Podcasts about UDP

Sobre la vida de Enrique Correa, Iván Valenzuela y Angélica Bulnes conversaron con Andrea Insunza y Javier Ortega, directores de la productora periodística "Un día en la vida", autores del libro "Enrique Correa, una biografía sobre el poder", editado por periodismo UDP y Catalonia.

Send us a textVulnerability assessments serve as the frontline defense against cybersecurity threats, yet many professionals struggle to understand the terminology and methodologies that make them effective. In this comprehensive episode, we demystify the critical components of vulnerability management that every security practitioner should master – whether you're preparing for the CISSP exam or strengthening your organization's security posture.We begin by examining recent ransomware attacks targeting municipal governments across the United States, highlighting how 28 county and tribal governments have already fallen victim in 2024 alone. These incidents underscore why vulnerability management isn't just theoretical knowledge but an urgent practical necessity for protecting critical infrastructure and services.Diving into the technical foundations, we explore how the Common Vulnerability and Exposures (CVE) system works, from discovery to disclosure, and how the Common Vulnerability Scoring System (CVSS) helps prioritize remediation efforts through its base, temporal, and environmental metrics. You'll gain clarity on related frameworks including CPE, CCE, and OVAL, understanding how these pieces fit together to create a comprehensive vulnerability management approach.The episode also provides a practical breakdown of network scanning techniques essential for vulnerability discovery, including SYN scans, TCP connect scans, ACK scans, UDP scans, and Christmas tree scans. We explain the intricacies of the TCP handshake process and how different scanning methods leverage various aspects of this protocol to identify potential vulnerabilities while avoiding detection.We also examine how AI-assisted code generation is transforming development practices, with 70% of professional developers expected to use these tools by 2027. While this technology promises significant productivity gains, it creates new security challenges that vulnerability assessment processes must address.Whether you're studying for the CISSP exam or looking to strengthen your organization's security practices, this episode equips you with the knowledge to implement effective vulnerability management. Visit CISSP Cyber Training for additional resources to support your cybersecurity journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textNavigating the complex landscape of authentication frameworks is essential for any cybersecurity professional, especially those preparing for the CISSP exam. This deep-dive episode unravels the intricate world of authentication systems that protect our digital identities across multiple platforms and services.We begin by examining OAuth 2.0 and OpenID Connect (OIDC), exploring how these token-based frameworks revolutionize third-party authentication without exposing user credentials. When you click "Login with Google," you're experiencing these protocols in action—reducing password reuse while maintaining security across digital services. Learn the difference between authorization flows and how these systems interact to verify your identity seamlessly across the web.The podcast then transitions to Security Assertion Markup Language (SAML), breaking down how this XML-based protocol establishes trust between identity providers and service providers. Through practical examples, we illustrate how SAML enables web single sign-on capabilities across educational institutions, corporate environments, and cloud services—creating that "connective tissue" between disparate systems while enhancing both security and user experience.Kerberos, MIT's powerful network authentication protocol, takes center stage as we explore its ticketing system architecture. Named after the three-headed dog of Greek mythology, this protocol's Authentication Service, Ticket Granting Service, and Key Distribution Center work in concert to verify identities without transmitting passwords across networks. We also discuss critical considerations like time synchronization requirements that can make or break your Kerberos implementation.For remote authentication scenarios, we compare RADIUS and TACACS+ protocols, highlighting their distinct approaches to the AAA (Authentication, Authorization, and Accounting) framework. Discover why network administrators choose UDP-based RADIUS for general network access while preferring the TCP-based TACACS+ for granular administrative control with command-level authorization and full payload encryption.Whether you're studying for the CISSP exam or looking to strengthen your organization's security posture, this episode provides the knowledge foundation you need to implement robust authentication systems in today's interconnected world. Visit CISSP Cyber Training for additional resources to support your cybersecurity journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

La encuesta ICSO-UDP 2025 reveló el panorama actual de los temores de la ciudadanía en el país: seguridad, salud y situación económica lideran este listado. Además, las mujeres presentan un nivel de preocupación mayor en distintas áreas. Para profundizar en esto, conversamos con Macarena Orchard, directora del Magíster en Métodos para la Investigación Social de la UDP.

In this episode of Search Off the Record, Gary Illyes and Martin Splitt from the Google Search team dive deep into the foundations of how the web works—specifically HTTP, TCP, UDP, and newer technologies like QUIC and HTTP/3. The two reflect on how even experienced web professionals often overlook or forget the mechanics behind these core protocols, sharing insights through technical discussion, playful banter, and analogies ranging from messenger pigeons to teapots. The conversation spans key concepts like packet transmission, connection handshakes, and the importance of status codes such as 404, 204, and even 418 (“I'm a teapot”). Throughout the conversation, they connect these protocols back to real-world implications for site owners, developers, and SEOs—like why Search Console might report network errors, and how browser or server behavior is influenced by low-level transport decisions. With a mix of humor and expertise, Gary and Martin aim to demystify a crucial part of the internet's infrastructure and remind listeners of the layered complexity that makes modern web experiences possible. Resources: Episode transcript →https://goo.gle/sotr091-transcript    Listen to more Search Off the Record → https://goo.gle/sotr-yt Subscribe to Google Search Channel → https://goo.gle/SearchCentral Search Off the Record is a podcast series that takes you behind the scenes of Google Search with the Search Relations team. #SOTRpodcast #SEO #Http Speakers: Lizzi Sassman, John Mueller, Martin Splitt, Gary Illyes Products Mentioned: Search Console - General  

A 8,7% llegó la desocupación nacional en el trimestre enero-marzo según informó el Instituto Nacional de Estadísticas. Juan Bravo, director del Observatorio del Contexto Económico de la UDP, analizó la cifra, asegurando que "no son para estar contento".

Send us a textCybersecurity professionals, alert! A dangerous Chrome zero-day vulnerability demands your immediate attention. In this action-packed episode, Sean Gerber breaks down CVE-25-2783, a critical security threat that allows attackers to execute remote code simply by having users click malicious links. Though initially targeting Russian organizations, this exploit threatens Chromium-based browsers worldwide—including Chrome, Edge, Brave, Opera, and Vivaldi. Don't wait—patch immediately!The heart of this episode delivers 15 expertly-crafted CISSP practice questions focusing on Domain 4.2 network security concepts. Sean methodically explores essential topics including router load balancing capabilities, electromagnetic interference vulnerabilities, NAC implementation benefits, and optimal firewall configurations. Each question peels back another layer of network security knowledge, from identifying mesh topologies as offering superior fault tolerance to understanding how protocol analyzers diagnose VLAN performance issues.Advanced concepts receive equal attention with clear explanations of UDP timeout values in stateful firewalls, proper NIPS deployment strategies, VPN protocol security comparisons, broadcast storm mitigation techniques, and wireless security standards. Sean's straightforward breakdown of why WPA3 Enterprise provides superior protection and how ARP poisoning facilitates man-in-the-middle attacks transforms complex technical material into accessible knowledge that sticks.Whether you're actively studying for the CISSP exam or simply looking to strengthen your network security fundamentals, this episode delivers precision-targeted information in an engaging format. Visit CISSP Cyber Training for complete access to all practice questions covered and accelerate your certification journey today!Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Director del doctorado en derecho UDP, Javier Couso, se refiere a la posibilidad de que vuelva a existir la pena de muerte en Chile.

TCP vs UDP: Foundational Network ProtocolsProtocol FundamentalsTCP (Transmission Control Protocol)Connection-oriented: Requires handshake establishmentReliable delivery: Uses acknowledgments and packet retransmissionOrdered packets: Maintains exact sequence orderHeader overhead: 20-60 bytes (≈20% additional overhead)Technical implementation:Three-way handshake (SYN → SYN-ACK → ACK)Flow control via sliding window mechanismCongestion control algorithmsSegment sequencing with reordering capabilityFull-duplex operationUDP (User Datagram Protocol)Connectionless: "Fire-and-forget" transmission modelBest-effort delivery: No delivery guaranteesNo packet ordering: Packets arrive independentlyMinimal overhead: 8-byte header (≈4% overhead)Technical implementation:Stateless packet deliveryNo connection establishment or termination phasesNo congestion or flow control mechanismsBasic integrity verification via checksumFixed header structureReal-World ApplicationsTCP-Optimized Use CasesWeb browsers (Chrome, Firefox, Safari) - HTTP/HTTPS trafficEmail clients (Outlook, Gmail)File transfer tools (Filezilla, WinSCP)Database clients (MySQL Workbench)Remote desktop applications (RDP)Messaging platforms (Slack, Discord text)Common requirement: Complete, ordered data deliveryUDP-Optimized Use CasesOnline games (Fortnite, Call of Duty) - real-time movement dataVideo conferencing (Zoom, Google Meet) - audio/video streamsStreaming services (Netflix, YouTube)VoIP applicationsDNS resolversIoT devices and telemetryCommon requirement: Time-sensitive data where partial loss is acceptablePerformance CharacteristicsTCP Performance ProfileHigher latency: Due to handshakes and acknowledgmentsReliable throughput: Stable performance on reliable connectionsConnection state limits: Impacts concurrent connection scalingBest for: Applications where complete data integrity outweighs latency concernsUDP Performance ProfileLower latency: Minimal protocol overheadHigh throughput potential: But vulnerable to network congestionExcellent scalability: Particularly for broadcast/multicast scenariosBest for: Real-time applications where occasional data loss is preferable to waitingImplementation ConsiderationsWhen to Choose TCPData integrity is mission-criticalComplete file transfer verification requiredOperating in unpredictable or high-loss networksApplication can tolerate some latency overheadWhen to Choose UDPReal-time performance requirementsPartial data loss is acceptableLow latency is critical to application functionalityApplication implements its own reliability layer if neededMulticast/broadcast functionality requiredProtocol EvolutionTCP variants: TCP Fast Open, Multipath TCP, QUIC (Google's HTTP/3)UDP enhancements: DTLS (TLS-like security), UDP-Lite (partial checksums)Hybrid approaches emerging in modern protocol designPractical ImplicationsProtocol selection fundamentally impacts application behaviorUnderstanding the differences critical for debugging network issuesLow-level implementation possible in systems languages like RustServices may utilize both protocols for different components

Send us a textJonathan Gheller is the CEO of UDP. After more than one successful start-up he is now applying is knowledge to multifamily. I'm Moshe Crane connect with me on LinkedIn. My day job is the VP of Branding and Strategic Initiatives at Sage Ventures. Check out my newsletter Zag.Sage Ventures is a commercial real estate firm based in Baltimore, MD. The company buys and operates multifamily rental properties. The company also builds and develops homes that we sell.

Spesso, parlando di reti e indirizzi, si sente parlare di "apri quella porta", di TCP e UDP, di connessioni, di portforwarding. E ancora più spesso sento parlare un po' a vanvera. Ho provato a fare un po' di chiarezza Elenco porte TCP e UDP Differenze tra TCP e UDP (ironico) Podcast Orazio de Il Post Podcast Chiedilo a Barbero di Chora Media Puntate 127 e 128 sull'analisi della rete Pillole di Bit (https://www.pilloledib.it/) è un podcast indipendente realizzato da Francesco Tucci, se vuoi metterti con contatto con me puoi scegliere tra diverse piattaforme: - Telegram - BlueSky - Il mio blog personale ilTucci.com - Il mio canale telegram personale Le Cose - Mastodon personale - Mastodon del podcast - la mail (se mi vuoi scrivere in modo diretto e vuoi avere più spazio per il tuo messaggio) Rispondo sempre Se questo podcast ti piace, puoi contribuire alla sue realizzazione! Con una donazione diretta: - Singola con Satispay - Singola con SumUp - Singola o ricorrente con Paypal Usando i link sponsorizzati - Con un acquisto su Amazon (accedi a questo link e metti le cose che vuoi nel carrello) - Attivando uno dei servizi di Ehiweb Se hai donato più di 5€ ricordati di compilare il form per ricevere i gadget! Il sito è gentilmente hostato da ThirdEye (scrivete a domini AT thirdeye.it), un ottimo servizio che vi consiglio caldamente e il podcast è montato con gioia con PODucer, un software per Mac di Alex Raccuglia

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

Josefina Ríos y Matías del Río conversaron con el delegado presidencial de la Región Metropolitana, Gonzalo Durán, sobre el crimen organizado durante los días festivos y las labores que se están llevando a cabo. Además, junto a Nicole Etchegaray, coordinadora ejecutiva de la encuesta Jóvenes chilenos preocupados de su futuro laboral y académica UDP, hablaron de los principales resultados del estudio.

Send us a textUnlock the secrets to mastering core networking concepts crucial for your CISSP exam and cybersecurity career with Sean Gerber on the CISSP Cyber Training Podcast. Ever wondered how the intricate dance between IPv4 and IPv6 affects your daily online interactions? Get ready to explore these foundational Internet protocols, their histories, and the innovative transition mechanisms bridging them. We kick off with a discussion on the eye-opening Mega Breach Database, spotlighting the staggering exposure of around 26 billion records. This breach serves as a cautionary tale of our digital age, underscoring the necessity for robust password management and multi-factor authentication.Journey through the complex landscape of IP addressing as we untangle the web of IPv4 and IPv6 structures. We'll break down IPv4's network and host partitions, the role of TCP and UDP protocols, and the creative, albeit temporary, fix provided by NAT routing. With a shift towards IPv6, discover the implications of its advanced hexadecimal notation and the flexibility offered by CIDR in IP address allocation. If you're grappling with the divide between the old and new, Sean shares insights on key transition strategies, ensuring you comfortably adapt to the evolving technological environment.Lastly, we tackle essential networking protocols like ICMP, IGMP, and ARP, which are indispensable for anyone eyeing the CISSP certification. Learn how to apply these concepts to real-world scenarios, such as identifying potential man-in-the-middle attacks. Whether you're a cybersecurity novice or a seasoned expert, our discussion will equip you with comprehensive knowledge and sharpen your skills, helping you excel in the CISSP exam and beyond. Join us for this enlightening episode, and walk away with the confidence to navigate the complex world of networking.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

Sam and Ryan talk about React 19's useActionState hook. They discuss how adding async functions to a plain React app introduces lots of in-between states that developers must grapple with, and how useActionState allows React to collapse and eliminate these states, bringing the simplicity of React's sync mental model to our async code.Timestamps:0:00 - Intro1:51 - How React normally eliminates state in synchronous apps8:20 - How useActionState lets React eliminate state in asynchronous apps18:17 - Why you shouldn't just pass server actions into useActionState23:00 - TCP/IP and UDP analogy26:39 - Thinking of useActionState like enqueue34:55 - Why the term "reducer" is too loaded for best understanding useActionState51:07 - How useActionState helps you build a Todo app that stays responsive during pending actions

Cet épisode est relativement pauvre en IA, ouaissssssss ! Mais il nous reste plein de Spring, plein de failles, plein d'OpenTelemetry, un peu de versionnage sémantique, une astuce Git et bien d'autres choses encore. Enregistré le 8 novembre 2024 Téléchargement de l'épisode LesCastCodeurs-Episode–318.mp3 News Langages Le createur de Fernflower in decompilateur qui a relancé l'outillage autour de Java 8 est mort, un hommage d'IntelliJ IDEA https://blog.jetbrains.com/idea/2024/11/in-memory-of-stiver/ les decompilateurs s'appuyaient sur des patterns reconnus et étaient fragiles et incomplets surtout quand Java 8 a changé le pattern try catch et ajouté des concepts comme les annotations le champ était moribond quand Stiver s'est lancé dommage l'article n'explique pas comment le control-flow graph est genere a partir du bytecode pour ameliorer la decompilation Librairies On peut maintenant utiliser Jakarta Data Repository dans Quarkus https://in.relation.to/2024/11/04/data-in-quarkus/ petit article avec un projet example aussi un lien sur la presentation de Jakarta Data par Gavin à Devoxx Belgique Quarkus 3.16 https://quarkus.io/guides/opentelemetry-logging logs distribués avec OpenTelemetry (preview) deserialiseurs Jackson sans reflection des améliorations dans la stack de sécurité TLS registry a ratjouté graphql client et keycloak admin client LEs logs des container devservice et des access http sont visible dans la DevUI Les extensions peuvent maintenant ecrire leur doc en markdown (c'etait juste asciidoc avant) Un artcile sur comment débuter en Spring Batch https://www.sfeir.dev/back/planifier-des-taches-avec-spring-batch/ Le support OAuth2 pour RestClient arrive dans Security 6.4 / Boot 3.4. Plus de hack de WebClient dans vos applications Spring-Web ! https://spring.io/blog/2024/10/28/restclient-support-for-oauth2-in-spring-security–6–4 RestClient a été ajouté dans Spring Framework 6.1 API Fluide Spring Security 6.4 simplifie la configuration OAuth2 avec le nouveau client HTTP synchrone RestClient. RestClient permet des requêtes de ressources sans dépendances réactives, alignant la configuration entre applications servlet et réactives. La mise à jour facilite la migration depuis RestTemplate et ouvre la voie à des scénarios avancés. Marre des microservices ? Revenez au monoliths avec Spring Modulith 1.3RC1, 1.2.5 et 1.1.10 https://spring.io/blog/2024/10/28/spring-modulith–1–3-rc1–1–2–5-and–1–1–10-released Spring Modulith 1.3 RC1, 1.2.5, and 1.1.10 sont disponibles. La version 1.3 RC1 inclut des nouvelles fonctionnalités : archiving event publication completion mode compatibilité avec MariaDB et Oracle avec JDBC-based event publication registry Possibilité d'externaliser des événements dans des MessageChannels de Spring. Expressions SpEL dans @Externalized validation d'architecture technique jMolecules. Les versions 1.2.5 et 1.1.10 apportent des correctifs et mises à jour de dépendances. Spring gRPC 0.1 est sorti https://github.com/spring-projects-experimental/spring-grpc c'est tout nouveau et explorationel si c'est un probleme qui vous gratte, ca vaut le coup de jeter un coup d'oeil et participer. Spring Boot 3.3 Integrer Spring avec Open Telemetry (OTLP protocole) https://spring.io/blog/2024/10/28/lets-use-opentelemetry-with-spring rappel de la valeur de ce standard Open Telemetry comment l'utiliser dans vos projets Spring Comment utiliser ollama avec Spring AI https://spring.io/blog/2024/10/22/leverage-the-power-of–45k-free-hugging-face-models-with-spring-ai-and-ollama permet d'acceter aux 45k modeles de Hugging faces qui supportent le deploiement sur ollama il y a un spring boot starter c'est vraiment pour debuter Cloud Google Cloud Frankfort a subit 12h d'interruption https://t.co/VueiQjhCA3 Google Cloud a subi une panne de 12 heures dans la région europe-west3 (Francfort) le 24 octobre 2024. La panne, causée par une défaillance d'alimentation et de refroidissement, a affecté plusieurs services, y compris Compute Engine et Kubernetes Engine. Les utilisateurs ont rencontré des problèmes de création de VM, des échecs d'opérations et des retards de traitement. Google a conseillé de migrer les charges de travail vers d'autres zones. il y a eu une autre zone Europeenne pas mal affectée l'année dernière et des clients ont perdu des données :sweat: Web La fin de la World Wild Web Foundation https://www.theregister.com/2024/09/30/world_wide_web_foundation_closes/ la Fondation World Wide Web ferme ses portes. Les cofondateurs estiment que les problèmes auxquels est confronté le Web ont changé et que d'autres groupes de défense peuvent désormais prendre le relais. Ils estiment également que la priorité absolue doit être donnée à la passion de Tim Berners-Lee pour redonner aux individus le pouvoir et le contrôle de leurs données et pour construire activement des systèmes de collaboration puissants (Solid Protocol - https://solidproject.org/). Release du https://www.patternfly.org/ 6 Fw opensource pour faire de UI, sponsor RH Interessant à regarder Data et Intelligence Artificielle TSMC arrête des ventes à un client chinois qui aurait revenu un processeur à Huawei et utilise dans sa puce IA https://www.reuters.com/technology/tsmc-suspended-shipments-china-firm-after-chip-found-huawei-processor-sources–2024–10–26/ Taiwan Semiconductor Manufacturing Company (TSMC) a suspendu ses livraisons à Sophgo, un concepteur de puces chinois, après la découverte d'une puce fabriquée par TSMC dans un processeur AI de Huawei (Ascend 910B). Cette découverte soulève des préoccupations concernant des violations potentielles des contrôles d'exportation des États-Unis, qui restreignent Huawei depuis 2020. Sophgo, lié à Bitmain, a nié toute connexion avec Huawei et affirme se conformer aux lois applicables. Toutefois, l'incident a conduit à une enquête approfondie de TSMC et des autorités américaines et taïwanaises Open AI et Microsoft, de l'amour à la guerre https://www.computerworld.com/article/3593206/microsoft-and-openai-good-by-bromance-hel[…]m_source=Adestra&huid=4349eeff–5b8b–493d–9e61–9abf8be5293b on a bien suivi les chants d'amour entre Sam Altman et Satia Nadella ca c'est tendu ces derniers temps deja avec le coup chez openAI où MS avait sifflé la fin de la récré “on a le code, les données, l'IP et la capacité, on peut tout recrée” OpenAi a un competiteur de Copilot et essaie de courtises ses clients les apétits d'investissements d'OpenAI et une dispute sur la valeur de la aprt de MS qui a donné des crédits cloud semble etre aui coeur de la dispute du moment Debezium 3 est sorti https://debezium.io/blog/2024/10/02/debezium–3–0-final-released/ Java 17 minimum pour les connecteurs et 21 pour le serveur, l'extension quarkus outbox et pour l'operateur nettoyage des depreciations metriques par table maintenant support for mysql 9 y compris vector data type oracle, default mining strategie changée ehcache off-heap ajouté amelioarations diverses Oracle (offline RAC node flush, max string size for Extended PostgreSQL PGVector etc (Spanner, vitess, …) NotebookLlama: une version Open Source de NotebookLM https://github.com/meta-llama/llama-recipes/tree/main/recipes/quickstart/NotebookLlama Si vous avez été impressionné par les démo de Gemini Notebook, en créant des podcasts à partir de différentes resources, testez la version llama Tutoriel étape par étape pour transformer un PDF en podcast. Outillage Vous aimez Maven? Bien évidemment! Vous aimez asciidoctor? Absolument! Alors la version 3.1.0 du plugin asciidoctor pour maven est pour vous !! https://github.com/asciidoctor/asciidoctor-maven-plugin Le plugin permet soit de convertir des documents asciidoc de manière autonome, soit de les gérer via le site maven GitHub Universe: de l'IA, de l'IA et encore de l'IA https://github.blog/news-insights/product-news/universe–2024-previews-releases/ GitHub Universe 2024 présente les nouveautés de l'année, notamment la possibilité de choisir parmi plusieurs modèles d'IA pour GitHub Copilot (Claude 3.5, Gemini 1.5 Pro, OpenAI o1). Nouvelles fonctionnalités : GitHub Spark pour créer des micro-applications, révisions de code assistées par Copilot, sécurité renforcée avec Copilot Autofix. Simplification des workflows avec les extensions GitHub Copilot Facilitation de la création d'applications IA génératives avec GitHub Models Méthodologies Les blogs de developpeurs experts Java recommandés par IntelliJ https://blog.jetbrains.com/idea/2024/11/top-java-blogs-for-experienced-programmers/ pas forcement d'accord avec toute la liste mais elle donne de bonnes options si vous voulez lire plus de blogs Java Keycloak revient au semantic versioning après avoir suivi le versionage à la Google Chrome https://www.keycloak.org/2024/10/release-updates ne pas savoir si une mise a jour était retrocompatible était problématique pour les utilisateurs aussi les librairies clientes seront délivrées séparément et supporteront toutes les versions serveur de keycloak supportés Sécurité Un exemple d'attaque de secure supply chain théorique identifiée dans le quarkiverse et les détails de la résolution https://quarkus.io/blog/quarkiverse-and-smallrye-new-release-process/ dans le quarkiverse, les choses sont automatisées pour simplifier la vie des contributeurs d'extension occasionels mais il y avait un défaut, les secrets de signature et d'accès à maven central étaient des secrets d'organisation ce qui veut dire qu'un editeur d'extension malicieux pouvait ecrire un pluging ou un test qiu lisait ses secrets et pouvait livrer de faux artifacts la solution est de séparer la construction des artifacts de l'etape de signature et de release sur maven central comme cela les cles ne sont plus accessible Avec Okta pus besoin de mot de passe quand tu as un identifiant long :face_with_hand_over_mouth: https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/ LOL Une vulnérabilité a été découverte dans la génération de la clé de cache pour l'authentification déléguée AD/LDAP. Les conditions: MFA non utilisé Nom d'utilisateur de 52 caractères ou plus Utilisateur authentifié précédemment, créant un cache d'authentification Le cache a été utilisé en premier, ce qui peut se produire si l'agent AD/LDAP était hors service ou inaccessible, par exemple en raison d'un trafic réseau élevé L'authentification s'est produite entre le 23 juillet 2024 et le 30 octobre 2024 Fixé le 30 octobre, 2024 La revanche des imprimantes !! Linux ne les aime pas, et elles lui rendent bien. https://www.theregister.com/2024/09/26/cups_linux_rce_disclosed/ Après quelques heures / jours de rumeurs sur une faille 9.9/10 CVSS il s'avère que cela concerne que les système avec le système d'impression CUPS et cups-browsed Désactivez et/ou supprimez le service cups-browsed. Mettez à jour votre installation CUPS pour appliquer les mises à jour de sécurité lorsqu'elles sont disponibles. Envisagez de bloquer l'accès au port UDP 631 et également de désactiver le DNS-SD. Cela concerne la plupart des distributions Linux, certaines BSD, possiblement Google ChromeOS, Solaris d'Oracle et potentiellement d'autres systèmes, car CUPS est intégré à diverses distributions pour fournir la fonctionnalité d'impression. Pour exploiter cette vulnérabilité via internet ou le réseau local (LAN), un attaquant doit pouvoir accéder à votre service CUPS sur le port UDP 631. Idéalement, aucun de vous ne devrait exposer ce port sur l'internet public. L'attaquant doit également attendre que vous lanciez une tâche d'impression. Si le port 631 n'est pas directement accessible, un attaquant pourrait être en mesure de falsifier des annonces zeroconf, mDNS ou DNS-SD pour exploiter cette vulnérabilité sur un LAN. Loi, société et organisation La version 1.0 de la definition de l'IA l'Open Source est sortie https://siliconangle.com/2024/10/28/osi-clarifies-makes-ai-systems-open-source-open-models-fall-short/ L'Open Source Initiative (OSI) a clarifié les critères pour qu'un modèle d'IA soit considéré comme open-source : accès complet aux données de formation, au code source et aux paramètres d'entraînement. La plupart des modèles dits “open” comme ceux de Meta (Llama) et Stability AI (Stable Diffusion) ne respectent pas ces critères, car ils imposent des restrictions sur l'utilisation commerciale et ne rendent pas publiques les données de formation c'est au details de données de formation (donc pas forcement les données elle meme. “In particular, this must include: (1) the complete description of all data used for training, including (if used) of unshareable data, disclosing the provenance of the data, its scope and characteristics, how the data was obtained and selected, the labeling procedures, and data processing and filtering methodologies; (2) a listing of all publicly available training data and where to obtain it; and (3) a listing of all training data obtainable from third parties and where to obtain it, including for fee.” C'est en echo a la version d'open source AI de la linux fondation En parlant de cela un article sur l'open source washing dans les modèles https://www.theregister.com/2024/10/25/opinion_open_washing/ L'open washing désigne la pratique où des entreprises prétendent que leurs produits ou modèles sont open-source, bien qu'ils ne respectent pas les critères réels d'ouverture (transparence, accessibilité, partage des connaissances). De grandes entreprises comme Meta, Google et Microsoft sont souvent accusées d'utiliser cette stratégie, ce qui soulève des préoccupations concernant la clarté des définitions légales et commerciales de l'open source, surtout avec l'essor de l'IA. Rubrique débutant Un petit article fondamental sur REST https://www.sfeir.dev/rest-definition/ there de Roy Fielding en reaction aux protocoles lourds comme SOAP 5 verbes (GET PUT, POST. DELETE, PATCH) JSON mais pas que (XML et autre pas d'etat inter requete Ask Me Anything Morgan de Montréal Comment faire cohabiter plusieurs dépôts Git ? Je m'explique : dans mon entreprise, nous utilisons notre dépôt Git (Bitbucket) configuré pour notre dépôt d'entreprise. Lorsque je souhaite contribuer à un projet open source, je suis obligé de modifier ma configuration globale Git (nom d'utilisateur, email) pour correspondre à mon compte GitHub. Il arrive souvent que, lorsque je reviens pour effectuer un commit sur le dépôt d'entreprise, j'oublie que je suis en mode “open source”, ce qui entraîne l'enregistrement de mes configurations “open source” dans l'historique de Bitbucket… Comment gérez-vous ce genre de situation ? Comment gérer différents profiles git https://medium.com/@mrjink/using-includeif-to-manage-your-git-identities-bcc99447b04b Conférences La liste des conférences provenant de Developers Conferences Agenda/List par Aurélie Vache et contributeurs : 8 novembre 2024 : BDX I/O - Bordeaux (France) 13–14 novembre 2024 : Agile Tour Rennes 2024 - Rennes (France) 16–17 novembre 2024 : Capitole Du Libre - Toulouse (France) 20–22 novembre 2024 : Agile Grenoble 2024 - Grenoble (France) 21 novembre 2024 : DevFest Strasbourg - Strasbourg (France) 21 novembre 2024 : Codeurs en Seine - Rouen (France) 21 novembre 2024 : Agile Game Toulouse - Toulouse (France) 27–28 novembre 2024 : Cloud Expo Europe - Paris (France) 28 novembre 2024 : OVHcloud Summit - Paris (France) 28 novembre 2024 : Who Run The Tech ? - Rennes (France) 2–3 décembre 2024 : Tech Rocks Summit - Paris (France) 3 décembre 2024 : Generation AI - Paris (France) 3–5 décembre 2024 : APIdays Paris - Paris (France) 4–5 décembre 2024 : DevOpsRex - Paris (France) 4–5 décembre 2024 : Open Source Experience - Paris (France) 5 décembre 2024 : GraphQL Day Europe - Paris (France) 6 décembre 2024 : DevFest Dijon - Dijon (France) 19 décembre 2024 : Normandie.ai 2024 - Rouen (France) 22–25 janvier 2025 : SnowCamp 2025 - Grenoble (France) 30 janvier 2025 : DevOps D-Day #9 - Marseille (France) 6–7 février 2025 : Touraine Tech - Tours (France) 28 février 2025 : Paris TS La Conf - Paris (France) 20 mars 2025 : PGDay Paris - Paris (France) 25 mars 2025 : ParisTestConf - Paris (France) 3 avril 2025 : DotJS - Paris (France) 10–12 avril 2025 : Devoxx Greece - Athens (Greece) 16–18 avril 2025 : Devoxx France - Paris (France) 7–9 mai 2025 : Devoxx UK - London (UK) 16 mai 2025 : AFUP Day 2025 Lille - Lille (France) 16 mai 2025 : AFUP Day 2025 Lyon - Lyon (France) 16 mai 2025 : AFUP Day 2025 Poitiers - Poitiers (France) 11–13 juin 2025 : Devoxx Poland - Krakow (Poland) 12–13 juin 2025 : DevLille - Lille (France) 24 juin 2025 : WAX 2025 - Aix-en-Provence (France) 26–27 juin 2025 : Sunny Tech - Montpellier (France) 1–4 juillet 2025 : Open edX Conference - 2025 - Palaiseau (France) 18–19 septembre 2025 : API Platform Conference - Lille (France) & Online 6–10 octobre 2025 : Devoxx Belgium - Antwerp (Belgium) 9–10 octobre 2025 : Volcamp - Clermont-Ferrand (France) 16–17 octobre 2025 : DevFest Nantes - Nantes (France) 23–25 avril 2026 : Devoxx Greece - Athens (Greece) 17 juin 2026 : Devoxx Poland - Krakow (Poland) Nous contacter Pour réagir à cet épisode, venez discuter sur le groupe Google https://groups.google.com/group/lescastcodeurs Contactez-nous via twitter https://twitter.com/lescastcodeurs Faire un crowdcast ou une crowdquestion Soutenez Les Cast Codeurs sur Patreon https://www.patreon.com/LesCastCodeurs Tous les épisodes et toutes les infos sur https://lescastcodeurs.com/

This week, we discuss something near and dear to our hearts - RDP Shortpath! What is it, even? TCP and UDP? Get out of here! We touch on the current enterprise landscape, the need for BYOD, Microsoft's remote working capabilities, and how RDP Shortpath rules them all. Mostly. Also, Tobi asks Jussi an unexpected question.(00:00) - Intro and catching up.(04:50) - Show content starts.Show links- RDP Shortpath- Ctrl+Alt+Azure | 176 - Let's talk about Azure Virtual Desktop- Ctrl+Alt+Azure | 094 - Your PC in the cloud with Windows 365- Ctrl+Alt+Azure | 149 - Developing in the cloud with Microsoft Dev BoxWe want feedback!- Give us feedback!

We all have fond memories of the first Dev Day in 2023:and the blip that followed soon after. As Ben Thompson has noted, this year's DevDay took a quieter, more intimate tone. No Satya, no livestream, (slightly fewer people?). Instead of putting ChatGPT announcements in DevDay as in 2023, o1 was announced 2 weeks prior, and DevDay 2024 was reserved purely for developer-facing API announcements, primarily the Realtime API, Vision Finetuning, Prompt Caching, and Model Distillation.However the larger venue and more spread out schedule did allow a lot more hallway conversations with attendees as well as more community presentations including our recent guest Alistair Pullen of Cosine as well as deeper dives from OpenAI including our recent guest Michelle Pokrass of the API Team. Thanks to OpenAI's warm collaboration (we particularly want to thank Lindsay McCallum Rémy!), we managed to record exclusive interviews with many of the main presenters of both the keynotes and breakout sessions. We present them in full in today's episode, together with a full lightly edited Q&A with Sam Altman.Show notes and related resourcesSome of these used in the final audio episode below* Simon Willison Live Blog* swyx live tweets and videos* Greg Kamradt coverage of Structured Output session, Scaling LLM Apps session* Fireside Chat Q&A with Sam AltmanTimestamps* [00:00:00] Intro by Suno.ai* [00:01:23] NotebookLM Recap of DevDay* [00:09:25] Ilan's Strawberry Demo with Realtime Voice Function Calling* [00:19:16] Olivier Godement, Head of Product, OpenAI* [00:36:57] Romain Huet, Head of DX, OpenAI* [00:47:08] Michelle Pokrass, API Tech Lead at OpenAI ft. Simon Willison* [01:04:45] Alistair Pullen, CEO, Cosine (Genie)* [01:18:31] Sam Altman + Kevin Weill Q&A* [02:03:07] Notebook LM Recap of PodcastTranscript[00:00:00] Suno AI: Under dev daylights, code ignites. Real time voice streams reach new heights. O1 and GPT, 4. 0 in flight. Fine tune the future, data in sight. Schema sync up, outputs precise. Distill the models, efficiency splice.[00:00:33] AI Charlie: Happy October. This is your AI co host, Charlie. One of our longest standing traditions is covering major AI and ML conferences in podcast format. Delving, yes delving, into the vibes of what it is like to be there stitched in with short samples of conversations with key players, just to help you feel like you were there.[00:00:54] AI Charlie: Covering this year's Dev Day was significantly more challenging because we were all requested not to record the opening keynotes. So, in place of the opening keynotes, we had the viral notebook LM Deep Dive crew, my new AI podcast nemesis, Give you a seven minute recap of everything that was announced.[00:01:15] AI Charlie: Of course, you can also check the show notes for details. I'll then come back with an explainer of all the interviews we have for you today. Watch out and take care.[00:01:23] NotebookLM Recap of DevDay[00:01:23] NotebookLM: All right, so we've got a pretty hefty stack of articles and blog posts here all about open ais. Dev day 2024.[00:01:32] NotebookLM 2: Yeah, lots to dig into there.[00:01:34] NotebookLM 2: Seems[00:01:34] NotebookLM: like you're really interested in what's new with AI.[00:01:36] NotebookLM 2: Definitely. And it seems like OpenAI had a lot to announce. New tools, changes to the company. It's a lot.[00:01:43] NotebookLM: It is. And especially since you're interested in how AI can be used in the real world, you know, practical applications, we'll focus on that.[00:01:51] NotebookLM: Perfect. Like, for example, this Real time API, they announced that, right? That seems like a big deal if we want AI to sound, well, less like a robot.[00:01:59] NotebookLM 2: It could be huge. The real time API could completely change how we, like, interact with AI. Like, imagine if your voice assistant could actually handle it if you interrupted it.[00:02:08] NotebookLM: Or, like, have an actual conversation.[00:02:10] NotebookLM 2: Right, not just these clunky back and forth things we're used to.[00:02:14] NotebookLM: And they actually showed it off, didn't they? I read something about a travel app, one for languages. Even one where the AI ordered takeout.[00:02:21] NotebookLM 2: Those demos were really interesting, and I think they show how this real time API can be used in so many ways.[00:02:28] NotebookLM 2: And the tech behind it is fascinating, by the way. It uses persistent WebSocket connections and this thing called function calling, so it can respond in real time.[00:02:38] NotebookLM: So the function calling thing, that sounds kind of complicated. Can you, like, explain how that works?[00:02:42] NotebookLM 2: So imagine giving the AI Access to this whole toolbox, right?[00:02:46] NotebookLM 2: Information, capabilities, all sorts of things. Okay. So take the travel agent demo, for example. With function calling, the AI can pull up details, let's say about Fort Mason, right, from some database. Like nearby restaurants, stuff like that.[00:02:59] NotebookLM: Ah, I get it. So instead of being limited to what it already knows, It can go and find the information it needs, like a human travel agent would.[00:03:07] NotebookLM 2: Precisely. And someone on Hacker News pointed out a cool detail. The API actually gives you a text version of what's being said. So you can store that, analyze it.[00:03:17] NotebookLM: That's smart. It seems like OpenAI put a lot of thought into making this API easy for developers to use. But, while we're on OpenAI, you know, Besides their tech, there's been some news about, like, internal changes, too.[00:03:30] NotebookLM: Didn't they say they're moving away from being a non profit?[00:03:32] NotebookLM 2: They did. And it's got everyone talking. It's a major shift. And it's only natural for people to wonder how that'll change things for OpenAI in the future. I mean, there are definitely some valid questions about this move to for profit. Like, will they have more money for research now?[00:03:46] NotebookLM 2: Probably. But will they, you know, care as much about making sure AI benefits everyone?[00:03:51] NotebookLM: Yeah, that's the big question, especially with all the, like, the leadership changes happening at OpenAI too, right? I read that their Chief Research Officer left, and their VP of Research, and even their CTO.[00:04:03] NotebookLM 2: It's true. A lot of people are connecting those departures with the changes in OpenAI's structure.[00:04:08] NotebookLM: And I guess it makes you wonder what's going on behind the scenes. But they are still putting out new stuff. Like this whole fine tuning thing really caught my eye.[00:04:17] NotebookLM 2: Right, fine tuning. It's essentially taking a pre trained AI model. And, like, customizing it.[00:04:23] NotebookLM: So instead of a general AI, you get one that's tailored for a specific job.[00:04:27] NotebookLM 2: Exactly. And that opens up so many possibilities, especially for businesses. Imagine you could train an AI on your company's data, you know, like how you communicate your brand guidelines.[00:04:37] NotebookLM: So it's like having an AI that's specifically trained for your company?[00:04:41] NotebookLM 2: That's the idea.[00:04:41] NotebookLM: And they're doing it with images now, too, right?[00:04:44] NotebookLM: Fine tuning with vision is what they called it.[00:04:46] NotebookLM 2: It's pretty incredible what they're doing with that, especially in fields like medicine.[00:04:50] NotebookLM: Like using AI to help doctors make diagnoses.[00:04:52] NotebookLM 2: Exactly. And AI could be trained on thousands of medical images, right? And then it could potentially spot things that even a trained doctor might miss.[00:05:03] NotebookLM: That's kind of scary, to be honest. What if it gets it wrong?[00:05:06] NotebookLM 2: Well, the idea isn't to replace doctors, but to give them another tool, you know, help them make better decisions.[00:05:12] NotebookLM: Okay, that makes sense. But training these AI models must be really expensive.[00:05:17] NotebookLM 2: It can be. All those tokens add up. But OpenAI announced something called automatic prompt caching.[00:05:23] Alex Volkov: Automatic what now? I don't think I came across that.[00:05:26] NotebookLM 2: So basically, if your AI sees a prompt that it's already seen before, OpenAI will give you a discount.[00:05:31] NotebookLM: Huh. Like a frequent buyer program for AI.[00:05:35] NotebookLM 2: Kind of, yeah. It's good that they're trying to make it more affordable. And they're also doing something called model distillation.[00:05:41] NotebookLM: Okay, now you're just using big words to sound smart. What's that?[00:05:45] NotebookLM 2: Think of it like like a recipe, right? You can take a really complex recipe and break it down to the essential parts.[00:05:50] NotebookLM: Make it simpler, but it still tastes the same.[00:05:53] NotebookLM 2: Yeah. And that's what model distillation is. You take a big, powerful AI model and create a smaller, more efficient version.[00:06:00] NotebookLM: So it's like lighter weight, but still just as capable.[00:06:03] NotebookLM 2: Exactly. And that means more people can actually use these powerful tools. They don't need, like, a supercomputer to run them.[00:06:10] NotebookLM: So they're making AI more accessible. That's great.[00:06:13] NotebookLM 2: It is. And speaking of powerful tools, they also talked about their new O1 model.[00:06:18] NotebookLM 2: That's the one they've been hyping up. The one that's supposed to be this big leap forward.[00:06:22] NotebookLM: Yeah, O1. It sounds pretty futuristic. Like, from what I read, it's not just a bigger, better language model.[00:06:28] NotebookLM 2: Right. It's a different porch.[00:06:29] NotebookLM: They're saying it can, like, actually reason, right? Think.[00:06:33] NotebookLM 2: It's trained differently.[00:06:34] NotebookLM 2: They used reinforcement learning with O1.[00:06:36] NotebookLM: So it's not just finding patterns in the data it's seen before.[00:06:40] NotebookLM 2: Not just that. It can actually learn from its mistakes. Get better at solving problems.[00:06:46] NotebookLM: So give me an example. What can O1 do that, say, GPT 4 can't?[00:06:51] NotebookLM 2: Well, OpenAI showed it doing some pretty impressive stuff with math, like advanced math.[00:06:56] NotebookLM 2: And coding, too. Complex coding. Things that even GPT 4 struggled with.[00:07:00] NotebookLM: So you're saying if I needed to, like, write a screenplay, I'd stick with GPT 4? But if I wanted to solve some crazy physics problem, O1 is what I'd use.[00:07:08] NotebookLM 2: Something like that, yeah. Although there is a trade off. O1 takes a lot more power to run, and it takes longer to get those impressive results.[00:07:17] NotebookLM: Hmm, makes sense. More power, more time, higher quality.[00:07:21] NotebookLM 2: Exactly.[00:07:22] NotebookLM: It sounds like it's still in development, though, right? Is there anything else they're planning to add to it?[00:07:26] NotebookLM 2: Oh, yeah. They mentioned system prompts, which will let developers, like, set some ground rules for how it behaves. And they're working on adding structured outputs and function calling.[00:07:38] Alex Volkov: Wait, structured outputs? Didn't we just talk about that? We[00:07:41] NotebookLM 2: did. That's the thing where the AI's output is formatted in a way that's easy to use.[00:07:47] NotebookLM: Right, right. So you don't have to spend all day trying to make sense of what it gives you. It's good that they're thinking about that stuff.[00:07:53] NotebookLM 2: It's about making these tools usable.[00:07:56] NotebookLM 2: And speaking of that, Dev Day finished up with this really interesting talk. Sam Altman, the CEO of OpenAI, And Kevin Weil, their new chief product officer. They talked about, like, the big picture for AI.[00:08:09] NotebookLM: Yeah, they did, didn't they? Anything interesting come up?[00:08:12] NotebookLM 2: Well, Altman talked about moving past this whole AGI term, Artificial General Intelligence.[00:08:18] NotebookLM: I can see why. It's kind of a loaded term, isn't it?[00:08:20] NotebookLM 2: He thinks it's become a bit of a buzzword, and people don't really understand what it means.[00:08:24] NotebookLM: So are they saying they're not trying to build AGI anymore?[00:08:28] NotebookLM 2: It's more like they're saying they're focused on just Making AI better, constantly improving it, not worrying about putting it in a box.[00:08:36] NotebookLM: That makes sense. Keep pushing the limits.[00:08:38] NotebookLM 2: Exactly. But they were also very clear about doing it responsibly. They talked a lot about safety and ethics.[00:08:43] NotebookLM: Yeah, that's important.[00:08:44] NotebookLM 2: They said they were going to be very careful. About how they release new features.[00:08:48] NotebookLM: Good! Because this stuff is powerful.[00:08:51] NotebookLM 2: It is. It was a lot to take in, this whole Dev Day event.[00:08:54] NotebookLM 2: New tools, big changes at OpenAI, and these big questions about the future of AI.[00:08:59] NotebookLM: It was. But hopefully this deep dive helped make sense of some of it. At least, that's what we try to do here.[00:09:05] AI Charlie: Absolutely.[00:09:06] NotebookLM: Thanks for taking the deep dive with us.[00:09:08] AI Charlie: The biggest demo of the new Realtime API involved function calling with voice mode and buying chocolate covered strawberries from our friendly local OpenAI developer experience engineer and strawberry shop owner, Ilan Biggio.[00:09:21] AI Charlie: We'll first play you the audio of his demo and then go into a little interview with him.[00:09:25] Ilan's Strawberry Demo with Realtime Voice Function Calling[00:09:25] Romain Huet: Could you place a call and see if you could get us 400 strawberries delivered to the venue? But please keep that under 1500. I'm on it. We'll get those strawberries delivered for you.[00:09:47] Ilan: Hello? Hi there. Is this Ilan? I'm Romain's AI assistant. How is it going? Fantastic. Can you tell me what flavors of strawberry dips you have for me? Yeah, we have chocolate, vanilla, and we have peanut butter. Wait, how much would 400 chocolate covered strawberries cost? 400? Are you sure you want 400? Yes, 400 chocolate covered[00:10:14] swyx: strawberries.[00:10:15] Ilan: Wait,[00:10:16] swyx: how much[00:10:16] Ilan: would that be? I think that'll be around, like, 1, 415. 92.[00:10:25] Alex Volkov: Awesome. Let's go ahead and place the order for four chocolate covered strawberries.[00:10:31] Ilan: Great, where would you like that delivered? Please deliver them to the Gateway Pavilion at Fort Mason. And I'll be paying in cash.[00:10:42] Alex Volkov: Okay,[00:10:43] Ilan: sweet. So just to confirm, you want four strawberries?[00:10:45] Ilan: 400 chocolate covered strawberries to the Gateway Pavilion. Yes, that's perfect. And when can we expect delivery? Well, you guys are right nearby, so it'll be like, I don't know, 37 seconds? That's incredibly fast. Cool, you too.[00:11:09] swyx: Hi, Ilan, welcome to Lanespace. Oh, thank you. I just saw your amazing demos, had your amazing strawberries. You are dressed up, like, exactly like a strawberry salesman. Gotta have it all. What was the building on demo like? What was the story behind the demo?[00:11:22] swyx: It was really interesting. This is actually something I had been thinking about for months before the launch.[00:11:27] swyx: Like, having a, like, AI that can make phone calls is something like I've personally wanted for a long time. And so as soon as we launched internally, like, I started hacking on it. And then that sort of just started. We made it into like an internal demo, and then people found it really interesting, and then we thought how cool would it be to have this like on stage as, as one of the demos.[00:11:47] swyx: Yeah, would would you call out any technical issues building, like you were basically one of the first people ever to build with a voice mode API. Would you call out any issues like integrating it with Twilio like that, like you did with function calling, with like a form filling elements. I noticed that you had like intents of things to fulfill, and then.[00:12:07] swyx: When there's still missing info, the voice would prompt you, roleplaying the store guy.[00:12:13] swyx: Yeah, yeah, so, I think technically, there's like the whole, just working with audio and streams is a whole different beast. Like, even separate from like AI and this, this like, new capabilities, it's just, it's just tough.[00:12:26] swyx: Yeah, when you have a prompt, conversationally it'll just follow, like the, it was, Instead of like, kind of step by step to like ask the right questions based on like the like what the request was, right? The function calling itself is sort of tangential to that. Like, you have to prompt it to call the functions, but then handling it isn't too much different from, like, what you would do with assistant streaming or, like, chat completion streaming.[00:12:47] swyx: I think, like, the API feels very similar just to, like, if everything in the API was streaming, it actually feels quite familiar to that.[00:12:53] swyx: And then, function calling wise, I mean, does it work the same? I don't know. Like, I saw a lot of logs. You guys showed, like, in the playground, a lot of logs. What is in there?[00:13:03] swyx: What should people know?[00:13:04] swyx: Yeah, I mean, it is, like, the events may have different names than the streaming events that we have in chat completions, but they represent very similar things. It's things like, you know, function call started, argument started, it's like, here's like argument deltas, and then like function call done.[00:13:20] swyx: Conveniently we send one that has the full function, and then I just use that. Nice.[00:13:25] swyx: Yeah and then, like, what restrictions do, should people be aware of? Like, you know, I think, I think, before we recorded, we discussed a little bit about the sensitivities around basically calling random store owners and putting, putting like an AI on them.[00:13:40] swyx: Yeah, so there's, I think there's recent regulation on that, which is why we want to be like very, I guess, aware of, of You know, you can't just call anybody with AI, right? That's like just robocalling. You wouldn't want someone just calling you with AI.[00:13:54] swyx: I'm a developer, I'm about to do this on random people.[00:13:57] swyx: What laws am I about to break?[00:14:00] swyx: I forget what the governing body is, but you should, I think, Having consent of the person you're about to call, it always works. I, as the strawberry owner, have consented to like getting called with AI. I think past that you, you want to be careful. Definitely individuals are more sensitive than businesses.[00:14:19] swyx: I think businesses you have a little bit more leeway. Also, they're like, businesses I think have an incentive to want to receive AI phone calls. Especially if like, they're dealing with it. It's doing business. Right, like, it's more business. It's kind of like getting on a booking platform, right, you're exposed to more.[00:14:33] swyx: But, I think it's still very much like a gray area. Again, so. I think everybody should, you know, tread carefully, like, figure out what it is. I, I, I, the law is so recent, I didn't have enough time to, like, I'm also not a lawyer. Yeah, yeah, yeah, of course. Yeah.[00:14:49] swyx: Okay, cool fair enough. One other thing, this is kind of agentic.[00:14:52] swyx: Did you use a state machine at all? Did you use any framework? No. You just stick it in context and then just run it in a loop until it ends call?[00:15:01] swyx: Yeah, there isn't even a loop, like Okay. Because the API is just based on sessions. It's always just going to keep going. Every time you speak, it'll trigger a call.[00:15:11] swyx: And then after every function call was also invoked invoking like a generation. And so that is another difference here. It's like it's inherently almost like in a loop, be just by being in a session, right? No state machines needed. I'd say this is very similar to like, the notion of routines, where it's just like a list of steps.[00:15:29] swyx: And it, like, sticks to them softly, but usually pretty well. And the steps is the prompts? The steps, it's like the prompt, like the steps are in the prompt. Yeah, yeah, yeah. Right, it's like step one, do this, step one, step two, do that. What if I want to change the system prompt halfway through the conversation?[00:15:44] swyx: You can. Okay. You can. To be honest, I have not played without two too much. Yeah,[00:15:47] swyx: yeah.[00:15:48] swyx: But, I know you can.[00:15:49] swyx: Yeah, yeah. Yeah. Awesome. I noticed that you called it real time API, but not voice API. Mm hmm. So I assume that it's like real time API starting with voice. Right, I think that's what he said on the thing.[00:16:00] swyx: I can't imagine, like, what else is real[00:16:02] swyx: time? Well, I guess, to use ChatGPT's voice mode as an example, Like, we've demoed the video, right? Like, real time image, right? So, I'm not actually sure what timelines are, But I would expect, if I had to guess, That, like, that is probably the next thing that we're gonna be making.[00:16:17] swyx: You'd probably have to talk directly with the team building this. Sure. But, You can't promise their timelines. Yeah, yeah, yeah, right, exactly. But, like, given that this is the features that currently, Or that exists that we've demoed on Chachapiti. Yeah. There[00:16:29] swyx: will never be a[00:16:29] swyx: case where there's like a real time text API, right?[00:16:31] swyx: I don't Well, this is a real time text API. You can do text only on this. Oh. Yeah. I don't know why you would. But it's actually So text to text here doesn't quite make a lot of sense. I don't think you'll get a lot of latency gain. But, like, speech to text is really interesting. Because you can prevent You can prevent responses, like audio responses.[00:16:54] swyx: And force function calls. And so you can do stuff like UI control. That is like super super reliable. We had a lot of like, you know, un, like, we weren't sure how well this was gonna work because it's like, you have a voice answering. It's like a whole persona, right? Like, that's a little bit more, you know, risky.[00:17:10] swyx: But if you, like, cut out the audio outputs and make it so it always has to output a function, like you can end up with pretty pretty good, like, Pretty reliable, like, command like a command architecture. Yeah,[00:17:21] swyx: actually, that's the way I want to interact with a lot of these things as well. Like, one sided voice.[00:17:26] swyx: Yeah, you don't necessarily want to hear the[00:17:27] swyx: voice back. And like, sometimes it's like, yeah, I think having an output voice is great. But I feel like I don't always want to hear an output voice. I'd say usually I don't. But yeah, exactly, being able to speak to it is super sweet.[00:17:39] swyx: Cool. Do you want to comment on any of the other stuff that you announced?[00:17:41] swyx: From caching I noticed was like, I like the no code change part. I'm looking forward to the docs because I'm sure there's a lot of details on like, what you cache, how long you cache. Cause like, enthalpy caches were like 5 minutes. I was like, okay, but what if I don't make a call every 5 minutes?[00:17:56] swyx: Yeah,[00:17:56] swyx: to be super honest with you, I've been so caught up with the real time API and making the demo that I haven't read up on the other stuff. Launches too much. I mean, I'm aware of them, but I think I'm excited to see how all distillation works. That's something that we've been doing like, I don't know, I've been like doing it between our models for a while And I've seen really good results like I've done back in a day like from GPT 4 to GPT 3.[00:18:19] swyx: 5 And got like, like pretty much the same level of like function calling with like hundreds of functions So that was super super compelling So, I feel like easier distillation, I'm really excited for. I see. Is it a tool?[00:18:31] swyx: So, I saw evals. Yeah. Like, what is the distillation product? It wasn't super clear, to be honest.[00:18:36] swyx: I, I think I want to, I want to let that team, I want to let that team talk about it. Okay,[00:18:40] swyx: alright. Well, I appreciate you jumping on. Yeah, of course. Amazing demo. It was beautifully designed. I'm sure that was part of you and Roman, and[00:18:47] swyx: Yeah, I guess, shout out to like, the first people to like, creators of Wanderlust, originally, were like, Simon and Carolis, and then like, I took it and built the voice component and the voice calling components.[00:18:59] swyx: Yeah, so it's been a big team effort. And like the entire PI team for like Debugging everything as it's been going on. It's been, it's been so good working with them. Yeah, you're the first consumers on the DX[00:19:07] swyx: team. Yeah. Yeah, I mean, the classic role of what we do there. Yeah. Okay, yeah, anything else? Any other call to action?[00:19:13] swyx: No, enjoy Dev Day. Thank you. Yeah. That's it.[00:19:16] Olivier Godement, Head of Product, OpenAI[00:19:16] AI Charlie: The latent space crew then talked to Olivier Godmont, head of product for the OpenAI platform, who led the entire Dev Day keynote and introduced all the major new features and updates that we talked about today.[00:19:28] swyx: Okay, so we are here with Olivier Godmont. That's right.[00:19:32] swyx: I don't pronounce French. That's fine. It was perfect. And it was amazing to see your keynote today. What was the back story of, of preparing something like this? Preparing, like, Dev Day? It[00:19:43] Olivier Godement: essentially came from a couple of places. Number one, excellent reception from last year's Dev Day.[00:19:48] Olivier Godement: Developers, startup founders, researchers want to spend more time with OpenAI, and we want to spend more time with them as well. And so for us, like, it was a no brainer, frankly, to do it again, like, you know, like a nice conference. The second thing is going global. We've done a few events like in Paris and like a few other like, you know, non European, non American countries.[00:20:05] Olivier Godement: And so this year we're doing SF, Singapore, and London. To frankly just meet more developers.[00:20:10] swyx: Yeah, I'm very excited for the Singapore one.[00:20:12] Olivier Godement: Ah,[00:20:12] swyx: yeah. Will you be[00:20:13] Olivier Godement: there?[00:20:14] swyx: I don't know. I don't know if I got an invite. No. I can't just talk to you. Yeah, like, and then there was some speculation around October 1st.[00:20:22] Olivier Godement: Yeah. Is it because[00:20:23] swyx: 01, October 1st? It[00:20:25] Olivier Godement: has nothing to do. I discovered the tweet yesterday where like, people are so creative. No one, there was no connection to October 1st. But in hindsight, that would have been a pretty good meme by Tiana. Okay.[00:20:37] swyx: Yeah, and you know, I think like, OpenAI's outreach to developers is something that I felt the whole in 2022, when like, you know, like, people were trying to build a chat GPT, and like, there was no function calling, all that stuff that you talked about in the past.[00:20:51] swyx: And that's why I started my own conference as like like, here's our little developer conference thing. And, but to see this OpenAI Dev Day now, and like to see so many developer oriented products coming to OpenAI, I think it's really encouraging.[00:21:02] Olivier Godement: Yeah, totally. It's that's what I said, essentially, like, developers are basically the people who make the best connection between the technology and, you know, the future, essentially.[00:21:14] Olivier Godement: Like, you know, essentially see a capability, see a low level, like, technology, and are like, hey, I see how that application or that use case that can be enabled. And so, in the direction of enabling, like, AGI, like, all of humanity, it's a no brainer for us, like, frankly, to partner with Devs.[00:21:31] Alessio: And most importantly, you almost never had waitlists, which, compared to like other releases, people usually, usually have.[00:21:38] Alessio: What is the, you know, you had from caching, you had real time voice API, we, you know, Shawn did a long Twitter thread, so people know the releases. Yeah. What is the thing that was like sneakily the hardest to actually get ready for, for that day, or like, what was the kind of like, you know, last 24 hours, anything that you didn't know was gonna work?[00:21:56] Olivier Godement: Yeah. The old Fairly, like, I would say, involved, like, features to ship. So the team has been working for a month, all of them. The one which I would say is the newest for OpenAI is the real time API. For a couple of reasons. I mean, one, you know, it's a new modality. Second, like, it's the first time that we have an actual, like, WebSocket based API.[00:22:16] Olivier Godement: And so, I would say that's the one that required, like, the most work over the month. To get right from a developer perspective and to also make sure that our existing safety mitigation that worked well with like real time audio in and audio out.[00:22:30] swyx: Yeah, what design choices or what was like the sort of design choices that you want to highlight?[00:22:35] swyx: Like, you know, like I think for me, like, WebSockets, you just receive a bunch of events. It's two way. I obviously don't have a ton of experience. I think a lot of developers are going to have to embrace this real time programming. Like, what are you designing for, or like, what advice would you have for developers exploring this?[00:22:51] Olivier Godement: The core design hypothesis was essentially, how do we enable, like, human level latency? We did a bunch of tests, like, on average, like, human beings, like, you know, takes, like, something like 300 milliseconds to converse with each other. And so that was the design principle, essentially. Like, working backward from that, and, you know, making the technology work.[00:23:11] Olivier Godement: And so we evaluated a few options, and WebSockets was the one that we landed on. So that was, like, one design choice. A few other, like, big design choices that we had to make prompt caching. Prompt caching, the design, like, target was automated from the get go. Like, zero code change from the developer.[00:23:27] Olivier Godement: That way you don't have to learn, like, what is a prompt prefix, and, you know, how long does a cache work, like, we just do it as much as we can, essentially. So that was a big design choice as well. And then finally, on distillation, like, and evaluation. The big design choice was something I learned at Skype, like in my previous job, like a philosophy around, like, a pit of success.[00:23:47] Olivier Godement: Like, what is essentially the, the, the minimum number of steps for the majority of developers to do the right thing? Because when you do evals on fat tuning, there are many, many ways, like, to mess it up, frankly, like, you know, and have, like, a crappy model, like, evals that tell, like, a wrong story. And so our whole design was, okay, we actually care about, like, helping people who don't have, like, that much experience, like, evaluating a model, like, get, like, in a few minutes, like, to a good spot.[00:24:11] Olivier Godement: And so how do we essentially enable that bit of success, like, in the product flow?[00:24:15] swyx: Yeah, yeah, I'm a little bit scared to fine tune especially for vision, because I don't know what I don't know for stuff like vision, right? Like, for text, I can evaluate pretty easily. For vision let's say I'm like trying to, one of your examples was grab.[00:24:33] swyx: Which, very close to home, I'm from Singapore. I think your example was like, they identified stop signs better. Why is that hard? Why do I have to fine tune that? If I fine tune that, do I lose other things? You know, like, there's a lot of unknowns with Vision that I think developers have to figure out.[00:24:50] swyx: For[00:24:50] Olivier Godement: sure. Vision is going to open up, like, a new, I would say, evaluation space. Because you're right, like, it's harder, like, you know, to tell correct from incorrect, essentially, with images. What I can say is we've been alpha testing, like, the Vision fine tuning, like, for several weeks at that point. We are seeing, like, even higher performance uplift compared to text fine tuning.[00:25:10] Olivier Godement: So that's, there is something here, like, we've been pretty impressed, like, in a good way, frankly. But, you know, how well it works. But for sure, like, you know, I expect the developers who are moving from one modality to, like, text and images will have, like, more, you know Testing, evaluation, like, you know, to set in place, like, to make sure it works well.[00:25:25] Alessio: The model distillation and evals is definitely, like, the most interesting. Moving away from just being a model provider to being a platform provider. How should people think about being the source of truth? Like, do you want OpenAI to be, like, the system of record of all the prompting? Because people sometimes store it in, like, different data sources.[00:25:41] Alessio: And then, is that going to be the same as the models evolve? So you don't have to worry about, you know, refactoring the data, like, things like that, or like future model structures.[00:25:51] Olivier Godement: The vision is if you want to be a source of truth, you have to earn it, right? Like, we're not going to force people, like, to pass us data.[00:25:57] Olivier Godement: There is no value prop, like, you know, for us to store the data. The vision here is at the moment, like, most developers, like, use like a one size fits all model, like be off the shelf, like GP40 essentially. The vision we have is fast forward a couple of years. I think, like, most developers will essentially, like, have a.[00:26:15] Olivier Godement: An automated, continuous, fine tuned model. The more, like, you use the model, the more data you pass to the model provider, like, the model is automatically, like, fine tuned, evaluated against some eval sets, and essentially, like, you don't have to every month, when there is a new snapshot, like, you know, to go online and, you know, try a few new things.[00:26:34] Olivier Godement: That's a direction. We are pretty far away from it. But I think, like, that evaluation and decision product are essentially a first good step in that direction. It's like, hey, it's you. I set it by that direction, and you give us the evaluation data. We can actually log your completion data and start to do some automation on your behalf.[00:26:52] Alessio: And then you can do evals for free if you share data with OpenAI. How should people think about when it's worth it, when it's not? Sometimes people get overly protective of their data when it's actually not that useful. But how should developers think about when it's right to do it, when not, or[00:27:07] Olivier Godement: if you have any thoughts on it?[00:27:08] Olivier Godement: The default policy is still the same, like, you know, we don't train on, like, any API data unless you opt in. What we've seen from feedback is evaluation can be expensive. Like, if you run, like, O1 evals on, like, thousands of samples Like, your build will get increased, like, you know, pretty pretty significantly.[00:27:22] Olivier Godement: That's problem statement number one. Problem statement number two is, essentially, I want to get to a world where whenever OpenAI ships a new model snapshot, we have full confidence that there is no regression for the task that developers care about. And for that to be the case, essentially, we need to get evals.[00:27:39] Olivier Godement: And so that, essentially, is a sort of a two bugs one stone. It's like, we subsidize, basically, the evals. And we also use the evals when we ship new models to make sure that we keep going in the right direction. So, in my sense, it's a win win, but again, completely opt in. I expect that many developers will not want to share their data, and that's perfectly fine to me.[00:27:56] swyx: Yeah, I think free evals though, very, very good incentive. I mean, it's a fair trade. You get data, we get free evals. Exactly,[00:28:04] Olivier Godement: and we sanitize PII, everything. We have no interest in the actual sensitive data. We just want to have good evaluation on the real use cases.[00:28:13] swyx: Like, I always want to eval the eval. I don't know if that ever came up.[00:28:17] swyx: Like, sometimes the evals themselves are wrong, and there's no way for me to tell you.[00:28:22] Olivier Godement: Everyone who is starting with LLM, teaching with LLM, is like, Yeah, evaluation, easy, you know, I've done testing, like, all my life. And then you start to actually be able to eval, understand, like, all the corner cases, And you realize, wow, there's like a whole field in itself.[00:28:35] Olivier Godement: So, yeah, good evaluation is hard and so, yeah. Yeah, yeah.[00:28:38] swyx: But I think there's a, you know, I just talked to Brain Trust which I think is one of your partners. Mm-Hmm. . They also emphasize code based evals versus your sort of low code. What I see is like, I don't know, maybe there's some more that you didn't demo.[00:28:53] swyx: YC is kind of like a low code experience, right, for evals. Would you ever support like a more code based, like, would I run code on OpenAI's eval platform?[00:29:02] Olivier Godement: For sure. I mean, we meet developers where they are, you know. At the moment, the demand was more for like, you know, easy to get started, like eval. But, you know, if we need to expose like an evaluation API, for instance, for people like, you know, to pass, like, you know, their existing test data we'll do it.[00:29:15] Olivier Godement: So yeah, there is no, you know, philosophical, I would say, like, you know, misalignment on that. Yeah,[00:29:19] swyx: yeah, yeah. What I think this is becoming, by the way, and I don't, like it's basically, like, you're becoming AWS. Like, the AI cloud. And I don't know if, like, that's a conscious strategy, or it's, like, It doesn't even have to be a conscious strategy.[00:29:33] swyx: Like, you're going to offer storage. You're going to offer compute. You're going to offer networking. I don't know what networking looks like. Networking is maybe, like, Caching or like it's a CDN. It's a prompt CDN.[00:29:45] Alex Volkov: Yeah,[00:29:45] swyx: but it's the AI versions of everything, right? Do you like do you see the analogies or?[00:29:52] Olivier Godement: Whatever Whatever I took to developers. I feel like Good models are just half of the story to build a good app There's a third model you need to do Evaluation is the perfect example. Like, you know, you can have the best model in the world If you're in the dark, like, you know, it's really hard to gain the confidence and so Our philosophy is[00:30:11] Olivier Godement: The whole like software development stack is being basically reinvented, you know, with LLMs. There is no freaking way that open AI can build everything. Like there is just too much to build, frankly. And so my philosophy is, essentially, we'll focus on like the tools which are like the closest to the model itself.[00:30:28] Olivier Godement: So that's why you see us like, you know, investing quite a bit in like fine tuning, distillation, our evaluation, because we think that it actually makes sense to have like in one spot, Like, you know, all of that. Like, there is some sort of virtual circle, essentially, that you can set in place. But stuff like, you know, LLMOps, like tools which are, like, further away from the model, I don't know if you want to do, like, you know, super elaborate, like, prompt management, or, you know, like, tooling, like, I'm not sure, like, you know, OpenAI has, like, such a big edge, frankly, like, you know, to build this sort of tools.[00:30:56] Olivier Godement: So that's how we view it at the moment. But again, frankly, the philosophy is super simple. The strategy is super simple. It's meeting developers where they want us to be. And so, you know that's frankly, like, you know, day in, day out, like, you know, what I try to do.[00:31:08] Alessio: Cool. Thank you so much for the time.[00:31:10] Alessio: I'm sure you,[00:31:10] swyx: Yeah, I have more questions on, a couple questions on voice, and then also, like, your call to action, like, what you want feedback on, right? So, I think we should spend a bit more time on voice, because I feel like that's, like, the big splash thing. I talked well Well, I mean, I mean, just what is the future of real time for OpenAI?[00:31:28] swyx: Yeah. Because I think obviously video is next. You already have it in the, the ChatGPT desktop app. Do we just have a permanent, like, you know, like, are developers just going to be, like, sending sockets back and forth with OpenAI? Like how do we program for that? Like, what what is the future?[00:31:44] Olivier Godement: Yeah, that makes sense. I think with multimodality, like, real time is quickly becoming, like, you know, essentially the right experience, like, to build an application. Yeah. So my expectation is that we'll see like a non trivial, like a volume of applications like moving to a real time API. Like if you zoom out, like, audio is really simple, like, audio until basically now.[00:32:05] Olivier Godement: Audio on the web, in apps, was basically very much like a second class citizen. Like, you basically did like an audio chatbot for users who did not have a choice. You know, they were like struggling to read, or I don't know, they were like not super educated with technology. And so, frankly, it was like the crappy option, you know, compared to text.[00:32:25] Olivier Godement: But when you talk to people in the real world, the vast majority of people, like, prefer to talk and listen instead of typing and writing.[00:32:34] swyx: We speak before we write.[00:32:35] Olivier Godement: Exactly. I don't know. I mean, I'm sure it's the case for you in Singapore. For me, my friends in Europe, the number of, like, WhatsApp, like, voice notes they receive every day, I mean, just people, it makes sense, frankly, like, you know.[00:32:45] Olivier Godement: Chinese. Chinese, yeah.[00:32:46] swyx: Yeah,[00:32:47] Olivier Godement: all voice. You know, it's easier. There is more emotions. I mean, you know, you get the point across, like, pretty well. And so my personal ambition for, like, the real time API and, like, audio in general is to make, like, audio and, like, multimodality, like, truly a first class experience.[00:33:01] Olivier Godement: Like, you know, if you're, like, you know, the amazing, like, super bold, like, start up out of YC, you want to build, like, the next, like, billion, like, you know, user application to make it, like, truly your first and make it feel, like, you know, an actual good, like, you know, product experience. So that's essentially the ambition, and I think, like, yeah, it could be pretty big.[00:33:17] swyx: Yeah. I think one, one people, one issue that people have with the voice so far as, as released in advanced voice mode is the refusals.[00:33:24] Alex Volkov: Yeah.[00:33:24] swyx: You guys had a very inspiring model spec. I think Joanne worked on that. Where you said, like, yeah, we don't want to overly refuse all the time. In fact, like, even if, like, not safe for work, like, in some occasions, it's okay.[00:33:38] swyx: How, is there an API that we can say, not safe for work, okay?[00:33:41] Olivier Godement: I think we'll get there. I think we'll get there. The mobile spec, like, nailed it, like, you know. It nailed it! It's so good! Yeah, we are not in the business of, like, policing, you know, if you can say, like, vulgar words or whatever. You know, there are some use cases, like, you know, I'm writing, like, a Hollywood, like, script I want to say, like, will go on, and it's perfectly fine, you know?[00:33:59] Olivier Godement: And so I think the direction where we'll go here is that basically There will always be like, you know, a set of behavior that we will, you know, just like forbid, frankly, because they're illegal against our terms of services. But then there will be like, you know, some more like risky, like themes, which are completely legal, like, you know, vulgar words or, you know, not safe for work stuff.[00:34:17] Olivier Godement: Where basically we'll expose like a controllable, like safety, like knobs in the API to basically allow you to say, hey, that theme okay, that theme not okay. How sensitive do you want the threshold to be on safety refusals? I think that's the Dijkstra. So a[00:34:31] swyx: safety API.[00:34:32] Olivier Godement: Yeah, in a way, yeah.[00:34:33] swyx: Yeah, we've never had that.[00:34:34] Olivier Godement: Yeah. '[00:34:35] swyx: cause right now is you, it is whatever you decide. And then it's, that's it. That, that, that would be the main reason I don't use opening a voice is because of[00:34:42] Olivier Godement: it's over police. Over refuse over refusals. Yeah. Yeah, yeah. No, we gotta fix that. Yeah. Like singing,[00:34:47] Alessio: we're trying to do voice. I'm a singer.[00:34:49] swyx: And you, you locked off singing.[00:34:51] swyx: Yeah,[00:34:51] Alessio: yeah, yeah.[00:34:52] swyx: But I, I understand music gets you in trouble. Okay. Yeah. So then, and then just generally, like, what do you want to hear from developers? Right? We have, we have all developers watching you know, what feedback do you want? Any, anything specific as well, like from, especially from today anything that you are unsure about, that you are like, Our feedback could really help you decide.[00:35:09] swyx: For sure.[00:35:10] Olivier Godement: I think, essentially, it's becoming pretty clear after today that, you know, I would say the open end direction has become pretty clear, like, you know, after today. Investment in reasoning, investment in multimodality, Investment as well, like in, I would say, tool use, like function calling. To me, the biggest question I have is, you know, Where should we put the cursor next?[00:35:30] Olivier Godement: I think we need all three of them, frankly, like, you know, so we'll keep pushing.[00:35:33] swyx: Hire 10, 000 people, or actually, no need, build a bunch of bots.[00:35:37] Olivier Godement: Exactly, and so let's take O1 smart enough, like, for your problems? Like, you know, let's set aside for a second the existing models, like, for the apps that you would love to build, is O1 basically it in reasoning, or do we still have, like, you know, a step to do?[00:35:50] Olivier Godement: Preview is not enough, I[00:35:52] swyx: need the full one.[00:35:53] Olivier Godement: Yeah, so that's exactly that sort of feedback. Essentially what they would love to do is for developers I mean, there's a thing that Sam has been saying like over and over again, like, you know, it's easier said than done, but I think it's directionally correct. As a developer, as a founder, you basically want to build an app which is a bit too difficult for the model today, right?[00:36:12] Olivier Godement: Like, what you think is right, it's like, sort of working, sometimes not working. And that way, you know, that basically gives us like a goalpost, and be like, okay, that's what you need to enable with the next model release, like in a few months. And so I would say that Usually, like, that's the sort of feedback which is like the most useful that I can, like, directly, like, you know, incorporate.[00:36:33] swyx: Awesome. I think that's our time. Thank you so much, guys. Yeah, thank you so much.[00:36:38] AI Charlie: Thank you. We were particularly impressed that Olivier addressed the not safe for work moderation policy question head on, as that had only previously been picked up on in Reddit forums. This is an encouraging sign that we will return to in the closing candor with Sam Altman at the end of this episode.[00:36:57] Romain Huet, Head of DX, OpenAI[00:36:57] AI Charlie: Next, a chat with Roman Hewitt, friend of the pod, AI Engineer World's fair closing keynote speaker, and head of developer experience at OpenAI on his incredible live demos And advice to AI engineers on all the new modalities.[00:37:12] Alessio: Alright, we're live from OpenAI Dev Day. We're with Juan, who just did two great demos on, on stage.[00:37:17] Alessio: And he's been a friend of Latentspace, so thanks for taking some of the time.[00:37:20] Romain Huet: Of course, yeah, thank you for being here and spending the time with us today.[00:37:23] swyx: Yeah, I appreciate appreciate you guys putting this on. I, I know it's like extra work, but it really shows the developers that you're, Care and about reaching out.[00:37:31] Romain Huet: Yeah, of course, I think when you go back to the OpenAI mission, I think for us it's super important that we have the developers involved in everything we do. Making sure that you know, they have all of the tools they need to build successful apps. And we really believe that the developers are always going to invent the ideas, the prototypes, the fun factors of AI that we can't build ourselves.[00:37:49] Romain Huet: So it's really cool to have everyone here.[00:37:51] swyx: We had Michelle from you guys on. Yes, great episode. She very seriously said API is the path to AGI. Correct. And people in our YouTube comments were like, API is not AGI. I'm like, no, she's very serious. API is the path to AGI. Like, you're not going to build everything like the developers are, right?[00:38:08] swyx: Of[00:38:08] Romain Huet: course, yeah, that's the whole value of having a platform and an ecosystem of amazing builders who can, like, in turn, create all of these apps. I'm sure we talked about this before, but there's now more than 3 million developers building on OpenAI, so it's pretty exciting to see all of that energy into creating new things.[00:38:26] Alessio: I was going to say, you built two apps on stage today, an international space station tracker and then a drone. The hardest thing must have been opening Xcode and setting that up. Now, like, the models are so good that they can do everything else. Yes. You had two modes of interaction. You had kind of like a GPT app to get the plan with one, and then you had a cursor to do apply some of the changes.[00:38:47] Alessio: Correct. How should people think about the best way to consume the coding models, especially both for You know, brand new projects and then existing projects that you're trying to modify.[00:38:56] Romain Huet: Yeah. I mean, one of the things that's really cool about O1 Preview and O1 Mini being available in the API is that you can use it in your favorite tools like cursor like I did, right?[00:39:06] Romain Huet: And that's also what like Devin from Cognition can use in their own software engineering agents. In the case of Xcode, like, it's not quite deeply integrated in Xcode, so that's why I had like chat GPT side by side. But it's cool, right, because I could instruct O1 Preview to be, like, my coding partner and brainstorming partner for this app, but also consolidate all of the, the files and architect the app the way I wanted.[00:39:28] Romain Huet: So, all I had to do was just, like, port the code over to Xcode and zero shot the app build. I don't think I conveyed, by the way, how big a deal that is, but, like, you can now create an iPhone app from scratch, describing a lot of intricate details that you want, and your vision comes to life in, like, a minute.[00:39:47] Romain Huet: It's pretty outstanding.[00:39:48] swyx: I have to admit, I was a bit skeptical because if I open up SQL, I don't know anything about iOS programming. You know which file to paste it in. You probably set it up a little bit. So I'm like, I have to go home and test it. And I need the ChatGPT desktop app so that it can tell me where to click.[00:40:04] Romain Huet: Yeah, I mean like, Xcode and iOS development has become easier over the years since they introduced Swift and SwiftUI. I think back in the days of Objective C, or like, you know, the storyboard, it was a bit harder to get in for someone new. But now with Swift and SwiftUI, their dev tools are really exceptional.[00:40:23] Romain Huet: But now when you combine that with O1, as your brainstorming and coding partner, it's like your architect, effectively. That's the best way, I think, to describe O1. People ask me, like, can GPT 4 do some of that? And it certainly can. But I think it will just start spitting out code, right? And I think what's great about O1, is that it can, like, make up a plan.[00:40:42] Romain Huet: In this case, for instance, the iOS app had to fetch data from an API, it had to look at the docs, it had to look at, like, how do I parse this JSON, where do I store this thing, and kind of wire things up together. So that's where it really shines. Is mini or preview the better model that people should be using?[00:40:58] Romain Huet: Like, how? I think people should try both. We're obviously very excited about the upcoming O1 that we shared the evals for. But we noticed that O1 Mini is very, very good at everything math, coding, everything STEM. If you need for your kind of brainstorming or your kind of science part, you need some broader knowledge than reaching for O1 previews better.[00:41:20] Romain Huet: But yeah, I used O1 Mini for my second demo. And it worked perfectly. All I needed was very much like something rooted in code, architecting and wiring up like a front end, a backend, some UDP packets, some web sockets, something very specific. And it did that perfectly.[00:41:35] swyx: And then maybe just talking about voice and Wanderlust, the app that keeps on giving, what's the backstory behind like preparing for all of that?[00:41:44] Romain Huet: You know, it's funny because when last year for Dev Day, we were trying to think about what could be a great demo app to show like an assistive experience. I've always thought travel is a kind of a great use case because you have, like, pictures, you have locations, you have the need for translations, potentially.[00:42:01] Romain Huet: There's like so many use cases that are bounded to travel that I thought last year, let's use a travel app. And that's how Wanderlust came to be. But of course, a year ago, all we had was a text based assistant. And now we thought, well, if there's a voice modality, what if we just bring this app back as a wink.[00:42:19] Romain Huet: And what if we were interacting better with voice? And so with this new demo, what I showed was the ability to like, So, we wanted to have a complete conversation in real time with the app, but also the thing we wanted to highlight was the ability to call tools and functions, right? So, like in this case, we placed a phone call using the Twilio API, interfacing with our AI agents, but developers are so smart that they'll come up with so many great ideas that we could not think of ourselves, right?[00:42:48] Romain Huet: But what if you could have like a, you know, a 911 dispatcher? What if you could have like a customer service? Like center, that is much smarter than what we've been used to today. There's gonna be so many use cases for real time, it's awesome.[00:43:00] swyx: Yeah, and sometimes actually you, you, like this should kill phone trees.[00:43:04] swyx: Like there should not be like dial one[00:43:07] Romain Huet: of course para[00:43:08] swyx: espanol, you know? Yeah, exactly. Or whatever. I dunno.[00:43:12] Romain Huet: I mean, even you starting speaking Spanish would just do the thing, you know you don't even have to ask. So yeah, I'm excited for this future where we don't have to interact with those legacy systems.[00:43:22] swyx: Yeah. Yeah. Is there anything, so you are doing function calling in a streaming environment. So basically it's, it's web sockets. It's UDP, I think. It's basically not guaranteed to be exactly once delivery. Like, is there any coding challenges that you encountered when building this?[00:43:39] Romain Huet: Yeah, it's a bit more delicate to get into it.[00:43:41] Romain Huet: We also think that for now, what we, what we shipped is a, is a beta of this API. I think there's much more to build onto it. It does have the function calling and the tools. But we think that for instance, if you want to have something very robust, On your client side, maybe you want to have web RTC as a client, right?[00:43:58] Romain Huet: And, and as opposed to like directly working with the sockets at scale. So that's why we have partners like Life Kit and Agora if you want to, if you want to use them. And I'm sure we'll have many mores in the, in many more in the future. But yeah, we keep on iterating on that, and I'm sure the feedback of developers in the weeks to come is going to be super critical for us to get it right.[00:44:16] swyx: Yeah, I think LiveKit has been fairly public that they are used in, in the Chachapiti app. Like, is it, it's just all open source, and we just use it directly with OpenAI, or do we use LiveKit Cloud or something?[00:44:28] Romain Huet: So right now we, we released the API, we released some sample code also, and referenced clients for people to get started with our API.[00:44:35] Romain Huet: And we also partnered with LifeKit and Agora, so they also have their own, like ways to help you get started that plugs natively with the real time API. So depending on the use case, people can, can can decide what to use. If you're working on something that's completely client or if you're working on something on the server side, for the voice interaction, you may have different needs, so we want to support all of those.[00:44:55] Alessio: I know you gotta run. Is there anything that you want the AI engineering community to give feedback on specifically, like even down to like, you know, a specific API end point or like, what, what's like the thing that you want? Yeah. I[00:45:08] Romain Huet: mean, you know, if we take a step back, I think dev Day this year is all different from last year and, and in, in a few different ways.[00:45:15] Romain Huet: But one way is that we wanted to keep it intimate, even more intimate than last year. We wanted to make sure that the community is. Thank you very much for joining us on the Spotlight. That's why we have community talks and everything. And the takeaway here is like learning from the very best developers and AI engineers.[00:45:31] Romain Huet: And so, you know we want to learn from them. Most of what we shipped this morning, including things like prompt caching the ability to generate prompts quickly in the playground, or even things like vision fine tuning. These are all things that developers have been asking of us. And so, the takeaway I would, I would leave them with is to say like, Hey, the roadmap that we're working on is heavily influenced by them and their work.[00:45:53] Romain Huet: And so we love feedback From high feature requests, as you say, down to, like, very intricate details of an API endpoint, we love feedback, so yes that's, that's how we, that's how we build this API.[00:46:05] swyx: Yeah, I think the, the model distillation thing as well, it might be, like, the, the most boring, but, like, actually used a lot.[00:46:12] Romain Huet: True, yeah. And I think maybe the most unexpected, right, because I think if I, if I read Twitter correctly the past few days, a lot of people were expecting us. To shape the real time API for speech to speech. I don't think developers were expecting us to have more tools for distillation, and we really think that's gonna be a big deal, right?[00:46:30] Romain Huet: If you're building apps that have you know, you, you want high, like like low latency, low cost, but high performance, high quality on the use case distillation is gonna be amazing.[00:46:40] swyx: Yeah. I sat in the distillation session just now and they showed how they distilled from four oh to four mini and it was like only like a 2% hit in the performance and 50 next.[00:46:49] swyx: Yeah,[00:46:50] Romain Huet: I was there as well for the superhuman kind of use case inspired for an Ebola client. Yeah, this was really good. Cool man! so much for having me. Thanks again for being here today. It's always[00:47:00] AI Charlie: great to have you. As you might have picked up at the end of that chat, there were many sessions throughout the day focused on specific new capabilities.[00:47:08] Michelle Pokrass, Head of API at OpenAI ft. Simon Willison[00:47:08] AI Charlie: Like the new model distillation features combining EVOLs and fine tuning. For our next session, we are delighted to bring back two former guests of the pod, which is something listeners have been greatly enjoying in our second year of doing the Latent Space podcast. Michelle Pokras of the API team joined us recently to talk about structured outputs, and today gave an updated long form session at Dev Day, describing the implementation details of the new structured output mode.[00:47:39] AI Charlie: We also got her updated thoughts on the VoiceMode API we discussed in her episode, now that it is finally announced. She is joined by friend of the pod and super blogger, Simon Willison, who also came back as guest co host in our Dev Day. 2023 episode.[00:47:56] Alessio: Great, we're back live at Dev Day returning guest Michelle and then returning guest co host Fork.[00:48:03] Alessio: Fork, yeah, I don't know. I've lost count. I think it's been a few. Simon Willison is back. Yeah, we just wrapped, we just wrapped everything up. Congrats on, on getting everything everything live. Simon did a great, like, blog, so if you haven't caught up, I[00:48:17] Simon Willison: wrote my, I implemented it. Now, I'm starting my live blog while waiting for the first talk to start, using like GPT 4, I wrote me the Javascript, and I got that live just in time and then, yeah, I was live blogging the whole day.[00:48:28] swyx: Are you a cursor enjoyer?[00:48:29] Simon Willison: I haven't really gotten into cursor yet to be honest. I just haven't spent enough time for it to click, I think. I'm more a copy and paste things out of Cloud and chat GPT. Yeah. It's interesting.[00:48:39] swyx: Yeah. I've converted to cursor and 01 is so easy to just toggle on and off.[00:48:45] Alessio: What's your workflow?[00:48:46] Alessio: VS[00:48:48] Michelle Pokrass: Code co pilot, so Yep, same here. Team co pilot. Co pilot is actually the reason I joined OpenAI. It was, you know, before ChatGPT, this is the thing that really got me. So I'm still into it, but I keep meaning to try out Cursor, and I think now that things have calmed down, I'm gonna give it a real go.[00:49:03] swyx: Yeah, it's a big thing to change your tool of choice.[00:49:06] swyx: Yes,[00:49:06] Michelle Pokrass: yeah, I'm pretty dialed, so.[00:49:09] swyx: I mean, you know, if you want, you can just fork VS Code and make your own. That's the thing to dumb thing, right? We joked about doing a hackathon where the only thing you do is fork VS Code and bet me the best fork win.[00:49:20] Michelle Pokrass: Nice.[00:49:22] swyx: That's actually a really good idea. Yeah, what's up?[00:49:26] swyx: I mean, congrats on launching everything today. I know, like, we touched on it a little bit, but, like, everyone was kind of guessing that Voice API was coming, and, like, we talked about it in our episode. How do you feel going into the launch? Like, any design decisions that you want to highlight?[00:49:41] Michelle Pokrass: Yeah, super jazzed about it. The team has been working on it for a while. It's, like, a very different API for us. It's the first WebSocket API, so a lot of different design decisions to be made. It's, like, what kind of events do you send? When do you send an event? What are the event names? What do you send, like, on connection versus on future messages?[00:49:57] Michelle Pokrass: So there have been a lot of interesting decisions there. The team has also hacked together really cool projects as we've been testing it. One that I really liked is we had an internal hack a thon for the API team. And some folks built like a little hack that you could use to, like VIM with voice mode, so like, control vim, and you would tell them on like, nice, write a file and it would, you know, know all the vim commands and, and pipe those in.[00:50:18] Michelle Pokrass: So yeah, a lot of cool stuff we've been hacking on and really excited to see what people build with it.[00:50:23] Simon Willison: I've gotta call out a demo from today. I think it was Katja had a 3D visualization of the solar system, like WebGL solar system, you could talk to. That is one of the coolest conference demos I've ever seen.[00:50:33] Simon Willison: That was so convincing. I really want the code. I really want the code for that to get put out there. I'll talk[00:50:39] Michelle Pokrass: to the team. I think we can[00:50:40] Simon Willison: probably

Forecast = 50% chance of unexpected software installations followed by scattered UDP packet sprays. ‍ In this episode of Storm⚡️Watch, we follow up on the intriguing 'Noise Storms' that had the cybersecurity community buzzing. Security researcher David Schuetz has made some fascinating discoveries about these mysterious ping packets flooding the internet. His investigation, detailed at darthnull.org/noisestorms/, takes us on a journey through packet analysis, timestamp decoding, and network protocol deep-dives, offering new perspectives on the potential origins of those enigmatic 'LOVE' packets. Our Cyberside Chat segment dives into the recent CUPS daemon vulnerability, exploring the implications of this daft uncoordinated disclosure. We'll break down the details provided by Censys in their analysis of the Common Unix Printing Service vulnerabilities. In our Cyber Focus segment, we discuss the surprising news about Kaspersky antivirus software deleting itself and installing UltraAV and other bits of code without warnings. We'll also highlight some recent blog posts from Censys, VulnCheck, and GreyNoise. These articles cover topics ranging from Fox Kitten infrastructure analysis to securing internet-exposed industrial control systems, and even delve into phishing tactics targeting election security. Our "We Need to Talk About KEV" segment rounds up the latest additions to CISA's Known Exploited Vulnerabilities catalog, keeping you informed about the most critical security issues to address. Storm Watch Homepage >> Learn more about GreyNoise >>  

We explain the one-packet attack on CUPS and discuss its real-world implications. Plus, a Meshtastic update and more.Sponsored By:Jupiter Party Annual Membership: Put your support on automatic with our annual plan, and get one month of membership for free!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks:

Limiting Process Priority in a FreeBSD Jail, Why You Should Use FreeBSD, The web fun fact that domains can end in dots and canonicalization failures, Replacing postfix with dma + auth, modern unix tool list, Smol KVM, The Computers of Voyager NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines FreeBSD Tips and Tricks: Limiting Process Priority in a FreeBSD Jail (https://it-notes.dragas.net/2024/07/11/limiting-process-priority-in-freebsd-jail/) Why You Should Use FreeBSD (https://freebsdfoundation.org/blog/why-you-should-use-freebsd/) News Roundup The web fun fact that domains can end in dots and canonicalization failures (https://utcc.utoronto.ca/~cks/space/blog/web/DomainDotsAndCanonicalization) Replacing postfix with dma + auth (https://dan.langille.org/2024/08/02/replacing-postfix-with-dma-auth/) modern unix tool list (https://notes.billmill.org/computer_usage/cli_tips_and_tools/modern_unix_tool_list.html) Smol KVM (https://adventurist.me/posts/00324) The Computers of Voyager (https://hackaday.com/2024/05/06/the-computers-of-voyager/) Beastie Bits No unmodified files remain from original import of OpenBSD (https://www.undeadly.org/cgi?action=article;sid=20240824114631) The BSDCan 2024 Playlist is now complete (https://www.undeadly.org/cgi?action=article;sid=20240814053159) UDP parallel input committed to -current (http://undeadly.org/cgi?action=article;sid=20240727110501) Your browser is your Computer (https://www.exaequos.com) For the member-berries (https://defrag98.com) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)

Jim talks with Toufi Saliba about the Toda/IP protocol and HyperCycle, a decentralized network for AI-to-AI communication. They discuss the high-level view of Toda/IP & HyperCycle, enabling communication of value, what Toda adds on top of UDP, time & cost constraints, cryptographic proof in the first handshake, how Toda transfers value in very small quantities, how settlement occurs, who has custody of a dollar, transaction machines, where money is kept & what prevents stealing, an actual non-fungible token, fully decentralized smart contracts, whether or not Toda is analogous to paper money in a gold standard world, Toufi's motivation for building this tech, hyperinflation in Germany in the 1920s, the currency for AI, OpenCog's AGI ASI project, why inter-operation with AI is important, wealth creation at the node level, a market in results not compute, how this helps facilitate AGI, the entire world reaching AGI vs a single entity reaching it, why Toufi thinks AGI is close, reasons for thinking decentralized AGI will happen first, how to get involved, the cost of a node, using Moloch's incentives to overthrow Moloch, learning how to run nodes, HyperCycle vs SinguarityNET, and much more. Episode Transcript JRS Currents 027: Charles Hoskinson on Cardano Blockchain Project JRS EP217 - Ben Goertzel on a New Framework for AGI Toufi Saliba is the co-author of the Toda/IP protocol and currently serves as the global chair for international protocols for AI security for the IEEE, which is the world's largest technical professional organization dedicated to advancing technology for the benefit of all humanity. Toufi has a history of building various AI projects centered around cryptography and cybersecurity. In October 2022, he took on the leadership of Hypercycle.ai, which is focused on developing a general-purpose technology supporting a decentralized network for AI-to-AI communication.

El académico de la Facultad de Medicina de la UDP comentó que en general las personas que migran hacia el Fondo Nacional de Salud son personas sanas que tienen poder adquisitivo por lo los hospitales no se han resentido.

In his regular monthly spot on PING, APNIC's Chief Scientist Geoff Huston re-visits the question of DNS Extensions, in particular the EDNS0 option signalling maximum UDP packet size accepted, and it's effect in the modern DNS. Through the APNIC Labs measurement system Geoff has visibility of the success rate for DNS events where EDNS0 signalling triggers DNS “truncation” and the consequent re-query in TCP as well as the impact of UDP fragmentation even inside the agreed limit, as well as the ability to handle the UDP packet sizes proffered in the settings. Read more about EDNS0 and UDP on the APNIC Blog and at APNIC Labs Revisiting DNS and UDP truncation (Geoff Huston, APNIC Blog July 2024) DNS TCP Requery failure rate (APNIC Labs)

Romain Basset is back for another podcast episode. Today, Andy and Romain discuss the notorious threat actor group, Anonymous Sudan. They explore who this group is, their affiliations, motivations, and the tactics, techniques, and procedures (TTPs) they employ.   The discussion includes an overview of various types of threat actor groups, situating Anonymous Sudan within this landscape, and providing a detailed background on the group's emergence, targets, and the significant impact of their attacks.  Key Takeaways:  Anonymous Sudan is a threat actor group that sits between being an activist group and a state-sponsored cyber-criminal group.    The group is known for highly disruptive and visible DDoS attacks, often targeting large organizations and infrastructure like Microsoft's Azure, OneDrive, and Outlook.com.  Anonymous Sudan utilizes a variety of DDoS techniques and tools, including HTTP floods, SYN floods, UDP floods, and ICMP floods, often coordinating with other botnets to amplify the impact. Anonymous Sudan's tactics appear focused on disruption and visibility, aiming to make a public impact and spread their political/religious messaging.    Timestamps:  (02:43) - Categories of Threat Actor Groups  (05:44) - Ties Between Anonymous Sudan and Russia  (10:59) - Tools Used by Anonymous Sudan  (15:47) - Techniques and Procedures of Anonymous Sudan  (24:08) - Typical DDoS Attack Procedure  Episode Resources:  Next-gen Microsoft Security and Compliance Management to meet your Requirements  

Greetings! And also with you! Welcome back to another episode with YOUR Brothers in Arms! Tonight we acknowledge And all you other people, RIP SeaMoose,  It's a tradition. Hi I'm Paul, boats are supposed to sink - ships don't, How do you get debt out of deployment? UDP. Is that like a urinary tract infection? Is it a drinking club, or gun club? Both. We're meeting on Tuesday. We forgot the cat memes. It's groundhog day. There's 2 gyms, why would we need that? We have free reign to run around base. Alex doesn't run. Unofficially sponsored by Garmin. I guess we're showing watches. I got mine from Walmart. I can ping my watch. Me too! It can tell you how stressed you are. I can do that. It has a button that says run. Alex wouldn't push that. Usher noises. What? Okay. On national television, worldwide. Greg is still struggling with a 15 year old game. Now he's cheating. It's all about the perks. Liz on a plane. No snakes, only kids. Alex is playing softball. Tomahawk chop. Line drives to the shortstop. No magic for Alex this week. Patrick went to a baseball game. 55 dollar hotdogs. Prayed for the new guys. They're going to need it. Rain checks. Braves lost, boo! It just kinda farted out. It was alot. It was harry potter night. How did we miss this? So yeah, that's us. I got a chicken. He goes everywhere. Venture pal. You know what has less than 30 calories? Water. Why do they say sugar free? Are they sugar free? Look out, they spit. Indoor plumbing, it's gonna be big. Walle? That's five. You got me thinking about it. Amy Grant was on that one. Mad props smart plane. The wifi is terrible. Generational rambling. Technology will be the end of us. make it a ticket - not reckless,  Dad jokes. Sign out for affiliation. Send us Dad jokes and cat memes. All this with multiple laughable moments on this week's episode of Brothers in Arms!   Where you can reach us: YouTube: BrothersinArmsPodcast Instagram: Yourbrothersinarmspodcast Twitter: @YourBIAPodcast Gmail: yourbrothersinarmspodcast@gmail.com Twitch: Twitch.tv/brothersinarmspodcast (schedule varies due to life) Website: https://brothersinarms.podbean.com

Marcel Guzenda, Konsultant IT, Twórca Internetowy oraz Przedsiębiorca opowiada o tym jak działają sieci komputerowe. [more] Rozmawiamy m.in. o teoretycznych aspektach, jak również praktycznych. Poruszymy tematy związane z urządzeniami, protokołami oraz softwarem. Pełen opis odcinka, polecane materiały i linki oraz transkrypcję znajdziesz na: https://devmentor.pl/b/ || devmentor.pl/rozmowa ⬅ Chcesz przebranżowić się do IT i poznać rozwiązania, które innym pozwoliły skutecznie znaleźć pracę? Jestem doświadczonym developerem oraz mentorem programowania – chętnie odpowiem na Twoje pytania o naukę programowania oraz świat IT. Umów się na bezpłatną, niezobowiązującą rozmowę! ~ Mateusz Bogolubow, twórca podcastu Pierwsze kroki w IT || devmentor.pl/podcast ⬅ Oficjalna strona podcastu

El experto en transportes y decano de la Facultad de Ingeniería y Ciencias de la UDP, abordó la situación de la "Ley Uber" luego que el ministerio de Transportes retira de Contraloría el reglamento que busca la regulación de las aplicaciones de movilidad.

The political landscape of Utah has long been shaped by a diversity of voices and perspectives. Today, we turn our attention to the Utah Democratic Party. With a rich history deeply rooted in the principles of equality, justice, and compassion, the party continues to be a driving force for positive change within our communities. How is the Democratic Party looking in Utah's election cycle? What are the similarities between the local and national messaging of the Democratic Party? What should we expect with VP Kamala Harris' visit to Utah coming up? Scott Howell joins the show to answer all the questions about the UDP.

En Ivoox puedes encontrar sólo algunos de los audios de Mindalia. Para escuchar las 4 grabaciones diarias que publicamos entra en https://www.mindaliatelevision.com. Si deseas ver el vídeo perteneciente a este audio, pincha aquí: https://www.youtube.com/watch?v=xqTZKnV8aQc&t=53s Contemplamos los fenómenos de percepción extrasensorial desde las investigaciones y experimentaciones de Mauricio Arenas. Descubre cómo estas experiencias le han permitido demostrar la existencia de la Visión Remota, Visión Duermo Óptica, Visión Extraocular, y Clarisensibilidad, entre otras. La PES es una realidad y nos entrega la posibilidad de avanzar en nuestro despertar y desarrollo de la Consciencia. Mauricio Arenas Ingeniero y licenciado en Marketing de la UDP, con grado de magíster y estudios de Filosofía y Psicología. Consultor senior, investigador y experimentador en fenómenos de percepción extrasensorial. Director del Instituto de Parapsicología de Chile. Infórmate de todo el programa en: http://television.mindalia.com/catego... **CON PREGUNTAS AL FINAL DE LA CONFERENCIA PARA RESOLVER TUS DUDAS *** Si te parece interesante.... ¡COMPÁRTELO!! :-) -----------INFORMACIÓN SOBRE MINDALIA--------- Mindalia.com es una ONG internacional sin ánimo de lucro. Nuestra misión es la difusión universal de contenidos para la mejora de la consciencia espiritual, mental y física. -Apóyanos con tu donación en este enlace: https://streamelements.com/mindaliapl... -Colabora con el mundo suscribiéndote a este canal, dejándonos un comentario de energía positiva en nuestros vídeos y compartiéndolos. De esta forma, este conocimiento llegará a mucha más gente. - Sitio web: https://www.mindalia.com - Facebook: / mindalia.ayuda - Instagram: / mindalia_com - Twitch: / mindaliacom - Vaughn: https://vaughn.live/mindalia - Odysee: https://odysee.com/@Mindalia.com *Mindalia.com no se hace responsable de las opiniones vertidas en este vídeo, ni necesariamente participa de ellas. *Mindalia.com no se responsabiliza de la fiabilidad de las informaciones de este vídeo, cualquiera sea su origen. *Este vídeo es exclusivamente informativo.

Jay Leedy probably had a bunch of options open to him when he decided he'd done his job with Sony's pro display team, and it might have surprised some of his industry friends when he signed on with a much smaller company, New York-based Videri, as its Senior VP for Strategic Alliances. It didn't surprise me, because Videri has been on a bit of a tear in the last few months, hiring well-connected and respected senior people away from other companies active in digital signage. That came out of a $20 million fundraising round announced late last year. I did a podcast about a year ago with Videri CEO Wes Nicol, so I didn't want to spend too much time talking again about Videri's product and services. We get into that and what attracted Leedy, but what I was really interested in hearing about was his point of view on the CMS software market. His prior role with Sony was building up the digital signage software ecosystem, which involved talking to and looking at scores of different companies. He eventually onboarded some 90 in his three-plus years there, about 70 of them CMS software firms. So Leedy has a pretty unique perspective on what's out there, and how companies differentiate themselves in what remains a very crowded CMS software market. Subscribe from wherever you pick up new podcasts. TRANSCRIPT Jay Leedy, thank you for joining me. You've had some big changes in the last few weeks.  Jay Leedy: Thank you. I have. Thanks for having me, Dave. It's great to hear your voice.  Yeah, you don't want to see me.  Jay Leedy: It's been a couple of months since I saw you last at ISE, but yeah, some changes that were on the horizon at ISE kind of came to fruition over the last several months, and I'm happy to say I'm in my fourth week, almost complete with my fourth week here at Videri. Wow, you're almost past probation. Are you going to make it?  Jay Leedy: They haven't kicked me out yet. My wife told me that the paycheck showed up in our bank account yesterday. Yay!  Things are rocking. I knew you when you were with Convergent and Diversified then you went over to Sony. Am I missing anything there? Jay Leedy: I think that's the extent of my career in this space. I got introduced to integrations prior to moving to Convergent through a company that had point-of-purchase display manufacturing as their core and had a division that focused on, what we called Intelligent Loss Prevention. We were basically importing a lot of technology solutions to solve theft prevention in retail and that's how I got exposed to systems integration, and when I saw digital signage as a part of that, I naturally gravitated toward that. I saw there was going to be a big growth arc and fortunately, I've been right so far.  We can get into what you were doing with Sony because I'm intrigued by the role you had and the unique perspective that was offered, but I'm curious because when you started thinking, okay, I've done my job here with Sony and what's my next thing? What compelled you to go to Videri, I suspect you had a number of options.  Jay Leedy: Yeah, it's a good question. The little background that I just gave you is in part why Videri was really appealing to me. You're right. I had really broad exposure to the market across a number of technologies, not just digital signage, and was considering options outside of digital signage, to be perfectly honest, but the reason that Videri was compelling for me was a couple of reasons.  One is the, very strong push they were making into the market with some clear funding and a product offering that was differentiated in displays that were very thin and lightweight looking and appealed to the sensibilities of retailers and designers and the folks that I really like engaging with on the creative side of our business, combined with software that really makes it easy to make these things pop and, deliver what we call orchestration of content across multiple canvases of displays to unify those.  But there were some other things that went into that as well. I met Rob Avery, who had recently joined the company from Scala, at your event at ISE. I'd already met Wes Nicol, the CEO, about a year prior, and then Steven Jenkins, who I'd worked with at Diversified, had recently joined as the CRO along with Nathan Jones, who I'd also worked with as a Managing Director for North America. So there are already some pieces in place, and when I met Rob and we chatted briefly about his point of view on where we are versus where he wanted to take the software on the roadmap, that really clicked with me. Then we announced Jeff Griffin coming in as a retail technology guru and a guy who was at the genesis of what we called Walmart TV. So it wasn't even digital signage when he was involved with that deployment. So he's had a long history of selling into that market, and really the last piece to fall into place for me was, we secured, Tom Ross from NowSignage and I think he must eat energy bars constantly. He has the most energy and passion for the channel of any guy that I've met in this industry, and I've met a lot. All of those things coming together was really a big part of making that decision for me. Yeah, it's interesting. I've told the story a few times of couple of years ago at DSC in Vegas, some company called Videri had reached out to me and said, could you come to our suite at ARIA and have a look at our pots and pans? And I said, I'm super busy, and so on, and they bugged me and on the last day in the afternoon, I was dead tired, but I said, okay, fine, because I was staying next door and I didn't know a damn thing about them and met them, walked this endless hallway to get to their suite and they showed me these flat panel displays.  I thought, oh, dear God, I've walked all this way to see some skinny displays, but then they started to explain what they're up to, the business model and how they were working with a very large Austrian energy drink brand that they're not allowed to officially talk about, and I thought, now I get it, and over those, intervening two years, the company has really grown in terms of marketplace visibility and everything else and they have a somewhat unique, not entirely unique, but somewhat unique product.  Jay Leedy: Yeah, I agree. In fact, I was registered to go to that same event but couldn't get there because I was super busy that week. I also didn't have a relationship with them yet. So I didn't yet feel obligated, but I didn't see their product until Digital Signage Week, or maybe it was NRF, one of the two where they had a hospitality event at their offices in New York and I made my way there and I was as compelled as you were because of what they were doing but also where they were saying they were going. And you're right. The visibility for Videri has been exponential. I think as contemporaries in our sphere of the industry have gotten more visibility to their hardware and a better understanding of whether software can cause the entire industry to really lean in and that's been the case. I think when I announced that I was leaving Sony combined with two days later announcing that I was joining Videri, I never had as much web traffic on my LinkedIn as those two days. I think it was something on the order of 15,000 impressions between the two posts and that tells me that there's a lot of people who were really intrigued about what this new company is and as I've gotten deeper into the organization and started to really look around at the core architecture of our software, which is an Android-based SoC. So all of our displays run Android 12, which offers a lot of opportunity for third-party solutions to run alongside ours, or in some cases, in place of our software with our firmware being the glue that binds the delivery of that software, and I think there's a lot of opportunities in that regard as well, right?  My goal will really be to build out an ecosystem and a partner strategy very similar to what I was doing at Sony and fortunately, I have a lot of existing relationships that I was already working with that can parlay right into that, that are all dialed into that Android approach, but I think Android, in particular, was compelling for me because it has become a de facto standard in many respects and in a lot of cases with retailers, because of the security components to it, and our particular flavor of Android is locked down, which is really appealing. all the stars really aligned there.  It's interesting because Android, if you asked people out five years ago, they would probably say no, not going anywhere near that. Jay Leedy: I know when I was Diversified, it was an absolute non-starter, but the market's changed, and fortunately the strength of Android and the security protocols have changed, and I think it's you and I've talked about a little bit, right? The impression and kind of point of view on Android Deployed in enterprise environments has changed as well. I think largely because of the broad use of MDMs or device management solutions and familiarity with those tools, with IT admins having a level of comfort with those. At the end of the day, displays for digital signage are IOT devices that have to be managed and locked down in a similar fashion. So something that's familiar just resonates with those decision makers.  You mentioned a couple of minutes ago third party suppliers or providers.  Are you saying, and you can correct me if I'm getting this wrong, that if I'm another CMS software company, I could, in theory, drive Videri displays? Jay Leedy: Absolutely, and we've already tested a handful of them. I think we've got about five so far. We've also tested some lift-and-learn solutions that are quasi-CMS but would also be able to run in concert with our CMS.  That'd be like Glass Media stuff? Jay Leedy: It's more like Sign Metrics. We're on ARC over at Pick‘n'Watch. He's got a really interesting solution that's all Bluetooth and UDP-based. We're also looking at wireless solutions for audience measurement, the likes of Blue Zoo or Movia Media.  Some of the CMS platforms that we've tested, run the gamut of the kind of those that are known more heavily in the space, like Spp Space and Corbett, and then others that are maybe lesser known like Play Signage or one of the newer ones that, as you mentioned earlier, the idea of a hobby business that's not yet full bore or fully funded or has a sales and marketing team behind it, what have you… There's a company called AbleSign that's got some pretty capable products. Largely a lot of these are available as progressive web app options where the device management capabilities of their full-featured apps are stripped out and therefore don't present a conflict with some of the remote capabilities that are the device management capabilities that we bring to bear. But, in the longer term, we'll also test scenarios where maybe a full-featured solution could be used or what we see more as a trend; why I was looking maybe outside of digital signage, in other technology providers, is that, especially in North America, and I think that this will cascade to other markets is that enterprise clients, in particular, have a point of view on device management. So, it was really important when I was at Sony to be compatible with whatever infrastructure decisions had been made upstream so that we could just say yes to projects and be specified regardless of what the requirements were. To some extent, that's a consideration with Videri's approach as well. It's interesting, with this idea that you can work with other CMS software companies. I'm trying to envision that phone call or that meeting on their end, wouldn't they be saying that you have a software that competes with our software?  Jay Leedy: Yeah, but I think we also have a really attractive line of hardware, right? The kind of customer that will gravitate towards our hardware may, in some cases, already have an investment and an existing state of software that they don't want to deviate from. So it may make sense for us to offer our hardware with some recurring fees for the support and device management components while also being able to enable content management on a familiar platform that is more broadly used across their estate. Those are scenarios that we're gaming out.  What drew my attention in the tippet area is how the square displays in particular were something that could replace old beverage brands' neon or plastic backlit signs in bars and restaurants. It was something that was dynamic, the quick ROI that would come out of that, but I've seen Videri in particular marketing, multi-screen video cone matrix. I think there's another word you guys use.  Jay Leedy: We call it an orchestration, but yeah, it'd be a mosaic or a configuration of multi-canvas screens that, in some cases, we're seeing incorporated with other visual merchandising elements or other artwork elements in hospitality applications, for example. You might like static, traditional artwork and imagery interspersed with dynamic elements that are part of Videri. The entire wall can very easily be mapped, and content pushed and split across the displays so that it makes sense visually without a lot of hardware to deliver that, and I think that's really a unique element of our software.  Yeah, and I like the ability to mix and match squares and rectangles display canvases and I know Samsung had a square product years ago, and it came and went because they like to sell hundreds of thousands, not thousands of units, but it came back with this and because manufacturers in Asia are now able to natively manufacture square things instead of cutting a rectangle and turning it into a square, redoing the electronics and costing a lot of money.  Jay Leedy: Yeah, the run rate on our square product versus the other ones is probably not as high, to be fair, but those unique shapes and, I think, more specifically, smaller form factors, the lighter weight, the bezels are only probably about three quarters of an inch thick. The fact that they're low-voltage offers a lot of flexibility. We've got a shop fitter or a point-of-purchase display manufacturer in Germany that's developed a unique bracket that allows these displays to be moved around in their modular system. The entire system is powered with low voltage.  It's a company called Visplay, and they've done some really interesting stuff. These powered, essentially track systems or grids have ports, and the brackets are designed to automatically pick up power as soon as they do. Once they hit the Wi-Fi, they just start playing content again. So it gives the retailer or the shop fitter a lot of modularity, and they don't have to get a technician on-site to make these changes. It's something that they can do with store staff and that's really appealing as well.  That's interesting. I've been doing a lot of reading and paying a lot of attention to the whole retail media networks landscape of late because it's obviously got a lot of traction, even though much of the spending now is not in the store but billboards and online, but it's going that way and I've said and heard from people that it's not going to be a second wave of stores, putting big ass LCD displays on every available surface like it maybe was in the 2010s when athletic wear retailers, in particular, were doing that.  It's going to have to be smaller displays and interesting displays that fit into the design and are designed from the start or ones that don't get in the way of merchandising. Jay Leedy: Yeah, exactly. I think we've seen that in various gestations over the last several years, especially in consumer packaged goods, brands will incorporate digital elements as part of a turnkey fixture package. It's one of the things I was working on with Diversified prior to the pandemic, and unfortunately, the pandemic killed the momentum on a project that was really promising for us. But it was in partnership with Westrock, and the idea was that, as Diversified, we would be the integrator and managed service provider to support design, build, and ultimately manage and service these things once deployed. Westrock designed the fixture and also what they called kit packing. So they brought in inventory from their partner at the time, GlaxoSmithKline. They fully merchandised a display fitted with graphics and then added our digital elements with an LTE modem cradle point. As soon as the store personnel received it, which they wielded into place, they didn't have to have a technician. Essentially, they had a turnkey solution that, as soon as it was plugged in, called home and had a range of content that would be played based on a number of parameters. There was an integrated camera.  So, I think there's a really appealing turnkey solution that doesn't have to rely on the retailer's data infrastructure, which is usually fairly constrained. This gives the brands a lot more freedom for placement but a lot more control over execution as well as the ability to, as you rightly said, put digital in places where you wouldn't expect it, and that's a hallmark of our approach, right? These smaller screens are unique form factors that are less obtrusive and don't detract from the merchandising but actually can complement it, and you're right, I think retail media networks will manifest in that way so that it's not an afterthought. It's not a screen that's hanging from the ceilings left in front of the end cap, but it's actually integrated into the end cap or into the merchandising fixture or what have you. So it really does the job of carrying the brand message, and I think there's a lot of appeal there, especially in lifestyle brands. Especially for a product where, through our orchestration, we could draw attention to an entire category or shop within a store rather than just having individual merchandising fixtures, each with its own message. The adoption barrier that I've encountered when I've talked to brands about this, what you were just describing is they like it, but they only need it for six weeks or four weeks or some defined campaign term, and even though they may be a big CPG brand with all kinds of products they're so siloed that you couldn't just say, “This shampoo digital fixture could be a body lotion fixture for round two, and you could share it across different ones.” They'd say, “Yeah, but that would never happen.”  Jay Leedy: Yeah, that was actually the concept of the one that we were working on with Westrock and GlaxoSmithKline. So the idea was that it'd be a seasonal product that was focused on at the time, Flonase and Claritin, and then once the season for allergies was over, they would pivot to another product that was better suited to the next season. That was exactly the concept. I think you're right. There is a seasonality to these activities, but the beauty of digital is that you can effectively reskin these things and repurpose them. So long as you have an intelligent design and the rest of the fixture to accommodate a range of products, and basically send in another kit of graphics and merchandise to correspond with that in partnership with a kit packer like Westrock. You can clarify your role with Sony, which you were there for two or three years, I think. But what I found intriguing now that you're not there is that your gig was basically developing partnerships for Sony to use its smart displays. When you started, there were, I think, one or two, maybe, and by the time you left, I think you were past 80 different partners.  So you had this unique perspective of talking to a whole bunch of CMS software companies about what they had and analyzing whether there was a fit, and I'm just curious, having seen all these different ones and now somewhat detached from them, what your impression? Are they all the same, which is, I think what most people would think?  Jay Leedy: Yeah, I was there for three and a half years, and you're right. When I came on, there was exactly one product that had gone through any kind of formal due diligence or QA, and so my program was really about building out that ecosystem with some formalities and processes, and I was fortunate enough to talk to and onboard roughly 90 different technologies that were, I'd say maybe 70% of those were digital signage and the rest were spread between unified communications or AV over IP as a software-defined solution. We also had a range of telemetry and UCC solutions as well. I think I had exposure to roughly 140 companies or so. On the CMS front, I know Invidus recently did a report that you commented on in your blog as well, and you're not wrong, for the most part, a lot of CMS platforms, at their core, do the same thing. The difference is how they do it. For me, the flexibility in their architecture, as I mentioned earlier, the idea of progressive web apps that decouple some of the real differentiation early in the market, that was an all-in-one solution with device management, has kind of evolved to the point where customers want flexibility and deciding and decoupling that device management from CMS but there's also, I think, the extent to which these companies have invested in APIs and manage those APIs and other data connectors and understand interoperability sets them apart.  I think for me, with Videri and our clear focus on retail and creative agencies and optimizing and enabling workflows that would be API dependent, as well as a cloud-based SaaS that has the flexibility to be able to grow and evolve, in that direction, that was what was appealing for me. It's not to say that Videri was the only one with all those marks ticked in their offering, but as we talked about earlier, had some other organizational considerations that really were the determining factor for me coming over here. Without naming names or anything, did you see companies that were clearly more advanced versus ones that were maybe building on something that they've had for many years, and they're just incrementally bolting new capability onto an existing software stack?  Jay Leedy: Yeah, absolutely. I think it's true for any company in the tech space that, at some point, you have to acknowledge that your technical debt load is too much and completely re-architect the solution. We've seen that happen with a number of companies in our space. There are a number of others that continue to struggle with that technical debt and architecture that just doesn't lend itself to meeting the expectations of the market.  Were you recommending the key things that, whether you're a solutions partner or an end user, they should look for if they want to be future-proofed and really modern?  Jay Leedy: First and foremost, these days, it's an API-first strategy. We need to ensure that There's a robust enough set of APIs to enable baseline telemetry and interoperability with a number of other API-first solutions. I think about, in particular, what's happening with digital transformation in large consultancies like Accenture, EY, and Deloitte. A lot of those hinge on moving from on-premise to cloud-based solutions for a range of business applications.  If anybody listening to this podcast is using Office 365, for example, there are a number of third-party solutions that plug into those, obviously with a fee involved. However, to enable that, you have to have the right architecture, and digital signage isn't that different.  We talk a little bit in this industry about headless and the idea of headless means, I think, escapes some people. I think the idea of no or low code development also, I think, escapes some people, but both of those are similar in that they enable. A much lower cost of entry to get a lot more functionality because the architecture is built in such a way that it can just essentially plug in like a Lego, and you can create building blocks that are predefined, versus having to have a linear development approach that can be really cost intensive. Yeah, I was on a call yesterday, and it was interesting. They were talking very much about that. From my perspective, if you have a solution that has a distinct login and you have to do everything digital signage through that login, with no real hooks into anything else, that's a big challenge, particularly for larger organizations that want to use one tool set.  It's going to push out to whatever the endpoint is and whatever that endpoint is communicating. Jay Leedy: Yeah, and also just thinking about all the different ways content can be generated now. There's been a lot of buzz around generative AI, but the rules for content and distribution largely have been in most of these CMS platforms for a long time. But a means of automating those rules and creating if this, then that scenario or ingesting data that can then drive outcomes and content. that's not necessarily core to a lot of those platforms, or leveraging API calls directly from digital asset management tools and leveraging all of the metadata tagging logic that is built into those, and pulling those directly into the content strategy also necessarily isn't native to a lot of CMS platforms. So I think those are all kinds of key things to consider when making a selection or at least knowing, if it's possible downstream, should your company mature to the point where they want to leverage those types of tools.  If people want to catch up with you and talk about what you're doing with Videri, I know they can find you online, obviously, but you'll be at Infocomm?  Jay Leedy: I will be at Infocomm and the Digital Signage Federation mixer in Tampa in about two weeks. Either way, I'd love to see you and continue the conversation.  All right, Jay. It's great to catch up.  Jay Leedy: Great to see you as well, Dave.

Dor Dali, Head of Security Research at Cyolo, joins Nic Fillingham on this week's episode of The BlueHat Podcast. They delve into Dor's journey into cybersecurity, from pranking friends as a teenager to his professional roles, including his involvement in the Blue Hat conference through GE, where he helped create the Capture The Flag (CTF) challenge. Dor details the vulnerabilities in the RDP protocol by closely following the protocol specifications and identifying discrepancies that led to security flaws. They detail a vulnerability related to RDP Gateway's UDP cookie authentication process, the implications of Dor's research for other security researchers and hackers and the importance of leveraging available resources, such as protocol specifications and open-source implementations, to understand closed-source systems better and potentially uncover vulnerabilities. In This Episode You Will Learn: The unique perspective Dor has with RDP security research How to approach security research when following the protocol specifications The importance of clear documentation in preventing security vulnerabilities Some Questions We Ask: How did you design and build the Capture the Flag event? Did you face any unexpected hurdles while researching the RDP protocol's security? Have you found other security vulnerabilities by closely adhering to protocol specifications? Resources: View Dor Dali on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information.

The first LinuxFest is back and better than ever. We share stories and friends from one of the best Linux gatherings of the year: LinuxFest Northwest.Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!Kolide: Kolide is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.Support LINUX UnpluggedLinks:

Topics covered in this episode:

Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-371

Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-371

Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-371

HGF Delivers the weekly breaches in “Whose Been Popped?” Oracle's macOS 14.4 Java hiccup, the ever-adapting landscape of ransomware warfare, the emerging threat of Loop DoS attacks, and the Biden-Harris administration's call to action for water sector cybersecurity. Original URLs: https://www.bleepingcomputer.com/news/apple/oracle-warns-that-macos-144-update-breaks-java-on-apple-cpus/ https://www.guidepointsecurity.com/blog/t-o-x-i-n-b-i-o-ransomware-recruitment-efforts-following-law-enforcement-disruption/ https://www.helpnetsecurity.com/2024/03/20/raas-recruit-affiliates/ https://thehackernews.com/2024/03/new-loop-dos-attack-impacts-hundreds-of.html https://cispa.de/en/loop-dos https://www.epa.gov/newsreleases/biden-harris-administration-engages-states-safeguarding-water-sector-infrastructure https://www.cybersecuritydive.com/news/warnings-state-linked-cyber-threats-water/710834/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ macOS 14.4, Java Issues, Oracle Warning, Ransomware Wars, Law Enforcement, Cybersecurity, Loop DoS Attack, Water Sector Cyber Threats, Biden-Harris Administration, Cyberattack Prevention, Mobile Security, Password Managers, Apple Silicon CPUs Search Phrases: macOS 14.4 Java problems Oracle advice on macOS update Ransomware recruitment post-crackdown Effects of law enforcement on ransomware Understanding Loop DoS attacks Cyber threats to water infrastructure Biden-Harris cyber security efforts Protecting against cyberattacks in the water sector How ransomware groups adapt Cybersecurity measures for water systems Impact of macOS updates on Java Dealing with ransomware wars New cybersecurity threats 2024 Administration's response to cybersecurity in infrastructure Cybersecurity tips for protecting critical infrastructure Transcript: mar 21 [00:00:00] offsetkeyz: welcome back to the Daily Decrypt. Today, we're joined by HotGirlFarmer, as she delivers last week's breaches in your favorite segment, Who's Been Popped. Also, the company Oracle alerts customers that the new Mac OS 14. 4 update will disrupt Java functionality and urges. Customers to postpone this update. Ransomware as a Service groups are upping their recruitment efforts, defying law enforcement disruptions. With cunning resilience. What are ransomware as a service groups and how are they recruiting? Stick around to find out. And the White House is really doubling down on water utilities, urging states and governors to collaborate to help protect this critical infrastructure. And finally, researchers have discovered a new loop denial of service attack that targets [00:01:00] UDP based application level protocols, putting an estimated 300, internet hosts at risk for continuous looping and unneeded stress. How will this affect everyday users? Alrighty, so before we get into the breaches with Hot Girl Farmer, I just wanted to warn macOS users to maybe postpone the most recent update to avoid any system disruptions. There are no current workarounds and Java isn't liking the new update. This isn't like how it used to be in the earlier 2000s where Java ran everything on your computer. It shouldn't affect you unless you're developing in Java. But besides Java issues, Updated users are reporting issues with their printer drivers, lost iCloud files, and connectivity issues with USB hubs and monitors. So let's just hold off on the new macOS 14. 4 upgrade for a few more days. [00:01:53] HGF: [00:02:00] First off, hackers targeted MediaWorks, a company in New Zealand, demanding a ransom in cryptocurrency from victims who just wanted to win a free radio contest. MediaWorks is out here like, sorry, your name, address, and birthday were part of our grand prize giveaway to some hackers. Hopping on a financial rollercoaster, the International Monetary Fund got their emails hacked. And these weren't just any emails, they were the kind that you use fancy words in hoping to sound smart. The IMF is like the person who insists on using a $10 word when a $1 word will do, and now everyone knows they've been using "Synergy" wrong this whole time. [00:02:41] HGF: Meanwhile in France, they've turned data breaches into an art form, with up to 43 million people affected. It's a breach so chic, it's practically wearing a striped shirt and smoking a cigarette. And let's not forget Alabama, where the state government websites faced a denial of service [00:03:00] attack. Alabama's like, Our websites are slower than molasses in January, but don't you worry, your data's as safe as a church potluck. Except in this case, the potluck's been crashed by every hacker in a 10 mile radius. So, what have we learned aside from the fact that the world is a hacker's oyster? Keep your friends close, your passwords closer, and maybe, try not to store your entire life on a device that could be hacked by a 12 year old with a grudge. In the grand scheme of things, we're all just trying to make it through this digital world. [00:03:32] transition: Thanks for watching! [00:03:38] offsetkeyz: We've been hearing a lot coming out of the White House about critical infrastructure, such as power and water. They've been providing a lot of guidance recently and encouraging collaboration to avoid cyber attacks. So what do they know that we don't know? It's starting to get me a little scared. So just two days ago, the Biden Harris administration released some more guidance on how to stay safe, but is [00:04:00] also urgently calling governors and state governments to start collaborating. and really hardening the systems of their critical water infrastructure. When we think about crippling cyber threats, we tend to think about big corporations and ransomware and things like that, but those may be where the money is, but those who are out to get the United States of America, like maybe China and maybe Russia, I'm not sure. We'll be targeting our critical infrastructure first Now, if you are working in it in a critical infrastructure like power or water, our hats are off to you. I know what you're up against and even. The White House knows what you're up against, which is why they're starting to step in. So keep doing the Lord's work out there and try to get it as secure as possible. Because, hey, we all need water to live. And I don't want to be making that Walmart run when my water stops working. That's going to be crazy. So part of the major efforts by the Biden Harris administration includes creating a cybersecurity task force between the EPA and the [00:05:00] NSC, promoting existing resources to protect against cyberattacks on water systems. According to the letter from the White House, there have been an increased amount of attacks on water systems driven by both countries or nation state actors and run of the mill cyber criminals. So I'm glad to see our federal government stepping in and helping where they can. But we might be reaching the point where we need to take our own health and wellbeing into our own hands, stock up on water, buy a nice filter, maybe get a rain bucket for outside. Make sure that you and your family are taken care of in the event that the water does go down. [00:05:40] offsetkeyz: Recently we've been seeing a lot of ransomware as a service groups being shut down by the FBI and other three letter organizations, which is great. But the FBI can only do so much, and what they've been doing is trying to capture individuals who are responsible for running these ransomware as a service groups or developers, [00:06:00] but mostly they're just shutting down dark web websites. with big banners that say claimed by the FBI. So in most instances, the individuals behind these ransomware as a service groups are just moving and creating new ransomware as a service groups, or joining others, strengthening their staffing. But let's back up for a second. What is ransomware as a service? Well, this is the new hot thing in ransomware, where it's essentially Cloud as a service, or something that you would sign up to use not really knowing how to make it yourself, but you want to use the tools to conduct a ransomware. So a good example of something you might use as a service is something like Squarespace, where if you don't know how to do web development, but you want a website, you would then pay for Squarespace's services and they give you some features, right? Depending on how much you're willing to pay. So Squarespace specifically is considered software as a service. Now ransomware as a service does exactly [00:07:00] that. I would like to ransomware somebody. So I go sign up for an account at one of these places. Such as Medusa or Cloak, as referenced in the article by HelpNet Security that's linked in our show notes below. And depending on the amount you want to pay for this service, you can get perks. Thanks. The amounts are surprisingly low between 800 to 1, 000 a year to access this product and they're getting lower. They're being pushed harder onto end users and the perks are getting better too. One of the lowest tiers is once you reach a million dollars in ransom payments, you get access to dumped hashes, you get access to a bunch of tools that make it easier to do the initial compromise. There have also been a string of Exit scams across the dark web, which is essentially when a company like Medusa or any ransomware as a service will Receive the ransom that you [00:08:00] went out and earned and then just close down their site keeping all of the money most ransomware as a services Set up the platform to receive the money And then they pay you about 85 percent of the ransom, as agreed upon before using the service. But now these groups are starting to let you collect the ransom, and then allow you to pay that 15 percent usage fee. helping to encourage people to use their services and not be so afraid of exit scams or other scams on the dark web. But what's so crazy about this is that they're literally just posting ads on the dark web. They're in forums and they are offering these perks and security researchers are able to see them in real time and see who's interacting with them. And the beauty of the dark web is that. If you're doing it correctly, it can be completely anonymous. Now I don't encourage you to get on the dark web to see this type of activity, but it is available to you. And if you'd like more information about the dark web, I released a talk about a week ago, maybe two weeks ago at this point, outlining at a high level how the dark web [00:09:00] works. [00:09:12] offsetkeyz: And finally, researchers have developed or discovered a new denial of service or DOS attack. that relies on UDP based application level protocols. And if you're not familiar, there are two main protocols on the transport layer that you interact with on a daily basis. UDP and TCP. UDP is the faster of the two, and it doesn't require any sort of verification that the data has been received. And this is often used when gaming online with your friends or talking, or even streaming like YouTube videos. Those rely heavily on UDP because you need to get the data as quickly as possible when streaming videos. And it doesn't really matter if every single frame is accounted for, you can occasionally drop frames, which might result in a little skip, but [00:10:00] overall, most of them are going to get through kind of like a shotgun spray. Whereas TCP is more for like text based communications or things where data needs to be verified on both ends, and it's a little slower due to the verification. So, UDP inherently doesn't verify, which is important to understand this type of attack, because this loop denial of service exploits UDP's lack of source IP validation to create endless communication loops between servers, eventually overwhelming them. Additionally, protocols like DNS, NTP, and TFTP are among those vulnerable to these attacks, potentially affecting basic internet functionalities. So this does tie back into the attack on DNS, which is essentially like a lookup of what you're trying to navigate to. So, when you navigate to facebook.com it reaches out to a DNS server and says, Hey, what the heck is facebook. com? And it replies with an address. Without those [00:11:00] DNS servers, we actually can't move about the internet like we do on the day to day. So this attack is easily triggered by a single spoofed message and can stress entire networks with 300, 000 hosts already at risk. There's no evidence of this loop denial of service being used in the wild, but its exploitation is considered trivial, affecting major vendors like Cisco and Microsoft. Now, these are likely a little further down the pipeline than you're familiar with as a regular user or even as a cybersecurity analyst. but you might notice slower internet speeds, stuff like that, if this happens, with the potential for it to completely shut down your internet connection. And on that note, not much is to be done on the user level. Just letting you know what's possible and what the attackers are doing. Hitting you from all kinds of angles. All right, and that is all we've got for you today. A little bit longer of an episode because we missed yesterday due to technical [00:12:00] issues, but we're back and better than ever, and we will talk to you some more tomorrow.

On this week's show Patrick and Adam discuss the week's security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia's powershell, solving living off the land, And much, much more This week's show is brought to you by Material Security. In this week's sponsor interview we speak with Material's Rajan Kapoor, VP of Customer Experience at Material. We're also joined by Chaim Sanders, who heads Security and Privacy at Lyft. Show notes Anthropic's CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit's takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk's SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post

On this week's show Patrick and Adam discuss the week's security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia's powershell, solving living off the land, And much, much more This week's show is brought to you by Material Security. In this week's sponsor interview we speak with Material's Rajan Kapoor, VP of Customer Experience at Material. We're also joined by Chaim Sanders, who heads Security and Privacy at Lyft. Show notes Anthropic's CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit's takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk's SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post

Today I speak with Marine Lance Corporal Samuel Myers.  Sam grew up in Ventura, Ca and graduated high school in 1984.  After a brief time at the Philadelphia Phillies camp, Sam took a job in offshore drilling.  He decided that three years of that backbreaking work was enough and went to see the Marines recruiter in Ventura, CA.  In June 1989 went to MCRD Sand Diego for Bootcamp under an open contract.  His MOS became 0811, Field Artillery Cannoneer and his first assignment was to 3rd Battalion, 11th Marine Regiment at 29 Palms, CA in 1990.  During his unit's UDP to Okinawa, Iraq invaded Kuwait.  Sam and his unit were then sent to Kuwait where he saw action in Desert Storm and the Battle of Khafji.  After the Gulf War, and a brief time back home at 29 Palms, his unit was sent to Mogadishu, Somalia for Operation Restore Hope.  After spending 36 months in combat zones, Sam exited active duty in July 1993.

Larry Cashdollar, Principal Security Intelligence Response Engineer from Akamai Technologies, joins Dave to talk about their research on "KmsdBot: The Attack and Mine Malware." Akamai's Security Research team has found a new malware that infected their honeypot, which they have dubbed KmsdBot.  The research states "The malware attacks using UDP, TCP, HTTP POST, and GET, along with a command and control infrastructure (C2), which communicates over TCP." The botnet targets weak login credentials and then infects systems via an SSH connection. The research can be found here: KmsdBot: The Attack and Mine Malware

In this Hasty Treat, Scott and Wes talk about how you can intercept and debug traffic going out from your computer or other internet connected devices in your home, or your garage! Show Notes 00:25 Welcome 01:55 Syntax Brought to you by Sentry 02:17 Scott's story of wanting to intercept data Tonal 06:36 Other examples 08:38 Different types of traffic 14:52 TCP vs UDP 16:07 Why would you want to run a proxy? 24:20 Applications to use Charles Web Debugging Proxy • HTTP Monitor / HTTP Proxy / HTTPS & SSL Proxy / Reverse Proxy Proxyman · Native, Modern Web Debugging Proxy · Inspect network traffic from Mac, iOS, Android devices with ease Intercept, debug & mock HTTP with HTTP Toolkit mitmproxy - an interactive HTTPS proxy Wireshark · Go Deep Little Snitch Capturing Modes - Fiddler Everywhere Hacksore on Twitter How I Hacked my Car :: Programming With Style Tweet us your tasty treats Scott's Instagram LevelUpTutorials Instagram Wes' Instagram Wes' Twitter Wes' Facebook Scott's Twitter Make sure to include @SyntaxFM in your tweets Wes Bos on Bluesky Scott on Bluesky Syntax on Bluesky