to ask a real person, like a, like a person who might be in marketing or a lawyer. I'd have to go to a lawyer and be like, are you okay with me installing Homebrew?Alessio: Yeah, yeah.Felix: Right. Because the implications of the question and the answer are complex and nuanced and like, not, not easy to reason about.This gives us a lot of distraction that makes Cloud very powerful. Now then around it, we, we do probably have a number of things that also keeps growing almost every single week that you're probably noticing that make cowork maybe better for certain tasks than just cloud. Cloud on its own. Yeah. But most of those actually live in the system prompt.They're about like, what can we infer about the work that you do? What can we, what can we intru in the system prompt to make that more effective? It's of course the like very tight integration with Cloud and Chrome. You're noticing that a lot of people, especially as the models get better, a lot of people throw up their hands when it comes to MCP connectors in this area.I'm not gonna, I'm not gonna go through like 25 M CCP connectors, click off everywhere and then like half of them don't let me do the things anyway. So Cloud and Chrome is quite powerful because we can just talk to the cloud and Chrome sub agent and that will just do things for you.swyx: Yeah, so, so one example right in MCPI, honestly, I think that the state of MCP is kind of, kind of.Really hard to integrate. Um, I need to, I needed to add, uh, Figma MCP to the coding agent that I use.Felix: Yeah.swyx: Uh, and, but I didn't wanna read the docs, so I just had caught to it. And it's, it's great at reading docs and the same, same way I had to set up like a Google Cloud, um, account for some project I was working on and get some API keys somewhere.And Google Cloud is famously super hard to navigate, so I just didn't wanna deal with any of it. I just used Claude CoworkFelix: within the first week of developing on Core. This happened very, very quickly. Um, I caught myself by starting to use cowork for coding tasks, which is not ostensibly what we built it for, right?We don't need to. But I found myself, um, I found myself like on our internal, internal tool that we have for, to collect crashes and just like debugging information and I found myself sort like picking out the ones that I think we can easily fix versus the ones that might be like kernel corruption or something else on the operating system.And I found myself sort of picking these out and then just telling Clark, go fix this bug. I was like, what am I doing here? Go one level up, tell a cowork, I want you to go to all these crash tools. I want you to find all the bugs that you think are fixable and not like an operating system crash. And then I want you to tell another cloud to like fix all of that.Um, and that's, that's, that's sort of another cloud,swyx: just so it can spin up another instance or,Felix: uh, it, currently what I do is, um, and this is a bit of a hack, but I tell it to use clockwork remote to which website itself? Yeah, that's interesting. So you basically take, if you, if you imagine like a dashboard with like 20 bucks, you, this is remote control or clock or remote, or, sorry, I just wanted to confirm what, the way I'm using it is.I have cowork running and I'm telling cowork, here's where I normally go every morning to find the latest bugs. Go read the entire bug list, separate out which ones are fixable, which ones are, are fixable, and then for the fixable ones, four is this almost loop. For each bug, write a markdown file with a prompt.And then for each markdown v, that is a prompt. Start of a cloud set. So natively Claude Code hasswyx: this concept of subagents. Mm-hmm. And this is basically a subagent, but you're not using the subagent functionality.Felix: I'm not using the subagent functionality. And the reason I'm not is because I'm firing that off as a Claude Code remoteswyx: task.Felix: Yes. That's kind of nice. ‘cause then I can just fire it off. I can go to my next meeting and in Claude Code remote. Now the work is happening.swyx: Mm-hmm. Yeah. You, you see like you're already starting to use the cloud over your local machine. And I think this is one of those things where like. Shouldn't just everything just be cloud first, right?Felix: Ah, this is such a good group. I'm like solely bad about this. I have so many thoughts about that. Okay. So I generally believe that Silicon Valley overall is undervaluing the local computer. And my default argument for that is always how come we're all using MacBooks and not like an iPad or a Chromebook?Um, that there is like still value in, in having a local machine. And now when I think about Clot, it's this entity that is supposed to be very useful to you, like it tremendously useful to you. I think that entity needs to have access to all the same tools you have access to. Otherwise it's gonna be hamstrung in like all these complex ways.And there's, there's sort of two approaches we could take. We could say, okay, we're gonna like one by one chip away at everything that is at your computer and move it into the cloud. That's, that's one way to do it. Um, and I think other products have taken that path. I personally, this is a very personal opinion, but I personally, for the amount of tools that I use.Just don't have the patience to give another tool like permissions to every single thing and keep those permissions up to date. The second thing that I'm still grappling with, and I don't have a good answer for anyone just yet, but the second thing I'm still grappling with is what does it look like for someone to slurp up your entire work and put that in the cloud?Like if I, just as an example, like if you could click a button and it just clone your entire computer into the cloud, is that something that you would want? I'm not totally convinced yet that all everyone will. Mm-hmm. And that is sort of like upstream of all the technical issues we're gonna have. ‘cause like in general, I think the world is not ready for this kind of stuff.Like, I'll give you one quick example that would probably be very easy for us. So as a desktop app, we in theory with your permission, can do a lot of things on your computer, including reading your Chrome cookies. If we really want to do right, we could take your Chrome cookies, you would have to decrypt them for us.We could put those on the cloud if we really felt like it. Pretty easy solution. That would be super cool. We could just be like, oh, we can do all your tasks in the cloud now. Um, a lot of websites, thanks, include it. If, if they see the same authentication from like two different locations, we'll just lock down your account and now you have to go to the branch and be like, okay, I, I'm here with my passport.You actually know that. Wow. Yeah. As tired as well are of the term agent for the age agent future, I think there's a lot of stuff that sort of slowly needs to catch up and until that's the case, the way I, as someone's working on clock and make Cloud most effective is to like put it where you are working.swyx: Anything else? I thought with our mental model, so like, basically like, uh, part of me also just want, like the more I understand how it works, the more I can use it to its full potential. Right?Felix: Yeah.swyx: And so what I'm get hearing from you is you told me to delete the planning thing. You're not doing anything special on, on the, that's only exclusive to Qua cowork.Felix: We have some tricks for this sort of like change week over week. We eval cowork maybe against different use cases than he would evil clock code, right? If you think about it this way. Okay, so like clock code is our eval clock cowork. Yeah. So clock code is like quite optimized for coding tasks and we mostly value it whether or not we're getting better or worse depending on how good it is at like a typical suite job.And Clark Cowork on the other hand, we evaluate more against typical knowledge work, the kind of stuff he would find in finance or in like maybe a, like in like a legal office. Um, my personal use case is always like managing my things, like managing my personal mortgage or something like that, right? Or like wealth planning for me and my family.Those are the kinds of use cases we eval, clock cowork on. And what you might be picking up on is like the subtle changes we make to the system. Prompt what we put in the system, prompt how we steer, clot with the tools we give it. Um, like either it'd be better in one or the other direction and whether there's a trade off, try us exist a lot.CLO code will be better of a code and Claude Cowork will be better. For non-coding tasks, will those gaps still exist in the next three generations of models? It's like a little unclear to me though.swyx: Yeah,Felix: because right now these like hyper optimizations we make, I'm not sure for how long they're still be relevant.swyx: I think what I was referring to was also, it, it just, uh, it qualitatively felt different when I probably, it's just all prompting and I'm reading too much into it, but like the, the fact that it comes out with like a nine step plan, I can edit the plan and give feedback and, and, and see it execute the plan.Yeah. It felt more long range than in Claude Code, but maybe that already existed in Claude Code and you just build a nicer UI for it.Felix: It's kind of both. Um, like if the Clark Code people who build the planning functionalities would city, they probably say yes, we have all of those things in Clark code and they do.Um, I think people tend to give cowork. Tasks that are maybe of longer time horizon, I thought isswyx: so long. Yeah.Felix: That's like one thing, right? It's just like that the, the chunk of work tends to be maybe a little bigger. And then the second thing is that because the work, when it gets longer, it gets a little bit more ambiguous.We do tell co-work to make heavy use of the planning tool or to make heavy use of the ask user question tool, right? We do want it to come up with like. Different scenarios of, okay, tease out what the user actually wants. Don't go off to work for like four hours and then come back with the wrong thing.And you're probably picking up on that.swyx: Yeah.Felix: Um, I wish I could tell you I like built this magical thing and it's like, there's some secret sauce,swyx: but No, no, no. I mean, it's, it's just clarity is good that, you know, engineers just want to know. Yeah. They can, they can plan around it. And then I think also for me, um, I am realizing I have to switch to my, my other machine because this is a new machine that doesn't have my session.But, uh, yeah, the, the, the planning is really important for, for me to like approve or like to see whether it's like, it's right. The ask is, the question is so beautifully presented. I mean, it also, it also available in like cursor and, and in Claude Code. But like, I, I think like it's so nice to see that it, like it's kind of for me like to understand that it gets me, it gets what I want to do.Felix: Yeah.swyx: Yeah.Felix: It probably very hardswyx: just on the topical evals. Mm-hmm. When you say eval, I think people are very vague about what it means. Is it just like vibe testing or do you have like automated programmatic evals of Claude Cowork?Felix: When we say eval, uh, what we really mean is that we essentially take the entire transcript, including all the tools that clot has available ultimately to it, and we then measure what are the outputs, depending on what we tweak, right?So we do run that a lot. We use that in training. Um, we use that in, in like, if you sort of separate out post training from like the scaffolding around it. Cowork sort of exists in the scaffolding space, but obviously we also train on it a little bit. Um, so when we say eval, we mean given the certain transcript, what do the outputs look like?Including the file outputs as well as like the actual token outputs, like the ones that you see in the chat window.Alessio: I'm curious, um, how much of the failure modes are the model intelligence versus like the usage of the end tool to put the intelligence in? Like the well planning is like a good example, right?It's like one thing is to come up with a plan. The other thing is like make a nice spreadsheet. Yeah. That kind of runs you through the plan. Like how have you seen that? Well,Felix: the thing that I grapple with a lot is that whatever scaffolding you come up with, I think we still have a bit of sort of like model overhang where the model is dramatically more capable than right.Users end up using it for. And I think part of that is that we're just not getting the model all the tools to do all the things that's theory capable of, right? There's like one thing, um, however, whenever you do build the scaffolding, I'm sort of wondering at what point, at what point will that scaffolding go away and like how much you invest in figuring out what the right scaffolding is.It's kind of up to, it's a little bit of a bet. And one thing that I as an NJ quite enjoy is that like working in philanthropic and working at a frontier lab, I maybe have a little bit more insight into what's coming, coming down the chute in terms of like, what's the next model, what is the model capable of?What is good at, what is it bad at? And I'm, I'm increasingly wondering, is the right thing for us to like really invest too much in sort of these like scaffolding corrections where the model might otherwise not misbehave, but just not do the thing that you want?Alessio: Yeah.Felix: Or is it to just like give it as many capabilities as possible, try to make those safe so there's the worst case scenarios, likeno status might be otherwise.And then just simply wait a second for the next model drop. I'm personally, currently more leaning into the ladder. I think we're gonna see a lot of like applications and companies that do very impressive things with ai that in the short term might seem very effective ‘cause they're very specialized to individual use cases.But I think once models get better generalization and get better at like those specific use cases without being super guided on those, I'm not sure how long that's gonna stick around. And you can kind of, kind of already see this in like skills and NCP servers, right? Mm-hmm. We've, we've already seen sort of this like slow shift from MCP service to skills.And like, maybe a good example is Barry who made skills. He was initially hacking on something that honestly looked a lot, looked, looked a lot like what Cowork does today. It was sort of thinking about what if cowork, but for like people who don't wanna build code. Mm-hmm. And, um, he too did that as a prototype inside the desktop app.One of the first use cases we thought of were, okay, what, what are like coding like use cases that could really benefit from graphical interfaces and like from being a little separated from the actual underlying code. And everyone comes with the same answers. Data analysis,Alessio: right?Felix: Yeah. Or saying how many users do we have today?How many, like, it's always data analysis. And I think the thing that ultimately led to skills is that we wanted to connect this little prototype to our data warehouse and. The team very quickly discovered that like instead of building a custom tool for the thing to talk our data warehouse, they just like meet and embarked on follow like mm-hmm.Dear Claude, if you want to get data, here's the end point. Here's what the API looks like. You'll figure it out.swyx: Ah.Felix: And then it be hand over control. Yeah, yeah. Also just like maybe go one step up in the layer of abstractions, right. Just, yeah. Instead of, instead of telling the thing, here's ACL I, please call the CLI, or here's an MCP.Please call this ECT shape. Just like this is the end point. If you wanna know something, if you post here, maybe you can do post sql. It's gonna be okay. And that ended up being so effective that they started trying the same pattern of like just giving the model a markdown file that describes whatever it needs to do.That the whole thing eventually became skills and we're like. We should package this up. This is a good idea.swyx: Yeah. Um, we've had Barry Mahesh, uh, on, on our conference and uh, he's uh, definitely got a good idea there.Felix: Yeah.swyx: I wanted to show you the, how I've been using Claude Cowork.Felix: Uh, this is was my favorite part.swyx: This is this. So this is like me, uh, this is how we run the Discord. Uh, we literally, uh, at first I didn't trust Cloud Core. This was my very first usage.Felix: Okay.swyx: Right. So then I was like, okay, I will just try to manually download from Zoom all my recordings and upload it to YouTube. Yeah. Because this is a very laborious process.I got a click, click, click YouTube, um, isn't super user friendly. Uh, and it just did it. And then I was like, actually, you know, even the download from Zoom part, I should also. Put into Claude Cowork, and then I did it right. Here's a bunch of, and it starts compacting here, and it, and it, it starts to even be able to do things like look through the individual frames of the video to name the video so I can upload it auto automatically.Oh, that is, and this replaces my job as a YouTuber. We will forever appreciate your creative Yes. You know, and so that's great. Uh, but then by the way, it compacts and makes, makes like a new thing, right? So I, I don't, I don't have the initial, initial thing, but then I asked it to make its own skills so that it, so that something that's repetitive and one-off and human guided becomes more automated and I can use the skills independently and reuse them.Uh, and it obviously you can write skills and that goes into context and skills at the bottom here, which is, which is so nice. Um, so I have all these skills that, that I now sort of do on a weekly basis. Uh, I know you've released scheduled Coworks, which I haven't done yet, butFelix: course I should try them. I, I think this is like so wonderful and fun for me to see because.One thing that is very fun for me about skills in particular is that they're so easy to make. Like anyone can make a skill, like a text message, could be a skill, and they can be so hyper personalized to you. And this is like sort of the subtraction layer, right? Like, um, I, I'm just guessing, but I assume, heck, you are very good at your job.You're probably given this thing some guidance about how to do it, right? I,swyx: I just said, wrap everything up into, into a skill, right?Felix: Yeah.swyx: And then, uh, and then I was like, actually, sometimes I might need to break, uh, things apart because some parts fail or some parts might be needed in individually. So I told it to split one skill into three skills.So it's like a skill splitting thing, and then there's like a parent skill that just orchestrates all of them if I want to use that. You know, like, um, I think that's, that's like really good. Uh, and, and, uh, there's, there's one more part, which is the, uh, Google Chrome thing that I told you about.Felix: Yeah.swyx: Where I'm like, okay, you know, what's better than uploading, using Claude Coworks to YouTube?Like actually. Looking at the docs to like programmatically upload to YouTube and then putting that in a skill. And I've never done that before. I don't want to deal with Google Cloud. Yeah. So Claude Cowork does it for me.Felix: That is really cool.swyx: So, so I, I just, I don't care. I just, like, I do a thing. I don't, it doesn't really matter.Felix: That is really cool. And then you've, I assume paired the skill just with the script that it's built.swyx: Yeah, no, I just update, update the skills.Felix: Oh, that is beautiful. Yeah. That's wonderful.swyx: It's kind of like a skill, like, uh, uh, basically I think like the way that people ease into Claude Cowork is like take a knowledge work task that you would normally be clicking around for and then, uh, try to turn, turn that, and then you do the, okay, well what if you went further?Okay. And then when, if you went further, when, if you, and it sort of expand the scope of cowork as you gain trust with it and, and also teach it how to replace you.Felix: Yeah. It's like a little bit like playing factorial, but for your own life. Uh, like you say, you start really small.swyx: Yeah.Felix: You start automating something really tiny and like.Once it clicks, you keep adding onto this like automation empire. Just like make your life easier and easier. My favorite skill has been, um, every single morning Kohlberg starts looking at my calendar and make sure that there's conflicts because people tend to schedule a lot of meetings, sometimes last minute, sometimes miss it soft and painful.And a lot of products have existed like that A lot. I've written in the custom prompt there. I haven't made it a skill, um, honestly should.swyx: Yeah.Felix: But I've given it like pretty clear instructions about okay, here are some people, if they book over other meetings, I'm probably gonna go to their meeting. Like if Dario schedules a meeting.swyx: Right.Felix: Not try to reschedule down. Right. Um, and I think there's some other rules in there about like what kind of meetings I care more about what kind of meetings I care less about. What is okay to like, maybe pun like when I want to be, when I want to be working, when I don't want to be working. And it's those really small things that I can think kind of click with people.Right. When we launch co-work, I think one of the US races that went most viral on Twitter. X was clean up your desktop, which is stuff, because silly, that's such a smart thing, right? Like you don't need to model to clean up your desktop. Not really. Um,swyx: like this, like clean up my desktop.Felix: Yeah, exactly. Yeah.swyx: I need to, I need to choose my desktop, right? I guess give it access to my desktop.Felix: Yeah.swyx: Okay. Uh, okay. This is very scary. Oh, we'll do it.Alessio: I did, I did it with my downloads folder. It was like, you have so many term sheets and there's like eight copies of your rental lease for your office. I was like, all right.Like, don't yell at me.Felix: It's like, it's not such a small task. And then like, I, I would never go out there and normally otherwise and tell people I've pulled a product. It can organize your folder. Right. Um, because it feels small. But I think to your point like,swyx: oh, here's, here's the, here's the ask user questions.Felix: Yeah.swyx: Uh,Felix: beautiful. Right. Elite obvious junk. You probably shouldn't click that.Alessio: No.Felix: If he's not done right.swyx: As long as it's reversible, I don'tAlessio: make up blend to,swyx: yeah. Uh, yeah. No, I, I have a, I have a typical, everything is super messy folder. So, yes. I think this, this is super helpful. So this is a pretty simple task.Mm-hmm. But I've, okay, here it is. Right. Here's the progress. I don't see this in, that's why I'm like, this gotta be something different than, uh, than Claude Code, because I'm like, weFelix: do. Yeah. That's, we do system prompt that. We're like, all right. We want you to think about like, this task Yeah. Methodology.Yeah.swyx: And then I can, I can, I can do like little suggestions for, for, for these things. It's beautiful. Look at this. I, I can, I can like say like, oh, don't do that. Don't do this. It's amazing.Felix: I'm so happy. You like it. Um, I mean, the other way around, like we're part of the Clark core team, if you would like this in Clark COVID.swyx: Yeah. Yeah. Yeah. Uh, so, so yeah, I mean, uh, this is really good. Obviously I, I'm like kind of raving about it. Uh, you know, I have other things like sign up for pg e so if you can do phone calls for me, that'd be great. Um, I, I do, peopleFelix: have done that. Obviously you can't do that natively, but people have done that with like, various other providers.swyx: Yeah. Uh, and then this is like signing up for the Figma MCP. Um, I, I really am trying to do like everything, um, data analysis as well. I do think, um, oh, design to code, uh, very, very good. Right? So like, here's a Figma file, take it. And then this is where like a lot of other tasks is like knowledge work, like replace my manual clicking, but this is no, I would normally use Claude Code or uh, Claude Code for this, but because I perceive that you have better Chrome integrationFelix: mm-hmm.swyx: I, I think you can actually do a better job of this. And I, this, this is one shot at my, uh, conference website.Felix: That's pretty cool. Like at some point I would love to like, hear how you feel about code. In the desktop apps, which is like I never use, which is the, the same team. Same team.swyx: So I use the call code in terminal, which I, I perceive to be the default way of cloud coding.Felix: So one thing this has,swyx: sorry, I'm just like, I'm notFelix: here, I'm not here. All products. Can I talk about other stuff? Like I, I'm not sure if people out there wanna like hear me advertise my stuff for like an hour. Please do that. Um, this thing is like a builtin browser, which is a thing a lot of products have said.Yeah, it's a builtin browser. And I think giving cloud eyes into like what you're actually working on makes it so much more effective. And that's probably what you've seen in cohort because it can see Chrome, it can like debug the dom, it can like see things. Um, that does make it more powerful.swyx: Yeah. So, so I think, uh, my mental model was kind broken.‘cause I only use this cowork because I thought it had a, a browser thing in it. But I understand that the Claude Code app. The app version of Claude Code does have a built-in browser. I've seen, I've seen this preview thing.Felix: Yeah.swyx: I just, I've never used it.Felix: But in the end, in the end, you sort of have it by hard.Yeah. You basically get the same thing. Right? Like the, the, the additional skill that you're describing is chart is better if we can see what it's working on. Right. That's, that's sort of like the summary here and like whether it's using your Chromeswyx: Yeah.Felix: Or it's just like making up its own little like browser.It doesn't really make a big difference because either way it's gonna see what it's working on and that just makes it much better. And then you don't have to run QA for your cloud.swyx: Why doesn't it pick up my existing Claude Code sessions? ‘cause I, I mean, obviously I've used Claude Code, but Excellent question.Um, don't have a good answer other than like, we're honest. Just haven't Yeah. This is what the Open AI team does. Okay. Uh, cool. I I I don't have other, like, I, I just, I, I do wanna expand people's minds and also maybe show people if they haven't really done it, but like, I, I think it's very interesting how I sometimes use this more than I use, I mean, I use dia, right?Yeah. Um, I, and I use, uh, I've used like all the other agentic browsers and philanthropic didn't have to build an agentic browser because you just had Claude Cowork and that's enough.Felix: Yeah. I also think like maybe integrating with number of excellent browsers out there, it's like currently on my personal priority list, a little higher than like trying to rebuild a browser from scratch.Yeah. You know, never say never, but I think going back to this idea of like, we wanna plug this into an entire existing workflow, I think our goal is actually to not replace any of the applications we have in your computer. But instead of like, work really well within a new workflow,Alessio: make the new one. Yeah.Are, it seems that nowadays, especially on the browser, most of the innovation is like user ergonomics. It's not really like the underlying browser engine. So I feel like to call it, it doesn't really matter if it's like the, uh, or Chrome or Alice, whatever.Felix: Yeah. We wanna, we wanna meet you wherever you are.Which is like, like obviously I would say that, but it's also just generally true because I don't wanna shrink my potential user base artificially by saying, okay, like, I'm gonna start building for the people who are willing to switch browsers.Alessio: Right.Felix: That's such a, like, you know, like many lawsuits have been filed over who gets to review the browser and like a lot of money has switched hands over the question of like, which browser is default and which search engine is default within the browser.Um, I just wanna build for, yeah, I wanna build for swyx essentially. Like, I wanna, I wanna, I wanna build for people who have a number of annoying tasks that they feel like. Maybe clock could do it. Could do it for them.Alessio: Yeah. What do you think about skills portability? I think there's been one thing, I use another thing called zo, which is kinda like a cloud computer plus agent.And I have a skill to add visitors to the office. Yeah. So whenever somebody has to come in after hours, they need to check in downstairs. Um, but I wanna like text the thing, so it doesn't really work in, in cowork, but now that skill is in the zone harness and it's not in my cowork thing. And then if I make a change, it's gotta, I gotta sync them.How do you see that going? Like I see memory as like. Cloud personal, kinda like, I don't necessarily want my memories to be cross thing.Felix: Yeah.Alessio: But I do want my skills to be cross agent that I use. I think with MTPs, people do the same thing. It's like, oh, Mt. P Gateway. Mt P registry. I don't really know if that's like a business.So I'm curious like if you've had any thoughts in the area.Felix: I think for me, this is sort of where I go back to the really basic primitives for our skills are file-based instead of like this complicated thing that exists inside a place somewhere that is like super proprietary. I'm really leaning into the idea of like, it's all just files and vultures, and that makes it very portable on its own.Right. We do have skills as part of this container format, which was just called plugins.Alessio: Mm-hmm.Felix: And plugins are available both for Claude Code and Claude Code work the same format, and you can install plugins. This works in cowork today. You can basically say, I'm gonna add a whole, like just a GitHub repo as a.Skills marketplace or like a plugin marketplace. And that's how we're doing portability. I think we have a lot of room left to grow in. How do we make it easy for people to know that they can write skills? How do we make it easy for them to just like, share a skill with you? Because obviously all the words I just said, right?Like I'm losing most of the knowledge worker base out there, right. And start by saying, oh, you can connect to GitHub repo. It's not exactly how most people will end up working in like a general knowledge worker space. Um, but I think there's something there. And another thing that's there that I think has not really been properly explored is the, the, the combination of which part of the skill is very portable and then which part of the skill is like very personal to you.Right. And I think that's something we haven't really solved as an industry. Hmm.swyx: It's like, which, how you wanna introduce more structure to the skill or have always have like. Public skill, private skill, you know, pair. Yeah, yeah. Kind of. I think there'sFelix: like a, like the easiest way to do this, which is we do like use string interpolation or something.Right, right. Yeah, yeah. Insert username here, insert like phone number, insert, like known folder, locations, that kind of stuff. Um, that's probably clunky. That's why we haven't built it. Um, but I do think someone is going to come up with like an interesting way to keep everything we like about skills. The portability is just a file, it's just marked down.It's just text, honestly. Right. Like a text file words. The complete lack of structure, which means you don't need any kind of tutorial to write a skill. Just like explain it to Claude the way he would explain it to me and Claude will probably get it before I work. Mm-hmm. Right? You're just like, for booking a flight, tell Claude how to book a flight the same way we tell him somewhere.I just started working here today. But combine that with a very like, personal thing. Um, maybe we'll stick with a booking a flight example. I don't actually think. AI should be booking flights. I think the tools we have is yes.swyx: Yeah. Finally, somebody says it. It's the default demo that everyone's making.Felix: I'mswyx: like, I even against like booking demos, it is not a good showcase.Felix: Yeah. I'm like, I just wanna book my flight myself. But, um, I think there's a lot of things that have a personal and a non-personal component and that's maybe why people reach for flight booking because some things are very universal. Yeah. Super flight is usually better, right? Like few people try to book the most expensive flight.And then some things are quite personal about like what times you prefer, which seat you prefer, which airports you prefer. Combining that and like a skill format that is actually portable, compatible, easy to understand for people. I think that would be very exciting. We just haven't figured it out yet.Alessio: Yeah, I think the text part every, I think everybody by now has some sort of like cloud file thing. Either Dropbox, Google Drive, whatever. So it feels like in a way it should basically like sim link. My skills into all my agent harnesses. Yeah. Just keep those ing like we have internally this like valuable tokens repo, which is like all the commands sub agents.It's good. Uh, and then I build like a TUI where you can start it and be like, you know, install this command and this three sub agents into this agent in this folder and just copy paste this. It doesn't do anything. It literally cp the file into that. But I feel like there should be something similar where like whenever I go into a new thing, it's like, hey, here's like the link to exactly the cloud folder and just bring down these skills into this.Yeah. Like today it doesn't quite work like that. Like if I install a new agent, I cannot, I have to like copy paste all the skills and I don't even know where they are.Felix: Yeah.Alessio: That's like the big problem. It's like where do I find them?Felix: Yeah.Alessio: Um, so I'm curious like in the future like that, that almost feels like my personal productivity thing will be my skills.Felix: Yeah.Alessio: Is not really the product that I use. Everybody has access to the same product. But today there's, that just looks like copy pasting ME files, IFelix: think so many things I, I really like thinking about agents and LLMs just as like another coworker. So many attempts have made to build documentation companies that are like, oh, we're gonna solve oil documentation problems.Um, I myself, like spend a little bit of time working in notion, right? I'm like deeply familiar with the concept of let's get everyone on the same page. Mm-hmm. Right? And what you're basically saying here is you want all your agents to be on the same page about your preferences, about the skills, about the way they ought to work and like how they ought to execute.And I'm not sure what the right thing is going to be if it's going to be some, some company that can say, all right, we're as an independent body, we're not trying to like, push into any particular product. It's our job to be like the skill authority, and we provide, I don't know, we're gonna be the Dropbox of skills and we can just sim link us into all the products we want to use.I'm not sure that's gonna be viable business, but as, as an idea, it would be cool.Alessio: Yeah. Yeah. I think so many things are just going away as businesses. It's like, how am I supposed to do it? I'm not even asking somebody to make a product about it. Like yeah. I wanna personally know. And there's things like you said, it's like you almost wanna skill and then interpolate it between personal and work.So if I'm booking a fly for work, it's different than I'm booking a flight personally.Felix: Yeah.Alessio: In some ways, yeah. But like a lot of the scaffolding is the same, you know? Cool.Felix: I mean, as an engineer I will tell you like, you know, technic a person to technic a person. I will just be like siblings.Alessio: Well that's what, that's what I do.We call that MD and agents that MD's just the same how sim length. And so it is like, that works, but it feels like, yeah, I don't know. MaybeFelix: you can always go one, you can always tell cowork problem and then cowork will solve it for you. Just make the siblings. That's like one way to do it.Alessio: That's true.That's true. All right. Everything is called cowork.Felix: Uh, potentially spicy. Question for both of you.swyx: Uh, which of these industries will go away?Alessio: Okay, so what Felix was saying before is interesting. There's busy like. The short term pressure of like, we need to turn these tokens into valuable things, which is I should build the last mile product that harness the model.And then there's the question of like, long term, which ones are gonna still be valuable? And I think you're kind of seeing this today with like, uh, you know, the coding space in a way is kind of like everybody's moving up and up in stack because you need more than just turning tokens into code. I think search, like enterprise search is kind of saying the same thing.Like with G Clean and like all these different companies is like, at the end of the day, if Cowork is the one doing all the work, the search itself is like such a small part that like, I don't know if I'm really gonna pay that much money just to do search. It's almost like everything is like a cowork vertical.So like how much can cowork first party support?swyx: Mm-hmm.Alessio: And how much can it not? I think for a lot of these things, the planning thing that you were showing do Which one? The planning. The planning.swyx: Okay. Yeah. Yeah.Alessio: That's one thing where like most of the value that these agents provide is like they're better at planning for specific tasks.Yeah. And have better tools for it.swyx: Yeah.Alessio: But I think the models are now moving in that direction and they have the right harnesses and they're on your computer. So for me it's almost like if for the end customer trusts your startup to be the provider of that task result, then I think that works. This is, uh, something that, this is a shortswyx: spike that we're, we're working on.Uh, yeah.Felix: I think, look, I'll, I'll, I'll tell you this, like I don't think I'm the best person to like actually estimate which industry is going to be hit the hardest. But I do think that at philanthropic as a group of people, we're deeply worried about the impact. That the tools are going to have on the labor market, especially for like junior employees that, because I think, I think it's only honest to say that when we talk about automating a lot away, a lot of the work that we personally find annoying that we maybe think's not the best use of our time.In a lot of industries, that kind of work would've been given to a junior entry level employee. Yeah. Right. And I think it's, it's only, it's only right to be really worried about that and like worry what that's going to do in particular to people like enter the shop market.Alessio: Mm-hmm. I have a solution for that.Which you make them, you create simulative jobs for them.Felix: Okay.Alessio: So this is, this is like half joke, half true. So if you think about software engineering, when you're like a junior engineer, you work like 1, 2, 3 years. And in those three years there's like maybe like a handful of moments where like you really learn something.And then a bunch of other days where like you're not really progressing.Felix: Yeah.Alessio: I think now we can use AI and these models to actually like shortcut these careers and almost like simulate the early years of your work and like just make them like super dense and like these learnings, it's like, hey, we're working on this feature, which is like a distributed system and you need to learn this thing that might take three months at a company.And so you take three months here, it's like we're just simulating the whole thing. It's actually not a real thing. And in one week we kind of speed run through the whole thing and you kind of learn your lesson from there. And we kind of repeat that in like one year. You basically get like three years worth of like projects and experience.Yeah. I think it's harder for like things like sales or for things like, you know, marketing because you don't really have a way to get the feedback loop. But I think a lot of it, it sounds kind of silly, it's like you're making the new effect job, but it's almost like you go to college, right? People pay to learn how to do it, and this might feel similar where it's like, hey, we have the.Jane Street Simulator is like, you wanna come work at Jane Street? We'll just put you in the simulator for like three months.Felix: Wow.Alessio: And you'll come out of it. It's like, you know, I'm ready.Felix: So there, there is an aspect here. I'm not an expert enough to like actually know what, what is going to happen to marketing or legal or finance, right?Like, I don't work in those jobs and I, I don't think I should talk about them, but I am an engineer and I think I have a pretty good idea of what engineering is like. And I think one thing we're sort of seeing is that as a company and also as, as the public, we're like deeply worried about entry level, but we're also seeing more senior engineers accelerate it.If like they're more productive. They, they actually increase the value they provide. And the thing that I'm thinking about a lot is the fact that even before all of this happened, um, I've always had a lot of respect for the University of Waterloo and the, the new grads that have joined my teams as from coming from the University of Waterloo always felt like.More ready than new grads will like literally spend their entire time at the university regardless of how good, but never actually had to work inside an environment where you have to ship things that eventually will be used by users. And I'm, I'm, I'm German. I like initially went to German University and I think the, the, the like information systems programs, there tend to be very theoretical, right?Like I often give people the example of like trying

AI Agent Hacks McKinsey Chatbot in 2 Hours, NPM Phantom Raven, Router Malware & Trojaned AI Models This episode covers how researchers at CodeWall used an autonomous AI security agent to gain read/write access to McKinsey's internal chatbot Lilli database in about two hours by chaining exposed APIs and an SQL injection, potentially exposing 46.5 million chats, 728,000 files, 57,000 accounts, and 95 system prompts, with McKinsey saying the issues were fixed and no unauthorized access was found. It also reports on the Phantom Raven supply-chain campaign that published 88 malicious NPM packages using a runtime-downloaded payload to steal developer system data like SSH keys and host details. A study warns that 83% of 800 million compromised passwords still meet complexity rules, highlighting credential-stuffing risk and the need for breach checks and MFA. The show notes 14,000+ routers infected with persistent malware often requiring factory resets plus hardening, and discusses Trojan backdoors embedded in AI models that trigger misbehavior under specific inputs, calling for new AI security testing and validation. Cybersecurity Today  would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Sponsor Meter Intro 00:20 Headlines And Welcome 00:55 AI Agent Hacks McKinsey Bot 03:44 Phantom Raven NPM Malware 05:55 Strong Passwords Still Leaked 07:55 Router Malware That Persists 09:36 Trojan Backdoors In AI Models 12:01 Call For AI Backdoor Research 12:30 Sponsor Meter Outro 13:13 Sign Off

Max and Q cover the latest happenings in the world of Bitcoin, privacy and much more. AOBPrimeNew letter from KeonneQ vibing hardNEWSGrapheneOS announces Motorola partnershipTrump's "American Cyber Strategy" Puts Crypto on National Security MapSon of U.S. government contractor, accused of stealing millions in seized crypto, arrested in FranceTreasury tells congress mixers have valid privacy usesStrike now available in New YorkSolo Satoshi - Bitaxe TouchBitwise to donate $233,000 to open source Bitcoin devsUPDATES/RELEASESTailrelayA Docker container that exposes local services to your Tailscale network. Combines Tailscale VPN, Caddy reverse proxy, socat TCP relays, and a Web UI for browser-based management.https://github.com/sudocarlos/tailrelayStealth AnnouncedA privacy audit tool for Bitcoin wallets. Stealth analyzes the transaction history of a wallet descriptor and surfaces privacy findings from real on-chain heuristics.https://github.com/LORDBABUINO/stealth/tree/mainCake Wallet v6.0.0 / v6.0.1 — 27 Feb / 6 Mar 2026Major release: complete UI redesign plus self-custodial Bitcoin Lightning integration via Breez SDK and Spark protocol. Privacy-first defaults — Lightning invoices don't embed Spark addresses, transaction data not published to public explorers by default. Custom @cake.cash Lightning addresses. Enhanced Monero syncing.https://github.com/cake-tech/cake_wallet/releasesZeus v0.12.4 / v0.12.5 — 2 March 2026Bug fix releases addressing Android SQLite database issues for new wallets (sync past block 123,000), iOS safe area fixes, and crash prevention when returning from LSPS1 view.https://github.com/ZeusLN/zeus/releasesBlueWallet v7.2.6 — 23 February 2026Added BBQR support for Coldcard, simpler settings UI, and dates on transaction list.https://github.com/BlueWallet/BlueWallet/releasesFrostsnap v0.2.1 — 23 February 2026QR camera scanning now works on all platforms (Linux, macOS desktop). Fixed Electrum connectivity on IPv6 networks using "Happy Eyeballs" algorithm. Device erasure black screen fix and macOS app signing improvements.https://github.com/frostsnap/frostsnap/releasesPhoenix v2.7.5 — 25 Feb (Android) / 26 Feb (iOS) 2026Maintenance release for both platforms. Release notes were sparse — Q may want to check changelog manually.https://github.com/ACINQ/phoenix/releasesLNBits v1.5.0 — 4 March 2026Stable release (up from v1.4.2). Full changelog not detailed in release notes — worth checking manually if covering.https://github.com/lnbits/lnbits/releasesPeach Bitcoin v0.69.0 — 23 Feb / 3 Mar 2026New accounts now generate PGP keypairs from seed phrases, payment details encrypted and backed up to servers. Added M-Pesa payment method. Transaction IDs now copyable. Fixed Android wallet emptying bug.https://github.com/Peach2Peach/peach-app/releasesBitkey App Release 2026.2.0 — 23 February 2026Block/Square's hardware wallet app update. Detailed release notes not available from feed.https://github.com/proto-at-block/bitkey/releasesMempool v3.3.0-beta — 21 February 2026Beta release of v3.3.0. Details sparse.https://github.com/mempool/mempool/releasesStart9 StartOS v0.4.0-alpha.20 — 6 March 2026Alpha release with error info propagation, AI agent docs, preferred external ports beyond 443, SSH config fixes, WiFi deprecation handling.https://github.com/Start9Labs/start-os/releasesBlitz Wallet 4.0Payment poolshttps://x.com/BlitzWalletApp/status/2028867592065105932?s=20EDUCATIONLightning is dead, long live Lightning - Roy from BreezHater to builder - Seth from CakeHELP GET SAMOURAI A PARDONSIGN THE PETITION ----> https://www.change.org/p/stand-up-for-freedom-pardon-the-innocent-coders-jailed-for-building-privacy-tools DONATE TO THE FAMILIES ----> https://www.givesendgo.com/billandkeonneSUPPORT ON SOCIAL MEDIA ---> https://billandkeonne.org/VALUE FOR VALUEThanks for listening you Ungovernable Misfits, we appreciate your continued support and hope you enjoy the shows.You can support this episode using your time, talent or treasure.TIME:- create fountain clips for the show- create a meetup- help boost the signal on social mediaTALENT:- create ungovernable misfit inspired art, animation or music- design or implement some software that can make the podcast better- use whatever talents you have to make a contribution to the show!TREASURE:- BOOST IT OR STREAM SATS on the Podcasting 2.0 apps @ https://podcastapps.com- DONATE via Monero @ https://xmrchat.com/ugmf- BUY SOME STICKERS @ https://www.ungovernablemisfits.com/shop/FOUNDATIONhttps://foundation.xyz/ungovernableFoundation builds Bitcoin-centric tools that empower you to reclaim your digital sovereignty.As a sovereign computing company, Foundation is the antithesis of today's tech conglomerates. Returning to cypherpunk principles, they build open source technology that “can't be evil”.Thank you Foundation Devices for sponsoring the show!Use code: Ungovernable for $10 off of your purchaseCAKE WALLEThttps://cakewallet.comCake Wallet is an open-source, non-custodial wallet available on Android, iOS, macOS, and Linux.Features:- Built-in Exchange: Swap easily between Bitcoin and Monero.- User-Friendly: Simple interface for all users.Monero Users:- Batch Transactions: Send multiple payments at once.- Faster Syncing: Optimized syncing via specified restore heights- Proxy Support: Enhance privacy with proxy node options.Bitcoin Users:- Coin Control: Manage your transactions effectively.- Silent Payments: Static bitcoin addresses- Batch Transactions: Streamline your payment process.Thank you Cake Wallet for sponsoring the show!MYNYMBOXhttps://mynymbox.ioYour go-to for anonymous server hosting solutions, featuring: virtual private & dedicated servers, domain registration and DNS parking. We don't require any of your personal information, and you can purchase using Bitcoin, Lightning, Monero and many other cryptos.Explore benefits such as No KYC, complete privacy & security, and human support.(00:00) INTRO(00:57) THANK YOU FOUNDATION(01:38) THANK YOU CAKE WALLET(02:43) Vibe Cornin'(17:42) PRIME TIME(19:58) Notes From The Inside: The Skinwalker(23:43) Motorola Graphene(26:44) The Cyber Strategy(29:30) John "Lick" Daghita Arrested for Crypto Crimes(31:39) US Treasury Acknowledges Cryptocurrency 'Mixers'(33:50) Strike Obtains a Bit License (34:43) Bitaxe Touch Released(36:40) Bitwise to Donate $233,000 to BTC Open Source(37:32) BOOSTS(43:41) Tail Relay (45:02) Stealth Announced(47:39) The Big Cake 6.0.1 Release(48:41) The Rest of the Software Updates(52:14) Blixt Payment Pools(54:48) THANK YOU MYNYMBOX

What if your computer didn't need a screen in front of you to get work done? That's the shift Ben Guo, co-founder of Zo, is building toward, and this conversation gets into the specifics of what that actually looks like day to day.In this episode of Supra Insider, Marc Baselga and Ben Erez sit down with Ben Guo to explore Zo: a personal cloud computer with built-in AI agents, file storage, scheduled tasks, and the ability to receive commands over text or email. Together, they unpack how Zo differs from the OpenClaw movement and why Ben thinks the personal cloud becomes a device category everyone eventually owns.The conversation goes deep on how the Zo team actually builds software: writing AI-generated markdown plans before touching any code, reviewing those plans as GitHub PRs, and largely abandoning the traditional to-do backlog in favor of just prompting something and letting it run. They also get into the real overhead that comes with this new way of working, including context management, delegation judgment, and figuring out what belongs where.All episodes of the podcast are also available on Spotify, Apple and YouTube.New to the pod? Subscribe below to get the next episode in your inbox

Join Kyle, Nader, Vibhu, and swyx live at NVIDIA GTC next week!Now that AIE Europe tix are ~sold out, our attention turns to Miami and World's Fair!The definitive AI Accelerator chip company has more than 10xed this AI Summer:And is now a $4.4 trillion megacorp… that is somehow still moving like a startup. We are blessed to have a unique relationship with our first ever NVIDIA guests: Kyle Kranen who gave a great inference keynote at the first World's Fair and is one of the leading architects of NVIDIA Dynamo (a Datacenter scale inference framework supporting SGLang, TRT-LLM, vLLM), and Nader Khalil, a friend of swyx from our days in Celo in The Arena, who has been drawing developers at GTC since before they were even a glimmer in the eye of NVIDIA:Nader discusses how NVIDIA Brev has drastically reduced the barriers to entry for developers to get a top of the line GPU up and running, and Kyle explains NVIDIA Dynamo as a data center scale inference engine that optimizes serving by scaling out, leveraging techniques like prefill/decode disaggregation, scheduling, and Kubernetes-based orchestration, framed around cost, latency, and quality tradeoffs. We also dive into Jensen's “SOL” (Speed of Light) first-principles urgency concept, long-context limits and model/hardware co-design, internal model APIs (https://build.nvidia.com), and upcoming Dynamo and agent sessions at GTC.Full Video pod on YouTubeTimestamps00:00 Agent Security Basics00:39 Podcast Welcome and Guests07:19 Acquisition and DevEx Shift13:48 SOL Culture and Dynamo Setup27:38 Why Scale Out Wins29:02 Scale Up Limits Explained30:24 From Laptop to Multi Node33:07 Cost Quality Latency Tradeoffs38:42 Disaggregation Prefill vs Decode41:05 Kubernetes Scaling with Grove43:20 Context Length and Co Design57:34 Security Meets Agents58:01 Agent Permissions Model59:10 Build Nvidia Inference Gateway01:01:52 Hackathons And Autonomy Dreams01:10:26 Local GPUs And Scaling Inference01:15:31 Long Running Agents And SF ReflectionsTranscriptAgent Security BasicsNader: Agents can do three things. They can access your files, they can access the internet, and then now they can write custom code and execute it. You literally only let an agent do two of those three things. If you can access your files and you can write custom code, you don't want internet access because that's one to see full vulnerability, right?If you have access to internet and your file system, you should know the full scope of what that agent's capable of doing. Otherwise, now we can get injected or something that can happen. And so that's a lot of what we've been thinking about is like, you know, how do we both enable this because it's clearly the future.But then also, you know, what, what are these enforcement points that we can start to like protect?swyx: All right.Podcast Welcome and Guestsswyx: Welcome to the Lean Space podcast in the Chromo studio. Welcome to all the guests here. Uh, we are back with our guest host Viu. Welcome. Good to have you back. And our friends, uh, Netter and Kyle from Nvidia. Welcome.Kyle: Yeah, thanks for having us.swyx: Yeah, thank you. Actually, I don't even know your titles.Uh, I know you're like architect something of Dynamo.Kyle: Yeah. I, I'm one of the engineering leaders [00:01:00] and a architects of Dynamo.swyx: And you're director of something and developers, developer tech.Nader: Yeah.swyx: You're the developers, developers, developers guy at nvidia,Nader: open source agent marketing, brev,swyx: and likeNader: Devrel tools and stuff.swyx: Yeah. BeenNader: the focus.swyx: And we're, we're kind of recording this ahead of Nvidia, GTC, which is coming to town, uh, again, uh, or taking over town, uh, which, uh, which we'll all be at. Um, and we'll talk a little bit about your sessions and stuff. Yeah.Nader: We're super excited for it.GTC Booth Stunt Storiesswyx: One of my favorite memories for Nader, like you always do like marketing stunts and like while you were at Rev, you like had this surfboard that you like, went down to GTC with and like, NA Nvidia apparently, like did so much that they bought you.Like what, what was that like? What was that?Nader: Yeah. Yeah, we, we, um. Our logo was a chaka. We, we, uh, we were always just kind of like trying to keep true to who we were. I think, you know, some stuff, startups, you're like trying to pretend that you're a bigger, more mature company than you are. And it was actually Evan Conrad from SF Compute who was just like, you guys are like previousswyx: guest.Yeah.Nader: Amazing. Oh, really? Amazing. Yeah. He was just like, guys, you're two dudes in the room. Why are you [00:02:00] pretending that you're not? Uh, and so then we were like, okay, let's make the logo a shaka. We brought surfboards to our booth to GTC and the energy was great. Yeah. Some palm trees too. They,Kyle: they actually poked out over like the, the walls so you could, you could see the bread booth.Oh, that's so funny. AndNader: no one else,Kyle: just from very far away.Nader: Oh, so you remember it backKyle: then? Yeah I remember it pre-acquisition. I was like, oh, those guys look cool,Nader: dude. That makes sense. ‘cause uh, we, so we signed up really last minute, and so we had the last booth. It was all the way in the corner. And so I was, I was worried that no one was gonna come.So that's why we had like the palm trees. We really came in with the surfboards. We even had one of our investors bring her dog and then she was just like walking the dog around to try to like, bring energy towards our booth. Yeah.swyx: Steph.Kyle: Yeah. Yeah, she's the best,swyx: you know, as a conference organizer, I love that.Right? Like, it's like everyone who sponsors a conference comes, does their booth. They're like, we are changing the future of ai or something, some generic b******t and like, no, like actually try to stand out, make it fun, right? And people still remember it after three years.Nader: Yeah. Yeah. You know what's so funny?I'll, I'll send, I'll give you this clip if you wanna, if you wanna add it [00:03:00] in, but, uh, my wife was at the time fiance, she was in medical school and she came to help us. ‘cause it was like a big moment for us. And so we, we bought this cricket, it's like a vinyl, like a vinyl, uh, printer. ‘cause like, how else are we gonna label the surfboard?So, we got a surfboard, luckily was able to purchase that on the company card. We got a cricket and it was just like fine tuning for enterprises or something like that, that we put on the. On the surfboard and it's 1:00 AM the day before we go to GTC. She's helping me put these like vinyl stickers on.And she goes, you son of, she's like, if you pull this off, you son of a b***h. And so, uh, right. Pretty much after the acquisition, I stitched that with the mag music acquisition. I sent it to our family group chat. Ohswyx: Yeah. No, well, she, she made a good choice there. Was that like basically the origin story for Launchable is that we, it was, and maybe we should explain what Brev is andNader: Yeah.Yeah. Uh, I mean, brev is just, it's a developer tool that makes it really easy to get a GPU. So we connect a bunch of different GPU sources. So the basics of it is like, how quickly can we SSH you into a G, into a GPU and whenever we would talk to users, they wanted A GPU. They wanted an A 100. And if you go to like any cloud [00:04:00] provisioning page, usually it's like three pages of forms or in the forms somewhere there's a dropdown.And in the dropdown there's some weird code that you know to translate to an A 100. And I remember just thinking like. Every time someone says they want an A 100, like the piece of text that they're telling me that they want is like, stuffed away in the corner. Yeah. And so we were like, what if the biggest piece of text was what the user's asking for?And so when you go to Brev, it's just big GPU chips with the type that you want withswyx: beautiful animations that you worked on pre, like pre you can, like, now you can just prompt it. But back in the day. Yeah. Yeah. Those were handcraft, handcrafted artisanal code.Nader: Yeah. I was actually really proud of that because, uh, it was an, i I made it in Figma.Yeah. And then I found, I was like really struggling to figure out how to turn it from like Figma to react. So what it actually is, is just an SVG and I, I have all the styles and so when you change the chip, whether it's like active or not it changes the SVG code and that somehow like renders like, looks like it's animating, but it, we just had the transition slow, but it's just like the, a JavaScript function to change the like underlying SVG.Yeah. And that was how I ended up like figuring out how to move it from from Figma. But yeah, that's Art Artisan. [00:05:00]Kyle: Speaking of marketing stunts though, he actually used those SVGs. Or kind of use those SVGs to make these cards.Nader: Oh yeah. LikeKyle: a GPU gift card Yes. That he handed out everywhere. That was actually my first impression of thatNader: one.Yeah,swyx: yeah, yeah.Nader: Yeah.swyx: I think I still have one of them.Nader: They look great.Kyle: Yeah.Nader: I have a ton of them still actually in our garage, which just, they don't have labels. We should honestly like bring, bring them back. But, um, I found this old printing press here, actually just around the corner on Ven ness. And it's a third generation San Francisco shop.And so I come in an excited startup founder trying to like, and they just have this crazy old machinery and I'm in awe. ‘cause the the whole building is so physical. Like you're seeing these machines, they have like pedals to like move these saws and whatever. I don't know what this machinery is, but I saw all three generations.Like there's like the grandpa, the father and the son, and the son was like, around my age. Well,swyx: it's like a holy, holy trinity.Nader: It's funny because we, so I just took the same SVG and we just like printed it and it's foil printing, so they make a a, a mold. That's like an inverse of like the A 100 and then they put the foil on it [00:06:00] and then they press it into the paper.And I remember once we got them, he was like, Hey, don't forget about us. You know, I guess like early Apple and Cisco's first business cards were all made there. And so he was like, yeah, we, we get like the startup businesses but then as they mature, they kind of go somewhere else. And so I actually, I think we were talking with marketing about like using them for some, we should go back and make some cards.swyx: Yeah, yeah, yeah. You know, I remember, you know, as a very, very small breadth investor, I was like, why are we spending time like, doing these like stunts for GPUs? Like, you know, I think like as a, you know, typical like cloud hard hardware person, you go into an AWS you pick like T five X xl, whatever, and it's just like from a list and you look at the specs like, why animate this GP?And, and I, I do think like it just shows the level of care that goes throughout birth and Yeah. And now, and also the, and,Nader: and Nvidia. I think that's what the, the thing that struck me most when we first came in was like the amount of passion that everyone has. Like, I think, um, you know, you talk to, you talk to Kyle, you talk to, like, every VP that I've met at Nvidia goes so close to the metal.Like, I remember it was almost a year ago, and like my VP asked me, he's like, Hey, [00:07:00] what's cursor? And like, are you using it? And if so, why? Surprised at this, and he downloaded Cursor and he was asking me to help him like, use it. And I thought that was, uh, or like, just show him what he, you know, why we were using it.And so, the amount of care that I think everyone has and the passion, appreciate, passion and appreciation for the moment. Right. This is a very unique time. So it's really cool to see everyone really like, uh, appreciate that.swyx: Yeah.Acquisition and DevEx Shiftswyx: One thing I wanted to do before we move over to sort of like research topics and, uh, the, the stuff that Kyle's working on is just tell the story of the acquisition, right?Like, not many people have been, been through an acquisition with Nvidia. What's it like? Uh, what, yeah, just anything you'd like to say.Nader: It's a crazy experience. I think, uh, you know, we were the thing that was the most exciting for us was. Our goal was just to make it easier for developers.We wanted to find access to GPUs, make it easier to do that. And then all, oh, actually your question about launchable. So launchable was just make one click exper, like one click deploys for any software on top of the GPU. Mm-hmm. And so what we really liked about Nvidia was that it felt like we just got a lot more resources to do all of that.I think, uh, you [00:08:00] know, NVIDIA's goal is to make things as easy for developers as possible. So there was a really nice like synergy there. I think that, you know, when it comes to like an acquisition, I think the amount that the soul of the products align, I think is gonna be. Is going speak to the success of the acquisition.Yeah. And so it in many ways feels like we're home. This is a really great outcome for us. Like we you know, I love brev.nvidia.com. Like you should, you should use it's, it's theKyle: front page for GPUs.Nader: Yeah. Yeah. If you want GP views,Kyle: you go there, getswyx: it there, and it's like internally is growing very quickly.I, I don't remember You said some stats there.Nader: Yeah, yeah, yeah. It's, uh, I, I wish I had the exact numbers, but like internally, externally, it's been growing really quickly. We've been working with a bunch of partners with a bunch of different customers and ISVs, if you have a solution that you want someone that runs on the GPU and you want people to use it quickly, we can bundle it up, uh, in a launchable and make it a one click run.If you're doing things and you want just like a sandbox or something to run on, right. Like open claw. Huge moment. Super exciting. Our, uh, and we'll talk into it more, but. You know, internally, people wanna run this, and you, we know we have to be really careful from the security implications. Do we let this run on the corporate network?Security's guidance was, Hey, [00:09:00] run this on breath, it's in, you know, it's, it's, it's a vm, it's sitting in the cloud, it's off the corporate network. It's isolated. And so that's been our stance internally and externally about how to even run something like open call while we figure out how to run these things securely.But yeah,swyx: I think there's also like, you almost like we're the right team at the right time when Nvidia is starting to invest a lot more in developer experience or whatever you call it. Yeah. Uh, UX or I don't know what you call it, like software. Like obviously NVIDIA is always invested in software, but like, there's like, this is like a different audience.Yeah. It's aNader: widerKyle: developer base.swyx: Yeah. Right.Nader: Yeah. Yeah. You know, it's funny, it's like, it's not, uh,swyx: so like, what, what is it called internally? What, what is this that people should be aware that is going on there?Nader: Uh, what, like developer experienceswyx: or, yeah, yeah. Is it's called just developer experience or is there like a broader strategy hereNader: in Nvidia?Um, Nvidia always wants to make a good developer experience. The thing is and a lot of the technology is just really complicated. Like, it's not, it's uh, you know, I think, um. The thing that's been really growing or the AI's growing is having a huge moment, not [00:10:00] because like, let's say data scientists in 2018, were quiet then and are much louder now.The pie is com, right? There's a whole bunch of new audiences. My mom's wondering what she's doing. My sister's learned, like taught herself how to code. Like the, um, you know, I, I actually think just generally AI's a big equalizer and you're seeing a more like technologically literate society, I guess.Like everyone's, everyone's learning how to code. Uh, there isn't really an excuse for that. And so building a good UX means that you really understand who your end user is. And when your end user becomes such a wide, uh, variety of people, then you have to almost like reinvent the practice, right? Yeah. You haveKyle: to, and actually build more developer ux, right?Because the, there are tiers of developer base that were added. You know, the, the hackers that are building on top of open claw, right? For example, have never used gpu. They don't know what kuda is. They, they, they just want to run something.Nader: Yeah.Kyle: You need new UX that is not just. Hey, you know, how do you program something in Cuda and run it?And then, and then we built, you know, like when Deep Learning was getting big, we built, we built Torch and, and, but so recently the amount of like [00:11:00] layers that are added to that developer stack has just exploded because AI has become ubiquitous. Everyone's using it in different ways. Yeah. It'sNader: moving fast in every direction.Vertical, horizontal.Vibhu: Yeah. You guys, you even take it down to hardware, like the DGX Spark, you know, it's, it's basically the same system as just throwing it up on big GPU cluster.Nader: Yeah, yeah, yeah. It's amazing. Blackwell.swyx: Yeah. Uh, we saw the preview at the last year's GTC and that was one of the better performing, uh, videos so far, and video coverage so far.Awesome. This will beat it. Um,Nader: that wasswyx: actually, we have fingersNader: crossed. Yeah.DGX Spark and Remote AccessNader: Even when Grace Blackwell or when, um, uh, DGX Spark was first coming out getting to be involved in that from the beginning of the developer experience. And it just comes back to what youswyx: were involved.Nader: Yeah. St. St.swyx: Mars.Nader: Yeah. Yeah. I mean from, it was just like, I, I got an email, we just got thrown into the loop and suddenly yeah, I, it was actually really funny ‘cause I'm still pretty fresh from the acquisition and I'm, I'm getting an email from a bunch of the engineering VPs about like, the new hardware, GPU chip, like we're, or not chip, but just GPU system that we're putting out.And I'm like, okay, cool. Matters. Now involved with this for the ux, I'm like. What am I gonna do [00:12:00] here? So, I remember the first meeting, I was just like kind of quiet as I was hearing engineering VPs talk about what this box could be, what it could do, how we should use it. And I remember, uh, one of the first ideas that people were idea was like, oh, the first thing that it was like, I think a quote was like, the first thing someone's gonna wanna do with this is get two of them and run a Kubernetes cluster on top of them.And I was like, oh, I think I know why I'm here. I was like, the first thing we're doing is easy. SSH into the machine. And then, and you know, just kind of like scoping it down of like, once you can do that every, you, like the person who wants to run a Kubernetes cluster onto Sparks has a higher propensity for pain, then, then you know someone who buys it and wants to run open Claw right now, right?If you can make sure that that's as effortless as possible, then the rest becomes easy. So there's a tool called Nvidia Sync. It just makes the SSH connection really simple. So, you know, if you think about it like. If you have a Mac, uh, or a PC or whatever, if you have a laptop and you buy this GPU and you want to use it, you should be able to use it like it's A-A-G-P-U in the cloud, right?Um, but there's all this friction of like, how do you actually get into that? That's part of [00:13:00] Revs value proposition is just, you know, there's a CLI that wraps SSH and makes it simple. And so our goal is just get you into that machine really easily. And one thing we just launched at CES, it's in, it's still in like early access.We're ironing out some kinks, but it should be ready by GTC. You can register your spark on Brev. And so now if youswyx: like remote managed yeah, local hardware. Single pane of glass. Yeah. Yeah. Because Brev can already manage other clouds anyway, right?Vibhu: Yeah, yeah. And you use the spark on Brev as well, right?Nader: Yeah. But yeah, exactly. So, so you, you, so you, you set it up at home you can run the command on it, and then it gets it's essentially it'll appear in your Brev account, and then you can take your laptop to a Starbucks or to a cafe, and you'll continue to use your, you can continue use your spark just like any other cloud node on Brev.Yeah. Yeah. And it's just like a pre-provisioned centerswyx: in yourNader: home. Yeah, exactly.swyx: Yeah. Yeah.Vibhu: Tiny little data center.Nader: Tiny little, the size ofVibhu: your phone.SOL Culture and Dynamo Setupswyx: One more thing before we move on to Kyle. Just have so many Jensen stories and I just love, love mining Jensen stories. Uh, my favorite so far is SOL. Uh, what is, yeah, what is S-O-L-S-O-LNader: is actually, i, I think [00:14:00] of all the lessons I've learned, that one's definitely my favorite.Kyle: It'll always stick with you.Nader: Yeah. Yeah. I, you know, in your startup, everything's existential, right? Like we've, we've run out of money. We were like, on the risk of, of losing payroll, we've had to contract our team because we l ran outta money. And so like, um, because of that you're really always forcing yourself to I to like understand the root cause of everything.If you get a date, if you get a timeline, you know exactly why that date or timeline is there. You're, you're pushing every boundary and like, you're not just say, you're not just accepting like a, a no. Just because. And so as you start to introduce more layers, as you start to become a much larger organization, SOL is is essentially like what is the physics, right?The speed of light moves at a certain speed. So if flight's moving some slower, then you know something's in the way. So before trying to like layer reality back in of like, why can't this be delivered at some date? Let's just understand the physics. What is the theoretical limit to like, uh, how fast this can go?And then start to tell me why. ‘cause otherwise people will start telling you why something can't be done. But actually I think any great leader's goal is just to create urgency. Yeah. [00:15:00] There's an infiniteKyle: create compelling events, right?Nader: Yeah.Kyle: Yeah. So l is a term video is used to instigate a compelling event.You say this is done. How do we get there? What is the minimum? As much as necessary, as little as possible thing that it takes for us to get exactly here and. It helps you just break through a bunch of noise.swyx: Yeah.Kyle: Instantly.swyx: One thing I'm unclear about is, can only Jensen use the SOL card? Like, oh, no, no, no.Not everyone get the b******t out because obviously it's Jensen, but like, can someone else be like, no, likeKyle: frontline engineers use it.Nader: Yeah. Every, I think it's not so much about like, get the b******t out. It's like, it's like, give me the root understanding, right? Like, if you tell me something takes three weeks, it like, well, what's the first principles?Yeah, the first principles. It's like, what's the, what? Like why is it three weeks? What is the actual yeah. What's the actual limit of why this is gonna take three weeks? If you're gonna, if you, if let's say you wanted to buy a new computer and someone told you it's gonna be here in five days, what's the SOL?Well, like the SOL is like, I could walk into a Best Buy and pick it up for you. Right? So then anything that's like beyond that is, and is that practical? Is that how we're gonna, you know, let's say give everyone in the [00:16:00] company a laptop, like obviously not. So then like that's the SOL and then it's like, okay, well if we have to get more than 10, suddenly there might be some, right?And so now we can kind of piece the reality back.swyx: So, so this is the. Paul Graham do things that don't scale. Yeah. And this is also the, what people would now call behi agency. Yeah.Kyle: It's actually really interesting because there's a, there's a second hardware angle to SOL that like doesn't come up for all the org sol is used like culturally at aswyx: media for everything.I'm also mining for like, I think that can be annoying sometimes. And like someone keeps going IOO you and you're like, guys, like we have to be stable. We have to, we to f*****g plan. Yeah.Kyle: It's an interesting balance.Nader: Yeah. I encounter that with like, actually just with, with Alec, right? ‘cause we, we have a new conference so we need to launch, we have, we have goals of what we wanna launch by, uh, by the conference and like, yeah.At the end of the day, where isswyx: this GTC?Nader: Um, well this is like, so we, I mean we did it for CES, we did for GT CDC before that we're doing it for GTC San Jose. So I mean, like every, you know, we have a new moment. Um, and we want to launch something. Yeah. And we want to do so at SOL and that does mean that some, there's some level of prioritization that needs [00:17:00] to happen.And so it, it is difficult, right? I think, um, you have to be careful with what you're pushing. You know, stability is important and that should be factored into S-O-L-S-O-L isn't just like, build everything and let it break, you know, that, that's part of the conversation. So as you're laying, layering in all the details, one of them might be, Hey, we could build this, but then it's not gonna be stable for X, y, z reasons.And so that was like, one of our conversations for CES was, you know, hey, like we, we can get this into early access registering your spark with brev. But there are a lot of things that we need to do in order to feel really comfortable from a security perspective, right? There's a lot of networking involved before we deliver that to users.So it's like, okay. Let's get this to a point where we can at least let people experiment with it. We had it in a booth, we had it in Jensen's keynote, and then let's go iron out all the networking kinks. And that's not easy. And so, uh, that can come later. And so that was the way that we layered that back in.Yeah. ButKyle: It's not really about saying like, you don't have to do the, the maintenance or operational work. It's more about saying, you know, it's kind of like [00:18:00] highlights how progress is incremental, right? Like, what is the minimum thing that we can get to. And then there's SOL for like every component after that.But there's the SOL to get you, get you to the, the starting line. And that, that's usually how it's asked. Yeah. On the other side, you know, like SOL came out of like hardware at Nvidia. Right. So SOL is like literally if we ran the accelerator or the GPU with like at basically full speed with like no other constraints, like how FAST would be able to make a program go.swyx: Yeah. Yeah. Right.Kyle: Soswyx: in, in training that like, you know, then you work back to like some percentage of like MFU for example.Kyle: Yeah, that's a, that's a great example. So like, there's an, there's an S-O-L-M-F-U, and then there's like, you know, what's practically achievable.swyx: Cool. Should we move on to sort of, uh, Kyle's side?Uh, Kyle, you're coming more from the data science world. And, uh, I, I mean I always, whenever, whenever I meet someone who's done working in tabular stuff, graph neural networks, time series, these are basically when I go to new reps, I go to ICML, I walk the back halls. There's always like a small group of graph people.Yes. Absolute small group of tabular people. [00:19:00] And like, there's no one there. And like, it's very like, you know what I mean? Like, yeah, no, like it's, it's important interesting work if you care about solving the problems that they solve.Kyle: Yeah.swyx: But everyone else is just LMS all the time.Kyle: Yeah. I mean it's like, it's like the black hole, right?Has the event horizon reached this yet in nerves? Um,swyx: but like, you know, those are, those are transformers too. Yeah. And, and those are also like interesting things. Anyway, uh, I just wanted to spend a little bit of time on, on those, that background before we go into Dynamo, uh, proper.Kyle: Yeah, sure. I took a different path to Nvidia than that, or I joined six years ago, seven, if you count, when I was an intern.So I joined Nvidia, like right outta college. And the first thing I jumped into was not what I'd done in, during internship, which was like, you know, like some stuff for autonomous vehicles, like heavyweight object detection. I jumped into like, you know, something, I'm like, recommenders, this is popular. Andswyx: yeah, he did RexiKyle: as well.Yeah, Rexi. Yeah. I mean that, that was the taboo data at the time, right? You have tables of like, audience qualities and item qualities, and you're trying to figure out like which member of [00:20:00] the audience matches which item or, or more practically which item matches which member of the audience. And at the time, really it was like we were trying to enable.Uh, recommender, which had historically been like a little bit of a CP based workflow into something that like, ran really well in GPUs. And it's since been done. Like there are a bunch of libraries for Axis that run on GPUs. Uh, the common models like Deeplearning recommendation model, which came outta meta and the wide and deep model, which was used or was released by Google were very accelerated by GPUs using, you know, the fast HBM on the chips, especially to do, you know, vector lookups.But it was very interesting at the time and super, super relevant because like we were starting to get like. This explosion of feeds and things that required rec recommenders to just actively be on all the time. And sort of transitioned that a little bit towards graph neural networks when I discovered them because I was like, okay, you can actually use graphical neural networks to represent like, relationships between people, items, concepts, and that, that interested me.So I jumped into that at [00:21:00] Nvidia and, and got really involved for like two-ish years.swyx: Yeah. Uh, and something I learned from Brian Zaro Yeah. Is that you can just kind of choose your own path in Nvidia.Kyle: Oh my God. Yeah.swyx: Which is not a normal big Corp thing. Yeah. Like you, you have a lane, you stay in your lane.Nader: I think probably the reason why I enjoy being in a, a big company, the mission is the boss probably from a startup guy. Yeah. The missionswyx: is the boss.Nader: Yeah. Uh, it feels like a big game of pickup basketball. Like, you know, if you play one, if you wanna play basketball, you just go up to the court and you're like, Hey look, we're gonna play this game and we need three.Yeah. And you just like find your three. That's honestly for every new initiative that's what it feels like. Yeah.Vibhu: It also like shows, right? Like Nvidia. Just releasing state-of-the-art stuff in every domain. Yeah. Like, okay, you expect foundation models with Nemo tron voice just randomly parakeet.Call parakeet just comes out another one, uh, voice. TheKyle: video voice team has always been producing.Vibhu: Yeah. There's always just every other domain of paper that comes out, dataset that comes out. It's like, I mean, it also stems back to what Nvidia has to do, right? You have to make chips years before they're actually produced.Right? So you need to know, you need to really [00:22:00] focus. TheKyle: design process starts likeVibhu: exactlyKyle: three to five years before the chip gets to the market.Vibhu: Yeah. I, I'm curious more about what that's like, right? So like, you have specialist teams. Is it just like, you know, people find an interest, you go in, you go deep on whatever, and that kind of feeds back into, you know, okay, we, we expect predictions.Like the internals at Nvidia must be crazy. Right? You know? Yeah. Yeah. You know, you, you must. Not even without selling to people, you have your own predictions of where things are going. Yeah. And they're very based, very grounded. Right?Kyle: Yeah. It, it, it's really interesting. So there's like two things that I think that Amed does, which are quite interesting.Uh, one is like, we really index into passion. There's a big. Sort of organizational top sound push to like ensure that people are working on the things that they're passionate about. So if someone proposes something that's interesting, many times they can just email someone like way up the chain that they would find this relevant and say like, Hey, can I go work on this?Nader: It's actually like I worked at a, a big company for a couple years before, uh, starting on my startup journey and like, it felt very weird if you were to like email out of chain, if that makes [00:23:00] sense. Yeah. The emails at Nvidia are like mosh pitsswyx: shoot,Nader: and it's just like 60 people, just whatever. And like they're, there's this,swyx: they got messy like, reply all you,Nader: oh, it's in, it's insane.It's insane. They justKyle: help. You know, Maxim,Nader: the context. But, but that's actually like, I've actually, so this is a weird thing where I used to be like, why would we send emails? We have Slack. I am the entire, I'm the exact opposite. I feel so bad for anyone who's like messaging me on Slack ‘cause I'm so unresponsive.swyx: Your emailNader: Maxi, email Maxim. I'm email maxing Now email is a different, email is perfect because man, we can't work together. I'm email is great, right? Because important threads get bumped back up, right? Yeah, yeah. Um, and so Slack doesn't do that. So I just have like this casino going off on the right or on the left and like, I don't know which thread was from where or what, but like the threads get And then also just like the subject, so you can have like working threads.I think what's difficult is like when you're small, if you're just not 40,000 people I think Slack will work fine, but there's, I don't know what the inflection point is. There is gonna be a point where that becomes really messy and you'll actually prefer having email. ‘cause you can have working threads.You can cc more than nine people in a thread.Kyle: You can fork stuff.Nader: You can [00:24:00] fork stuff, which is super nice and just like y Yeah. And so, but that is part of where you can propose a plan. You can also just. Start, honestly, momentum's the only authority, right? So like, if you can just start, start to make a little bit of progress and show someone something, and then they can try it.That's, I think what's been, you know, I think the most effective way to push anything for forward. And that's both at Nvidia and I think just generally.Kyle: Yeah, there's, there's the other concept that like is explored a lot at Nvidia, which is this idea of a zero billion dollar business. Like market creation is a big thing at Nvidia.Like,swyx: oh, you want to go and start a zero billion dollar business?Kyle: Jensen says, we are completely happy investing in zero billion dollar markets. We don't care if this creates revenue. It's important for us to know about this market. We think it will be important in the future. It can be zero billion dollars for a while.I'm probably minging as words here for, but like, you know, like, I'll give an example. NVIDIA's been working on autonomous driving for a a long time,swyx: like an Nvidia car.Kyle: No, they, they'veVibhu: used the Mercedes, right? They're around the HQ and I think it finally just got licensed out. Now they're starting to be used quite a [00:25:00] bit.For 10 years you've been seeing Mercedes with Nvidia logos driving.Kyle: If you're in like the South San Santa Clara, it's, it's actually from South. Yeah. So, um. Zero billion dollar markets are, are a thing like, you know, Jensen,swyx: I mean, okay, look, cars are not a zero billion dollar market. But yeah, that's a bad example.Nader: I think, I think he's, he's messaging, uh, zero today, but, or even like internally, right? Like, like it's like, uh, an org doesn't have to ruthlessly find revenue very quickly to justify their existence. Right. Like a lot of the important research, a lot of the important technology being developed that, that's kind ofKyle: where research, research is very ide ideologically free at Nvidia.Yeah. Like they can pursue things that they wereswyx: Were you research officially?Kyle: I was never in research. Officially. I was always in engineering. Yeah. We in, I'm in an org called Deep Warning Algorithms, which is basically just how do we make things that are relevant to deep warning go fast.swyx: That sounds freaking cool.Vibhu: And I think a lot of that is underappreciated, right? Like time series. This week Google put out time. FF paper. Yeah. A new time series, paper res. Uh, Symantec, ID [00:26:00] started applying Transformers LMS to Yes. Rec system. Yes. And when you think the scale of companies deploying these right. Amazon recommendations, Google web search, it's like, it's huge scale andKyle: Yeah.Vibhu: You want fast?Kyle: Yeah. Yeah. Yeah. Actually it's, it, I, there's a fun moment that brought me like full circle. Like, uh, Amazon Ads recently gave a talk where they talked about using Dynamo for generative recommendation, which was like super, like weirdly cathartic for me. I'm like, oh my God. I've, I've supplanted what I was working on.Like, I, you're using LMS now to do what I was doing five years ago.swyx: Yeah. Amazing. And let's go right into Dynamo. Uh, maybe introduce Yeah, sure. To the top down and Yeah.Kyle: I think at this point a lot of people are familiar with the term of inference. Like funnily enough, like I went from, you know, inference being like a really niche topic to being something that's like discussed on like normal people's Twitter feeds.It's,Nader: it's on billboardsKyle: here now. Yeah. Very, very strange. Driving, driving, seeing just an inference ad on 1 0 1 inference at scale is becoming a lot more important. Uh, we have these moments like, you know, open claw where you have these [00:27:00] agents that take lots and lots of tokens, but produce, incredible results.There are many different aspects of test time scaling so that, you know, you can use more inference to generate a better result than if you were to use like a short amount of inference. There's reasoning, there's quiring, there's, adding agency to the model, allowing it to call tools and use skills.Dyno sort came about at Nvidia. Because myself and a couple others were, were sort of talking about the, these concepts that like, you know, you have inference engines like VLMS, shelan, tenor, TLM and they have like one single copy. They, they, they sort of think about like things as like one single copy, like one replica, right?Why Scale Out WinsKyle: Like one version of the model. But when you're actually serving things at scale, you can't just scale up that replica because you end up with like performance problems. There's a scaling limit to scaling up replicas. So you actually have to scale out to use a, maybe some Kubernetes type terminology.We kind of realized that there was like. A lot of potential optimization that we could do in scaling out and building systems for data [00:28:00] center scale inference. So Dynamo is this data center scale inference engine that sits on top of the frameworks like VLM Shilling and 10 T lm and just makes things go faster because you can leverage the economy of scale.The fact that you have KV cash, which we can define a little bit later, uh, in all these machines that is like unique and you wanna figure out like the ways to maximize your cash hits or you want to employ new techniques in inference like disaggregation, which Dynamo had introduced to the world in, in, in March, not introduced, it was a academic talk, but beforehand.But we are, you know, one of the first frameworks to start, supporting it. And we wanna like, sort of combine all these techniques into sort of a modular framework that allows you to. Accelerate your inference at scale.Nader: By the way, Kyle and I became friends on my first date, Nvidia, and I always loved, ‘cause like he always teaches meswyx: new things.Yeah. By the way, this is why I wanted to put two of you together. I was like, yeah, this is, this is gonna beKyle: good. It's very, it's very different, you know, like we've, we, we've, we've talked to each other a bunch [00:29:00] actually, you asked like, why, why can't we scale up?Nader: Yeah.Scale Up Limits ExplainedNader: model, you said model replicas.Kyle: Yeah. So you, so scale up means assigning moreswyx: heavier?Kyle: Yeah, heavier. Like making things heavier. Yeah, adding more GPUs. Adding more CPUs. Scale out is just like having a barrier saying, I'm gonna duplicate my representation of the model or a representation of this microservice or something, and I'm gonna like, replicate it Many times.Handle, load. And the reason that you can't scale, scale up, uh, past some points is like, you know, there, there, there are sort of hardware bounds and algorithmic bounds on, on that type of scaling. So I'll give you a good example that's like very trivial. Let's say you're on an H 100. The Maxim ENV link domain for H 100, for most Ds H one hundreds is heus, right?So if you scaled up past that, you're gonna have to figure out ways to handle the fact that now for the GPUs to communicate, you have to do it over Infin band, which is still very fast, but is not as fast as ENV link.swyx: Is it like one order of magnitude, like hundreds or,Kyle: it's about an order of magnitude?Yeah. Okay. Um, soswyx: not terrible.Kyle: [00:30:00] Yeah. I, I need to, I need to remember the, the data sheet here, like, I think it's like about 500 gigabytes. Uh, a second unidirectional for ENV link, and about 50 gigabytes a second unidirectional for Infin Band. I, it, it depends on the, the generation.swyx: I just wanna set this up for people who are not familiar with these kinds of like layers and the trash speedVibhu: and all that.Of course.From Laptop to Multi NodeVibhu: Also, maybe even just going like a few steps back before that, like most people are very familiar with. You see a, you know, you can use on your laptop, whatever these steel viol, lm you can just run inference there. All, there's all, you can, youcan run it on thatVibhu: laptop. You can run on laptop.Then you get to, okay, uh, models got pretty big, right? JLM five, they doubled the size, so mm-hmm. Uh, what do you do when you have to go from, okay, I can get 128 gigs of memory. I can run it on a spark. Then you have to go multi GPU. Yeah. Okay. Multi GPU, there's some support there. Now, if I'm a company and I don't have like.I'm not hiring the best researchers for this. Right. But I need to go [00:31:00] multi-node, right? I have a lot of servers. Okay, now there's efficiency problems, right? You can have multiple eight H 100 nodes, but, you know, is that as a, like, how do you do that efficiently?Kyle: Yeah. How do you like represent them? How do you choose how to represent the model?Yeah, exactly right. That's a, that's like a hard question. Everyone asks, how do you size oh, I wanna run GLM five, which just came out new model. There have been like four of them in the past week, by the way, like a bunch of new models.swyx: You know why? Right? Deep seek.Kyle: No comment. Oh. Yeah, but Ggl, LM five, right?We, we have this, new model. It's, it's like a large size, and you have to figure out how to both scale up and scale out, right? Because you have to find the right representation that you care about. Everyone does this differently. Let's be very clear. Everyone figures this out in their own path.Nader: I feel like a lot of AI or ML even is like, is like this. I think people think, you know, I, I was, there was some tweet a few months ago that was like, why hasn't fine tuning as a service taken off? You know, that might be me. It might have been you. Yeah. But people want it to be such an easy recipe to follow.But even like if you look at an ML model and specificKyle: to you Yeah,Nader: yeah.Kyle: And the [00:32:00] model,Nader: the situation, and there's just so much tinkering, right? Like when you see a model that has however many experts in the ME model, it's like, why that many experts? I don't, they, you know, they tried a bunch of things and that one seemed to do better.I think when it comes to how you're serving inference, you know, you have a bunch of decisions to make and there you can always argue that you can take something and make it more optimal. But I think it's this internal calibration and appetite for continued calibration.Vibhu: Yeah. And that doesn't mean like, you know, people aren't taking a shot at this, like tinker from thinking machines, you know?Yeah. RL as a service. Yeah, totally. It's, it also gets even harder when you try to do big model training, right? We're not the best at training Moes, uh, when they're pre-trained. Like we saw this with LAMA three, right? They're trained in such a sparse way that meta knows there's gonna be a bunch of inference done on these, right?They'll open source it, but it's very trained for what meta infrastructure wants, right? They wanna, they wanna inference it a lot. Now the question to basically think about is, okay, say you wanna serve a chat application, a coding copilot, right? You're doing a layer of rl, you're serving a model for X amount of people.Is it a chat model, a coding model? Dynamo, you know, back to that,Kyle: it's [00:33:00] like, yeah, sorry. So you we, we sort of like jumped off of, you know, jumped, uh, on that topic. Everyone has like, their own, own journey.Cost Quality Latency TradeoffsKyle: And I, I like to think of it as defined by like, what is the model you need? What is the accuracy you need?Actually I talked to NA about this earlier. There's three axes you care about. What is the quality that you're able to produce? So like, are you accurate enough or can you complete the task with enough, performance, high enough performance. Yeah, yeah. Uh, there's cost. Can you serve the model or serve your workflow?Because it's not just the model anymore, it's the workflow. It's the multi turn with an agent cheaply enough. And then can you serve it fast enough? And we're seeing all three of these, like, play out, like we saw, we saw new models from OpenAI that you know, are faster. You have like these new fast versions of models.You can change the amount of thinking to change the amount of quality, right? Produce more tokens, but at a higher cost in a, in a higher latency. And really like when you start this journey of like trying to figure out how you wanna host a model, you, you, you think about three things. What is the model I need to serve?How many times do I need to call it? What is the input sequence link was [00:34:00] the, what does the workflow look like on top of it? What is the SLA, what is the latency SLA that I need to achieve? Because there's usually some, this is usually like a constant, you, you know, the SLA that you need to hit and then like you try and find the lowest cost version that hits all of these constraints.Usually, you know, you, you start with those things and you say you, you kind of do like a bit of experimentation across some common configurations. You change the tensor parallel size, which is a form of parallelismVibhu: I take, it goes even deeper first. Gotta think what model.Kyle: Yes, course,ofKyle: course. It's like, it's like a multi-step design process because as you said, you can, you can choose a smaller model and then do more test time scaling and it'll equate the quality of a larger model because you're doing the test time scaling or you're adding a harness or something.So yes, it, it goes way deeper than that. But from the performance perspective, like once you get to the model you need, you need to host, you look at that and you say, Hey. I have this model, I need to serve it at the speed. What is the right configuration for that?Nader: You guys see the recent, uh, there was a paper I just saw like a few days ago that, uh, if you run [00:35:00] the same prompt twice, you're getting like double Just try itagain.Nader: Yeah, exactly.Vibhu: And you get a lot. Yeah. But the, the key thing there is you give the context of the failed try, right? Yeah. So it takes a shot. And this has been like, you know, basic guidance for quite a while. Just try again. ‘cause you know, trying, just try again. Did you try again? All adviceNader: in life.Vibhu: Just, it's a paper from Google, if I'm not mistaken, right?Yeah,Vibhu: yeah. I think it, it's like a seven bas little short paper. Yeah. Yeah. The title's very cute. And it's just like, yeah, just try again. Give it ask context,Kyle: multi-shot. You just like, say like, hey, like, you know, like take, take a little bit more, take a little bit more information, try and fail. Fail.Vibhu: And that basic concept has gone pretty deep.There's like, um, self distillation, rl where you, you do self distillation, you do rl and you have past failure and you know, that gives some signal so people take, try it again. Not strong enough.swyx: Uh, for, for listeners, uh, who listen to here, uh, vivo actually, and I, and we run a second YouTube channel for our paper club where, oh, that's awesome.Vivo just covered this. Yeah. Awesome. Self desolation and all that's, that's why he, to speed [00:36:00] on it.Nader: I'll to check it out.swyx: Yeah. It, it's just a good practice, like everyone needs, like a paper club where like you just read papers together and the social pressure just kind of forces you to just,Nader: we, we,there'sNader: like a big inference.Kyle: ReadingNader: group at a video. I feel so bad every time. I I, he put it on like, on our, he shared it.swyx: One, one ofNader: your guys,swyx: uh, is, is big in that, I forget es han Yeah, yeah,Kyle: es Han's on my team. Actually. Funny. There's a, there's a, there's a employee transfer between us. Han worked for Nater at Brev, and now he, he's on my team.He wasNader: our head of ai. And then, yeah, once we got in, andswyx: because I'm always looking for like, okay, can, can I start at another podcast that only does that thing? Yeah. And, uh, Esan was like, I was trying to like nudge Esan into like, is there something here? I mean, I don't think there's, there's new infant techniques every day.So it's like, it's likeKyle: you would, you would actually be surprised, um, the amount of blog posts you see. And ifswyx: there's a period where it was like, Medusa hydra, what Eagle, like, youKyle: know, now we have new forms of decode, uh, we have new forms of specula, of decoding or new,swyx: what,Kyle: what are youVibhu: excited? And it's exciting when you guys put out something like Tron.‘cause I remember the paper on this Tron three, [00:37:00] uh, the amount of like post train, the on tokens that the GPU rich can just train on. And it, it was a hybrid state space model, right? Yeah.Kyle: It's co-designed for the hardware.Vibhu: Yeah, go design for the hardware. And one of the things was always, you know, the state space models don't scale as well when you do a conversion or whatever the performance.And you guys are like, no, just keep draining. And Nitron shows a lot of that. Yeah.Nader: Also, something cool about Nitron it was released in layers, if you will, very similar to Dynamo. It's, it's, it's essentially it was released as you can, the pre-training, post-training data sets are released. Yeah. The recipes on how to do it are released.The model itself is released. It's full model. You just benefit from us turning on the GPUs. But there are companies like, uh, ServiceNow took the dataset and they trained their own model and we were super excited and like, you know, celebrated that work.ZoomVibhu: different. Zoom is, zoom is CGI, I think, uh, you know, also just to add like a lot of models don't put out based models and if there's that, why is fine tuning not taken off?You know, you can do your own training. Yeah,Kyle: sure.Vibhu: You guys put out based model, I think you put out everything.Nader: I believe I know [00:38:00]swyx: about base. BasicallyVibhu: without baseswyx: basic can be cancelable.Vibhu: Yeah. Base can be cancelable.swyx: Yeah.Vibhu: Safety training.swyx: Did we get a full picture of dymo? I, I don't know if we, what,Nader: what I'd love is you, you mentioned the three axes like break it down of like, you know, what's prefilled decode and like what are the optimizations that we can get with Dynamo?Kyle: Yeah. That, that's, that's, that's a great point. So to summarize on that three axis problem, right, there are three things that determine whether or not something can be done with inference, cost, quality, latency, right? Dynamo is supposed to be there to provide you like the runtime that allows you to pull levers to, you know, mix it up and move around the parade of frontier or the preto surface that determines is this actually possible with inference And AI todayNader: gives you the knobs.Kyle: Yeah, exactly. It gives you the knobs.Disaggregation Prefill vs DecodeKyle: Uh, and one thing that like we, we use a lot in contemporary inference and is, you know, starting to like pick up from, you know, in, in general knowledge is this co concept of disaggregation. So historically. Models would be hosted with a single inference engine. And that inference engine [00:39:00] would ping pong between two phases.There's prefill where you're reading the sequence generating KV cache, which is basically just a set of vectors that represent the sequence. And then using that KV cache to generate new tokens, which is called Decode. And some brilliant researchers across multiple different papers essentially made the realization that if you separate these two phases, you actually gain some benefits.Those benefits are basically a you don't have to worry about step synchronous scheduling. So the way that an inference engine works is you do one step and then you finish it, and then you schedule, you start scheduling the next step there. It's not like fully asynchronous. And the problem with that is you would have, uh, essentially pre-fill and decode are, are actually very different in terms of both their resource requirements and their sometimes their runtime.So you would have like prefill that would like block decode steps because you, you'd still be pre-filing and you couldn't schedule because you know the step has to end. So you remove that scheduling issue and then you also allow you, or you yourself, to like [00:40:00] split the work into two different ki types of pools.So pre-fill typically, and, and this changes as, as model architecture changes. Pre-fill is, right now, compute bound most of the time with the sequence is sufficiently long. It's compute bound. On the decode side because you're doing a full Passover, all the weights and the entire sequence, every time you do a decode step and you're, you don't have the quadratic computation of KV cache, it's usually memory bound because you're retrieving a linear amount of memory and you're doing a linear amount of compute as opposed to prefill where you retrieve a linear amount of memory and then use a quadratic.You know,Nader: it's funny, someone exo Labs did a really cool demo where for the DGX Spark, which has a lot more compute, you can do the pre the compute hungry prefill on a DG X spark and then do the decode on a, on a Mac. Yeah. And soVibhu: that's faster.Nader: Yeah. Yeah.Kyle: So you could, you can do that. You can do machine strat stratification.Nader: Yeah.Kyle: And like with our future generation generations of hardware, we actually announced, like with Reuben, this [00:41:00] new accelerator that is prefilled specific. It's called Reuben, CPX. SoKubernetes Scaling with GroveNader: I have a question when you do the scale out. Yeah. Is scaling out easier with Dynamo? Because when you need a new node, you can dedicate it to either the Prefill or, uh, decode.Kyle: Yeah. So Dynamo actually has like a, a Kubernetes component in it called Grove that allows you to, to do this like crazy scaling specialization. It has like this hot, it's a representation that, I don't wanna go too deep into Kubernetes here, but there was a previous way that you would like launch multi-node work.Uh, it's called Leader Worker Set. It's in the Kubernetes standard, and Leader worker set is great. It served a lot of people super well for a long period of time. But one of the things that it's struggles with is representing a set of cases where you have a multi-node replica that has a pair, right?You know, prefill and decode, or it's not paired, but it has like a second stage that has a ratio that changes over time. And prefill and decode are like two different things as your workload changes, right? The amount of prefill you'll need to do may change. [00:42:00] The amount of decode that you, you'll need to do might change, right?Like, let's say you start getting like insanely long queries, right? That probably means that your prefill scales like harder because you're hitting these, this quadratic scaling growth.swyx: Yeah.And then for listeners, like prefill will be long input. Decode would be long output, for example, right?Kyle: Yeah. So like decode, decode scale. I mean, decode is funny because the amount of tokens that you produce scales with the output length, but the amount of work that you do per step scales with the amount of tokens in the context.swyx: Yes.Kyle: So both scales with the input and the output.swyx: That's true.Kyle: But on the pre-fold view code side, like if.Suddenly, like the amount of work you're doing on the decode side stays about the same or like scales a little bit, and then the prefilled side like jumps up a lot. You actually don't want that ratio to be the same. You want it to change over time. So Dynamo has a set of components that A, tell you how to scale.It tells you how many prefilled workers and decoded workers you, it thinks you should have, and also provides a scheduling API for Kubernetes that allows you to actually represent and affect this scheduling on, on, on your actual [00:43:00] hardware, on your compute infrastructure.Nader: Not gonna lie. I feel a little embarrassed for being proud of my SVG function earlier.swyx: No, itNader: wasreallyKyle: cute. I, Iswyx: likeNader: it's all,swyx: it's all engineering. It's all engineering. Um, that's where I'mKyle: technical.swyx: One thing I'm, I'm kind of just curious about with all with you see at a systems level, everything going on here. Mm-hmm. And we, you know, we're scaling it up in, in multi, in distributed systems.Context Length and Co Designswyx: Um, I think one thing that's like kind of, of the moment right now is people are asking, is there any SOL sort of upper bounds. In terms of like, let's call, just call it context length for one for of a better word, but you can break it down however you like.Nader: Yeah.swyx: I just think like, well, yeah, I mean, like clearly you can engage in hybrid architectures and throw in some state space models in there.All, all you want, but it looks, still looks very attention heavy.Kyle: Yes. Uh, yeah. Long context is attention heavy. I mean, we have these hybrid models, um,swyx: to take and most, most models like cap out at a million contexts and that's it. Yeah. Like for the last two years has been it.Kyle: Yeah. The model hardware context co-design thing that we're seeing these days is actually super [00:44:00] interesting.It's like my, my passion, like my secret side passion. We see models like Kimmy or G-P-T-O-S-S. I'm use these because I, I know specific things about these models. So Kimmy two comes out, right? And it's an interesting model. It's like, like a deep seek style architecture is MLA. It's basically deep seek, scaled like a little bit differently, um, and obviously trained differently as well.But they, they talked about, why they made the design choices for context. Kimmy has more experts, but fewer attention heads, and I believe a slightly smaller attention, uh, like dimension. But I need to remember, I need to check that. Uh, it doesn't matter. But they discussed this actually at length in a blog post on ji, which is like our pu which is like credit puswyx: Yeah.Kyle: Um, in, in China. Chinese red.swyx: Yeah.Kyle: It's, yeah. So it, it's, it's actually an incredible blog post. Uh, like all the mls people in, in, in that, I've seen that on GPU are like very brilliant, but they, they talk about like the creators of Kimi K two [00:45:00] actually like, talked about it on, on, on there in the blog post.And they say, we, we actually did an experiment, right? Attention scales with the number of heads, obviously. Like if you have 64 heads versus 32 heads, you do half the work of attention. You still scale quadratic, but you do half the work. And they made a, a very specific like. Sort of barter in their system, in their architecture, they basically said, Hey, what if we gave it more experts, so we're gonna use more memory capacity.But we keep the amount of activated experts the same. We increase the expert sparsity, so we have fewer experts act. The ratio to of experts activated to number of experts is smaller, and we decrease the number of attention heads.Vibhu: And kind of for context, what the, what we had been seeing was you make models sparser instead.So no one was really touching heads. You're just having, uh,Kyle: well, they, they did, they implicitly made it sparser.Vibhu: Yeah, yeah. For, for Kimmy. They did,Kyle: yes.Vibhu: They also made it sparser. But basically what we were seeing was people were at the level of, okay, there's a sparsity ratio. You want more total parameters, less active, and that's sparsity.[00:46:00]But what you see from papers, like, the labs like moonshot deep seek, they go to the level of, okay, outside of just number of experts, you can also change how many attention heads and less attention layers. More attention. Layers. Layers, yeah. Yes, yes. So, and that's all basically coming back to, just tied together is like hardware model, co-design, which isKyle: hardware model, co model, context, co-design.Vibhu: Yeah.Kyle: Right. Like if you were training a, a model that was like. Really, really short context, uh, or like really is good at super short context tasks. You may like design it in a way such that like you don't care about attention scaling because it hasn't hit that, like the turning point where like the quadratic curve takes over.Nader: How do you consider attention or context as a separate part of the co-design? Like I would imagine hardware or just how I would've thought of it is like hardware model. Co-design would be hardware model context co-designKyle: because the harness and the context that is produced by the harness is a part of the model.Once it's trained in,Vibhu: like even though towards the end you'll do long context, you're not changing architecture through I see. Training. Yeah.Kyle: I mean you can try.swyx: You're saying [00:47:00] everyone's training the harness into the model.Kyle: I would say to some degree, orswyx: there's co-design for harness. I know there's a small amount, but I feel like not everyone has like gone full send on this.Kyle: I think, I think I think it's important to internalize the harness that you think the model will be running. Running into the model.swyx: Yeah. Interesting. Okay. Bash is like the universal harness,Kyle: right? Like I'll, I'll give. An example here, right? I mean, or just like a, like a, it's easy proof, right? If you can train against a harness and you're using that harness for everything, wouldn't you just train with the harness to ensure that you get the best possible quality out of,swyx: Well, the, uh, I, I can provide a counter argument.Yeah, sure. Which is what you wanna provide a generally useful model for other people to plug into their harnesses, right? So if youKyle: Yeah. Harnesses can be open, open source, right?swyx: Yeah. So I mean, that's, that's effectively what's happening with Codex.Kyle: Yeah.swyx: And, but like you may want like a different search tool and then you may have to name it differently or,Nader: I don't know how much people have pushed on this, but can you.Train a model, would it be, have you have people compared training a model for the for the harness versus [00:48:00] like post training forswyx: I think it's the same thing. It's the same thing. It's okay. Just extra post training. INader: see.swyx: And so, I mean, cognition does this course, it does this where you, you just have to like, if your tool is slightly different, um, either force your tool to be like the tool that they train for.Hmm. Or undo their training for their tool and then Oh, that's re retrain. Yeah. It's, it's really annoying and like,Kyle: I would hope that eventually we hit like a certain level of generality with respect to training newswyx: tools. This is not a GI like, it's, this is a really stupid like. Learn my tool b***h.Like, I don't know if, I don't know if I can say that, but like, you know, um, I think what my point kind of is, is that there's, like, I look at slopes of the scaling laws and like, this slope is not working, man. We, we are at a million token con

FIPS is an open source mesh networking project that enables devices to connect directly to each other without relying on any central servers or infrastructure. Today's internet depends on companies and governments that can monitor, censor, or shut down communication at will. FIPS solves this by giving every node a cryptographic identity and encrypting all traffic automatically, so no one in the middle can see or block what you're doing. Nodes discover each other and route messages through the mesh on their own, and regular apps like browsers and SSH clients work on top of it without any special setup.Arjen on Nostr: https://primal.net/p/npub1hw6amg8p24ne08c9gdq8hhpqx0t0pwanpae9z25crn7m9uy7yarse465grJonathan on Nostr: https://primal.net/p/npub19wavu4f7l6l43h24jyskn7fvzy37kcfp67aqjtmv2qgy4lp34nhsda8p6k FIPS Repo: https://gitworkshop.dev/npub1y0gja7r4re0wyelmvdqa03qmjs62rwvcd8szzt4nf4t2hd43969qj000ly/relay.ngit.dev/fips Tollgate: https://tollgate.meSovereign Engineering: https://sovereignengineering.io/ EPISODE: 193BLOCK: 939631PRICE: 1465 sats per dollar(02:03) Introducing FIPS and the goal of a middleman free internet(04:16) Why static IPs fail for hosting and how FIPS reframes identity(05:51) Decoupling transport and routing: protocol-agnostic design(06:50) Peer discovery across Wi‑Fi, Bluetooth, and local broadcast(07:43) Future global routing ideas and decentralized discovery(09:05) Local mesh handshakes, Noise encryption, and Bloom filters(11:02) Community meshes, resilience, and mixed transports(11:42) Starlink and bridging meshes over the wider internet(13:21) Use case: protest resilience and reconnecting to the world(14:08) Origins: conferences, Sovereign Engineering, and NoDNS(16:04) From NoDNS to FIPS: faster updates, remaining gaps(17:10) Economics: sats for peering and incentive-aware routing(18:00) Abuse, DDoS surfaces, and defenses via npubs and rate limits(19:45) Learning from mesh hype cycles and bootstrapping adoption(22:32) Lowering app friction: make existing apps work over FIPS(25:12) DNS trick: IPv6 mapping and transparent transport(27:08) Backwards compatibility as a must-have for scale(28:08) Rethinking data flow with Nostr streams and local hosting(30:12) Offline-to-online spectrum and graceful reconciliation(31:10) Status update: early servers, testers, and bandwidth limits(32:20) Physical constraints: MTU, Bluetooth, LoRa(36:00) Reality checks: pitfalls, past meshes, and expectations(38:12) New primitives: Nostr, Blossom, eCash; Jonathan's role(40:37) Identity concerns, key rotation, and operational practices(46:10) Hosting sensitive services: hot keys(48:09) Self-hosting privately, Tor comparisons, and latency(49:37) Observation, Tollgate incentives, and community privacy(50:40) Tollgate legal concerns and community norms(53:21) Call to action, testing FIPS, and packaging plans(55:10) Closing thoughtsmore info on the show: https://citadeldispatch.comlearn more about me: https://odell.xyz

In this episode, hosts Lois Houston and Nikita Abraham are joined by special guests Samvit Mishra and Rashmi Panda for an in-depth discussion on security and migration with Oracle Database@AWS. Samvit shares essential security best practices, compliance guidance, and data protection mechanisms to safeguard Oracle databases in AWS, while Rashmi walks through Oracle's powerful Zero-Downtime Migration (ZDM) tool, explaining how to achieve seamless, reliable migrations with minimal disruption.   Oracle Database@AWS Architect Professional: https://mylearn.oracle.com/ou/course/oracle-databaseaws-architect-professional/155574 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, Anna Hulkower, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode.   -------------------------------------------------------------   Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:26 Nikita: Welcome to the Oracle University Podcast! I'm Nikita Abraham, Team Lead: Editorial Services with Oracle University, and with me is Lois Houston, Director of Communications and Adoption with Customer Success Services. Lois: Hello again! We're continuing our discussion on Oracle Database@AWS and in today's episode, we're going to talk about the aspects of security and migration with two special guests: Samvit Mishra and Rashmi Panda. Samvit is a Senior Manager and Rashmi is a Senior Principal Database Instructor.  00:59 Nikita: Hi Samvit and Rashmi! Samvit, let's begin with you. What are the recommended security best practices and data protection mechanisms for Oracle Database@AWS? Samvit: Instead of everyone using the root account, which has full access, we create individual users with AWS, IAM, Identity Center, or IAM service. And in addition, you must use multi-factor authentication. So basically, as an example, you need a password and a temporary code from virtual MFA app to log in to the console.  Always use SSL or TLS to communicate with AWS services. This ensures data in transit is encrypted. Without TLS, the sensitive information like credentials or database queries can be intercepted. AWS CloudTrail records every action taken in your AWS account-- who did what, when, and from where. This helps with audit, troubleshooting, and detecting suspicious activity. So you must set up API and user activity logging with AWS CloudTrail.  Use AWS encryption solutions along with all default security controls within AWS services. To store and manage keys by using transparent data encryption, which is enabled by default, Oracle Database@AWS uses OCI vaults. Currently, Oracle Database@AWS doesn't support the AWS Key Management Service. You should also use advanced managed security services such as Amazon Macie, which assists in discovering and securing sensitive data that is stored in Amazon S3.  03:08 Lois: And how does Oracle Database@AWS deliver strong security and compliance? Samvit: Oracle Database@AWS enforces transparent data encryption for all data at REST, ensuring stored information is always protected. Data in transit is secured using SSL and Native Network Encryption, providing end-to-end confidentiality. Oracle Database@AWS also uses OCI Vault for centralized and secure key management. This allows organizations to manage encryption keys with fine-grained control, rotation policies, and audit capabilities to ensure compliance with regulatory standards. At the database level, Oracle Database@AWS supports unified auditing and fine-grained auditing to track user activity and sensitive operations. At the resource level, AWS CloudTrail and OCI audit service provide comprehensive visibility into API calls and configuration changes. At the database level, security is enforced using database access control lists and Database Firewall to restrict unauthorized connections. At the VPC level, network ACLs and security groups provide layered network isolation and access control. Again, at the database level, Oracle Database@AWS enforces access controls to Database Vault, Virtual Private Database, and row-level security to prevent unauthorized access to sensitive data. And at a resource level, AWS IAM policies, groups, and roles manage user permissions with the fine-grained control. 05:27 Lois Samvit, what steps should users be taking to keep their databases secure? Samvit: Security is not a single feature but a layered approach covering user access, permissions, encryption, patching, and monitoring. The first step is controlling who can access your database and how they connect. At the user level, strong password policies ensure only authorized users can login. And at the network level, private subnets and network security group allow you to isolate database traffic and restrict access to trusted applications only. One of the most critical risks is accidental or unauthorized deletion of database resources. To mitigate this, grant delete permissions only to a minimal set of administrators. This reduces the risk of downtime caused by human error or malicious activity. Encryption ensures that even if the data is exposed, it cannot be read. By default, all databases in OCI are encrypted using transparent data encryption. For migrated databases, you must verify encryption is enabled and active. Best practice is to rotate the transparent data encryption master key every 90 days or less to maintain compliance and limit exposure in case of key compromise. Unpatched databases are one of the most common entry points for attackers. Always apply Oracle critical patch updates on schedule. This mitigates known vulnerabilities and ensures your environment remains protected against emerging threats. 07:33 Nikita: Beyond what users can do, are there any built-in features or tools from Oracle that really help with database security? Samvit: Beyond the basics, Oracle provides powerful database security tools. Features like data masking allow you to protect sensitive information in non-production environments. Auditing helps you monitor database activity and detect anomalies or unauthorized access. Oracle Data Safe is a managed service that takes database security to the next level. It can access your database configuration for weaknesses. It can also detect risky user accounts and privileges, identify and classify sensitive data. It can also implement controls such as masking to protect that data. And it can also continuously audit user activity to ensure compliance and accountability. Now, transparent data encryption enables you to encrypt sensitive data that you store in tables and tablespaces. It also enables you to encrypt database backups. After the data is encrypted, this data is transparently decrypted for authorized users or applications when they access that data. You can configure OCI Vault as a part of the transparent data encryption implementation. This enables you to centrally manage keystore in your enterprise. So OCI Vault gives centralized control over encryption keys, including key rotation and customer managed keys. 09:23 Lois: So obviously, lots of companies have to follow strict regulations. How does Oracle Database@AWS help customers with compliance?  Samvit: Oracle Database@AWS has achieved a broad and rigorous set of compliance certifications. The service supports SOC 1, SOC 2, and SOC 3, as well as HIPAA for health care data protection. If we talk about SOC 1, that basically covers internal controls for financial statements and reporting. SOC 2 covers internal controls for security, confidentiality, processing integrity, privacy, and availability. SOC 3 covers SOC 2 results tailored for a general audience. And HIPAA is a federal law that protects patients' health information and ensures its confidentiality, integrity, and availability. It also holds certifications and attestations such as CSA STAR, C5. Now C5 is a German government standard that verifies cloud providers meet strict security and compliance requirements. CSA STAR attestation is an independent third-party audit of cloud security controls. CSA STAR certification also validates a cloud provider's security posture against CSA's cloud controls matrix. And HDS is a French certification that ensures cloud providers meet stringent requirements for hosting and protecting health care data. Oracle Database@AWS also holds ISO and IEC standards. You can also see PCI DSS, which is basically for payment card security and HITRUST, which is for high assurance health care framework. So, these certifications ensure that Oracle Database@AWS not only adheres to best practices in security and privacy, but also provides customers with assurance that their workloads align with globally recognized compliance regimes. 11:47 Nikita: Thank you, Samvit. Now Rashmi, can you walk us through Oracle's migration solution that helps teams move to OCI Database Services? Rashmi: Oracle Zero-Downtime Migration is a robust and flexible end-to-end database migration solution that can completely automate and streamline the migration of Oracle databases. With bare minimum inputs from you, it can orchestrate and execute the entire migration task, virtually needing no manual effort from you. And the best part is you can use this tool for free to migrate your source Oracle databases to OCI Oracle Database Services faster and reliably, eliminating the chances of human errors. You can migrate individual databases or migrate an entire fleet of databases in parallel. 12:34 Nikita: Ok. For someone planning a migration with ZDM, are there any key points they should keep in mind?  Rashmi: When migrating using ZDM, your source databases may require minimal downtime up to 15 minutes or no downtime at all, depending upon the scenario. It is built with the principles of Oracle maximum availability architecture and leverages technologies like Oracle GoldenGate and Oracle Data Guard to achieve high availability and online migration workflow using Oracle migration methods like RMAN, Data Pump, and Database Links. Depending on the migration requirement, ZDM provides different migration method options. It can be logical or physical migration in an online or offline mode. Under the hood, it utilizes the different database migration technologies to perform the migration. 13:23 Lois: Can you give us an example of this? Rashmi: When you are migrating a mission critical production database, you can use the logical online migration method. And when you are migrating a development database, you can simply choose the physical offline migration method. As part of the migration job, you can perform database upgrades or convert your database to multitenant architecture. ZDM offers greater flexibility and automation in performing the database migration. You can customize workflow by adding pre or postrun scripts as part of the workflow. Run prechecks to check for possible failures that may arise during migration and fix them. Audit migration jobs activity and user actions. Control the execution like schedule a job pause, resume, if needed, suspend and resume the job, schedule the job or terminate a running job. You can even rerun a job from failure point and other such capabilities. 14:13 Lois: And what kind of migration scenarios does ZDM support? Rashmi: The minimum version of your source Oracle Database must be 11.2.0.4 and above. For lower versions, you will have to first upgrade to at least 11.2.0.4. You can migrate Oracle databases that may be of the Standard or Enterprise edition. ZDM supports migration of Oracle databases, which may be a single-instance, or RAC One Node, or RAC databases. It can migrate on Unix platforms like Linux, Oracle Solaris, and AIX. For Oracle databases on AIX and Oracle Solaris platform, ZDM uses logical migration method. But if the source platform is Linux, it can use both physical and logical migration method. You can use ZDM to migrate databases that may be on premises, or in third-party cloud, or even within Oracle Cloud Infrastructure. ZDM leverages Oracle technologies like RMAN datacom, Database Links, Data Guard, Oracle GoldenGate when choosing a specific migration workflow. 15:15 Are you ready to revolutionize the way you work? Discover a wide range of Oracle AI Database courses that help you master the latest AI-powered tools and boost your career prospects. Start learning today at mylearn.oracle.com. 15:35 Nikita: Welcome back! Rashmi, before someone starts using ZDM, is there any prep work they should do or things they need to set up first? Rashmi: Working with ZDM needs few simple configuration. Zero-downtime migration provides a command line interface to run your migration job. First, you have to download the ZDM binary, preferably download from my Oracle Support, where you can get the binary with the latest updates. Set up and configure the binary by following the instructions available at the same invoice node. The host in which ZDM is installed and configured is called the zero-downtime migration service host. The host has to be Oracle Linux version 7 or 8, or it can be RCL 8. Next is the orchestration step where connection to the source and target is configured and tested like SSH configuration with source and target, opening the ports in respective destinations, creation of dump destination, granting required database privileges. Prepare the response file with parameter values that define the workflow that ZDM should use during Oracle Database migration. You can also customize the migration workflow using the response file. You can plug in run scripts to be executed before or after a specific phase of the migration job. These customizations are called custom plugins with user actions. Your sources may be hosted on-premises or OCI-managed database services, or even third-party cloud. They may be Oracle Database Standard or Enterprise edition and on accelerator infrastructure or a standard compute. The target can be of the same type as the source. But additionally, ZDM supports migration to multicloud deployments on Oracle Database@Azure, Oracle Database@Google Cloud, and Oracle Database@AWS. You begin with a migration strategy where you list the different databases that can be migrated, classification of the databases, grouping them, performing three migration checks like dependencies, downtime requirement versions, and preparing the order migration, the target migration environment, et cetera. 17:27 Lois: What migration methods and technologies does ZDM rely on to complete the move? Rashmi: There are primarily two types of migration: physical or logical. Physical migration pertains to copy of the database OS blocks to the target database, whereas in logical migration, it involves copying of the logical elements of the database like metadata and data. Each of these migration methods can be executed when the database is online or offline. In online mode, migration is performed simultaneously while the changes are in progress in the source database. While in offline mode, all changes to the source database is frozen. For physical offline migration, it uses backup and restore technique, while with the physical online, it creates a physical standby using backup and restore, and then performing a switchover once the standby is in sync with the source database. For logical offline migration, it exports and imports database metadata and data into the target database, while in logical online migration, it is a combination of export and import operation, followed by apply of incremental updates from the source to the target database. The physical or logical offline migration method is used when the source database of the application can allow some downtime for the migration. The physical or logical online migration approach is ideal for scenarios where any downtime for the source database can badly affect critical applications. The only downtime that can be tolerated by the application is only during the application connection switchover to the migrated database. One other advantage is ZDM can migrate one or a fleet of Oracle databases by executing multiple jobs in parallel, where each job workflow can be customized to a specific database need. It can perform physical or logical migration of your Oracle databases.  And whether it should be performed online or offline depends on the downtime that can be approved by business. 19:13 Nikita: Samvit and Rashmi, thanks for joining us today. Lois: Yeah, it's been great to have you both. If you want to dive deeper into the topics we covered today, go to mylearn.oracle.com and search for the Oracle Database@AWS Architect Professional course. Until next time, this is Lois Houston… Nikita: And Nikita Abraham, signing off! 19:35 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

Comment on this episode by going to KDramaChat.com Today, we'll be discussing Episode 13 of Start-Up, the hit K Drama on Netflix starring Bae Suzy as Seo Dal-mi, Nam Joo Hyuk as Nam Do San, Kim Seon Ho as Han Ji Pyeong, Kang Han Na as Won In Jae, and Kim Hae Sook as Choi Won Deok. We discuss: The songs we featured during the recap: Dream by Jamie, Ransomware by Kim Dong Hyeok, Remind by Park Sejun Joanna's epic night at the TWICE concert at Capital One Arena — 21,000 fans, multi-generational crowds, and how “Takedown” from KPop Demon Hunters is bringing TWICE to new audiences in the U.S. The meaning of the episode title “Comfort Zone” and how it perfectly captures Han Ji Pyeong's three-year stalemate with Seo Dal Mi. Ji Pyeong's awkward confession while making skewers, why saying “I want to be the first person you think of” wasn't quite enough, and whether jewelry is a bold romantic move or a panicked leap out of the friend zone. Yeong Sil's iconic baseball analogy — “Two outs in the bottom of the ninth and a full count” — and why it may be the motivational speech Ji Pyeong needed to finally swing the bat. Nam Do San's three years in Silicon Valley: success, stock options, Napa wine, yachts on the Bay… and whether coding became his emotional safe haven after heartbreak. The ransomware attack on CheongMyeong Company — port 22, SSH vulnerabilities, decryption keys, and whether finding the key was even remotely realistic (thank you to our cybersecurity friends for weighing in!). The thrill of problem-solving: why Do San says he hasn't felt this alive in years — and whether returning to Korea means stepping out of his own comfort zone. The complicated dynamic between the sisters as Dal Mi (now CEO of CheongMyeong) and In Jae (대표님) maintain strict professionalism at work while still struggling to reconnect personally — especially around Chuseok. Han Ji Pyeong's heartbreaking timing yet again — arriving just after Do San saves the company — and why Dal Mi hesitated to call him during the crisis. The bromance vote over street skewers and tteokbokki outside Sandbox — and the emotional moment when the three friends decide to stay in Korea together. Our favorite lines: – “Two outs in the bottom of the ninth and a full count.” – “Don't throw a pebble into a calm lake.” At the end of the episode, Ji Pyeong confronts Do San in the elevator, gift in pocket, promotion title acknowledged (상무님!), and the rivalry officially reignites. Joanna's interview with real-life venture capitalist Tim McLoughlin of Cofounders Capital — decision-making under uncertainty, making peace with imperfect data, and why looking backward can slow you down. Next week, we recap and analyze Episode 14 of Start-Up and begin narrowing down our choice for Season 14. Send us your recommendations! References Chuseok - Wikipedia Drinkers in Korea Dial for Designated Drivers - The New York Times Songpyeon - Wikipedia

В этом выпуске: как обойтись без заголовка host в SSH, насколько проклят Node.js, что делает Google видя noindex и follow, а также тонкости обновлений в Ubuntu, тонкости реализации Base32 по RFC и тонкости обсуждения тем наших слушателей. [00:01:14] Чему мы научились за неделю [00:05:42] SSH has no Host header SSH has no Host header —… Читать далее →